Accepting request 960950 from Base:System

- Update to version 2.37.4... - Fix "su -s" bash completion... OBS-URL: https://build.opensuse.org/request/show/960950 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/util-linux?expand=0&rev=254
2022-03-14 18:33:56 +00:00 · 2022-03-14 18:33:56 +00:00 · abafc4e652
commit abafc4e652
parent 4479c1a319 fd9b650066
11 changed files with 109 additions and 22 deletions
--- a/python3-libmount.changes
+++ b/python3-libmount.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
+-------------------------------------------------------------------
+Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.37.3 (bsc#1194976):
+  This release fixes two security mount(8) and umount(8) issues: 
+  * CVE-2021-3996
+    Improper UID check in libmount allows an unprivileged user to unmount FUSE
+    filesystems of users with similar UID.
+  * CVE-2021-3995
+    This issue is related to parsing the /proc/self/mountinfo file allows an
+    unprivileged user to unmount other user's filesystems that are either
+    world-writable themselves or mounted in a world-writable directory.
+
 -------------------------------------------------------------------
 Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>

--- a/python3-libmount.spec
+++ b/python3-libmount.spec
@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)
--- a/util-linux-2.37.3.tar.sign
+++ b/util-linux-2.37.3.tar.sign
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmHucl0ACgkQ5LcdXuw5
-woRUIA//fUFuiVwvbCMlkHOUo7ebLozYdnfeqky/t7yxUWwdqttPJiQVO3gfkNWr
-FI6y2EFun3ToyYdTi4YueDHPyYecPzLMsTot2F0eA+I1blsnHuvspchGd0V5pw8j
-KWtbD4XUjY5DMS6FyLrkvz6nleDlm1xcNDxvhom5gKwhWOdYkcf21j1M1zqPjyaa
-DI4CZn5gMvKBfsNFRqQh4+gQMyJ2qNoWpQo7VfHqWPWkC/uzNjifKd2ATlaCeEGF
-N1Ykm2bM/NZ6vl/MY4DLNJdD8m3xnYoF6zqhFblUMZ0oZVp02D/sfZJGmrLrSmpY
-UD1bql1JRgrchh1kCboU+PiA6CFk5DWN2ex8O4qnjrc9oab2YQ3vuvrIzT/v0IpG
-DqIwloW1PL8R5mxOiRC6rUhYAdyLvpVs3ZJrqGtlceB/YpB7vDrIDc3CC45mno2f
-S9sUc6J+Kq1s5Cd1PEAghMeeoAvnudNuCnXGh0gfF4CNCQ/89sOZMR4YQaCL8xZZ
-Vp5uDmwtR4YdN0xk5A7BwrGQ18fwymGN9TSP0LkNT8MHRafjGhHRurfDH7MPVUtP
-IWK+mansvJvbP8OuajsX6w/8umB+8kiGVAV0uh4Cm/Lq1p/HE2g4ZJs1wgHO238a
-zLo52tiuIN3Kc8nBlYhKOVi30YrcbRWppRbxxVQRHohoHOdrgEg=
-=Dk1+
-----END PGP SIGNATURE-----
--- a/util-linux-2.37.3.tar.xz
+++ b/util-linux-2.37.3.tar.xz
--- a/util-linux-2.37.4.tar.sign
+++ b/util-linux-2.37.4.tar.sign
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmIKKY4ACgkQ5LcdXuw5
+woRylw//WQuCmFUuO6rfi3lN4L6Vvxz7RoLo0YcreQC9n+Xfk6e0KGPO2tlyEmP1
+NGp/YKqR194aWBdDaqzDxOAQ8V/MElTlLsO3MvKGpoDjyr4tsky3GYpZZ7uiKiLv
+ZSD+fjA3pn4M0RCufyq3+/SKF7ui4HKMna7wUr5aPBiyxgae9SefxRSq4d0bH7Me
+GEkDWU6y6mjzalAkVSb+4On/fQDe26hYRsvVmJpksivBpIkZXgNJSdT29axkfNo4
+z4P6QNEc1YHFyV2jLb4lJJyTBLh9MeUF2H0MhWBcp3DXr8Cyonr473WtsowbMjQX
+Xez6BR8Yag3o0oHXtov6osfR7A3JMQZXmI07eUTv7Sou32o9Nog1B26tHgLZ0ej8
+i94mvy98fTla+h0gtvbHG9JJaQp68k32Ip9xcwlFPOGp256uOWnS3KNF4zO1unM3
+E2jLHY2OKKMHhldvt2WmcwOeQTLWYrsv4VPsbJfdnsKRR4eUqm5EQIOdnYhSWxfC
+4MZsenx5S9R/4ITU5cM1xU6BaVXgtNdL+LBJ+aBms6hf5rbgOaYrUr5gUQ9TWUWP
+/EOY+48fGaIr1MDJo6OTiJuF7DG8kseJowfTjo8zK3ZrzXEJyfAZUwRzjuEyxu0+
+kx7jhdkZCnQfAbTornWY/L8Fe/aDOchtaERgFOzCyyipJiDjwm8=
+=jWac
+-----END PGP SIGNATURE-----
--- a/util-linux-2.37.4.tar.xz
+++ b/util-linux-2.37.4.tar.xz
--- a/util-linux-bash-completion-su-chsh-l.patch
+++ b/util-linux-bash-completion-su-chsh-l.patch
@ -0,0 +1,16 @@
+su -s <TAB> completion depends on "chsh -l" present in the
+util-linux implementation of chsh. But SUSE uses chsh from shadow
+package that does not include this feature. Use /etc/shells
+instead.
+
+--- util-linux/bash-completion/su
+++ util-linux/bash-completion/su
+@@ -14,7 +14,7 @@ _su_module()
+ 			return 0
+ 			;;
+ 		'-s'|'--shell')
+-			COMPREPLY=( $(compgen -W "$(chsh -l)" -- $cur) )
+			COMPREPLY=( $(compgen -W "$(</etc/shells)" -- $cur) )
+ 			return 0
+ 			;;
+ 		'-h'|'--help'|'-V'|'--version')
--- a/util-linux-systemd.changes
+++ b/util-linux-systemd.changes
@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
+-------------------------------------------------------------------
+Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.37.3 (bsc#1194976):
+  This release fixes two security mount(8) and umount(8) issues: 
+  * CVE-2021-3996
+    Improper UID check in libmount allows an unprivileged user to unmount FUSE
+    filesystems of users with similar UID.
+  * CVE-2021-3995
+    This issue is related to parsing the /proc/self/mountinfo file allows an
+    unprivileged user to unmount other user's filesystems that are either
+    world-writable themselves or mounted in a world-writable directory.
+
 -------------------------------------------------------------------
 Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>

--- a/util-linux-systemd.spec
+++ b/util-linux-systemd.spec
@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)
--- a/util-linux.changes
+++ b/util-linux.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
 -------------------------------------------------------------------
 Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>

--- a/util-linux.spec
+++ b/util-linux.spec
@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)