From b90a5e98a0ceebe482c9dff2d3c056b638d799b5 Mon Sep 17 00:00:00 2001 From: markeryang Date: Mon, 16 Dec 2024 02:37:59 +0000 Subject: [PATCH] sync patches from the old version (cherry picked from commit 3e67b636a93507eddf46d3e7cd2987b50e7fc6d2) --- backport-Fix-ul_path_read_buffer.patch | 29 +++ ...id-fix-call-to-err_exclusive_options.patch | 34 +++ backport-cal-avoid-out-of-bound-write.patch | 34 +++ ...-hint-about-labels-for-bootable-flag.patch | 49 ++++ ...sible-integer-overflow-coverity-scan.patch | 28 +++ backport-column-fix-l.patch | 109 +++++++++ backport-column-fix-memory-leak.patch | 32 +++ ...ct-closing-brace-while-waiting-for-n.patch | 44 ++++ ...port-fsck.minix-fix-possible-overrun.patch | 28 +++ ...mp-check-blocksize-when-display-data.patch | 61 +++++ ...helpers-for-unaligned-structure-acce.patch | 37 ++++ backport-jsonwrt-add-ul_jsonwrt_flush.patch | 47 ++++ ...ast-avoid-out-of-bounds-array-access.patch | 30 +++ ...-don-t-call-exit-from-signal-handler.patch | 33 +++ ...cpuset-exit-early-from-cpulist_parse.patch | 43 ++++ ...-fix-possible-out-of-boundary-access.patch | 47 ++++ ...ibblkid-Check-offset-in-LUKS2-header.patch | 84 +++++++ ...ort-libblkid-apfs-validate-checksums.patch | 75 +++++++ ...d-avoid-aligning-out-of-probing-area.patch | 48 ++++ ...-avoid-memory-leak-of-cachefile-path.patch | 30 +++ ...t-libblkid-constify-cached-disk-data.patch | 44 ++++ ...-libblkid-drbd-reduce-false-positive.patch | 52 +++++ ...-libblkid-drbd-validate-zero-padding.patch | 83 +++++++ ...bblkid-hfsplus-reduce-false-positive.patch | 61 +++++ ...lidate-that-sector_size-is-a-power-o.patch | 42 ++++ ...t-libblkid-probe-read-data-in-chunks.patch | 121 ++++++++++ ...eset-errno-before-calling-probefuncs.patch | 60 +++++ ...n-properly-initialize-partition-data.patch | 33 +++ backport-libmount-cleanup-fake-mode.patch | 167 ++++++++++++++ ...sible-NULL-dereference-coverity-scan.patch | 36 +++ ...p-spourious-newline-in-between-strea.patch | 34 +++ ...rt-libsmartcols-fix-column-reduction.patch | 42 ++++ ...rt-libsmartcols-flush-correct-stream.patch | 31 +++ ...y-recognize-closed-object-as-final-e.patch | 48 ++++ ...-undefined-ioctl-and-tcsetattr-calls.patch | 98 ++++++++ ...use-correct-terminal-fd-during-setup.patch | 106 +++++++++ backport-lscpu-don-t-use-NULL-sharedmap.patch | 30 +++ ...ort-lsipc-fix-semaphore-USED-counter.patch | 66 ++++++ backport-lslocks-fix-buffer-overflow.patch | 69 ++++++ ...ins-fix-realloc-loop-allocation-size.patch | 34 +++ ...m-to-check-for-the-nodes-more-robust.patch | 44 ++++ backport-more-avoid-out-of-bound-access.patch | 38 ++++ ...LERR-and-POLLHUP-on-stdin-is-receive.patch | 51 +++++ backport-more-fix-poll-use.patch | 209 ++++++++++++++++++ ...ore-make-sure-we-have-data-on-stderr.patch | 97 ++++++++ ...ev-Check-for-wchar-conversion-errors.patch | 59 +++++ ...riptreplay-support-ctrl-s-and-ctrl-g.patch | 33 +++ ...-utils-hwclock-rtc-fix-pointer-usage.patch | 31 +++ ...-Unblock-SIGSEGV-before-vmware_bdoor.patch | 70 ++++++ ...oc-cal-Werror-calloc-transposed-args.patch | 33 +++ ...sure-unsigned-variable-not-underflow.patch | 28 +++ util-linux.spec | 59 ++++- 52 files changed, 2930 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-ul_path_read_buffer.patch create mode 100644 backport-blkid-fix-call-to-err_exclusive_options.patch create mode 100644 backport-cal-avoid-out-of-bound-write.patch create mode 100644 backport-cfdisk-add-hint-about-labels-for-bootable-flag.patch create mode 100644 backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch create mode 100644 backport-column-fix-l.patch create mode 100644 backport-column-fix-memory-leak.patch create mode 100644 backport-dmesg-print-object-closing-brace-while-waiting-for-n.patch create mode 100644 backport-fsck.minix-fix-possible-overrun.patch create mode 100644 backport-hexdump-check-blocksize-when-display-data.patch create mode 100644 backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch create mode 100644 backport-jsonwrt-add-ul_jsonwrt_flush.patch create mode 100644 backport-last-avoid-out-of-bounds-array-access.patch create mode 100644 backport-ldattach-don-t-call-exit-from-signal-handler.patch create mode 100644 backport-lib-cpuset-exit-early-from-cpulist_parse.patch create mode 100644 backport-lib-path-fix-possible-out-of-boundary-access.patch create mode 100644 backport-libblkid-Check-offset-in-LUKS2-header.patch create mode 100644 backport-libblkid-apfs-validate-checksums.patch create mode 100644 backport-libblkid-avoid-aligning-out-of-probing-area.patch create mode 100644 backport-libblkid-avoid-memory-leak-of-cachefile-path.patch create mode 100644 backport-libblkid-constify-cached-disk-data.patch create mode 100644 backport-libblkid-drbd-reduce-false-positive.patch create mode 100644 backport-libblkid-drbd-validate-zero-padding.patch create mode 100644 backport-libblkid-hfsplus-reduce-false-positive.patch create mode 100644 backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch create mode 100644 backport-libblkid-probe-read-data-in-chunks.patch create mode 100644 backport-libblkid-reset-errno-before-calling-probefuncs.patch create mode 100644 backport-libfdisk-sun-properly-initialize-partition-data.patch create mode 100644 backport-libmount-cleanup-fake-mode.patch create mode 100644 backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch create mode 100644 backport-libsmartcols-drop-spourious-newline-in-between-strea.patch create mode 100644 backport-libsmartcols-fix-column-reduction.patch create mode 100644 backport-libsmartcols-flush-correct-stream.patch create mode 100644 backport-libsmartcols-only-recognize-closed-object-as-final-e.patch create mode 100644 backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch create mode 100644 backport-login-use-correct-terminal-fd-during-setup.patch create mode 100644 backport-lscpu-don-t-use-NULL-sharedmap.patch create mode 100644 backport-lsipc-fix-semaphore-USED-counter.patch create mode 100644 backport-lslocks-fix-buffer-overflow.patch create mode 100644 backport-lslogins-fix-realloc-loop-allocation-size.patch create mode 100644 backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch create mode 100644 backport-more-avoid-out-of-bound-access.patch create mode 100644 backport-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-receive.patch create mode 100644 backport-more-fix-poll-use.patch create mode 100644 backport-more-make-sure-we-have-data-on-stderr.patch create mode 100644 backport-rev-Check-for-wchar-conversion-errors.patch create mode 100644 backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch create mode 100644 backport-sys-utils-hwclock-rtc-fix-pointer-usage.patch create mode 100644 backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch create mode 100644 backport-wall-fix-calloc-cal-Werror-calloc-transposed-args.patch create mode 100644 backport-wall-make-sure-unsigned-variable-not-underflow.patch diff --git a/backport-Fix-ul_path_read_buffer.patch b/backport-Fix-ul_path_read_buffer.patch new file mode 100644 index 0000000..41fe244 --- /dev/null +++ b/backport-Fix-ul_path_read_buffer.patch @@ -0,0 +1,29 @@ +From 6273c12257973cbd3c59a710049ee8a8027bbbb1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 May 2024 12:32:31 +0200 +Subject: [PATCH] Fix ul_path_read_buffer() + +The current implementation cuts off the last character of the buffer +if there is no trailing newline. +Reference:https://github.com/util-linux/util-linux/commit/6273c12257973cbd3c59a710049ee8a8027bbbb1 +Conflict:NA +--- + lib/path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/path.c b/lib/path.c +index 202f19ac4..f897599fd 100644 +--- a/lib/path.c ++++ b/lib/path.c +@@ -682,7 +682,7 @@ int ul_path_read_buffer(struct path_cxt *pc, char *buf, size_t bufsz, const char + if (*(buf + rc - 1) == '\n') + buf[--rc] = '\0'; + else +- buf[rc - 1] = '\0'; ++ buf[rc] = '\0'; + } + + return rc; +-- +2.33.0 + diff --git a/backport-blkid-fix-call-to-err_exclusive_options.patch b/backport-blkid-fix-call-to-err_exclusive_options.patch new file mode 100644 index 0000000..d68efdd --- /dev/null +++ b/backport-blkid-fix-call-to-err_exclusive_options.patch @@ -0,0 +1,34 @@ +From ee84a3bfaf1706269c3a54a546bb057189556e67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Mon, 2 Oct 2023 11:39:53 +0200 +Subject: [PATCH] blkid: fix call to err_exclusive_options +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +err_exclusive_options needs to be passed the long options array, +otherwise it will crash. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/ee84a3bfaf1706269c3a54a546bb057189556e67 +Conflict:NA +--- + misc-utils/blkid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/misc-utils/blkid.c b/misc-utils/blkid.c +index 32bc6feea..6df4e074e 100644 +--- a/misc-utils/blkid.c ++++ b/misc-utils/blkid.c +@@ -717,7 +717,7 @@ int main(int argc, char **argv) + while ((c = getopt_long (argc, argv, + "c:DdgH:hilL:n:ko:O:ps:S:t:u:U:w:Vv", longopts, NULL)) != -1) { + +- err_exclusive_options(c, NULL, excl, excl_st); ++ err_exclusive_options(c, longopts, excl, excl_st); + + switch (c) { + case 'c': +-- +2.33.0 + diff --git a/backport-cal-avoid-out-of-bound-write.patch b/backport-cal-avoid-out-of-bound-write.patch new file mode 100644 index 0000000..9293202 --- /dev/null +++ b/backport-cal-avoid-out-of-bound-write.patch @@ -0,0 +1,34 @@ +From 1be53cb47e5e94f5efecaf6ebc55311493343183 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 26 Dec 2023 11:18:00 +0100 +Subject: [PATCH] cal: avoid out of bound write +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/1be53cb47e5e94f5efecaf6ebc55311493343183 +Conflict:NA +--- + misc-utils/cal.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/misc-utils/cal.c b/misc-utils/cal.c +index 693449dbc..e6f4a6e4f 100644 +--- a/misc-utils/cal.c ++++ b/misc-utils/cal.c +@@ -692,9 +692,9 @@ static void headers_init(struct cal_control *ctl) + for (i = 0; i < DAYS_IN_WEEK; i++) { + size_t space_left; + +- if (i) +- strcat(cur_dh++, " "); + space_left = sizeof(day_headings) - (cur_dh - day_headings); ++ if (i && space_left) ++ strncat(cur_dh++, " ", space_left--); + + if (space_left <= (ctl->day_width - 1)) + break; +-- +2.33.0 + diff --git a/backport-cfdisk-add-hint-about-labels-for-bootable-flag.patch b/backport-cfdisk-add-hint-about-labels-for-bootable-flag.patch new file mode 100644 index 0000000..bd7d53f --- /dev/null +++ b/backport-cfdisk-add-hint-about-labels-for-bootable-flag.patch @@ -0,0 +1,49 @@ +From 793e8d2ab81324d0a712132b26ee16c08575101b Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 12 Jun 2023 12:33:01 +0200 +Subject: [PATCH] cfdisk: add hint about labels for bootable flag + +Addresses: https://github.com/util-linux/util-linux/discussions/2220 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/793e8d2ab81324d0a712132b26ee16c08575101b +Conflict:NA +--- + disk-utils/cfdisk.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/disk-utils/cfdisk.c b/disk-utils/cfdisk.c +index 5f4de8b48..2e29421d7 100644 +--- a/disk-utils/cfdisk.c ++++ b/disk-utils/cfdisk.c +@@ -1,7 +1,7 @@ + /* + * cfdisk.c - Display or manipulate a disk partition table. + * +- * Copyright (C) 2014-2015 Karel Zak ++ * Copyright (C) 2014-2023 Karel Zak + * Copyright (C) 1994 Kevin E. Martin (martin@cs.unc.edu) + * + * The original cfdisk was inspired by the fdisk program +@@ -2257,7 +2257,8 @@ static int ui_help(void) + " ", + N_("Command Meaning"), + N_("------- -------"), +- N_(" b Toggle bootable flag of the current partition"), ++ N_(" b Toggle bootable flag of the current partition;"), ++ N_(" implemented for DOS (MBR) and SGI labels only"), + N_(" d Delete the current partition"), + N_(" h Print this screen"), + N_(" n Create new partition from free space"), +@@ -2281,7 +2282,7 @@ static int ui_help(void) + N_("Use lsblk(8) or partx(8) to see more details about the device."), + " ", + " ", +- "Copyright (C) 2014-2017 Karel Zak " ++ "Copyright (C) 2014-2023 Karel Zak " + }; + + erase(); +-- +2.33.0 + diff --git a/backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch b/backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch new file mode 100644 index 0000000..81f0f29 --- /dev/null +++ b/backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch @@ -0,0 +1,28 @@ +From 72f801dbcd99bc1dcbfdb0bf8e1f5d2f1ad753c6 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 24 Jun 2024 09:46:37 +0200 +Subject: [PATCH] cfdisk: fix possible integer overflow [coverity scan] + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/72f801dbcd99bc1dcbfdb0bf8e1f5d2f1ad753c6 +Conflict:NA +--- + disk-utils/cfdisk.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/disk-utils/cfdisk.c b/disk-utils/cfdisk.c +index 7b619296..2e0aada4 100644 +--- a/disk-utils/cfdisk.c ++++ b/disk-utils/cfdisk.c +@@ -1733,6 +1733,8 @@ static int ui_table_goto(struct cfdisk *cf, int where) + + if (where < 0) + where = 0; ++ if (!nparts) ++ where = 0; + else if ((size_t) where > nparts - 1) + where = nparts - 1; + +-- +2.33.0 + diff --git a/backport-column-fix-l.patch b/backport-column-fix-l.patch new file mode 100644 index 0000000..5c4d94f --- /dev/null +++ b/backport-column-fix-l.patch @@ -0,0 +1,109 @@ +From 6dd30a72e7074493152e8ef9c76759218f489985 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 2 Aug 2023 12:57:37 +0200 +Subject: [PATCH] column: fix -l +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The original implementation is complicated and broken. + +It's possible to calculate the rest of the string (for the last +column) from the current position rather than calculate it +continuously. Use the last wcstok() result also means that it will +work as expected independently on "greedy" mode (skips repeating +separators. + + # printf 'a b c d\n1 2 3 4\n' | ./column -t -o '|' -l3 + a|b|c d + 1|2|3 4 + +(see space between 'a' and 'b' on input) + +References: 8ac75e31de0ece74515e98e0b22e54cc0a9808bd +Fixes: https://github.com/util-linux/util-linux/issues/1763 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/6dd30a72e7074493152e8ef9c76759218f489985 +Conflict:NA +--- + text-utils/column.c | 37 ++++++++++++++++--------------------- + 1 file changed, 16 insertions(+), 21 deletions(-) + +diff --git a/text-utils/column.c b/text-utils/column.c +index 88d46b9..79245cd 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -471,37 +471,33 @@ static void modify_table(struct column_control *ctl) + + static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + { +- wchar_t *wcdata, *sv = NULL, *wcs = wcs0; +- size_t n = 0, nchars = 0, skip = 0, len; ++ wchar_t *sv = NULL, *wcs = wcs0, *all = NULL; ++ size_t n = 0; + struct libscols_line *ln = NULL; + ++ + if (!ctl->tab) + init_table(ctl); + +- len = wcslen(wcs0); ++ if (ctl->maxncols) { ++ all = wcsdup(wcs0); ++ if (!all) ++ err(EXIT_FAILURE, _("failed to allocate input line")); ++ } + + do { + char *data; ++ wchar_t *wcdata = local_wcstok(ctl, wcs, &sv); ++ ++ if (!wcdata) ++ break; + + if (ctl->maxncols && n + 1 == ctl->maxncols) { +- if (nchars + skip < len) +- wcdata = wcs0 + (nchars + skip); +- else +- wcdata = NULL; +- } else { +- wcdata = local_wcstok(ctl, wcs, &sv); +- +- /* For the default separator ('greedy' mode) it uses +- * strtok() and it skips leading white chars. In this +- * case we need to remember size of the ignored white +- * chars due to wcdata calculation in maxncols case */ +- if (wcdata && ctl->greedy +- && n == 0 && nchars == 0 && wcdata > wcs) +- skip = wcdata - wcs; ++ /* Use rest of the string as column data */ ++ size_t skip = wcdata - wcs0; ++ wcdata = all + skip; + } + +- if (!wcdata) +- break; + if (scols_table_get_ncols(ctl->tab) < n + 1) { + if (scols_table_is_json(ctl->tab) && !ctl->hide_unnamed) + errx(EXIT_FAILURE, _("line %zu: for JSON the name of the " +@@ -517,8 +513,6 @@ static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + err(EXIT_FAILURE, _("failed to allocate output line")); + } + +- nchars += wcslen(wcdata) + 1; +- + data = wcs_to_mbs(wcdata); + if (!data) + err(EXIT_FAILURE, _("failed to allocate output data")); +@@ -530,6 +524,7 @@ static int add_line_to_table(struct column_control *ctl, wchar_t *wcs0) + break; + } while (1); + ++ free(all); + return 0; + } + +-- +2.33.0 + diff --git a/backport-column-fix-memory-leak.patch b/backport-column-fix-memory-leak.patch new file mode 100644 index 0000000..13504c8 --- /dev/null +++ b/backport-column-fix-memory-leak.patch @@ -0,0 +1,32 @@ +From aad8a6079a5cfcf27344a2efdba61017049a927d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Mon, 17 Jul 2023 21:07:18 +0200 +Subject: [PATCH] column: fix memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh + +Reference:https://github.com/util-linux/util-linux/commit/ +Conflict:NA +--- + text-utils/column.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/text-utils/column.c b/text-utils/column.c +index a443ab8b1..ad3d8f3d7 100644 +--- a/text-utils/column.c ++++ b/text-utils/column.c +@@ -667,6 +667,8 @@ static int read_input(struct column_control *ctl, FILE *fp) + } + } while (rc == 0); + ++ free(buf); ++ + return rc; + } + +-- +2.33.0 + diff --git a/backport-dmesg-print-object-closing-brace-while-waiting-for-n.patch b/backport-dmesg-print-object-closing-brace-while-waiting-for-n.patch new file mode 100644 index 0000000..5722ee7 --- /dev/null +++ b/backport-dmesg-print-object-closing-brace-while-waiting-for-n.patch @@ -0,0 +1,44 @@ +From 5740148a20be4ac84884c342199d90553c90f04d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 10 Mar 2024 10:43:20 +0100 +Subject: [PATCH] dmesg: print object closing brace while waiting for next + message +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Allow incremental parsers to process the full object as it is written by +dmesg. + +Closes #2833 + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/5740148a20be4ac84884c342199d90553c90f04d +Conflict:NA +--- + sys-utils/dmesg.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/sys-utils/dmesg.c b/sys-utils/dmesg.c +index 25c674be..e73cddf5 100644 +--- a/sys-utils/dmesg.c ++++ b/sys-utils/dmesg.c +@@ -1344,10 +1344,13 @@ full_output: + + done: + free(mesg_copy); +- if (ctl->json) ++ if (ctl->json) { + ul_jsonwrt_object_close(&ctl->jfmt); +- else ++ if (ctl->follow) ++ ul_jsonwrt_flush(&ctl->jfmt); ++ } else { + putchar('\n'); ++ } + } + + /* +-- +2.33.0 + diff --git a/backport-fsck.minix-fix-possible-overrun.patch b/backport-fsck.minix-fix-possible-overrun.patch new file mode 100644 index 0000000..10627e7 --- /dev/null +++ b/backport-fsck.minix-fix-possible-overrun.patch @@ -0,0 +1,28 @@ +From a972f4096b7c730acf57db35df01ea3788de986a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 30 Apr 2024 11:04:32 +0200 +Subject: [PATCH] fsck.minix: fix possible overrun + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/a972f4096b7c730acf57db35df01ea3788de986a +Conflict:NA +--- + disk-utils/fsck.minix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/disk-utils/fsck.minix.c b/disk-utils/fsck.minix.c +index 03a47460e..08903587b 100644 +--- a/disk-utils/fsck.minix.c ++++ b/disk-utils/fsck.minix.c +@@ -548,7 +548,7 @@ get_dirsize(void) { + block = Inode[ROOT_INO].i_zone[0]; + read_block(block, blk); + +- for (size = 16; size < MINIX_BLOCK_SIZE; size <<= 1) { ++ for (size = 16; size + 2 < MINIX_BLOCK_SIZE; size <<= 1) { + if (strcmp(blk + size + 2, "..") == 0) { + dirsize = size; + namelen = size - 2; +-- +2.33.0 + diff --git a/backport-hexdump-check-blocksize-when-display-data.patch b/backport-hexdump-check-blocksize-when-display-data.patch new file mode 100644 index 0000000..a47dae6 --- /dev/null +++ b/backport-hexdump-check-blocksize-when-display-data.patch @@ -0,0 +1,61 @@ +From dfa1ad272528a92384adac523cf2f2949b767d8d Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 27 Feb 2024 18:38:02 +0100 +Subject: [PATCH] hexdump: check blocksize when display data + +hexdump(1) stores input to buffer and apply format unit when prints +the output. The unit can move pointer which points to the buffer, but +code does not check for limits. + +Fixes: https://github.com/util-linux/util-linux/issues/2806 +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/dfa1ad272528a92384adac523cf2f2949b767d8d +Conflict:NA +--- + text-utils/hexdump-display.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/text-utils/hexdump-display.c b/text-utils/hexdump-display.c +index bc92bd0ca..c865127c8 100644 +--- a/text-utils/hexdump-display.c ++++ b/text-utils/hexdump-display.c +@@ -250,6 +250,8 @@ void display(struct hexdump *hex) + struct list_head *p, *q, *r; + + while ((bp = get(hex)) != NULL) { ++ ssize_t rem = hex->blocksize; ++ + fs = &hex->fshead; savebp = bp; saveaddress = address; + + list_for_each(p, fs) { +@@ -263,7 +265,7 @@ void display(struct hexdump *hex) + + cnt = fu->reps; + +- while (cnt) { ++ while (cnt && rem >= 0) { + list_for_each(r, &fu->prlist) { + pr = list_entry(r, struct hexdump_pr, prlist); + +@@ -280,12 +282,18 @@ void display(struct hexdump *hex) + print(pr, bp); + + address += pr->bcnt; ++ ++ rem -= pr->bcnt; ++ if (rem < 0) ++ break; ++ + bp += pr->bcnt; + } + --cnt; + } + } + bp = savebp; ++ rem = hex->blocksize; + address = saveaddress; + } + } +-- +2.33.0 + diff --git a/backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch b/backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch new file mode 100644 index 0000000..21bd507 --- /dev/null +++ b/backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch @@ -0,0 +1,37 @@ +From 68459714838c8c0c2d34b6d658638f5d59298bc7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 1 Oct 2023 13:57:12 +0200 +Subject: [PATCH] include/c.h: add helpers for unaligned structure access +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/68459714838c8c0c2d34b6d658638f5d59298bc7 +Conflict:NA +--- + include/c.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/include/c.h b/include/c.h +index 752f568c5..224a8e54f 100644 +--- a/include/c.h ++++ b/include/c.h +@@ -213,6 +213,14 @@ + (type *)( (char *)__mptr - offsetof(type,member) );}) + #endif + ++#define read_unaligned_member(p, m) __extension__ ({ \ ++ size_t offset = offsetof(__typeof__(* p), m); \ ++ __typeof__(p->m) v; \ ++ memcpy(&v, ((unsigned char *)p) + offset, sizeof(v)); \ ++ v; }) ++ ++#define member_ptr(p, m) (((unsigned char *)p) + offsetof(__typeof__(*p), m)) ++ + #ifndef HAVE_PROGRAM_INVOCATION_SHORT_NAME + # ifdef HAVE___PROGNAME + extern char *__progname; +-- +2.33.0 + diff --git a/backport-jsonwrt-add-ul_jsonwrt_flush.patch b/backport-jsonwrt-add-ul_jsonwrt_flush.patch new file mode 100644 index 0000000..7f55b41 --- /dev/null +++ b/backport-jsonwrt-add-ul_jsonwrt_flush.patch @@ -0,0 +1,47 @@ +From 79e77816c424e25d9299ea4d63f5c0c7cfe1844f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 10 Mar 2024 07:17:25 +0100 +Subject: [PATCH] jsonwrt: add ul_jsonwrt_flush +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/79e77816c424e25d9299ea4d63f5c0c7cfe1844f +Conflict:NA +--- + include/jsonwrt.h | 1 + + lib/jsonwrt.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/include/jsonwrt.h b/include/jsonwrt.h +index b450afcf..1944d993 100644 +--- a/include/jsonwrt.h ++++ b/include/jsonwrt.h +@@ -23,6 +23,7 @@ int ul_jsonwrt_is_ready(struct ul_jsonwrt *fmt); + void ul_jsonwrt_indent(struct ul_jsonwrt *fmt); + void ul_jsonwrt_open(struct ul_jsonwrt *fmt, const char *name, int type); + void ul_jsonwrt_close(struct ul_jsonwrt *fmt, int type); ++void ul_jsonwrt_flush(struct ul_jsonwrt *fmt); + + #define ul_jsonwrt_root_open(_f) ul_jsonwrt_open(_f, NULL, UL_JSON_OBJECT) + #define ul_jsonwrt_root_close(_f) ul_jsonwrt_close(_f, UL_JSON_OBJECT) +diff --git a/lib/jsonwrt.c b/lib/jsonwrt.c +index 243ed823..e21368de 100644 +--- a/lib/jsonwrt.c ++++ b/lib/jsonwrt.c +@@ -178,6 +178,11 @@ void ul_jsonwrt_close(struct ul_jsonwrt *fmt, int type) + fmt->after_close = 1; + } + ++void ul_jsonwrt_flush(struct ul_jsonwrt *fmt) ++{ ++ fflush(fmt->out); ++} ++ + void ul_jsonwrt_value_raw(struct ul_jsonwrt *fmt, + const char *name, const char *data) + { +-- +2.33.0 + diff --git a/backport-last-avoid-out-of-bounds-array-access.patch b/backport-last-avoid-out-of-bounds-array-access.patch new file mode 100644 index 0000000..d3568c4 --- /dev/null +++ b/backport-last-avoid-out-of-bounds-array-access.patch @@ -0,0 +1,30 @@ +From 75822efb8e948b538d9e9ccc329a5430fdabb7ea Mon Sep 17 00:00:00 2001 +From: biubiuzy <294772273@qq.com> +Date: Fri, 23 Feb 2024 17:44:12 +0800 +Subject: [PATCH] last: avoid out of bounds array access + +Reference:https://github.com/util-linux/util-linux/commit/75822efb8e948b538d9e9ccc329a5430fdabb7ea +Conflict:NA +--- + login-utils/last.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/login-utils/last.c b/login-utils/last.c +index bbbe817f8..f5a9fec08 100644 +--- a/login-utils/last.c ++++ b/login-utils/last.c +@@ -351,7 +351,10 @@ static int time_formatter(int fmt, char *dst, size_t dlen, time_t *when) + { + char buf[CTIME_BUFSIZ]; + +- ctime_r(when, buf); ++ if (!ctime_r(when, buf)) { ++ ret = -1; ++ break; ++ } + snprintf(dst, dlen, "%s", buf); + ret = rtrim_whitespace((unsigned char *) dst); + break; +-- +2.33.0 + diff --git a/backport-ldattach-don-t-call-exit-from-signal-handler.patch b/backport-ldattach-don-t-call-exit-from-signal-handler.patch new file mode 100644 index 0000000..5d166f0 --- /dev/null +++ b/backport-ldattach-don-t-call-exit-from-signal-handler.patch @@ -0,0 +1,33 @@ +From de13900d71a968e859ab7aece4537dfd87c7185c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Fri, 22 Sep 2023 20:21:38 +0200 +Subject: [PATCH] ldattach: don't call exit() from signal handler +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Instead use _exit(). + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/de13900d71a968e859ab7aece4537dfd87c7185c +Conflict:NA +--- + sys-utils/ldattach.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/ldattach.c b/sys-utils/ldattach.c +index 0a6b6f2d2..9c67eeec8 100644 +--- a/sys-utils/ldattach.c ++++ b/sys-utils/ldattach.c +@@ -257,7 +257,7 @@ static int my_cfsetspeed(struct termios *ts, int speed) + static void handler(int s) + { + dbg("got SIG %i -> exiting", s); +- exit(EXIT_SUCCESS); ++ _exit(EXIT_SUCCESS); + } + + static void gsm0710_set_conf(int tty_fd) +-- +2.33.0 + diff --git a/backport-lib-cpuset-exit-early-from-cpulist_parse.patch b/backport-lib-cpuset-exit-early-from-cpulist_parse.patch new file mode 100644 index 0000000..e242224 --- /dev/null +++ b/backport-lib-cpuset-exit-early-from-cpulist_parse.patch @@ -0,0 +1,43 @@ +From 566b1d348897a34016653d6de040688a2c0a136c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Thu, 1 Feb 2024 20:09:41 +0100 +Subject: [PATCH] lib/cpuset: exit early from cpulist_parse +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If `a` exceeds `max`, any increment of `a` will also `exceed` max. +In this case the CPU_SET_S will never do anything all additional loops +are wasted. + +Fixes #2748 + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/566b1d348897a34016653d6de040688a2c0a136c +Conflict:NA +--- + lib/cpuset.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/lib/cpuset.c b/lib/cpuset.c +index 643537f6d..533b8ab30 100644 +--- a/lib/cpuset.c ++++ b/lib/cpuset.c +@@ -326,8 +326,12 @@ int cpulist_parse(const char *str, cpu_set_t *set, size_t setsize, int fail) + if (!(a <= b)) + return 1; + while (a <= b) { +- if (fail && (a >= max)) +- return 2; ++ if (a >= max) { ++ if (fail) ++ return 2; ++ else ++ break; ++ } + CPU_SET_S(a, setsize, set); + a += s; + } +-- +2.33.0 + diff --git a/backport-lib-path-fix-possible-out-of-boundary-access.patch b/backport-lib-path-fix-possible-out-of-boundary-access.patch new file mode 100644 index 0000000..2f6afc5 --- /dev/null +++ b/backport-lib-path-fix-possible-out-of-boundary-access.patch @@ -0,0 +1,47 @@ +From 0129c883459894f3e7101cbfb987f08a2242474b Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Sun, 8 Oct 2023 20:41:29 +0200 +Subject: [PATCH] lib/path: fix possible out of boundary access + +If fgets reads from a file starting with a NUL byte in ul_path_cpuparse, +then the check for newline leads to an out of boundary access. + +Proof of Concept (compile with --enable-asan): + +1. Prepare /tmp/poc with required files +``` +$ install -d /tmp/poc/sys/devices/system/cpu +$ dd if=/dev/zero of=/tmp/poc/sys/devices/system/cpu/possible bs=1 count=1 +$ install -D /dev/null /tmp/poc/proc/cpuinfo +``` + +2. Run lscpu with sysroot option +``` +$ lscpu --sysroot /tmp/poc +================================================================= +==78238==ERROR: AddressSanitizer: heap-buffer-overflow +``` + +Signed-off-by: Tobias Stoeckmann +Reference:https://github.com/util-linux/util-linux/commit/0129c883459894f3e7101cbfb987f08a2242474b +Conflict:NA +--- + lib/path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/path.c b/lib/path.c +index bf15ab9..5114e44 100644 +--- a/lib/path.c ++++ b/lib/path.c +@@ -1013,7 +1013,7 @@ static int ul_path_cpuparse(struct path_cxt *pc, cpu_set_t **set, int maxcpus, i + return rc; + + len = strlen(buf); +- if (buf[len - 1] == '\n') ++ if (len > 0 && buf[len - 1] == '\n') + buf[len - 1] = '\0'; + + *set = cpuset_alloc(maxcpus, &setsize, NULL); +-- +2.33.0 + diff --git a/backport-libblkid-Check-offset-in-LUKS2-header.patch b/backport-libblkid-Check-offset-in-LUKS2-header.patch new file mode 100644 index 0000000..584d83a --- /dev/null +++ b/backport-libblkid-Check-offset-in-LUKS2-header.patch @@ -0,0 +1,84 @@ +From e49de00f4a22f91ec5af08d97e30a198cd64e00d Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Fri, 16 Feb 2024 16:44:12 +0100 +Subject: [PATCH] libblkid: Check offset in LUKS2 header + +LUKS2 binary header contains offset field that describes where +the header should be located. + +If this offset is not correct, blkid should tread this header +as invalid. + +This patch fixes problem when both swap and LUKS headers are +present (LUKS header was swapped out) and detected LUKS header +is at a wrong offset. +As LUKS has higher priority, it confuses detection. + +Signed-off-by: Milan Broz +Reference:https://github.com/util-linux/util-linux/commit/e49de00f4a22f91ec5af08d97e30a198cd64e00d +Conflict:Delete binary file +--- + libblkid/src/superblocks/luks.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/libblkid/src/superblocks/luks.c b/libblkid/src/superblocks/luks.c +index 0230b34..4623c98 100644 +--- a/libblkid/src/superblocks/luks.c ++++ b/libblkid/src/superblocks/luks.c +@@ -1,6 +1,6 @@ + /* + * Copyright (C) 2008 Karel Zak +- * Copyright (C) 2018 Milan Broz ++ * Copyright (C) 2018-2024 Milan Broz + * + * Inspired by libvolume_id by + * Kay Sievers +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #include "superblocks.h" + +@@ -96,6 +97,19 @@ static int luks_attributes(blkid_probe pr, struct luks2_phdr *header, uint64_t o + return BLKID_PROBE_OK; + } + ++static bool luks_valid(struct luks2_phdr *header, const char *magic, uint64_t offset) ++{ ++ if (memcmp(header->magic, magic, LUKS_MAGIC_L)) ++ return false; ++ ++ /* LUKS2 header is not at expected offset */ ++ if (be16_to_cpu(header->version) == 2 && ++ be64_to_cpu(header->hdr_offset) != offset) ++ return false; ++ ++ return true; ++} ++ + static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute__((__unused__))) + { + struct luks2_phdr *header; +@@ -105,7 +119,7 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute_ + if (!header) + return errno ? -errno : BLKID_PROBE_NONE; + +- if (!memcmp(header->magic, LUKS_MAGIC, LUKS_MAGIC_L)) { ++ if (luks_valid(header, LUKS_MAGIC, 0)) { + /* LUKS primary header was found. */ + return luks_attributes(pr, header, 0); + } +@@ -118,7 +132,7 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute_ + if (!header) + return errno ? -errno : BLKID_PROBE_NONE; + +- if (!memcmp(header->magic, LUKS_MAGIC_2, LUKS_MAGIC_L)) ++ if (luks_valid(header, LUKS_MAGIC_2, secondary_offsets[i])) + return luks_attributes(pr, header, secondary_offsets[i]); + } + +-- +2.33.0 + diff --git a/backport-libblkid-apfs-validate-checksums.patch b/backport-libblkid-apfs-validate-checksums.patch new file mode 100644 index 0000000..777d534 --- /dev/null +++ b/backport-libblkid-apfs-validate-checksums.patch @@ -0,0 +1,75 @@ +From 2011a616aa533c336f9242f25017ce7043557e4c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 6 Aug 2024 19:07:48 +0200 +Subject: [PATCH] libblkid: apfs: validate checksums +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The apfs superblock contains a checksum based on Fletcher-64. +Validate the checksum to make the probing more robust. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/2011a616aa533c336f9242f25017ce7043557e4c +Conflict:NA +--- + libblkid/src/superblocks/apfs.c | 36 ++++++++++++++++++++++++++++++++- + 1 file changed, 35 insertions(+), 1 deletion(-) + +diff --git a/libblkid/src/superblocks/apfs.c b/libblkid/src/superblocks/apfs.c +index b7f09f33..4557abcb 100644 +--- a/libblkid/src/superblocks/apfs.c ++++ b/libblkid/src/superblocks/apfs.c +@@ -35,7 +35,38 @@ struct apfs_super_block { + uint64_t read_only_features; + uint64_t incompatible_features; + uint8_t uuid[16]; +-}; ++ ++ uint8_t padding[4008]; // Pad to 4096 bytes for checksum ++} __attribute__((packed)); ++ ++static uint64_t apfs_fletcher64(const uint8_t *buf, size_t size) ++{ ++ uint64_t lo32 = 0, hi32 = 0, csum_hi; ++ uint32_t csum_low; ++ size_t i; ++ ++ for (i = 0; i < size / 4; i++) { ++ lo32 += le32_to_cpu(((uint32_t *)buf)[i]); ++ hi32 += lo32; ++ } ++ ++ csum_low = ~((lo32 + hi32) % UINT32_MAX); ++ csum_hi = ~((lo32 + csum_low) % UINT32_MAX); ++ ++ return csum_hi << 32 | csum_low; ++} ++ ++static int apfs_verify_checksum(blkid_probe pr, ++ const struct apfs_super_block *sb) ++{ ++ const size_t csummed_start_offset = offsetof(__typeof__(*sb), oid); ++ uint64_t csum; ++ ++ csum = apfs_fletcher64(((const uint8_t *)sb) + csummed_start_offset, ++ sizeof(*sb) - csummed_start_offset); ++ ++ return blkid_probe_verify_csum(pr, csum, le64_to_cpu(sb->checksum)); ++} + + static int probe_apfs(blkid_probe pr, const struct blkid_idmag *mag) + { +@@ -45,6 +76,9 @@ static int probe_apfs(blkid_probe pr, const struct blkid_idmag *mag) + if (!sb) + return errno ? -errno : BLKID_PROBE_NONE; + ++ if (!apfs_verify_checksum(pr, sb)) ++ return BLKID_PROBE_NONE; ++ + if (le16_to_cpu(sb->type) != APFS_CONTAINER_SUPERBLOCK_TYPE) + return BLKID_PROBE_NONE; + +-- +2.33.0 + diff --git a/backport-libblkid-avoid-aligning-out-of-probing-area.patch b/backport-libblkid-avoid-aligning-out-of-probing-area.patch new file mode 100644 index 0000000..9748029 --- /dev/null +++ b/backport-libblkid-avoid-aligning-out-of-probing-area.patch @@ -0,0 +1,48 @@ +From 025b11465d086c55948eff484f40c993f2184990 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Fri, 12 Jan 2024 08:47:50 +0100 +Subject: [PATCH] libblkid: avoid aligning out of probing area +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When reading from the end of the device the IO size alignment could +enlarge the read buffer outside of the probing area. +This would then trigger a read failure. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/025b11465d086c55948eff484f40c993f2184990 +Conflict:Context adapt +--- + libblkid/src/probe.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c +index fee5b55..0e716b5 100644 +--- a/libblkid/src/probe.c ++++ b/libblkid/src/probe.c +@@ -648,13 +648,18 @@ static int hide_buffer(blkid_probe pr, uint64_t off, uint64_t len) + unsigned char *blkid_probe_get_buffer(blkid_probe pr, uint64_t off, uint64_t len) + { + struct blkid_bufinfo *bf = NULL; +- uint64_t real_off, bias; ++ uint64_t real_off, bias, len_align; + + bias = off % pr->io_size; + off -= bias; + len += bias; +- if (len % pr->io_size) +- len += pr->io_size - (len % pr->io_size); ++ ++ if (len % pr->io_size) { ++ len_align = pr->io_size - (len % pr->io_size); ++ ++ if (pr->off + off + len + len_align <= pr->size) ++ len += len_align; ++ } + + real_off = pr->off + off; + +-- +2.33.0 + diff --git a/backport-libblkid-avoid-memory-leak-of-cachefile-path.patch b/backport-libblkid-avoid-memory-leak-of-cachefile-path.patch new file mode 100644 index 0000000..e5e0e0a --- /dev/null +++ b/backport-libblkid-avoid-memory-leak-of-cachefile-path.patch @@ -0,0 +1,30 @@ +From beead87f3b65b1e9149d27779f5aac215a1f8b24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Fri, 22 Sep 2023 11:20:04 +0200 +Subject: [PATCH] libblkid: avoid memory leak of cachefile path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/beead87f3b65b1e9149d27779f5aac215a1f8b24 +Conflict:NA +--- + libblkid/src/config.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libblkid/src/config.c b/libblkid/src/config.c +index f229b3e63..d3f5eea3d 100644 +--- a/libblkid/src/config.c ++++ b/libblkid/src/config.c +@@ -155,6 +155,7 @@ dflt: + fclose(f); + return conf; + err: ++ free(conf->cachefile); + free(conf); + fclose(f); + return NULL; +-- +2.33.0 + diff --git a/backport-libblkid-constify-cached-disk-data.patch b/backport-libblkid-constify-cached-disk-data.patch new file mode 100644 index 0000000..144959d --- /dev/null +++ b/backport-libblkid-constify-cached-disk-data.patch @@ -0,0 +1,44 @@ +From 7eba8f98bdc3ed9c0ef1c8527aa61e1a3656449c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Thu, 18 May 2023 22:37:10 +0200 +Subject: [PATCH] libblkid: constify cached disk data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The data returned from blkid_probe_get_buffer() and friends may or may +not be cached between different calls. +If one copy is modified this may not be visible in other copies. + +This issue can be avoided by making any modification illegal. + +See also #2165 + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/7eba8f98bdc3ed9c0ef1c8527aa61e1a3656449c +Conflict:modify raid1_verify_csum +--- + libblkid/src/superblocks/linux_raid.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/libblkid/src/superblocks/linux_raid.c b/libblkid/src/superblocks/linux_raid.c +index 360cd4e..ed2dbb2 100644 +--- a/libblkid/src/superblocks/linux_raid.c ++++ b/libblkid/src/superblocks/linux_raid.c +@@ -191,11 +191,10 @@ static int raid1_verify_csum(blkid_probe pr, off_t off, + if (!csummed) + return 1; + +- memset(csummed + offsetof(struct mdp1_super_block, sb_csum), 0, +- sizeof(mdp1->sb_csum)); +- + uint64_t csum = 0; + ++ csum -= le32_to_cpu(*(uint32_t *) (csummed + offsetof(struct mdp1_super_block, sb_csum))); ++ + while (csummed_size >= 4) { + csum += le32_to_cpu(*(uint32_t *) csummed); + csummed_size -= 4; +-- +2.33.0 + diff --git a/backport-libblkid-drbd-reduce-false-positive.patch b/backport-libblkid-drbd-reduce-false-positive.patch new file mode 100644 index 0000000..8343706 --- /dev/null +++ b/backport-libblkid-drbd-reduce-false-positive.patch @@ -0,0 +1,52 @@ +From 4d19f9bec7997e90b36422c6779ec1d98def95f3 Mon Sep 17 00:00:00 2001 +From: biubiuzy <294772273@qq.com> +Date: Wed, 17 Jan 2024 11:23:47 +0800 +Subject: [PATCH] libblkid: (drbd) reduce false-positive + +Reference:https://github.com/util-linux/util-linux/commit/4d19f9bec7997e90b36422c6779ec1d98def95f3 +Conflict:Context adapt +--- + libblkid/src/superblocks/drbd.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/libblkid/src/superblocks/drbd.c b/libblkid/src/superblocks/drbd.c +index 1723229..410e21d 100644 +--- a/libblkid/src/superblocks/drbd.c ++++ b/libblkid/src/superblocks/drbd.c +@@ -18,6 +18,13 @@ + + #include "superblocks.h" + ++/* ++ * drbd/drbd_int.h ++ */ ++#define BM_BLOCK_SHIFT 12 /* 4k per bit */ ++#define BM_BLOCK_SIZE (1<magic) != DRBD_MD_MAGIC_84_UNCLEAN) + return 1; + ++ if (be32_to_cpu(read_unaligned_member(md, bm_bytes_per_bit)) != BM_BLOCK_SIZE) ++ return 1; ++ + if (!is_zero_padded(member_ptr(md, padding_start), + member_ptr(md, padding_end))) + return 1; +@@ -201,6 +211,9 @@ static int probe_drbd_90(blkid_probe pr) + if (be32_to_cpu(md->magic) != DRBD_MD_MAGIC_09) + return 1; + ++ if (be32_to_cpu(read_unaligned_member(md, bm_bytes_per_bit)) != BM_BLOCK_SIZE) ++ return 1; ++ + if (!is_zero_padded(member_ptr(md, padding_start), + member_ptr(md, padding_end))) + return 1; +-- +2.33.0 + diff --git a/backport-libblkid-drbd-validate-zero-padding.patch b/backport-libblkid-drbd-validate-zero-padding.patch new file mode 100644 index 0000000..659a4d0 --- /dev/null +++ b/backport-libblkid-drbd-validate-zero-padding.patch @@ -0,0 +1,83 @@ +From 4ee2db2a221f6404f9fe9470da7c384a25cceea3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Fri, 12 Jan 2024 08:50:14 +0100 +Subject: [PATCH] libblkid: (drbd) validate zero padding +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This should reduce false-positives. + +See #2701. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/4ee2db2a221f6404f9fe9470da7c384a25cceea3 +Conflict:Context adapt +--- + libblkid/src/superblocks/drbd.c | 27 +++++++++++++++++++++------ + 1 file changed, 21 insertions(+), 6 deletions(-) + +diff --git a/libblkid/src/superblocks/drbd.c b/libblkid/src/superblocks/drbd.c +index f360186..1723229 100644 +--- a/libblkid/src/superblocks/drbd.c ++++ b/libblkid/src/superblocks/drbd.c +@@ -70,9 +70,8 @@ struct md_on_disk_08 { + uint32_t bm_bytes_per_bit; + uint32_t reserved_u32[4]; + +- /* Unnecessary for libblkid ** +- * char reserved[8 * 512 - (8*(UI_SIZE+3)+4*11)]; +- */ ++ unsigned char padding_start[0]; ++ unsigned char padding_end[0] __attribute__((aligned(4096))); + }; + + /* +@@ -118,11 +117,19 @@ struct meta_data_on_disk_9 { + struct peer_dev_md_on_disk_9 peers[DRBD_PEERS_MAX]; + uint64_t history_uuids[HISTORY_UUIDS]; + +- /* Unnecessary for libblkid ** +- * char padding[0] __attribute__((aligned(4096))); +- */ ++ unsigned char padding_start[0]; ++ unsigned char padding_end[0] __attribute__((aligned(4096))); + } __attribute__((packed)); + ++static int is_zero_padded(const unsigned char *padding_start, ++ const unsigned char *padding_end) ++{ ++ for (; padding_start < padding_end; padding_start++) { ++ if (*padding_start != 0) ++ return 0; ++ } ++ return 1; ++} + + static int probe_drbd_84(blkid_probe pr) + { +@@ -146,6 +153,10 @@ static int probe_drbd_84(blkid_probe pr) + be32_to_cpu(md->magic) != DRBD_MD_MAGIC_84_UNCLEAN) + return 1; + ++ if (!is_zero_padded(member_ptr(md, padding_start), ++ member_ptr(md, padding_end))) ++ return 1; ++ + /* + * DRBD does not have "real" uuids; the following resembles DRBD's + * notion of uuids (64 bit, see struct above) +@@ -190,6 +201,10 @@ static int probe_drbd_90(blkid_probe pr) + if (be32_to_cpu(md->magic) != DRBD_MD_MAGIC_09) + return 1; + ++ if (!is_zero_padded(member_ptr(md, padding_start), ++ member_ptr(md, padding_end))) ++ return 1; ++ + /* + * DRBD does not have "real" uuids; the following resembles DRBD's + * notion of uuids (64 bit, see struct above) +-- +2.33.0 + diff --git a/backport-libblkid-hfsplus-reduce-false-positive.patch b/backport-libblkid-hfsplus-reduce-false-positive.patch new file mode 100644 index 0000000..fcf5ac2 --- /dev/null +++ b/backport-libblkid-hfsplus-reduce-false-positive.patch @@ -0,0 +1,61 @@ +From 9f492c4963bb1a003de400a9d1fc0872a3b213d3 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 10 Jan 2024 09:35:35 +0100 +Subject: [PATCH] libblkid: (hfsplus) reduce false positive + +Fixes: https://github.com/util-linux/util-linux/issues/2692 +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/9f492c4963bb1a003de400a9d1fc0872a3b213d3 +Conflict:NA +--- + libblkid/src/superblocks/hfs.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/libblkid/src/superblocks/hfs.c b/libblkid/src/superblocks/hfs.c +index 184c98e0d..5066827c0 100644 +--- a/libblkid/src/superblocks/hfs.c ++++ b/libblkid/src/superblocks/hfs.c +@@ -217,6 +217,10 @@ static int probe_hfsplus(blkid_probe pr, const struct blkid_idmag *mag) + return 1; + + alloc_block_size = be32_to_cpu(sbd->al_blk_size); ++ if (alloc_block_size < HFSPLUS_SECTOR_SIZE || ++ alloc_block_size % HFSPLUS_SECTOR_SIZE) ++ return 1; ++ + alloc_first_block = be16_to_cpu(sbd->al_bl_st); + embed_first_block = be16_to_cpu(sbd->embed_startblock); + off = (alloc_first_block * 512) + +@@ -238,17 +242,23 @@ static int probe_hfsplus(blkid_probe pr, const struct blkid_idmag *mag) + (memcmp(hfsplus->signature, "HX", 2) != 0)) + return 1; + +- hfs_set_uuid(pr, hfsplus->finder_info.id, sizeof(hfsplus->finder_info.id)); +- ++ /* Verify blocksize is initialized */ + blocksize = be32_to_cpu(hfsplus->blocksize); +- if (blocksize < HFSPLUS_SECTOR_SIZE) ++ if (blocksize < HFSPLUS_SECTOR_SIZE || !is_power_of_2(blocksize)) + return 1; + +- blkid_probe_set_fsblocksize(pr, blocksize); +- blkid_probe_set_block_size(pr, blocksize); +- ++ /* Save extends (hfsplus buffer may be later overwritten) */ + memcpy(extents, hfsplus->cat_file.extents, sizeof(extents)); ++ ++ /* Make sure start_block is properly initialized */ + cat_block = be32_to_cpu(extents[0].start_block); ++ if (off + ((uint64_t) cat_block * blocksize) > pr->size) ++ return 1; ++ ++ hfs_set_uuid(pr, hfsplus->finder_info.id, sizeof(hfsplus->finder_info.id)); ++ ++ blkid_probe_set_fsblocksize(pr, blocksize); ++ blkid_probe_set_block_size(pr, blocksize); + + buf = blkid_probe_get_buffer(pr, + off + ((uint64_t) cat_block * blocksize), 0x2000); +-- +2.33.0 + diff --git a/backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch b/backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch new file mode 100644 index 0000000..400ce0a --- /dev/null +++ b/backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch @@ -0,0 +1,42 @@ +From 0cf52fc4a03db3c59ad31bde4e9a28b5642086dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 26 Sep 2023 00:27:22 +0200 +Subject: [PATCH] libblkid: (ntfs) validate that sector_size is a power of two +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The NTFS prober reads data based off an offset of the sector size. +If the sector size is unaligned and the read data is cached then other +probers can read unaligned values. + +Sector sizes for NTFS actually only make sense as power-of-two so +validate that and as a sideeffect avoid the unaligned reads. + +Also add the reproducer from OSS-Fuzz that found this issue. + +Fixes #2509 + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/0cf52fc4a03db3c59ad31bde4e9a28b5642086dc +Conflict:NA +--- + libblkid/src/superblocks/ntfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c +index dced699..0c4f297 100644 +--- a/libblkid/src/superblocks/ntfs.c ++++ b/libblkid/src/superblocks/ntfs.c +@@ -97,7 +97,7 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_ + */ + sector_size = le16_to_cpu(ns->bpb.sector_size); + +- if (sector_size < 256 || sector_size > 4096) ++ if (sector_size < 256 || sector_size > 4096 || !is_power_of_2(sector_size)) + return 1; + + switch (ns->bpb.sectors_per_cluster) { +-- +2.33.0 + diff --git a/backport-libblkid-probe-read-data-in-chunks.patch b/backport-libblkid-probe-read-data-in-chunks.patch new file mode 100644 index 0000000..6b970e2 --- /dev/null +++ b/backport-libblkid-probe-read-data-in-chunks.patch @@ -0,0 +1,121 @@ +From 8a534253bc52f453db21af02299efacd12f40fda Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sat, 30 Sep 2023 23:59:44 +0200 +Subject: [PATCH] libblkid: (probe) read data in chunks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/8a534253bc52f453db21af02299efacd12f40fda +Conflict:context adapt +--- + libblkid/src/blkidP.h | 1 + + libblkid/src/probe.c | 39 ++++++++++++++++++++++++++++++++++----- + 2 files changed, 35 insertions(+), 5 deletions(-) + +diff --git a/libblkid/src/blkidP.h b/libblkid/src/blkidP.h +index 007cc35..00ca5a9 100644 +--- a/libblkid/src/blkidP.h ++++ b/libblkid/src/blkidP.h +@@ -205,6 +205,7 @@ struct blkid_struct_probe + int fd; /* device file descriptor */ + uint64_t off; /* begin of data on the device */ + uint64_t size; /* end of data on the device */ ++ uint64_t io_size; /* optimal size of IO */ + + dev_t devno; /* device number (st.st_rdev) */ + dev_t disk_devno; /* devno of the whole-disk or 0 */ +diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c +index b429949..da153e9 100644 +--- a/libblkid/src/probe.c ++++ b/libblkid/src/probe.c +@@ -182,6 +182,7 @@ blkid_probe blkid_clone_probe(blkid_probe parent) + pr->fd = parent->fd; + pr->off = parent->off; + pr->size = parent->size; ++ pr->io_size = parent->io_size; + pr->devno = parent->devno; + pr->disk_devno = parent->disk_devno; + pr->blkssz = parent->blkssz; +@@ -672,13 +673,21 @@ static int hide_buffer(blkid_probe pr, uint64_t off, uint64_t len) + unsigned char *blkid_probe_get_buffer(blkid_probe pr, uint64_t off, uint64_t len) + { + struct blkid_bufinfo *bf = NULL; +- uint64_t real_off = pr->off + off; ++ uint64_t real_off, bias; ++ ++ bias = off % pr->io_size; ++ off -= bias; ++ len += bias; ++ if (len % pr->io_size) ++ len += pr->io_size - (len % pr->io_size); ++ ++ real_off = pr->off + off; + + /* + DBG(BUFFER, ul_debug("\t>>>> off=%ju, real-off=%ju (probe <%ju..%ju>, len=%ju", + off, real_off, pr->off, pr->off + pr->size, len)); + */ +- if (pr->size == 0) { ++ if (pr->size == 0 || pr->io_size == 0) { + errno = EINVAL; + return NULL; + } +@@ -725,7 +734,7 @@ unsigned char *blkid_probe_get_buffer(blkid_probe pr, uint64_t off, uint64_t len + assert(bf->off + bf->len >= real_off + len); + + errno = 0; +- return real_off ? bf->data + (real_off - bf->off) : bf->data; ++ return real_off ? bf->data + (real_off - bf->off + bias) : bf->data + bias; + } + + /** +@@ -891,6 +900,22 @@ failed: + + #endif + ++static uint64_t blkid_get_io_size(int fd) ++{ ++ static const int ioctls[] = { BLKIOOPT, BLKIOMIN, BLKBSZGET }; ++ unsigned int s; ++ size_t i; ++ int r; ++ ++ for (i = 0; i < ARRAY_SIZE(ioctls); i++) { ++ r = ioctl(fd, ioctls[i], &s); ++ if (r == 0 && is_power_of_2(s) && s >= DEFAULT_SECTOR_SIZE) ++ return min(s, 1U << 16); ++ } ++ ++ return DEFAULT_SECTOR_SIZE; ++} ++ + /** + * blkid_probe_set_device: + * @pr: probe +@@ -934,6 +959,7 @@ int blkid_probe_set_device(blkid_probe pr, int fd, + pr->fd = fd; + pr->off = (uint64_t) off; + pr->size = 0; ++ pr->io_size = DEFAULT_SECTOR_SIZE; + pr->devno = 0; + pr->disk_devno = 0; + pr->mode = 0; +@@ -1097,8 +1123,11 @@ int blkid_probe_set_device(blkid_probe pr, int fd, + } + # endif + +- DBG(LOWPROBE, ul_debug("ready for low-probing, offset=%"PRIu64", size=%"PRIu64", zonesize=%"PRIu64, +- pr->off, pr->size, pr->zone_size)); ++ if (S_ISBLK(sb.st_mode) && !is_floppy && !blkid_probe_is_tiny(pr)) ++ pr->io_size = blkid_get_io_size(fd); ++ ++ DBG(LOWPROBE, ul_debug("ready for low-probing, offset=%"PRIu64", size=%"PRIu64", zonesize=%"PRIu64", iosize=%"PRIu64, ++ pr->off, pr->size, pr->zone_size, pr->io_size)); + DBG(LOWPROBE, ul_debug("whole-disk: %s, regfile: %s", + blkid_probe_is_wholedisk(pr) ?"YES" : "NO", + S_ISREG(pr->mode) ? "YES" : "NO")); +-- +2.33.0 + diff --git a/backport-libblkid-reset-errno-before-calling-probefuncs.patch b/backport-libblkid-reset-errno-before-calling-probefuncs.patch new file mode 100644 index 0000000..4ed7951 --- /dev/null +++ b/backport-libblkid-reset-errno-before-calling-probefuncs.patch @@ -0,0 +1,60 @@ +From 4bc69757312cad09f0cd9dc0c04f483a76176203 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Mon, 2 Oct 2023 22:24:21 +0200 +Subject: [PATCH] libblkid: reset errno before calling probefuncs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The probers optionally use errno to communicate error details. +When a leftover errno is set from libblkid internally this can confuse +the probers. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/4bc69757312cad09f0cd9dc0c04f483a76176203 +Conflict:NA +--- + libblkid/src/partitions/partitions.c | 1 + + libblkid/src/superblocks/superblocks.c | 1 + + libblkid/src/topology/topology.c | 1 + + 3 files changed, 3 insertions(+) + +diff --git a/libblkid/src/partitions/partitions.c b/libblkid/src/partitions/partitions.c +index 0e38cf4..38ec8df 100644 +--- a/libblkid/src/partitions/partitions.c ++++ b/libblkid/src/partitions/partitions.c +@@ -555,6 +555,7 @@ static int idinfo_probe(blkid_probe pr, const struct blkid_idinfo *id, + if (id->probefunc) { + DBG(LOWPROBE, ul_debug( + "%s: ---> call probefunc()", id->name)); ++ errno = 0; + rc = id->probefunc(pr, mag); + if (rc < 0) { + /* reset after error */ +diff --git a/libblkid/src/superblocks/superblocks.c b/libblkid/src/superblocks/superblocks.c +index f213655..09ac45e 100644 +--- a/libblkid/src/superblocks/superblocks.c ++++ b/libblkid/src/superblocks/superblocks.c +@@ -410,6 +410,7 @@ static int superblocks_probe(blkid_probe pr, struct blkid_chain *chn) + /* final check by probing function */ + if (id->probefunc) { + DBG(LOWPROBE, ul_debug("\tcall probefunc()")); ++ errno = 0; + rc = id->probefunc(pr, mag); + if (rc != BLKID_PROBE_OK) { + blkid_probe_chain_reset_values(pr, chn); +diff --git a/libblkid/src/topology/topology.c b/libblkid/src/topology/topology.c +index 53007d1..e8b9ba8 100644 +--- a/libblkid/src/topology/topology.c ++++ b/libblkid/src/topology/topology.c +@@ -180,6 +180,7 @@ static int topology_probe(blkid_probe pr, struct blkid_chain *chn) + + if (id->probefunc) { + DBG(LOWPROBE, ul_debug("%s: call probefunc()", id->name)); ++ errno = 0; + if (id->probefunc(pr, NULL) != 0) + continue; + } +-- +2.33.0 + diff --git a/backport-libfdisk-sun-properly-initialize-partition-data.patch b/backport-libfdisk-sun-properly-initialize-partition-data.patch new file mode 100644 index 0000000..7afe44c --- /dev/null +++ b/backport-libfdisk-sun-properly-initialize-partition-data.patch @@ -0,0 +1,33 @@ +From 5672ba4fb56cce00615b235210d3801a0353c42f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 24 Dec 2023 13:32:56 +0100 +Subject: [PATCH] libfdisk: (sun) properly initialize partition data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/5672ba4fb56cce00615b235210d3801a0353c42f +Conflict:NA +--- + libfdisk/src/sun.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libfdisk/src/sun.c b/libfdisk/src/sun.c +index dde9750a0..66fd22380 100644 +--- a/libfdisk/src/sun.c ++++ b/libfdisk/src/sun.c +@@ -383,6 +383,10 @@ static void fetch_sun(struct fdisk_context *cxt, + lens[i] = 0; + } + } ++ for (i = cxt->label->nparts_max; i < SUN_MAXPARTITIONS; i++) { ++ starts[i] = 0; ++ lens[i] = 0; ++ } + } + + /* non-Linux qsort_r(3) has usually differently ordered arguments */ +-- +2.33.0 + diff --git a/backport-libmount-cleanup-fake-mode.patch b/backport-libmount-cleanup-fake-mode.patch new file mode 100644 index 0000000..203341e --- /dev/null +++ b/backport-libmount-cleanup-fake-mode.patch @@ -0,0 +1,167 @@ +From 39cd698282e51b3ce84aee72d7ff00063ae9a83f Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 1 Aug 2023 14:49:48 +0200 +Subject: [PATCH] libmount: cleanup --fake mode + +It was originally designed to play nasty games with /etc/mtab (mount +when /etc is read-only and update later when it's write-able). + +The --fake is completely useless with the new API due to complexity +where we cannot skip any step, because the next stuff depends on it. +So, it makes more sense skip all functionality where libmount does +anything significant. + +This commit add --fake check to hooks logic to skip all hooks as the +hooks are place where libmount implements mount related invasive +operations (create mountpoint, namespaces, create superblock, move, +mount, etc.). + +Frankly, --fake without mtab is useless. + +Fixes: https://github.com/util-linux/util-linux/issues/2395 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/b42e4e2350a26b13a6165b78990e8814535ceb80 +Conflict:NA +--- + libmount/src/context_mount.c | 5 +++++ + libmount/src/hook_mount.c | 7 ------- + libmount/src/hook_mount_legacy.c | 18 ------------------ + libmount/src/hooks.c | 12 ++++++++++-- + sys-utils/mount.8.adoc | 6 +++++- + 5 files changed, 20 insertions(+), 28 deletions(-) + +diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c +index d0da770..6ef6804 100644 +--- a/libmount/src/context_mount.c ++++ b/libmount/src/context_mount.c +@@ -541,6 +541,11 @@ static int do_mount(struct libmnt_context *cxt, const char *try_type) + if (!rc) + rc = mnt_context_call_hooks(cxt, MNT_STAGE_MOUNT); + ++ if (rc == 0 && mnt_context_is_fake(cxt)) { ++ DBG(CXT, ul_debugobj(cxt, "FAKE (-f) set status=0")); ++ cxt->syscall_status = 0; ++ } ++ + if (org_type && rc != 0) { + __mnt_fs_set_fstype_ptr(cxt->fs, org_type); + org_type = NULL; +diff --git a/libmount/src/hook_mount.c b/libmount/src/hook_mount.c +index 1597d62..ac50428 100644 +--- a/libmount/src/hook_mount.c ++++ b/libmount/src/hook_mount.c +@@ -580,9 +580,6 @@ static int init_sysapi(struct libmnt_context *cxt, + if (!api) + return -ENOMEM; + +- if (mnt_context_is_fake(cxt)) +- goto fake; +- + if (path) { + api->fd_tree = open_mount_tree(cxt, path, flags); + if (api->fd_tree < 0) +@@ -615,10 +612,6 @@ static int init_sysapi(struct libmnt_context *cxt, + fail: + DBG(HOOK, ul_debugobj(hs, "init fs/tree failed [errno=%d %m]", errno)); + return -errno; +-fake: +- DBG(CXT, ul_debugobj(cxt, " FAKE (-f)")); +- cxt->syscall_status = 0; +- return 0; + } + + static int force_classic_mount(struct libmnt_context *cxt) +diff --git a/libmount/src/hook_mount_legacy.c b/libmount/src/hook_mount_legacy.c +index 2c07a01..7e62864 100644 +--- a/libmount/src/hook_mount_legacy.c ++++ b/libmount/src/hook_mount_legacy.c +@@ -61,12 +61,6 @@ static int hook_propagation(struct libmnt_context *cxt, + hd->flags, + hd->flags & MS_REC ? " (recursive)" : "")); + +- if (mnt_context_is_fake(cxt)) { +- DBG(CXT, ul_debugobj(cxt, " FAKE (-f)")); +- cxt->syscall_status = 0; +- return 0; +- } +- + /* + * hd->flags are propagation flags as set in prepare_propagation() + * +@@ -156,12 +150,6 @@ static int hook_bindremount(struct libmnt_context *cxt, + hd->flags, + hd->flags & MS_REC ? " (recursive)" : "")); + +- if (mnt_context_is_fake(cxt)) { +- DBG(CXT, ul_debugobj(cxt, " FAKE (-f)")); +- cxt->syscall_status = 0; +- return 0; +- } +- + if (mnt_optlist_is_silent(cxt->optlist)) + extra |= MS_SILENT; + +@@ -251,12 +239,6 @@ static int hook_mount(struct libmnt_context *cxt, + options ? (cxt->flags & MNT_FL_MOUNTDATA) ? "binary" : + options : "")); + +- if (mnt_context_is_fake(cxt)) { +- DBG(HOOK, ul_debugobj(hs, " FAKE (-f)")); +- cxt->syscall_status = 0; +- return 0; +- } +- + if (mount(src, target, type, flags, options)) { + cxt->syscall_status = -errno; + cxt->syscall_name = "mount"; +diff --git a/libmount/src/hooks.c b/libmount/src/hooks.c +index 88cf68d..2d79162 100644 +--- a/libmount/src/hooks.c ++++ b/libmount/src/hooks.c +@@ -313,7 +313,12 @@ int mnt_context_has_hook(struct libmnt_context *cxt, + + static int call_hook(struct libmnt_context *cxt, struct hookset_hook *hook) + { +- int rc = hook->func(cxt, hook->hookset, hook->data); ++ int rc = 0; ++ ++ if (mnt_context_is_fake(cxt)) ++ DBG(CXT, ul_debugobj(cxt, " FAKE call")); ++ else ++ rc = hook->func(cxt, hook->hookset, hook->data); + + hook->executed = 1; + if (!rc) +@@ -359,7 +364,10 @@ int mnt_context_call_hooks(struct libmnt_context *cxt, int stage) + + DBG(CXT, ul_debugobj(cxt, "calling %s [first]", hs->name)); + +- rc = hs->firstcall(cxt, hs, NULL); ++ if (mnt_context_is_fake(cxt)) ++ DBG(CXT, ul_debugobj(cxt, " FAKE call")); ++ else ++ rc = hs->firstcall(cxt, hs, NULL); + if (!rc) + rc = call_depend_hooks(cxt, hs->name, stage); + if (rc < 0) +diff --git a/sys-utils/mount.8.adoc b/sys-utils/mount.8.adoc +index 60661d8..71e3723 100644 +--- a/sys-utils/mount.8.adoc ++++ b/sys-utils/mount.8.adoc +@@ -325,7 +325,11 @@ Note that *mount* does not pass this option to the **/sbin/mount.**__type__ help + (Used in conjunction with *-a*.) Fork off a new incarnation of *mount* for each device. This will do the mounts on different devices or different NFS servers in parallel. This has the advantage that it is faster; also NFS timeouts proceed in parallel. A disadvantage is that the order of the mount operations is undefined. Thus, you cannot use this option if you want to mount both _/usr_ and _/usr/spool_. + + *-f, --fake*:: +-Causes everything to be done except for the actual system call; if it's not obvious, this "fakes" mounting the filesystem. This option is useful in conjunction with the *-v* flag to determine what the *mount* command is trying to do. It can also be used to add entries for devices that were mounted earlier with the *-n* option. The *-f* option checks for an existing record in _/etc/mtab_ and fails when the record already exists (with a regular non-fake mount, this check is done by the kernel). ++Causes everything to be done except for the mount-related system calls. The --fake option was originally designed to write an entry to /etc/mtab without actually mounting. +++ ++The /etc/mtab is no longer maintained in userspace, and starting from version 2.39, the mount operation can be a complex chain of operations with dependencies between the syscalls. The --fake option forces libmount to skip all mount source preparation, mount option analysis, and the actual mounting process. +++ ++The difference between fake and non-fake execution is huge. This is the reason why the --fake option has minimal significance for the current mount(8) implementation and it is maintained mostly for backward compatibility. + + *-i, --internal-only*:: + Don't call the **/sbin/mount.**__filesystem__ helper even if it exists. +-- +2.33.0 + diff --git a/backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch b/backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch new file mode 100644 index 0000000..f6e4e79 --- /dev/null +++ b/backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch @@ -0,0 +1,36 @@ +From c8448495049b22e6ee30c84c377e61f65d886ca3 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 6 Nov 2023 11:40:27 +0100 +Subject: [PATCH] libmount: fix possible NULL dereference [coverity scan] + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/c8448495049b22e6ee30c84c377e61f65d886ca3 +Conflict:NA +--- + libmount/src/tab.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libmount/src/tab.c b/libmount/src/tab.c +index 5c2d5c868..972566467 100644 +--- a/libmount/src/tab.c ++++ b/libmount/src/tab.c +@@ -660,7 +660,7 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr, + { + struct libmnt_fs *fs, *chfs = NULL; + int parent_id, lastchld_id = 0, chld_id = 0; +- int direction = mnt_iter_get_direction(itr); ++ int direction; + + if (!tb || !itr || !parent || !is_mountinfo(tb)) + return -EINVAL; +@@ -668,6 +668,7 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr, + DBG(TAB, ul_debugobj(tb, "lookup next child of '%s'", + mnt_fs_get_target(parent))); + parent_id = mnt_fs_get_id(parent); ++ direction = mnt_iter_get_direction(itr); + + /* get ID of the previously returned child */ + if (itr->head && itr->p != itr->head) { +-- +2.33.0 + diff --git a/backport-libsmartcols-drop-spourious-newline-in-between-strea.patch b/backport-libsmartcols-drop-spourious-newline-in-between-strea.patch new file mode 100644 index 0000000..346392d --- /dev/null +++ b/backport-libsmartcols-drop-spourious-newline-in-between-strea.patch @@ -0,0 +1,34 @@ +From b2b0bf88d35513a746c144f35826eb47692386dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 12 Dec 2023 18:41:33 +0100 +Subject: [PATCH] libsmartcols: drop spourious newline in between streamed JSON + objects +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +scols_table_print_range() already appends a newline correctly. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/b2b0bf88d35513a746c144f35826eb47692386dc +Conflict:NA +--- + misc-utils/findmnt.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c +index 40b80b365..14ae2c5b4 100644 +--- a/misc-utils/findmnt.c ++++ b/misc-utils/findmnt.c +@@ -1295,8 +1295,6 @@ static int poll_table(struct libmnt_table *tb, const char *tabfile, + + if (count) { + rc = scols_table_print_range(table, NULL, NULL); +- if (rc == 0) +- fputc('\n', scols_table_get_stream(table)); + fflush(stdout); + if (rc) + goto done; +-- +2.33.0 + diff --git a/backport-libsmartcols-fix-column-reduction.patch b/backport-libsmartcols-fix-column-reduction.patch new file mode 100644 index 0000000..c5554ed --- /dev/null +++ b/backport-libsmartcols-fix-column-reduction.patch @@ -0,0 +1,42 @@ +From 28c7c29b2d57705fdc4ff486b38937c73b2d9b5d Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 30 Apr 2024 10:26:09 +0200 +Subject: [PATCH] libsmartcols: fix column reduction + +4013986: libsmartcols: TAB: [0x5626b97f8e10]: #5 reduce stage (width=38, term=1) +4013986: libsmartcols: COL: [0x5626b97f9130]: [01] (null) reduced 2-->18446744073709551615 + +Fixes: https://github.com/util-linux/util-linux/issues/3003 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/28c7c29b2d57705fdc4ff486b38937c73b2d9b5d +Conflict:NA +--- + libsmartcols/src/calculate.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/libsmartcols/src/calculate.c b/libsmartcols/src/calculate.c +index deabb079..86e1b279 100644 +--- a/libsmartcols/src/calculate.c ++++ b/libsmartcols/src/calculate.c +@@ -379,9 +379,14 @@ static int reduce_column(struct libscols_table *tb, + /* columns are reduced in "bad first" way, be more + * agresive for the the worst column */ + reduce = 3; +- if (cl->width - reduce < st->width_min) +- reduce = cl->width - st->width_min; +- cl->width -= reduce; ++ ++ if (cl->width < reduce) ++ reduce = cl->width; ++ ++ if (cl->width - reduce > st->width_min) ++ cl->width -= reduce; ++ else ++ cl->width = st->width_min; + break; + default: + return -1; /* no more stages */ +-- +2.33.0 + diff --git a/backport-libsmartcols-flush-correct-stream.patch b/backport-libsmartcols-flush-correct-stream.patch new file mode 100644 index 0000000..bae9116 --- /dev/null +++ b/backport-libsmartcols-flush-correct-stream.patch @@ -0,0 +1,31 @@ +From 36a853a9a71c46f088ab8f7416d68af112a59ce4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 12 Dec 2023 18:42:11 +0100 +Subject: [PATCH] libsmartcols: flush correct stream +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/36a853a9a71c46f088ab8f7416d68af112a59ce4 +Conflict:NA +--- + misc-utils/findmnt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/misc-utils/findmnt.c b/misc-utils/findmnt.c +index 14ae2c5b4..ecd56990c 100644 +--- a/misc-utils/findmnt.c ++++ b/misc-utils/findmnt.c +@@ -1295,7 +1295,7 @@ static int poll_table(struct libmnt_table *tb, const char *tabfile, + + if (count) { + rc = scols_table_print_range(table, NULL, NULL); +- fflush(stdout); ++ fflush(scols_table_get_stream(table)); + if (rc) + goto done; + } +-- +2.33.0 + diff --git a/backport-libsmartcols-only-recognize-closed-object-as-final-e.patch b/backport-libsmartcols-only-recognize-closed-object-as-final-e.patch new file mode 100644 index 0000000..766912d --- /dev/null +++ b/backport-libsmartcols-only-recognize-closed-object-as-final-e.patch @@ -0,0 +1,48 @@ +From 5130ce8ee5b71c249e0c8bb7a4975dc8a48c64fa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 12 Dec 2023 18:42:44 +0100 +Subject: [PATCH] libsmartcols: only recognize closed object as final element +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When streaming JSON normal values also have indent == 1. +For those however it is incorrect to close the stream. + +Fixes #2644 +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/5130ce8ee5b71c249e0c8bb7a4975dc8a48c64fa +Conflict:NA +--- + lib/jsonwrt.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/lib/jsonwrt.c b/lib/jsonwrt.c +index dc20d2e46..243ed8232 100644 +--- a/lib/jsonwrt.c ++++ b/lib/jsonwrt.c +@@ -154,12 +154,6 @@ void ul_jsonwrt_open(struct ul_jsonwrt *fmt, const char *name, int type) + + void ul_jsonwrt_close(struct ul_jsonwrt *fmt, int type) + { +- if (fmt->indent == 1) { +- fputs("\n}\n", fmt->out); +- fmt->indent--; +- fmt->after_close = 1; +- return; +- } + assert(fmt->indent > 0); + + switch (type) { +@@ -168,6 +162,8 @@ void ul_jsonwrt_close(struct ul_jsonwrt *fmt, int type) + fputc('\n', fmt->out); + ul_jsonwrt_indent(fmt); + fputs("}", fmt->out); ++ if (fmt->indent == 0) ++ fputs("\n", fmt->out); + break; + case UL_JSON_ARRAY: + fmt->indent--; +-- +2.33.0 + diff --git a/backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch b/backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch new file mode 100644 index 0000000..842a01a --- /dev/null +++ b/backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch @@ -0,0 +1,98 @@ +From 3f13d198679437002df2dd0777a3bca879c0061c Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 21 Sep 2023 20:25:55 +0200 +Subject: [PATCH] login: prevent undefined ioctl and tcsetattr calls + +Do not call tcsetattr if tcgetattr fails, because the content of +tt and ttt is undefined in that case. + +Also do not just warn if ioctl fails, but also avoid calling it again +after tty has been re-opened. + +I've solved this by setting struct variables to values which cannot be +valid at this point. If they do have these exact values, then the +calls will be prevented. + +Signed-off-by: Tobias Stoeckmann +Reference:https://github.com/util-linux/util-linux/commit/3f13d198679437002df2dd0777a3bca879c0061c +Conflict:NA +--- + login-utils/login.c | 32 ++++++++++++++++++++------------ + 1 file changed, 20 insertions(+), 12 deletions(-) + +diff --git a/login-utils/login.c b/login-utils/login.c +index 31a7adb07..544eab5aa 100644 +--- a/login-utils/login.c ++++ b/login-utils/login.c +@@ -177,9 +177,10 @@ static void __attribute__((__noreturn__)) + struct termios ti; + + /* reset echo */ +- tcgetattr(0, &ti); +- ti.c_lflag |= ECHO; +- tcsetattr(0, TCSANOW, &ti); ++ if (tcgetattr(0, &ti) >= 0) { ++ ti.c_lflag |= ECHO; ++ tcsetattr(0, TCSANOW, &ti); ++ } + _exit(EXIT_SUCCESS); /* %% */ + } + +@@ -513,8 +514,8 @@ static void chown_tty(struct login_context *cxt) + static void init_tty(struct login_context *cxt) + { + struct stat st; +- struct termios tt, ttt; +- struct winsize ws; ++ struct termios tt, ttt = { 0 }; ++ struct winsize ws = { 0 }; + int fd; + + cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE); +@@ -549,13 +550,18 @@ static void init_tty(struct login_context *cxt) + + /* The TTY size might be reset to 0x0 by the kernel when we close the stdin/stdout/stderr file + * descriptors so let's save the size now so we can reapply it later */ +- memset(&ws, 0, sizeof(struct winsize)); +- if (ioctl(fd, TIOCGWINSZ, &ws) < 0) ++ if (ioctl(fd, TIOCGWINSZ, &ws) < 0) { + syslog(LOG_WARNING, _("TIOCGWINSZ ioctl failed: %m")); ++ ws.ws_row = 0; ++ ws.ws_col = 0; ++ } + +- tcgetattr(fd, &tt); +- ttt = tt; +- ttt.c_cflag &= ~HUPCL; ++ if (tcgetattr(fd, &tt) >= 0) { ++ ttt = tt; ++ ttt.c_cflag &= ~HUPCL; ++ } else { ++ ttt.c_cflag = HUPCL; ++ } + + if ((fchown(fd, 0, 0) || fchmod(fd, cxt->tty_mode)) && errno != EROFS) { + +@@ -565,7 +571,8 @@ static void init_tty(struct login_context *cxt) + } + + /* Kill processes left on this tty */ +- tcsetattr(fd, TCSANOW, &ttt); ++ if ((ttt.c_cflag & HUPCL) == 0) ++ tcsetattr(fd, TCSANOW, &ttt); + + /* + * Let's close file descriptors before vhangup +@@ -583,7 +590,8 @@ static void init_tty(struct login_context *cxt) + open_tty(cxt->tty_path); + + /* restore tty modes */ +- tcsetattr(STDIN_FILENO, TCSAFLUSH, &tt); ++ if ((ttt.c_cflag & HUPCL) == 0) ++ tcsetattr(STDIN_FILENO, TCSAFLUSH, &tt); + + /* Restore tty size */ + if ((ws.ws_row > 0 || ws.ws_col > 0) +-- +2.33.0 + diff --git a/backport-login-use-correct-terminal-fd-during-setup.patch b/backport-login-use-correct-terminal-fd-during-setup.patch new file mode 100644 index 0000000..4d49128 --- /dev/null +++ b/backport-login-use-correct-terminal-fd-during-setup.patch @@ -0,0 +1,106 @@ +From e361ef380fa2673e1de0f50d1f362b99e42cd0bb Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Thu, 21 Sep 2023 20:15:46 +0200 +Subject: [PATCH] login: use correct terminal fd during setup + +The function get_terminal_name iterates through standard file +descriptors until it finds a terminal. This means that it's not +guaranteed that STDIN_FILENO (i.e. 0) is actually a terminal. + +Do not modify permissions on possible files. Instead, retrieve +the file descriptor which was used by get_terminal_name as well. + +Proof of Concept (as root): + +1. Create a temporary file with a mode different than TTYPERM. +``` +install -m 700 /dev/null /tmp/test +ls -l /tmp/test +-rwx------ 1 root root 0 Sep 21 20:15 /tmp/test +``` + +2. Run login within a terminal with adjusted stdin. +``` +login < /tmp/test +host login: + Hangup +``` + +3. Check permissions of input file. +``` +ls -l /tmp/test +-rw------- 1 root root 0 Sep 21 20:15 /tmp/test +``` + +Signed-off-by: Tobias Stoeckmann +Reference:https://github.com/util-linux/util-linux/commit/e361ef380fa2673e1de0f50d1f362b99e42cd0bb +Conflict:NA +--- + login-utils/login.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/login-utils/login.c b/login-utils/login.c +index 129f3cfa2..31a7adb07 100644 +--- a/login-utils/login.c ++++ b/login-utils/login.c +@@ -515,10 +515,12 @@ static void init_tty(struct login_context *cxt) + struct stat st; + struct termios tt, ttt; + struct winsize ws; ++ int fd; + + cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE); + + get_terminal_name(&cxt->tty_path, &cxt->tty_name, &cxt->tty_number); ++ fd = get_terminal_stdfd(); + + /* + * In case login is suid it was possible to use a hardlink as stdin +@@ -531,7 +533,7 @@ static void init_tty(struct login_context *cxt) + if (!cxt->tty_path || !*cxt->tty_path || + lstat(cxt->tty_path, &st) != 0 || !S_ISCHR(st.st_mode) || + (st.st_nlink > 1 && strncmp(cxt->tty_path, "/dev/", 5) != 0) || +- access(cxt->tty_path, R_OK | W_OK) != 0) { ++ access(cxt->tty_path, R_OK | W_OK) != 0 || fd == -EINVAL) { + + syslog(LOG_ERR, _("FATAL: bad tty")); + sleepexit(EXIT_FAILURE); +@@ -548,14 +550,14 @@ static void init_tty(struct login_context *cxt) + /* The TTY size might be reset to 0x0 by the kernel when we close the stdin/stdout/stderr file + * descriptors so let's save the size now so we can reapply it later */ + memset(&ws, 0, sizeof(struct winsize)); +- if (ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) < 0) ++ if (ioctl(fd, TIOCGWINSZ, &ws) < 0) + syslog(LOG_WARNING, _("TIOCGWINSZ ioctl failed: %m")); + +- tcgetattr(0, &tt); ++ tcgetattr(fd, &tt); + ttt = tt; + ttt.c_cflag &= ~HUPCL; + +- if ((fchown(0, 0, 0) || fchmod(0, cxt->tty_mode)) && errno != EROFS) { ++ if ((fchown(fd, 0, 0) || fchmod(fd, cxt->tty_mode)) && errno != EROFS) { + + syslog(LOG_ERR, _("FATAL: %s: change permissions failed: %m"), + cxt->tty_path); +@@ -563,7 +565,7 @@ static void init_tty(struct login_context *cxt) + } + + /* Kill processes left on this tty */ +- tcsetattr(0, TCSANOW, &ttt); ++ tcsetattr(fd, TCSANOW, &ttt); + + /* + * Let's close file descriptors before vhangup +@@ -581,7 +583,7 @@ static void init_tty(struct login_context *cxt) + open_tty(cxt->tty_path); + + /* restore tty modes */ +- tcsetattr(0, TCSAFLUSH, &tt); ++ tcsetattr(STDIN_FILENO, TCSAFLUSH, &tt); + + /* Restore tty size */ + if ((ws.ws_row > 0 || ws.ws_col > 0) +-- +2.33.0 + diff --git a/backport-lscpu-don-t-use-NULL-sharedmap.patch b/backport-lscpu-don-t-use-NULL-sharedmap.patch new file mode 100644 index 0000000..09e4db9 --- /dev/null +++ b/backport-lscpu-don-t-use-NULL-sharedmap.patch @@ -0,0 +1,30 @@ +From 9ce09ccc3c8eee9be4fb5f33ae382d92c69dc411 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 20 Mar 2024 14:42:28 +0100 +Subject: [PATCH] lscpu: don't use NULL sharedmap + +Fixes: https://github.com/util-linux/util-linux/issues/2846 +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/9ce09ccc3c8eee9be4fb5f33ae382d92c69dc411 +Conflict:NA +--- + sys-utils/lscpu-topology.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sys-utils/lscpu-topology.c b/sys-utils/lscpu-topology.c +index 7ee18e785..e3742e319 100644 +--- a/sys-utils/lscpu-topology.c ++++ b/sys-utils/lscpu-topology.c +@@ -253,7 +253,8 @@ struct lscpu_cache *lscpu_cpu_get_cache(struct lscpu_cxt *cxt, + for (i = 0; i < cxt->ncaches; i++) { + struct lscpu_cache *ca = &cxt->caches[i]; + +- if (strcmp(ca->name, name) == 0 && ++ if (ca->sharedmap && ++ strcmp(ca->name, name) == 0 && + CPU_ISSET_S(cpu->logical_id, cxt->setsize, ca->sharedmap)) + return ca; + } +-- +2.33.0 + diff --git a/backport-lsipc-fix-semaphore-USED-counter.patch b/backport-lsipc-fix-semaphore-USED-counter.patch new file mode 100644 index 0000000..0eaa440 --- /dev/null +++ b/backport-lsipc-fix-semaphore-USED-counter.patch @@ -0,0 +1,66 @@ +From fa45a6e516065f489b1cfb924ec3fc06960e0839 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 26 Mar 2024 12:45:24 +0100 +Subject: [PATCH] lsipc: fix semaphore USED counter + +The code incorrectly counts only with the first item in the linked +list (due to a typo). It seems rather fragile to use "semds" and +"semdsp" as variable names in the same code ... + + # lsipc -gs + +Old: + + KEY ID PERMS OWNER NSEMS RESOURCE DESCRIPTION LIMIT USED USE% + SEMMNI Number of semaphore identifiers 32000 3 0.01% + SEMMNS Total number of semaphores 1024000000 369 0.00% + SEMMSL Max semaphores per semaphore set. 32000 - - + SEMOPM Max number of operations per semop(2) 500 - - + SEMVMX Semaphore max value 32767 - - + +Fixed: + + KEY ID PERMS OWNER NSEMS RESOURCE DESCRIPTION LIMIT USED USE% + SEMMNI Number of semaphore identifiers 32000 3 0.01% + SEMMNS Total number of semaphores 1024000000 156 0.00% + SEMMSL Max semaphores per semaphore set. 32000 - - + SEMOPM Max number of operations per semop(2) 500 - - + SEMVMX Semaphore max value 32767 - - + +Addresses: https://issues.redhat.com/browse/RHEL-30269 +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/fa45a6e516065f489b1cfb924ec3fc06960e0839 +Conflict:NA +--- + sys-utils/lsipc.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/sys-utils/lsipc.c b/sys-utils/lsipc.c +index 2c5561112..515788c13 100644 +--- a/sys-utils/lsipc.c ++++ b/sys-utils/lsipc.c +@@ -717,16 +717,18 @@ static void do_sem(int id, struct lsipc_control *ctl, struct libscols_table *tb) + + static void do_sem_global(struct lsipc_control *ctl, struct libscols_table *tb) + { +- struct sem_data *semds, *semdsp; ++ struct sem_data *semds; + struct ipc_limits lim; + int nsems = 0, nsets = 0; + + ipc_sem_get_limits(&lim); + + if (ipc_sem_get_info(-1, &semds) > 0) { +- for (semdsp = semds; semdsp->next != NULL; semdsp = semdsp->next) { ++ struct sem_data *p; ++ ++ for (p = semds; p->next != NULL; p = p->next) { + ++nsets; +- nsems += semds->sem_nsems; ++ nsems += p->sem_nsems; + } + ipc_sem_free_info(semds); + } +-- +2.33.0 + diff --git a/backport-lslocks-fix-buffer-overflow.patch b/backport-lslocks-fix-buffer-overflow.patch new file mode 100644 index 0000000..e53cf07 --- /dev/null +++ b/backport-lslocks-fix-buffer-overflow.patch @@ -0,0 +1,69 @@ +From fcb83efb61c7898fa2ef20e010bf760278ec6746 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 29 Feb 2024 20:43:35 +0100 +Subject: [PATCH] lslocks: fix buffer overflow + +* don't use memset() to init variables +* use xreaddir() to reduce code +* use ssize_t for readlinkat() return value to avoid buffer overflow + +Signed-off-by: Karel Zak +(cherry picked from commit f030775ffeaa8627c88434f7d0cba1a454aa0ffa) +Reference:https://github.com/util-linux/util-linux/commit/fcb83efb61c7898fa2ef20e010bf760278ec6746 +Conflict:context adapt +--- + misc-utils/lslocks.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/misc-utils/lslocks.c b/misc-utils/lslocks.c +index caca13f..a2d634a 100644 +--- a/misc-utils/lslocks.c ++++ b/misc-utils/lslocks.c +@@ -45,6 +45,7 @@ + #include "closestream.h" + #include "optutils.h" + #include "procfs.h" ++#include "fileutils.h" + + /* column IDs */ + enum { +@@ -170,13 +171,12 @@ static char *get_filename_sz(ino_t inode, pid_t lock_pid, size_t *size) + struct stat sb; + struct dirent *dp; + DIR *dirp; +- size_t len; ++ size_t sz; + int fd; +- char path[PATH_MAX], sym[PATH_MAX], *ret = NULL; ++ char path[PATH_MAX] = { 0 }, ++ sym[PATH_MAX] = { 0 }, *ret = NULL; + + *size = 0; +- memset(path, 0, sizeof(path)); +- memset(sym, 0, sizeof(sym)); + + /* + * We know the pid so we don't have to +@@ -187,16 +187,14 @@ static char *get_filename_sz(ino_t inode, pid_t lock_pid, size_t *size) + if (!(dirp = opendir(path))) + return NULL; + +- if ((len = strlen(path)) >= (sizeof(path) - 2)) ++ if ((sz = strlen(path)) >= (sizeof(path) - 2)) + goto out; + + if ((fd = dirfd(dirp)) < 0 ) + goto out; + +- while ((dp = readdir(dirp))) { +- if (!strcmp(dp->d_name, ".") || +- !strcmp(dp->d_name, "..")) +- continue; ++ while ((dp = xreaddir(dirp))) { ++ ssize_t len; + + errno = 0; + +-- +2.33.0 + diff --git a/backport-lslogins-fix-realloc-loop-allocation-size.patch b/backport-lslogins-fix-realloc-loop-allocation-size.patch new file mode 100644 index 0000000..e20bc9e --- /dev/null +++ b/backport-lslogins-fix-realloc-loop-allocation-size.patch @@ -0,0 +1,34 @@ +From 62104e69455c3add88adc360381176f3e83bda28 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Fri, 22 Sep 2023 20:08:22 +0200 +Subject: [PATCH] lslogins: fix realloc() loop allocation size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +If stat() fails the realloc loop would always try to allocate zero +bytes. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/62104e69455c3add88adc360381176f3e83bda28 +Conflict:NA +--- + login-utils/lslogins.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c +index ea5afb5ba..c624302bd 100644 +--- a/login-utils/lslogins.c ++++ b/login-utils/lslogins.c +@@ -478,7 +478,7 @@ static struct utmpx *get_last_btmp(struct lslogins_control *ctl, const char *use + + static int parse_utmpx(const char *path, size_t *nrecords, struct utmpx **records) + { +- size_t i, imax = 0; ++ size_t i, imax = 1; + struct utmpx *ary = NULL; + struct stat st; + +-- +2.33.0 + diff --git a/backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch b/backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch new file mode 100644 index 0000000..ff86cc2 --- /dev/null +++ b/backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch @@ -0,0 +1,44 @@ +From 57714290bdc99cab533edbc4a021d6ee3a7cc211 Mon Sep 17 00:00:00 2001 +From: zhangyao +Date: Thu, 4 Jul 2024 16:28:51 +0800 +Subject: [PATCH] lsmem: make lsmem to check for the nodes more robust + +See #3110. +Reference:https://github.com/util-linux/util-linux/commit/57714290bdc99cab533edbc4a021d6ee3a7cc211 +Conflict:NA +--- + sys-utils/lsmem.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/sys-utils/lsmem.c b/sys-utils/lsmem.c +index 3b5ca19a0..7c1be8e83 100644 +--- a/sys-utils/lsmem.c ++++ b/sys-utils/lsmem.c +@@ -485,6 +485,7 @@ static int memory_block_filter(const struct dirent *de) + static void read_basic_info(struct lsmem *lsmem) + { + char dir[PATH_MAX]; ++ int i = 0; + + if (ul_path_access(lsmem->sysmem, F_OK, "block_size_bytes") != 0) + errx(EXIT_FAILURE, _("This system does not support memory blocks")); +@@ -495,8 +496,14 @@ static void read_basic_info(struct lsmem *lsmem) + if (lsmem->ndirs <= 0) + err(EXIT_FAILURE, _("Failed to read %s"), dir); + +- if (memory_block_get_node(lsmem, lsmem->dirs[0]->d_name) != -1) +- lsmem->have_nodes = 1; ++ for (i = 0; i < lsmem->ndirs; i++) ++ { ++ if (memory_block_get_node(lsmem, lsmem->dirs[i]->d_name) != -1) ++ { ++ lsmem->have_nodes = 1; ++ break; ++ } ++ } + + /* The valid_zones sysmem attribute was introduced with kernel 3.18 */ + if (ul_path_access(lsmem->sysmem, F_OK, "memory0/valid_zones") == 0) +-- +2.33.0 + diff --git a/backport-more-avoid-out-of-bound-access.patch b/backport-more-avoid-out-of-bound-access.patch new file mode 100644 index 0000000..fd1022f --- /dev/null +++ b/backport-more-avoid-out-of-bound-access.patch @@ -0,0 +1,38 @@ +From ecdfc9aa701b4f406c239b6e163a45a5cc5b4a8c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Fri, 22 Sep 2023 19:53:24 +0200 +Subject: [PATCH] more: avoid out-of-bound access +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The realloc() needs to happen before that memory is used. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/ecdfc9aa701b4f406c239b6e163a45a5cc5b4a8c +Conflict:NA +--- + text-utils/more.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/text-utils/more.c b/text-utils/more.c +index bdb34e076..e25b0e24c 100644 +--- a/text-utils/more.c ++++ b/text-utils/more.c +@@ -356,11 +356,11 @@ static void env_argscan(struct more_control *ctl, const char *s) + env_argv = xmalloc(sizeof(char *) * size); + env_argv[0] = _("MORE environment variable"); /* program name */ + for (tok = strtok_r(str, delim, &key); tok; tok = strtok_r(NULL, delim, &key)) { +- env_argv[env_argc++] = tok; +- if (size < env_argc) { ++ if (size == env_argc) { + size *= 2; + env_argv = xrealloc(env_argv, sizeof(char *) * size); + } ++ env_argv[env_argc++] = tok; + } + + argscan(ctl, env_argc, env_argv); +-- +2.33.0 + diff --git a/backport-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-receive.patch b/backport-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-receive.patch new file mode 100644 index 0000000..3d934a2 --- /dev/null +++ b/backport-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-receive.patch @@ -0,0 +1,51 @@ +From 68e14d3d5f4116ad3aca0e392d008645ea90cf70 Mon Sep 17 00:00:00 2001 +From: Goldwyn Rodrigues +Date: Fri, 8 Dec 2023 09:04:39 -0600 +Subject: [PATCH] more: exit if POLLERR and POLLHUP on stdin is received + +more command continues to run in case stdin have closed the file and it +takes 100% of CPU. This is because revents on stdin send +POLLIN | POLLHUP | POLLERR once stdin is closed. more receives it even +though it is not requested in events. This is common Linux behaviour to +never mask out POLLHUP or POLLERR. The loop in more_key_command() runs +infinitely because more_poll() returns 0 and read_command() reads 0 +bytes. + +Check for POLLERR and POLLHUP, and exit more in case of an error. + +Steps to reproduce: +1. Setup /etc/systemd/logind.conf with KillUserProcesses=no +2. Add config "Defaults use_pty" in /etc/sudoers +3. Start an ssh session to the machine +4. # sudo su - +5. # more +6. kill the parent ssh process, say close the tab + +At this time "more" runs with 100% CPU utilization. + +Signed-off-by: Goldwyn Rodrigues +Reference:https://github.com/util-linux/util-linux/commit/68e14d3d5f4116ad3aca0e392d008645ea90cf70 +Conflict:NA +--- + text-utils/more.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/text-utils/more.c b/text-utils/more.c +index d4db3d5eb..a49acbc3e 100644 +--- a/text-utils/more.c ++++ b/text-utils/more.c +@@ -1392,6 +1392,11 @@ static int more_poll(struct more_control *ctl, int timeout) + abort(); + } + } ++ ++ /* Check for POLLERR and POLLHUP in stdin revents */ ++ if ((pfd[1].revents & POLLERR) && (pfd[1].revents & POLLHUP)) ++ more_exit(ctl); ++ + if (pfd[1].revents == 0) + return 1; + return 0; +-- +2.33.0 + diff --git a/backport-more-fix-poll-use.patch b/backport-more-fix-poll-use.patch new file mode 100644 index 0000000..182bd0d --- /dev/null +++ b/backport-more-fix-poll-use.patch @@ -0,0 +1,209 @@ +From fe23722854f651984fad597cbb5b44653f72832a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 20 Feb 2024 12:26:33 +0100 +Subject: [PATCH] more: fix poll() use + +The more(1) command utilizes signalfd() to monitor signals and reads +commands from the user via stderr (as stdin is typically used for +piping and not for user interaction). + +However, the current more_poll() implementation ignores stderr. As a result, +more(1) waits on read(stderr) while completely ignoring signals. This issue +becomes evident when using commands like: + + grep foo /path/file | more + +In such cases, it's only possible to exit 'more' by pressing 'q'; +CTRL+C does not work. + +Changes: + +- Refactor more_poll() code: + - Introduce an enum to access pfd[] items instead of using magical constants. + - Implement a while() loop to handle EAGAIN or POLLHUP. + +- Ignore stdin after POLLHUP (indicating that the pipe's peer closed). +- Ensure stderr is also checked. +- Use return codes akin to classic poll(). + +Note: I have doubts regarding the usability of stdin in more_poll(), +as the function is primarily used to wait for user input (via stderr) +and to monitor signals. Nevertheless, it is retained for potential use +in detecting when the pipe's peer (or the entire session) has been +terminated (see commit 68e14d3d5f4116ad3aca0e392d008645ea90cf70). + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/fe23722854f651984fad597cbb5b44653f72832a +Conflict:NA +--- + text-utils/more.c | 126 ++++++++++++++++++++++++++++++---------------- + 1 file changed, 82 insertions(+), 44 deletions(-) + +diff --git a/text-utils/more.c b/text-utils/more.c +index c4edbc0..eb58446 100644 +--- a/text-utils/more.c ++++ b/text-utils/more.c +@@ -199,6 +199,7 @@ struct more_control { + magic_t magic; /* libmagic database entries */ + #endif + unsigned int ++ ignore_stdin:1, /* POLLHUP; peer closed pipe */ + bad_stdout:1, /* true if overwriting does not turn off standout */ + catch_suspend:1, /* we should catch the SIGTSTP signal */ + clear_line_ends:1, /* do not scroll, paint each screen from the top */ +@@ -1341,55 +1342,92 @@ static void read_line(struct more_control *ctl) + *p = '\0'; + } + ++/* returns: 0 timeout or nothing; <0 error, >0 success */ + static int more_poll(struct more_control *ctl, int timeout) + { +- struct pollfd pfd[2]; ++ enum { ++ POLLFD_SIGNAL = 0, ++ POLLFD_STDIN, ++ POLLFD_STDERR, ++ }; ++ struct pollfd pfd[] = { ++ [POLLFD_SIGNAL] = { .fd = ctl->sigfd, .events = POLLIN | POLLERR | POLLHUP }, ++ [POLLFD_STDIN] = { .fd = STDIN_FILENO, .events = POLLIN | POLLERR | POLLHUP }, ++ [POLLFD_STDERR] = { .fd = STDERR_FILENO, .events = POLLIN | POLLERR | POLLHUP } ++ }; ++ int has_data = 0; + +- pfd[0].fd = ctl->sigfd; +- pfd[0].events = POLLIN | POLLERR | POLLHUP; +- pfd[1].fd = STDIN_FILENO; +- pfd[1].events = POLLIN; ++ while (!has_data) { ++ int rc; + +- if (poll(pfd, 2, timeout) < 0) { +- if (errno == EAGAIN) +- return 1; +- more_error(ctl, _("poll failed")); +- return 1; +- } +- if (pfd[0].revents != 0) { +- struct signalfd_siginfo info; +- ssize_t sz; +- +- sz = read(pfd[0].fd, &info, sizeof(info)); +- assert(sz == sizeof(info)); +- switch (info.ssi_signo) { +- case SIGINT: +- more_exit(ctl); +- break; +- case SIGQUIT: +- sigquit_handler(ctl); +- break; +- case SIGTSTP: +- sigtstp_handler(ctl); +- break; +- case SIGCONT: +- sigcont_handler(ctl); +- break; +- case SIGWINCH: +- sigwinch_handler(ctl); +- break; +- default: +- abort(); ++ if (ctl->ignore_stdin) ++ pfd[POLLFD_STDIN].fd = -1; /* probably closed, ignore */ ++ ++ rc = poll(pfd, ARRAY_SIZE(pfd), timeout); ++ ++ /* error */ ++ if (rc < 0) { ++ if (errno == EAGAIN) ++ continue; ++ ++ more_error(ctl, _("poll failed")); ++ return rc; + } +- } + +- /* Check for POLLERR and POLLHUP in stdin revents */ +- if ((pfd[1].revents & POLLERR) && (pfd[1].revents & POLLHUP)) +- more_exit(ctl); ++ /* timeout */ ++ if (rc == 0) ++ return 0; + +- if (pfd[1].revents == 0) +- return 1; +- return 0; ++ /* event on signal FD */ ++ if (pfd[POLLFD_SIGNAL].revents) { ++ struct signalfd_siginfo info; ++ ssize_t sz; ++ ++ sz = read(pfd[POLLFD_SIGNAL].fd, &info, sizeof(info)); ++ assert(sz == sizeof(info)); ++ switch (info.ssi_signo) { ++ case SIGINT: ++ more_exit(ctl); ++ break; ++ case SIGQUIT: ++ sigquit_handler(ctl); ++ break; ++ case SIGTSTP: ++ sigtstp_handler(ctl); ++ break; ++ case SIGCONT: ++ sigcont_handler(ctl); ++ break; ++ case SIGWINCH: ++ sigwinch_handler(ctl); ++ break; ++ default: ++ abort(); ++ } ++ } ++ ++ /* event on stdin */ ++ if (pfd[POLLFD_STDIN].revents) { ++ /* Check for POLLERR and POLLHUP in stdin revents */ ++ if ((pfd[POLLFD_STDIN].revents & POLLERR) && ++ (pfd[POLLFD_STDIN].revents & POLLHUP)) ++ more_exit(ctl); ++ ++ /* poll() return POLLHUP event after pipe close() and POLLNVAL ++ * means that fd is already closed. */ ++ if ((pfd[POLLFD_STDIN].revents & POLLHUP) || ++ (pfd[POLLFD_STDIN].revents & POLLNVAL)) ++ ctl->ignore_stdin = 1; ++ else ++ has_data++; ++ } ++ ++ /* event on stderr (we reads user commands from stderr!) */ ++ if (pfd[POLLFD_STDERR].revents) ++ has_data++; ++ } ++ ++ return has_data; + } + + /* Search for nth occurrence of regular expression contained in buf in +@@ -1457,7 +1495,7 @@ static void search(struct more_control *ctl, char buf[], int n) + } + break; + } +- more_poll(ctl, 1); ++ more_poll(ctl, 0); + } + /* Move ctrl+c signal handling back to more_key_command(). */ + signal(SIGINT, SIG_DFL); +@@ -1621,7 +1659,7 @@ static int more_key_command(struct more_control *ctl, char *filename) + ctl->report_errors = 0; + ctl->search_called = 0; + for (;;) { +- if (more_poll(ctl, -1) != 0) ++ if (more_poll(ctl, -1) <= 0) + continue; + cmd = read_command(ctl); + if (cmd.key == more_kc_unknown_command) +-- +2.33.0 + diff --git a/backport-more-make-sure-we-have-data-on-stderr.patch b/backport-more-make-sure-we-have-data-on-stderr.patch new file mode 100644 index 0000000..6213581 --- /dev/null +++ b/backport-more-make-sure-we-have-data-on-stderr.patch @@ -0,0 +1,97 @@ +From 640b9480bd3efc0f4bc7f38a785d02cda70ec5c3 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 22 Aug 2024 08:56:52 +0200 +Subject: [PATCH] more: make sure we have data on stderr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +more(1) uses more_poll() to monitor data on stdin, stderr, and +signals. It is used before read_command(), but this function only +reads from stderr. Therefore, if any other non-stderr event occurs, +this function will wait on read(). In this case, more(1) will not +react to signals anymore. We need to ensure that more(1) only waits in +more_poll(). + +Try + + for x in {1..1000}; do echo "line $x"; done | more + +to reproduce. + +Reported-by: Radka Skvarilova +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/640b9480bd3efc0f4bc7f38a785d02cda70ec5c3 +Conflict:NA +--- + text-utils/more.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/text-utils/more.c b/text-utils/more.c +index 4c225331..953e94db 100644 +--- a/text-utils/more.c ++++ b/text-utils/more.c +@@ -1350,7 +1350,7 @@ static void read_line(struct more_control *ctl) + } + + /* returns: 0 timeout or nothing; <0 error, >0 success */ +-static int more_poll(struct more_control *ctl, int timeout) ++static int more_poll(struct more_control *ctl, int timeout, int *stderr_active) + { + enum { + POLLFD_SIGNAL = 0, +@@ -1364,6 +1364,9 @@ static int more_poll(struct more_control *ctl, int timeout) + }; + int has_data = 0; + ++ if (stderr_active) ++ *stderr_active = 0; ++ + while (!has_data) { + int rc; + +@@ -1430,8 +1433,11 @@ static int more_poll(struct more_control *ctl, int timeout) + } + + /* event on stderr (we reads user commands from stderr!) */ +- if (pfd[POLLFD_STDERR].revents) ++ if (pfd[POLLFD_STDERR].revents) { + has_data++; ++ if (stderr_active) ++ *stderr_active = 1; ++ } + } + + return has_data; +@@ -1502,7 +1508,7 @@ static void search(struct more_control *ctl, char buf[], int n) + } + break; + } +- more_poll(ctl, 0); ++ more_poll(ctl, 0, NULL); + } + /* Move ctrl+c signal handling back to more_key_command(). */ + signal(SIGINT, SIG_DFL); +@@ -1656,7 +1662,7 @@ static int skip_forwards(struct more_control *ctl, int nlines, cc_t comchar) + static int more_key_command(struct more_control *ctl, char *filename) + { + int retval = 0; +- int done = 0, search_again = 0; ++ int done = 0, search_again = 0, stderr_active = 0; + char cmdbuf[INIT_BUF]; + struct number_command cmd; + +@@ -1666,7 +1672,9 @@ static int more_key_command(struct more_control *ctl, char *filename) + ctl->report_errors = 0; + ctl->search_called = 0; + for (;;) { +- if (more_poll(ctl, -1) <= 0) ++ if (more_poll(ctl, -1, &stderr_active) <= 0) ++ continue; ++ if (stderr_active == 0) + continue; + cmd = read_command(ctl); + if (cmd.key == more_kc_unknown_command) +-- +2.33.0 + diff --git a/backport-rev-Check-for-wchar-conversion-errors.patch b/backport-rev-Check-for-wchar-conversion-errors.patch new file mode 100644 index 0000000..e094231 --- /dev/null +++ b/backport-rev-Check-for-wchar-conversion-errors.patch @@ -0,0 +1,59 @@ +From a610cf8231a02163a4a2b2faf3047d24798fe180 Mon Sep 17 00:00:00 2001 +From: Tim Hallmann +Date: Sun, 24 Mar 2024 20:14:30 +0100 +Subject: [PATCH] rev: Check for wchar conversion errors + +Commit c9cc84621ca98ef85499e83ca56f05f12055f193 introduced a regression +where only the actual EOF is handled, not other error conditions +returning WEOF. This leads to an infinite loop upon encountering +conversion errors. For example (using LC_CTYPE="en_US.UTF-8"): + +$ printf '\x80' | rev + +Signed-off-by: Tim Hallmann + +Reference:https://github.com/util-linux/util-linux/commit/a610cf8231a02163a4a2b2faf3047d24798fe180 +Conflict:NA +--- + text-utils/rev.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/text-utils/rev.c b/text-utils/rev.c +index 81331719..4b731890 100644 +--- a/text-utils/rev.c ++++ b/text-utils/rev.c +@@ -173,8 +173,6 @@ int main(int argc, char *argv[]) + line = 0; + while (!feof(fp)) { + len = read_line(sep, buf, bufsiz, fp); +- if (len == 0) +- continue; + + /* This is my hack from setpwnam.c -janl */ + while (len == bufsiz && !feof(fp)) { +@@ -187,14 +185,18 @@ int main(int argc, char *argv[]) + /* And fill the rest of the buffer */ + len += read_line(sep, &buf[len], bufsiz/2, fp); + } ++ if (ferror(fp)) { ++ warn("%s: %ju", filename, line); ++ rval = EXIT_FAILURE; ++ break; ++ } ++ if (len == 0) ++ continue; ++ + reverse_str(buf, buf[len - 1] == sep ? len - 1 : len); + write_line(buf, len, stdout); + line++; + } +- if (ferror(fp)) { +- warn("%s: %ju", filename, line); +- rval = EXIT_FAILURE; +- } + if (fp != stdin) + fclose(fp); + } while(*argv); +-- +2.33.0 + diff --git a/backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch b/backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch new file mode 100644 index 0000000..2ab0fb6 --- /dev/null +++ b/backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch @@ -0,0 +1,33 @@ +From 584e505186c1aa511ea96761a8d108f4fe734f0e Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 11 Sep 2023 15:17:01 +0200 +Subject: [PATCH] scriptreplay: support ctrl+s and ctrl+g + +The old scriptreplay supported XON/XOFF flow control. The new +implementation uses cfmakeraw() and it disables it by default. Let's +enable it by IXON iflag. + +Fixes: https://github.com/util-linux/util-linux/issues/2480 +References: https://github.com/util-linux/util-linux/pull/1101 +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/584e505186c1aa511ea96761a8d108f4fe734f0e +Conflict:NA +--- + term-utils/scriptreplay.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/term-utils/scriptreplay.c b/term-utils/scriptreplay.c +index fb68499c8..38fa4251c 100644 +--- a/term-utils/scriptreplay.c ++++ b/term-utils/scriptreplay.c +@@ -134,6 +134,7 @@ setterm(struct termios *backup) + tattr = *backup; + cfmakeraw(&tattr); + tattr.c_lflag |= ISIG; ++ tattr.c_iflag |= IXON; + tcsetattr(STDOUT_FILENO, TCSANOW, &tattr); + return 1; + } +-- +2.33.0 + diff --git a/backport-sys-utils-hwclock-rtc-fix-pointer-usage.patch b/backport-sys-utils-hwclock-rtc-fix-pointer-usage.patch new file mode 100644 index 0000000..66b11b2 --- /dev/null +++ b/backport-sys-utils-hwclock-rtc-fix-pointer-usage.patch @@ -0,0 +1,31 @@ +From 1064a53e4ff357dc649a8c4a0a41dfb5a1191bba Mon Sep 17 00:00:00 2001 +From: Karthikeyan Krishnasamy +Date: Sat, 23 Mar 2024 13:39:55 +0530 +Subject: [PATCH] sys-utils: hwclock-rtc: fix pointer usage + +passing double pointer doesn't fill param value + +Signed-off-by: Karthikeyan Krishnasamy + +Reference:https://github.com/util-linux/util-linux/commit/1064a53e4ff357dc649a8c4a0a41dfb5a1191bba +Conflict:NA +--- + sys-utils/hwclock-rtc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/hwclock-rtc.c b/sys-utils/hwclock-rtc.c +index 79867f64..113d4e8c 100644 +--- a/sys-utils/hwclock-rtc.c ++++ b/sys-utils/hwclock-rtc.c +@@ -429,7 +429,7 @@ static int resolve_rtc_param_alias(const char *alias, __u64 *value) + /* kernel uapi __u64 can be defined differently than uint64_t */ + static int strtoku64(const char *str, __u64 *num, int base) + { +- return ul_strtou64(str, (uint64_t *) &num, base); ++ return ul_strtou64(str, (uint64_t *) num, base); + } + + /* +-- +2.33.0 + diff --git a/backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch b/backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch new file mode 100644 index 0000000..97dcff1 --- /dev/null +++ b/backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch @@ -0,0 +1,70 @@ +From 5533e237c8047ff941bb3720237c58413441e35c Mon Sep 17 00:00:00 2001 +From: WanBingjiang +Date: Fri, 2 Feb 2024 10:43:08 +0800 +Subject: [PATCH] sys-utils/lscpu: Unblock SIGSEGV before vmware_bdoor + +Reference:https://github.com/util-linux/util-linux/commit/5533e237c8047ff941bb3720237c58413441e35c +Conflict:NA +--- + sys-utils/lscpu-virt.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/sys-utils/lscpu-virt.c b/sys-utils/lscpu-virt.c +index 4d301271a..6ba7c02dc 100644 +--- a/sys-utils/lscpu-virt.c ++++ b/sys-utils/lscpu-virt.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + + #include "lscpu.h" + +@@ -454,6 +455,7 @@ void vmware_bdoor(uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx) + } + + static jmp_buf segv_handler_env; ++static sigset_t oset; + + static void + segv_handler(__attribute__((__unused__)) int sig, +@@ -467,6 +469,7 @@ static int is_vmware_platform(void) + { + uint32_t eax, ebx, ecx, edx; + struct sigaction act, oact; ++ sigset_t set; + + /* + * FIXME: Not reliable for non-root users. Note it works as expected if +@@ -485,8 +488,16 @@ static int is_vmware_platform(void) + * the signal. All this magic is needed because lscpu + * isn't supposed to require root privileges. + */ +- if (sigsetjmp(segv_handler_env, 1)) ++ if (sigsetjmp(segv_handler_env, 1)) { ++ if (sigprocmask(SIG_SETMASK, &oset, NULL)) ++ err(EXIT_FAILURE, _("cannot restore signal mask")); + return 0; ++ } ++ ++ sigemptyset(&set); ++ sigaddset(&set, SIGSEGV); ++ if (sigprocmask(SIG_UNBLOCK, &set, &oset)) ++ err(EXIT_FAILURE, _("cannot unblock signal")); + + memset(&act, 0, sizeof(act)); + act.sa_sigaction = segv_handler; +@@ -500,6 +511,9 @@ static int is_vmware_platform(void) + if (sigaction(SIGSEGV, &oact, NULL)) + err(EXIT_FAILURE, _("cannot restore signal handler")); + ++ if (sigprocmask(SIG_SETMASK, &oset, NULL)) ++ err(EXIT_FAILURE, _("cannot restore signal mask")); ++ + return eax != (uint32_t)-1 && ebx == VMWARE_BDOOR_MAGIC; + } + +-- +2.33.0 + diff --git a/backport-wall-fix-calloc-cal-Werror-calloc-transposed-args.patch b/backport-wall-fix-calloc-cal-Werror-calloc-transposed-args.patch new file mode 100644 index 0000000..84f2e2e --- /dev/null +++ b/backport-wall-fix-calloc-cal-Werror-calloc-transposed-args.patch @@ -0,0 +1,33 @@ +From 07f0f0f5bd1e5e2268257ae1ff6d76a9b6c6ea8b Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 17 Jan 2024 12:37:08 +0100 +Subject: [PATCH] wall: fix calloc cal [-Werror=calloc-transposed-args] + +term-utils/wall.c:143:37: error: xcalloc sizes specified with sizeof in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] + 143 | buf->groups = xcalloc(sizeof(*buf->groups), buf->ngroups); + | ^ +term-utils/wall.c:143:37: note: earlier argument should specify number of elements, later size of each element + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/07f0f0f5bd1e5e2268257ae1ff6d76a9b6c6ea8b +Conflict:NA +--- + term-utils/wall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index a3fe7d29a..f894a32f8 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -140,7 +140,7 @@ static struct group_workspace *init_group_workspace(const char *group) + + buf->requested_group = get_group_gid(group); + buf->ngroups = sysconf(_SC_NGROUPS_MAX) + 1; /* room for the primary gid */ +- buf->groups = xcalloc(sizeof(*buf->groups), buf->ngroups); ++ buf->groups = xcalloc(buf->ngroups, sizeof(*buf->groups)); + + return buf; + } +-- +2.33.0 + diff --git a/backport-wall-make-sure-unsigned-variable-not-underflow.patch b/backport-wall-make-sure-unsigned-variable-not-underflow.patch new file mode 100644 index 0000000..44797e1 --- /dev/null +++ b/backport-wall-make-sure-unsigned-variable-not-underflow.patch @@ -0,0 +1,28 @@ +From 1658c0150e4a3d87d1e36b7755de0079e2e6a133 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 29 Apr 2024 14:55:16 +0200 +Subject: [PATCH] wall: make sure unsigned variable not underflow + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/1658c0150e4a3d87d1e36b7755de0079e2e6a133 +Conflict:NA +--- + term-utils/ttymsg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/ttymsg.c b/term-utils/ttymsg.c +index faa0344fe..ef7e35899 100644 +--- a/term-utils/ttymsg.c ++++ b/term-utils/ttymsg.c +@@ -123,7 +123,7 @@ ttymsg(struct iovec *iov, size_t iovcnt, char *line, int tmout) { + iovcnt * sizeof(struct iovec)); + iov = localiov; + } +- for (cnt = 0; wret >= (ssize_t) iov->iov_len; ++cnt) { ++ for (cnt = 0; wret >= (ssize_t) iov->iov_len && iovcnt > 0; ++cnt) { + wret -= iov->iov_len; + ++iov; + --iovcnt; +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index 754502a..f6227c5 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.39.1 -Release: 15 +Release: 16 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -42,6 +42,57 @@ Patch6020: backport-sys-utils-setpriv-fix-potential-memory-leak.patch Patch6021: backport-sys-utils-save_adjtime-fix-memory-leak.patch Patch6022: backport-wall-fix-possible-memory-leak.patch Patch6023: backport-suL-fix-use-after-free-on-error.patch +Patch6024: backport-cfdisk-add-hint-about-labels-for-bootable-flag.patch +Patch6025: backport-column-fix-memory-leak.patch +Patch6026: backport-column-fix-l.patch +Patch6027: backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch +Patch6028: backport-login-use-correct-terminal-fd-during-setup.patch +Patch6029: backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch +Patch6030: backport-libblkid-avoid-memory-leak-of-cachefile-path.patch +Patch6031: backport-more-avoid-out-of-bound-access.patch +Patch6032: backport-lslogins-fix-realloc-loop-allocation-size.patch +Patch6033: backport-ldattach-don-t-call-exit-from-signal-handler.patch +Patch6034: backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch +Patch6035: backport-blkid-fix-call-to-err_exclusive_options.patch +Patch6036: backport-libblkid-reset-errno-before-calling-probefuncs.patch +Patch6037: backport-lib-path-fix-possible-out-of-boundary-access.patch +Patch6038: backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch +Patch6039: backport-libsmartcols-drop-spourious-newline-in-between-strea.patch +Patch6040: backport-libsmartcols-flush-correct-stream.patch +Patch6041: backport-libsmartcols-only-recognize-closed-object-as-final-e.patch +Patch6042: backport-cal-avoid-out-of-bound-write.patch +Patch6043: backport-libfdisk-sun-properly-initialize-partition-data.patch +Patch6044: backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch +Patch6045: backport-libblkid-probe-read-data-in-chunks.patch +Patch6046: backport-libblkid-avoid-aligning-out-of-probing-area.patch +Patch6047: backport-libblkid-drbd-validate-zero-padding.patch +Patch6048: backport-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-receive.patch +Patch6049: backport-libblkid-hfsplus-reduce-false-positive.patch +Patch6050: backport-wall-fix-calloc-cal-Werror-calloc-transposed-args.patch +Patch6051: backport-libblkid-drbd-reduce-false-positive.patch +Patch6052: backport-lib-cpuset-exit-early-from-cpulist_parse.patch +Patch6053: backport-sys-utils-lscpu-Unblock-SIGSEGV-before-vmware_bdoor.patch +Patch6054: backport-libblkid-Check-offset-in-LUKS2-header.patch +Patch6055: backport-more-fix-poll-use.patch +Patch6056: backport-lscpu-don-t-use-NULL-sharedmap.patch +Patch6057: backport-hexdump-check-blocksize-when-display-data.patch +Patch6058: backport-lslocks-fix-buffer-overflow.patch +Patch6059: backport-last-avoid-out-of-bounds-array-access.patch +Patch6060: backport-lsipc-fix-semaphore-USED-counter.patch +Patch6061: backport-fsck.minix-fix-possible-overrun.patch +Patch6062: backport-wall-make-sure-unsigned-variable-not-underflow.patch +Patch6063: backport-Fix-ul_path_read_buffer.patch +Patch6064: backport-libblkid-constify-cached-disk-data.patch +Patch6065: backport-jsonwrt-add-ul_jsonwrt_flush.patch +Patch6066: backport-dmesg-print-object-closing-brace-while-waiting-for-n.patch +Patch6067: backport-sys-utils-hwclock-rtc-fix-pointer-usage.patch +Patch6068: backport-rev-Check-for-wchar-conversion-errors.patch +Patch6069: backport-libsmartcols-fix-column-reduction.patch +Patch6070: backport-libmount-cleanup-fake-mode.patch +Patch6071: backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch +Patch6072: backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch +Patch6073: backport-more-make-sure-we-have-data-on-stderr.patch +Patch6074: backport-libblkid-apfs-validate-checksums.patch Patch9000: SKIPPED-no-root-permissions-test.patch Patch9001: util-linux-Add-sw64-architecture.patch @@ -423,6 +474,12 @@ fi %endif %changelog +* Mon Dec 16 2024 yanglongkang - 2.39.1-16 +- Type: bugfix +- CVE: NA +- SUG: NA +- DESC: sync patches from the old version + * Mon Dec 09 2024 zhangyao - 2.39.1-15 - Type: bugfix - CVE: NA -- Gitee