3
0
forked from pool/util-linux

Accepting request 960118 from home:sbrabec:branches:util-linux-round14

- Update to version 2.37.4...
- Fix "su -s" bash completion.

OBS-URL: https://build.opensuse.org/request/show/960118
OBS-URL: https://build.opensuse.org/package/show/Base:System/util-linux?expand=0&rev=461
This commit is contained in:
Jan Engelhardt 2022-03-08 09:54:48 +00:00 committed by Git OBS Bridge
parent cab3427859
commit 98818bc8ae
12 changed files with 166 additions and 22 deletions

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Tue Mar 8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
-------------------------------------------------------------------
Thu Mar 3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
-------------------------------------------------------------------
Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com> Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>

View File

@ -125,7 +125,7 @@ BuildRequires: libmount-devel
%endif %endif
%endif %endif
#END SECOND STAGE DEPENDENCIES #END SECOND STAGE DEPENDENCIES
Version: 2.37.3 Version: 2.37.4
Release: 0 Release: 0
URL: https://www.kernel.org/pub/linux/utils/util-linux/ URL: https://www.kernel.org/pub/linux/utils/util-linux/
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@ -149,6 +149,8 @@ Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
# PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
Patch3: util-linux-sulogin4bsc1175514.patch Patch3: util-linux-sulogin4bsc1175514.patch
# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
Patch4: util-linux-bash-completion-su-chsh-l.patch
# #
%if %build_util_linux %if %build_util_linux
Supplements: filesystem(minix) Supplements: filesystem(minix)

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmHucl0ACgkQ5LcdXuw5
woRUIA//fUFuiVwvbCMlkHOUo7ebLozYdnfeqky/t7yxUWwdqttPJiQVO3gfkNWr
FI6y2EFun3ToyYdTi4YueDHPyYecPzLMsTot2F0eA+I1blsnHuvspchGd0V5pw8j
KWtbD4XUjY5DMS6FyLrkvz6nleDlm1xcNDxvhom5gKwhWOdYkcf21j1M1zqPjyaa
DI4CZn5gMvKBfsNFRqQh4+gQMyJ2qNoWpQo7VfHqWPWkC/uzNjifKd2ATlaCeEGF
N1Ykm2bM/NZ6vl/MY4DLNJdD8m3xnYoF6zqhFblUMZ0oZVp02D/sfZJGmrLrSmpY
UD1bql1JRgrchh1kCboU+PiA6CFk5DWN2ex8O4qnjrc9oab2YQ3vuvrIzT/v0IpG
DqIwloW1PL8R5mxOiRC6rUhYAdyLvpVs3ZJrqGtlceB/YpB7vDrIDc3CC45mno2f
S9sUc6J+Kq1s5Cd1PEAghMeeoAvnudNuCnXGh0gfF4CNCQ/89sOZMR4YQaCL8xZZ
Vp5uDmwtR4YdN0xk5A7BwrGQ18fwymGN9TSP0LkNT8MHRafjGhHRurfDH7MPVUtP
IWK+mansvJvbP8OuajsX6w/8umB+8kiGVAV0uh4Cm/Lq1p/HE2g4ZJs1wgHO238a
zLo52tiuIN3Kc8nBlYhKOVi30YrcbRWppRbxxVQRHohoHOdrgEg=
=Dk1+
-----END PGP SIGNATURE-----

BIN
util-linux-2.37.3.tar.xz (Stored with Git LFS)

Binary file not shown.

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsMZNFDAcxu+u32Dk5LcdXuw5woQFAmIKKY4ACgkQ5LcdXuw5
woRylw//WQuCmFUuO6rfi3lN4L6Vvxz7RoLo0YcreQC9n+Xfk6e0KGPO2tlyEmP1
NGp/YKqR194aWBdDaqzDxOAQ8V/MElTlLsO3MvKGpoDjyr4tsky3GYpZZ7uiKiLv
ZSD+fjA3pn4M0RCufyq3+/SKF7ui4HKMna7wUr5aPBiyxgae9SefxRSq4d0bH7Me
GEkDWU6y6mjzalAkVSb+4On/fQDe26hYRsvVmJpksivBpIkZXgNJSdT29axkfNo4
z4P6QNEc1YHFyV2jLb4lJJyTBLh9MeUF2H0MhWBcp3DXr8Cyonr473WtsowbMjQX
Xez6BR8Yag3o0oHXtov6osfR7A3JMQZXmI07eUTv7Sou32o9Nog1B26tHgLZ0ej8
i94mvy98fTla+h0gtvbHG9JJaQp68k32Ip9xcwlFPOGp256uOWnS3KNF4zO1unM3
E2jLHY2OKKMHhldvt2WmcwOeQTLWYrsv4VPsbJfdnsKRR4eUqm5EQIOdnYhSWxfC
4MZsenx5S9R/4ITU5cM1xU6BaVXgtNdL+LBJ+aBms6hf5rbgOaYrUr5gUQ9TWUWP
/EOY+48fGaIr1MDJo6OTiJuF7DG8kseJowfTjo8zK3ZrzXEJyfAZUwRzjuEyxu0+
kx7jhdkZCnQfAbTornWY/L8Fe/aDOchtaERgFOzCyyipJiDjwm8=
=jWac
-----END PGP SIGNATURE-----

BIN
util-linux-2.37.4.tar.xz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -0,0 +1,16 @@
su -s <TAB> completion depends on "chsh -l" present in the
util-linux implementation of chsh. But SUSE uses chsh from shadow
package that does not include this feature. Use /etc/shells
instead.
--- util-linux/bash-completion/su
+++ util-linux/bash-completion/su
@@ -14,7 +14,7 @@ _su_module()
return 0
;;
'-s'|'--shell')
- COMPREPLY=( $(compgen -W "$(chsh -l)" -- $cur) )
+ COMPREPLY=( $(compgen -W "$(</etc/shells)" -- $cur) )
return 0
;;
'-h'|'--help'|'-V'|'--version')

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Tue Mar 8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
-------------------------------------------------------------------
Thu Mar 3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
-------------------------------------------------------------------
Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.37.3 (bsc#1194976):
This release fixes two security mount(8) and umount(8) issues:
* CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
* CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com> Tue Dec 14 14:17:41 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>

View File

@ -125,7 +125,7 @@ BuildRequires: libmount-devel
%endif %endif
%endif %endif
#END SECOND STAGE DEPENDENCIES #END SECOND STAGE DEPENDENCIES
Version: 2.37.3 Version: 2.37.4
Release: 0 Release: 0
URL: https://www.kernel.org/pub/linux/utils/util-linux/ URL: https://www.kernel.org/pub/linux/utils/util-linux/
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@ -149,6 +149,8 @@ Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
# PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
Patch3: util-linux-sulogin4bsc1175514.patch Patch3: util-linux-sulogin4bsc1175514.patch
# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
Patch4: util-linux-bash-completion-su-chsh-l.patch
# #
%if %build_util_linux %if %build_util_linux
Supplements: filesystem(minix) Supplements: filesystem(minix)

View File

@ -0,0 +1,57 @@
Prevent root owning of /var/lib/libuuid/clock.txt
Just after the installation, calling uuid_generate_time() or
uuid_generate_time_safe() as root may create root owned
/var/lib/libuuid/clock.txt, which makes it unusable for uuidd.
To reproduce:
zypper rm uuidd
zypper in uuidd
uuidgen --time
ls -l /var/lib/libuuid/clock.txt
rcuuidd start
ls -l /var/lib/libuuid/clock.txt
Before:
-rw-rw---- 1 root root 56 Mar 4 17:24 /var/lib/libuuid/clock.txt
After (with the patch):
-rw-rw---- 1 uuidd uuidd 56 Mar 4 17:30 /var/lib/libuuid/clock.txt
Index: util-linux-2.37.2/misc-utils/uuidd.service.in
===================================================================
--- util-linux-2.37.2.orig/misc-utils/uuidd.service.in
+++ util-linux-2.37.2/misc-utils/uuidd.service.in
@@ -4,6 +4,7 @@ Documentation=man:uuidd(8)
Requires=uuidd.socket
[Service]
+ExecStartPre=+-@CHOWN@ uuidd:uuidd /var/lib/libuuid/clock.txt
ExecStart=@usrsbin_execdir@/uuidd --socket-activation
Restart=no
User=uuidd
Index: util-linux-2.37.2/configure.ac
===================================================================
--- util-linux-2.37.2.orig/configure.ac
+++ util-linux-2.37.2/configure.ac
@@ -233,6 +233,8 @@ PKG_INSTALLDIR(['${usrlib_execdir}/pkgco
GTK_DOC_CHECK([1.10])
AC_PATH_PROG([XSLTPROC], [xsltproc])
+AC_PATH_PROG([CHOWN], [chown])
+
linux_os=no
bsd_os=no
Index: util-linux-2.37.2/Makefile.am
===================================================================
--- util-linux-2.37.2.orig/Makefile.am
+++ util-linux-2.37.2/Makefile.am
@@ -145,6 +145,7 @@ edit_cmd = sed \
-e 's|@usrsbin_execdir[@]|$(usrsbin_execdir)|g' \
-e 's|@VERSION[@]|$(VERSION)|g' \
-e 's|@ADJTIME_PATH[@]|$(ADJTIME_PATH)|g' \
+ -e 's|@CHOWN[@]|$(CHOWN)|g' \
-e 's|@LIBUUID_VERSION[@]|$(LIBUUID_VERSION)|g' \
-e 's|@LIBMOUNT_VERSION[@]|$(LIBMOUNT_VERSION)|g' \
-e 's|@LIBMOUNT_MAJOR_VERSION[@]|$(LIBMOUNT_MAJOR_VERSION)|g' \

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Tue Mar 8 02:00:05 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
- Update to version 2.37.4:
* Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
SUSE is not affected (bsc#1196241).
-------------------------------------------------------------------
Thu Mar 3 03:22:45 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
- Fix "su -s" bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com> Mon Jan 24 21:57:01 UTC 2022 - Dirk Müller <dmueller@suse.com>

View File

@ -125,7 +125,7 @@ BuildRequires: libmount-devel
%endif %endif
%endif %endif
#END SECOND STAGE DEPENDENCIES #END SECOND STAGE DEPENDENCIES
Version: 2.37.3 Version: 2.37.4
Release: 0 Release: 0
URL: https://www.kernel.org/pub/linux/utils/util-linux/ URL: https://www.kernel.org/pub/linux/utils/util-linux/
Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz
@ -149,6 +149,8 @@ Patch1: libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch
# PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices
Patch3: util-linux-sulogin4bsc1175514.patch Patch3: util-linux-sulogin4bsc1175514.patch
# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion.
Patch4: util-linux-bash-completion-su-chsh-l.patch
# #
%if %build_util_linux %if %build_util_linux
Supplements: filesystem(minix) Supplements: filesystem(minix)