diff --git a/backport-Fix-ul_path_read_buffer.patch b/backport-Fix-ul_path_read_buffer.patch new file mode 100644 index 0000000000000000000000000000000000000000..44b93727e8c8eb2be9b9dd47dcc23752479bcc94 --- /dev/null +++ b/backport-Fix-ul_path_read_buffer.patch @@ -0,0 +1,27 @@ +From 6273c12257973cbd3c59a710049ee8a8027bbbb1 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 9 May 2024 12:32:31 +0200 +Subject: [PATCH] Fix ul_path_read_buffer() + +The current implementation cuts off the last character of the buffer +if there is no trailing newline. +--- + lib/path.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/path.c b/lib/path.c +index 202f19ac4..f897599fd 100644 +--- a/lib/path.c ++++ b/lib/path.c +@@ -682,7 +682,7 @@ int ul_path_read_buffer(struct path_cxt *pc, char *buf, size_t bufsz, const char + if (*(buf + rc - 1) == '\n') + buf[--rc] = '\0'; + else +- buf[rc - 1] = '\0'; ++ buf[rc] = '\0'; + } + + return rc; +-- +2.33.0 + diff --git a/backport-fsck.minix-fix-possible-overrun.patch b/backport-fsck.minix-fix-possible-overrun.patch new file mode 100644 index 0000000000000000000000000000000000000000..9d6fe6a587b04fea3f12c017c656e6db50245b7e --- /dev/null +++ b/backport-fsck.minix-fix-possible-overrun.patch @@ -0,0 +1,26 @@ +From a972f4096b7c730acf57db35df01ea3788de986a Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 30 Apr 2024 11:04:32 +0200 +Subject: [PATCH] fsck.minix: fix possible overrun + +Signed-off-by: Karel Zak +--- + disk-utils/fsck.minix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/disk-utils/fsck.minix.c b/disk-utils/fsck.minix.c +index 03a47460e..08903587b 100644 +--- a/disk-utils/fsck.minix.c ++++ b/disk-utils/fsck.minix.c +@@ -548,7 +548,7 @@ get_dirsize(void) { + block = Inode[ROOT_INO].i_zone[0]; + read_block(block, blk); + +- for (size = 16; size < MINIX_BLOCK_SIZE; size <<= 1) { ++ for (size = 16; size + 2 < MINIX_BLOCK_SIZE; size <<= 1) { + if (strcmp(blk + size + 2, "..") == 0) { + dirsize = size; + namelen = size - 2; +-- +2.33.0 + diff --git a/backport-wall-fix-possible-memory-leak.patch b/backport-wall-fix-possible-memory-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..d696ced1a1589158ade13d39ed710235a918acb6 --- /dev/null +++ b/backport-wall-fix-possible-memory-leak.patch @@ -0,0 +1,38 @@ +From 828f6506b488a67d26ea8b7c50042a505c450b79 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 29 Apr 2024 15:25:58 +0200 +Subject: [PATCH] wall: fix possible memory leak + +Signed-off-by: Karel Zak +--- + term-utils/wall.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index 588d3a963..4937bdc80 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -324,10 +324,10 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, + + if (print_banner == TRUE) { + char *hostname = xgethostname(); +- char *whom, *where, date[CTIME_BUFSIZ]; ++ char *whombuf, *whom, *where, date[CTIME_BUFSIZ]; + time_t now; + +- whom = xgetlogin(); ++ whombuf = whom = xgetlogin(); + if (!whom) { + whom = ""; + warn(_("cannot get passwd uid")); +@@ -358,6 +358,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, + whom, hostname, where, date); + fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf); + free(hostname); ++ free(whombuf); + } + fprintf(fs, "%*s\r\n", TERM_WIDTH, " "); + +-- +2.33.0 + diff --git a/backport-wall-make-sure-unsigned-variable-not-underflow.patch b/backport-wall-make-sure-unsigned-variable-not-underflow.patch new file mode 100644 index 0000000000000000000000000000000000000000..60a93eb680d277ee1b834df0b6b0e51425139a9b --- /dev/null +++ b/backport-wall-make-sure-unsigned-variable-not-underflow.patch @@ -0,0 +1,26 @@ +From 1658c0150e4a3d87d1e36b7755de0079e2e6a133 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 29 Apr 2024 14:55:16 +0200 +Subject: [PATCH] wall: make sure unsigned variable not underflow + +Signed-off-by: Karel Zak +--- + term-utils/ttymsg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/ttymsg.c b/term-utils/ttymsg.c +index faa0344fe..ef7e35899 100644 +--- a/term-utils/ttymsg.c ++++ b/term-utils/ttymsg.c +@@ -123,7 +123,7 @@ ttymsg(struct iovec *iov, size_t iovcnt, char *line, int tmout) { + iovcnt * sizeof(struct iovec)); + iov = localiov; + } +- for (cnt = 0; wret >= (ssize_t) iov->iov_len; ++cnt) { ++ for (cnt = 0; wret >= (ssize_t) iov->iov_len && iovcnt > 0; ++cnt) { + wret -= iov->iov_len; + ++iov; + --iovcnt; +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index 8a8f72d83b836bb01bd2dd80ed89e2bd5688705e..7cc95007fba1be677e606f6f4bea543919bb6915 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 33 +Release: 34 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -150,6 +150,10 @@ Patch6128: backport-hexdump-check-blocksize-when-display-data.patch Patch6129: backport-lslocks-fix-buffer-overflow.patch Patch6130: backport-last-avoid-out-of-bounds-array-access.patch Patch6131: backport-lsipc-fix-semaphore-USED-counter.patch +Patch6132: backport-fsck.minix-fix-possible-overrun.patch +Patch6133: backport-wall-fix-possible-memory-leak.patch +Patch6134: backport-wall-make-sure-unsigned-variable-not-underflow.patch +Patch6135: backport-Fix-ul_path_read_buffer.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -527,6 +531,16 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Sat Jun 29 2024 zhangyao - 2.37.2-34 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync community patches + [add]backport-Fix-ul_path_read_buffer.patch + backport-fsck.minix-fix-possible-overrun.patch + backport-wall-fix-possible-memory-leak.patch + backport-wall-make-sure-unsigned-variable-not-underflow.patch + * Tue Jun 18 2024 hefq343 - 2.37.2-33 - Type:update - CVE:NA