diff --git a/SOURCES/0193-tests-accept-empty-values.patch b/SOURCES/0193-tests-accept-empty-values.patch new file mode 100644 index 0000000..ad62278 --- /dev/null +++ b/SOURCES/0193-tests-accept-empty-values.patch @@ -0,0 +1,32 @@ +From e07bee418824709290a8e1252b95fe90aeae9f9b Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 7 Jan 2020 14:53:25 +0100 +Subject: [PATCH 193/197] tests: accept empty values + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1788896 +Signed-off-by: Karel Zak +--- + tests/functions.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/functions.sh b/tests/functions.sh +index b930dfe7e..648e1be6e 100644 +--- a/tests/functions.sh ++++ b/tests/functions.sh +@@ -265,11 +265,11 @@ function ts_init_suid { + + function ts_valgrind { + if [ -z "$TS_VALGRIND_CMD" ]; then +- $* ++ "$@" + else + $TS_VALGRIND_CMD --tool=memcheck --leak-check=full \ + --leak-resolution=high --num-callers=20 \ +- --log-file="$TS_VGDUMP" $* ++ --log-file="$TS_VGDUMP" "$@" + fi + } + +-- +2.25.2 + diff --git a/SOURCES/0194-liblkid-Add-length-check-in-probe_nilfs2-before-crc3.patch b/SOURCES/0194-liblkid-Add-length-check-in-probe_nilfs2-before-crc3.patch new file mode 100644 index 0000000..b44cdaa --- /dev/null +++ b/SOURCES/0194-liblkid-Add-length-check-in-probe_nilfs2-before-crc3.patch @@ -0,0 +1,65 @@ +From 71ac1ab735eeaa71af0198253c06f783c8582362 Mon Sep 17 00:00:00 2001 +From: Torsten Hilbrich +Date: Mon, 20 Jun 2016 07:09:10 +0200 +Subject: [PATCH 194/197] liblkid: Add length check in probe_nilfs2 before + crc32 + +The bytes variable is read from the file system to probe and must be +checked before used as length parameter in the crc32 call. + +The following problems may occur here: + +- bytes smaller than sumoff + 4: underflow in length calculation +- bytes larger than remaining space in sb: overflow of buffer + +This fixes a problem where an encrypted volume had the correct magic +values 0x3434 at offset 0x406 and the following uint16_t (which is +read into the nilfs_super_block.s_bytes struct) was parsed as 1. + +Then crc32 was called with the length value 18446744073709551597 +causing a segmentation fault. + +[kzak@redhat.com: - fix probe_nilfs2() return code + - RHEL-7: return 1 if superblock bytes are out if + range; we use the same for invalid superblock in + current upstream tree] + +Upstream: http://github.com/karelzak/util-linux/commit/ac681a310c32319423297544833932f4d689a7a2 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1802240 +Signed-off-by: Karel Zak +--- + libblkid/src/superblocks/nilfs.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/libblkid/src/superblocks/nilfs.c b/libblkid/src/superblocks/nilfs.c +index a7e4939a2..a4b3c22b6 100644 +--- a/libblkid/src/superblocks/nilfs.c ++++ b/libblkid/src/superblocks/nilfs.c +@@ -78,6 +78,7 @@ static int probe_nilfs2(blkid_probe pr, const struct blkid_idmag *mag) + static unsigned char sum[4]; + const int sumoff = offsetof(struct nilfs_super_block, s_sum); + size_t bytes; ++ const size_t crc_start = sumoff + 4; + uint32_t crc; + + sb = blkid_probe_get_sb(pr, mag, struct nilfs_super_block); +@@ -85,9 +86,15 @@ static int probe_nilfs2(blkid_probe pr, const struct blkid_idmag *mag) + return errno ? -errno : 1; + + bytes = le16_to_cpu(sb->s_bytes); ++ /* ensure that no underrun can happen in the length parameter ++ * of the crc32 call or more data are processed than read into ++ * sb */ ++ if (bytes < crc_start || bytes > sizeof(struct nilfs_super_block)) ++ return 1; ++ + crc = crc32(le32_to_cpu(sb->s_crc_seed), (unsigned char *)sb, sumoff); + crc = crc32(crc, sum, 4); +- crc = crc32(crc, (unsigned char *)sb + sumoff + 4, bytes - sumoff - 4); ++ crc = crc32(crc, (unsigned char *)sb + crc_start, bytes - crc_start); + + if (crc != le32_to_cpu(sb->s_sum)) + return 1; +-- +2.25.2 + diff --git a/SOURCES/0195-libmount-fix-is-mounted-check-for-btrfs.patch b/SOURCES/0195-libmount-fix-is-mounted-check-for-btrfs.patch new file mode 100644 index 0000000..5171ef5 --- /dev/null +++ b/SOURCES/0195-libmount-fix-is-mounted-check-for-btrfs.patch @@ -0,0 +1,81 @@ +From d2e24bb1b485949af2fdd07026380053200a0300 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 2 Dec 2015 13:38:51 +0100 +Subject: [PATCH 195/197] libmount: fix is-mounted check for btrfs + +fstab: + /dev/sdc /mnt/test btrfs subvol=/anydir + /mnt/test /mnt/test2 auto bind + +and "mount -a" does not detect that /mnt/test2 is already mounted. + +Reported-by: Stanislav Brabec +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1816183 +Upstream: http://github.com/karelzak/util-linux/commit/352740e88e2c9cb180fe845ce210b1c7b5ad88c7 +Signed-off-by: Karel Zak +--- + libmount/src/tab.c | 38 ++++++++++++++++++++++++++------------ + 1 file changed, 26 insertions(+), 12 deletions(-) + +diff --git a/libmount/src/tab.c b/libmount/src/tab.c +index 3ee9c0042..575b33d8c 100644 +--- a/libmount/src/tab.c ++++ b/libmount/src/tab.c +@@ -981,21 +981,33 @@ struct libmnt_fs *mnt_table_get_fs_root(struct libmnt_table *tb, + goto dflt; + } + +- /* on btrfs the subvolume is used as fs-root in +- * /proc/self/mountinfo, so we have to get the original subvolume +- * name from src_fs and prepend the subvolume name to the +- * fs-root path ++ /* It's possible that fstab_fs source is subdirectory on btrfs ++ * subvolume or anothe bind mount. For example: ++ * ++ * /dev/sdc /mnt/test btrfs subvol=/anydir ++ * /mnt/test/foo /mnt/test2 auto bind ++ * ++ * in this case, the root for /mnt/test2 will be /anydir/foo on ++ * /dev/sdc. It means we have to compose the final root from ++ * root and src_root. + */ + src_root = mnt_fs_get_root(src_fs); ++ ++ DBG(FS, mnt_debug("source root: %s, source FS root: %s", root, src_root)); ++ + if (src_root && !startswith(root, src_root)) { +- size_t sz = strlen(root) + strlen(src_root) + 1; +- char *tmp = malloc(sz); +- +- if (!tmp) +- goto err; +- snprintf(tmp, sz, "%s%s", src_root, root); +- free(root); +- root = tmp; ++ if (strcmp(root, "/") == 0) { ++ free(root); ++ root = strdup(src_root); ++ if (!root) ++ goto err; ++ } else { ++ char *tmp; ++ if (asprintf(&tmp, "%s%s", src_root, root) < 0) ++ goto err; ++ free(root); ++ root = tmp; ++ } + } + } + +@@ -1138,6 +1150,8 @@ int mnt_table_is_fs_mounted(struct libmnt_table *tb, struct libmnt_fs *fstab_fs) + } + mnt_reset_iter(&itr, MNT_ITER_FORWARD); + ++ DBG(FS, mnt_debug_h(fstab_fs, "is mounted: src=%s, tgt=%s, root=%s", src, tgt, root)); ++ + while (mnt_table_next_fs(tb, &itr, &fs) == 0) { + + if (!mnt_fs_streq_srcpath(fs, src)) { +-- +2.25.2 + diff --git a/SOURCES/0196-libmount-fix-uid-and-gid-translation.patch b/SOURCES/0196-libmount-fix-uid-and-gid-translation.patch new file mode 100644 index 0000000..9586ee1 --- /dev/null +++ b/SOURCES/0196-libmount-fix-uid-and-gid-translation.patch @@ -0,0 +1,122 @@ +From 791381a715bac0f2910101bf0d6cceac9e569452 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 12 Oct 2015 11:42:13 +0200 +Subject: [PATCH 196/197] libmount: fix uid= and gid= translation + +The current libmount version returns error when no able to convert +username/groupname to uid/git. + + # mount mount /dev/sda1 /mnt/test -o uid=ignore + # mount: failed to parse mount options + +This is regression, the original mount(8) has ignored possible unknown +user/group names and the option has been used unconverted (with the +original value). For example UDF kernel driver depends on this behavior +and "uid=ignore" (or "forgot") is a valid mount option. + +Fixed version (unit test): + +./test_mount_optstr --fix uid=kzak,gid=forgot,aaa,bbb +optstr: uid=kzak,gid=forgot,aaa,bbb +fixed: uid=1000,gid=forgot,aaa,bbb + +Reported-By: Anthony DeRobertis +Addresses: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801527 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1747710 +Upstream: http://github.com/karelzak/util-linux/commit/440a355a3d3934d99f7ef82adf02342e6f2f7983 +Signed-off-by: Karel Zak +--- + libmount/src/optstr.c | 25 ++++++++++++++----------- + 1 file changed, 14 insertions(+), 11 deletions(-) + +diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c +index 7bd9bbdb5..63b98c754 100644 +--- a/libmount/src/optstr.c ++++ b/libmount/src/optstr.c +@@ -962,7 +962,6 @@ static int set_uint_value(char **optstr, unsigned int num, + */ + int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next) + { +- int rc = 0; + char *end; + + if (!optstr || !*optstr || !value || !valsz) +@@ -974,10 +973,11 @@ int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next) + + if (valsz == 7 && !strncmp(value, "useruid", 7) && + (*(value + 7) == ',' || !*(value + 7))) +- rc = set_uint_value(optstr, getuid(), value, end, next); ++ return set_uint_value(optstr, getuid(), value, end, next); + + else if (!isdigit(*value)) { + uid_t id; ++ int rc; + char *p = strndup(value, valsz); + if (!p) + return -ENOMEM; +@@ -985,16 +985,17 @@ int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next) + free(p); + + if (!rc) +- rc = set_uint_value(optstr, id, value, end, next); ++ return set_uint_value(optstr, id, value, end, next); ++ } + +- } else if (next) { +- /* nothing */ ++ if (next) { ++ /* no change, let's keep the original value */ + *next = value + valsz; + if (**next == ',') + (*next)++; + } + +- return rc; ++ return 0; + } + + /* +@@ -1009,7 +1010,6 @@ int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next) + */ + int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next) + { +- int rc = 0; + char *end; + + if (!optstr || !*optstr || !value || !valsz) +@@ -1021,9 +1021,10 @@ int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next) + + if (valsz == 7 && !strncmp(value, "usergid", 7) && + (*(value + 7) == ',' || !*(value + 7))) +- rc = set_uint_value(optstr, getgid(), value, end, next); ++ return set_uint_value(optstr, getgid(), value, end, next); + + else if (!isdigit(*value)) { ++ int rc; + gid_t id; + char *p = strndup(value, valsz); + if (!p) +@@ -1032,15 +1033,17 @@ int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next) + free(p); + + if (!rc) +- rc = set_uint_value(optstr, id, value, end, next); ++ return set_uint_value(optstr, id, value, end, next); ++ ++ } + +- } else if (next) { ++ if (next) { + /* nothing */ + *next = value + valsz; + if (**next == ',') + (*next)++; + } +- return rc; ++ return 0; + } + + /* +-- +2.25.2 + diff --git a/SOURCES/0197-col-make-flush_line-a-little-bit-robust.patch b/SOURCES/0197-col-make-flush_line-a-little-bit-robust.patch new file mode 100644 index 0000000..efcba8d --- /dev/null +++ b/SOURCES/0197-col-make-flush_line-a-little-bit-robust.patch @@ -0,0 +1,70 @@ +From 32eb48b3590b3f3a6a4519d51a2ccbf6c6c6398e Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 5 Feb 2019 12:06:00 +0100 +Subject: [PATCH 197/197] col: make flush_line() a little bit robust + +The code is horrible. The core of the problem are signed integers +and no check for the limits. + +This patch fixes c->c_column = cur_col; where c_column is "short" +and "cur_col" is int. Let's use "int" for all the variables. It's +really not perfect as for bigger lines it can segfault again... + +The patch also removes some unnecessary static variables. + +[kzak@redhat.com: - RHEL-7: keep warn() output unchanged] + +Addresses: https://github.com/karelzak/util-linux/issues/749 +Upstream: http://github.com/karelzak/util-linux/commit/004356f05018e3bfcaddd2652846659a4d8481f3 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1784579 +Signed-off-by: Karel Zak +--- + text-utils/col.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/text-utils/col.c b/text-utils/col.c +index 9aa6a414b..0dd6ea431 100644 +--- a/text-utils/col.c ++++ b/text-utils/col.c +@@ -79,7 +79,7 @@ typedef char CSET; + typedef struct char_str { + #define CS_NORMAL 1 + #define CS_ALTERNATE 2 +- short c_column; /* column character is in */ ++ int c_column; /* column character is in */ + CSET c_set; /* character set (currently only 2) */ + wchar_t c_char; /* character in question */ + int c_width; /* character width */ +@@ -451,8 +451,9 @@ void flush_line(LINE *l) + nchars = l->l_line_len; + + if (l->l_needs_sort) { +- static CHAR *sorted; +- static int count_size, *count, i, save, sorted_size, tot; ++ static CHAR *sorted = NULL; ++ static int count_size = 0, *count = NULL, sorted_size = 0; ++ int i, tot; + + /* + * Do an O(n) sort on l->l_line by column being careful to +@@ -469,7 +470,7 @@ void flush_line(LINE *l) + (unsigned)sizeof(int) * count_size); + } + memset(count, 0, sizeof(int) * l->l_max_col + 1); +- for (i = nchars, c = l->l_line; --i >= 0; c++) ++ for (i = nchars, c = l->l_line; c && --i >= 0; c++) + count[c->c_column]++; + + /* +@@ -477,7 +478,7 @@ void flush_line(LINE *l) + * indices into new line. + */ + for (tot = 0, i = 0; i <= l->l_max_col; i++) { +- save = count[i]; ++ int save = count[i]; + count[i] = tot; + tot += save; + } +-- +2.25.2 + diff --git a/SPECS/util-linux.spec b/SPECS/util-linux.spec index 761ccf3..2f69e4b 100644 --- a/SPECS/util-linux.spec +++ b/SPECS/util-linux.spec @@ -2,7 +2,7 @@ Summary: A collection of basic system utilities Name: util-linux Version: 2.23.2 -Release: 63%{?dist} +Release: 64%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain Group: System Environment/Base URL: http://en.wikipedia.org/wiki/Util-linux @@ -472,6 +472,20 @@ Patch191: 0191-setarch-prefer-preprocessor-rather-than-autotools-ch.patch # 1740572 - libmount ignores empty domain field due to which plain domain option is sent. Patch192: 0192-libmount-Preserve-empty-string-value-in-optstr-parsi.patch +# RHEL-7.9 +# +# 1788896 - Internal testsuite: libmount tests failed +Patch193: 0193-tests-accept-empty-values.patch +# 1802240 - systemd-udev segmentation fault in crc32() at lib/crc32.c (libblkid) +Patch194: 0194-liblkid-Add-length-check-in-probe_nilfs2-before-crc3.patch +# 1816183 - "mount -a" should ignore already mounted bind mounts +Patch195: 0195-libmount-fix-is-mounted-check-for-btrfs.patch +# 1747710 - please backport the "uid=forget" and "gid=forget" UDF mount options to libmount +Patch196: 0196-libmount-fix-uid-and-gid-translation.patch +# 1784579 - RHEL-7: col struct char_str c_column field should be of unsigned type and/or larger than 16 bit +Patch197: 0197-col-make-flush_line-a-little-bit-robust.patch + + %description The util-linux package contains a large variety of low-level system @@ -1241,6 +1255,13 @@ fi %{_libdir}/pkgconfig/uuid.pc %changelog +* Tue Apr 07 2020 Karel Zak 2.23.2-64 +- fix #1788896 - Internal testsuite: libmount tests failed +- fix #1802240 - systemd-udev segmentation fault in crc32() at lib/crc32.c (libblkid) +- fix #1816183 - "mount -a" should ignore already mounted bind mounts. +- fix #1747710 - please backport the "uid=forget" and "gid=forget" UDF mount options to libmount +- fix #1784579 - RHEL-7: col struct char_str c_column field should be of unsigned type and/or larger than 16 bit + * Wed Aug 21 2019 Karel Zak 2.23.2-63 - fix #1740572 - libmount ignores empty domain field due to which plain domain option is sent.