Adrian Schröter 2008-02-10 16:59:21 +00:00 committed by Git OBS Bridge
parent 72534ebe0c
commit ce79c8872c
15 changed files with 2337 additions and 526 deletions

1497
cryptsetup-2.13-crypto.diff Normal file

File diff suppressed because it is too large Load Diff

View File

@ -15,14 +15,13 @@
# Required-Stop: # Required-Stop:
# Default-Start: 2 3 5 # Default-Start: 2 3 5
# Default-Stop: 0 1 6 # Default-Stop: 0 1 6
# Short-Description: raw devices
# Description: raw-devices # Description: raw-devices
### END INIT INFO ### END INIT INFO
. /etc/rc.status . /etc/rc.status
CONFIG=/etc/raw CONFIG=/etc/raw
RAW_BIN=/sbin/raw RAW_BIN=/usr/sbin/raw
RAW_MODULE=raw RAW_MODULE=raw
test -x $RAW_BIN || exit 5 test -x $RAW_BIN || exit 5

View File

@ -0,0 +1,39 @@
Index: util-linux-ng-2.12r+git20070330/disk-utils/mkswap.c
===================================================================
--- util-linux-ng-2.12r+git20070330.orig/disk-utils/mkswap.c
+++ util-linux-ng-2.12r+git20070330/disk-utils/mkswap.c
@@ -660,7 +660,7 @@ main(int argc, char ** argv) {
usage();
}
- DEV = open(device_name,O_RDWR);
+ DEV = open(device_name, O_RDWR | O_EXCL);
if (DEV < 0 || fstat(DEV, &statbuf) < 0) {
perror(device_name);
exit(1);
Index: util-linux-ng-2.12r+git20070330/disk-utils/mkfs.minix.c
===================================================================
--- util-linux-ng-2.12r+git20070330.orig/disk-utils/mkfs.minix.c
+++ util-linux-ng-2.12r+git20070330/disk-utils/mkfs.minix.c
@@ -699,7 +699,7 @@ main(int argc, char ** argv) {
tmp += dirsize;
*(short *)tmp = 2;
strcpy(tmp+2,".badblocks");
- DEV = open(device_name,O_RDWR );
+ DEV = open(device_name,O_RDWR | O_EXCL);
if (DEV<0)
die(_("unable to open %s"));
if (fstat(DEV,&statbuf)<0)
Index: util-linux-ng-2.12r+git20070330/disk-utils/mkfs.bfs.c
===================================================================
--- util-linux-ng-2.12r+git20070330.orig/disk-utils/mkfs.bfs.c
+++ util-linux-ng-2.12r+git20070330/disk-utils/mkfs.bfs.c
@@ -170,7 +170,7 @@ main(int argc, char *argv[]) {
if (!S_ISBLK(statbuf.st_mode))
fatal(_("%s is not a block special device"), device);
- fd = open(device, O_RDWR);
+ fd = open(device, O_RDWR | O_EXCL);
if (fd == -1) {
perror(device);
fatal(_("cannot open %s"), device);

View File

@ -0,0 +1,128 @@
## 30swsusp-resume.dpatch by Jeff Bailey <jbailey@ubuntu.com>
Index: util-linux-ng-2.12r+git20070330/mount/swapon.c
===================================================================
--- util-linux-ng-2.12r+git20070330.orig/mount/swapon.c
+++ util-linux-ng-2.12r+git20070330/mount/swapon.c
@@ -10,7 +10,9 @@
#include <string.h>
#include <mntent.h>
#include <errno.h>
+#include <sys/types.h>
#include <sys/stat.h>
+#include <fcntl.h>
#include "xmalloc.h"
#include "swap_constants.h"
#include "swapargs.h"
@@ -23,6 +25,7 @@
#define _PATH_FSTAB "/etc/fstab"
#define PROC_SWAPS "/proc/swaps"
+#define PATH_MKSWAP "/sbin/mkswap"
#define SWAPON_NEEDS_TWO_ARGS
@@ -179,6 +182,85 @@ display_summary(void)
return 0 ;
}
+/*
+ * It's better do swsuspend detection by follow routine than
+ * include huge mount_guess_fstype.o to swapon. We need only
+ * swsuspend and no the others filesystems.
+ */
+#ifdef HAVE_LIBBLKID
+static int
+swap_is_swsuspend(const char *device) {
+ const char *type = blkid_get_tag_value(blkid, "TYPE", device);
+
+ if (type && strcmp(type, "swsuspend")==0)
+ return 0;
+ return 1;
+}
+#else
+static int
+swap_is_swsuspend(const char *device) {
+ int fd, re = 1, n = getpagesize() - 10;
+ char buf[10];
+
+ fd = open(device, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ if (lseek(fd, n, SEEK_SET) >= 0 &&
+ read(fd, buf, sizeof buf) == sizeof buf &&
+ (memcmp("S1SUSPEND", buf, 9)==0 ||
+ memcmp("S2SUSPEND", buf, 9)==0 ||
+ memcmp("ULSUSPEND", buf, 9)==0))
+ re = 0;
+
+ close(fd);
+ return re;
+}
+#endif
+
+/* calls mkswap */
+static int
+swap_reinitialize(const char *device) {
+ const char *label = mount_get_volume_label_by_spec(device);
+ pid_t pid;
+
+ switch((pid=fork())) {
+ case -1: /* fork error */
+ fprintf(stderr, _("%s: cannot fork: %s\n"),
+ progname, strerror(errno));
+ return -1;
+
+ case 0: /* child */
+ if (label && *label)
+ execl(PATH_MKSWAP, PATH_MKSWAP, "-L", label, device, NULL);
+ else
+ execl(PATH_MKSWAP, PATH_MKSWAP, device, NULL);
+ exit(1); /* error */
+
+ default: /* parent */
+ {
+ int status;
+ int ret;
+
+ do {
+ if ((ret = waitpid(pid, &status, 0)) < 0
+ && errno == EINTR)
+ continue;
+ else if (ret < 0) {
+ fprintf(stderr, _("%s: waitpid: %s\n"),
+ progname, strerror(errno));
+ return -1;
+ }
+ } while (0);
+
+ /* mkswap returns: 0=suss, 1=error */
+ if (WIFEXITED(status) && WEXITSTATUS(status)==0)
+ return 0; /* ok */
+ }
+ }
+ return -1; /* error */
+}
+
static int
do_swapon(const char *orig_special, int prio) {
int status;
@@ -202,6 +284,18 @@ do_swapon(const char *orig_special, int
return -1;
}
+ /* We have to reinitialize swap with old (=useless) software suspend
+ * data. The problem is that if we don't do it, then we get data
+ * corruption the next time with suspended on.
+ */
+ if (swap_is_swsuspend(special)==0) {
+ fprintf(stdout, _("%s: %s: software suspend data detected. "
+ "Reinitializing the swap.\n"),
+ progname, special);
+ if (swap_reinitialize(special) < 0)
+ return -1;
+ }
+
/* people generally dislike this warning - now it is printed
only when `verbose' is set */
if (verbose) {

View File

@ -0,0 +1,32 @@
--- util-linux-ng-2.13rc2+git20070725/mount/lomount.c.org 2007-08-16 17:09:33.258902000 +0200
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c 2007-08-16 17:09:43.016135000 +0200
@@ -398,6 +398,7 @@
}
if (ioctl (fd, LOOP_CLR_FD, 0) < 0) {
perror ("ioctl: LOOP_CLR_FD");
+ close(fd);
return 1;
}
close (fd);
--- util-linux-ng-2.13rc2+git20070725/mount/fsprobe_volumeid.c.org 2007-08-16 18:16:03.120065000 +0200
+++ util-linux-ng-2.13rc2+git20070725/mount/fsprobe_volumeid.c 2007-08-16 18:27:43.967526000 +0200
@@ -34,8 +34,10 @@
return NULL;
id = volume_id_open_fd(fd);
- if (!id)
+ if (!id) {
+ close(fd);
return NULL;
+ }
/* TODO: use blkdev_get_size() */
if (ioctl(fd, BLKGETSIZE64, &size) != 0)
@@ -61,6 +63,7 @@
}
volume_id_close(id);
+ close(fd);
return value;
}

View File

@ -0,0 +1,13 @@
Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/mount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/mount.c
@@ -546,7 +546,7 @@ create_mtab (void) {
char *extra_opts;
parse_opts (fstab->m.mnt_opts, &flags, &extra_opts);
mnt.mnt_dir = "/";
- mnt.mnt_fsname = canonicalize (fstab->m.mnt_fsname);
+ mnt.mnt_fsname = fsprobe_get_devname(fstab->m.mnt_fsname);
mnt.mnt_type = fstab->m.mnt_type;
mnt.mnt_opts = fix_opts_string (flags, extra_opts, NULL);
mnt.mnt_freq = mnt.mnt_passno = 0;

View File

@ -0,0 +1,12 @@
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
@@ -325,6 +325,7 @@ set_loop(const char *device, const char
}
if ((fd = open(device, mode)) < 0) {
perror (device);
+ close(ffd);
return 1;
}
*loopro = (mode == O_RDONLY);

View File

@ -0,0 +1,55 @@
Original patch from Bernhard Voelker.
Index: util-linux-ng-2.13rc2+git20070725/schedutils/ionice.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/schedutils/ionice.c
+++ util-linux-ng-2.13rc2+git20070725/schedutils/ionice.c
@@ -107,7 +107,7 @@ int main(int argc, char *argv[])
case 'h':
default:
usage();
- exit(0);
+ exit(EXIT_SUCCESS);
}
}
@@ -125,7 +125,7 @@ int main(int argc, char *argv[])
break;
default:
printf("bad prio class %d\n", ioprio_class);
- return 1;
+ exit(EXIT_FAILURE);
}
if (!set) {
@@ -134,9 +134,10 @@ int main(int argc, char *argv[])
ioprio = ioprio_get(IOPRIO_WHO_PROCESS, pid);
- if (ioprio == -1)
+ if (ioprio == -1) {
perror("ioprio_get");
- else {
+ exit(EXIT_FAILURE);
+ } else {
ioprio_class = ioprio >> IOPRIO_CLASS_SHIFT;
if (ioprio_class != IOPRIO_CLASS_IDLE) {
ioprio = ioprio & 0xff;
@@ -147,11 +148,15 @@ int main(int argc, char *argv[])
} else {
if (ioprio_set(IOPRIO_WHO_PROCESS, pid, ioprio | ioprio_class << IOPRIO_CLASS_SHIFT) == -1) {
perror("ioprio_set");
- return 1;
+ exit(EXIT_FAILURE);
}
- if (argv[optind])
+ if (argv[optind]) {
execvp(argv[optind], &argv[optind]);
+ /* execvp should never return */
+ perror("execvp");
+ exit(EXIT_FAILURE);
+ }
}
return 0;

View File

@ -0,0 +1,16 @@
Index: util-linux-ng-2.13-rc1/sys-utils/Makefile.am
===================================================================
--- util-linux-ng-2.13-rc1.orig/sys-utils/Makefile.am
+++ util-linux-ng-2.13-rc1/sys-utils/Makefile.am
@@ -26,6 +26,11 @@ usrsbinexec_PROGRAMS += rdev
man_MANS += rdev.8 ramsize.8 rootflags.8 vidmode.8
RDEV_LINKS = ramsize vidmode rootflags
endif
+if ARCH_86_64
+usrsbinexec_PROGRAMS += rdev
+man_MANS += rdev.8 ramsize.8 rootflags.8 vidmode.8
+RDEV_LINKS = ramsize vidmode rootflags
+endif
endif
SETARCH_LINKS = linux32 linux64

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:74640e1af0289d3be9397c8a7c8b62f147a3dbfad232fd4a7ec15a41e9ac1cf8
size 1544622

View File

@ -0,0 +1,50 @@
commit ebbeb2c7ac1b00b6083905957837a271e80b187e
Author: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Thu Sep 20 14:57:20 2007 +0200
mount: doesn't drop privileges properly when calling helpers
{,u}mount calls setuid() and setgid() in the wrong order and doesn't checking
the return value of set{u,g}id(() when running helpers like mount.nfs.
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
Index: util-linux-ng-2.13rc2+git20070725/mount/mount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/mount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/mount.c
@@ -646,8 +646,12 @@ check_special_mountprog(const char *spec
char *oo, *mountargs[10];
int i = 0;
- setuid(getuid());
- setgid(getgid());
+ if(setgid(getgid()) < 0)
+ die(EX_FAIL, _("mount: cannot set group id: %s"), strerror(errno));
+
+ if(setuid(getuid()) < 0)
+ die(EX_FAIL, _("mount: cannot set user id: %s"), strerror(errno));
+
oo = fix_opts_string (flags, extra_opts, NULL);
mountargs[i++] = mountprog; /* 1 */
mountargs[i++] = (char *) spec; /* 2 */
Index: util-linux-ng-2.13rc2+git20070725/mount/umount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/umount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/umount.c
@@ -102,8 +102,12 @@ check_special_umountprog(const char *spe
char *umountargs[8];
int i = 0;
- setuid(getuid());
- setgid(getgid());
+ if(setgid(getgid()) < 0)
+ die(EX_FAIL, _("umount: cannot set group id: %s"), strerror(errno));
+
+ if(setuid(getuid()) < 0)
+ die(EX_FAIL, _("umount: cannot set user id: %s"), strerror(errno));
+
umountargs[i++] = umountprog;
umountargs[i++] = xstrdup(node);
if (nomtab)

View File

@ -0,0 +1,38 @@
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
@@ -338,13 +338,11 @@ set_loop(const char *device, const char
if (encryption && *encryption) {
// a hint for suse users
- if(!strcmp(encryption, "twofishSL92")) {
- fprintf(stderr, _("twofishSL92 is not supported via cryptoloop, please use dm-crypt to access the volume\n"));
- close(fd);
- close(ffd);
- return 1;
- }
- if (digits_only(encryption)) {
+ if(!phash && (!strcmp(encryption, "twofishSL92") || (!strcmp(encryption, "twofish") && !keysz))) {
+ fprintf(stderr,"Switching to old S.u.S.E. loop_fish2 compatibility mode.\n");
+ fprintf(stderr, _("Warning: This mode is deprecated, support for it will be removed in the future.\n"));
+ loopinfo64.lo_encrypt_type = 3; // LO_CRYPT_FISH
+ } else if (digits_only(encryption)) {
loopinfo64.lo_encrypt_type = atoi(encryption);
} else {
// check for something like twofish256
@@ -405,6 +403,14 @@ set_loop(const char *device, const char
hfunc = sha512_hash_buffer;
if(loopinfo64.lo_encrypt_key_size == 24) hfunc = sha384_hash_buffer;
if(loopinfo64.lo_encrypt_key_size == 32) hfunc = sha512_hash_buffer;
+ } else if(loopinfo64.lo_encrypt_type == 3 ) { // LO_CRYPT_FISH
+ if(!strcmp(encryption, "twofishSL92")) {
+ hfunc = sha512_hash_buffer;
+ loopinfo64.lo_encrypt_key_size = 32;
+ } else {
+ hfunc = phash_rmd160;
+ loopinfo64.lo_encrypt_key_size = 20;
+ }
} else {
hfunc = phash_none;
loopinfo64.lo_encrypt_key_size = keysz?keysz>>3:LO_KEY_SIZE;

View File

@ -0,0 +1,55 @@
From 0e7b44f7f89291d8ae75e4f099d8aa2bcca1cfc5 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Tue, 9 Oct 2007 14:34:15 +0200
Subject: [PATCH] fix buffer overflow
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
mount/lomount.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
Index: util-linux-ng-2.13rc2+git20070725/mount/lomount.c
===================================================================
--- util-linux-ng-2.13rc2+git20070725.orig/mount/lomount.c
+++ util-linux-ng-2.13rc2+git20070725/mount/lomount.c
@@ -25,8 +25,8 @@
#include "xstrncpy.h"
#include "nls.h"
-#ifndef MAX
-#define MAX(a,b) ((a>b)?(a):(b))
+#ifndef MIN
+#define MIN(a,b) ((a<b)?(a):(b))
#endif
extern int verbose;
@@ -291,7 +291,7 @@ digits_only(const char *s) {
static void phash_none(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
{
- memcpy(buf, key, MAX(buflen, keylen));
+ memcpy(buf, key, MIN(buflen, keylen));
}
static void phash_rmd160(const unsigned char *key, size_t keylen, unsigned char* buf, size_t buflen)
@@ -304,7 +304,7 @@ static void phash_rmd160(const unsigned
rmd160_hash_buffer(tmpbuf + RMD160_HASH_SIZE, tmp, keylen+1);
memset(tmp, 0, keylen+1);
free(tmp);
- memcpy(buf, tmpbuf, MAX(buflen, sizeof(tmpbuf)));
+ memcpy(buf, tmpbuf, MIN(buflen, sizeof(tmpbuf)));
}
int
@@ -421,6 +421,11 @@ set_loop(const char *device, const char
loopinfo64.lo_encrypt_key_size = keysz>>3;
}
+ if((unsigned)loopinfo64.lo_encrypt_key_size > sizeof(loopinfo64.lo_encrypt_key)) {
+ fprintf(stderr, _("invalid key length\n"));
+ return 1;
+ }
+
if (phash) {
if(!strcasecmp(phash, "sha512")) {
hfunc = sha512_hash_buffer;

View File

@ -1,85 +1,9 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 7 12:41:25 CET 2008 - mkoenig@suse.de Fri Oct 12 14:52:21 CEST 2007 - lnussel@suse.de
- update to version 2.13.1: - fix mount not checking return value of setuid (#327022, CVE-2007-5191)
mount: - fix mount buffer overflow when reading the passphrase (#332148)
* -L|-U segfault when label or uuid doesn't exist - add loop_fish2 compatability code to losetup/mount again (#332095)
* chain of symlinks to fstab causes use of pointer after free
* don't call canonicalize(SPEC) for cifs, smbfs and nfs
* improve error message when helper program not present
losetup:
* fix errno usage
mkswap:
* possible to crash with SELinux relabeling support
sfdisk:
* allow partitioning drives of over 2^31 sectors
hwclock:
* check for ENODEV
- mount: fix problem with device canonicalization when using
persistent name in fstab but call mount with real bd name
- patches merged:
util-linux-2.13-mount_fd_leak.patch
-------------------------------------------------------------------
Tue Dec 18 15:55:19 CET 2007 - mkoenig@suse.de
- add temporary workaround for broken RTC update interrupts
[#338419]
-------------------------------------------------------------------
Mon Dec 3 11:03:57 CET 2007 - ro@suse.de
- remove "arch", in coreutils now
-------------------------------------------------------------------
Thu Nov 29 17:51:17 CET 2007 - lnussel@suse.de
- update crypto patch
* fix mount buffer overflow when reading the passphrase (#332148)
* add loop_fish2 compatability code to losetup/mount again (#332095)
* change default hash size for 128bit keys to sha256 again
-------------------------------------------------------------------
Wed Nov 21 13:43:31 CET 2007 - mkoenig@suse.de
- update to git20071121:
add sector size check for mkfs.minix [#308256]
fix canonicalization for cifs [#338375]
- provide Short-Description for raw init script
- add rpmlintrc
-------------------------------------------------------------------
Tue Nov 20 17:49:35 CET 2007 - mkoenig@suse.de
- fix raw path in init script
-------------------------------------------------------------------
Tue Nov 6 16:11:02 CET 2007 - mkoenig@suse.de
- update to 2.13.0.1+git20071106
- prevent loop mounting the same file twice [#240653]
- merged upstream:
util-linux-2.13-mount_helper_fix.patch
util-linux-2.13-hwclock_rtc_option.patch
-------------------------------------------------------------------
Thu Oct 4 22:24:04 CEST 2007 - bg@suse.de
- don't use parisc, parisc32 and parisc64.
-------------------------------------------------------------------
Mon Oct 1 17:08:06 CEST 2007 - mkoenig@suse.de
- update to version 2.13
merged upstream:
util-linux-2.12r-disk_utils_mkfs_open_exclusive.patch
util-linux-2.13-loop.patch
util-linux-2.13-mount_create_mtab.patch
util-linux-2.13-schedutils_error_handling.patch
util-linux-2.13-sys_utils_build_rdev_x86_64.patch
- fix hwclock --rtc option [#326106]
- fix setuid/setgid mixup and error checking [#327022]
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Sep 14 11:24:33 CEST 2007 - mkoenig@suse.de Fri Sep 14 11:24:33 CEST 2007 - mkoenig@suse.de

File diff suppressed because it is too large Load Diff