From 98818bc8aefab881459cd717faafd2387941ee21f99d4793d44d12482e5ace74 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Tue, 8 Mar 2022 09:54:48 +0000
Subject: [PATCH] Accepting request 960118 from
 home:sbrabec:branches:util-linux-round14

- Update to version 2.37.4...
- Fix "su -s" bash completion.

OBS-URL: https://build.opensuse.org/request/show/960118
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=461
---
 python3-libmount.changes                   | 26 ++++++++++
 python3-libmount.spec                      |  4 +-
 util-linux-2.37.3.tar.sign                 | 16 ------
 util-linux-2.37.3.tar.xz                   |  3 --
 util-linux-2.37.4.tar.sign                 | 16 ++++++
 util-linux-2.37.4.tar.xz                   |  3 ++
 util-linux-bash-completion-su-chsh-l.patch | 16 ++++++
 util-linux-systemd.changes                 | 26 ++++++++++
 util-linux-systemd.spec                    |  4 +-
 util-linux-uuidd-prevent-root-owning.patch | 57 ++++++++++++++++++++++
 util-linux.changes                         | 13 +++++
 util-linux.spec                            |  4 +-
 12 files changed, 166 insertions(+), 22 deletions(-)
 delete mode 100644 util-linux-2.37.3.tar.sign
 delete mode 100644 util-linux-2.37.3.tar.xz
 create mode 100644 util-linux-2.37.4.tar.sign
 create mode 100644 util-linux-2.37.4.tar.xz
 create mode 100644 util-linux-bash-completion-su-chsh-l.patch
 create mode 100644 util-linux-uuidd-prevent-root-owning.patch

diff --git a/python3-libmount.changes b/python3-libmount.changes
index 79a181c..77e478c 100644
--- a/python3-libmount.changes
+++ b/python3-libmount.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
+-------------------------------------------------------------------
+Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.37.3 (bsc#1194976):
+  This release fixes two security mount(8) and umount(8) issues: 
+  * CVE-2021-3996
+    Improper UID check in libmount allows an unprivileged user to unmount FUSE
+    filesystems of users with similar UID.
+  * CVE-2021-3995
+    This issue is related to parsing the /proc/self/mountinfo file allows an
+    unprivileged user to unmount other user's filesystems that are either
+    world-writable themselves or mounted in a world-writable directory.
+
 -------------------------------------------------------------------
 Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
 
diff --git a/python3-libmount.spec b/python3-libmount.spec
index 73e0810..949a7b1 100644
--- a/python3-libmount.spec
+++ b/python3-libmount.spec
@@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)
diff --git a/util-linux-2.37.3.tar.sign b/util-linux-2.37.3.tar.sign
deleted file mode 100644
index 8b64c34..0000000
--- a/util-linux-2.37.3.tar.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmHucl0ACgkQ5LcdXuw5
-woRUIA//fUFuiVwvbCMlkHOUo7ebLozYdnfeqky/t7yxUWwdqttPJiQVO3gfkNWr
-FI6y2EFun3ToyYdTi4YueDHPyYecPzLMsTot2F0eA+I1blsnHuvspchGd0V5pw8j
-KWtbD4XUjY5DMS6FyLrkvz6nleDlm1xcNDxvhom5gKwhWOdYkcf21j1M1zqPjyaa
-DI4CZn5gMvKBfsNFRqQh4+gQMyJ2qNoWpQo7VfHqWPWkC/uzNjifKd2ATlaCeEGF
-N1Ykm2bM/NZ6vl/MY4DLNJdD8m3xnYoF6zqhFblUMZ0oZVp02D/sfZJGmrLrSmpY
-UD1bql1JRgrchh1kCboU+PiA6CFk5DWN2ex8O4qnjrc9oab2YQ3vuvrIzT/v0IpG
-DqIwloW1PL8R5mxOiRC6rUhYAdyLvpVs3ZJrqGtlceB/YpB7vDrIDc3CC45mno2f
-S9sUc6J+Kq1s5Cd1PEAghMeeoAvnudNuCnXGh0gfF4CNCQ/89sOZMR4YQaCL8xZZ
-Vp5uDmwtR4YdN0xk5A7BwrGQ18fwymGN9TSP0LkNT8MHRafjGhHRurfDH7MPVUtP
-IWK+mansvJvbP8OuajsX6w/8umB+8kiGVAV0uh4Cm/Lq1p/HE2g4ZJs1wgHO238a
-zLo52tiuIN3Kc8nBlYhKOVi30YrcbRWppRbxxVQRHohoHOdrgEg=
-=Dk1+
------END PGP SIGNATURE-----
diff --git a/util-linux-2.37.3.tar.xz b/util-linux-2.37.3.tar.xz
deleted file mode 100644
index 4e9db72..0000000
--- a/util-linux-2.37.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:590c592e58cd6bf38519cb467af05ce6a1ab18040e3e3418f24bcfb2f55f9776
-size 6126260
diff --git a/util-linux-2.37.4.tar.sign b/util-linux-2.37.4.tar.sign
new file mode 100644
index 0000000..f80e3b4
--- /dev/null
+++ b/util-linux-2.37.4.tar.sign
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmIKKY4ACgkQ5LcdXuw5
+woRylw//WQuCmFUuO6rfi3lN4L6Vvxz7RoLo0YcreQC9n+Xfk6e0KGPO2tlyEmP1
+NGp/YKqR194aWBdDaqzDxOAQ8V/MElTlLsO3MvKGpoDjyr4tsky3GYpZZ7uiKiLv
+ZSD+fjA3pn4M0RCufyq3+/SKF7ui4HKMna7wUr5aPBiyxgae9SefxRSq4d0bH7Me
+GEkDWU6y6mjzalAkVSb+4On/fQDe26hYRsvVmJpksivBpIkZXgNJSdT29axkfNo4
+z4P6QNEc1YHFyV2jLb4lJJyTBLh9MeUF2H0MhWBcp3DXr8Cyonr473WtsowbMjQX
+Xez6BR8Yag3o0oHXtov6osfR7A3JMQZXmI07eUTv7Sou32o9Nog1B26tHgLZ0ej8
+i94mvy98fTla+h0gtvbHG9JJaQp68k32Ip9xcwlFPOGp256uOWnS3KNF4zO1unM3
+E2jLHY2OKKMHhldvt2WmcwOeQTLWYrsv4VPsbJfdnsKRR4eUqm5EQIOdnYhSWxfC
+4MZsenx5S9R/4ITU5cM1xU6BaVXgtNdL+LBJ+aBms6hf5rbgOaYrUr5gUQ9TWUWP
+/EOY+48fGaIr1MDJo6OTiJuF7DG8kseJowfTjo8zK3ZrzXEJyfAZUwRzjuEyxu0+
+kx7jhdkZCnQfAbTornWY/L8Fe/aDOchtaERgFOzCyyipJiDjwm8=
+=jWac
+-----END PGP SIGNATURE-----
diff --git a/util-linux-2.37.4.tar.xz b/util-linux-2.37.4.tar.xz
new file mode 100644
index 0000000..2b767ac
--- /dev/null
+++ b/util-linux-2.37.4.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83
+size 6114232
diff --git a/util-linux-bash-completion-su-chsh-l.patch b/util-linux-bash-completion-su-chsh-l.patch
new file mode 100644
index 0000000..89d0f81
--- /dev/null
+++ b/util-linux-bash-completion-su-chsh-l.patch
@@ -0,0 +1,16 @@
+su -s <TAB> completion depends on "chsh -l" present in the
+util-linux implementation of chsh. But SUSE uses chsh from shadow
+package that does not include this feature. Use /etc/shells
+instead.
+
+--- util-linux/bash-completion/su
++++ util-linux/bash-completion/su
+@@ -14,7 +14,7 @@ _su_module()
+ 			return 0
+ 			;;
+ 		'-s'|'--shell')
+-			COMPREPLY=( $(compgen -W "$(chsh -l)" -- $cur) )
++			COMPREPLY=( $(compgen -W "$(</etc/shells)" -- $cur) )
+ 			return 0
+ 			;;
+ 		'-h'|'--help'|'-V'|'--version')
diff --git a/util-linux-systemd.changes b/util-linux-systemd.changes
index 79a181c..77e478c 100644
--- a/util-linux-systemd.changes
+++ b/util-linux-systemd.changes
@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
+-------------------------------------------------------------------
+Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.37.3 (bsc#1194976):
+  This release fixes two security mount(8) and umount(8) issues: 
+  * CVE-2021-3996
+    Improper UID check in libmount allows an unprivileged user to unmount FUSE
+    filesystems of users with similar UID.
+  * CVE-2021-3995
+    This issue is related to parsing the /proc/self/mountinfo file allows an
+    unprivileged user to unmount other user's filesystems that are either
+    world-writable themselves or mounted in a world-writable directory.
+
 -------------------------------------------------------------------
 Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
 
diff --git a/util-linux-systemd.spec b/util-linux-systemd.spec
index b90f49c..78bfe0a 100644
--- a/util-linux-systemd.spec
+++ b/util-linux-systemd.spec
@@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)
diff --git a/util-linux-uuidd-prevent-root-owning.patch b/util-linux-uuidd-prevent-root-owning.patch
new file mode 100644
index 0000000..2327ed5
--- /dev/null
+++ b/util-linux-uuidd-prevent-root-owning.patch
@@ -0,0 +1,57 @@
+Prevent root owning of /var/lib/libuuid/clock.txt
+
+Just after the installation, calling uuid_generate_time() or
+uuid_generate_time_safe() as root may create root owned
+/var/lib/libuuid/clock.txt, which makes it unusable for uuidd.
+
+To reproduce:
+zypper rm uuidd
+zypper in uuidd
+uuidgen --time
+ls -l /var/lib/libuuid/clock.txt
+rcuuidd start
+ls -l /var/lib/libuuid/clock.txt
+
+Before:
+-rw-rw---- 1 root root 56 Mar  4 17:24 /var/lib/libuuid/clock.txt
+
+After (with the patch):
+-rw-rw---- 1 uuidd uuidd 56 Mar  4 17:30 /var/lib/libuuid/clock.txt
+
+Index: util-linux-2.37.2/misc-utils/uuidd.service.in
+===================================================================
+--- util-linux-2.37.2.orig/misc-utils/uuidd.service.in
++++ util-linux-2.37.2/misc-utils/uuidd.service.in
+@@ -4,6 +4,7 @@ Documentation=man:uuidd(8)
+ Requires=uuidd.socket
+ 
+ [Service]
++ExecStartPre=+-@CHOWN@ uuidd:uuidd /var/lib/libuuid/clock.txt
+ ExecStart=@usrsbin_execdir@/uuidd --socket-activation
+ Restart=no
+ User=uuidd
+Index: util-linux-2.37.2/configure.ac
+===================================================================
+--- util-linux-2.37.2.orig/configure.ac
++++ util-linux-2.37.2/configure.ac
+@@ -233,6 +233,8 @@ PKG_INSTALLDIR(['${usrlib_execdir}/pkgco
+ GTK_DOC_CHECK([1.10])
+ AC_PATH_PROG([XSLTPROC], [xsltproc])
+ 
++AC_PATH_PROG([CHOWN], [chown])
++
+ 
+ linux_os=no
+ bsd_os=no
+Index: util-linux-2.37.2/Makefile.am
+===================================================================
+--- util-linux-2.37.2.orig/Makefile.am
++++ util-linux-2.37.2/Makefile.am
+@@ -145,6 +145,7 @@ edit_cmd = sed \
+ 	 -e 's|@usrsbin_execdir[@]|$(usrsbin_execdir)|g' \
+ 	 -e 's|@VERSION[@]|$(VERSION)|g' \
+ 	 -e 's|@ADJTIME_PATH[@]|$(ADJTIME_PATH)|g' \
++	 -e 's|@CHOWN[@]|$(CHOWN)|g' \
+ 	 -e 's|@LIBUUID_VERSION[@]|$(LIBUUID_VERSION)|g' \
+ 	 -e 's|@LIBMOUNT_VERSION[@]|$(LIBMOUNT_VERSION)|g' \
+ 	 -e 's|@LIBMOUNT_MAJOR_VERSION[@]|$(LIBMOUNT_MAJOR_VERSION)|g' \
diff --git a/util-linux.changes b/util-linux.changes
index c870c73..77e478c 100644
--- a/util-linux.changes
+++ b/util-linux.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Mar  8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Update to version 2.37.4:
+  * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+    SUSE is not affected (bsc#1196241).
+
+-------------------------------------------------------------------
+Thu Mar  3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
+
+- Fix "su -s" bash completion
+  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
+
 -------------------------------------------------------------------
 Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
 
diff --git a/util-linux.spec b/util-linux.spec
index 49bcad5..ce493b4 100644
--- a/util-linux.spec
+++ b/util-linux.spec
@@ -125,7 +125,7 @@ BuildRequires:  libmount-devel
 %endif
 %endif
 #END SECOND STAGE DEPENDENCIES
-Version:        2.37.3
+Version:        2.37.4
 Release:        0
 URL:            https://www.kernel.org/pub/linux/utils/util-linux/
 Source:         https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@@ -149,6 +149,8 @@ Patch1:         libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
 Patch2:         Add-documentation-on-blacklisted-modules-to-mount-8-.patch
 # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
 Patch3:         util-linux-sulogin4bsc1175514.patch
+# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
+Patch4:         util-linux-bash-completion-su-chsh-l.patch
 #
 %if %build_util_linux
 Supplements:    filesystem(minix)