Accepting request 960118 from home:sbrabec:branches:util-linux-round14

- Update to version 2.37.4...
- Fix "su -s" bash completion.

OBS-URL: https://build.opensuse.org/request/show/960118
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=461

python3-libmount.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
+-------------------------------------------------------------------
+Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.37.3 (bsc#1194976):
+  This release fixes two security mount(8) and umount(8) issues: 
+  * CVE-2021-3996
+    Improper UID check in libmount allows an unprivileged user to unmount FUSE
+    filesystems of users with similar UID.
+  * CVE-2021-3995
+    This issue is related to parsing the /proc/self/mountinfo file allows an
+    unprivileged user to unmount other user's filesystems that are either
+    world-writable themselves or mounted in a world-writable directory.
+
 -------------------------------------------------------------------
 Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
 

python3-libmount.spec

@@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)

util-linux-2.37.3.tar.sign

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmHucl0ACgkQ5LcdXuw5
-woRUIA//fUFuiVwvbCMlkHOUo7ebLozYdnfeqky/t7yxUWwdqttPJiQVO3gfkNWr
-FI6y2EFun3ToyYdTi4YueDHPyYecPzLMsTot2F0eA+I1blsnHuvspchGd0V5pw8j
-KWtbD4XUjY5DMS6FyLrkvz6nleDlm1xcNDxvhom5gKwhWOdYkcf21j1M1zqPjyaa
-DI4CZn5gMvKBfsNFRqQh4+gQMyJ2qNoWpQo7VfHqWPWkC/uzNjifKd2ATlaCeEGF
-N1Ykm2bM/NZ6vl/MY4DLNJdD8m3xnYoF6zqhFblUMZ0oZVp02D/sfZJGmrLrSmpY
-UD1bql1JRgrchh1kCboU+PiA6CFk5DWN2ex8O4qnjrc9oab2YQ3vuvrIzT/v0IpG
-DqIwloW1PL8R5mxOiRC6rUhYAdyLvpVs3ZJrqGtlceB/YpB7vDrIDc3CC45mno2f
-S9sUc6J+Kq1s5Cd1PEAghMeeoAvnudNuCnXGh0gfF4CNCQ/89sOZMR4YQaCL8xZZ
-Vp5uDmwtR4YdN0xk5A7BwrGQ18fwymGN9TSP0LkNT8MHRafjGhHRurfDH7MPVUtP
-IWK+mansvJvbP8OuajsX6w/8umB+8kiGVAV0uh4Cm/Lq1p/HE2g4ZJs1wgHO238a
-zLo52tiuIN3Kc8nBlYhKOVi30YrcbRWppRbxxVQRHohoHOdrgEg=
-=Dk1+
------END PGP SIGNATURE-----

util-linux-2.37.4.tar.sign

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmIKKY4ACgkQ5LcdXuw5
+woRylw//WQuCmFUuO6rfi3lN4L6Vvxz7RoLo0YcreQC9n+Xfk6e0KGPO2tlyEmP1
+NGp/YKqR194aWBdDaqzDxOAQ8V/MElTlLsO3MvKGpoDjyr4tsky3GYpZZ7uiKiLv
+ZSD+fjA3pn4M0RCufyq3+/SKF7ui4HKMna7wUr5aPBiyxgae9SefxRSq4d0bH7Me
+GEkDWU6y6mjzalAkVSb+4On/fQDe26hYRsvVmJpksivBpIkZXgNJSdT29axkfNo4
+z4P6QNEc1YHFyV2jLb4lJJyTBLh9MeUF2H0MhWBcp3DXr8Cyonr473WtsowbMjQX
+Xez6BR8Yag3o0oHXtov6osfR7A3JMQZXmI07eUTv7Sou32o9Nog1B26tHgLZ0ej8
+i94mvy98fTla+h0gtvbHG9JJaQp68k32Ip9xcwlFPOGp256uOWnS3KNF4zO1unM3
+E2jLHY2OKKMHhldvt2WmcwOeQTLWYrsv4VPsbJfdnsKRR4eUqm5EQIOdnYhSWxfC
+4MZsenx5S9R/4ITU5cM1xU6BaVXgtNdL+LBJ+aBms6hf5rbgOaYrUr5gUQ9TWUWP
+/EOY+48fGaIr1MDJo6OTiJuF7DG8kseJowfTjo8zK3ZrzXEJyfAZUwRzjuEyxu0+
+kx7jhdkZCnQfAbTornWY/L8Fe/aDOchtaERgFOzCyyipJiDjwm8=
+=jWac
+-----END PGP SIGNATURE-----

util-linux-bash-completion-su-chsh-l.patch

@@ -0,0 +1,16 @@
+su -s <TAB> completion depends on "chsh -l" present in the
+util-linux implementation of chsh. But SUSE uses chsh from shadow
+package that does not include this feature. Use /etc/shells
+instead.
+
+--- util-linux/bash-completion/su
++++ util-linux/bash-completion/su
+@@ -14,7 +14,7 @@ _su_module()
+ 			return 0
+ 			;;
+ 		'-s'|'--shell')
+-			COMPREPLY=( $(compgen -W "$(chsh -l)" -- $cur) )
++			COMPREPLY=( $(compgen -W "$(</etc/shells)" -- $cur) )
+ 			return 0
+ 			;;
+ 		'-h'|'--help'|'-V'|'--version')

util-linux-systemd.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
+-------------------------------------------------------------------
+Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.37.3 (bsc#1194976):
+  This release fixes two security mount(8) and umount(8) issues: 
+  * CVE-2021-3996
+    Improper UID check in libmount allows an unprivileged user to unmount FUSE
+    filesystems of users with similar UID.
+  * CVE-2021-3995
+    This issue is related to parsing the /proc/self/mountinfo file allows an
+    unprivileged user to unmount other user's filesystems that are either
+    world-writable themselves or mounted in a world-writable directory.
+
 -------------------------------------------------------------------
 Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
 

util-linux-systemd.spec

@@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)

util-linux-uuidd-prevent-root-owning.patch

@@ -0,0 +1,57 @@
+Prevent root owning of /var/lib/libuuid/clock.txt
+
+Just after the installation, calling uuid_generate_time() or
+uuid_generate_time_safe() as root may create root owned
+/var/lib/libuuid/clock.txt, which makes it unusable for uuidd.
+
+To reproduce:
+zypper rm uuidd
+zypper in uuidd
+uuidgen --time
+ls -l /var/lib/libuuid/clock.txt
+rcuuidd start
+ls -l /var/lib/libuuid/clock.txt
+
+Before:
+-rw-rw---- 1 root root 56 Mar  4 17:24 /var/lib/libuuid/clock.txt
+
+After (with the patch):
+-rw-rw---- 1 uuidd uuidd 56 Mar  4 17:30 /var/lib/libuuid/clock.txt
+
+Index: util-linux-2.37.2/misc-utils/uuidd.service.in
+===================================================================
+--- util-linux-2.37.2.orig/misc-utils/uuidd.service.in
++++ util-linux-2.37.2/misc-utils/uuidd.service.in
+@@ -4,6 +4,7 @@ Documentation=man:uuidd(8)
+ Requires=uuidd.socket
+ 
+ [Service]
++ExecStartPre=+-@CHOWN@ uuidd:uuidd /var/lib/libuuid/clock.txt
+ ExecStart=@usrsbin_execdir@/uuidd --socket-activation
+ Restart=no
+ User=uuidd
+Index: util-linux-2.37.2/configure.ac
+===================================================================
+--- util-linux-2.37.2.orig/configure.ac
++++ util-linux-2.37.2/configure.ac
+@@ -233,6 +233,8 @@ PKG_INSTALLDIR(['${usrlib_execdir}/pkgco
+ GTK_DOC_CHECK([1.10])
+ AC_PATH_PROG([XSLTPROC], [xsltproc])
+ 
++AC_PATH_PROG([CHOWN], [chown])
++
+ 
+ linux_os=no
+ bsd_os=no
+Index: util-linux-2.37.2/Makefile.am
+===================================================================
+--- util-linux-2.37.2.orig/Makefile.am
++++ util-linux-2.37.2/Makefile.am
+@@ -145,6 +145,7 @@ edit_cmd = sed \
+ 	 -e 's|@usrsbin_execdir[@]|$(usrsbin_execdir)|g' \
+ 	 -e 's|@VERSION[@]|$(VERSION)|g' \
+ 	 -e 's|@ADJTIME_PATH[@]|$(ADJTIME_PATH)|g' \
++	 -e 's|@CHOWN[@]|$(CHOWN)|g' \
+ 	 -e 's|@LIBUUID_VERSION[@]|$(LIBUUID_VERSION)|g' \
+ 	 -e 's|@LIBMOUNT_VERSION[@]|$(LIBMOUNT_VERSION)|g' \
+ 	 -e 's|@LIBMOUNT_MAJOR_VERSION[@]|$(LIBMOUNT_MAJOR_VERSION)|g' \

util-linux.changes

@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
 -------------------------------------------------------------------
 Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
 

util-linux.spec

@@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)