diff --git a/backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch b/backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch new file mode 100644 index 0000000000000000000000000000000000000000..81f0f297093ce1bf5c849283ee784dbd31406740 --- /dev/null +++ b/backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch @@ -0,0 +1,28 @@ +From 72f801dbcd99bc1dcbfdb0bf8e1f5d2f1ad753c6 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 24 Jun 2024 09:46:37 +0200 +Subject: [PATCH] cfdisk: fix possible integer overflow [coverity scan] + +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/72f801dbcd99bc1dcbfdb0bf8e1f5d2f1ad753c6 +Conflict:NA +--- + disk-utils/cfdisk.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/disk-utils/cfdisk.c b/disk-utils/cfdisk.c +index 7b619296..2e0aada4 100644 +--- a/disk-utils/cfdisk.c ++++ b/disk-utils/cfdisk.c +@@ -1733,6 +1733,8 @@ static int ui_table_goto(struct cfdisk *cf, int where) + + if (where < 0) + where = 0; ++ if (!nparts) ++ where = 0; + else if ((size_t) where > nparts - 1) + where = nparts - 1; + +-- +2.33.0 + diff --git a/backport-libblkid-apfs-validate-checksums.patch b/backport-libblkid-apfs-validate-checksums.patch new file mode 100644 index 0000000000000000000000000000000000000000..777d53426bf02524f927f73f4689931d6e6edfb4 --- /dev/null +++ b/backport-libblkid-apfs-validate-checksums.patch @@ -0,0 +1,75 @@ +From 2011a616aa533c336f9242f25017ce7043557e4c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Tue, 6 Aug 2024 19:07:48 +0200 +Subject: [PATCH] libblkid: apfs: validate checksums +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The apfs superblock contains a checksum based on Fletcher-64. +Validate the checksum to make the probing more robust. + +Signed-off-by: Thomas Weißschuh +Reference:https://github.com/util-linux/util-linux/commit/2011a616aa533c336f9242f25017ce7043557e4c +Conflict:NA +--- + libblkid/src/superblocks/apfs.c | 36 ++++++++++++++++++++++++++++++++- + 1 file changed, 35 insertions(+), 1 deletion(-) + +diff --git a/libblkid/src/superblocks/apfs.c b/libblkid/src/superblocks/apfs.c +index b7f09f33..4557abcb 100644 +--- a/libblkid/src/superblocks/apfs.c ++++ b/libblkid/src/superblocks/apfs.c +@@ -35,7 +35,38 @@ struct apfs_super_block { + uint64_t read_only_features; + uint64_t incompatible_features; + uint8_t uuid[16]; +-}; ++ ++ uint8_t padding[4008]; // Pad to 4096 bytes for checksum ++} __attribute__((packed)); ++ ++static uint64_t apfs_fletcher64(const uint8_t *buf, size_t size) ++{ ++ uint64_t lo32 = 0, hi32 = 0, csum_hi; ++ uint32_t csum_low; ++ size_t i; ++ ++ for (i = 0; i < size / 4; i++) { ++ lo32 += le32_to_cpu(((uint32_t *)buf)[i]); ++ hi32 += lo32; ++ } ++ ++ csum_low = ~((lo32 + hi32) % UINT32_MAX); ++ csum_hi = ~((lo32 + csum_low) % UINT32_MAX); ++ ++ return csum_hi << 32 | csum_low; ++} ++ ++static int apfs_verify_checksum(blkid_probe pr, ++ const struct apfs_super_block *sb) ++{ ++ const size_t csummed_start_offset = offsetof(__typeof__(*sb), oid); ++ uint64_t csum; ++ ++ csum = apfs_fletcher64(((const uint8_t *)sb) + csummed_start_offset, ++ sizeof(*sb) - csummed_start_offset); ++ ++ return blkid_probe_verify_csum(pr, csum, le64_to_cpu(sb->checksum)); ++} + + static int probe_apfs(blkid_probe pr, const struct blkid_idmag *mag) + { +@@ -45,6 +76,9 @@ static int probe_apfs(blkid_probe pr, const struct blkid_idmag *mag) + if (!sb) + return errno ? -errno : BLKID_PROBE_NONE; + ++ if (!apfs_verify_checksum(pr, sb)) ++ return BLKID_PROBE_NONE; ++ + if (le16_to_cpu(sb->type) != APFS_CONTAINER_SUPERBLOCK_TYPE) + return BLKID_PROBE_NONE; + +-- +2.33.0 + diff --git a/backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch b/backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch new file mode 100644 index 0000000000000000000000000000000000000000..ff86cc21db4374af8455a46718cdeb37796dbee6 --- /dev/null +++ b/backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch @@ -0,0 +1,44 @@ +From 57714290bdc99cab533edbc4a021d6ee3a7cc211 Mon Sep 17 00:00:00 2001 +From: zhangyao +Date: Thu, 4 Jul 2024 16:28:51 +0800 +Subject: [PATCH] lsmem: make lsmem to check for the nodes more robust + +See #3110. +Reference:https://github.com/util-linux/util-linux/commit/57714290bdc99cab533edbc4a021d6ee3a7cc211 +Conflict:NA +--- + sys-utils/lsmem.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/sys-utils/lsmem.c b/sys-utils/lsmem.c +index 3b5ca19a0..7c1be8e83 100644 +--- a/sys-utils/lsmem.c ++++ b/sys-utils/lsmem.c +@@ -485,6 +485,7 @@ static int memory_block_filter(const struct dirent *de) + static void read_basic_info(struct lsmem *lsmem) + { + char dir[PATH_MAX]; ++ int i = 0; + + if (ul_path_access(lsmem->sysmem, F_OK, "block_size_bytes") != 0) + errx(EXIT_FAILURE, _("This system does not support memory blocks")); +@@ -495,8 +496,14 @@ static void read_basic_info(struct lsmem *lsmem) + if (lsmem->ndirs <= 0) + err(EXIT_FAILURE, _("Failed to read %s"), dir); + +- if (memory_block_get_node(lsmem, lsmem->dirs[0]->d_name) != -1) +- lsmem->have_nodes = 1; ++ for (i = 0; i < lsmem->ndirs; i++) ++ { ++ if (memory_block_get_node(lsmem, lsmem->dirs[i]->d_name) != -1) ++ { ++ lsmem->have_nodes = 1; ++ break; ++ } ++ } + + /* The valid_zones sysmem attribute was introduced with kernel 3.18 */ + if (ul_path_access(lsmem->sysmem, F_OK, "memory0/valid_zones") == 0) +-- +2.33.0 + diff --git a/backport-more-make-sure-we-have-data-on-stderr.patch b/backport-more-make-sure-we-have-data-on-stderr.patch new file mode 100644 index 0000000000000000000000000000000000000000..62135816245ee19c3ea62ede80a412dfb8549928 --- /dev/null +++ b/backport-more-make-sure-we-have-data-on-stderr.patch @@ -0,0 +1,97 @@ +From 640b9480bd3efc0f4bc7f38a785d02cda70ec5c3 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 22 Aug 2024 08:56:52 +0200 +Subject: [PATCH] more: make sure we have data on stderr +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +more(1) uses more_poll() to monitor data on stdin, stderr, and +signals. It is used before read_command(), but this function only +reads from stderr. Therefore, if any other non-stderr event occurs, +this function will wait on read(). In this case, more(1) will not +react to signals anymore. We need to ensure that more(1) only waits in +more_poll(). + +Try + + for x in {1..1000}; do echo "line $x"; done | more + +to reproduce. + +Reported-by: Radka Skvarilova +Signed-off-by: Karel Zak +Reference:https://github.com/util-linux/util-linux/commit/640b9480bd3efc0f4bc7f38a785d02cda70ec5c3 +Conflict:NA +--- + text-utils/more.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/text-utils/more.c b/text-utils/more.c +index 4c225331..953e94db 100644 +--- a/text-utils/more.c ++++ b/text-utils/more.c +@@ -1350,7 +1350,7 @@ static void read_line(struct more_control *ctl) + } + + /* returns: 0 timeout or nothing; <0 error, >0 success */ +-static int more_poll(struct more_control *ctl, int timeout) ++static int more_poll(struct more_control *ctl, int timeout, int *stderr_active) + { + enum { + POLLFD_SIGNAL = 0, +@@ -1364,6 +1364,9 @@ static int more_poll(struct more_control *ctl, int timeout) + }; + int has_data = 0; + ++ if (stderr_active) ++ *stderr_active = 0; ++ + while (!has_data) { + int rc; + +@@ -1430,8 +1433,11 @@ static int more_poll(struct more_control *ctl, int timeout) + } + + /* event on stderr (we reads user commands from stderr!) */ +- if (pfd[POLLFD_STDERR].revents) ++ if (pfd[POLLFD_STDERR].revents) { + has_data++; ++ if (stderr_active) ++ *stderr_active = 1; ++ } + } + + return has_data; +@@ -1502,7 +1508,7 @@ static void search(struct more_control *ctl, char buf[], int n) + } + break; + } +- more_poll(ctl, 0); ++ more_poll(ctl, 0, NULL); + } + /* Move ctrl+c signal handling back to more_key_command(). */ + signal(SIGINT, SIG_DFL); +@@ -1656,7 +1662,7 @@ static int skip_forwards(struct more_control *ctl, int nlines, cc_t comchar) + static int more_key_command(struct more_control *ctl, char *filename) + { + int retval = 0; +- int done = 0, search_again = 0; ++ int done = 0, search_again = 0, stderr_active = 0; + char cmdbuf[INIT_BUF]; + struct number_command cmd; + +@@ -1666,7 +1672,9 @@ static int more_key_command(struct more_control *ctl, char *filename) + ctl->report_errors = 0; + ctl->search_called = 0; + for (;;) { +- if (more_poll(ctl, -1) <= 0) ++ if (more_poll(ctl, -1, &stderr_active) <= 0) ++ continue; ++ if (stderr_active == 0) + continue; + cmd = read_command(ctl); + if (cmd.key == more_kc_unknown_command) +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index 3b39715a1118ed0a121e5b74b544fd6b1c8af6e0..36c0021455c6fe16a9e7014c29df18cb9600cc65 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.37.2 -Release: 37 +Release: 38 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -155,6 +155,10 @@ Patch6133: backport-wall-fix-possible-memory-leak.patch Patch6134: backport-wall-make-sure-unsigned-variable-not-underflow.patch Patch6135: backport-Fix-ul_path_read_buffer.patch Patch6136: backport-login-su-pam_end-compliance.patch +Patch6137: backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch +Patch6138: backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch +Patch6139: backport-more-make-sure-we-have-data-on-stderr.patch +Patch6140: backport-libblkid-apfs-validate-checksums.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: SKIPPED-no-root-permissions-test.patch @@ -533,6 +537,16 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Mon Nov 04 2024 zhangyao - 2.37.2-38 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync community patches + [add]backport-lsmem-make-lsmem-to-check-for-the-nodes-more-robust.patch + backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patch + backport-more-make-sure-we-have-data-on-stderr.patch + backport-libblkid-apfs-validate-checksums.patch + * Mon Aug 5 2024 liyuzhe - 2.37.2-37 - Fixed incorrect macro usage in summary fields of devel and help subpackages