3
0
forked from pool/util-linux

Accepting request 177962 from Base:System

- util-linux.spec: work around su(1) PAM problems based on su(1)
  being provided by both the coreutils and the util-linux package.
  Fix macro typo in %post and %verifyscript sections related to su(1):
    s/sysvinit_tools/enable_su/ (forwarded request 177950 from bernhard-voelker)

OBS-URL: https://build.opensuse.org/request/show/177962
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/util-linux?expand=0&rev=160
This commit is contained in:
Stephan Kulow 2013-06-07 08:12:05 +00:00 committed by Git OBS Bridge
commit 1cb1f2ae9e
30 changed files with 496 additions and 1558 deletions

View File

@ -1,41 +0,0 @@
From a6f605ed6dcfdf2ea7f6b0bf68e18d8c9ce5ea96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Tue, 5 Feb 2013 02:06:04 -0300
Subject: [PATCH] Test for secure_getenv too.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
In current glibc versions, internal __secure_getenv
no longer exists and was replaced by secure_getenv()
Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
---
configure.ac | 1 +
lib/env.c | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
--- util-linux-2.21.2.orig/configure.ac
+++ util-linux-2.21.2/configure.ac
@@ -281,6 +281,7 @@ AC_CHECK_FUNCS(
posix_fadvise \
getmntinfo \
__secure_getenv \
+ secure_getenv \
warn \
warnx \
rpmatch])
--- util-linux-2.21.2.orig/lib/env.c
+++ util-linux-2.21.2/lib/env.c
@@ -98,8 +98,9 @@ char *safe_getenv(const char *arg)
return NULL;
#endif
#endif
-
-#ifdef HAVE___SECURE_GETENV
+#ifdef HAVE_SECURE_GETENV
+return secure_getenv(arg);
+#elif HAVE___SECURE_GETENV
return __secure_getenv(arg);
#else
return getenv(arg);

View File

@ -1,107 +0,0 @@
From f47373c950e812208f5db14cf728a54c31f750bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crrodriguez@opensuse.org>
Date: Wed, 26 Dec 2012 14:30:48 -0300
Subject: [PATCH 1/2] include/bitops.h: Use the operating system byteswapping
functions
There is no need to reinvent the wheel.
---
include/bitops.h | 69 +++++++++++++++-----------------------------------------
1 file changed, 18 insertions(+), 51 deletions(-)
diff --git a/include/bitops.h b/include/bitops.h
index 81375d0..89b418c 100644
--- a/include/bitops.h
+++ b/include/bitops.h
@@ -8,6 +8,9 @@
*/
#include <sys/param.h>
+#include <byteswap.h>
+#include <endian.h>
+
#ifndef NBBY
# define NBBY CHAR_BIT
#endif
@@ -22,63 +25,27 @@
/*
* Byte swab macros (based on linux/byteorder/swab.h)
*/
-#define swab16(x) \
- ((uint16_t)( \
- (((uint16_t)(x) & (uint16_t)0x00ffU) << 8) | \
- (((uint16_t)(x) & (uint16_t)0xff00U) >> 8) ))
-
-#define swab32(x) \
- ((uint32_t)( \
- (((uint32_t)(x) & (uint32_t)0x000000ffUL) << 24) | \
- (((uint32_t)(x) & (uint32_t)0x0000ff00UL) << 8) | \
- (((uint32_t)(x) & (uint32_t)0x00ff0000UL) >> 8) | \
- (((uint32_t)(x) & (uint32_t)0xff000000UL) >> 24) ))
-
-#define swab64(x) \
- ((uint64_t)( \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000000000ffULL) << 56) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000000000ff00ULL) << 40) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000000000ff0000ULL) << 24) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00000000ff000000ULL) << 8) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x000000ff00000000ULL) >> 8) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x0000ff0000000000ULL) >> 24) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0x00ff000000000000ULL) >> 40) | \
- (uint64_t)(((uint64_t)(x) & (uint64_t)0xff00000000000000ULL) >> 56) ))
-
-
-#ifdef WORDS_BIGENDIAN
+#define swab16(x) bswap_16(x)
-#define cpu_to_le16(x) swab16(x)
-#define cpu_to_le32(x) swab32(x)
-#define cpu_to_le64(x) swab64(x)
-#define cpu_to_be16(x) ((uint16_t)(x))
-#define cpu_to_be32(x) ((uint32_t)(x))
-#define cpu_to_be64(x) ((uint64_t)(x))
+#define swab32(x) bswap_32(x)
-#define le16_to_cpu(x) swab16(x)
-#define le32_to_cpu(x) swab32(x)
-#define le64_to_cpu(x) swab64(x)
-#define be16_to_cpu(x) ((uint16_t)(x))
-#define be32_to_cpu(x) ((uint32_t)(x))
-#define be64_to_cpu(x) ((uint64_t)(x))
+#define swab64(x) bswap_64(x)
-#else /* !WORDS_BIGENDIAN */
+#define cpu_to_le16(x) htole16(x)
+#define cpu_to_le32(x) htole32(x)
+#define cpu_to_le64(x) htole64(x)
-#define cpu_to_le16(x) ((uint16_t)(x))
-#define cpu_to_le32(x) ((uint32_t)(x))
-#define cpu_to_le64(x) ((uint64_t)(x))
-#define cpu_to_be16(x) swab16(x)
-#define cpu_to_be32(x) swab32(x)
-#define cpu_to_be64(x) swab64(x)
+#define cpu_to_be16(x) htobe16(x)
+#define cpu_to_be32(x) htobe32(x)
+#define cpu_to_be64(x) htobe64(x)
-#define le16_to_cpu(x) ((uint16_t)(x))
-#define le32_to_cpu(x) ((uint32_t)(x))
-#define le64_to_cpu(x) ((uint64_t)(x))
-#define be16_to_cpu(x) swab16(x)
-#define be32_to_cpu(x) swab32(x)
-#define be64_to_cpu(x) swab64(x)
+#define le16_to_cpu(x) le16toh(x)
+#define le32_to_cpu(x) le32toh(x)
+#define le64_to_cpu(x) le64toh(x)
-#endif /* WORDS_BIGENDIAN */
+#define be16_to_cpu(x) be16toh(x)
+#define be32_to_cpu(x) be32toh(x)
+#define be64_to_cpu(x) be64toh(x)
#endif /* BITOPS_H */
--
1.8.0.2

View File

@ -1,78 +0,0 @@
From 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 16:24:28 +0100
Subject: [PATCH] lib/canonicalize: add canonicalize_path_restricted() to
canonicalize without suid permisssions
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
include/canonicalize.h | 1 +
lib/canonicalize.c | 42 ++++++++++++++++++++++++++++++++++++++++++
2 files changed, 43 insertions(+)
Index: util-linux-2.21.2/include/canonicalize.h
===================================================================
--- util-linux-2.21.2.orig/include/canonicalize.h
+++ util-linux-2.21.2/include/canonicalize.h
@@ -4,6 +4,7 @@
#include "c.h" /* for PATH_MAX */
extern char *canonicalize_path(const char *path);
+extern char *canonicalize_path_restricted(const char *path);
extern char *canonicalize_dm_name(const char *ptname);
#endif /* CANONICALIZE_H */
Index: util-linux-2.21.2/lib/canonicalize.c
===================================================================
--- util-linux-2.21.2.orig/lib/canonicalize.c
+++ util-linux-2.21.2/lib/canonicalize.c
@@ -188,6 +188,48 @@ canonicalize_path(const char *path)
return strdup(canonical);
}
+char *
+canonicalize_path_restricted(const char *path)
+{
+ char canonical[PATH_MAX+2];
+ char *p = NULL;
+ int errsv;
+ uid_t euid;
+ gid_t egid;
+
+ if (path == NULL)
+ return NULL;
+
+ euid = geteuid();
+ egid = getegid();
+
+ /* drop permissions */
+ if (setegid(getgid()) < 0 || seteuid(getuid()) < 0)
+ return NULL;
+
+ errsv = errno = 0;
+
+ if (myrealpath(path, canonical, PATH_MAX+1)) {
+ p = strrchr(canonical, '/');
+ if (p && strncmp(p, "/dm-", 4) == 0 && isdigit(*(p + 4)))
+ p = canonicalize_dm_name(p+1);
+ else
+ p = NULL;
+ if (!p)
+ p = strdup(canonical);
+ } else
+ errsv = errno;
+
+ /* restore */
+ if (setegid(egid) < 0 || seteuid(euid) < 0) {
+ free(p);
+ return NULL;
+ }
+
+ errno = errsv;
+ return p;
+}
+
#ifdef TEST_PROGRAM_CANONICALIZE
int main(int argc, char **argv)

View File

@ -1,18 +1,12 @@
Index: util-linux-2.21-rc2/fdisk/Makefile.am
===================================================================
--- util-linux-2.21-rc2.orig/fdisk/Makefile.am
+++ util-linux-2.21-rc2/fdisk/Makefile.am
@@ -64,9 +64,13 @@ sbin_PROGRAMS += cfdisk
dist_man_MANS += cfdisk.8
cfdisk_SOURCES = cfdisk.c $(fdisk_common)
cfdisk_CFLAGS = $(cflags_blkid)
--- util-linux-2.23.1/fdisks/Makemodule.am
+++ util-linux-2.23.1/fdisks/Makemodule.am 2013-06-05 09:58:30.753439465 +0000
@@ -79,6 +79,9 @@ endif
if HAVE_SLANG
cfdisk_LDADD += -lslang
else
+if HAVE_TINFO
+cfdisk_LDADD = -ltinfo @NCURSES_LIBS@ $(ldadd_blkid)
+else
cfdisk_LDADD = @NCURSES_LIBS@ $(ldadd_blkid)
endif
endif
+cfdisk_LDADD += -ltinfo
+endif
endif # !ARCH_SPARC
endif # !ARCH_M68K
if HAVE_NCURSES
cfdisk_LDADD += @NCURSES_LIBS@
endif

View File

@ -1,14 +0,0 @@
Index: util-linux-2.21.2/fdisk/fdiskbsdlabel.h
===================================================================
--- util-linux-2.21.2.orig/fdisk/fdiskbsdlabel.h
+++ util-linux-2.21.2/fdisk/fdiskbsdlabel.h
@@ -48,7 +48,8 @@
#if defined (__i386__) || defined (__sparc__) || defined (__arm__) || \
defined (__mips__) || defined (__s390__) || defined (__sh__) || \
- defined(__x86_64__) || defined (__avr32__) || defined(__cris__)
+ defined(__x86_64__) || defined (__avr32__) || defined(__cris__) || \
+ defined(__aarch64__)
#define BSD_LABELSECTOR 1
#define BSD_LABELOFFSET 0
#elif defined (__alpha__) || defined (__powerpc__) || defined (__ia64__) || defined (__hppa__)

View File

@ -1,59 +0,0 @@
From 82756a747e4bcfc13a27b7618d889af080649584 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 28 May 2012 12:26:36 +0200
Subject: [PATCH] libmount: add MNT_ERR_LOOPDEV
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
lib/loopdev.c | 4 ++++
libmount/src/context_loopdev.c | 1 +
libmount/src/libmount.h.in | 1 +
3 files changed, 6 insertions(+), 0 deletions(-)
Index: util-linux-2.21.2/lib/loopdev.c
===================================================================
--- util-linux-2.21.2.orig/lib/loopdev.c
+++ util-linux-2.21.2/lib/loopdev.c
@@ -173,6 +173,8 @@ int loopcxt_init(struct loopdev_cxt *lc,
*/
void loopcxt_deinit(struct loopdev_cxt *lc)
{
+ int errsv = errno;
+
if (!lc)
return;
@@ -183,6 +185,8 @@ void loopcxt_deinit(struct loopdev_cxt *
loopcxt_set_device(lc, NULL);
loopcxt_deinit_iterator(lc);
+
+ errno = errsv;
}
/*
Index: util-linux-2.21.2/libmount/src/context_loopdev.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
+++ util-linux-2.21.2/libmount/src/context_loopdev.c
@@ -261,6 +261,7 @@ int mnt_context_setup_loopdev(struct lib
if (loopdev || rc != -EBUSY) {
DBG(CXT, mnt_debug_h(cxt, "failed to setup device"));
+ rc = -MNT_ERR_LOOPDEV;
goto done;
}
DBG(CXT, mnt_debug_h(cxt, "loopdev stolen...trying again"));
Index: util-linux-2.21.2/libmount/src/libmount.h.in
===================================================================
--- util-linux-2.21.2.orig/libmount/src/libmount.h.in
+++ util-linux-2.21.2/libmount/src/libmount.h.in
@@ -126,6 +126,7 @@ enum {
#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */
#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */
#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */
+#define MNT_ERR_LOOPDEV 5003 /* loopdev setup failed, errno set by libc */
/* init.c */
extern void mnt_init_debug(int mask);

View File

@ -1,68 +0,0 @@
From 47dea49b4cb4a4a98a6c518cc17f6d2c92be9528 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 24 Apr 2012 11:57:32 +0200
Subject: [PATCH] libmount: add special MNT_ERR_ codes
... to detect some situations where standard -errno is too generic.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
libmount/src/context.c | 20 ++++++++++----------
libmount/src/libmount.h.in | 12 ++++++++++++
2 files changed, 22 insertions(+), 10 deletions(-)
Index: util-linux-2.21.2/libmount/src/context.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context.c
+++ util-linux-2.21.2/libmount/src/context.c
@@ -1186,7 +1186,7 @@ int mnt_context_prepare_srcpath(struct l
if (cache)
path = mnt_resolve_tag(t, v, cache);
- rc = path ? mnt_fs_set_source(cxt->fs, path) : -EINVAL;
+ rc = path ? mnt_fs_set_source(cxt->fs, path) : -MNT_ERR_NOSOURCE;
} else if (cache && !mnt_fs_is_pseudofs(cxt->fs)) {
/*
@@ -1247,7 +1247,7 @@ int mnt_context_prepare_target(struct li
cache = mnt_context_get_cache(cxt);
if (cache) {
char *path = mnt_resolve_path(tgt, cache);
- if (strcmp(path, tgt))
+ if (path && strcmp(path, tgt) != 0)
rc = mnt_fs_set_target(cxt->fs, path);
}
@@ -1543,7 +1543,7 @@ static int apply_table(struct libmnt_con
}
if (!fs)
- return -EINVAL;
+ return -MNT_ERR_NOFSTAB; /* not found */
DBG(CXT, mnt_debug_h(cxt, "apply entry:"));
DBG(CXT, mnt_fs_print_debug(fs, stderr));
Index: util-linux-2.21.2/libmount/src/libmount.h.in
===================================================================
--- util-linux-2.21.2.orig/libmount/src/libmount.h.in
+++ util-linux-2.21.2/libmount/src/libmount.h.in
@@ -115,6 +115,18 @@ enum {
MNT_ACT_UMOUNT
};
+/*
+ * Errors -- by default libmount returns -errno for generic errors (ENOMEM,
+ * EINVAL, ...) and for mount(2) errors, but for some specific operations it
+ * returns private error codes. Note that maximum system errno value should be
+ * 4095 on UNIXes.
+ *
+ * See also mnt_context_get_syscall_errno() and mnt_context_get_helper_status().
+ */
+#define MNT_ERR_NOFSTAB 5000 /* not found required entry in fstab */
+#define MNT_ERR_NOFSTYPE 5001 /* failed to detect filesystem type */
+#define MNT_ERR_NOSOURCE 5002 /* required mount source undefined */
+
/* init.c */
extern void mnt_init_debug(int mask);

View File

@ -1,115 +0,0 @@
From e90e7401d0c318c9dac4a0204e2bca86949b1d32 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 14 Jun 2012 14:19:26 +0200
Subject: [PATCH] libmount: don't use nosuid,noexec,nodev for cifs user=foo
mount -t cifs //127.0.0.1/users /mnt/smb -o user=root,password=linux
is incorrectly translated to
mount.cifs -o noexec,nosuid,nodev,user=root,password=linux ...
The command mount(8) should be sensitive to "user" (without "=<name>")
only. The correct cifs command line is:
mount.cifs -o user=root,password=linux
Addresses: https://bugzilla.novell.com/show_bug.cgi?id=766157
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
libmount/src/context_mount.c | 29 +++++++++++++++++++++++++++--
libmount/src/optstr.c | 9 +++++----
2 files changed, 32 insertions(+), 6 deletions(-)
Index: util-linux-2.21.2/libmount/src/context_mount.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context_mount.c
+++ util-linux-2.21.2/libmount/src/context_mount.c
@@ -53,6 +53,15 @@ static int fix_optstr(struct libmnt_cont
if (cxt->mountflags & MS_PROPAGATION)
cxt->mountflags &= (MS_PROPAGATION | MS_REC | MS_SILENT);
+ /*
+ * The "user" options is our business (so we can modify the option),
+ * but exception is command line for /sbin/mount.<type> helpers. Let's
+ * save the original user=<name> to call the helpers with unchanged
+ * "user" setting.
+ *
+ * Don't check for MNT_MS_USER in cxt->user_mountflags, the flag maybe
+ * removed by evaluate_permissions().
+ */
if (!mnt_optstr_get_option(fs->user_optstr, "user", &val, &valsz)) {
if (val) {
cxt->orig_user = strndup(val, valsz);
@@ -196,6 +205,10 @@ err:
/*
* this has to be called before fix_optstr()
+ *
+ * Note that user=<name> maybe be used by some filesystems as filesystem
+ * specific option (e.g. cifs). Yes, developers of such filesystems have
+ * allocated pretty hot place in hell...
*/
static int evaluate_permissions(struct libmnt_context *cxt)
{
@@ -233,10 +246,22 @@ static int evaluate_permissions(struct l
}
/*
- * Note that MS_OWNERSECURE and MS_SECURE mount options
- * are applied by mnt_optstr_get_flags() from mnt_context_merge_mflags()
+ * MS_OWNERSECURE and MS_SECURE mount options are already
+ * applied by mnt_optstr_get_flags() in mnt_context_merge_mflags()
+ * if "user" (but no user=<name> !) options is set.
+ *
+ * Let's ignore all user=<name> (if <name> is set) requests.
*/
+ if (cxt->user_mountflags & MNT_MS_USER) {
+ size_t valsz = 0;
+ if (!mnt_optstr_get_option(cxt->fs->user_optstr,
+ "user", NULL, &valsz) && valsz) {
+
+ DBG(CXT, mnt_debug_h(cxt, "perms: user=<name> detected, ignore"));
+ cxt->user_mountflags &= ~MNT_MS_USER;
+ }
+ }
/*
* MS_OWNER: Allow owners to mount when fstab contains the
Index: util-linux-2.21.2/libmount/src/optstr.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/optstr.c
+++ util-linux-2.21.2/libmount/src/optstr.c
@@ -579,7 +579,7 @@ int mnt_optstr_get_flags(const char *opt
{
struct libmnt_optmap const *maps[2];
char *name, *str = (char *) optstr;
- size_t namesz = 0;
+ size_t namesz = 0, valsz = 0;
int nmaps = 0;
assert(optstr);
@@ -596,7 +596,7 @@ int mnt_optstr_get_flags(const char *opt
*/
maps[nmaps++] = mnt_get_builtin_optmap(MNT_USERSPACE_MAP);
- while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, NULL)) {
+ while(!mnt_optstr_next_option(&str, &name, &namesz, NULL, &valsz)) {
const struct libmnt_optmap *ent;
const struct libmnt_optmap *m;
@@ -610,9 +610,10 @@ int mnt_optstr_get_flags(const char *opt
else
*flags |= ent->id;
- } else if (nmaps == 2 && m == maps[1]) {
+ } else if (nmaps == 2 && m == maps[1] && valsz == 0) {
/*
- * Special case -- translate "user" to MS_ options
+ * Special case -- translate "user" (but no user=) to
+ * MS_ options
*/
if (ent->mask & MNT_INVERT)
continue;

View File

@ -1,39 +0,0 @@
From 2e7035646eb85851171cc2e989bfa858a4f00cd4 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 12 Jul 2012 16:33:52 +0200
Subject: login: close tty before vhangup()
Git-commit: 2e7035646eb85851171cc2e989bfa858a4f00cd4
Patch-mainline: v2.22-rc1
References: bnc#778842
Let's close all tty file descriptors before vhangup() call.
References: https://lkml.org/lkml/2012/6/5/145
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
login-utils/login.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/login-utils/login.c b/login-utils/login.c
index fe13d8d..c0cc00a 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -409,6 +409,14 @@ static void init_tty(struct login_context *cxt)
/* Kill processes left on this tty */
tcsetattr(0, TCSAFLUSH, &ttt);
+ /*
+ * Let's close file decriptors before vhangup
+ * https://lkml.org/lkml/2012/6/5/145
+ */
+ close(STDIN_FILENO);
+ close(STDOUT_FILENO);
+ close(STDERR_FILENO);
+
signal(SIGHUP, SIG_IGN); /* so vhangup() wont kill us */
vhangup();
signal(SIGHUP, SIG_DFL);
--
1.7.12

View File

@ -0,0 +1,143 @@
--- util-linux-2.23.1/login-utils/su-common.c
+++ util-linux-2.23.1/login-utils/su-common.c 2013-06-06 08:46:59.575872090 +0000
@@ -473,6 +473,117 @@ set_path(const struct passwd* pw)
err (EXIT_FAILURE, _("failed to set PATH"));
}
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
/* Update `environ' for the new shell based on PW, with SHELL being
the value for the SHELL environment variable. */
@@ -508,6 +619,22 @@ modify_environment (const struct passwd
xsetenv ("SHELL", shell, 1);
if (getlogindefs_bool ("ALWAYS_SET_PATH", 0))
set_path(pw);
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new, 1);
+ free (new);
+ }
+ }
if (pw->pw_uid)
{

View File

@ -1,51 +0,0 @@
From 10389b1e4535dda7d27e5ab39d3d4f9d7868a5c9 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 28 May 2012 12:26:41 +0200
Subject: [PATCH] mount: (new) add loopdev specific error message
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -354,6 +354,9 @@ try_readonly:
return MOUNT_EX_SUCCESS; /* mount(2) success */
}
+ mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */
+ mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */
+
if (!mnt_context_syscall_called(cxt)) {
/*
* libmount errors (extra library checks)
@@ -382,7 +385,15 @@ try_readonly:
else
warnx(_("mount source not defined"));
return MOUNT_EX_USAGE;
-
+ case -MNT_ERR_LOOPDEV:
+ if (errno == ENOENT
+ && (uflags & MNT_MS_ENCRYPTION)
+ && src && stat(src, &st) == 0)
+ warnx(_("%s: failed to setup loop device "
+ "(probably unknown encryption type)"), src);
+ else
+ warn(_("%s: failed to setup loop device"), src);
+ return MOUNT_EX_FAIL;
default:
return handle_generic_errors(rc, _("%s: mount failed"),
tgt ? tgt : src);
@@ -406,8 +417,6 @@ try_readonly:
*/
syserr = mnt_context_get_syscall_errno(cxt);
- mnt_context_get_mflags(cxt, &mflags); /* mount(2) flags */
- mnt_context_get_user_mflags(cxt, &uflags); /* userspace flags */
switch(syserr) {
case EPERM:

View File

@ -1,25 +0,0 @@
From e26de525e21677c680d87f63e4dafbe4859365bf Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 14 Jun 2012 14:43:21 +0200
Subject: [PATCH] mount: (new) allow sloppy for non-root
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=825836
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -732,7 +732,7 @@ int main(int argc, char **argv)
longopts, NULL)) != -1) {
/* only few options are allowed for non-root users */
- if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpri", c))
+ if (mnt_context_is_restricted(cxt) && !strchr("hlLUVvpris", c))
exit_non_root(option_to_longopt(c, longopts));
switch(c) {

View File

@ -1,46 +0,0 @@
From 58f108ef2b9c8cc0362e7781a72e5e921dc383b3 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 17 Apr 2012 11:36:36 +0200
Subject: [PATCH] mount: (new) improve error messages
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 15 +++++++--------
1 files changed, 7 insertions(+), 8 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -367,16 +367,13 @@ try_readonly:
return MOUNT_EX_USAGE;
}
- /*
- * TODO: add mnt_context_fstab_applied() to check if we found
- * target/source in the file.
- */
- if (!tgt) {
- if (mflags & MS_REMOUNT)
- warnx(_("%s not mounted"), src ? src : tgt);
- else
+ if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
+ if (!mnt_context_fstab_applied(cxt))
warnx(_("can't find %s in %s"), src ? src : tgt,
mnt_get_fstab_path());
+ else if (mflags & MS_REMOUNT)
+ warnx(_("%s not mounted"), src ? src : tgt);
+
return MOUNT_EX_USAGE;
}
@@ -485,6 +482,8 @@ try_readonly:
case EINVAL:
if (mflags & MS_REMOUNT)
warnx(_("%s not mounted or bad option"), tgt);
+ else if (mflags & MS_PROPAGATION)
+ warnx(_("%s is not mountpoint or bad option"), tgt);
else
warnx(_("wrong fs type, bad option, bad superblock on %s,\n"
" missing codepage or helper program, or other error"),

View File

@ -1,56 +0,0 @@
From ba24923e97e099668b8c96dba9596c90cb58c417 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 24 Apr 2012 11:59:18 +0200
Subject: [PATCH] mount: (new) use MNT_ERR_ for error messages
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/mount.c | 27 +++++++++++++--------------
1 files changed, 13 insertions(+), 14 deletions(-)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -365,29 +365,28 @@ try_readonly:
case -EBUSY:
warnx(_("%s is already mounted"), src);
return MOUNT_EX_USAGE;
- }
-
- if (!tgt || (!src && !(mflags & MS_PROPAGATION))) {
- if (!mnt_context_fstab_applied(cxt))
+ case -MNT_ERR_NOFSTAB:
warnx(_("can't find %s in %s"), src ? src : tgt,
mnt_get_fstab_path());
- else if (mflags & MS_REMOUNT)
- warnx(_("%s not mounted"), src ? src : tgt);
-
return MOUNT_EX_USAGE;
- }
-
- if (!mnt_context_get_fstype(cxt)) {
+ case -MNT_ERR_NOFSTYPE:
if (restricted)
warnx(_("I could not determine the filesystem type, "
"and none was specified"));
else
warnx(_("you must specify the filesystem type"));
return MOUNT_EX_USAGE;
- }
+ case -MNT_ERR_NOSOURCE:
+ if (src)
+ warnx(_("can't find %s"), src);
+ else
+ warnx(_("mount source not defined"));
+ return MOUNT_EX_USAGE;
+
+ default:
return handle_generic_errors(rc, _("%s: mount failed"),
tgt ? tgt : src);
-
+ }
} else if (mnt_context_get_syscall_errno(cxt) == 0) {
/*
* mount(2) syscall success, but something else failed

View File

@ -1,102 +0,0 @@
From 5ebbc3865d1e53ef42e5f121c41faab23dd59075 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 14:30:22 +0100
Subject: [PATCH] mount: sanitize paths from non-root users
$ mount /root/.ssh/../../dev/sda2
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
this is too promiscuous. It seems better to ignore on command line
specified paths which are not resolve-able for non-root users.
Fixed version:
$ mount /root/.ssh/../../dev/sda2
mount: /root/.ssh/../../dev/sda2: Permission denied
$ mount /dev/sda2
mount: only root can mount UUID=17bc65ec-4125-4e7c-8a7d-e2795064c736 on /boot
Note that this bug has no relation to mount(2) permissions evaluation
in suid mode. The way how non-root user specifies paths on command
line is completely irrelevant for comparison with fstab entries.
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/Makefile.am | 1 +
sys-utils/mount.c | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 36 insertions(+)
Index: util-linux-2.21.2/sys-utils/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
+++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -64,6 +64,7 @@ dist_man_MANS += mount.8 ../mount/fstab.
mount_SOURCES = mount.c \
$(top_srcdir)/lib/env.c \
$(top_srcdir)/lib/xgetpass.c \
+ $(top_srcdir)/lib/canonicalize.c \
$(top_srcdir)/lib/strutils.c
mount_LDADD = $(ul_libmount_la) $(SELINUX_LIBS)
Index: util-linux-2.21.2/sys-utils/mount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/mount.c
+++ util-linux-2.21.2/sys-utils/mount.c
@@ -38,6 +38,7 @@
#include "strutils.h"
#include "exitcodes.h"
#include "xalloc.h"
+#include "canonicalize.h"
/*** TODO: DOCS:
*
@@ -572,6 +573,37 @@ static struct libmnt_table *append_fstab
return fstab;
}
+/*
+ * Check source and target paths -- non-root user should not be able to
+ * resolve paths which are unreadable for him.
+ */
+static void sanitize_paths(struct libmnt_context *cxt)
+{
+ const char *p;
+ struct libmnt_fs *fs = mnt_context_get_fs(cxt);
+
+ if (!fs)
+ return;
+
+ p = mnt_fs_get_target(fs);
+ if (p) {
+ char *np = canonicalize_path_restricted(p);
+ if (!np)
+ err(MOUNT_EX_USAGE, "%s", p);
+ mnt_fs_set_target(fs, np);
+ free(np);
+ }
+
+ p = mnt_fs_get_srcpath(fs);
+ if (p) {
+ char *np = canonicalize_path_restricted(p);
+ if (!np)
+ err(MOUNT_EX_USAGE, "%s", p);
+ mnt_fs_set_source(fs, np);
+ free(np);
+ }
+}
+
static void __attribute__((__noreturn__)) usage(FILE *out)
{
fputs(USAGE_HEADER, out);
@@ -880,6 +912,9 @@ int main(int argc, char **argv)
} else
usage(stderr);
+ if (mnt_context_is_restricted(cxt))
+ sanitize_paths(cxt);
+
if (oper) {
/* MS_PROPAGATION operations, let's set the mount flags */
mnt_context_set_mflags(cxt, oper);

11
su.default Normal file
View File

@ -0,0 +1,11 @@
# Per default, only "su -" will set a new PATH.
# If this variable is changed to "yes" (default is "no"),
# every su call will overwrite the PATH variable.
ALWAYS_SET_PATH=no
# Default path.
PATH=/usr/local/bin:/bin:/usr/bin
# Default path for a user invoking su to root.
SUPATH=/usr/sbin:/bin:/usr/bin:/sbin

8
su.pamd Normal file
View File

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so

View File

@ -1,84 +0,0 @@
From cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 26 Nov 2012 16:25:46 +0100
Subject: [PATCH] umount: sanitize paths from non-root users
Signed-off-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Petr Uzel <petr.uzel@suse.cz>
---
sys-utils/Makefile.am | 4 +++-
sys-utils/umount.c | 32 ++++++++++++++++++++++++++++++--
2 files changed, 33 insertions(+), 3 deletions(-)
Index: util-linux-2.21.2/sys-utils/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/sys-utils/Makefile.am
+++ util-linux-2.21.2/sys-utils/Makefile.am
@@ -71,7 +71,9 @@ mount_LDADD = $(ul_libmount_la) $(SELINU
mount_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
mount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-umount_SOURCES = umount.c $(top_srcdir)/lib/env.c
+umount_SOURCES = umount.c \
+ $(top_srcdir)/lib/env.c \
+ $(top_srcdir)/lib/canonicalize.c
umount_LDADD = $(ul_libmount_la)
umount_CFLAGS = $(AM_CFLAGS) $(SUID_CFLAGS) -I$(ul_libmount_incdir)
umount_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
Index: util-linux-2.21.2/sys-utils/umount.c
===================================================================
--- util-linux-2.21.2.orig/sys-utils/umount.c
+++ util-linux-2.21.2/sys-utils/umount.c
@@ -34,6 +34,7 @@
#include "env.h"
#include "optutils.h"
#include "exitcodes.h"
+#include "canonicalize.h"
static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)),
const char *filename, int line)
@@ -277,6 +278,24 @@ static int umount_one(struct libmnt_cont
return rc;
}
+/*
+ * Check path -- non-root user should not be able to resolve path which is
+ * unreadable for him.
+ */
+static char *sanitize_path(const char *path)
+{
+ char *p;
+
+ if (!path)
+ return NULL;
+
+ p = canonicalize_path_restricted(path);
+ if (!p)
+ err(MOUNT_EX_USAGE, "%s", path);
+
+ return p;
+}
+
int main(int argc, char **argv)
{
int c, rc = 0, all = 0;
@@ -388,8 +407,17 @@ int main(int argc, char **argv)
} else if (argc < 1) {
usage(stderr);
- } else while (argc--)
- rc += umount_one(cxt, *argv++);
+ } else while (argc--) {
+ char *path = *argv++;
+
+ if (mnt_context_is_restricted(cxt))
+ path = sanitize_path(path);
+
+ rc += umount_one(cxt, path);
+
+ if (mnt_context_is_restricted(cxt))
+ free(path);
+ }
mnt_free_context(cxt);
return rc;

View File

@ -1,20 +0,0 @@
Index: util-linux-2.21-rc2/fdisk/fdisk.c
===================================================================
--- util-linux-2.21-rc2.orig/fdisk/fdisk.c
+++ util-linux-2.21-rc2/fdisk/fdisk.c
@@ -1767,6 +1767,7 @@ static void check_consistency(struct par
/* compute logical ending (c, h, s) */
long2chs(get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
+#if 0
/* Same physical / logical beginning? */
if (cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) {
printf(_("Partition %d has different physical/logical "
@@ -1783,7 +1784,6 @@ static void check_consistency(struct par
printf(_("logical=(%d, %d, %d)\n"),lec, leh, les);
}
-#if 0
/* Beginning on cylinder boundary? */
if (pbh != !pbc || pbs != 1) {
printf(_("Partition %i does not start on cylinder "

View File

@ -1,13 +0,0 @@
Index: util-linux-2.21.2/libmount/src/Makefile.am
===================================================================
--- util-linux-2.21.2.orig/libmount/src/Makefile.am
+++ util-linux-2.21.2/libmount/src/Makefile.am
@@ -30,7 +30,7 @@ nodist_libmount_la_SOURCES = mountP.h
libmount_la_LIBADD = $(ul_libblkid_la) $(SELINUX_LIBS)
-libmount_la_DEPENDENCIES = $(libmount_la_LIBADD) libmount.sym libmount.h.in
+libmount_la_DEPENDENCIES = $(ul_libblkid_la) libmount.sym libmount.h.in
libmount_la_LDFLAGS = -Wl,--version-script=$(ul_libmount_srcdir)/libmount.sym \
-version-info $(LIBMOUNT_VERSION_INFO)

View File

@ -1,13 +0,0 @@
Index: util-linux-2.21.2/libmount/src/context_loopdev.c
===================================================================
--- util-linux-2.21.2.orig/libmount/src/context_loopdev.c
+++ util-linux-2.21.2/libmount/src/context_loopdev.c
@@ -199,6 +199,8 @@ int mnt_context_setup_loopdev(struct lib
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+ // XXX: nasty for the lib but there's on better way to give a hint atm
+ fprintf(stderr, "mount: encryption no longer supported. Please use /etc/crypttab instead (man 5 crypttab)\n");
rc = -EINVAL;
}

View File

@ -1,535 +0,0 @@
From e1f7680ca45c5173f7853feb76dd093cec8d17ad Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Fri, 15 Jun 2012 09:38:36 +0200
Subject: [PATCH] remove obsolete encryption support from losetup
kernel cryptoloop is deprecated since ages and support for cryptoloop in
util-linux is incomplete/broken.
- no password hashing
- last 8 bit of key are always set to zero
- no binary keys possible (stops reading key at \n and \0)
In the past some Distros added the above features with patches. So
remove cryptoloop support from util-linux completely to make sure
people won't try using it.
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
include/loopdev.h | 3 --
lib/loopdev.c | 56 ----------------------------------------
libmount/src/context_loopdev.c | 22 +++-------------
mount/mount.8 | 9 +-----
mount/mount.c | 20 +++++---------
sys-utils/losetup.8 | 29 ++------------------
sys-utils/losetup.c | 30 +++++----------------
sys-utils/mount.8 | 7 +----
sys-utils/mount.c | 34 +-----------------------
9 files changed, 25 insertions(+), 185 deletions(-)
diff --git a/include/loopdev.h b/include/loopdev.h
index 906bee0..030f215 100644
--- a/include/loopdev.h
+++ b/include/loopdev.h
@@ -165,9 +165,6 @@ int loopcxt_set_offset(struct loopdev_cxt *lc, uint64_t offset);
int loopcxt_set_sizelimit(struct loopdev_cxt *lc, uint64_t sizelimit);
int loopcxt_set_flags(struct loopdev_cxt *lc, uint32_t flags);
int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename);
-int loopcxt_set_encryption(struct loopdev_cxt *lc,
- const char *encryption,
- const char *password);
extern char *loopcxt_get_backing_file(struct loopdev_cxt *lc);
extern int loopcxt_get_backing_devno(struct loopdev_cxt *lc, dev_t *devno);
diff --git a/lib/loopdev.c b/lib/loopdev.c
index fd3f9ba..807984e 100644
--- a/lib/loopdev.c
+++ b/lib/loopdev.c
@@ -963,62 +963,6 @@ int loopcxt_set_backing_file(struct loopdev_cxt *lc, const char *filename)
return 0;
}
-static int digits_only(const char *s)
-{
- while (*s)
- if (!isdigit(*s++))
- return 0;
- return 1;
-}
-
-/*
- * @lc: context
- * @encryption: encryption name / type (see lopsetup man page)
- * @password
- *
- * Note that the encryption functionality is deprecated an unmaintained. Use
- * cryptsetup (it also supports AES-loops).
- *
- * The setting is removed by loopcxt_set_device() loopcxt_next()!
- *
- * Returns: 0 on success, <0 on error.
- */
-int loopcxt_set_encryption(struct loopdev_cxt *lc,
- const char *encryption,
- const char *password)
-{
- if (!lc)
- return -EINVAL;
-
- DBG(lc, loopdev_debug("setting encryption '%s'", encryption));
-
- if (encryption && *encryption) {
- if (digits_only(encryption)) {
- lc->info.lo_encrypt_type = atoi(encryption);
- } else {
- lc->info.lo_encrypt_type = LO_CRYPT_CRYPTOAPI;
- snprintf((char *)lc->info.lo_crypt_name, LO_NAME_SIZE,
- "%s", encryption);
- }
- }
-
- switch (lc->info.lo_encrypt_type) {
- case LO_CRYPT_NONE:
- lc->info.lo_encrypt_key_size = 0;
- break;
- default:
- DBG(lc, loopdev_debug("setting encryption key"));
- memset(lc->info.lo_encrypt_key, 0, LO_KEY_SIZE);
- strncpy((char *)lc->info.lo_encrypt_key, password, LO_KEY_SIZE);
- lc->info.lo_encrypt_key[LO_KEY_SIZE - 1] = '\0';
- lc->info.lo_encrypt_key_size = LO_KEY_SIZE;
- break;
- }
-
- DBG(lc, loopdev_debug("encryption successfully set"));
- return 0;
-}
-
/*
* @cl: context
*
diff --git a/libmount/src/context_loopdev.c b/libmount/src/context_loopdev.c
index 023c952..863ee3d 100644
--- a/libmount/src/context_loopdev.c
+++ b/libmount/src/context_loopdev.c
@@ -7,7 +7,6 @@
/*
* DOCS: - "lo@" prefix for fstype is unsupported
- * - encyption= mount option for loop device is unssuported
*/
#include <blkid.h>
@@ -35,8 +34,7 @@ int mnt_context_is_loopdev(struct libmnt_context *cxt)
if (cxt->user_mountflags & (MNT_MS_LOOP |
MNT_MS_OFFSET |
- MNT_MS_SIZELIMIT |
- MNT_MS_ENCRYPTION)) {
+ MNT_MS_SIZELIMIT)) {
DBG(CXT, mnt_debug_h(cxt, "loopdev specific options detected"));
return 1;
@@ -134,7 +132,7 @@ static int is_mounted_same_loopfile(struct libmnt_context *cxt,
int mnt_context_setup_loopdev(struct libmnt_context *cxt)
{
const char *backing_file, *optstr, *loopdev = NULL;
- char *val = NULL, *enc = NULL, *pwd = NULL;
+ char *val = NULL;
size_t len;
struct loopdev_cxt lc;
int rc = 0, lo_flags = 0;
@@ -200,13 +198,8 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
*/
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
- enc = strndup(val, len);
- if (val && !enc)
- rc = -ENOMEM;
- if (enc && cxt->pwd_get_cb) {
- DBG(CXT, mnt_debug_h(cxt, "asking for pass"));
- pwd = cxt->pwd_get_cb(cxt);
- }
+ DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+ rc = -EINVAL;
}
if (rc == 0 && is_mounted_same_loopfile(cxt,
@@ -245,8 +238,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
rc = loopcxt_set_offset(&lc, offset);
if (!rc && sizelimit)
rc = loopcxt_set_sizelimit(&lc, sizelimit);
- if (!rc && enc && pwd)
- loopcxt_set_encryption(&lc, enc, pwd);
if (!rc)
loopcxt_set_flags(&lc, lo_flags);
if (rc) {
@@ -298,11 +289,6 @@ int mnt_context_setup_loopdev(struct libmnt_context *cxt)
loopcxt_set_fd(&lc, -1, 0);
}
done:
- free(enc);
- if (pwd && cxt->pwd_release_cb) {
- DBG(CXT, mnt_debug_h(cxt, "release pass"));
- cxt->pwd_release_cb(cxt, pwd);
- }
loopcxt_deinit(&lc);
return rc;
}
diff --git a/mount/mount.8 b/mount/mount.8
index 789d9fe..0644e8e 100644
--- a/mount/mount.8
+++ b/mount/mount.8
@@ -535,11 +535,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
file. This option can be used together with the
.B \-f
flag for already canonicalized absolut paths.
-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
-In case of a loop mount with encryption, read the passphrase from
-file descriptor
-.I num
-instead of from the terminal.
.IP "\fB\-s\fP"
Tolerate sloppy mount options rather than failing. This will ignore
mount options not supported by a filesystem type. Not all filesystems
@@ -2708,8 +2703,8 @@ not specified or the filesystem is known for libblkid, for example:
.B "mount -t ext3 /tmp/disk.img /mnt"
.sp
.RE
-This type of mount knows about four options, namely
-.BR loop ", " offset ", " sizelimit " and " encryption ,
+This type of mount knows about three options, namely
+.BR loop ", " offset ", " sizelimit " ,
that are really options to
.BR \%losetup (8).
(These options can be used in addition to those specific
diff --git a/mount/mount.c b/mount/mount.c
index 396f357..b69fd61 100644
--- a/mount/mount.c
+++ b/mount/mount.c
@@ -83,9 +83,6 @@ static int mounttype = 0;
/* True if (ruid != euid) or (0 != ruid), i.e. only "user" mounts permitted. */
static int restricted = 1;
-/* Contains the fd to read the passphrase from, if any. */
-static int pfd = -1;
-
#ifdef HAVE_LIBMOUNT_MOUNT
static struct libmnt_update *mtab_update;
static char *mtab_opts;
@@ -1262,7 +1259,7 @@ loop_check(const char **spec, const char **type, int *flags,
*type = opt_vfstype;
}
- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit || opt_encryption);
+ *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_sizelimit);
*loopfile = *spec;
/* Automatically create a loop device from a regular file if a filesystem
@@ -1317,6 +1314,11 @@ loop_check(const char **spec, const char **type, int *flags,
return EX_FAIL;
}
+ if (opt_encryption) {
+ error("mount: %s", _("encryption not supported, use cryptsetup(8) instead"));
+ return EX_FAIL;
+ }
+
loopcxt_init(&lc, 0);
/* loopcxt_enable_debug(&lc, 1); */
@@ -1525,14 +1527,6 @@ update_mtab_entry(const char *spec, const char *node, const char *type,
#endif /* !HAVE_LIBMOUNT_MOUNT */
static void
-set_pfd(char *s) {
- if (!isdigit(*s))
- die(EX_USAGE,
- _("mount: argument to -p or --pass-fd must be a number"));
- pfd = atoi(optarg);
-}
-
-static void
cdrom_setspeed(const char *spec) {
#define CDROM_SELECT_SPEED 0x5322 /* Set the CD-ROM speed */
if (opt_speed) {
@@ -2579,7 +2573,7 @@ main(int argc, char *argv[]) {
test_opts = append_opt(test_opts, optarg, NULL);
break;
case 'p': /* fd on which to read passwd */
- set_pfd(optarg);
+ error("mount: %s", _("--pass-fd is no longer supported"));
break;
case 'r': /* mount readonly */
readonly = 1;
diff --git a/sys-utils/losetup.8 b/sys-utils/losetup.8
index f50b072..8c69689 100644
--- a/sys-utils/losetup.8
+++ b/sys-utils/losetup.8
@@ -40,8 +40,6 @@ Setup loop device:
.sp
.in +5
.B losetup
-.RB [{ \-e | \-E }
-.IR encryption ]
.RB [ \-o
.IR offset ]
.RB [ \-\-sizelimit
@@ -82,8 +80,6 @@ force loop driver to reread size of the file associated with the specified loop
detach the file or device associated with the specified loop device(s)
.IP "\fB\-D, \-\-detach-all\fP"
detach all associated loop devices
-.IP "\fB\-e, \-E, \-\-encryption \fIencryption_type\fP"
-enable data encryption with specified name or number
.IP "\fB\-f, \-\-find\fP"
find the first unused loop device. If a
.I file
@@ -98,10 +94,6 @@ the data start is moved \fIoffset\fP bytes into the specified file or
device
.IP "\fB\-\-sizelimit \fIsize\fP"
the data end is set to no more than \fIsize\fP bytes after the data start
-.IP "\fB\-p, \-\-pass-fd \fInum\fP"
-read the passphrase from file descriptor with number
-.I num
-instead of from the terminal
.IP "\fB\-P, \-\-partscan\fP"
force kernel to scan partition table on newly created loop device
.IP "\fB\-r, \-\-read-only\fP"
@@ -116,25 +108,10 @@ argument are present.
verbose mode
.SH ENCRYPTION
-.B Cryptoloop is deprecated in favor of dm-crypt. For more details see
-.B cryptsetup (8). It is possible that all bug reports regarding to -E/-e
-.B options will be ignored.
-
-
-It is possible to specify transfer functions (for encryption/decryption
-or other purposes) using one of the
-.B \-E
+Cryptoloop is no longer supported in favor of dm-crypt. For more details see
+.B cryptsetup (8)
and
-.B \-e
-options.
-There are two mechanisms to specify the desired encryption: by number
-and by name. If an encryption is specified by number then one
-has to make sure that the Linux kernel knows about the encryption with that
-number, probably by patching the kernel. Standard numbers that are
-always present are 0 (no encryption) and 1 (XOR encryption).
-When the cryptoloop module is loaded (or compiled in), it uses number 18.
-This cryptoloop module will take the name of an arbitrary encryption type
-and find the module that knows how to perform that encryption.
+.B crypttab (5).
.SH RETURN VALUE
.B losetup
diff --git a/sys-utils/losetup.c b/sys-utils/losetup.c
index 9f03151..2513253 100644
--- a/sys-utils/losetup.c
+++ b/sys-utils/losetup.c
@@ -18,7 +18,6 @@
#include "nls.h"
#include "strutils.h"
#include "loopdev.h"
-#include "xgetpass.h"
enum {
A_CREATE = 1, /* setup a new device */
@@ -164,10 +163,8 @@ static void usage(FILE *out)
" -j, --associated <file> list all devices associated with <file>\n"), out);
fputs(USAGE_SEPARATOR, out);
- fputs(_(" -e, --encryption <type> enable encryption with specified <name/num>\n"
- " -o, --offset <num> start at offset <num> into file\n"
+ fputs(_(" -o, --offset <num> start at offset <num> into file\n"
" --sizelimit <num> device limited to <num> bytes of the file\n"
- " -p, --pass-fd <num> read passphrase from file descriptor <num>\n"
" -P, --partscan create partitioned loop device\n"
" -r, --read-only setup read-only loop device\n"
" --show print device name after setup (with -f)\n"
@@ -185,8 +182,8 @@ static void usage(FILE *out)
int main(int argc, char **argv)
{
struct loopdev_cxt lc;
- int act = 0, flags = 0, passfd = -1, c;
- char *file = NULL, *encryption = NULL;
+ int act = 0, flags = 0, c;
+ char *file = NULL;
uint64_t offset = 0, sizelimit = 0;
int res = 0, showdev = 0, lo_flags = 0;
@@ -249,7 +246,7 @@ int main(int argc, char **argv)
break;
case 'E':
case 'e':
- encryption = optarg;
+ errx(EXIT_FAILURE, _("encryption not supported, use cryptsetup(8) instead"));
break;
case 'f':
act = A_FIND_FREE;
@@ -268,8 +265,7 @@ int main(int argc, char **argv)
flags |= LOOPDEV_FL_OFFSET;
break;
case 'p':
- passfd = strtol_or_err(optarg,
- _("invalid passphrase file descriptor"));
+ warn(_("--pass-fd is no longer supported"));
break;
case 'P':
lo_flags |= LO_FLAGS_PARTSCAN;
@@ -327,10 +323,10 @@ int main(int argc, char **argv)
}
if (act != A_CREATE &&
- (encryption || sizelimit || passfd != -1 || lo_flags || showdev))
+ (sizelimit || lo_flags || showdev))
errx(EXIT_FAILURE,
_("the options %s are allowed to loop device setup only"),
- "--{encryption,sizelimit,pass-fd,read-only,show}");
+ "--{sizelimit,read-only,show}");
if ((flags & LOOPDEV_FL_OFFSET) &&
act != A_CREATE && (act != A_SHOW || !file))
@@ -339,16 +335,8 @@ int main(int argc, char **argv)
switch (act) {
case A_CREATE:
{
- char *pass = NULL;
int hasdev = loopcxt_has_device(&lc);
- if (encryption) {
-#ifdef MCL_FUTURE
- if(mlockall(MCL_CURRENT | MCL_FUTURE))
- err(EXIT_FAILURE, _("couldn't lock into memory"));
-#endif
- pass = xgetpass(passfd, _("Password: "));
- }
do {
/* Note that loopcxt_{find_unused,set_device}() resets
* loopcxt struct.
@@ -357,8 +345,6 @@ int main(int argc, char **argv)
warnx(_("not found unused device"));
break;
}
- if (encryption && pass)
- loopcxt_set_encryption(&lc, encryption, pass);
if (flags & LOOPDEV_FL_OFFSET)
loopcxt_set_offset(&lc, offset);
if (flags & LOOPDEV_FL_SIZELIMIT)
@@ -379,8 +365,6 @@ int main(int argc, char **argv)
}
} while (hasdev == 0);
- free(pass);
-
if (showdev && res == 0)
printf("%s\n", loopcxt_get_device(&lc));
break;
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index 4f8af0a..73f5170 100644
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -528,11 +528,6 @@ Don't canonicalize paths. The mount command canonicalizes all paths
file. This option can be used together with the
.B \-f
flag for already canonicalized absolut paths.
-.IP "\fB\-p, \-\-pass\-fd \fInum\fP"
-In case of a loop mount with encryption, read the passphrase from
-file descriptor
-.I num
-instead of from the terminal.
.IP "\fB\-s\fP"
Tolerate sloppy mount options rather than failing. This will ignore
mount options not supported by a filesystem type. Not all filesystems
@@ -2715,7 +2710,7 @@ not specified or the filesystem is known for libblkid, for example:
.sp
.RE
This type of mount knows about four options, namely
-.BR loop ", " offset ", " sizelimit " and " encryption ,
+.BR loop ", " offset ", " sizelimit ",
that are really options to
.BR \%losetup (8).
(These options can be used in addition to those specific
diff --git a/sys-utils/mount.c b/sys-utils/mount.c
index 7f2d5d8..031fd31 100644
--- a/sys-utils/mount.c
+++ b/sys-utils/mount.c
@@ -36,7 +36,6 @@
#include "env.h"
#include "optutils.h"
#include "strutils.h"
-#include "xgetpass.h"
#include "exitcodes.h"
#include "xalloc.h"
@@ -49,7 +48,6 @@
* --options-source-force MNT_OMODE_FORCE
*/
-static int passfd = -1;
static int readwrite;
static int mk_exit_code(struct libmnt_context *cxt, int rc);
@@ -103,32 +101,6 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__)
return 0;
}
-static char *encrypt_pass_get(struct libmnt_context *cxt)
-{
- if (!cxt)
- return 0;
-
-#ifdef MCL_FUTURE
- if (mlockall(MCL_CURRENT | MCL_FUTURE)) {
- warn(_("couldn't lock into memory"));
- return NULL;
- }
-#endif
- return xgetpass(passfd, _("Password: "));
-}
-
-static void encrypt_pass_release(struct libmnt_context *cxt
- __attribute__((__unused__)), char *pwd)
-{
- char *p = pwd;
-
- while (p && *p)
- *p++ = '\0';
-
- free(pwd);
- munlockall();
-}
-
static void print_all(struct libmnt_context *cxt, char *pattern, int show_label)
{
struct libmnt_table *tb;
@@ -616,7 +588,6 @@ static void __attribute__((__noreturn__)) usage(FILE *out)
fprintf(out, _(
" -o, --options <list> comma-separated list of mount options\n"
" -O, --test-opts <list> limit the set of filesystems (use with -a)\n"
- " -p, --pass-fd <num> read the passphrase from file descriptor\n"
" -r, --read-only mount the filesystem read-only (same as -o ro)\n"
" -t, --types <list> limit the set of filesystem types\n"));
fprintf(out, _(
@@ -782,8 +753,7 @@ int main(int argc, char **argv)
err(MOUNT_EX_SYSERR, _("failed to set options pattern"));
break;
case 'p':
- passfd = strtol_or_err(optarg,
- _("invalid passphrase file descriptor"));
+ warnx(_("--pass-fd is no longer supported"));
break;
case 'L':
case 'U':
@@ -864,8 +834,6 @@ int main(int argc, char **argv)
else if (types)
mnt_context_set_fstype(cxt, types);
- mnt_context_set_passwd_cb(cxt, encrypt_pass_get, encrypt_pass_release);
-
if (all) {
/*
* A) Mount all
--
1.7.7

BIN
util-linux-2.21.2.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@ -0,0 +1,13 @@
--- util-linux-2.23.1/sys-utils/Makemodule.am
+++ util-linux-2.23.1/sys-utils/Makemodule.am 2013-06-05 12:55:10.921439066 +0000
@@ -142,8 +142,8 @@ endif # LINUX
if BUILD_EJECT
usrbin_exec_PROGRAMS += eject
eject_SOURCES = sys-utils/eject.c
-eject_LDADD = $(LDADD) libmount.la libcommon.la
-eject_CFLAGS = $(AM_CFLAGS) -I$(ul_libmount_incdir)
+eject_LDADD = $(SUID_LDFLAGS) $(LDADD) libmount.la libcommon.la
+eject_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) -I$(ul_libmount_incdir)
dist_man_MANS += sys-utils/eject.1
endif

View File

@ -0,0 +1,20 @@
--- util-linux-2.23.1/fdisks/fdiskdoslabel.c
+++ util-linux-2.23.1/fdisks/fdiskdoslabel.c 2013-06-05 10:11:14.121939007 +0000
@@ -817,7 +817,7 @@ static void check_consistency(struct fdi
/* compute logical ending (c, h, s) */
long2chs(cxt, get_start_sect(p) + get_nr_sects(p) - 1, &lec, &leh, &les);
-
+#if 0
/* Same physical / logical beginning? */
if (cxt->geom.cylinders <= 1024 && (pbc != lbc || pbh != lbh || pbs != lbs)) {
printf(_("Partition %zd has different physical/logical "
@@ -833,7 +833,7 @@ static void check_consistency(struct fdi
printf(_(" phys=(%d, %d, %d) "), pec, peh, pes);
printf(_("logical=(%d, %d, %d)\n"),lec, leh, les);
}
-
+#endif
/* Ending on cylinder boundary? */
if (peh != (cxt->geom.heads - 1) || pes != cxt->geom.sectors) {
printf(_("Partition %zd does not end on cylinder boundary.\n"),

View File

@ -0,0 +1,12 @@
--- util-linux-2.23.1/libmount/src/context_loopdev.c
+++ util-linux-2.23.1/libmount/src/context_loopdev.c 2013-06-05 09:44:37.081939564 +0000
@@ -213,6 +213,9 @@ int mnt_context_setup_loopdev(struct lib
if (rc == 0 && (cxt->user_mountflags & MNT_MS_ENCRYPTION) &&
mnt_optstr_get_option(optstr, "encryption", &val, &len) == 0) {
DBG(CXT, mnt_debug_h(cxt, "encryption no longer supported"));
+ // XXX: nasty for the lib but there's on better way to give a hint atm
+ fprintf(stderr, "mount: encryption no longer supported.\n"
+ " Please use /etc/crypttab instead (man 5 crypttab)\n");
rc = -MNT_ERR_MOUNTOPT;
}

BIN
util-linux-2.23.1.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -4,4 +4,10 @@ addFilter("incoherent-init-script-name raw")
addFilter("no-reload-entry /etc/init.d/raw")
# There is no egrep(1) used -> False positive
addFilter("deprecated-grep")
# Both pam configs for su and su-l are marked as noreplace
addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*")
# Useless warning as the /usr/bin variants are known
addFilter(".*W:.*permissions-symlink.*/bin/su.*")
addFilter(".*W:.*permissions-symlink.*/bin/umount.*")
addFilter(".*W:.*permissions-symlink.*/bin/mount.*")

View File

@ -1,3 +1,75 @@
-------------------------------------------------------------------
Fri Jun 7 00:13:25 UTC 2013 - mail@bernhard-voelker.de
- util-linux.spec: work around su(1) PAM problems based on su(1)
being provided by both the coreutils and the util-linux package.
Fix macro typo in %post and %verifyscript sections related to su(1):
s/sysvinit_tools/enable_su/
-------------------------------------------------------------------
Thu Jun 6 08:27:43 UTC 2013 - werner@suse.de
- Add make-sure-sbin-resp-usr-sbin-are-in-PATH.diff, that is include
the old "let `su' handle /sbin and /usr/sbin in path"
- Provide the new eject utility to avoid file conflict with old
eject package
-------------------------------------------------------------------
Wed Jun 5 12:30:45 UTC 2013 - werner@suse.de
- Update to util-linux-2.23.1
+ Release highlights (2.22)
su(1):
* has been merged from coreutils into util-linux
* utils-linux version uses /etc/pam.d/su-l PAM config file for --login
(e.g. "su -") session.
sulogin(8):
* has been merged from sysvinit into util-linux
utmpdump(1):
* has been merged from sysvinit into util-linux
eject(1):
* has been merged from inactive upstream from sf.net and Fedora into util-linux
* supports new options --manualeject, --force and --no-partitions-unmount
lslocks(1)
* this NEW COMMAND prints local system locks and it's replacement to very
long time unmaintained lslk(1)
wdctl(8):
* this NEW COMMAND shows hardware watchdog status
libuuid:
* does NOT EXECUTE uuidd on demand, the daemon has to be started by
init scripts / systemd
uuidd:
* supports socket activation (for systemd)
* supports new options -no-fork, --no-pid and --socket-activation
+ Release highlights (2.23)
blkdiscard(8):
* this NEW COMMAND discard sectors on a device (for example on SSD disks)
sulogin(8):
* provides multi-console feature from SysVinit
- Removed following patches now upstream
* 0001-Test-for-secure_getenv-too.patch
* 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
* add-canonicalize_path_restricted.patch
* fdiskbsdlabel.patch
* libmount-add-MNT_ERR_LOOPDEV.patch
* libmount-add-special-MNT_ERR-codes.patch
* libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
* login-close-tty-before-vhangup.patch
* mount-new-add-loopdev-specific-error-message.patch
* mount-new-allow-sloppy-for-non-root.patch
* mount-new-improve-error-messages.patch
* mount-new-use-MNT_ERR-for-error-messages.patch
* mount-sanitize-paths-from-non-root-users.patch
* util-linux-2.21.2-noenc.diff
* umount-sanitize-paths-from-non-root-users.patch
- Removed following patch which otherwise cause to break build
* util-linux-2.20-libmount-deps.patch
- Refreshed following patches with updating version string
* util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
* util-linux-2.23.1-noenc-suse.diff
- Add util-linux-2.23.1-eject-fpie.patch to compile and link eject
with PIE
-------------------------------------------------------------------
Wed May 29 11:45:04 UTC 2013 - ihno@suse.com

View File

@ -16,6 +16,26 @@
#
#
# Following package should be fixed:
# coreutils ... do not install su and kill
# sysvinit-tools ... do not install sulogin and utmpdump
# eject ... simply drop this package
#
%bcond_without sysvinit_tools
%bcond_without enable_su
%bcond_without enable_eject
# === MOVING SU TRICKERY (0/3) START ===
# Work around su(1) PAM problems based on su(1) being provided by both the
# coreutils and the util-linux package. In the case the former is installed
# first, the latter will save the config files as ".rpmnew". When the new
# su(1)-less coreutils package is then installed, the `trickery (tm)` symlinks
# of the config files would then remain as dangling.
# This "MOVING SU TRICKERY" consists of 3 parts: 1/3, 2/3 and 3/3.
# This hack can go away when the new su-less coreutils package is out.
# === MOVING SU TRICKERY (0/3) END ===
Name: util-linux
BuildRequires: audit-devel
BuildRequires: binutils-devel
@ -28,8 +48,10 @@ BuildRequires: ncurses-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: readline-devel
BuildRequires: utempter-devel
BuildRequires: zlib-devel
Version: 2.21.2
BuildRequires: pkgconfig(systemd)
Version: 2.23.1
Release: 0
# util-linux is a base package and uuidd pre-requiring pwdutils pulls
# that into the core build cycle. pwdutils also pulls in the whole
@ -37,7 +59,7 @@ Release: 0
# make the rpm install check of uuidd happy which has support to work without
# these tools as well
#!BuildIgnore: pwdutils
Url: http://kernel.org/~kzak/util-linux/
Url: https://www.kernel.org/pub/linux/utils/util-linux/
Supplements: filesystem(minix)
Provides: fsck-with-dev-lock = %{version}
# bnc#651598:
@ -58,9 +80,11 @@ Source6: etc_filesystems
Source7: baselibs.conf
Source8: login.pamd
Source9: remote.pamd
Source10: su.pamd
Source11: su.default
# TODO: split to separate package
Source11: klogconsole.tar.bz2
# XXX: needed?
Source40: klogconsole.tar.bz2
# XXX: Run a program in a new session and with controlling tty
Source22: setctsid.c
Source23: setctsid.8
# XXX: ppc specific, still needed?
@ -76,40 +100,18 @@ Source51: blkid.conf
## util-linux patches
##
# 241372 - remove legacy warnings from fdisk
Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
Patch2: util-linux-2.20-libmount-deps.patch
Patch1: util-linux-2.23.1-fdisk_remove_bogus_warnings.patch
Patch2: util-linux-2.23.1-eject-fpie.patch
Patch3: fdisk-tinfo.patch
Patch4: mount-new-allow-sloppy-for-non-root.patch
Patch5: libmount-don-t-use-nosuid-noexec-nodev-for-cifs-user.patch
# Patches 6-10: bcn#767208 (taken from upstream
Patch6: mount-new-improve-error-messages.patch
Patch7: libmount-add-special-MNT_ERR-codes.patch
Patch8: mount-new-use-MNT_ERR-for-error-messages.patch
Patch9: libmount-add-MNT_ERR_LOOPDEV.patch
Patch10: mount-new-add-loopdev-specific-error-message.patch
# PATCH-EXTEND-UPSTREAM: Let `su' handle /sbin and /usr/sbin in path
Patch4: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
# disable encryption
Patch11: util-linux-2.21.2-noenc.diff
Patch12: util-linux-2.21.2-noenc-suse.diff
Patch13: login-close-tty-before-vhangup.patch
Patch12: util-linux-2.23.1-noenc-suse.diff
# hack for boot.localfs
Patch20: util-linux-HACK-boot.localfs.diff
Patch21: 0001-include-bitops.h-Use-the-operating-system-byteswappi.patch
#bnc#797002
Patch22: add-canonicalize_path_restricted.patch
Patch23: mount-sanitize-paths-from-non-root-users.patch
Patch24: umount-sanitize-paths-from-non-root-users.patch
#####
# There is no __secure_getenv anymore..
Patch25: 0001-Test-for-secure_getenv-too.patch
# fix fdisk compilation on aarch64
Patch26: fdiskbsdlabel.patch
##
## klogconsole
##
@ -124,12 +126,14 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %insserv_prereq %fillup_prereq /bin/sed
#
Provides: base = %{version}-%{release}
Provides: eject = %{version}-%{release}
Provides: login = 4.0-33.7
Provides: raw = %{version}-%{release}
Provides: rawio = %{version}-%{release}
Provides: util = %{version}-%{release}
Provides: uuid-runtime = %{version}-%{release}
Obsoletes: base < %{version}-%{release}
Obsoletes: eject < %{version}-%{release}
Obsoletes: login < 4.0-33.7
Obsoletes: raw < %{version}-%{release}
Obsoletes: rawio < %{version}-%{release}
@ -211,52 +215,47 @@ Files to develop applications using the libmount library.
%lang_package
%prep
%setup -q -n %{name}-%{version} -b 11
%setup -q -n %{name}-%{version} -b 40
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
#
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
#
# setctsid
cp %{S:22} %{S:23} .
cp -p %{S:22} %{S:23} .
# nologin
cp %{S:2} %{S:3} %{S:26} %{S:30} .
cp -p %{S:2} %{S:3} %{S:26} %{S:30} .
%patch60 -p1
%patch61 -p1
cd ../klogconsole
pushd ../klogconsole
%patch55 -p1
%patch56 -p1
popd
%build
pushd ../
pushd ../klogconsole
# klogconsole build
cd klogconsole
make %{?_smp_mflags} CFLAGS="%{optflags}" CC="%{__cc}"
cd ..
popd
# setctsid build
rm -f setctsid
make %{?_smp_mflags} setctsid CFLAGS="%{optflags}" CC="%{__cc}"
#
# Version check for libutempter
#
uhead=$(find %_includedir -name utempter.h 2>/dev/null)
if test -n "$uhead" && grep -q utempter_add_record "$uhead"
then
uhead=--with-utempter
else
uhead=--without-utempter
fi
#
# util-linux itself
#
autoreconf -fi
@ -264,16 +263,41 @@ export SUID_CFLAGS="-fpie"
export SUID_LDFLAGS="-pie"
%configure \
--with-audit \
--with-gnu-ld \
--with-ncurses \
--with-selinux \
$uhead \
--with-systemdsystemunitdir=%_unitdir \
--with-bashcompletiondir=%{_datadir}/bash-completion \
--enable-mesg \
--enable-partx \
--enable-raw \
--enable-write \
--enable-line \
--enable-new-mount \
--enable-ddate \
--enable-login-utils \
--enable-tunelp \
--enable-logger \
%if %{with enable_eject}
--enable-eject \
%else
--disable-eject \
%endif
%if %{with sysvinit_tools}
--enable-sulogin \
--enable-sulogin-emergency-mount \
--enable-mountpoint \
%else
--disable-sulogin \
--disable-mountpoint \
%endif
%if %{with enable_su}
--enable-kill \
--enable-su \
%else
--disable-su \
--disable-kill \
%endif
--disable-use-tty-group \
--disable-static \
--disable-silent-rules \
@ -286,17 +310,28 @@ make %{?_smp_mflags}
%{__cc} -fwhole-program %{optflags} -o chrp-addnote %{SOURCE31}
%install
mkdir -p %{buildroot}{/etc/init.d,/etc/pam.d,%{_mandir}/man{1,8},/bin,/sbin,/usr/bin,/usr/sbin,%{_infodir}}
mkdir -p %{buildroot}{%{_sysconfdir}/{init.d,pam.d,default},%{_mandir}/man{1,8},/bin,/sbin,%{_bindir},%{_sbindir},%{_infodir}}
mkdir -p %{buildroot}%{_localstatedir}/lib/libuuid/
mkdir -p %{buildroot}%{_localstatedir}/run/uuidd/
install -m 744 %{SOURCE50} %{buildroot}%{_initddir}/uuidd
install -m 644 %{SOURCE51} %{buildroot}%{_sysconfdir}/blkid.conf
install -m 644 %{SOURCE8} %{buildroot}/etc/pam.d/login
install -m 644 %{SOURCE9} %{buildroot}/etc/pam.d/remote
install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/login
install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/remote
%if %{with enable_su}
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su
# === MOVING SU TRICKERY (1/3) START ===
# Install a copy of the su(1) config files with .ul suffix.
# This hack can go away when the new su-less coreutils package is out.
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su.ul
install -m 644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/su-l.ul
install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/default/su.ul
# === MOVING SU TRICKERY (1/3) END ===
%endif
mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
pushd ..
pushd ../klogconsole
# klogconsole install
cd klogconsole
make install DEST=%{buildroot}
popd
#
@ -304,6 +339,10 @@ popd
#
%make_install
#UsrMerge
%if %{with enable_su}
ln -s %{_bindir}/kill %{buildroot}/bin
ln -s %{_bindir}/su %{buildroot}/bin
%endif
ln -s %{_bindir}/logger %{buildroot}/bin
ln -s %{_bindir}/dmesg %{buildroot}/bin
ln -s %{_bindir}/more %{buildroot}/bin
@ -360,9 +399,9 @@ install -m 444 setctsid.8 %{buildroot}%{_mandir}/man8/
echo -e "#! /bin/bash\n/sbin/blockdev --flushbufs \$1" > %{buildroot}%{_sbindir}/flushb
chmod 755 %{buildroot}%{_sbindir}/flushb
# Install scripts to configure raw devices at boot time
install -m 644 $RPM_SOURCE_DIR/etc.raw %{buildroot}%{_sysconfdir}/raw
install -m 644 $RPM_SOURCE_DIR%{_sysconfdir}.raw %{buildroot}%{_sysconfdir}/raw
install -m 755 $RPM_SOURCE_DIR/raw.init %{buildroot}%{_initddir}/raw
ln -sf ../../etc/init.d/raw %{buildroot}%{_sbindir}/rcraw
ln -sf ../..%{_sysconfdir}/init.d/raw %{buildroot}%{_sbindir}/rcraw
# Stupid hack so we don't have a tcsh dependency
chmod 644 %{buildroot}%{_datadir}/getopt/getopt*.tcsh
# Following files we don't want to package, so remove them
@ -435,7 +474,13 @@ ln -sf ../..%{_sysconfdir}/init.d/uuidd %{buildroot}%{_sbindir}/rcuuidd
%if 0%{?suse_version} <= 1130
%run_permissions
%else
%set_permissions /usr/bin/wall /usr/bin/write /usr/bin/mount /usr/bin/umount
%set_permissions %{_bindir}/wall %{_bindir}/write %{_bindir}/mount %{_bindir}/umount
%if %{with enable_su}
%set_permissions %{_bindir}/su
%endif
%if %{with enable_eject}
%set_permissions %{_bindir}/eject
%endif
%endif
# mount option 'code=' is now called 'codepage=' so change fstab
@ -443,12 +488,35 @@ if [ -f etc/fstab ]; then
sed -i 's:code=:codepage=:' etc/fstab
fi
%posttrans
%if "%{with enable_su}"
# === MOVING SU TRICKERY (2/3) START ===
# If su(1)'s PAM config files are symbolic links, then they have been installed
# by the coreutils package (because su-enabled coreutils has been installed
# before util-linux). Remove the symlinks and install a copy of our .ul files
# in their correct places.
# This hack can go away when the new su-less coreutils package is out.
for f in pam.d/su pam.d/su-l default/su ; do
if [ -L %{_sysconfdir}/$f -a -e %{_sysconfdir}/$f.ul ]; then
rm -v %{_sysconfdir}/$f
cp -av %{_sysconfdir}/$f.ul %{_sysconfdir}/$f
fi
done
# === MOVING SU TRICKERY (2/3) END ===
%endif
%postun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/ipc.info.gz
%{insserv_cleanup}
%verifyscript
%verify_permissions -e /usr/bin/wall -e /usr/bin/write -e /usr/bin/mount -e /usr/bin/umount
%verify_permissions -e %{_bindir}/wall -e %{_bindir}/write -e %{_bindir}/mount -e %{_bindir}/umount
%if %{with enable_su}
%verify_permissions -e %{_bindir}/su
%endif
%if %{with enable_eject}
%verify_permissions -e %{_bindir}/eject
%endif
%post -n libblkid1 -p /sbin/ldconfig
@ -459,8 +527,8 @@ fi
%postun -n libmount1 -p /sbin/ldconfig
%pre -n uuidd
/usr/sbin/groupadd -r uuidd 2>/dev/null || :
/usr/sbin/useradd -r -g uuidd -c "User for uuidd" \
%{_sbindir}/groupadd -r uuidd 2>/dev/null || :
%{_sbindir}/useradd -r -g uuidd -c "User for uuidd" \
-d /var/run/uuidd uuidd 2>/dev/null || :
%preun -n uuidd
@ -471,7 +539,7 @@ fi
%if 0%{?suse_version} <= 1130
%run_permissions
%else
%set_permissions /usr/sbin/uuidd
%set_permissions %{_sbindir}/uuidd
%endif
%postun -n uuidd
@ -483,7 +551,7 @@ fi
%postun -n libuuid1 -p /sbin/ldconfig
%verifyscript -n uuidd
%verify_permissions -e /usr/sbin/uuidd
%verify_permissions -e %{_sbindir}/uuidd
%files lang -f %{name}.lang
@ -495,7 +563,6 @@ fi
%doc Documentation/cal.txt
%doc Documentation/cfdisk.txt
%doc Documentation/col.txt
%doc Documentation/ddate.txt
%doc Documentation/deprecated.txt
%doc Documentation/fdisk.txt
%doc Documentation/getopt.txt
@ -509,9 +576,25 @@ fi
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/raw
%config(noreplace) %{_sysconfdir}/filesystems
%config(noreplace) %{_sysconfdir}/blkid.conf
%config(noreplace) /etc/pam.d/login
%config(noreplace) /etc/pam.d/remote
%config(noreplace) %{_sysconfdir}/pam.d/login
%config(noreplace) %{_sysconfdir}/pam.d/remote
%if %{with enable_su}
%config(noreplace) %{_sysconfdir}/pam.d/su
%config(noreplace) %{_sysconfdir}/pam.d/su-l
%config(noreplace) %{_sysconfdir}/default/su
# === MOVING SU TRICKERY (3/3) START ===
# Package su(1) config files with .ul suffix needed in posttrans above.
# This hack can go away when the new su-less coreutils package is out.
%config %{_sysconfdir}/pam.d/su.ul
%config %{_sysconfdir}/pam.d/su-l.ul
%config %{_sysconfdir}/default/su.ul
# === MOVING SU TRICKERY (3/3) END ===
%endif
#UsrMerge
%if %{with enable_su}
/bin/kill
/bin/su
%endif
/bin/dmesg
/bin/more
/bin/mount
@ -546,13 +629,19 @@ fi
/sbin/fstrim
/sbin/chcpu
#EndUsrMerge
%if %{with enable_su}
%{_bindir}/kill
%{_bindir}/su
%endif
%if %{with enable_eject}
%verify(not mode) %attr(4750,root,audio) %{_bindir}/eject
%endif
%{_bindir}/cal
%{_bindir}/chrt
%{_bindir}/col
%{_bindir}/colcrt
%{_bindir}/colrm
%{_bindir}/column
%{_bindir}/ddate
%{_bindir}/dmesg
%{_bindir}/fallocate
%{_bindir}/findmnt
@ -569,11 +658,13 @@ fi
%{_bindir}/look
%{_bindir}/lsblk
%{_bindir}/lscpu
%{_bindir}/lslocks
%{_bindir}/mcookie
%{_bindir}/mesg
%{_bindir}/more
%{_bindir}/mount
%{_bindir}/namei
%{_bindir}/nsenter
%{_bindir}/prlimit
%{_bindir}/rename
%{_bindir}/renice
@ -587,14 +678,20 @@ fi
%{_bindir}/ul
%{_bindir}/umount
%{_bindir}/unshare
%if %{with sysvinit_tools}
%{_bindir}/mountpoint
%{_bindir}/utmpdump
%endif
%{_bindir}/uuidgen
%ifnarch ppc ppc64
%{_bindir}/chrp-addnote
%{_bindir}/mkzimage_cmdline
%endif
%{_bindir}/wdctl
%{_sbindir}/addpart
%{_sbindir}/agetty
%{_sbindir}/blkid
%{_sbindir}/blkdiscard
%{_sbindir}/blockdev
%{_sbindir}/chcpu
%{_sbindir}/ctrlaltdel
@ -617,8 +714,13 @@ fi
%{_sbindir}/pivot_root
%{_sbindir}/raw
%{_sbindir}/rcraw
%{_sbindir}/resizepart
%{_sbindir}/rtcwake
%{_sbindir}/runuser
%{_sbindir}/setctsid
%if %{with sysvinit_tools}
%{_sbindir}/sulogin
%endif
%{_sbindir}/swaplabel
%{_sbindir}/swapoff
%{_sbindir}/swapon
@ -627,14 +729,20 @@ fi
%verify(not mode) %attr(0755,root,tty) %{_bindir}/wall
%{_bindir}/whereis
%verify(not mode) %attr(0755,root,tty) %{_bindir}/write
%if %{with enable_su}
%{_mandir}/man1/kill.1.gz
%{_mandir}/man1/su.1.gz
%endif
%{_mandir}/man1/cal.1.gz
%{_mandir}/man1/chrt.1.gz
%{_mandir}/man1/col.1.gz
%{_mandir}/man1/colcrt.1.gz
%{_mandir}/man1/colrm.1.gz
%{_mandir}/man1/column.1.gz
%{_mandir}/man1/ddate.1.gz
%{_mandir}/man1/dmesg.1.gz
%if %{with enable_eject}
%{_mandir}/man1/eject.1.gz
%endif
%{_mandir}/man1/fallocate.1.gz
%{_mandir}/man1/flock.1.gz
%{_mandir}/man1/getopt.1.gz
@ -650,6 +758,7 @@ fi
%{_mandir}/man1/mesg.1.gz
%{_mandir}/man1/more.1.gz
%{_mandir}/man1/namei.1.gz
%{_mandir}/man1/nsenter.1.gz
%{_mandir}/man1/ionice.1.gz
%{_mandir}/man1/prlimit.1.gz
%{_mandir}/man1/rename.1.gz
@ -667,6 +776,11 @@ fi
%{_mandir}/man1/whereis.1.gz
%{_mandir}/man1/write.1.gz
%{_mandir}/man1/ipcmk.1.gz
%if %{with sysvinit_tools}
%{_mandir}/man1/mountpoint.1.gz
%{_mandir}/man1/utmpdump.1.gz
%endif
%{_mandir}/man1/runuser.1.gz
%{_mandir}/man1/uuidgen.1.gz
%{_mandir}/man5/fstab.5.gz
%{_mandir}/man8/addpart.8.gz
@ -675,16 +789,20 @@ fi
%{_mandir}/man8/delpart.8.gz
%{_mandir}/man8/ctrlaltdel.8.gz
%{_mandir}/man8/blkid.8.gz
%{_mandir}/man8/blkdiscard.8.gz
%{_mandir}/man8/switch_root.8.gz
%{_mandir}/man8/mkfs.bfs.8.gz
%{_mandir}/man8/mkfs.minix.8.gz
%{_mandir}/man8/findfs.8.gz
%{_mandir}/man8/fsck.8.gz
%{_mandir}/man8/fsck.cramfs.8.gz
%{_mandir}/man8/fsck.minix.8.gz
%{_mandir}/man8/isosize.8.gz
%{_mandir}/man8/ldattach.8.gz
%{_mandir}/man8/losetup.8.gz
%{_mandir}/man8/lslocks.8.gz
%{_mandir}/man8/mkfs.8.gz
%{_mandir}/man8/mkfs.cramfs.8.gz
%{_mandir}/man8/mkswap.8.gz
%{_mandir}/man8/mount.8.gz
%{_mandir}/man8/nologin.8.gz
@ -708,12 +826,17 @@ fi
%{_mandir}/man8/wipefs.8.gz
%{_mandir}/man8/fstrim.8.gz
%{_mandir}/man8/lsblk.8.gz
%{_mandir}/ru
%{_mandir}/man8/resizepart.8.gz
%if %{with sysvinit_tools}
%{_mandir}/man8/sulogin.8.gz
%endif
%{_mandir}/man8/wdctl.8.gz
%{_sbindir}/flushb
%{_sbindir}/readprofile
%dir %{_datadir}/getopt
%attr (755,root,root) %{_datadir}/getopt/getopt-parse.bash
%attr (755,root,root) %{_datadir}/getopt/getopt-parse.tcsh
%{_datadir}/bash-completion/*
%ifnarch ia64
#XXX: post our patches upstream
#XXX: call fdupes on /usr/share/man
@ -784,6 +907,8 @@ fi
%{_initddir}/uuidd
%{_mandir}/man8/uuidd.8.gz
%{_sbindir}/rcuuidd
%{_unitdir}/uuidd.service
%{_unitdir}/uuidd.socket
%files -n libuuid1
%defattr(-, root, root)