diff --git a/0001-Test-for-secure_getenv-too.patch b/0001-Test-for-secure_getenv-too.patch deleted file mode 100644 index 24313af..0000000 --- a/0001-Test-for-secure_getenv-too.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a6f605ed6dcfdf2ea7f6b0bf68e18d8c9ce5ea96 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Tue, 5 Feb 2013 02:06:04 -0300 -Subject: [PATCH] Test for secure_getenv too. -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -In current glibc versions, internal __secure_getenv -no longer exists and was replaced by secure_getenv() - -Signed-off-by: Cristian Rodríguez ---- - configure.ac | 1 + - lib/env.c | 5 +++-- - 2 files changed, 4 insertions(+), 2 deletions(-) - ---- util-linux-2.21.2.orig/configure.ac -+++ util-linux-2.21.2/configure.ac -@@ -281,6 +281,7 @@ AC_CHECK_FUNCS( - posix_fadvise \ - getmntinfo \ - __secure_getenv \ -+ secure_getenv \ - warn \ - warnx \ - rpmatch]) ---- util-linux-2.21.2.orig/lib/env.c -+++ util-linux-2.21.2/lib/env.c -@@ -98,8 +98,9 @@ char *safe_getenv(const char *arg) - return NULL; - #endif - #endif -- --#ifdef HAVE___SECURE_GETENV -+#ifdef HAVE_SECURE_GETENV -+return secure_getenv(arg); -+#elif HAVE___SECURE_GETENV - return __secure_getenv(arg); - #else - return getenv(arg); diff --git a/0001-include-bitops.h-Use-the-operating-system-byteswappi.patch b/0001-include-bitops.h-Use-the-operating-system-byteswappi.patch deleted file mode 100644 index 8719d34..0000000 --- a/0001-include-bitops.h-Use-the-operating-system-byteswappi.patch +++ /dev/null @@ -1,107 +0,0 @@ -From f47373c950e812208f5db14cf728a54c31f750bf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Wed, 26 Dec 2012 14:30:48 -0300 -Subject: [PATCH 1/2] include/bitops.h: Use the operating system byteswapping - functions - -There is no need to reinvent the wheel. ---- - include/bitops.h | 69 +++++++++++++++----------------------------------------- - 1 file changed, 18 insertions(+), 51 deletions(-) - -diff --git a/include/bitops.h b/include/bitops.h -index 81375d0..89b418c 100644 ---- a/include/bitops.h -+++ b/include/bitops.h -@@ -8,6 +8,9 @@ - */ - #include - -+#include -+#include -+ - #ifndef NBBY - # define NBBY CHAR_BIT - #endif -@@ -22,63 +25,27 @@ - /* - * Byte swab macros (based on linux/byteorder/swab.h) - */ --#define swab16(x) \ -- ((uint16_t)( \ -- (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \ -- (((uint16_t)(x) & (uint16_t)0xff00U) >> 8) )) -- --#define swab32(x) \ -- ((uint32_t)( \ -- (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \ -- (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \ -- (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \ -- (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24) )) -- --#define swab64(x) \ -- ((uint64_t)( \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \ -- (uint64_t)(((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56) )) -- -- --#ifdef WORDS_BIGENDIAN -+#define swab16(x) bswap_16(x) - --#define cpu_to_le16(x) swab16(x) --#define cpu_to_le32(x) swab32(x) --#define cpu_to_le64(x) swab64(x) --#define cpu_to_be16(x) ((uint16_t)(x)) --#define cpu_to_be32(x) ((uint32_t)(x)) --#define cpu_to_be64(x) ((uint64_t)(x)) -+#define swab32(x) bswap_32(x) - --#define le16_to_cpu(x) swab16(x) --#define le32_to_cpu(x) swab32(x) --#define le64_to_cpu(x) swab64(x) --#define be16_to_cpu(x) ((uint16_t)(x)) --#define be32_to_cpu(x) ((uint32_t)(x)) --#define be64_to_cpu(x) ((uint64_t)(x)) -+#define swab64(x) bswap_64(x) - --#else /* !WORDS_BIGENDIAN */ -+#define cpu_to_le16(x) htole16(x) -+#define cpu_to_le32(x) htole32(x) -+#define cpu_to_le64(x) htole64(x) - --#define cpu_to_le16(x) ((uint16_t)(x)) --#define cpu_to_le32(x) ((uint32_t)(x)) --#define cpu_to_le64(x) ((uint64_t)(x)) --#define cpu_to_be16(x) swab16(x) --#define cpu_to_be32(x) swab32(x) --#define cpu_to_be64(x) swab64(x) -+#define cpu_to_be16(x) htobe16(x) -+#define cpu_to_be32(x) htobe32(x) -+#define cpu_to_be64(x) htobe64(x) - --#define le16_to_cpu(x) ((uint16_t)(x)) --#define le32_to_cpu(x) ((uint32_t)(x)) --#define le64_to_cpu(x) ((uint64_t)(x)) --#define be16_to_cpu(x) swab16(x) --#define be32_to_cpu(x) swab32(x) --#define be64_to_cpu(x) swab64(x) -+#define le16_to_cpu(x) le16toh(x) -+#define le32_to_cpu(x) le32toh(x) -+#define le64_to_cpu(x) le64toh(x) - --#endif /* WORDS_BIGENDIAN */ -+#define be16_to_cpu(x) be16toh(x) -+#define be32_to_cpu(x) be32toh(x) -+#define be64_to_cpu(x) be64toh(x) - - #endif /* BITOPS_H */ - --- -1.8.0.2 - diff --git a/add-canonicalize_path_restricted.patch b/add-canonicalize_path_restricted.patch deleted file mode 100644 index 252c651..0000000 --- a/add-canonicalize_path_restricted.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Mon, 26 Nov 2012 16:24:28 +0100 -Subject: [PATCH] lib/canonicalize: add canonicalize_path_restricted() to - canonicalize without suid permisssions - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - include/canonicalize.h | 1 + - lib/canonicalize.c | 42 ++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 43 insertions(+) - -Index: util-linux-2.21.2/include/canonicalize.h -=================================================================== ---- util-linux-2.21.2.orig/include/canonicalize.h -+++ util-linux-2.21.2/include/canonicalize.h -@@ -4,6 +4,7 @@ - #include "c.h" /* for PATH_MAX */ - - extern char *canonicalize_path(const char *path); -+extern char *canonicalize_path_restricted(const char *path); - extern char *canonicalize_dm_name(const char *ptname); - - #endif /* CANONICALIZE_H */ -Index: util-linux-2.21.2/lib/canonicalize.c -=================================================================== ---- util-linux-2.21.2.orig/lib/canonicalize.c -+++ util-linux-2.21.2/lib/canonicalize.c -@@ -188,6 +188,48 @@ canonicalize_path(const char *path) - return strdup(canonical); - } - -+char * -+canonicalize_path_restricted(const char *path) -+{ -+ char canonical[PATH_MAX+2]; -+ char *p = NULL; -+ int errsv; -+ uid_t euid; -+ gid_t egid; -+ -+ if (path == NULL) -+ return NULL; -+ -+ euid = geteuid(); -+ egid = getegid(); -+ -+ /* drop permissions */ -+ if (setegid(getgid()) < 0 || seteuid(getuid()) < 0) -+ return NULL; -+ -+ errsv = errno = 0; -+ -+ if (myrealpath(path, canonical, PATH_MAX+1)) { -+ p = strrchr(canonical, '/'); -+ if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4))) -+ p = canonicalize_dm_name(p+1); -+ else -+ p = NULL; -+ if (!p) -+ p = strdup(canonical); -+ } else -+ errsv = errno; -+ -+ /* restore */ -+ if (setegid(egid) < 0 || seteuid(euid) < 0) { -+ free(p); -+ return NULL; -+ } -+ -+ errno = errsv; -+ return p; -+} -+ - - #ifdef TEST_PROGRAM_CANONICALIZE - int main(int argc, char **argv) diff --git a/fdisk-tinfo.patch b/fdisk-tinfo.patch index c9c7562..da5c7bc 100644 --- a/fdisk-tinfo.patch +++ b/fdisk-tinfo.patch @@ -1,18 +1,12 @@ -Index: util-linux-2.21-rc2/fdisk/Makefile.am -=================================================================== ---- util-linux-2.21-rc2.orig/fdisk/Makefile.am -+++ util-linux-2.21-rc2/fdisk/Makefile.am -@@ -64,9 +64,13 @@ sbin_PROGRAMS += cfdisk - dist_man_MANS += cfdisk.8 - cfdisk_SOURCES = cfdisk.c $(fdisk_common) - cfdisk_CFLAGS = $(cflags_blkid) +--- util-linux-2.23.1/fdisks/Makemodule.am ++++ util-linux-2.23.1/fdisks/Makemodule.am 2013-06-05 09:58:30.753439465 +0000 +@@ -79,6 +79,9 @@ endif + if HAVE_SLANG + cfdisk_LDADD += -lslang + else +if HAVE_TINFO -+cfdisk_LDADD = -ltinfo @NCURSES_LIBS@ $(ldadd_blkid) -+else - cfdisk_LDADD = @NCURSES_LIBS@ $(ldadd_blkid) - endif - endif ++cfdisk_LDADD += -ltinfo +endif - - endif # !ARCH_SPARC - endif # !ARCH_M68K + if HAVE_NCURSES + cfdisk_LDADD += @NCURSES_LIBS@ + endif diff --git a/fdiskbsdlabel.patch b/fdiskbsdlabel.patch deleted file mode 100644 index 8d1d4da..0000000 --- a/fdiskbsdlabel.patch +++ /dev/null @@ -1,14 +0,0 @@ -Index: util-linux-2.21.2/fdisk/fdiskbsdlabel.h -=================================================================== ---- util-linux-2.21.2.orig/fdisk/fdiskbsdlabel.h -+++ util-linux-2.21.2/fdisk/fdiskbsdlabel.h -@@ -48,7 +48,8 @@ - - #if defined (__i386__) || defined (__sparc__) || defined (__arm__) || \ - defined (__mips__) || defined (__s390__) || defined (__sh__) || \ -- defined(__x86_64__) || defined (__avr32__) || defined(__cris__) -+ defined(__x86_64__) || defined (__avr32__) || defined(__cris__) || \ -+ defined(__aarch64__) - #define BSD_LABELSECTOR 1 - #define BSD_LABELOFFSET 0 - #elif defined (__alpha__) || defined (__powerpc__) || defined (__ia64__) || defined (__hppa__) diff --git a/libmount-add-MNT_ERR_LOOPDEV.patch b/libmount-add-MNT_ERR_LOOPDEV.patch deleted file mode 100644 index d1212aa..0000000 --- a/libmount-add-MNT_ERR_LOOPDEV.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 82756a747e4bcfc13a27b7618d889af080649584 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Mon, 28 May 2012 12:26:36 +0200 -Subject: [PATCH] libmount: add MNT_ERR_LOOPDEV - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - lib/loopdev.c | 4 ++++ - libmount/src/context_loopdev.c | 1 + - libmount/src/libmount.h.in | 1 + - 3 files changed, 6 insertions(+), 0 deletions(-) - -Index: util-linux-2.21.2/lib/loopdev.c -=================================================================== ---- util-linux-2.21.2.orig/lib/loopdev.c -+++ util-linux-2.21.2/lib/loopdev.c -@@ -173,6 +173,8 @@ int loopcxt_init(struct loopdev_cxt *lc, - */ - void loopcxt_deinit(struct loopdev_cxt *lc) - { -+ int errsv = errno; -+ - if (!lc) - return; - -@@ -183,6 +185,8 @@ void loopcxt_deinit(struct loopdev_cxt * - - loopcxt_set_device(lc, NULL); - loopcxt_deinit_iterator(lc); -+ -+ errno = errsv; - } - - /* -Index: util-linux-2.21.2/libmount/src/context_loopdev.c -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/context_loopdev.c -+++ util-linux-2.21.2/libmount/src/context_loopdev.c -@@ -261,6 +261,7 @@ int mnt_context_setup_loopdev(struct lib - - if (loopdev || rc != -EBUSY) { - DBG(CXT, mnt_debug_h(cxt, "failed to setup device")); -+ rc = -MNT_ERR_LOOPDEV; - goto done; - } - DBG(CXT, mnt_debug_h(cxt, "loopdev stolen...trying again")); -Index: util-linux-2.21.2/libmount/src/libmount.h.in -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/libmount.h.in -+++ util-linux-2.21.2/libmount/src/libmount.h.in -@@ -126,6 +126,7 @@ enum { - #define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */ - #define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */ - #define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */ -+#define MNT_ERR_LOOPDEV 5003 /* loopdev setup failed, errno set by libc */ - - /* init.c */ - extern void mnt_init_debug(int mask); diff --git a/libmount-add-special-MNT_ERR-codes.patch b/libmount-add-special-MNT_ERR-codes.patch deleted file mode 100644 index f0afe25..0000000 --- a/libmount-add-special-MNT_ERR-codes.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 47dea49b4cb4a4a98a6c518cc17f6d2c92be9528 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Tue, 24 Apr 2012 11:57:32 +0200 -Subject: [PATCH] libmount: add special MNT_ERR_ codes - -... to detect some situations where standard -errno is too generic. - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - libmount/src/context.c | 20 ++++++++++---------- - libmount/src/libmount.h.in | 12 ++++++++++++ - 2 files changed, 22 insertions(+), 10 deletions(-) - -Index: util-linux-2.21.2/libmount/src/context.c -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/context.c -+++ util-linux-2.21.2/libmount/src/context.c -@@ -1186,7 +1186,7 @@ int mnt_context_prepare_srcpath(struct l - if (cache) - path = mnt_resolve_tag(t, v, cache); - -- rc = path ? mnt_fs_set_source(cxt->fs, path) : -EINVAL; -+ rc = path ? mnt_fs_set_source(cxt->fs, path) : -MNT_ERR_NOSOURCE; - - } else if (cache && !mnt_fs_is_pseudofs(cxt->fs)) { - /* -@@ -1247,7 +1247,7 @@ int mnt_context_prepare_target(struct li - cache = mnt_context_get_cache(cxt); - if (cache) { - char *path = mnt_resolve_path(tgt, cache); -- if (strcmp(path, tgt)) -+ if (path && strcmp(path, tgt) != 0) - rc = mnt_fs_set_target(cxt->fs, path); - } - -@@ -1543,7 +1543,7 @@ static int apply_table(struct libmnt_con - } - - if (!fs) -- return -EINVAL; -+ return -MNT_ERR_NOFSTAB; /* not found */ - - DBG(CXT, mnt_debug_h(cxt, "apply entry:")); - DBG(CXT, mnt_fs_print_debug(fs, stderr)); -Index: util-linux-2.21.2/libmount/src/libmount.h.in -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/libmount.h.in -+++ util-linux-2.21.2/libmount/src/libmount.h.in -@@ -115,6 +115,18 @@ enum { - MNT_ACT_UMOUNT - }; - -+/* -+ * Errors -- by default libmount returns -errno for generic errors (ENOMEM, -+ * EINVAL, ...) and for mount(2) errors, but for some specific operations it -+ * returns private error codes. Note that maximum system errno value should be -+ * 4095 on UNIXes. -+ * -+ * See also mnt_context_get_syscall_errno() and mnt_context_get_helper_status(). -+ */ -+#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */ -+#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */ -+#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */ -+ - /* init.c */ - extern void mnt_init_debug(int mask); - diff --git a/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch b/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch deleted file mode 100644 index 695f5b9..0000000 --- a/libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch +++ /dev/null @@ -1,115 +0,0 @@ -From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Thu, 14 Jun 2012 14:19:26 +0200 -Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo - - mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux - -is incorrectly translated to - - mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ... - -The command mount(8) should be sensitive to "user" (without "=") -only. The correct cifs command line is: - - mount.cifs -o user=root,password=linux - -Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157 -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - libmount/src/context_mount.c | 29 +++++++++++++++++++++++++++-- - libmount/src/optstr.c | 9 +++++---- - 2 files changed, 32 insertions(+), 6 deletions(-) - -Index: util-linux-2.21.2/libmount/src/context_mount.c -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/context_mount.c -+++ util-linux-2.21.2/libmount/src/context_mount.c -@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont - if (cxt->mountflags & MS_PROPAGATION) - cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT); - -+ /* -+ * The "user" options is our business (so we can modify the option), -+ * but exception is command line for /sbin/mount. helpers. Let's -+ * save the original user= to call the helpers with unchanged -+ * "user" setting. -+ * -+ * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe -+ * removed by evaluate_permissions(). -+ */ - if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) { - if (val) { - cxt->orig_user = strndup(val, valsz); -@@ -196,6 +205,10 @@ err: - - /* - * this has to be called before fix_optstr() -+ * -+ * Note that user= maybe be used by some filesystems as filesystem -+ * specific option (e.g. cifs). Yes, developers of such filesystems have -+ * allocated pretty hot place in hell... - */ - static int evaluate_permissions(struct libmnt_context *cxt) - { -@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l - } - - /* -- * Note that MS_OWNERSECURE and MS_SECURE mount options -- * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags() -+ * MS_OWNERSECURE and MS_SECURE mount options are already -+ * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags() -+ * if "user" (but no user= !) options is set. -+ * -+ * Let's ignore all user= (if is set) requests. - */ -+ if (cxt->user_mountflags & MNT_MS_USER) { -+ size_t valsz = 0; - -+ if (!mnt_optstr_get_option(cxt->fs->user_optstr, -+ "user", NULL, &valsz) && valsz) { -+ -+ DBG(CXT, mnt_debug_h(cxt, "perms: user= detected, ignore")); -+ cxt->user_mountflags &= ~MNT_MS_USER; -+ } -+ } - - /* - * MS_OWNER: Allow owners to mount when fstab contains the -Index: util-linux-2.21.2/libmount/src/optstr.c -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/optstr.c -+++ util-linux-2.21.2/libmount/src/optstr.c -@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt - { - struct libmnt_optmap const *maps[2]; - char *name, *str = (char *) optstr; -- size_t namesz = 0; -+ size_t namesz = 0, valsz = 0; - int nmaps = 0; - - assert(optstr); -@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt - */ - maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP); - -- while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) { -+ while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) { - const struct libmnt_optmap *ent; - const struct libmnt_optmap *m; - -@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt - else - *flags |= ent->id; - -- } else if (nmaps == 2 && m == maps[1]) { -+ } else if (nmaps == 2 && m == maps[1] && valsz == 0) { - /* -- * Special case -- translate "user" to MS_ options -+ * Special case -- translate "user" (but no user=) to -+ * MS_ options - */ - if (ent->mask & MNT_INVERT) - continue; diff --git a/login-close-tty-before-vhangup.patch b/login-close-tty-before-vhangup.patch deleted file mode 100644 index 211e051..0000000 --- a/login-close-tty-before-vhangup.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 2e7035646eb85851171cc2e989bfa858a4f00cd4 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Thu, 12 Jul 2012 16:33:52 +0200 -Subject: login: close tty before vhangup() -Git-commit: 2e7035646eb85851171cc2e989bfa858a4f00cd4 -Patch-mainline: v2.22-rc1 -References: bnc#778842 - -Let's close all tty file descriptors before vhangup() call. - -References: https://lkml.org/lkml/2012/6/5/145 -Signed-off-by: Karel Zak -Signed-off-by: Jiri Slaby ---- - login-utils/login.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/login-utils/login.c b/login-utils/login.c -index fe13d8d..c0cc00a 100644 ---- a/login-utils/login.c -+++ b/login-utils/login.c -@@ -409,6 +409,14 @@ static void init_tty(struct login_context *cxt) - /* Kill processes left on this tty */ - tcsetattr(0, TCSAFLUSH, &ttt); - -+ /* -+ * Let's close file decriptors before vhangup -+ * https://lkml.org/lkml/2012/6/5/145 -+ */ -+ close(STDIN_FILENO); -+ close(STDOUT_FILENO); -+ close(STDERR_FILENO); -+ - signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */ - vhangup(); - signal(SIGHUP, SIG_DFL); --- -1.7.12 - diff --git a/make-sure-sbin-resp-usr-sbin-are-in-PATH.diff b/make-sure-sbin-resp-usr-sbin-are-in-PATH.diff new file mode 100644 index 0000000..249c5f6 --- /dev/null +++ b/make-sure-sbin-resp-usr-sbin-are-in-PATH.diff @@ -0,0 +1,143 @@ +--- util-linux-2.23.1/login-utils/su-common.c ++++ util-linux-2.23.1/login-utils/su-common.c 2013-06-06 08:46:59.575872090 +0000 +@@ -473,6 +473,117 @@ set_path(const struct passwd* pw) + err (EXIT_FAILURE, _("failed to set PATH")); + } + ++/* Add or clear /sbin and /usr/sbin for the su command ++ used without `-'. */ ++ ++/* Set if /sbin is found in path. */ ++#define SBIN_MASK 0x01 ++/* Set if /usr/sbin is found in path. */ ++#define USBIN_MASK 0x02 ++ ++static char * ++addsbin (const char *const path) ++{ ++ unsigned char smask = 0; ++ char *ptr, *tmp, *cur, *ret = NULL; ++ size_t len; ++ ++ if (!path || *path == 0) ++ return NULL; ++ ++ tmp = xstrdup (path); ++ cur = tmp; ++ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":")) ++ { ++ if (!strcmp (ptr, "/sbin")) ++ smask |= SBIN_MASK; ++ if (!strcmp (ptr, "/usr/sbin")) ++ smask |= USBIN_MASK; ++ } ++ ++ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK)) ++ { ++ free (tmp); ++ return NULL; ++ } ++ ++ len = strlen (path); ++ if (!(smask & USBIN_MASK)) ++ len += strlen ("/usr/sbin:"); ++ ++ if (!(smask & SBIN_MASK)) ++ len += strlen (":/sbin"); ++ ++ ret = xmalloc (len + 1); ++ strcpy (tmp, path); ++ ++ *ret = 0; ++ cur = tmp; ++ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) ++ { ++ if (!strcmp (ptr, ".")) ++ continue; ++ if (*ret) ++ strcat (ret, ":"); ++ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin")) ++ { ++ strcat (ret, "/usr/sbin:"); ++ strcat (ret, ptr); ++ smask |= USBIN_MASK; ++ continue; ++ } ++ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin")) ++ { ++ strcat (ret, ptr); ++ strcat (ret, ":/sbin"); ++ smask |= SBIN_MASK; ++ continue; ++ } ++ strcat (ret, ptr); ++ } ++ free (tmp); ++ ++ if (!(smask & USBIN_MASK)) ++ strcat (ret, ":/usr/sbin"); ++ ++ if (!(smask & SBIN_MASK)) ++ strcat (ret, ":/sbin"); ++ ++ return ret; ++} ++ ++static char * ++clearsbin (const char *const path) ++{ ++ char *ptr, *tmp, *cur, *ret = NULL; ++ ++ if (!path || *path == 0) ++ return NULL; ++ ++ tmp = strdup (path); ++ if (!tmp) ++ return NULL; ++ ++ ret = xmalloc (strlen (path) + 1); ++ *ret = 0; ++ cur = tmp; ++ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":")) ++ { ++ if (!strcmp (ptr, "/sbin")) ++ continue; ++ if (!strcmp (ptr, "/usr/sbin")) ++ continue; ++ if (!strcmp (ptr, "/usr/local/sbin")) ++ continue; ++ if (*ret) ++ strcat (ret, ":"); ++ strcat (ret, ptr); ++ } ++ free (tmp); ++ ++ return ret; ++} ++ + /* Update `environ' for the new shell based on PW, with SHELL being + the value for the SHELL environment variable. */ + +@@ -508,6 +619,22 @@ modify_environment (const struct passwd + xsetenv ("SHELL", shell, 1); + if (getlogindefs_bool ("ALWAYS_SET_PATH", 0)) + set_path(pw); ++ else ++ { ++ char const *path = getenv ("PATH"); ++ char *new = NULL; ++ ++ if (pw->pw_uid) ++ new = clearsbin (path); ++ else ++ new = addsbin (path); ++ ++ if (new) ++ { ++ xsetenv ("PATH", new, 1); ++ free (new); ++ } ++ } + + if (pw->pw_uid) + { diff --git a/mount-new-add-loopdev-specific-error-message.patch b/mount-new-add-loopdev-specific-error-message.patch deleted file mode 100644 index 9f1e028..0000000 --- a/mount-new-add-loopdev-specific-error-message.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 10389b1e4535dda7d27e5ab39d3d4f9d7868a5c9 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Mon, 28 May 2012 12:26:41 +0200 -Subject: [PATCH] mount: (new) add loopdev specific error message - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - sys-utils/mount.c | 15 ++++++++++++--- - 1 files changed, 12 insertions(+), 3 deletions(-) - -Index: util-linux-2.21.2/sys-utils/mount.c -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/mount.c -+++ util-linux-2.21.2/sys-utils/mount.c -@@ -354,6 +354,9 @@ try_readonly: - return MOUNT_EX_SUCCESS; /* mount(2) success */ - } - -+ mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */ -+ mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */ -+ - if (!mnt_context_syscall_called(cxt)) { - /* - * libmount errors (extra library checks) -@@ -382,7 +385,15 @@ try_readonly: - else - warnx(_("mount source not defined")); - return MOUNT_EX_USAGE; -- -+ case -MNT_ERR_LOOPDEV: -+ if (errno == ENOENT -+ && (uflags & MNT_MS_ENCRYPTION) -+ && src && stat(src, &st) == 0) -+ warnx(_("%s: failed to setup loop device " -+ "(probably unknown encryption type)"), src); -+ else -+ warn(_("%s: failed to setup loop device"), src); -+ return MOUNT_EX_FAIL; - default: - return handle_generic_errors(rc, _("%s: mount failed"), - tgt ? tgt : src); -@@ -406,8 +417,6 @@ try_readonly: - */ - syserr = mnt_context_get_syscall_errno(cxt); - -- mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */ -- mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */ - - switch(syserr) { - case EPERM: diff --git a/mount-new-allow-sloppy-for-non-root.patch b/mount-new-allow-sloppy-for-non-root.patch deleted file mode 100644 index c83533b..0000000 --- a/mount-new-allow-sloppy-for-non-root.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Thu, 14 Jun 2012 14:43:21 +0200 -Subject: [PATCH] mount: (new) allow sloppy for non-root - -Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836 -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - sys-utils/mount.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -Index: util-linux-2.21.2/sys-utils/mount.c -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/mount.c -+++ util-linux-2.21.2/sys-utils/mount.c -@@ -732,7 +732,7 @@ int main(int argc, char **argv) - longopts, NULL)) != -1) { - - /* only few options are allowed for non-root users */ -- if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c)) -+ if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c)) - exit_non_root(option_to_longopt(c, longopts)); - - switch(c) { diff --git a/mount-new-improve-error-messages.patch b/mount-new-improve-error-messages.patch deleted file mode 100644 index 36c88b4..0000000 --- a/mount-new-improve-error-messages.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 58f108ef2b9c8cc0362e7781a72e5e921dc383b3 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Tue, 17 Apr 2012 11:36:36 +0200 -Subject: [PATCH] mount: (new) improve error messages - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - sys-utils/mount.c | 15 +++++++-------- - 1 files changed, 7 insertions(+), 8 deletions(-) - -Index: util-linux-2.21.2/sys-utils/mount.c -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/mount.c -+++ util-linux-2.21.2/sys-utils/mount.c -@@ -367,16 +367,13 @@ try_readonly: - return MOUNT_EX_USAGE; - } - -- /* -- * TODO: add mnt_context_fstab_applied() to check if we found -- * target/source in the file. -- */ -- if (!tgt) { -- if (mflags & MS_REMOUNT) -- warnx(_("%s not mounted"), src ? src : tgt); -- else -+ if (!tgt || (!src && !(mflags & MS_PROPAGATION))) { -+ if (!mnt_context_fstab_applied(cxt)) - warnx(_("can't find %s in %s"), src ? src : tgt, - mnt_get_fstab_path()); -+ else if (mflags & MS_REMOUNT) -+ warnx(_("%s not mounted"), src ? src : tgt); -+ - return MOUNT_EX_USAGE; - } - -@@ -485,6 +482,8 @@ try_readonly: - case EINVAL: - if (mflags & MS_REMOUNT) - warnx(_("%s not mounted or bad option"), tgt); -+ else if (mflags & MS_PROPAGATION) -+ warnx(_("%s is not mountpoint or bad option"), tgt); - else - warnx(_("wrong fs type, bad option, bad superblock on %s,\n" - " missing codepage or helper program, or other error"), diff --git a/mount-new-use-MNT_ERR-for-error-messages.patch b/mount-new-use-MNT_ERR-for-error-messages.patch deleted file mode 100644 index 05dc9b2..0000000 --- a/mount-new-use-MNT_ERR-for-error-messages.patch +++ /dev/null @@ -1,56 +0,0 @@ -From ba24923e97e099668b8c96dba9596c90cb58c417 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Tue, 24 Apr 2012 11:59:18 +0200 -Subject: [PATCH] mount: (new) use MNT_ERR_ for error messages - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - sys-utils/mount.c | 27 +++++++++++++-------------- - 1 files changed, 13 insertions(+), 14 deletions(-) - -Index: util-linux-2.21.2/sys-utils/mount.c -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/mount.c -+++ util-linux-2.21.2/sys-utils/mount.c -@@ -365,29 +365,28 @@ try_readonly: - case -EBUSY: - warnx(_("%s is already mounted"), src); - return MOUNT_EX_USAGE; -- } -- -- if (!tgt || (!src && !(mflags & MS_PROPAGATION))) { -- if (!mnt_context_fstab_applied(cxt)) -+ case -MNT_ERR_NOFSTAB: - warnx(_("can't find %s in %s"), src ? src : tgt, - mnt_get_fstab_path()); -- else if (mflags & MS_REMOUNT) -- warnx(_("%s not mounted"), src ? src : tgt); -- - return MOUNT_EX_USAGE; -- } -- -- if (!mnt_context_get_fstype(cxt)) { -+ case -MNT_ERR_NOFSTYPE: - if (restricted) - warnx(_("I could not determine the filesystem type, " - "and none was specified")); - else - warnx(_("you must specify the filesystem type")); - return MOUNT_EX_USAGE; -- } -+ case -MNT_ERR_NOSOURCE: -+ if (src) -+ warnx(_("can't find %s"), src); -+ else -+ warnx(_("mount source not defined")); -+ return MOUNT_EX_USAGE; -+ -+ default: - return handle_generic_errors(rc, _("%s: mount failed"), - tgt ? tgt : src); -- -+ } - } else if (mnt_context_get_syscall_errno(cxt) == 0) { - /* - * mount(2) syscall success, but something else failed diff --git a/mount-sanitize-paths-from-non-root-users.patch b/mount-sanitize-paths-from-non-root-users.patch deleted file mode 100644 index fe0c1b7..0000000 --- a/mount-sanitize-paths-from-non-root-users.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Mon, 26 Nov 2012 14:30:22 +0100 -Subject: [PATCH] mount: sanitize paths from non-root users - - $ mount /root/.ssh/../../dev/sda2 - mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot - -this is too promiscuous. It seems better to ignore on command line -specified paths which are not resolve-able for non-root users. - -Fixed version: - - $ mount /root/.ssh/../../dev/sda2 - mount: /root/.ssh/../../dev/sda2: Permission denied - - $ mount /dev/sda2 - mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot - -Note that this bug has no relation to mount(2) permissions evaluation -in suid mode. The way how non-root user specifies paths on command -line is completely irrelevant for comparison with fstab entries. - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - sys-utils/Makefile.am | 1 + - sys-utils/mount.c | 35 +++++++++++++++++++++++++++++++++++ - 2 files changed, 36 insertions(+) - -Index: util-linux-2.21.2/sys-utils/Makefile.am -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/Makefile.am -+++ util-linux-2.21.2/sys-utils/Makefile.am -@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab. - mount_SOURCES = mount.c \ - $(top_srcdir)/lib/env.c \ - $(top_srcdir)/lib/xgetpass.c \ -+ $(top_srcdir)/lib/canonicalize.c \ - $(top_srcdir)/lib/strutils.c - - mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS) -Index: util-linux-2.21.2/sys-utils/mount.c -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/mount.c -+++ util-linux-2.21.2/sys-utils/mount.c -@@ -38,6 +38,7 @@ - #include "strutils.h" - #include "exitcodes.h" - #include "xalloc.h" -+#include "canonicalize.h" - - /*** TODO: DOCS: - * -@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab - return fstab; - } - -+/* -+ * Check source and target paths -- non-root user should not be able to -+ * resolve paths which are unreadable for him. -+ */ -+static void sanitize_paths(struct libmnt_context *cxt) -+{ -+ const char *p; -+ struct libmnt_fs *fs = mnt_context_get_fs(cxt); -+ -+ if (!fs) -+ return; -+ -+ p = mnt_fs_get_target(fs); -+ if (p) { -+ char *np = canonicalize_path_restricted(p); -+ if (!np) -+ err(MOUNT_EX_USAGE, "%s", p); -+ mnt_fs_set_target(fs, np); -+ free(np); -+ } -+ -+ p = mnt_fs_get_srcpath(fs); -+ if (p) { -+ char *np = canonicalize_path_restricted(p); -+ if (!np) -+ err(MOUNT_EX_USAGE, "%s", p); -+ mnt_fs_set_source(fs, np); -+ free(np); -+ } -+} -+ - static void __attribute__((__noreturn__)) usage(FILE *out) - { - fputs(USAGE_HEADER, out); -@@ -880,6 +912,9 @@ int main(int argc, char **argv) - } else - usage(stderr); - -+ if (mnt_context_is_restricted(cxt)) -+ sanitize_paths(cxt); -+ - if (oper) { - /* MS_PROPAGATION operations, let's set the mount flags */ - mnt_context_set_mflags(cxt, oper); diff --git a/su.default b/su.default new file mode 100644 index 0000000..62d1702 --- /dev/null +++ b/su.default @@ -0,0 +1,11 @@ +# Per default, only "su -" will set a new PATH. +# If this variable is changed to "yes" (default is "no"), +# every su call will overwrite the PATH variable. +ALWAYS_SET_PATH=no + +# Default path. +PATH=/usr/local/bin:/bin:/usr/bin + +# Default path for a user invoking su to root. +SUPATH=/usr/sbin:/bin:/usr/bin:/sbin + diff --git a/su.pamd b/su.pamd new file mode 100644 index 0000000..d0c9fe8 --- /dev/null +++ b/su.pamd @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include common-auth +account sufficient pam_rootok.so +account include common-account +password include common-password +session include common-session +session optional pam_xauth.so diff --git a/umount-sanitize-paths-from-non-root-users.patch b/umount-sanitize-paths-from-non-root-users.patch deleted file mode 100644 index 0e20756..0000000 --- a/umount-sanitize-paths-from-non-root-users.patch +++ /dev/null @@ -1,84 +0,0 @@ -From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001 -From: Karel Zak -Date: Mon, 26 Nov 2012 16:25:46 +0100 -Subject: [PATCH] umount: sanitize paths from non-root users - -Signed-off-by: Karel Zak -Signed-off-by: Petr Uzel ---- - sys-utils/Makefile.am | 4 +++- - sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++-- - 2 files changed, 33 insertions(+), 3 deletions(-) - -Index: util-linux-2.21.2/sys-utils/Makefile.am -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/Makefile.am -+++ util-linux-2.21.2/sys-utils/Makefile.am -@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU - mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir) - mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS) - --umount_SOURCES = umount.c $(top_srcdir)/lib/env.c -+umount_SOURCES = umount.c \ -+ $(top_srcdir)/lib/env.c \ -+ $(top_srcdir)/lib/canonicalize.c - umount_LDADD = $(ul_libmount_la) - umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir) - umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS) -Index: util-linux-2.21.2/sys-utils/umount.c -=================================================================== ---- util-linux-2.21.2.orig/sys-utils/umount.c -+++ util-linux-2.21.2/sys-utils/umount.c -@@ -34,6 +34,7 @@ - #include "env.h" - #include "optutils.h" - #include "exitcodes.h" -+#include "canonicalize.h" - - static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)), - const char *filename, int line) -@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont - return rc; - } - -+/* -+ * Check path -- non-root user should not be able to resolve path which is -+ * unreadable for him. -+ */ -+static char *sanitize_path(const char *path) -+{ -+ char *p; -+ -+ if (!path) -+ return NULL; -+ -+ p = canonicalize_path_restricted(path); -+ if (!p) -+ err(MOUNT_EX_USAGE, "%s", path); -+ -+ return p; -+} -+ - int main(int argc, char **argv) - { - int c, rc = 0, all = 0; -@@ -388,8 +407,17 @@ int main(int argc, char **argv) - } else if (argc < 1) { - usage(stderr); - -- } else while (argc--) -- rc += umount_one(cxt, *argv++); -+ } else while (argc--) { -+ char *path = *argv++; -+ -+ if (mnt_context_is_restricted(cxt)) -+ path = sanitize_path(path); -+ -+ rc += umount_one(cxt, path); -+ -+ if (mnt_context_is_restricted(cxt)) -+ free(path); -+ } - - mnt_free_context(cxt); - return rc; diff --git a/util-linux-2.12r-fdisk_remove_bogus_warnings.patch b/util-linux-2.12r-fdisk_remove_bogus_warnings.patch deleted file mode 100644 index 3fa89cf..0000000 --- a/util-linux-2.12r-fdisk_remove_bogus_warnings.patch +++ /dev/null @@ -1,20 +0,0 @@ -Index: util-linux-2.21-rc2/fdisk/fdisk.c -=================================================================== ---- util-linux-2.21-rc2.orig/fdisk/fdisk.c -+++ util-linux-2.21-rc2/fdisk/fdisk.c -@@ -1767,6 +1767,7 @@ static void check_consistency(struct par - /* compute logical ending (c, h, s) */ - long2chs(get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les); - -+#if 0 - /* Same physical / logical beginning? */ - if (cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) { - printf(_("Partition %d has different physical/logical " -@@ -1783,7 +1784,6 @@ static void check_consistency(struct par - printf(_("logical=(%d, %d, %d)\n"),lec, leh, les); - } - --#if 0 - /* Beginning on cylinder boundary? */ - if (pbh != !pbc || pbs != 1) { - printf(_("Partition %i does not start on cylinder " diff --git a/util-linux-2.20-libmount-deps.patch b/util-linux-2.20-libmount-deps.patch deleted file mode 100644 index 50b2f15..0000000 --- a/util-linux-2.20-libmount-deps.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: util-linux-2.21.2/libmount/src/Makefile.am -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/Makefile.am -+++ util-linux-2.21.2/libmount/src/Makefile.am -@@ -30,7 +30,7 @@ nodist_libmount_la_SOURCES = mountP.h - - libmount_la_LIBADD = $(ul_libblkid_la) $(SELINUX_LIBS) - --libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) libmount.sym libmount.h.in -+libmount_la_DEPENDENCIES = $(ul_libblkid_la) libmount.sym libmount.h.in - - libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/libmount.sym \ - -version-info $(LIBMOUNT_VERSION_INFO) diff --git a/util-linux-2.21.2-noenc-suse.diff b/util-linux-2.21.2-noenc-suse.diff deleted file mode 100644 index 42da0b1..0000000 --- a/util-linux-2.21.2-noenc-suse.diff +++ /dev/null @@ -1,13 +0,0 @@ -Index: util-linux-2.21.2/libmount/src/context_loopdev.c -=================================================================== ---- util-linux-2.21.2.orig/libmount/src/context_loopdev.c -+++ util-linux-2.21.2/libmount/src/context_loopdev.c -@@ -199,6 +199,8 @@ int mnt_context_setup_loopdev(struct lib - if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) && - mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) { - DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported")); -+ // XXX: nasty for the lib but there's on better way to give a hint atm -+ fprintf(stderr, "mount: encryption no longer supported. Please use /etc/crypttab instead (man 5 crypttab)\n"); - rc = -EINVAL; - } - diff --git a/util-linux-2.21.2-noenc.diff b/util-linux-2.21.2-noenc.diff deleted file mode 100644 index 936d677..0000000 --- a/util-linux-2.21.2-noenc.diff +++ /dev/null @@ -1,535 +0,0 @@ -From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Fri, 15 Jun 2012 09:38:36 +0200 -Subject: [PATCH] remove obsolete encryption support from losetup - -kernel cryptoloop is deprecated since ages and support for cryptoloop in -util-linux is incomplete/broken. -- no password hashing -- last 8 bit of key are always set to zero -- no binary keys possible (stops reading key at \n and \0) - -In the past some Distros added the above features with patches. So -remove cryptoloop support from util-linux completely to make sure -people won't try using it. - -Signed-off-by: Ludwig Nussel ---- - include/loopdev.h | 3 -- - lib/loopdev.c | 56 ---------------------------------------- - libmount/src/context_loopdev.c | 22 +++------------- - mount/mount.8 | 9 +----- - mount/mount.c | 20 +++++--------- - sys-utils/losetup.8 | 29 ++------------------ - sys-utils/losetup.c | 30 +++++---------------- - sys-utils/mount.8 | 7 +---- - sys-utils/mount.c | 34 +----------------------- - 9 files changed, 25 insertions(+), 185 deletions(-) - -diff --git a/include/loopdev.h b/include/loopdev.h -index 906bee0..030f215 100644 ---- a/include/loopdev.h -+++ b/include/loopdev.h -@@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset); - int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit); - int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags); - int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename); --int loopcxt_set_encryption(struct loopdev_cxt *lc, -- const char *encryption, -- const char *password); - - extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc); - extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno); -diff --git a/lib/loopdev.c b/lib/loopdev.c -index fd3f9ba..807984e 100644 ---- a/lib/loopdev.c -+++ b/lib/loopdev.c -@@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename) - return 0; - } - --static int digits_only(const char *s) --{ -- while (*s) -- if (!isdigit(*s++)) -- return 0; -- return 1; --} -- --/* -- * @lc: context -- * @encryption: encryption name / type (see lopsetup man page) -- * @password -- * -- * Note that the encryption functionality is deprecated an unmaintained. Use -- * cryptsetup (it also supports AES-loops). -- * -- * The setting is removed by loopcxt_set_device() loopcxt_next()! -- * -- * Returns: 0 on success, <0 on error. -- */ --int loopcxt_set_encryption(struct loopdev_cxt *lc, -- const char *encryption, -- const char *password) --{ -- if (!lc) -- return -EINVAL; -- -- DBG(lc, loopdev_debug("setting encryption '%s'", encryption)); -- -- if (encryption && *encryption) { -- if (digits_only(encryption)) { -- lc->info.lo_encrypt_type = atoi(encryption); -- } else { -- lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI; -- snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE, -- "%s", encryption); -- } -- } -- -- switch (lc->info.lo_encrypt_type) { -- case LO_CRYPT_NONE: -- lc->info.lo_encrypt_key_size = 0; -- break; -- default: -- DBG(lc, loopdev_debug("setting encryption key")); -- memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE); -- strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE); -- lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0'; -- lc->info.lo_encrypt_key_size = LO_KEY_SIZE; -- break; -- } -- -- DBG(lc, loopdev_debug("encryption successfully set")); -- return 0; --} -- - /* - * @cl: context - * -diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c -index 023c952..863ee3d 100644 ---- a/libmount/src/context_loopdev.c -+++ b/libmount/src/context_loopdev.c -@@ -7,7 +7,6 @@ - - /* - * DOCS: - "lo@" prefix for fstype is unsupported -- * - encyption= mount option for loop device is unssuported - */ - - #include -@@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt) - - if (cxt->user_mountflags & (MNT_MS_LOOP | - MNT_MS_OFFSET | -- MNT_MS_SIZELIMIT | -- MNT_MS_ENCRYPTION)) { -+ MNT_MS_SIZELIMIT)) { - - DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected")); - return 1; -@@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt, - int mnt_context_setup_loopdev(struct libmnt_context *cxt) - { - const char *backing_file, *optstr, *loopdev = NULL; -- char *val = NULL, *enc = NULL, *pwd = NULL; -+ char *val = NULL; - size_t len; - struct loopdev_cxt lc; - int rc = 0, lo_flags = 0; -@@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt) - */ - if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) && - mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) { -- enc = strndup(val, len); -- if (val && !enc) -- rc = -ENOMEM; -- if (enc && cxt->pwd_get_cb) { -- DBG(CXT, mnt_debug_h(cxt, "asking for pass")); -- pwd = cxt->pwd_get_cb(cxt); -- } -+ DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported")); -+ rc = -EINVAL; - } - - if (rc == 0 && is_mounted_same_loopfile(cxt, -@@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt) - rc = loopcxt_set_offset(&lc, offset); - if (!rc && sizelimit) - rc = loopcxt_set_sizelimit(&lc, sizelimit); -- if (!rc && enc && pwd) -- loopcxt_set_encryption(&lc, enc, pwd); - if (!rc) - loopcxt_set_flags(&lc, lo_flags); - if (rc) { -@@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt) - loopcxt_set_fd(&lc, -1, 0); - } - done: -- free(enc); -- if (pwd && cxt->pwd_release_cb) { -- DBG(CXT, mnt_debug_h(cxt, "release pass")); -- cxt->pwd_release_cb(cxt, pwd); -- } - loopcxt_deinit(&lc); - return rc; - } -diff --git a/mount/mount.8 b/mount/mount.8 -index 789d9fe..0644e8e 100644 ---- a/mount/mount.8 -+++ b/mount/mount.8 -@@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths - file. This option can be used together with the - .B \-f - flag for already canonicalized absolut paths. --.IP "\fB\-p, \-\-pass\-fd \fInum\fP" --In case of a loop mount with encryption, read the passphrase from --file descriptor --.I num --instead of from the terminal. - .IP "\fB\-s\fP" - Tolerate sloppy mount options rather than failing. This will ignore - mount options not supported by a filesystem type. Not all filesystems -@@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example: - .B "mount -t ext3 /tmp/disk.img /mnt" - .sp - .RE --This type of mount knows about four options, namely --.BR loop ", " offset ", " sizelimit " and " encryption , -+This type of mount knows about three options, namely -+.BR loop ", " offset ", " sizelimit " , - that are really options to - .BR \%losetup (8). - (These options can be used in addition to those specific -diff --git a/mount/mount.c b/mount/mount.c -index 396f357..b69fd61 100644 ---- a/mount/mount.c -+++ b/mount/mount.c -@@ -83,9 +83,6 @@ static int mounttype = 0; - /* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted. */ - static int restricted = 1; - --/* Contains the fd to read the passphrase from, if any. */ --static int pfd = -1; -- - #ifdef HAVE_LIBMOUNT_MOUNT - static struct libmnt_update *mtab_update; - static char *mtab_opts; -@@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags, - *type = opt_vfstype; - } - -- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption); -+ *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit); - *loopfile = *spec; - - /* Automatically create a loop device from a regular file if a filesystem -@@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags, - return EX_FAIL; - } - -+ if (opt_encryption) { -+ error("mount: %s", _("encryption not supported, use cryptsetup(8) instead")); -+ return EX_FAIL; -+ } -+ - loopcxt_init(&lc, 0); - /* loopcxt_enable_debug(&lc, 1); */ - -@@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type, - #endif /* !HAVE_LIBMOUNT_MOUNT */ - - static void --set_pfd(char *s) { -- if (!isdigit(*s)) -- die(EX_USAGE, -- _("mount: argument to -p or --pass-fd must be a number")); -- pfd = atoi(optarg); --} -- --static void - cdrom_setspeed(const char *spec) { - #define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */ - if (opt_speed) { -@@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) { - test_opts = append_opt(test_opts, optarg, NULL); - break; - case 'p': /* fd on which to read passwd */ -- set_pfd(optarg); -+ error("mount: %s", _("--pass-fd is no longer supported")); - break; - case 'r': /* mount readonly */ - readonly = 1; -diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8 -index f50b072..8c69689 100644 ---- a/sys-utils/losetup.8 -+++ b/sys-utils/losetup.8 -@@ -40,8 +40,6 @@ Setup loop device: - .sp - .in +5 - .B losetup --.RB [{ \-e | \-E } --.IR encryption ] - .RB [ \-o - .IR offset ] - .RB [ \-\-sizelimit -@@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop - detach the file or device associated with the specified loop device(s) - .IP "\fB\-D, \-\-detach-all\fP" - detach all associated loop devices --.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP" --enable data encryption with specified name or number - .IP "\fB\-f, \-\-find\fP" - find the first unused loop device. If a - .I file -@@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or - device - .IP "\fB\-\-sizelimit \fIsize\fP" - the data end is set to no more than \fIsize\fP bytes after the data start --.IP "\fB\-p, \-\-pass-fd \fInum\fP" --read the passphrase from file descriptor with number --.I num --instead of from the terminal - .IP "\fB\-P, \-\-partscan\fP" - force kernel to scan partition table on newly created loop device - .IP "\fB\-r, \-\-read-only\fP" -@@ -116,25 +108,10 @@ argument are present. - verbose mode - - .SH ENCRYPTION --.B Cryptoloop is deprecated in favor of dm-crypt. For more details see --.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e --.B options will be ignored. -- -- --It is possible to specify transfer functions (for encryption/decryption --or other purposes) using one of the --.B \-E -+Cryptoloop is no longer supported in favor of dm-crypt. For more details see -+.B cryptsetup (8) - and --.B \-e --options. --There are two mechanisms to specify the desired encryption: by number --and by name. If an encryption is specified by number then one --has to make sure that the Linux kernel knows about the encryption with that --number, probably by patching the kernel. Standard numbers that are --always present are 0 (no encryption) and 1 (XOR encryption). --When the cryptoloop module is loaded (or compiled in), it uses number 18. --This cryptoloop module will take the name of an arbitrary encryption type --and find the module that knows how to perform that encryption. -+.B crypttab (5). - - .SH RETURN VALUE - .B losetup -diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c -index 9f03151..2513253 100644 ---- a/sys-utils/losetup.c -+++ b/sys-utils/losetup.c -@@ -18,7 +18,6 @@ - #include "nls.h" - #include "strutils.h" - #include "loopdev.h" --#include "xgetpass.h" - - enum { - A_CREATE = 1, /* setup a new device */ -@@ -164,10 +163,8 @@ static void usage(FILE *out) - " -j, --associated list all devices associated with \n"), out); - fputs(USAGE_SEPARATOR, out); - -- fputs(_(" -e, --encryption enable encryption with specified \n" -- " -o, --offset start at offset into file\n" -+ fputs(_(" -o, --offset start at offset into file\n" - " --sizelimit device limited to bytes of the file\n" -- " -p, --pass-fd read passphrase from file descriptor \n" - " -P, --partscan create partitioned loop device\n" - " -r, --read-only setup read-only loop device\n" - " --show print device name after setup (with -f)\n" -@@ -185,8 +182,8 @@ static void usage(FILE *out) - int main(int argc, char **argv) - { - struct loopdev_cxt lc; -- int act = 0, flags = 0, passfd = -1, c; -- char *file = NULL, *encryption = NULL; -+ int act = 0, flags = 0, c; -+ char *file = NULL; - uint64_t offset = 0, sizelimit = 0; - int res = 0, showdev = 0, lo_flags = 0; - -@@ -249,7 +246,7 @@ int main(int argc, char **argv) - break; - case 'E': - case 'e': -- encryption = optarg; -+ errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead")); - break; - case 'f': - act = A_FIND_FREE; -@@ -268,8 +265,7 @@ int main(int argc, char **argv) - flags |= LOOPDEV_FL_OFFSET; - break; - case 'p': -- passfd = strtol_or_err(optarg, -- _("invalid passphrase file descriptor")); -+ warn(_("--pass-fd is no longer supported")); - break; - case 'P': - lo_flags |= LO_FLAGS_PARTSCAN; -@@ -327,10 +323,10 @@ int main(int argc, char **argv) - } - - if (act != A_CREATE && -- (encryption || sizelimit || passfd != -1 || lo_flags || showdev)) -+ (sizelimit || lo_flags || showdev)) - errx(EXIT_FAILURE, - _("the options %s are allowed to loop device setup only"), -- "--{encryption,sizelimit,pass-fd,read-only,show}"); -+ "--{sizelimit,read-only,show}"); - - if ((flags & LOOPDEV_FL_OFFSET) && - act != A_CREATE && (act != A_SHOW || !file)) -@@ -339,16 +335,8 @@ int main(int argc, char **argv) - switch (act) { - case A_CREATE: - { -- char *pass = NULL; - int hasdev = loopcxt_has_device(&lc); - -- if (encryption) { --#ifdef MCL_FUTURE -- if(mlockall(MCL_CURRENT | MCL_FUTURE)) -- err(EXIT_FAILURE, _("couldn't lock into memory")); --#endif -- pass = xgetpass(passfd, _("Password: ")); -- } - do { - /* Note that loopcxt_{find_unused,set_device}() resets - * loopcxt struct. -@@ -357,8 +345,6 @@ int main(int argc, char **argv) - warnx(_("not found unused device")); - break; - } -- if (encryption && pass) -- loopcxt_set_encryption(&lc, encryption, pass); - if (flags & LOOPDEV_FL_OFFSET) - loopcxt_set_offset(&lc, offset); - if (flags & LOOPDEV_FL_SIZELIMIT) -@@ -379,8 +365,6 @@ int main(int argc, char **argv) - } - } while (hasdev == 0); - -- free(pass); -- - if (showdev && res == 0) - printf("%s\n", loopcxt_get_device(&lc)); - break; -diff --git a/sys-utils/mount.8 b/sys-utils/mount.8 -index 4f8af0a..73f5170 100644 ---- a/sys-utils/mount.8 -+++ b/sys-utils/mount.8 -@@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths - file. This option can be used together with the - .B \-f - flag for already canonicalized absolut paths. --.IP "\fB\-p, \-\-pass\-fd \fInum\fP" --In case of a loop mount with encryption, read the passphrase from --file descriptor --.I num --instead of from the terminal. - .IP "\fB\-s\fP" - Tolerate sloppy mount options rather than failing. This will ignore - mount options not supported by a filesystem type. Not all filesystems -@@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example: - .sp - .RE - This type of mount knows about four options, namely --.BR loop ", " offset ", " sizelimit " and " encryption , -+.BR loop ", " offset ", " sizelimit ", - that are really options to - .BR \%losetup (8). - (These options can be used in addition to those specific -diff --git a/sys-utils/mount.c b/sys-utils/mount.c -index 7f2d5d8..031fd31 100644 ---- a/sys-utils/mount.c -+++ b/sys-utils/mount.c -@@ -36,7 +36,6 @@ - #include "env.h" - #include "optutils.h" - #include "strutils.h" --#include "xgetpass.h" - #include "exitcodes.h" - #include "xalloc.h" - -@@ -49,7 +48,6 @@ - * --options-source-force MNT_OMODE_FORCE - */ - --static int passfd = -1; - static int readwrite; - - static int mk_exit_code(struct libmnt_context *cxt, int rc); -@@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__) - return 0; - } - --static char *encrypt_pass_get(struct libmnt_context *cxt) --{ -- if (!cxt) -- return 0; -- --#ifdef MCL_FUTURE -- if (mlockall(MCL_CURRENT | MCL_FUTURE)) { -- warn(_("couldn't lock into memory")); -- return NULL; -- } --#endif -- return xgetpass(passfd, _("Password: ")); --} -- --static void encrypt_pass_release(struct libmnt_context *cxt -- __attribute__((__unused__)), char *pwd) --{ -- char *p = pwd; -- -- while (p && *p) -- *p++ = '\0'; -- -- free(pwd); -- munlockall(); --} -- - static void print_all(struct libmnt_context *cxt, char *pattern, int show_label) - { - struct libmnt_table *tb; -@@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out) - fprintf(out, _( - " -o, --options comma-separated list of mount options\n" - " -O, --test-opts limit the set of filesystems (use with -a)\n" -- " -p, --pass-fd read the passphrase from file descriptor\n" - " -r, --read-only mount the filesystem read-only (same as -o ro)\n" - " -t, --types limit the set of filesystem types\n")); - fprintf(out, _( -@@ -782,8 +753,7 @@ int main(int argc, char **argv) - err(MOUNT_EX_SYSERR, _("failed to set options pattern")); - break; - case 'p': -- passfd = strtol_or_err(optarg, -- _("invalid passphrase file descriptor")); -+ warnx(_("--pass-fd is no longer supported")); - break; - case 'L': - case 'U': -@@ -864,8 +834,6 @@ int main(int argc, char **argv) - else if (types) - mnt_context_set_fstype(cxt, types); - -- mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release); -- - if (all) { - /* - * A) Mount all --- -1.7.7 - diff --git a/util-linux-2.21.2.tar.bz2 b/util-linux-2.21.2.tar.bz2 deleted file mode 100644 index 4f0bf75..0000000 --- a/util-linux-2.21.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:066f9d8e51bfabd809d266edcd54eefba1cdca57725b95c074fd47fe6fba3d30 -size 4858985 diff --git a/util-linux-2.23.1-eject-fpie.patch b/util-linux-2.23.1-eject-fpie.patch new file mode 100644 index 0000000..f997932 --- /dev/null +++ b/util-linux-2.23.1-eject-fpie.patch @@ -0,0 +1,13 @@ +--- util-linux-2.23.1/sys-utils/Makemodule.am ++++ util-linux-2.23.1/sys-utils/Makemodule.am 2013-06-05 12:55:10.921439066 +0000 +@@ -142,8 +142,8 @@ endif # LINUX + if BUILD_EJECT + usrbin_exec_PROGRAMS += eject + eject_SOURCES = sys-utils/eject.c +-eject_LDADD = $(LDADD) libmount.la libcommon.la +-eject_CFLAGS = $(AM_CFLAGS) -I$(ul_libmount_incdir) ++eject_LDADD = $(SUID_LDFLAGS) $(LDADD) libmount.la libcommon.la ++eject_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir) + dist_man_MANS += sys-utils/eject.1 + endif + diff --git a/util-linux-2.23.1-fdisk_remove_bogus_warnings.patch b/util-linux-2.23.1-fdisk_remove_bogus_warnings.patch new file mode 100644 index 0000000..175720e --- /dev/null +++ b/util-linux-2.23.1-fdisk_remove_bogus_warnings.patch @@ -0,0 +1,20 @@ +--- util-linux-2.23.1/fdisks/fdiskdoslabel.c ++++ util-linux-2.23.1/fdisks/fdiskdoslabel.c 2013-06-05 10:11:14.121939007 +0000 +@@ -817,7 +817,7 @@ static void check_consistency(struct fdi + + /* compute logical ending (c, h, s) */ + long2chs(cxt, get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les); +- ++#if 0 + /* Same physical / logical beginning? */ + if (cxt->geom.cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) { + printf(_("Partition %zd has different physical/logical " +@@ -833,7 +833,7 @@ static void check_consistency(struct fdi + printf(_(" phys=(%d, %d, %d) "), pec, peh, pes); + printf(_("logical=(%d, %d, %d)\n"),lec, leh, les); + } +- ++#endif + /* Ending on cylinder boundary? */ + if (peh != (cxt->geom.heads - 1) || pes != cxt->geom.sectors) { + printf(_("Partition %zd does not end on cylinder boundary.\n"), diff --git a/util-linux-2.23.1-noenc-suse.diff b/util-linux-2.23.1-noenc-suse.diff new file mode 100644 index 0000000..b2a1a66 --- /dev/null +++ b/util-linux-2.23.1-noenc-suse.diff @@ -0,0 +1,12 @@ +--- util-linux-2.23.1/libmount/src/context_loopdev.c ++++ util-linux-2.23.1/libmount/src/context_loopdev.c 2013-06-05 09:44:37.081939564 +0000 +@@ -213,6 +213,9 @@ int mnt_context_setup_loopdev(struct lib + if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) && + mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) { + DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported")); ++ // XXX: nasty for the lib but there's on better way to give a hint atm ++ fprintf(stderr, "mount: encryption no longer supported.\n" ++ " Please use /etc/crypttab instead (man 5 crypttab)\n"); + rc = -MNT_ERR_MOUNTOPT; + } + diff --git a/util-linux-2.23.1.tar.bz2 b/util-linux-2.23.1.tar.bz2 new file mode 100644 index 0000000..8f556e5 --- /dev/null +++ b/util-linux-2.23.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ad4a7831d7b27d0172996fd343e809716c2403b32a94e15194d8ea797223c4af +size 5539830 diff --git a/util-linux-rpmlintrc b/util-linux-rpmlintrc index 81be4db..9f6d408 100644 --- a/util-linux-rpmlintrc +++ b/util-linux-rpmlintrc @@ -4,4 +4,10 @@ addFilter("incoherent-init-script-name raw") addFilter("no-reload-entry /etc/init.d/raw") # There is no egrep(1) used -> False positive addFilter("deprecated-grep") - +# Both pam configs for su and su-l are marked as noreplace +addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*") +# Useless warning as the /usr/bin variants are known +addFilter(".*W:.*permissions-symlink.*/bin/su.*") +addFilter(".*W:.*permissions-symlink.*/bin/umount.*") +addFilter(".*W:.*permissions-symlink.*/bin/mount.*") + diff --git a/util-linux.changes b/util-linux.changes index be90508..99b0231 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,75 @@ +------------------------------------------------------------------- +Fri Jun 7 00:13:25 UTC 2013 - mail@bernhard-voelker.de + +- util-linux.spec: work around su(1) PAM problems based on su(1) + being provided by both the coreutils and the util-linux package. + Fix macro typo in %post and %verifyscript sections related to su(1): + s/sysvinit_tools/enable_su/ + +------------------------------------------------------------------- +Thu Jun 6 08:27:43 UTC 2013 - werner@suse.de + +- Add make-sure-sbin-resp-usr-sbin-are-in-PATH.diff, that is include + the old "let `su' handle /sbin and /usr/sbin in path" +- Provide the new eject utility to avoid file conflict with old + eject package + +------------------------------------------------------------------- +Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de + +- Update to util-linux-2.23.1 + + Release highlights (2.22) + su(1): + * has been merged from coreutils into util-linux + * utils-linux version uses /etc/pam.d/su-l PAM config file for --login + (e.g. "su -") session. + sulogin(8): + * has been merged from sysvinit into util-linux + utmpdump(1): + * has been merged from sysvinit into util-linux + eject(1): + * has been merged from inactive upstream from sf.net and Fedora into util-linux + * supports new options --manualeject, --force and --no-partitions-unmount + lslocks(1) + * this NEW COMMAND prints local system locks and it's replacement to very + long time unmaintained lslk(1) + wdctl(8): + * this NEW COMMAND shows hardware watchdog status + libuuid: + * does NOT EXECUTE uuidd on demand, the daemon has to be started by + init scripts / systemd + uuidd: + * supports socket activation (for systemd) + * supports new options -no-fork, --no-pid and --socket-activation + + Release highlights (2.23) + blkdiscard(8): + * this NEW COMMAND discard sectors on a device (for example on SSD disks) + sulogin(8): + * provides multi-console feature from SysVinit +- Removed following patches now upstream + * 0001-Test-for-secure_getenv-too.patch + * 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch + * add-canonicalize_path_restricted.patch + * fdiskbsdlabel.patch + * libmount-add-MNT_ERR_LOOPDEV.patch + * libmount-add-special-MNT_ERR-codes.patch + * libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch + * login-close-tty-before-vhangup.patch + * mount-new-add-loopdev-specific-error-message.patch + * mount-new-allow-sloppy-for-non-root.patch + * mount-new-improve-error-messages.patch + * mount-new-use-MNT_ERR-for-error-messages.patch + * mount-sanitize-paths-from-non-root-users.patch + * util-linux-2.21.2-noenc.diff + * umount-sanitize-paths-from-non-root-users.patch +- Removed following patch which otherwise cause to break build + * util-linux-2.20-libmount-deps.patch +- Refreshed following patches with updating version string + * util-linux-2.23.1-fdisk_remove_bogus_warnings.patch + * util-linux-2.23.1-noenc-suse.diff +- Add util-linux-2.23.1-eject-fpie.patch to compile and link eject + with PIE + ------------------------------------------------------------------- Wed May 29 11:45:04 UTC 2013 - ihno@suse.com diff --git a/util-linux.spec b/util-linux.spec index 38e95ce..89ed4f4 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -16,6 +16,26 @@ # +# +# Following package should be fixed: +# coreutils ... do not install su and kill +# sysvinit-tools ... do not install sulogin and utmpdump +# eject ... simply drop this package +# +%bcond_without sysvinit_tools +%bcond_without enable_su +%bcond_without enable_eject + +# === MOVING SU TRICKERY (0/3) START === +# Work around su(1) PAM problems based on su(1) being provided by both the +# coreutils and the util-linux package. In the case the former is installed +# first, the latter will save the config files as ".rpmnew". When the new +# su(1)-less coreutils package is then installed, the `trickery (tm)` symlinks +# of the config files would then remain as dangling. +# This "MOVING SU TRICKERY" consists of 3 parts: 1/3, 2/3 and 3/3. +# This hack can go away when the new su-less coreutils package is out. +# === MOVING SU TRICKERY (0/3) END === + Name: util-linux BuildRequires: audit-devel BuildRequires: binutils-devel @@ -28,8 +48,10 @@ BuildRequires: ncurses-devel BuildRequires: pam-devel BuildRequires: pkg-config BuildRequires: readline-devel +BuildRequires: utempter-devel BuildRequires: zlib-devel -Version: 2.21.2 +BuildRequires: pkgconfig(systemd) +Version: 2.23.1 Release: 0 # util-linux is a base package and uuidd pre-requiring pwdutils pulls # that into the core build cycle. pwdutils also pulls in the whole @@ -37,7 +59,7 @@ Release: 0 # make the rpm install check of uuidd happy which has support to work without # these tools as well #!BuildIgnore: pwdutils -Url: http://kernel.org/~kzak/util-linux/ +Url: https://www.kernel.org/pub/linux/utils/util-linux/ Supplements: filesystem(minix) Provides: fsck-with-dev-lock = %{version} # bnc#651598: @@ -58,9 +80,11 @@ Source6: etc_filesystems Source7: baselibs.conf Source8: login.pamd Source9: remote.pamd +Source10: su.pamd +Source11: su.default # TODO: split to separate package -Source11: klogconsole.tar.bz2 -# XXX: needed? +Source40: klogconsole.tar.bz2 +# XXX: Run a program in a new session and with controlling tty Source22: setctsid.c Source23: setctsid.8 # XXX: ppc specific, still needed? @@ -76,40 +100,18 @@ Source51: blkid.conf ## util-linux patches ## # 241372 - remove legacy warnings from fdisk -Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch -Patch2: util-linux-2.20-libmount-deps.patch +Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch +Patch2: util-linux-2.23.1-eject-fpie.patch Patch3: fdisk-tinfo.patch -Patch4: mount-new-allow-sloppy-for-non-root.patch -Patch5: libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch - -# Patches 6-10: bcn#767208 (taken from upstream -Patch6: mount-new-improve-error-messages.patch -Patch7: libmount-add-special-MNT_ERR-codes.patch -Patch8: mount-new-use-MNT_ERR-for-error-messages.patch -Patch9: libmount-add-MNT_ERR_LOOPDEV.patch -Patch10: mount-new-add-loopdev-specific-error-message.patch +# PATCH-EXTEND-UPSTREAM: Let `su' handle /sbin and /usr/sbin in path +Patch4: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff # disable encryption -Patch11: util-linux-2.21.2-noenc.diff -Patch12: util-linux-2.21.2-noenc-suse.diff - -Patch13: login-close-tty-before-vhangup.patch +Patch12: util-linux-2.23.1-noenc-suse.diff # hack for boot.localfs Patch20: util-linux-HACK-boot.localfs.diff -Patch21: 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch - -#bnc#797002 -Patch22: add-canonicalize_path_restricted.patch -Patch23: mount-sanitize-paths-from-non-root-users.patch -Patch24: umount-sanitize-paths-from-non-root-users.patch -##### -# There is no __secure_getenv anymore.. -Patch25: 0001-Test-for-secure_getenv-too.patch - -# fix fdisk compilation on aarch64 -Patch26: fdiskbsdlabel.patch ## ## klogconsole ## @@ -124,12 +126,14 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq /bin/sed # Provides: base = %{version}-%{release} +Provides: eject = %{version}-%{release} Provides: login = 4.0-33.7 Provides: raw = %{version}-%{release} Provides: rawio = %{version}-%{release} Provides: util = %{version}-%{release} Provides: uuid-runtime = %{version}-%{release} Obsoletes: base < %{version}-%{release} +Obsoletes: eject < %{version}-%{release} Obsoletes: login < 4.0-33.7 Obsoletes: raw < %{version}-%{release} Obsoletes: rawio < %{version}-%{release} @@ -211,52 +215,47 @@ Files to develop applications using the libmount library. %lang_package %prep -%setup -q -n %{name}-%{version} -b 11 +%setup -q -n %{name}-%{version} -b 40 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 %patch12 -p1 -%patch13 -p1 # %patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 # # setctsid -cp %{S:22} %{S:23} . +cp -p %{S:22} %{S:23} . # nologin -cp %{S:2} %{S:3} %{S:26} %{S:30} . +cp -p %{S:2} %{S:3} %{S:26} %{S:30} . %patch60 -p1 %patch61 -p1 -cd ../klogconsole +pushd ../klogconsole %patch55 -p1 %patch56 -p1 +popd %build -pushd ../ +pushd ../klogconsole # klogconsole build -cd klogconsole make %{?_smp_mflags} CFLAGS="%{optflags}" CC="%{__cc}" -cd .. popd # setctsid build rm -f setctsid make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}" # +# Version check for libutempter +# +uhead=$(find %_includedir -name utempter.h 2>/dev/null) +if test -n "$uhead" && grep -q utempter_add_record "$uhead" +then + uhead=--with-utempter +else + uhead=--without-utempter +fi +# # util-linux itself # autoreconf -fi @@ -264,16 +263,41 @@ export SUID_CFLAGS="-fpie" export SUID_LDFLAGS="-pie" %configure \ --with-audit \ + --with-gnu-ld \ + --with-ncurses \ --with-selinux \ + $uhead \ + --with-systemdsystemunitdir=%_unitdir \ + --with-bashcompletiondir=%{_datadir}/bash-completion \ --enable-mesg \ --enable-partx \ --enable-raw \ --enable-write \ --enable-line \ --enable-new-mount \ - --enable-ddate \ --enable-login-utils \ + --enable-tunelp \ + --enable-logger \ +%if %{with enable_eject} + --enable-eject \ +%else + --disable-eject \ +%endif +%if %{with sysvinit_tools} + --enable-sulogin \ + --enable-sulogin-emergency-mount \ + --enable-mountpoint \ +%else + --disable-sulogin \ --disable-mountpoint \ +%endif +%if %{with enable_su} + --enable-kill \ + --enable-su \ +%else + --disable-su \ + --disable-kill \ +%endif --disable-use-tty-group \ --disable-static \ --disable-silent-rules \ @@ -286,17 +310,28 @@ make %{?_smp_mflags} %{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31} %install -mkdir -p %{buildroot}{/etc/init.d,/etc/pam.d,%{_mandir}/man{1,8},/bin,/sbin,/usr/bin,/usr/sbin,%{_infodir}} +mkdir -p %{buildroot}{%{_sysconfdir}/{init.d,pam.d,default},%{_mandir}/man{1,8},/bin,/sbin,%{_bindir},%{_sbindir},%{_infodir}} mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/ mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/ install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf -install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login -install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote +install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/login +install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/remote +%if %{with enable_su} +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l +install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su +# === MOVING SU TRICKERY (1/3) START === +# Install a copy of the su(1) config files with .ul suffix. +# This hack can go away when the new su-less coreutils package is out. +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su.ul +install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l.ul +install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su.ul +# === MOVING SU TRICKERY (1/3) END === +%endif mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates -pushd .. +pushd ../klogconsole # klogconsole install -cd klogconsole make install DEST=%{buildroot} popd # @@ -304,6 +339,10 @@ popd # %make_install #UsrMerge +%if %{with enable_su} +ln -s %{_bindir}/kill %{buildroot}/bin +ln -s %{_bindir}/su %{buildroot}/bin +%endif ln -s %{_bindir}/logger %{buildroot}/bin ln -s %{_bindir}/dmesg %{buildroot}/bin ln -s %{_bindir}/more %{buildroot}/bin @@ -360,9 +399,9 @@ install -m 444 setctsid.8 %{buildroot}%{_mandir}/man8/ echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb chmod 755 %{buildroot}%{_sbindir}/flushb # Install scripts to configure raw devices at boot time -install -m 644 $RPM_SOURCE_DIR/etc.raw %{buildroot}%{_sysconfdir}/raw +install -m 644 $RPM_SOURCE_DIR%{_sysconfdir}.raw %{buildroot}%{_sysconfdir}/raw install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw -ln -sf ../../etc/init.d/raw %{buildroot}%{_sbindir}/rcraw +ln -sf ../..%{_sysconfdir}/init.d/raw %{buildroot}%{_sbindir}/rcraw # Stupid hack so we don't have a tcsh dependency chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh # Following files we don't want to package, so remove them @@ -435,7 +474,13 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd %if 0%{?suse_version} <= 1130 %run_permissions %else -%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount +%set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount +%if %{with enable_su} +%set_permissions %{_bindir}/su +%endif +%if %{with enable_eject} +%set_permissions %{_bindir}/eject +%endif %endif # mount option 'code=' is now called 'codepage=' so change fstab @@ -443,12 +488,35 @@ if [ -f etc/fstab ]; then sed -i 's:code=:codepage=:' etc/fstab fi +%posttrans +%if "%{with enable_su}" +# === MOVING SU TRICKERY (2/3) START === +# If su(1)'s PAM config files are symbolic links, then they have been installed +# by the coreutils package (because su-enabled coreutils has been installed +# before util-linux). Remove the symlinks and install a copy of our .ul files +# in their correct places. +# This hack can go away when the new su-less coreutils package is out. +for f in pam.d/su pam.d/su-l default/su ; do + if [ -L %{_sysconfdir}/$f -a -e %{_sysconfdir}/$f.ul ]; then + rm -v %{_sysconfdir}/$f + cp -av %{_sysconfdir}/$f.ul %{_sysconfdir}/$f + fi +done +# === MOVING SU TRICKERY (2/3) END === +%endif + %postun %install_info_delete --info-dir=%{_infodir} %{_infodir}/ipc.info.gz %{insserv_cleanup} %verifyscript -%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount +%verify_permissions -e %{_bindir}/wall -e %{_bindir}/write -e %{_bindir}/mount -e %{_bindir}/umount +%if %{with enable_su} +%verify_permissions -e %{_bindir}/su +%endif +%if %{with enable_eject} +%verify_permissions -e %{_bindir}/eject +%endif %post -n libblkid1 -p /sbin/ldconfig @@ -459,8 +527,8 @@ fi %postun -n libmount1 -p /sbin/ldconfig %pre -n uuidd -/usr/sbin/groupadd -r uuidd 2>/dev/null || : -/usr/sbin/useradd -r -g uuidd -c "User for uuidd" \ +%{_sbindir}/groupadd -r uuidd 2>/dev/null || : +%{_sbindir}/useradd -r -g uuidd -c "User for uuidd" \ -d /var/run/uuidd uuidd 2>/dev/null || : %preun -n uuidd @@ -471,7 +539,7 @@ fi %if 0%{?suse_version} <= 1130 %run_permissions %else -%set_permissions /usr/sbin/uuidd +%set_permissions %{_sbindir}/uuidd %endif %postun -n uuidd @@ -483,7 +551,7 @@ fi %postun -n libuuid1 -p /sbin/ldconfig %verifyscript -n uuidd -%verify_permissions -e /usr/sbin/uuidd +%verify_permissions -e %{_sbindir}/uuidd %files lang -f %{name}.lang @@ -495,7 +563,6 @@ fi %doc Documentation/cal.txt %doc Documentation/cfdisk.txt %doc Documentation/col.txt -%doc Documentation/ddate.txt %doc Documentation/deprecated.txt %doc Documentation/fdisk.txt %doc Documentation/getopt.txt @@ -509,9 +576,25 @@ fi %config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw %config(noreplace) %{_sysconfdir}/filesystems %config(noreplace) %{_sysconfdir}/blkid.conf -%config(noreplace) /etc/pam.d/login -%config(noreplace) /etc/pam.d/remote +%config(noreplace) %{_sysconfdir}/pam.d/login +%config(noreplace) %{_sysconfdir}/pam.d/remote +%if %{with enable_su} +%config(noreplace) %{_sysconfdir}/pam.d/su +%config(noreplace) %{_sysconfdir}/pam.d/su-l +%config(noreplace) %{_sysconfdir}/default/su +# === MOVING SU TRICKERY (3/3) START === +# Package su(1) config files with .ul suffix needed in posttrans above. +# This hack can go away when the new su-less coreutils package is out. +%config %{_sysconfdir}/pam.d/su.ul +%config %{_sysconfdir}/pam.d/su-l.ul +%config %{_sysconfdir}/default/su.ul +# === MOVING SU TRICKERY (3/3) END === +%endif #UsrMerge +%if %{with enable_su} +/bin/kill +/bin/su +%endif /bin/dmesg /bin/more /bin/mount @@ -546,13 +629,19 @@ fi /sbin/fstrim /sbin/chcpu #EndUsrMerge +%if %{with enable_su} +%{_bindir}/kill +%{_bindir}/su +%endif +%if %{with enable_eject} +%verify(not mode) %attr(4750,root,audio) %{_bindir}/eject +%endif %{_bindir}/cal %{_bindir}/chrt %{_bindir}/col %{_bindir}/colcrt %{_bindir}/colrm %{_bindir}/column -%{_bindir}/ddate %{_bindir}/dmesg %{_bindir}/fallocate %{_bindir}/findmnt @@ -569,11 +658,13 @@ fi %{_bindir}/look %{_bindir}/lsblk %{_bindir}/lscpu +%{_bindir}/lslocks %{_bindir}/mcookie %{_bindir}/mesg %{_bindir}/more %{_bindir}/mount %{_bindir}/namei +%{_bindir}/nsenter %{_bindir}/prlimit %{_bindir}/rename %{_bindir}/renice @@ -587,14 +678,20 @@ fi %{_bindir}/ul %{_bindir}/umount %{_bindir}/unshare +%if %{with sysvinit_tools} +%{_bindir}/mountpoint +%{_bindir}/utmpdump +%endif %{_bindir}/uuidgen %ifnarch ppc ppc64 %{_bindir}/chrp-addnote %{_bindir}/mkzimage_cmdline %endif +%{_bindir}/wdctl %{_sbindir}/addpart %{_sbindir}/agetty %{_sbindir}/blkid +%{_sbindir}/blkdiscard %{_sbindir}/blockdev %{_sbindir}/chcpu %{_sbindir}/ctrlaltdel @@ -617,8 +714,13 @@ fi %{_sbindir}/pivot_root %{_sbindir}/raw %{_sbindir}/rcraw +%{_sbindir}/resizepart %{_sbindir}/rtcwake +%{_sbindir}/runuser %{_sbindir}/setctsid +%if %{with sysvinit_tools} +%{_sbindir}/sulogin +%endif %{_sbindir}/swaplabel %{_sbindir}/swapoff %{_sbindir}/swapon @@ -627,14 +729,20 @@ fi %verify(not mode) %attr(0755,root,tty) %{_bindir}/wall %{_bindir}/whereis %verify(not mode) %attr(0755,root,tty) %{_bindir}/write +%if %{with enable_su} +%{_mandir}/man1/kill.1.gz +%{_mandir}/man1/su.1.gz +%endif %{_mandir}/man1/cal.1.gz %{_mandir}/man1/chrt.1.gz %{_mandir}/man1/col.1.gz %{_mandir}/man1/colcrt.1.gz %{_mandir}/man1/colrm.1.gz %{_mandir}/man1/column.1.gz -%{_mandir}/man1/ddate.1.gz %{_mandir}/man1/dmesg.1.gz +%if %{with enable_eject} +%{_mandir}/man1/eject.1.gz +%endif %{_mandir}/man1/fallocate.1.gz %{_mandir}/man1/flock.1.gz %{_mandir}/man1/getopt.1.gz @@ -650,6 +758,7 @@ fi %{_mandir}/man1/mesg.1.gz %{_mandir}/man1/more.1.gz %{_mandir}/man1/namei.1.gz +%{_mandir}/man1/nsenter.1.gz %{_mandir}/man1/ionice.1.gz %{_mandir}/man1/prlimit.1.gz %{_mandir}/man1/rename.1.gz @@ -667,6 +776,11 @@ fi %{_mandir}/man1/whereis.1.gz %{_mandir}/man1/write.1.gz %{_mandir}/man1/ipcmk.1.gz +%if %{with sysvinit_tools} +%{_mandir}/man1/mountpoint.1.gz +%{_mandir}/man1/utmpdump.1.gz +%endif +%{_mandir}/man1/runuser.1.gz %{_mandir}/man1/uuidgen.1.gz %{_mandir}/man5/fstab.5.gz %{_mandir}/man8/addpart.8.gz @@ -675,16 +789,20 @@ fi %{_mandir}/man8/delpart.8.gz %{_mandir}/man8/ctrlaltdel.8.gz %{_mandir}/man8/blkid.8.gz +%{_mandir}/man8/blkdiscard.8.gz %{_mandir}/man8/switch_root.8.gz %{_mandir}/man8/mkfs.bfs.8.gz %{_mandir}/man8/mkfs.minix.8.gz %{_mandir}/man8/findfs.8.gz %{_mandir}/man8/fsck.8.gz +%{_mandir}/man8/fsck.cramfs.8.gz %{_mandir}/man8/fsck.minix.8.gz %{_mandir}/man8/isosize.8.gz %{_mandir}/man8/ldattach.8.gz %{_mandir}/man8/losetup.8.gz +%{_mandir}/man8/lslocks.8.gz %{_mandir}/man8/mkfs.8.gz +%{_mandir}/man8/mkfs.cramfs.8.gz %{_mandir}/man8/mkswap.8.gz %{_mandir}/man8/mount.8.gz %{_mandir}/man8/nologin.8.gz @@ -708,12 +826,17 @@ fi %{_mandir}/man8/wipefs.8.gz %{_mandir}/man8/fstrim.8.gz %{_mandir}/man8/lsblk.8.gz -%{_mandir}/ru +%{_mandir}/man8/resizepart.8.gz +%if %{with sysvinit_tools} +%{_mandir}/man8/sulogin.8.gz +%endif +%{_mandir}/man8/wdctl.8.gz %{_sbindir}/flushb %{_sbindir}/readprofile %dir %{_datadir}/getopt %attr (755,root,root) %{_datadir}/getopt/getopt-parse.bash %attr (755,root,root) %{_datadir}/getopt/getopt-parse.tcsh +%{_datadir}/bash-completion/* %ifnarch ia64 #XXX: post our patches upstream #XXX: call fdupes on /usr/share/man @@ -784,6 +907,8 @@ fi %{_initddir}/uuidd %{_mandir}/man8/uuidd.8.gz %{_sbindir}/rcuuidd +%{_unitdir}/uuidd.service +%{_unitdir}/uuidd.socket %files -n libuuid1 %defattr(-, root, root)