From 4d9642da30a30a1dfd6d2e8445a3a821ba904c9d Mon Sep 17 00:00:00 2001 From: zhangyao Date: Wed, 8 Mar 2023 11:00:15 +0800 Subject: [PATCH] sync community patches (cherry picked from commit ef94723c9efb49e176facfc11ccea8a5c3a61fce) --- ..._get_limits-always-initialize-memory.patch | 25 ++++++ ...avoid-undefined-signed-integer-shift.patch | 37 +++++++++ ...60.h-use-more-correct-function-types.patch | 80 +++++++++++++++++++ ...ldattach-fix-intro-command-and-pause.patch | 31 +++++++ ...t-lib-pager-fix-signal-safety-issues.patch | 39 +++++++++ ...ix-misaligned-address-in-probe_exfat.patch | 42 ++++++++++ ...ort-login-never-send-signals-to-init.patch | 41 ++++++++++ ...do-not-use-uninitialized-stack-value.patch | 46 +++++++++++ ...tl-mark-flags-field-as-unsigned-long.patch | 43 ++++++++++ util-linux.spec | 26 +++++- 10 files changed, 409 insertions(+), 1 deletion(-) create mode 100644 backport-ipc_msg_get_limits-always-initialize-memory.patch create mode 100644 backport-iso9660.h-avoid-undefined-signed-integer-shift.patch create mode 100644 backport-iso9660.h-use-more-correct-function-types.patch create mode 100644 backport-ldattach-fix-intro-command-and-pause.patch create mode 100644 backport-lib-pager-fix-signal-safety-issues.patch create mode 100644 backport-libblkid-fix-misaligned-address-in-probe_exfat.patch create mode 100644 backport-login-never-send-signals-to-init.patch create mode 100644 backport-mkswap-do-not-use-uninitialized-stack-value.patch create mode 100644 backport-wdctl-mark-flags-field-as-unsigned-long.patch diff --git a/backport-ipc_msg_get_limits-always-initialize-memory.patch b/backport-ipc_msg_get_limits-always-initialize-memory.patch new file mode 100644 index 0000000..690f94a --- /dev/null +++ b/backport-ipc_msg_get_limits-always-initialize-memory.patch @@ -0,0 +1,25 @@ +From 970ed62e716d1cb347e983c9a96647be5455e713 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sat, 7 Jan 2023 14:36:11 +0000 +Subject: [PATCH] ipc_msg_get_limits: always initialize memory + +--- + sys-utils/ipcutils.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sys-utils/ipcutils.c b/sys-utils/ipcutils.c +index 226a43111..305ddd700 100644 +--- a/sys-utils/ipcutils.c ++++ b/sys-utils/ipcutils.c +@@ -18,6 +18,8 @@ + + int ipc_msg_get_limits(struct ipc_limits *lim) + { ++ memset(lim, 0, sizeof(*lim)); ++ + if (access(_PATH_PROC_IPC_MSGMNI, F_OK) == 0 && + access(_PATH_PROC_IPC_MSGMNB, F_OK) == 0 && + access(_PATH_PROC_IPC_MSGMAX, F_OK) == 0) { +-- +2.27.0 + diff --git a/backport-iso9660.h-avoid-undefined-signed-integer-shift.patch b/backport-iso9660.h-avoid-undefined-signed-integer-shift.patch new file mode 100644 index 0000000..3046618 --- /dev/null +++ b/backport-iso9660.h-avoid-undefined-signed-integer-shift.patch @@ -0,0 +1,37 @@ +From 893fe60d0b8f14d9a3022f6f95637e43b17f1b8b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 13 Dec 2022 02:40:02 +0000 +Subject: [PATCH] iso9660.h: avoid undefined signed integer shift + +When the high bit in p[3] is set we would overflow our signed 4-byte +integer result value. +Force an unsigned type instead. +--- + include/iso9660.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/iso9660.h b/include/iso9660.h +index cbc45dbb4..ed402d8c8 100644 +--- a/include/iso9660.h ++++ b/include/iso9660.h +@@ -34,7 +34,7 @@ static inline uint32_t isonum_731(const unsigned char *p) + return ((p[0] & 0xff) + | ((p[1] & 0xff) << 8) + | ((p[2] & 0xff) << 16) +- | ((p[3] & 0xff) << 24)); ++ | (((uint32_t) p[3] & 0xff) << 24)); + } + + static inline uint32_t isonum_732(const unsigned char *p) +@@ -42,7 +42,7 @@ static inline uint32_t isonum_732(const unsigned char *p) + return ((p[3] & 0xff) + | ((p[2] & 0xff) << 8) + | ((p[1] & 0xff) << 16) +- | ((p[0] & 0xff) << 24)); ++ | (((uint32_t) p[0] & 0xff) << 24)); + } + + static inline uint32_t isonum_733(const unsigned char *p, bool check_match) +-- +2.27.0 + diff --git a/backport-iso9660.h-use-more-correct-function-types.patch b/backport-iso9660.h-use-more-correct-function-types.patch new file mode 100644 index 0000000..b02a7fb --- /dev/null +++ b/backport-iso9660.h-use-more-correct-function-types.patch @@ -0,0 +1,80 @@ +From 9fc18efe956956be078fbbcea2144f0bb1b33b30 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 13 Dec 2022 02:38:27 +0000 +Subject: [PATCH] iso9660.h: use more correct function types + +--- + include/iso9660.h | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/include/iso9660.h b/include/iso9660.h +index 73decd998..cbc45dbb4 100644 +--- a/include/iso9660.h ++++ b/include/iso9660.h +@@ -2,25 +2,26 @@ + #define UTIL_LINUX_ISO_H + + #include ++#include + + #include "c.h" + +-static inline int isonum_721(unsigned char *p) ++static inline uint16_t isonum_721(const unsigned char *p) + { + return ((p[0] & 0xff) + | ((p[1] & 0xff) << 8)); + } + +-static inline int isonum_722(unsigned char *p) ++static inline uint16_t isonum_722(const unsigned char *p) + { + return ((p[1] & 0xff) + | ((p[0] & 0xff) << 8)); + } + +-static inline int isonum_723(unsigned char *p, bool check_match) ++static inline uint16_t isonum_723(const unsigned char *p, bool check_match) + { +- int le = isonum_721(p); +- int be = isonum_722(p + 2); ++ uint16_t le = isonum_721(p); ++ uint16_t be = isonum_722(p + 2); + + if (check_match && le != be) + /* translation is useless */ +@@ -28,7 +29,7 @@ static inline int isonum_723(unsigned char *p, bool check_match) + return (le); + } + +-static inline int isonum_731(unsigned char *p) ++static inline uint32_t isonum_731(const unsigned char *p) + { + return ((p[0] & 0xff) + | ((p[1] & 0xff) << 8) +@@ -36,7 +37,7 @@ static inline int isonum_731(unsigned char *p) + | ((p[3] & 0xff) << 24)); + } + +-static inline int isonum_732(unsigned char *p) ++static inline uint32_t isonum_732(const unsigned char *p) + { + return ((p[3] & 0xff) + | ((p[2] & 0xff) << 8) +@@ -44,10 +45,10 @@ static inline int isonum_732(unsigned char *p) + | ((p[0] & 0xff) << 24)); + } + +-static inline int isonum_733(unsigned char *p, bool check_match) ++static inline uint32_t isonum_733(const unsigned char *p, bool check_match) + { +- int le = isonum_731(p); +- int be = isonum_732(p + 4); ++ uint32_t le = isonum_731(p); ++ uint32_t be = isonum_732(p + 4); + + if (check_match && le != be) + /* translation is useless */ +-- +2.27.0 + diff --git a/backport-ldattach-fix-intro-command-and-pause.patch b/backport-ldattach-fix-intro-command-and-pause.patch new file mode 100644 index 0000000..d6a5eb3 --- /dev/null +++ b/backport-ldattach-fix-intro-command-and-pause.patch @@ -0,0 +1,31 @@ +From 5bd28f494ece506daa58861bf46e726c3958021e Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 5 Dec 2022 12:36:42 +0100 +Subject: [PATCH] ldattach: fix --intro-command and --pause + +The long version of the command line options should not ignore arguments. + +Fixes: https://github.com/util-linux/util-linux/issues/1940 +Signed-off-by: Karel Zak +--- + sys-utils/ldattach.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sys-utils/ldattach.c b/sys-utils/ldattach.c +index 3c853f829..0a6b6f2d2 100644 +--- a/sys-utils/ldattach.c ++++ b/sys-utils/ldattach.c +@@ -303,8 +303,8 @@ int main(int argc, char **argv) + {"help", no_argument, NULL, 'h'}, + {"version", no_argument, NULL, 'V'}, + {"debug", no_argument, NULL, 'd'}, +- {"intro-command", no_argument, NULL, 'c'}, +- {"pause", no_argument, NULL, 'p'}, ++ {"intro-command", required_argument, NULL, 'c'}, ++ {"pause", required_argument, NULL, 'p'}, + {NULL, 0, NULL, 0} + }; + +-- +2.27.0 + diff --git a/backport-lib-pager-fix-signal-safety-issues.patch b/backport-lib-pager-fix-signal-safety-issues.patch new file mode 100644 index 0000000..a0fe493 --- /dev/null +++ b/backport-lib-pager-fix-signal-safety-issues.patch @@ -0,0 +1,39 @@ +From 518a0ad4d9c586ca69d3cf924a4328361f6b2a80 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= +Date: Sun, 15 Jan 2023 01:33:14 +0000 +Subject: [PATCH] lib:pager: fix signal safety issues + +- Cannot use stdio in signal handlers, so you cannot safely call + fflush. +- cannot call exit() but only _exit() +--- + lib/pager.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/pager.c b/lib/pager.c +index e5bd07a47..8f62310c0 100644 +--- a/lib/pager.c ++++ b/lib/pager.c +@@ -114,7 +114,9 @@ static int wait_or_whine(pid_t pid) + if (waiting < 0) { + if (errno == EINTR) + continue; +- err(EXIT_FAILURE, _("waitpid failed (%s)"), strerror(errno)); ++ /* Can't err() on signal handler */ ++ ignore_result(write(STDERR_FILENO, "waitpid failed", 14)); ++ _exit(EXIT_FAILURE); + } + if (waiting != pid) + return -1; +@@ -163,8 +165,6 @@ static void wait_for_pager(void) + if (pager_process.pid == 0) + return; + +- fflush(stdout); +- fflush(stderr); + /* signal EOF to pager */ + close(STDOUT_FILENO); + close(STDERR_FILENO); +-- +2.27.0 + diff --git a/backport-libblkid-fix-misaligned-address-in-probe_exfat.patch b/backport-libblkid-fix-misaligned-address-in-probe_exfat.patch new file mode 100644 index 0000000..ae5bec3 --- /dev/null +++ b/backport-libblkid-fix-misaligned-address-in-probe_exfat.patch @@ -0,0 +1,42 @@ +From 2a71e291d0fe247d7ca62775e47865dda4b2acfd Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Thu, 24 Nov 2022 10:54:01 +0100 +Subject: [PATCH] libblkid: fix misaligned-address in probe_exfat + +Value checked in le32_to_cpu() needs to be properly +aligned. Just copy the value temporarily for conversion. + +Fix OSS-Fuzz issue 53696 +--- + libblkid/src/superblocks/exfat.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/libblkid/src/superblocks/exfat.c b/libblkid/src/superblocks/exfat.c +index 323e375..34b7ef3 100644 +--- a/libblkid/src/superblocks/exfat.c ++++ b/libblkid/src/superblocks/exfat.c +@@ -69,16 +69,17 @@ static uint64_t cluster_to_offset(const struct exfat_super_block *sb, + static uint32_t next_cluster(blkid_probe pr, + const struct exfat_super_block *sb, uint32_t cluster) + { +- uint32_t *next; ++ uint32_t *nextp, next; + uint64_t fat_offset; + + fat_offset = block_to_offset(sb, le32_to_cpu(sb->fat_block_start)) + + (uint64_t) cluster * sizeof(cluster); +- next = (uint32_t *) blkid_probe_get_buffer(pr, fat_offset, ++ nextp = (uint32_t *) blkid_probe_get_buffer(pr, fat_offset, + sizeof(uint32_t)); +- if (!next) ++ if (!nextp) + return 0; +- return le32_to_cpu(*next); ++ memcpy(&next, nextp, sizeof(next)); ++ return le32_to_cpu(next); + } + + static struct exfat_entry_label *find_label(blkid_probe pr, +-- +2.33.0 + diff --git a/backport-login-never-send-signals-to-init.patch b/backport-login-never-send-signals-to-init.patch new file mode 100644 index 0000000..6529e85 --- /dev/null +++ b/backport-login-never-send-signals-to-init.patch @@ -0,0 +1,41 @@ +From 4bbda92cdd0ceacc982f759d97d35b1617a8beba Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Wed, 11 Jan 2023 11:57:21 +0000 +Subject: [PATCH] login: never send signals to init + +If the signal handler is triggered after a failed fork attempt, then +child_pid will be -1. This in turn leads to a positive test and a +subsequent call of kill(1, signal). If signal was SIGTERM, then there +will be also another kill(1, SIGHUP) call. + +Test explicitly for a positive child_pid value to prevent these cases. + +Signed-off-by: Samanta Navarro +--- + login-utils/login.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/login-utils/login.c b/login-utils/login.c +index 2c146b977..74bdf38a4 100644 +--- a/login-utils/login.c ++++ b/login-utils/login.c +@@ -203,12 +203,12 @@ static void timedout(int sig __attribute__((__unused__))) + */ + static void sig_handler(int signal) + { +- if (child_pid) ++ if (child_pid > 0) { + kill(-child_pid, signal); +- else ++ if (signal == SIGTERM) ++ kill(-child_pid, SIGHUP); /* because the shell often ignores SIGTERM */ ++ } else + got_sig = 1; +- if (signal == SIGTERM) +- kill(-child_pid, SIGHUP); /* because the shell often ignores SIGTERM */ + } + + /* +-- +2.27.0 + diff --git a/backport-mkswap-do-not-use-uninitialized-stack-value.patch b/backport-mkswap-do-not-use-uninitialized-stack-value.patch new file mode 100644 index 0000000..45d7875 --- /dev/null +++ b/backport-mkswap-do-not-use-uninitialized-stack-value.patch @@ -0,0 +1,46 @@ +From 6c88722c175adca5b1a72bcc770f94674405b7f4 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Fri, 13 Jan 2023 11:53:41 +0000 +Subject: [PATCH] mkswap: do not use uninitialized stack value + +If blkdev_get_size fails, then size is not set. Exit with an error code +and indicate what went wrong instead of continuing with random stack +content. + +Proof of Concept: + +``` +$ mkswap /dev/null +mkswap: warning: truncating swap area to 17179869180 KiB +mkswap: /dev/null: insecure permissions 0666, fix with: chmod 0600 /dev/null +mkswap: unable to assign device to libblkid probe +``` + +The first output line depends on stack content and sometimes does not +show up at all. Abort operation if argument is neither regular file nor +block device. + +Signed-off-by: Samanta Navarro +--- + disk-utils/mkswap.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c +index 7e2164704..bd0230177 100644 +--- a/disk-utils/mkswap.c ++++ b/disk-utils/mkswap.c +@@ -345,8 +345,9 @@ static unsigned long long get_size(const struct mkswap_control *ctl) + fd = open(ctl->devname, O_RDONLY); + if (fd < 0) + err(EXIT_FAILURE, _("cannot open %s"), ctl->devname); +- if (blkdev_get_size(fd, &size) == 0) +- size /= ctl->pagesize; ++ if (blkdev_get_size(fd, &size) < 0) ++ err(EXIT_FAILURE, _("cannot determine size of %s"), ctl->devname); ++ size /= ctl->pagesize; + + close(fd); + return size; +-- +2.27.0 + diff --git a/backport-wdctl-mark-flags-field-as-unsigned-long.patch b/backport-wdctl-mark-flags-field-as-unsigned-long.patch new file mode 100644 index 0000000..3ed728d --- /dev/null +++ b/backport-wdctl-mark-flags-field-as-unsigned-long.patch @@ -0,0 +1,43 @@ +From f36f3251c564991070c6b2c2347a999a56564e63 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 8 Jan 2023 03:29:51 +0000 +Subject: [PATCH] wdctl: mark flags field as unsigned long + +This is required by string_to_bitmask(). +The previous cast failed on s390x with the following warning: + +In function 'string_to_bitmask', + inlined from 'string_to_bitmask' at lib/strutils.c:802:5, + inlined from 'main' at sys-utils/wdctl.c:770:8: +lib/strutils.c:829:23: error: write of 64-bit data outside the bound of destination object, data truncated into 32-bit [-Werror=extra] + 829 | *mask |= flag; + | +--- + sys-utils/wdctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sys-utils/wdctl.c b/sys-utils/wdctl.c +index 8de5d5a..f0d2e8d 100644 +--- a/sys-utils/wdctl.c ++++ b/sys-utils/wdctl.c +@@ -592,7 +592,7 @@ int main(int argc, char *argv[]) + struct wd_device wd; + struct wd_control ctl = { .hide_headings = 0 }; + int c, res = EXIT_SUCCESS, count = 0; +- uint32_t wanted = 0; ++ unsigned long wanted = 0; + int timeout = 0; + const char *dflt_device = NULL; + +@@ -640,7 +640,7 @@ int main(int argc, char *argv[]) + timeout = strtos32_or_err(optarg, _("invalid timeout argument")); + break; + case 'f': +- if (string_to_bitmask(optarg, (unsigned long *) &wanted, name2bit) != 0) ++ if (string_to_bitmask(optarg, &wanted, name2bit) != 0) + return EXIT_FAILURE; + break; + case 'F': +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index 3e38b5d..9cead94 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 15 +Release: 16 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -62,6 +62,15 @@ Patch6040: backport-logger-always-update-header-when-read-from-stdin.patch Patch6041: backport-libblkid-use-checksum-for-jmicron.patch Patch6042: backport-libblkid-cleanup-indentation.patch Patch6043: backport-libblkid-fix-jmicron-checksum-and-LE-to-CPU.patch +Patch6044: backport-libblkid-fix-misaligned-address-in-probe_exfat.patch +Patch6045: backport-ldattach-fix-intro-command-and-pause.patch +Patch6046: backport-iso9660.h-use-more-correct-function-types.patch +Patch6047: backport-iso9660.h-avoid-undefined-signed-integer-shift.patch +Patch6048: backport-ipc_msg_get_limits-always-initialize-memory.patch +Patch6049: backport-wdctl-mark-flags-field-as-unsigned-long.patch +Patch6050: backport-login-never-send-signals-to-init.patch +Patch6051: backport-mkswap-do-not-use-uninitialized-stack-value.patch +Patch6052: backport-lib-pager-fix-signal-safety-issues.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -432,6 +441,21 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Wed Mar 8 2023 zhangyao - 2.37.2-16 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync community patches + [add] backport-libblkid-fix-misaligned-address-in-probe_exfat.patch + backport-ldattach-fix-intro-command-and-pause.patch + backport-iso9660.h-use-more-correct-function-types.patch + backport-iso9660.h-avoid-undefined-signed-integer-shift.patch + backport-ipc_msg_get_limits-always-initialize-memory.patch + backport-wdctl-mark-flags-field-as-unsigned-long.patch + backport-login-never-send-signals-to-init.patch + backport-mkswap-do-not-use-uninitialized-stack-value.patch + backport-lib-pager-fix-signal-safety-issues.patch + * Wed Mar 1 2023 zhangyao - 2.37.2-15 - Type:bugfix - CVE:NA -- Gitee