.

OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=160
2013-06-05 13:07:12 +00:00 · 2013-06-05 13:07:12 +00:00 · 007a355a6d
commit 007a355a6d
parent 1dd2f9d8c6
24 changed files with 239 additions and 1510 deletions
--- a/0001-Test-for-secure_getenv-too.patch
+++ b/0001-Test-for-secure_getenv-too.patch
@ -1,41 +0,0 @@
 From a6f605ed6dcfdf2ea7f6b0bf68e18d8c9ce5ea96 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
 Date: Tue, 5 Feb 2013 02:06:04 -0300
 Subject: [PATCH] Test for secure_getenv too.
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 In current glibc versions, internal __secure_getenv
 no longer exists and was replaced by secure_getenv()
 Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
 ---
 configure.ac | 1 +
 lib/env.c    | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 --- util-linux-2.21.2.orig/configure.ac
 +++ util-linux-2.21.2/configure.ac
@@ -281,6 +281,7 @@ AC_CHECK_FUNCS(
 	posix_fadvise \
 	getmntinfo \
 	__secure_getenv \
 +  secure_getenv \
 	warn \
 	warnx \
 	rpmatch])
 --- util-linux-2.21.2.orig/lib/env.c
 +++ util-linux-2.21.2/lib/env.c
@@ -98,8 +98,9 @@ char *safe_getenv(const char *arg)
 		return NULL;
 #endif
 #endif
 -
 -#ifdef HAVE___SECURE_GETENV
 +#ifdef HAVE_SECURE_GETENV
 +return secure_getenv(arg);
 +#elif HAVE___SECURE_GETENV
 	return __secure_getenv(arg);
 #else
 	return getenv(arg);
--- a/0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
+++ b/0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
@ -1,107 +0,0 @@
 From f47373c950e812208f5db14cf728a54c31f750bf Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
 Date: Wed, 26 Dec 2012 14:30:48 -0300
 Subject: [PATCH 1/2] include/bitops.h: Use the operating system byteswapping
 functions
 There is no need to reinvent the wheel.
 ---
 include/bitops.h | 69 +++++++++++++++-----------------------------------------
 1 file changed, 18 insertions(+), 51 deletions(-)
 diff --git a/include/bitops.h b/include/bitops.h
 index 81375d0..89b418c 100644
 --- a/include/bitops.h
 +++ b/include/bitops.h
@@ -8,6 +8,9 @@
  */
 #include <sys/param.h>
 +#include <byteswap.h>
 +#include <endian.h>
 +
 #ifndef NBBY
 # define NBBY            CHAR_BIT
 #endif
@@ -22,63 +25,27 @@
 /*
  * Byte swab macros (based on linux/byteorder/swab.h)
  */
 -#define swab16(x) \
 -	((uint16_t)( \
 -		(((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
 -		(((uint16_t)(x) & (uint16_t)0xff00U) >> 8) ))
 -
 -#define swab32(x) \
 -	((uint32_t)( \
 -		(((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
 -		(((uint32_t)(x) & (uint32_t)0x0000ff00UL) <<  8) | \
 -		(((uint32_t)(x) & (uint32_t)0x00ff0000UL) >>  8) | \
 -		(((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24) ))
 -
 -#define swab64(x) \
 -	((uint64_t)( \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) <<  8) | \
 -	        (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >>  8) | \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
 -		(uint64_t)(((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56) ))
 -
 -
 -#ifdef WORDS_BIGENDIAN
 +#define swab16(x) bswap_16(x)
 -#define cpu_to_le16(x) swab16(x)
 -#define cpu_to_le32(x) swab32(x)
 -#define cpu_to_le64(x) swab64(x)
 -#define cpu_to_be16(x) ((uint16_t)(x))
 -#define cpu_to_be32(x) ((uint32_t)(x))
 -#define cpu_to_be64(x) ((uint64_t)(x))
 +#define swab32(x) bswap_32(x)
 -#define le16_to_cpu(x) swab16(x)
 -#define le32_to_cpu(x) swab32(x)
 -#define le64_to_cpu(x) swab64(x)
 -#define be16_to_cpu(x) ((uint16_t)(x))
 -#define be32_to_cpu(x) ((uint32_t)(x))
 -#define be64_to_cpu(x) ((uint64_t)(x))
 +#define swab64(x) bswap_64(x)
 -#else /* !WORDS_BIGENDIAN */
 +#define cpu_to_le16(x) htole16(x)
 +#define cpu_to_le32(x) htole32(x)
 +#define cpu_to_le64(x) htole64(x)
 -#define cpu_to_le16(x) ((uint16_t)(x))
 -#define cpu_to_le32(x) ((uint32_t)(x))
 -#define cpu_to_le64(x) ((uint64_t)(x))
 -#define cpu_to_be16(x) swab16(x)
 -#define cpu_to_be32(x) swab32(x)
 -#define cpu_to_be64(x) swab64(x)
 +#define cpu_to_be16(x) htobe16(x)
 +#define cpu_to_be32(x) htobe32(x)
 +#define cpu_to_be64(x) htobe64(x)
 -#define le16_to_cpu(x) ((uint16_t)(x))
 -#define le32_to_cpu(x) ((uint32_t)(x))
 -#define le64_to_cpu(x) ((uint64_t)(x))
 -#define be16_to_cpu(x) swab16(x)
 -#define be32_to_cpu(x) swab32(x)
 -#define be64_to_cpu(x) swab64(x)
 +#define le16_to_cpu(x) le16toh(x)
 +#define le32_to_cpu(x) le32toh(x)
 +#define le64_to_cpu(x) le64toh(x)
 -#endif /* WORDS_BIGENDIAN */
 +#define be16_to_cpu(x) be16toh(x)
 +#define be32_to_cpu(x) be32toh(x)
 +#define be64_to_cpu(x) be64toh(x)
 #endif /* BITOPS_H */
 -- 
 1.8.0.2
--- a/add-canonicalize_path_restricted.patch
+++ b/add-canonicalize_path_restricted.patch
@ -1,78 +0,0 @@
 From 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Mon, 26 Nov 2012 16:24:28 +0100
 Subject: [PATCH] lib/canonicalize: add canonicalize_path_restricted() to
 canonicalize without suid permisssions
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 include/canonicalize.h |    1 +
 lib/canonicalize.c     |   42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 Index: util-linux-2.21.2/include/canonicalize.h
 ===================================================================
 --- util-linux-2.21.2.orig/include/canonicalize.h
 +++ util-linux-2.21.2/include/canonicalize.h
@@ -4,6 +4,7 @@
 #include "c.h"	/* for PATH_MAX */
 extern char *canonicalize_path(const char *path);
 +extern char *canonicalize_path_restricted(const char *path);
 extern char *canonicalize_dm_name(const char *ptname);
 #endif /* CANONICALIZE_H */
 Index: util-linux-2.21.2/lib/canonicalize.c
 ===================================================================
 --- util-linux-2.21.2.orig/lib/canonicalize.c
 +++ util-linux-2.21.2/lib/canonicalize.c
@@ -188,6 +188,48 @@ canonicalize_path(const char *path)
 	return strdup(canonical);
 }
 +char *
 +canonicalize_path_restricted(const char *path)
 +{
 +	char canonical[PATH_MAX+2];
 +	char *p = NULL;
 +	int errsv;
 +	uid_t euid;
 +	gid_t egid;
 +
 +	if (path == NULL)
 +		return NULL;
 +
 +	euid = geteuid();
 +	egid = getegid();
 +
 +	/* drop permissions */
 +	if (setegid(getgid()) < 0 || seteuid(getuid()) < 0)
 +		return NULL;
 +
 +	errsv = errno = 0;
 +
 +	if (myrealpath(path, canonical, PATH_MAX+1)) {
 +		p = strrchr(canonical, '/');
 +		if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4)))
 +			p = canonicalize_dm_name(p+1);
 +		else
 +			p = NULL;
 +		if (!p)
 +			p = strdup(canonical);
 +	} else
 +		errsv = errno;
 +
 +	/* restore */
 +	if (setegid(egid) < 0 || seteuid(euid) < 0) {
 +		free(p);
 +		return NULL;
 +	}
 +
 +	errno = errsv;
 +	return p;
 +}
 +
 #ifdef TEST_PROGRAM_CANONICALIZE
 int main(int argc, char **argv)
--- a/fdisk-tinfo.patch
+++ b/fdisk-tinfo.patch
@ -1,18 +1,12 @@
-Index: util-linux-2.21-rc2/fdisk/Makefile.am
+--- util-linux-2.23.1/fdisks/Makemodule.am
-===================================================================
+++ util-linux-2.23.1/fdisks/Makemodule.am	2013-06-05 09:58:30.753439465 +0000
--- util-linux-2.21-rc2.orig/fdisk/Makefile.am
+@@ -79,6 +79,9 @@ endif
-+++ util-linux-2.21-rc2/fdisk/Makefile.am
+ if HAVE_SLANG
-@@ -64,9 +64,13 @@ sbin_PROGRAMS += cfdisk
+ cfdisk_LDADD += -lslang
- dist_man_MANS += cfdisk.8
+ else
 cfdisk_SOURCES = cfdisk.c $(fdisk_common)
 cfdisk_CFLAGS = $(cflags_blkid)
 +if HAVE_TINFO
-+cfdisk_LDADD = -ltinfo @NCURSES_LIBS@ $(ldadd_blkid)
+cfdisk_LDADD += -ltinfo
 +else
 cfdisk_LDADD = @NCURSES_LIBS@ $(ldadd_blkid)
 endif
 endif
 +endif
- 
+ if HAVE_NCURSES
- endif # !ARCH_SPARC
+ cfdisk_LDADD += @NCURSES_LIBS@
- endif # !ARCH_M68K
+ endif
--- a/fdiskbsdlabel.patch
+++ b/fdiskbsdlabel.patch
@ -1,14 +0,0 @@
 Index: util-linux-2.21.2/fdisk/fdiskbsdlabel.h
 ===================================================================
 --- util-linux-2.21.2.orig/fdisk/fdiskbsdlabel.h
 +++ util-linux-2.21.2/fdisk/fdiskbsdlabel.h
@@ -48,7 +48,8 @@
 #if defined (__i386__) || defined (__sparc__) || defined (__arm__) || \
     defined (__mips__) || defined (__s390__) || defined (__sh__) || \
 -    defined(__x86_64__) || defined (__avr32__) || defined(__cris__)
 +    defined(__x86_64__) || defined (__avr32__) || defined(__cris__) || \
 +    defined(__aarch64__)
 #define BSD_LABELSECTOR   1
 #define BSD_LABELOFFSET   0
 #elif defined (__alpha__) || defined (__powerpc__) || defined (__ia64__) || defined (__hppa__)
--- a/libmount-add-MNT_ERR_LOOPDEV.patch
+++ b/libmount-add-MNT_ERR_LOOPDEV.patch
@ -1,59 +0,0 @@
 From 82756a747e4bcfc13a27b7618d889af080649584 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Mon, 28 May 2012 12:26:36 +0200
 Subject: [PATCH] libmount: add MNT_ERR_LOOPDEV
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 lib/loopdev.c                  |    4 ++++
 libmount/src/context_loopdev.c |    1 +
 libmount/src/libmount.h.in     |    1 +
 3 files changed, 6 insertions(+), 0 deletions(-)
 Index: util-linux-2.21.2/lib/loopdev.c
 ===================================================================
 --- util-linux-2.21.2.orig/lib/loopdev.c
 +++ util-linux-2.21.2/lib/loopdev.c
@@ -173,6 +173,8 @@ int loopcxt_init(struct loopdev_cxt *lc,
  */
 void loopcxt_deinit(struct loopdev_cxt *lc)
 {
 +	int errsv = errno;
 +
 	if (!lc)
 		return;
@@ -183,6 +185,8 @@ void loopcxt_deinit(struct loopdev_cxt *
 	loopcxt_set_device(lc, NULL);
 	loopcxt_deinit_iterator(lc);
 +
 +	errno = errsv;
 }
 /*
 Index: util-linux-2.21.2/libmount/src/context_loopdev.c
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
 +++ util-linux-2.21.2/libmount/src/context_loopdev.c
@@ -261,6 +261,7 @@ int mnt_context_setup_loopdev(struct lib
 		if (loopdev || rc != -EBUSY) {
 			DBG(CXT, mnt_debug_h(cxt, "failed to setup device"));
 +			rc = -MNT_ERR_LOOPDEV;
 			goto done;
 		}
 		DBG(CXT, mnt_debug_h(cxt, "loopdev stolen...trying again"));
 Index: util-linux-2.21.2/libmount/src/libmount.h.in
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/libmount.h.in
 +++ util-linux-2.21.2/libmount/src/libmount.h.in
@@ -126,6 +126,7 @@ enum {
 #define MNT_ERR_NOFSTAB      5000	/* not found required entry in fstab */
 #define MNT_ERR_NOFSTYPE     5001	/* failed to detect filesystem type */
 #define MNT_ERR_NOSOURCE     5002	/* required mount source undefined */
 +#define MNT_ERR_LOOPDEV	     5003	/* loopdev setup failed, errno set by libc */
 /* init.c */
 extern void mnt_init_debug(int mask);
--- a/libmount-add-special-MNT_ERR-codes.patch
+++ b/libmount-add-special-MNT_ERR-codes.patch
@ -1,68 +0,0 @@
 From 47dea49b4cb4a4a98a6c518cc17f6d2c92be9528 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Tue, 24 Apr 2012 11:57:32 +0200
 Subject: [PATCH] libmount: add special MNT_ERR_ codes
 ... to detect some situations where standard -errno is too generic.
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 libmount/src/context.c     |   20 ++++++++++----------
 libmount/src/libmount.h.in |   12 ++++++++++++
 2 files changed, 22 insertions(+), 10 deletions(-)
 Index: util-linux-2.21.2/libmount/src/context.c
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/context.c
 +++ util-linux-2.21.2/libmount/src/context.c
@@ -1186,7 +1186,7 @@ int mnt_context_prepare_srcpath(struct l
 		if (cache)
 			path = mnt_resolve_tag(t, v, cache);
 -		rc = path ? mnt_fs_set_source(cxt->fs, path) : -EINVAL;
 +		rc = path ? mnt_fs_set_source(cxt->fs, path) : -MNT_ERR_NOSOURCE;
 	} else if (cache && !mnt_fs_is_pseudofs(cxt->fs)) {
 		/*
@@ -1247,7 +1247,7 @@ int mnt_context_prepare_target(struct li
 	cache = mnt_context_get_cache(cxt);
 	if (cache) {
 		char *path = mnt_resolve_path(tgt, cache);
 -		if (strcmp(path, tgt))
 +		if (path && strcmp(path, tgt) != 0)
 			rc = mnt_fs_set_target(cxt->fs, path);
 	}
@@ -1543,7 +1543,7 @@ static int apply_table(struct libmnt_con
 	}
 	if (!fs)
 -		return -EINVAL;
 +		return -MNT_ERR_NOFSTAB;	/* not found */
 	DBG(CXT, mnt_debug_h(cxt, "apply entry:"));
 	DBG(CXT, mnt_fs_print_debug(fs, stderr));
 Index: util-linux-2.21.2/libmount/src/libmount.h.in
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/libmount.h.in
 +++ util-linux-2.21.2/libmount/src/libmount.h.in
@@ -115,6 +115,18 @@ enum {
 	MNT_ACT_UMOUNT
 };
 +/*
 + * Errors -- by default libmount returns -errno for generic errors (ENOMEM,
 + * EINVAL, ...) and for mount(2) errors, but for some specific operations it
 + * returns private error codes. Note that maximum system errno value should be
 + * 4095 on UNIXes.
 + *
 + * See also mnt_context_get_syscall_errno() and mnt_context_get_helper_status().
 + */
 +#define MNT_ERR_NOFSTAB      5000	/* not found required entry in fstab */
 +#define MNT_ERR_NOFSTYPE     5001	/* failed to detect filesystem type */
 +#define MNT_ERR_NOSOURCE     5002	/* required mount source undefined */
 +
 /* init.c */
 extern void mnt_init_debug(int mask);
--- a/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
+++ b/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
@ -1,115 +0,0 @@
 From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Thu, 14 Jun 2012 14:19:26 +0200
 Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo
   mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux
 is incorrectly translated to
   mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ...
 The command mount(8) should be sensitive to "user" (without "=<name>")
 only. The correct cifs command line is:
   mount.cifs -o user=root,password=linux
 Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 libmount/src/context_mount.c |   29 +++++++++++++++++++++++++++--
 libmount/src/optstr.c        |    9 +++++----
 2 files changed, 32 insertions(+), 6 deletions(-)
 Index: util-linux-2.21.2/libmount/src/context_mount.c
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/context_mount.c
 +++ util-linux-2.21.2/libmount/src/context_mount.c
@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont
 	if (cxt->mountflags & MS_PROPAGATION)
 		cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT);
 +	/*
 +	 * The "user" options is our business (so we can modify the option),
 +	 * but exception is command line for /sbin/mount.<type> helpers. Let's
 +	 * save the original user=<name> to call the helpers with unchanged
 +	 * "user" setting.
 +	 *
 +	 * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe
 +	 * removed by evaluate_permissions().
 +	 */
 	if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) {
 		if (val) {
 			cxt->orig_user = strndup(val, valsz);
@@ -196,6 +205,10 @@ err:
 /*
  * this has to be called before fix_optstr()
 + *
 + * Note that user=<name> maybe be used by some filesystems as filesystem
 + * specific option (e.g. cifs). Yes, developers of such filesystems have
 + * allocated pretty hot place in hell...
  */
 static int evaluate_permissions(struct libmnt_context *cxt)
 {
@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l
 		}
 		/*
 -		 * Note that MS_OWNERSECURE and MS_SECURE mount options
 -		 * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags()
 +		 * MS_OWNERSECURE and MS_SECURE mount options are already
 +		 * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags()
 +		 * if "user" (but no user=<name> !) options is set.
 +		 *
 +		 * Let's ignore all user=<name> (if <name> is set) requests.
 		 */
 +		if (cxt->user_mountflags & MNT_MS_USER) {
 +			size_t valsz = 0;
 +			if (!mnt_optstr_get_option(cxt->fs->user_optstr,
 +					"user", NULL, &valsz) && valsz) {
 +
 +				DBG(CXT, mnt_debug_h(cxt, "perms: user=<name> detected, ignore"));
 +				cxt->user_mountflags &= ~MNT_MS_USER;
 +			}
 +		}
 		/*
 		 * MS_OWNER: Allow owners to mount when fstab contains the
 Index: util-linux-2.21.2/libmount/src/optstr.c
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/optstr.c
 +++ util-linux-2.21.2/libmount/src/optstr.c
@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt
 {
 	struct libmnt_optmap const *maps[2];
 	char *name, *str = (char *) optstr;
 -	size_t namesz = 0;
 +	size_t namesz = 0, valsz = 0;
 	int nmaps = 0;
 	assert(optstr);
@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt
 		 */
 		maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
 -	while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) {
 +	while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) {
 		const struct libmnt_optmap *ent;
 		const struct libmnt_optmap *m;
@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt
 			else
 				*flags |= ent->id;
 -		} else if (nmaps == 2 && m == maps[1]) {
 +		} else if (nmaps == 2 && m == maps[1] && valsz == 0) {
 			/*
 -			 * Special case -- translate "user" to MS_ options
 +			 * Special case -- translate "user" (but no user=) to
 +			 * MS_ options
 			 */
 			if (ent->mask & MNT_INVERT)
 				continue;
--- a/login-close-tty-before-vhangup.patch
+++ b/login-close-tty-before-vhangup.patch
@ -1,39 +0,0 @@
 From 2e7035646eb85851171cc2e989bfa858a4f00cd4 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Thu, 12 Jul 2012 16:33:52 +0200
 Subject: login: close tty before vhangup()
 Git-commit: 2e7035646eb85851171cc2e989bfa858a4f00cd4
 Patch-mainline: v2.22-rc1
 References: bnc#778842
 Let's close all tty file descriptors before vhangup() call.
 References: https://lkml.org/lkml/2012/6/5/145
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Jiri Slaby <jslaby@suse.cz>
 ---
 login-utils/login.c | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/login-utils/login.c b/login-utils/login.c
 index fe13d8d..c0cc00a 100644
 --- a/login-utils/login.c
 +++ b/login-utils/login.c
@@ -409,6 +409,14 @@ static void init_tty(struct login_context *cxt)
 	/* Kill processes left on this tty */
 	tcsetattr(0, TCSAFLUSH, &ttt);
 +	/*
 +	 * Let's close file decriptors before vhangup
 +	 * https://lkml.org/lkml/2012/6/5/145
 +	 */
 +	close(STDIN_FILENO);
 +	close(STDOUT_FILENO);
 +	close(STDERR_FILENO);
 +
 	signal(SIGHUP, SIG_IGN);	/* so vhangup() wont kill us */
 	vhangup();
 	signal(SIGHUP, SIG_DFL);
 -- 
 1.7.12
--- a/mount-new-add-loopdev-specific-error-message.patch
+++ b/mount-new-add-loopdev-specific-error-message.patch
@ -1,51 +0,0 @@
 From 10389b1e4535dda7d27e5ab39d3d4f9d7868a5c9 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Mon, 28 May 2012 12:26:41 +0200
 Subject: [PATCH] mount: (new) add loopdev specific error message
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 sys-utils/mount.c |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)
 Index: util-linux-2.21.2/sys-utils/mount.c
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/mount.c
 +++ util-linux-2.21.2/sys-utils/mount.c
@@ -354,6 +354,9 @@ try_readonly:
 		return MOUNT_EX_SUCCESS;	/* mount(2) success */
 	}
 +	mnt_context_get_mflags(cxt, &mflags);		/* mount(2) flags */
 +	mnt_context_get_user_mflags(cxt, &uflags);	/* userspace flags */
 +
 	if (!mnt_context_syscall_called(cxt)) {
 		/*
 		 * libmount errors (extra library checks)
@@ -382,7 +385,15 @@ try_readonly:
 			else
 				warnx(_("mount source not defined"));
 			return MOUNT_EX_USAGE;
 -
 +		case -MNT_ERR_LOOPDEV:
 +			if (errno == ENOENT
 +			    && (uflags & MNT_MS_ENCRYPTION)
 +			    && src && stat(src, &st) == 0)
 +				warnx(_("%s: failed to setup loop device "
 +					"(probably unknown encryption type)"), src);
 +			else
 +				warn(_("%s: failed to setup loop device"), src);
 +			return MOUNT_EX_FAIL;
 		default:
 		return handle_generic_errors(rc, _("%s: mount failed"),
 					     tgt ? tgt : src);
@@ -406,8 +417,6 @@ try_readonly:
 	 */
 	syserr = mnt_context_get_syscall_errno(cxt);
 -	mnt_context_get_mflags(cxt, &mflags);		/* mount(2) flags */
 -	mnt_context_get_user_mflags(cxt, &uflags);	/* userspace flags */
 	switch(syserr) {
 	case EPERM:
--- a/mount-new-allow-sloppy-for-non-root.patch
+++ b/mount-new-allow-sloppy-for-non-root.patch
@ -1,25 +0,0 @@
 From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Thu, 14 Jun 2012 14:43:21 +0200
 Subject: [PATCH] mount: (new) allow sloppy for non-root
 Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 sys-utils/mount.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
 Index: util-linux-2.21.2/sys-utils/mount.c
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/mount.c
 +++ util-linux-2.21.2/sys-utils/mount.c
@@ -732,7 +732,7 @@ int main(int argc, char **argv)
 					longopts, NULL)) != -1) {
 		/* only few options are allowed for non-root users */
 -		if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c))
 +		if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c))
 			exit_non_root(option_to_longopt(c, longopts));
 		switch(c) {
--- a/mount-new-improve-error-messages.patch
+++ b/mount-new-improve-error-messages.patch
@ -1,46 +0,0 @@
 From 58f108ef2b9c8cc0362e7781a72e5e921dc383b3 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Tue, 17 Apr 2012 11:36:36 +0200
 Subject: [PATCH] mount: (new) improve error messages
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 sys-utils/mount.c |   15 +++++++--------
 1 files changed, 7 insertions(+), 8 deletions(-)
 Index: util-linux-2.21.2/sys-utils/mount.c
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/mount.c
 +++ util-linux-2.21.2/sys-utils/mount.c
@@ -367,16 +367,13 @@ try_readonly:
 			return MOUNT_EX_USAGE;
 		}
 -		/*
 -		 * TODO: add mnt_context_fstab_applied() to check if we found
 -		 *       target/source in the file.
 -		 */
 -		if (!tgt) {
 -			if (mflags & MS_REMOUNT)
 -				warnx(_("%s not mounted"), src ? src : tgt);
 -			else
 +		if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
 +			if (!mnt_context_fstab_applied(cxt))
 				warnx(_("can't find %s in %s"), src ? src : tgt,
 						mnt_get_fstab_path());
 +			else if (mflags & MS_REMOUNT)
 +				warnx(_("%s not mounted"), src ? src : tgt);
 +
 			return MOUNT_EX_USAGE;
 		}
@@ -485,6 +482,8 @@ try_readonly:
 	case EINVAL:
 		if (mflags & MS_REMOUNT)
 			warnx(_("%s not mounted or bad option"), tgt);
 +		else if (mflags & MS_PROPAGATION)
 +			warnx(_("%s is not mountpoint or bad option"), tgt);
 		else
 			warnx(_("wrong fs type, bad option, bad superblock on %s,\n"
 				"       missing codepage or helper program, or other error"),
--- a/mount-new-use-MNT_ERR-for-error-messages.patch
+++ b/mount-new-use-MNT_ERR-for-error-messages.patch
@ -1,56 +0,0 @@
 From ba24923e97e099668b8c96dba9596c90cb58c417 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Tue, 24 Apr 2012 11:59:18 +0200
 Subject: [PATCH] mount: (new) use MNT_ERR_ for error messages
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 sys-utils/mount.c |   27 +++++++++++++--------------
 1 files changed, 13 insertions(+), 14 deletions(-)
 Index: util-linux-2.21.2/sys-utils/mount.c
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/mount.c
 +++ util-linux-2.21.2/sys-utils/mount.c
@@ -365,29 +365,28 @@ try_readonly:
 		case -EBUSY:
 			warnx(_("%s is already mounted"), src);
 			return MOUNT_EX_USAGE;
 -		}
 -
 -		if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
 -			if (!mnt_context_fstab_applied(cxt))
 +		case -MNT_ERR_NOFSTAB:
 				warnx(_("can't find %s in %s"), src ? src : tgt,
 						mnt_get_fstab_path());
 -			else if (mflags & MS_REMOUNT)
 -				warnx(_("%s not mounted"), src ? src : tgt);
 -
 			return MOUNT_EX_USAGE;
 -		}
 -
 -		if (!mnt_context_get_fstype(cxt)) {
 +		case -MNT_ERR_NOFSTYPE:
 			if (restricted)
 				warnx(_("I could not determine the filesystem type, "
 					"and none was specified"));
 			else
 				warnx(_("you must specify the filesystem type"));
 			return MOUNT_EX_USAGE;
 -		}
 +		case -MNT_ERR_NOSOURCE:
 +			if (src)
 +				warnx(_("can't find %s"), src);
 +			else
 +				warnx(_("mount source not defined"));
 +			return MOUNT_EX_USAGE;
 +
 +		default:
 		return handle_generic_errors(rc, _("%s: mount failed"),
 					     tgt ? tgt : src);
 -
 +		}
 	} else if (mnt_context_get_syscall_errno(cxt) == 0) {
 		/*
 		 * mount(2) syscall success, but something else failed
--- a/mount-sanitize-paths-from-non-root-users.patch
+++ b/mount-sanitize-paths-from-non-root-users.patch
@ -1,102 +0,0 @@
 From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Mon, 26 Nov 2012 14:30:22 +0100
 Subject: [PATCH] mount: sanitize paths from non-root users
 $ mount /root/.ssh/../../dev/sda2
 mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
 this is too promiscuous. It seems better to ignore on command line
 specified paths which are not resolve-able for non-root users.
 Fixed version:
  $ mount /root/.ssh/../../dev/sda2
  mount: /root/.ssh/../../dev/sda2: Permission denied
  $ mount /dev/sda2
  mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
 Note that this bug has no relation to mount(2) permissions evaluation
 in suid mode. The way how non-root user specifies paths on command
 line is completely irrelevant for comparison with fstab entries.
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 sys-utils/Makefile.am |    1 +
 sys-utils/mount.c     |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 Index: util-linux-2.21.2/sys-utils/Makefile.am
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/Makefile.am
 +++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab.
 mount_SOURCES = mount.c \
 		$(top_srcdir)/lib/env.c \
 		$(top_srcdir)/lib/xgetpass.c \
 +		$(top_srcdir)/lib/canonicalize.c \
 		$(top_srcdir)/lib/strutils.c
 mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
 Index: util-linux-2.21.2/sys-utils/mount.c
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/mount.c
 +++ util-linux-2.21.2/sys-utils/mount.c
@@ -38,6 +38,7 @@
 #include "strutils.h"
 #include "exitcodes.h"
 #include "xalloc.h"
 +#include "canonicalize.h"
 /*** TODO: DOCS:
  *
@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab
 	return fstab;
 }
 +/*
 + * Check source and target paths -- non-root user should not be able to
 + * resolve paths which are unreadable for him.
 + */
 +static void sanitize_paths(struct libmnt_context *cxt)
 +{
 +	const char *p;
 +	struct libmnt_fs *fs = mnt_context_get_fs(cxt);
 +
 +	if (!fs)
 +		return;
 +
 +	p = mnt_fs_get_target(fs);
 +	if (p) {
 +		char *np = canonicalize_path_restricted(p);
 +		if (!np)
 +			err(MOUNT_EX_USAGE, "%s", p);
 +		mnt_fs_set_target(fs, np);
 +		free(np);
 +	}
 +
 +	p = mnt_fs_get_srcpath(fs);
 +	if (p) {
 +		char *np = canonicalize_path_restricted(p);
 +		if (!np)
 +			err(MOUNT_EX_USAGE, "%s", p);
 +		mnt_fs_set_source(fs, np);
 +		free(np);
 +	}
 +}
 +
 static void __attribute__((__noreturn__)) usage(FILE *out)
 {
 	fputs(USAGE_HEADER, out);
@@ -880,6 +912,9 @@ int main(int argc, char **argv)
 	} else
 		usage(stderr);
 +	if (mnt_context_is_restricted(cxt))
 +		sanitize_paths(cxt);
 +
 	if (oper) {
 		/* MS_PROPAGATION operations, let's set the mount flags */
 		mnt_context_set_mflags(cxt, oper);
--- a/umount-sanitize-paths-from-non-root-users.patch
+++ b/umount-sanitize-paths-from-non-root-users.patch
@ -1,84 +0,0 @@
 From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001
 From: Karel Zak <kzak@redhat.com>
 Date: Mon, 26 Nov 2012 16:25:46 +0100
 Subject: [PATCH] umount: sanitize paths from non-root users
 Signed-off-by: Karel Zak <kzak@redhat.com>
 Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
 ---
 sys-utils/Makefile.am |    4 +++-
 sys-utils/umount.c    |   32 ++++++++++++++++++++++++++++++--
 2 files changed, 33 insertions(+), 3 deletions(-)
 Index: util-linux-2.21.2/sys-utils/Makefile.am
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/Makefile.am
 +++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU
 mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
 mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
 -umount_SOURCES = umount.c $(top_srcdir)/lib/env.c
 +umount_SOURCES = umount.c \
 +		 $(top_srcdir)/lib/env.c \
 +		 $(top_srcdir)/lib/canonicalize.c
 umount_LDADD = $(ul_libmount_la)
 umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir)
 umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
 Index: util-linux-2.21.2/sys-utils/umount.c
 ===================================================================
 --- util-linux-2.21.2.orig/sys-utils/umount.c
 +++ util-linux-2.21.2/sys-utils/umount.c
@@ -34,6 +34,7 @@
 #include "env.h"
 #include "optutils.h"
 #include "exitcodes.h"
 +#include "canonicalize.h"
 static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
 			const char *filename, int line)
@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont
 	return rc;
 }
 +/*
 + * Check path -- non-root user should not be able to resolve path which is
 + * unreadable for him.
 + */
 +static char *sanitize_path(const char *path)
 +{
 +	char *p;
 +
 +	if (!path)
 +		return NULL;
 +
 +	p = canonicalize_path_restricted(path);
 +	if (!p)
 +		err(MOUNT_EX_USAGE, "%s", path);
 +
 +	return p;
 +}
 +
 int main(int argc, char **argv)
 {
 	int c, rc = 0, all = 0;
@@ -388,8 +407,17 @@ int main(int argc, char **argv)
 	} else if (argc < 1) {
 		usage(stderr);
 -	} else while (argc--)
 -		rc += umount_one(cxt, *argv++);
 +	} else while (argc--) {
 +		char *path = *argv++;
 +
 +		if (mnt_context_is_restricted(cxt))
 +			path = sanitize_path(path);
 +
 +		rc += umount_one(cxt, path);
 +
 +		if (mnt_context_is_restricted(cxt))
 +			free(path);
 +	}
 	mnt_free_context(cxt);
 	return rc;
--- a/util-linux-2.12r-fdisk_remove_bogus_warnings.patch
+++ b/util-linux-2.12r-fdisk_remove_bogus_warnings.patch
@ -1,7 +1,7 @@
-Index: util-linux-2.21-rc2/fdisk/fdisk.c
+Index: util-linux-2.21-rc2/fdisks/fdisk.c
 ===================================================================
--- util-linux-2.21-rc2.orig/fdisk/fdisk.c
+--- util-linux-2.21-rc2.orig/fdisks/fdisk.c
-+++ util-linux-2.21-rc2/fdisk/fdisk.c
+++ util-linux-2.21-rc2/fdisks/fdisk.c
@@ -1767,6 +1767,7 @@ static void check_consistency(struct par
 /* compute logical ending (c, h, s) */
 	long2chs(get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
--- a/util-linux-2.20-libmount-deps.patch
+++ b/util-linux-2.20-libmount-deps.patch
@ -1,13 +0,0 @@
 Index: util-linux-2.21.2/libmount/src/Makefile.am
 ===================================================================
 --- util-linux-2.21.2.orig/libmount/src/Makefile.am
 +++ util-linux-2.21.2/libmount/src/Makefile.am
@@ -30,7 +30,7 @@ nodist_libmount_la_SOURCES = mountP.h
 libmount_la_LIBADD = $(ul_libblkid_la) $(SELINUX_LIBS)
 -libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) libmount.sym libmount.h.in
 +libmount_la_DEPENDENCIES = $(ul_libblkid_la) libmount.sym libmount.h.in
 libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/libmount.sym \
                       -version-info $(LIBMOUNT_VERSION_INFO)
--- a/util-linux-2.21.2-noenc.diff
+++ b/util-linux-2.21.2-noenc.diff
@ -1,535 +0,0 @@
 From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel <ludwig.nussel@suse.de>
 Date: Fri, 15 Jun 2012 09:38:36 +0200
 Subject: [PATCH] remove obsolete encryption support from losetup
 kernel cryptoloop is deprecated since ages and support for cryptoloop in
 util-linux is incomplete/broken.
 - no password hashing
 - last 8 bit of key are always set to zero
 - no binary keys possible (stops reading key at \n and \0)
 In the past some Distros added the above features with patches. So
 remove cryptoloop support from util-linux completely to make sure
 people won't try using it.
 Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
 ---
 include/loopdev.h              |    3 --
 lib/loopdev.c                  |   56 ----------------------------------------
 libmount/src/context_loopdev.c |   22 +++-------------
 mount/mount.8                  |    9 +-----
 mount/mount.c                  |   20 +++++---------
 sys-utils/losetup.8            |   29 ++------------------
 sys-utils/losetup.c            |   30 +++++----------------
 sys-utils/mount.8              |    7 +----
 sys-utils/mount.c              |   34 +-----------------------
 9 files changed, 25 insertions(+), 185 deletions(-)
 diff --git a/include/loopdev.h b/include/loopdev.h
 index 906bee0..030f215 100644
 --- a/include/loopdev.h
 +++ b/include/loopdev.h
@@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset);
 int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit);
 int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags);
 int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename);
 -int loopcxt_set_encryption(struct loopdev_cxt *lc,
 -                           const char *encryption,
 -                           const char *password);
 extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc);
 extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno);
 diff --git a/lib/loopdev.c b/lib/loopdev.c
 index fd3f9ba..807984e 100644
 --- a/lib/loopdev.c
 +++ b/lib/loopdev.c
@@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename)
 	return 0;
 }
 -static int digits_only(const char *s)
 -{
 -	while (*s)
 -		if (!isdigit(*s++))
 -			return 0;
 -	return 1;
 -}
 -
 -/*
 - * @lc: context
 - * @encryption: encryption name / type (see lopsetup man page)
 - * @password
 - *
 - * Note that the encryption functionality is deprecated an unmaintained. Use
 - * cryptsetup (it also supports AES-loops).
 - *
 - * The setting is removed by loopcxt_set_device() loopcxt_next()!
 - *
 - * Returns: 0 on success, <0 on error.
 - */
 -int loopcxt_set_encryption(struct loopdev_cxt *lc,
 -			   const char *encryption,
 -			   const char *password)
 -{
 -	if (!lc)
 -		return -EINVAL;
 -
 -	DBG(lc, loopdev_debug("setting encryption '%s'", encryption));
 -
 -	if (encryption && *encryption) {
 -		if (digits_only(encryption)) {
 -			lc->info.lo_encrypt_type = atoi(encryption);
 -		} else {
 -			lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
 -			snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE,
 -				 "%s", encryption);
 -		}
 -	}
 -
 -	switch (lc->info.lo_encrypt_type) {
 -	case LO_CRYPT_NONE:
 -		lc->info.lo_encrypt_key_size = 0;
 -		break;
 -	default:
 -		DBG(lc, loopdev_debug("setting encryption key"));
 -		memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE);
 -		strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE);
 -		lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0';
 -		lc->info.lo_encrypt_key_size = LO_KEY_SIZE;
 -		break;
 -	}
 -
 -	DBG(lc, loopdev_debug("encryption successfully set"));
 -	return 0;
 -}
 -
 /*
  * @cl: context
  *
 diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c
 index 023c952..863ee3d 100644
 --- a/libmount/src/context_loopdev.c
 +++ b/libmount/src/context_loopdev.c
@@ -7,7 +7,6 @@
 /*
  * DOCS: - "lo@" prefix for fstype is unsupported
 - *	 - encyption= mount option for loop device is unssuported
  */
 #include <blkid.h>
@@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt)
 	if (cxt->user_mountflags & (MNT_MS_LOOP |
 				    MNT_MS_OFFSET |
 -				    MNT_MS_SIZELIMIT |
 -				    MNT_MS_ENCRYPTION)) {
 +				    MNT_MS_SIZELIMIT)) {
 		DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected"));
 		return 1;
@@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt,
 int mnt_context_setup_loopdev(struct libmnt_context *cxt)
 {
 	const char *backing_file, *optstr, *loopdev = NULL;
 -	char *val = NULL, *enc = NULL, *pwd = NULL;
 +	char *val = NULL;
 	size_t len;
 	struct loopdev_cxt lc;
 	int rc = 0, lo_flags = 0;
@@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
 	 */
 	if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
 	    mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
 -		enc = strndup(val, len);
 -		if (val && !enc)
 -			rc = -ENOMEM;
 -		if (enc && cxt->pwd_get_cb) {
 -			DBG(CXT, mnt_debug_h(cxt, "asking for pass"));
 -			pwd = cxt->pwd_get_cb(cxt);
 -		}
 +		DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
 +		rc = -EINVAL;
 	}
 	if (rc == 0 && is_mounted_same_loopfile(cxt,
@@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
 			rc = loopcxt_set_offset(&lc, offset);
 		if (!rc && sizelimit)
 			rc = loopcxt_set_sizelimit(&lc, sizelimit);
 -		if (!rc && enc && pwd)
 -			loopcxt_set_encryption(&lc, enc, pwd);
 		if (!rc)
 			loopcxt_set_flags(&lc, lo_flags);
 		if (rc) {
@@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
 		loopcxt_set_fd(&lc, -1, 0);
 	}
 done:
 -	free(enc);
 -	if (pwd && cxt->pwd_release_cb) {
 -		DBG(CXT, mnt_debug_h(cxt, "release pass"));
 -		cxt->pwd_release_cb(cxt, pwd);
 -	}
 	loopcxt_deinit(&lc);
 	return rc;
 }
 diff --git a/mount/mount.8 b/mount/mount.8
 index 789d9fe..0644e8e 100644
 --- a/mount/mount.8
 +++ b/mount/mount.8
@@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
 file. This option can be used together with the
 .B \-f
 flag for already canonicalized absolut paths.
 -.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
 -In case of a loop mount with encryption, read the passphrase from
 -file descriptor
 -.I num
 -instead of from the terminal.
 .IP "\fB\-s\fP"
 Tolerate sloppy mount options rather than failing. This will ignore
 mount options not supported by a filesystem type. Not all filesystems
@@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example:
 .B "mount -t ext3 /tmp/disk.img /mnt"
 .sp
 .RE
 -This type of mount knows about four options, namely
 -.BR loop ", " offset ", " sizelimit " and " encryption ,
 +This type of mount knows about three options, namely
 +.BR loop ", " offset ", " sizelimit " ,
 that are really options to
 .BR \%losetup (8).
 (These options can be used in addition to those specific
 diff --git a/mount/mount.c b/mount/mount.c
 index 396f357..b69fd61 100644
 --- a/mount/mount.c
 +++ b/mount/mount.c
@@ -83,9 +83,6 @@ static int mounttype = 0;
 /* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted.  */
 static int restricted = 1;
 -/* Contains the fd to read the passphrase from, if any. */
 -static int pfd = -1;
 -
 #ifdef HAVE_LIBMOUNT_MOUNT
 static struct libmnt_update *mtab_update;
 static char *mtab_opts;
@@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags,
       *type = opt_vfstype;
   }
 -  *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption);
 +  *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit);
   *loopfile = *spec;
   /* Automatically create a loop device from a regular file if a filesystem
@@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags,
         return EX_FAIL;
       }
 +      if (opt_encryption) {
 +        error("mount: %s", _("encryption not supported, use cryptsetup(8) instead"));
 +        return EX_FAIL;
 +      }
 +
       loopcxt_init(&lc, 0);
       /* loopcxt_enable_debug(&lc, 1); */
@@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type,
 #endif /* !HAVE_LIBMOUNT_MOUNT */
 static void
 -set_pfd(char *s) {
 -	if (!isdigit(*s))
 -		die(EX_USAGE,
 -		    _("mount: argument to -p or --pass-fd must be a number"));
 -	pfd = atoi(optarg);
 -}
 -
 -static void
 cdrom_setspeed(const char *spec) {
 #define CDROM_SELECT_SPEED      0x5322  /* Set the CD-ROM speed */
 	if (opt_speed) {
@@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) {
 			test_opts = append_opt(test_opts, optarg, NULL);
 			break;
 		case 'p':		/* fd on which to read passwd */
 -			set_pfd(optarg);
 +                        error("mount: %s", _("--pass-fd is no longer supported"));
 			break;
 		case 'r':		/* mount readonly */
 			readonly = 1;
 diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8
 index f50b072..8c69689 100644
 --- a/sys-utils/losetup.8
 +++ b/sys-utils/losetup.8
@@ -40,8 +40,6 @@ Setup loop device:
 .sp
 .in +5
 .B losetup
 -.RB [{ \-e | \-E }
 -.IR encryption ]
 .RB [ \-o
 .IR offset ]
 .RB [ \-\-sizelimit
@@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop
 detach the file or device associated with the specified loop device(s)
 .IP "\fB\-D, \-\-detach-all\fP"
 detach all associated loop devices
 -.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP"
 -enable data encryption with specified name or number
 .IP "\fB\-f, \-\-find\fP"
 find the first unused loop device. If a
 .I file
@@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or
 device
 .IP "\fB\-\-sizelimit \fIsize\fP"
 the data end is set to no more than \fIsize\fP bytes after the data start
 -.IP "\fB\-p, \-\-pass-fd \fInum\fP"
 -read the passphrase from file descriptor with number
 -.I num
 -instead of from the terminal
 .IP "\fB\-P, \-\-partscan\fP"
 force kernel to scan partition table on newly created loop device
 .IP "\fB\-r, \-\-read-only\fP"
@@ -116,25 +108,10 @@ argument are present.
 verbose mode
 .SH ENCRYPTION
 -.B Cryptoloop is deprecated in favor of dm-crypt. For more details see
 -.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e
 -.B options will be ignored.
 -
 -
 -It is possible to specify transfer functions (for encryption/decryption
 -or other purposes) using one of the
 -.B \-E
 +Cryptoloop is no longer supported in favor of dm-crypt. For more details see
 +.B cryptsetup (8)
 and
 -.B \-e
 -options.
 -There are two mechanisms to specify the desired encryption: by number
 -and by name. If an encryption is specified by number then one
 -has to make sure that the Linux kernel knows about the encryption with that
 -number, probably by patching the kernel. Standard numbers that are
 -always present are 0 (no encryption) and 1 (XOR encryption).
 -When the cryptoloop module is loaded (or compiled in), it uses number 18.
 -This cryptoloop module will take the name of an arbitrary encryption type
 -and find the module that knows how to perform that encryption.
 +.B crypttab (5).
 .SH RETURN VALUE
 .B losetup
 diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c
 index 9f03151..2513253 100644
 --- a/sys-utils/losetup.c
 +++ b/sys-utils/losetup.c
@@ -18,7 +18,6 @@
 #include "nls.h"
 #include "strutils.h"
 #include "loopdev.h"
 -#include "xgetpass.h"
 enum {
 	A_CREATE = 1,		/* setup a new device */
@@ -164,10 +163,8 @@ static void usage(FILE *out)
 		" -j, --associated <file>       list all devices associated with <file>\n"), out);
 	fputs(USAGE_SEPARATOR, out);
 -	fputs(_(" -e, --encryption <type>       enable encryption with specified <name/num>\n"
 -		" -o, --offset <num>            start at offset <num> into file\n"
 +	fputs(_(" -o, --offset <num>            start at offset <num> into file\n"
 		"     --sizelimit <num>         device limited to <num> bytes of the file\n"
 -		" -p, --pass-fd <num>           read passphrase from file descriptor <num>\n"
 		" -P, --partscan                create partitioned loop device\n"
 		" -r, --read-only               setup read-only loop device\n"
 		"     --show                    print device name after setup (with -f)\n"
@@ -185,8 +182,8 @@ static void usage(FILE *out)
 int main(int argc, char **argv)
 {
 	struct loopdev_cxt lc;
 -	int act = 0, flags = 0, passfd = -1, c;
 -	char *file = NULL, *encryption = NULL;
 +	int act = 0, flags = 0, c;
 +	char *file = NULL;
 	uint64_t offset = 0, sizelimit = 0;
 	int res = 0, showdev = 0, lo_flags = 0;
@@ -249,7 +246,7 @@ int main(int argc, char **argv)
 			break;
 		case 'E':
 		case 'e':
 -			encryption = optarg;
 +			errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead"));
 			break;
 		case 'f':
 			act = A_FIND_FREE;
@@ -268,8 +265,7 @@ int main(int argc, char **argv)
 			flags |= LOOPDEV_FL_OFFSET;
 			break;
 		case 'p':
 -			passfd = strtol_or_err(optarg,
 -					_("invalid passphrase file descriptor"));
 +                        warn(_("--pass-fd is no longer supported"));
 			break;
 		case 'P':
 			lo_flags |= LO_FLAGS_PARTSCAN;
@@ -327,10 +323,10 @@ int main(int argc, char **argv)
 	}
 	if (act != A_CREATE &&
 -	    (encryption || sizelimit || passfd != -1 || lo_flags || showdev))
 +	    (sizelimit || lo_flags || showdev))
 		errx(EXIT_FAILURE,
 			_("the options %s are allowed to loop device setup only"),
 -			"--{encryption,sizelimit,pass-fd,read-only,show}");
 +			"--{sizelimit,read-only,show}");
 	if ((flags & LOOPDEV_FL_OFFSET) &&
 	    act != A_CREATE && (act != A_SHOW || !file))
@@ -339,16 +335,8 @@ int main(int argc, char **argv)
 	switch (act) {
 	case A_CREATE:
 	{
 -		char *pass = NULL;
 		int hasdev = loopcxt_has_device(&lc);
 -		if (encryption) {
 -#ifdef MCL_FUTURE
 -			if(mlockall(MCL_CURRENT | MCL_FUTURE))
 -				err(EXIT_FAILURE, _("couldn't lock into memory"));
 -#endif
 -			pass = xgetpass(passfd, _("Password: "));
 -		}
 		do {
 			/* Note that loopcxt_{find_unused,set_device}() resets
 			 * loopcxt struct.
@@ -357,8 +345,6 @@ int main(int argc, char **argv)
 				warnx(_("not found unused device"));
 				break;
 			}
 -			if (encryption && pass)
 -				loopcxt_set_encryption(&lc, encryption, pass);
 			if (flags & LOOPDEV_FL_OFFSET)
 				loopcxt_set_offset(&lc, offset);
 			if (flags & LOOPDEV_FL_SIZELIMIT)
@@ -379,8 +365,6 @@ int main(int argc, char **argv)
 			}
 		} while (hasdev == 0);
 -		free(pass);
 -
 		if (showdev && res == 0)
 			printf("%s\n", loopcxt_get_device(&lc));
 		break;
 diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
 index 4f8af0a..73f5170 100644
 --- a/sys-utils/mount.8
 +++ b/sys-utils/mount.8
@@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
 file. This option can be used together with the
 .B \-f
 flag for already canonicalized absolut paths.
 -.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
 -In case of a loop mount with encryption, read the passphrase from
 -file descriptor
 -.I num
 -instead of from the terminal.
 .IP "\fB\-s\fP"
 Tolerate sloppy mount options rather than failing. This will ignore
 mount options not supported by a filesystem type. Not all filesystems
@@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example:
 .sp
 .RE
 This type of mount knows about four options, namely
 -.BR loop ", " offset ", " sizelimit " and " encryption ,
 +.BR loop ", " offset ", " sizelimit ",
 that are really options to
 .BR \%losetup (8).
 (These options can be used in addition to those specific
 diff --git a/sys-utils/mount.c b/sys-utils/mount.c
 index 7f2d5d8..031fd31 100644
 --- a/sys-utils/mount.c
 +++ b/sys-utils/mount.c
@@ -36,7 +36,6 @@
 #include "env.h"
 #include "optutils.h"
 #include "strutils.h"
 -#include "xgetpass.h"
 #include "exitcodes.h"
 #include "xalloc.h"
@@ -49,7 +48,6 @@
  *  --options-source-force				MNT_OMODE_FORCE
  */
 -static int passfd = -1;
 static int readwrite;
 static int mk_exit_code(struct libmnt_context *cxt, int rc);
@@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)
 	return 0;
 }
 -static char *encrypt_pass_get(struct libmnt_context *cxt)
 -{
 -	if (!cxt)
 -		return 0;
 -
 -#ifdef MCL_FUTURE
 -	if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
 -		warn(_("couldn't lock into memory"));
 -		return NULL;
 -	}
 -#endif
 -	return xgetpass(passfd, _("Password: "));
 -}
 -
 -static void encrypt_pass_release(struct libmnt_context *cxt
 -			__attribute__((__unused__)), char *pwd)
 -{
 -	char *p = pwd;
 -
 -	while (p && *p)
 -		*p++ = '\0';
 -
 -	free(pwd);
 -	munlockall();
 -}
 -
 static void print_all(struct libmnt_context *cxt, char *pattern, int show_label)
 {
 	struct libmnt_table *tb;
@@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out)
 	fprintf(out, _(
 	" -o, --options <list>    comma-separated list of mount options\n"
 	" -O, --test-opts <list>  limit the set of filesystems (use with -a)\n"
 -	" -p, --pass-fd <num>     read the passphrase from file descriptor\n"
 	" -r, --read-only         mount the filesystem read-only (same as -o ro)\n"
 	" -t, --types <list>      limit the set of filesystem types\n"));
 	fprintf(out, _(
@@ -782,8 +753,7 @@ int main(int argc, char **argv)
 				err(MOUNT_EX_SYSERR, _("failed to set options pattern"));
 			break;
 		case 'p':
 -			passfd = strtol_or_err(optarg,
 -					_("invalid passphrase file descriptor"));
 +                        warnx(_("--pass-fd is no longer supported"));
 			break;
 		case 'L':
 		case 'U':
@@ -864,8 +834,6 @@ int main(int argc, char **argv)
 	else if (types)
 		mnt_context_set_fstype(cxt, types);
 -	mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release);
 -
 	if (all) {
 		/*
 		 * A) Mount all
 -- 
 1.7.7
--- a/util-linux-2.23.1-eject-fpie.patch
+++ b/util-linux-2.23.1-eject-fpie.patch
@ -0,0 +1,13 @@
 --- util-linux-2.23.1/sys-utils/Makemodule.am
 +++ util-linux-2.23.1/sys-utils/Makemodule.am	2013-06-05 12:55:10.921439066 +0000
@@ -142,8 +142,8 @@ endif # LINUX
 if BUILD_EJECT
 usrbin_exec_PROGRAMS += eject
 eject_SOURCES =  sys-utils/eject.c
 -eject_LDADD = $(LDADD) libmount.la libcommon.la
 -eject_CFLAGS = $(AM_CFLAGS) -I$(ul_libmount_incdir)
 +eject_LDADD = $(SUID_LDFLAGS) $(LDADD) libmount.la libcommon.la
 +eject_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
 dist_man_MANS += sys-utils/eject.1
 endif
--- a/util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
+++ b/util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
@ -0,0 +1,20 @@
 --- util-linux-2.23.1/fdisks/fdiskdoslabel.c
 +++ util-linux-2.23.1/fdisks/fdiskdoslabel.c	2013-06-05 10:11:14.121939007 +0000
@@ -817,7 +817,7 @@ static void check_consistency(struct fdi
 /* compute logical ending (c, h, s) */
 	long2chs(cxt, get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
 -
 +#if 0
 /* Same physical / logical beginning? */
 	if (cxt->geom.cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) {
 		printf(_("Partition %zd has different physical/logical "
@@ -833,7 +833,7 @@ static void check_consistency(struct fdi
 		printf(_("     phys=(%d, %d, %d) "), pec, peh, pes);
 		printf(_("logical=(%d, %d, %d)\n"),lec, leh, les);
 	}
 -
 +#endif
 /* Ending on cylinder boundary? */
 	if (peh != (cxt->geom.heads - 1) || pes != cxt->geom.sectors) {
 		printf(_("Partition %zd does not end on cylinder boundary.\n"),
--- a/util-linux-2.23.1-noenc-suse.diff
+++ b/util-linux-2.23.1-noenc-suse.diff
@ -0,0 +1,12 @@
 --- util-linux-2.23.1/libmount/src/context_loopdev.c
 +++ util-linux-2.23.1/libmount/src/context_loopdev.c	2013-06-05 09:44:37.081939564 +0000
@@ -213,6 +213,9 @@ int mnt_context_setup_loopdev(struct lib
 	if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
 	    mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
 		DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
 +		// XXX: nasty for the lib but there's on better way to give a hint atm
 +		fprintf(stderr, "mount: encryption no longer supported.\n"
 +				"       Please use /etc/crypttab instead (man 5 crypttab)\n");
 		rc = -MNT_ERR_MOUNTOPT;
 	}
--- a/util-linux-2.23.1.tar.bz2
+++ b/util-linux-2.23.1.tar.bz2
--- a/util-linux.changes
+++ b/util-linux.changes
@ -1,3 +1,56 @@
 -------------------------------------------------------------------
 Wed Jun  5 12:30:45 UTC 2013 - werner@suse.de
 - Update to util-linux-2.23.1
  + Release highlights (2.22)
  su(1):
    * has been merged from coreutils into util-linux
    * utils-linux version uses /etc/pam.d/su-l PAM config file for --login 
      (e.g. "su -") session.
  sulogin(8):
    * has been merged from sysvinit into util-linux
  utmpdump(1):
    * has been merged from sysvinit into util-linux
  eject(1):
    * has been merged from inactive upstream from sf.net and Fedora into util-linux
    * supports new options --manualeject, --force and --no-partitions-unmount
  lslocks(1)
    * this NEW COMMAND prints local system locks and it's replacement to very 
      long time unmaintained lslk(1)
  wdctl(8):
    * this NEW COMMAND shows hardware watchdog status
  libuuid:
    * does NOT EXECUTE uuidd on demand, the daemon has to be started by 
      init scripts / systemd
  uuidd:
    * supports socket activation (for systemd)
    * supports new options -no-fork, --no-pid and --socket-activation
  + Release highlights (2.23)
  blkdiscard(8):
    * this NEW COMMAND discard sectors on a device (for example on SSD disks)
  sulogin(8):
    * provides multi-console feature from SysVinit
 - Removed following patches now upstream
  * 0001-Test-for-secure_getenv-too.patch
  * 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
  * add-canonicalize_path_restricted.patch
  * fdiskbsdlabel.patch
  * libmount-add-MNT_ERR_LOOPDEV.patch
  * libmount-add-special-MNT_ERR-codes.patch
  * libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
  * login-close-tty-before-vhangup.patch
  * mount-new-add-loopdev-specific-error-message.patch
  * mount-new-allow-sloppy-for-non-root.patch
  * mount-new-improve-error-messages.patch
  * mount-new-use-MNT_ERR-for-error-messages.patch
  * mount-sanitize-paths-from-non-root-users.patch
  * util-linux-2.21.2-noenc.diff
  * umount-sanitize-paths-from-non-root-users.patch
 - Removed following patch which otherwise cause to break build
  * util-linux-2.20-libmount-deps.patch
 - Add util-linux-2.23.1-eject-fpie.patch to compile and link eject
  with PIE
 -------------------------------------------------------------------
 Wed May 29 11:45:04 UTC 2013 - ihno@suse.com
--- a/util-linux.spec
+++ b/util-linux.spec
@ -16,6 +16,16 @@
 #
 #
 # Following package should be fixed:
 #  coreutils ... do not install su and kill
 #  sysvinit-tools ... do not install sulogin and utmpdump
 #  eject ... simply drop this package
 #
 %bcond_without  sysvinit_tools
 %bcond_without	enable_su
 %bcond_without	enable_eject
 Name:           util-linux
 BuildRequires:  audit-devel
 BuildRequires:  binutils-devel
@ -28,8 +38,10 @@ BuildRequires:  ncurses-devel
 BuildRequires:  pam-devel
 BuildRequires:  pkg-config
 BuildRequires:  readline-devel
 BuildRequires:  utempter-devel
 BuildRequires:  zlib-devel
-Version:        2.21.2
+BuildRequires:  pkgconfig(systemd)
 Version:        2.23.1
 Release:        0
 # util-linux is a base package and uuidd pre-requiring pwdutils pulls
 # that into the core build cycle.  pwdutils also pulls in the whole
@ -37,7 +49,7 @@ Release:        0
 # make the rpm install check of uuidd happy which has support to work without
 # these tools as well
 #!BuildIgnore:  pwdutils
-Url:            http://kernel.org/~kzak/util-linux/
+Url:            https://www.kernel.org/pub/linux/utils/util-linux/
 Supplements:    filesystem(minix)
 Provides:       fsck-with-dev-lock = %{version}
 # bnc#651598:
@ -60,7 +72,7 @@ Source8:        login.pamd
 Source9:        remote.pamd
 # TODO: split to separate package
 Source11:       klogconsole.tar.bz2
-# XXX: needed?
+# XXX: Run a program in a new session and with controlling tty
 Source22:       setctsid.c
 Source23:       setctsid.8
 # XXX: ppc specific, still needed?
@ -76,40 +88,16 @@ Source51:       blkid.conf
 ## util-linux patches
 ##
 # 241372 - remove legacy warnings from fdisk
-Patch1:         util-linux-2.12r-fdisk_remove_bogus_warnings.patch
+Patch1:         util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
-Patch2:         util-linux-2.20-libmount-deps.patch
+Patch2:         util-linux-2.23.1-eject-fpie.patch
 Patch3:         fdisk-tinfo.patch
 Patch4:         mount-new-allow-sloppy-for-non-root.patch
 Patch5:         libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
 # Patches 6-10: bcn#767208 (taken from upstream
 Patch6:         mount-new-improve-error-messages.patch
 Patch7:         libmount-add-special-MNT_ERR-codes.patch
 Patch8:         mount-new-use-MNT_ERR-for-error-messages.patch
 Patch9:         libmount-add-MNT_ERR_LOOPDEV.patch
 Patch10:        mount-new-add-loopdev-specific-error-message.patch
 # disable encryption
-Patch11:        util-linux-2.21.2-noenc.diff
+Patch12:        util-linux-2.23.1-noenc-suse.diff
 Patch12:        util-linux-2.21.2-noenc-suse.diff
 Patch13:        login-close-tty-before-vhangup.patch
 # hack for boot.localfs
 Patch20:        util-linux-HACK-boot.localfs.diff
 Patch21:        0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
 #bnc#797002
 Patch22:        add-canonicalize_path_restricted.patch
 Patch23:        mount-sanitize-paths-from-non-root-users.patch
 Patch24:        umount-sanitize-paths-from-non-root-users.patch
 #####
 # There is no __secure_getenv anymore..
 Patch25:        0001-Test-for-secure_getenv-too.patch
 # fix fdisk compilation on aarch64
 Patch26:        fdiskbsdlabel.patch
 ##
 ## klogconsole
 ##
@ -215,48 +203,42 @@ Files to develop applications using the libmount library.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 #
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
 #
 # setctsid
-cp %{S:22} %{S:23} .
+cp -p %{S:22} %{S:23} .
 # nologin
-cp %{S:2} %{S:3} %{S:26} %{S:30} .
+cp -p %{S:2} %{S:3} %{S:26} %{S:30} .
 %patch60 -p1
 %patch61 -p1
-cd ../klogconsole
+pushd ../klogconsole
 %patch55 -p1
 %patch56 -p1
 popd
 %build
-pushd ../
+pushd ../klogconsole
 # klogconsole build
 cd klogconsole
 make %{?_smp_mflags} CFLAGS="%{optflags}" CC="%{__cc}"
 cd ..
 popd
 # setctsid build
 rm -f setctsid
 make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}"
 #
 # Version check for libutempter
 #
 uhead=$(find /usr/include -name utempter.h 2>/dev/null)
 if test -n "$uhead" && grep -q utempter_add_record "$uhead"
 then
    uhead=--with-utempter
 else
    uhead=--without-utempter
 fi
 #
 # util-linux itself
 #
 autoreconf -fi
@ -264,16 +246,41 @@ export SUID_CFLAGS="-fpie"
 export SUID_LDFLAGS="-pie"
 %configure \
  --with-audit \
  --with-gnu-ld \
  --with-ncurses \
  --with-selinux \
  $uhead \
  --with-systemdsystemunitdir=%_unitdir \
  --with-bashcompletiondir=%{_datadir}/bash-completion \
  --enable-mesg \
  --enable-partx \
  --enable-raw \
  --enable-write \
  --enable-line \
  --enable-new-mount \
  --enable-ddate \
  --enable-login-utils \
  --enable-tunelp \
  --enable-logger \
 %if %{with enable_eject}
  --enable-eject \
 %else
  --disable-eject \
 %endif
 %if %{with sysvinit_tools}
  --enable-sulogin \
  --enable-sulogin-emergency-mount \
  --enable-mountpoint \
 %else
  --disable-sulogin \
  --disable-mountpoint \
 %endif
 %if %{with enable_su}
  --enable-kill \
  --enable-su \
 %else
  --disable-su \
  --disable-kill \
 %endif
  --disable-use-tty-group \
  --disable-static \
  --disable-silent-rules \
@ -294,9 +301,8 @@ install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
 install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login
 install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote
 mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
-pushd ..
+pushd ../klogconsole
 # klogconsole install
 cd klogconsole
 make install DEST=%{buildroot}
 popd
 #
@ -304,6 +310,10 @@ popd
 #
 %make_install
 #UsrMerge
 %if %{with enable_su}
 ln -s %{_bindir}/kill %{buildroot}/bin
 ln -s %{_bindir}/su %{buildroot}/bin
 %endif
 ln -s %{_bindir}/logger %{buildroot}/bin
 ln -s %{_bindir}/dmesg %{buildroot}/bin
 ln -s %{_bindir}/more %{buildroot}/bin
@ -436,6 +446,12 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd
 %run_permissions
 %else
 %set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount
 %if %{with sysvinit_tools}
 %set_permissions /usr/bin/su
 %endif
 %if %{with enable_eject}
 %set_permissions /usr/bin/eject
 %endif
 %endif
 # mount option 'code=' is now called 'codepage=' so change fstab
@ -449,6 +465,12 @@ fi
 %verifyscript
 %verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount
 %if %{with sysvinit_tools}
 %verify_permissions -e /usr/bin/su
 %endif
 %if %{with enable_eject}
 %verify_permissions -e /usr/bin/eject
 %endif
 %post -n libblkid1 -p /sbin/ldconfig
@ -495,7 +517,6 @@ fi
 %doc Documentation/cal.txt
 %doc Documentation/cfdisk.txt
 %doc Documentation/col.txt
 %doc Documentation/ddate.txt
 %doc Documentation/deprecated.txt
 %doc Documentation/fdisk.txt
 %doc Documentation/getopt.txt
@ -512,6 +533,10 @@ fi
 %config(noreplace) /etc/pam.d/login
 %config(noreplace) /etc/pam.d/remote
 #UsrMerge
 %if %{with enable_su}
 /bin/kill
 /bin/su
 %endif
 /bin/dmesg
 /bin/more
 /bin/mount
@ -546,13 +571,19 @@ fi
 /sbin/fstrim
 /sbin/chcpu
 #EndUsrMerge
 %if %{with enable_su}
 %{_bindir}/kill
 %{_bindir}/su
 %endif
 %if %{with enable_eject}
 %verify(not mode) %attr(4750,root,audio) %{_bindir}/eject
 %endif
 %{_bindir}/cal
 %{_bindir}/chrt
 %{_bindir}/col
 %{_bindir}/colcrt
 %{_bindir}/colrm
 %{_bindir}/column
 %{_bindir}/ddate
 %{_bindir}/dmesg
 %{_bindir}/fallocate
 %{_bindir}/findmnt
@ -569,11 +600,13 @@ fi
 %{_bindir}/look
 %{_bindir}/lsblk
 %{_bindir}/lscpu
 %{_bindir}/lslocks
 %{_bindir}/mcookie
 %{_bindir}/mesg
 %{_bindir}/more
 %{_bindir}/mount
 %{_bindir}/namei
 %{_bindir}/nsenter
 %{_bindir}/prlimit
 %{_bindir}/rename
 %{_bindir}/renice
@ -587,14 +620,20 @@ fi
 %{_bindir}/ul
 %{_bindir}/umount
 %{_bindir}/unshare
 %if %{with sysvinit_tools}
 %{_bindir}/mountpoint
 %{_bindir}/utmpdump
 %endif
 %{_bindir}/uuidgen
 %ifnarch ppc ppc64
 %{_bindir}/chrp-addnote
 %{_bindir}/mkzimage_cmdline
 %endif
 %{_bindir}/wdctl
 %{_sbindir}/addpart
 %{_sbindir}/agetty
 %{_sbindir}/blkid
 %{_sbindir}/blkdiscard
 %{_sbindir}/blockdev
 %{_sbindir}/chcpu
 %{_sbindir}/ctrlaltdel
@ -617,8 +656,13 @@ fi
 %{_sbindir}/pivot_root
 %{_sbindir}/raw
 %{_sbindir}/rcraw
 %{_sbindir}/resizepart
 %{_sbindir}/rtcwake
 %{_sbindir}/runuser
 %{_sbindir}/setctsid
 %if %{with sysvinit_tools}
 %{_sbindir}/sulogin
 %endif
 %{_sbindir}/swaplabel
 %{_sbindir}/swapoff
 %{_sbindir}/swapon
@ -627,14 +671,20 @@ fi
 %verify(not mode) %attr(0755,root,tty) %{_bindir}/wall
 %{_bindir}/whereis
 %verify(not mode) %attr(0755,root,tty) %{_bindir}/write
 %if %{with enable_su}
 %{_mandir}/man1/kill.1.gz
 %{_mandir}/man1/su.1.gz
 %endif
 %{_mandir}/man1/cal.1.gz
 %{_mandir}/man1/chrt.1.gz
 %{_mandir}/man1/col.1.gz
 %{_mandir}/man1/colcrt.1.gz
 %{_mandir}/man1/colrm.1.gz
 %{_mandir}/man1/column.1.gz
 %{_mandir}/man1/ddate.1.gz
 %{_mandir}/man1/dmesg.1.gz
 %if %{with enable_eject}
 %{_mandir}/man1/eject.1.gz
 %endif
 %{_mandir}/man1/fallocate.1.gz
 %{_mandir}/man1/flock.1.gz
 %{_mandir}/man1/getopt.1.gz
@ -650,6 +700,7 @@ fi
 %{_mandir}/man1/mesg.1.gz
 %{_mandir}/man1/more.1.gz
 %{_mandir}/man1/namei.1.gz
 %{_mandir}/man1/nsenter.1.gz
 %{_mandir}/man1/ionice.1.gz
 %{_mandir}/man1/prlimit.1.gz
 %{_mandir}/man1/rename.1.gz
@ -667,6 +718,11 @@ fi
 %{_mandir}/man1/whereis.1.gz
 %{_mandir}/man1/write.1.gz
 %{_mandir}/man1/ipcmk.1.gz
 %if %{with sysvinit_tools}
 %{_mandir}/man1/mountpoint.1.gz
 %{_mandir}/man1/utmpdump.1.gz
 %endif
 %{_mandir}/man1/runuser.1.gz
 %{_mandir}/man1/uuidgen.1.gz
 %{_mandir}/man5/fstab.5.gz
 %{_mandir}/man8/addpart.8.gz
@ -675,16 +731,20 @@ fi
 %{_mandir}/man8/delpart.8.gz
 %{_mandir}/man8/ctrlaltdel.8.gz
 %{_mandir}/man8/blkid.8.gz
 %{_mandir}/man8/blkdiscard.8.gz
 %{_mandir}/man8/switch_root.8.gz
 %{_mandir}/man8/mkfs.bfs.8.gz
 %{_mandir}/man8/mkfs.minix.8.gz
 %{_mandir}/man8/findfs.8.gz
 %{_mandir}/man8/fsck.8.gz
 %{_mandir}/man8/fsck.cramfs.8.gz
 %{_mandir}/man8/fsck.minix.8.gz
 %{_mandir}/man8/isosize.8.gz
 %{_mandir}/man8/ldattach.8.gz
 %{_mandir}/man8/losetup.8.gz
 %{_mandir}/man8/lslocks.8.gz
 %{_mandir}/man8/mkfs.8.gz
 %{_mandir}/man8/mkfs.cramfs.8.gz
 %{_mandir}/man8/mkswap.8.gz
 %{_mandir}/man8/mount.8.gz
 %{_mandir}/man8/nologin.8.gz
@ -708,12 +768,17 @@ fi
 %{_mandir}/man8/wipefs.8.gz
 %{_mandir}/man8/fstrim.8.gz
 %{_mandir}/man8/lsblk.8.gz
-%{_mandir}/ru
+%{_mandir}/man8/resizepart.8.gz
 %if %{with sysvinit_tools}
 %{_mandir}/man8/sulogin.8.gz
 %endif
 %{_mandir}/man8/wdctl.8.gz
 %{_sbindir}/flushb
 %{_sbindir}/readprofile
 %dir %{_datadir}/getopt
 %attr (755,root,root) %{_datadir}/getopt/getopt-parse.bash
 %attr (755,root,root) %{_datadir}/getopt/getopt-parse.tcsh
 %{_datadir}/bash-completion/*
 %ifnarch ia64
 #XXX: post our patches upstream
 #XXX: call fdupes on /usr/share/man
@ -784,6 +849,8 @@ fi
 %{_initddir}/uuidd
 %{_mandir}/man8/uuidd.8.gz
 %{_sbindir}/rcuuidd
 %{_unitdir}/uuidd.service
 %{_unitdir}/uuidd.socket
 %files -n libuuid1
 %defattr(-, root, root)