From 22f1bc892e9afa496aa76d068d8660eb1161a2f7 Mon Sep 17 00:00:00 2001 From: zhangyao Date: Mon, 3 Mar 2025 20:09:13 +0800 Subject: [PATCH] backport community patches --- backport-dmesg-fix-notime-use.patch | 51 +++++++ ...-libblkid-fix-potential-memory-leaks.patch | 59 ++++++++ ...rious-ext-superblock-checksum-mismat.patch | 128 ++++++++++++++++++ ...memory-leak-in-parse_groups-function.patch | 37 +++++ backport-sulogin-fix-POSIX-locale-use.patch | 52 +++++++ ...d-NULL-check-for-mnt_fs_get_target-r.patch | 41 ++++++ ...avoid-accessing-uninitialized-memory.patch | 27 ++++ util-linux.spec | 22 ++- 8 files changed, 416 insertions(+), 1 deletion(-) create mode 100644 backport-dmesg-fix-notime-use.patch create mode 100644 backport-libblkid-fix-potential-memory-leaks.patch create mode 100644 backport-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch create mode 100644 backport-setpriv.c-fix-memory-leak-in-parse_groups-function.patch create mode 100644 backport-sulogin-fix-POSIX-locale-use.patch create mode 100644 backport-sys-utils-fix-add-NULL-check-for-mnt_fs_get_target-r.patch create mode 100644 backport-whereis-avoid-accessing-uninitialized-memory.patch diff --git a/backport-dmesg-fix-notime-use.patch b/backport-dmesg-fix-notime-use.patch new file mode 100644 index 0000000..30e3c76 --- /dev/null +++ b/backport-dmesg-fix-notime-use.patch @@ -0,0 +1,51 @@ +From ddb558e87f96aac76c7d38701e61e89583d651a5 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 3 Feb 2025 11:29:44 +0100 +Subject: [PATCH] dmesg: fix --notime use + +The --notime command line option disables parsing of timestamps from +kmsg. This is a bug because the timestamps can be used for operations +other than just output. For example, they can be used for filters like +--since (dmesg --since '1 day ago' --notime). + +Addresses: https://github.com/util-linux/util-linux/issues/3392 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/ddb558e87f96aac76c7d38701e61e89583d651a5 +Conflict:context adapt +--- + sys-utils/dmesg.c | 11 ++--------- + 1 file changed, 2 insertions(+), 9 deletions(-) + +diff --git a/sys-utils/dmesg.c b/sys-utils/dmesg.c +index 5c58010..3c883a8 100644 +--- a/sys-utils/dmesg.c ++++ b/sys-utils/dmesg.c +@@ -752,11 +752,7 @@ static int get_next_syslog_record(struct dmesg_control *ctl, + if (*begin == '[' && (*(begin + 1) == ' ' || + isdigit(*(begin + 1)))) { + +- if (!is_timefmt(ctl, NONE)) +- begin = parse_syslog_timestamp(begin + 1, &rec->tv); +- else +- begin = skip_item(begin, end, "]"); +- ++ begin = parse_syslog_timestamp(begin + 1, &rec->tv); + if (begin < end && *begin == ' ') + begin++; + } +@@ -1205,10 +1201,7 @@ static int parse_kmsg_record(struct dmesg_control *ctl, + goto mesg; + + /* C) timestamp */ +- if (is_timefmt(ctl, NONE)) +- p = skip_item(p, end, ",;"); +- else +- p = parse_kmsg_timestamp(p, &rec->tv); ++ p = parse_kmsg_timestamp(p, &rec->tv); + if (LAST_KMSG_FIELD(p)) + goto mesg; + +-- +2.33.0 + diff --git a/backport-libblkid-fix-potential-memory-leaks.patch b/backport-libblkid-fix-potential-memory-leaks.patch new file mode 100644 index 0000000..ce598f0 --- /dev/null +++ b/backport-libblkid-fix-potential-memory-leaks.patch @@ -0,0 +1,59 @@ +From dfe1c4bc742ed3f53c06bb232ebc1f5fadd0881e Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 13 Jan 2025 11:26:06 +0100 +Subject: [PATCH] libblkid: fix potential memory leaks + +Addresses: https://github.com/util-linux/util-linux/pull/3356 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/dfe1c4bc742ed3f53c06bb232ebc1f5fadd0881e +Conflict:NA +--- + libblkid/src/save.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libblkid/src/save.c b/libblkid/src/save.c +index 1a617c07..295924e1 100644 +--- a/libblkid/src/save.c ++++ b/libblkid/src/save.c +@@ -109,7 +109,8 @@ int blkid_flush_cache(blkid_cache cache) + && errno != EEXIST) { + DBG(SAVE, ul_debug("can't create %s directory for cache file", + BLKID_RUNTIME_DIR)); +- return 0; ++ ret = 0; ++ goto done; + } + } + +@@ -117,7 +118,8 @@ int blkid_flush_cache(blkid_cache cache) + if (((ret = stat(filename, &st)) < 0 && errno != ENOENT) || + (ret == 0 && access(filename, W_OK) < 0)) { + DBG(SAVE, ul_debug("can't write to cache file %s", filename)); +- return 0; ++ ret = 0; ++ goto done; + } + + /* +@@ -154,7 +156,7 @@ int blkid_flush_cache(blkid_cache cache) + + if (!file) { + ret = errno; +- goto errout; ++ goto done; + } + + list_for_each(p, &cache->bic_devs) { +@@ -201,7 +203,7 @@ int blkid_flush_cache(blkid_cache cache) + } + } + +-errout: ++done: + free(tmp); + if (filename != cache->bic_filename) + free(filename); +-- +2.33.0 + diff --git a/backport-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch b/backport-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch new file mode 100644 index 0000000..c294cd3 --- /dev/null +++ b/backport-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch @@ -0,0 +1,128 @@ +From 483c9f38e377ff0b009f546a2c4ee91a1d61588c Mon Sep 17 00:00:00 2001 +From: Krister Johansen +Date: Mon, 18 Nov 2024 12:35:22 -0800 +Subject: [PATCH] libblkid: fix spurious ext superblock checksum mismatches + +Reads of ext superblocks can race with updates. If libblkid observes a +checksum mismatch, re-read the superblock with O_DIRECT in order to get +a consistent view of its contents. Only if the O_DIRECT read fails the +checksum should it be reported to have failed. + +This fixes a problem where devices that were named by filesystem label +failed to be found when systemd attempted to mount them on boot. The +problem was caused by systemd-udevd using libblkid. If a read of a +superblock resulted in a checksum mismatch, udev will remove the +by-label links which result in the mount call failing to find the +device. The checksum mismatch that was triggering the problem was +spurious, and when we use O_DIRECT, or even perform a subsequent retry, +the superblock is correctly read. This resulted in a failure to mount +/boot in one out of every 2,000 or so attempts in our environment. + +e2fsprogs fixed[1] an identical version of this bug that afflicted +resize2fs during online grow operations when run from cloud-init. The +fix there was also to use O_DIRECT in order to read the superblock. +This patch uses a similar approach: read the superblock with O_DIRECT in +the case where a bad checksum is detected. + +[1] https://lore.kernel.org/linux-ext4/20230609042239.GA1436857@mit.edu/ + +Signed-off-by: Krister Johansen + +Reference:https://github.com/util-linux/util-linux/commit/483c9f38e377ff0b009f546a2c4ee91a1d61588c +Conflict:context adapt +--- + libblkid/src/blkidP.h | 5 +++++ + libblkid/src/probe.c | 27 +++++++++++++++++++++++++++ + libblkid/src/superblocks/ext.c | 22 ++++++++++++++++++++-- + 3 files changed, 52 insertions(+), 2 deletions(-) + +diff --git a/libblkid/src/blkidP.h b/libblkid/src/blkidP.h +index af949c0..37d8b67 100644 +--- a/libblkid/src/blkidP.h ++++ b/libblkid/src/blkidP.h +@@ -412,6 +412,11 @@ extern unsigned char *blkid_probe_get_buffer(blkid_probe pr, + __attribute__((nonnull)) + __attribute__((warn_unused_result)); + ++extern const unsigned char *blkid_probe_get_buffer_direct(blkid_probe pr, ++ uint64_t off, uint64_t len) ++ __attribute__((nonnull)) ++ __attribute__((warn_unused_result)); ++ + extern unsigned char *blkid_probe_get_sector(blkid_probe pr, unsigned int sector) + __attribute__((nonnull)) + __attribute__((warn_unused_result)); +diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c +index 0e716b5..1b41498 100644 +--- a/libblkid/src/probe.c ++++ b/libblkid/src/probe.c +@@ -717,6 +717,33 @@ unsigned char *blkid_probe_get_buffer(blkid_probe pr, uint64_t off, uint64_t len + return real_off ? bf->data + (real_off - bf->off + bias) : bf->data + bias; + } + ++/* ++ * This is blkid_probe_get_buffer with the read done as an O_DIRECT operation. ++ * Note that @off is offset within probing area, the probing area is defined by ++ * pr->off and pr->size. ++ */ ++const unsigned char *blkid_probe_get_buffer_direct(blkid_probe pr, uint64_t off, uint64_t len) ++{ ++ const unsigned char *ret = NULL; ++ int flags, rc, olderrno; ++ ++ flags = fcntl(pr->fd, F_GETFL); ++ rc = fcntl(pr->fd, F_SETFL, flags | O_DIRECT); ++ if (rc) { ++ DBG(LOWPROBE, ul_debug("fcntl F_SETFL failed to set O_DIRECT")); ++ errno = 0; ++ return NULL; ++ } ++ ret = blkid_probe_get_buffer(pr, off, len); ++ olderrno = errno; ++ rc = fcntl(pr->fd, F_SETFL, flags); ++ if (rc) { ++ DBG(LOWPROBE, ul_debug("fcntl F_SETFL failed to clear O_DIRECT")); ++ errno = olderrno; ++ } ++ return ret; ++} ++ + /** + * blkid_probe_reset_buffers: + * @pr: prober +diff --git a/libblkid/src/superblocks/ext.c b/libblkid/src/superblocks/ext.c +index bf73896..a765cf1 100644 +--- a/libblkid/src/superblocks/ext.c ++++ b/libblkid/src/superblocks/ext.c +@@ -156,8 +156,26 @@ static struct ext2_super_block *ext_get_super( + return NULL; + if (le32_to_cpu(es->s_feature_ro_compat) & EXT4_FEATURE_RO_COMPAT_METADATA_CSUM) { + uint32_t csum = crc32c(~0, es, offsetof(struct ext2_super_block, s_checksum)); +- if (!blkid_probe_verify_csum(pr, csum, le32_to_cpu(es->s_checksum))) +- return NULL; ++ /* ++ * A read of the superblock can race with other updates to the ++ * same superblock. In the unlikely event that this occurs and ++ * we see a checksum failure, re-read the superblock with ++ * O_DIRECT to ensure that it's consistent. If it _still_ fails ++ * then declare a checksum mismatch. ++ */ ++ if (!blkid_probe_verify_csum(pr, csum, le32_to_cpu(es->s_checksum))) { ++ if (blkid_probe_reset_buffers(pr)) ++ return NULL; ++ ++ es = (struct ext2_super_block *) ++ blkid_probe_get_buffer_direct(pr, EXT_SB_OFF, sizeof(struct ext2_super_block)); ++ if (!es) ++ return NULL; ++ ++ csum = crc32c(~0, es, offsetof(struct ext2_super_block, s_checksum)); ++ if (!blkid_probe_verify_csum(pr, csum, le32_to_cpu(es->s_checksum))) ++ return NULL; ++ } + } + if (fc) + *fc = le32_to_cpu(es->s_feature_compat); +-- +2.33.0 + diff --git a/backport-setpriv.c-fix-memory-leak-in-parse_groups-function.patch b/backport-setpriv.c-fix-memory-leak-in-parse_groups-function.patch new file mode 100644 index 0000000..4e4ad4f --- /dev/null +++ b/backport-setpriv.c-fix-memory-leak-in-parse_groups-function.patch @@ -0,0 +1,37 @@ +From f5bd825b9c187000d621f65af08b23a945a6cad8 Mon Sep 17 00:00:00 2001 +From: AntonMoryakov +Date: Thu, 16 Jan 2025 19:24:20 +0300 +Subject: [PATCH] setpriv.c: fix memory leak in parse_groups function + +The static analyzer flagged a memory leak in the parse_groups function. +The memory allocated for 'buf' (via xstrdup) was not freed at the end +of the function, leading to a memory leak. + +Changes: +- Added free(buf) at the end of the function to release allocated memory. + +Triggers found by static analyzer Svace. + +Signed-off-by: Anton Moryakov +Reference:https://github.com/util-linux/util-linux/commit/f5bd825b9c187000d621f65af08b23a945a6cad8 +Conflict:NA +--- + sys-utils/setpriv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c +index 87299a10..90784554 100644 +--- a/sys-utils/setpriv.c ++++ b/sys-utils/setpriv.c +@@ -448,7 +448,7 @@ static void parse_groups(struct privctx *opts, const char *str) + while ((c = strsep(&groups, ","))) + opts->groups[i++] = get_group(c, _("Invalid supplementary group id")); + +- free(groups); ++ free(buf); + } + + static void parse_pdeathsig(struct privctx *opts, const char *str) +-- +2.33.0 + diff --git a/backport-sulogin-fix-POSIX-locale-use.patch b/backport-sulogin-fix-POSIX-locale-use.patch new file mode 100644 index 0000000..ab33f1e --- /dev/null +++ b/backport-sulogin-fix-POSIX-locale-use.patch @@ -0,0 +1,52 @@ +From aa11f9a2e163a57455255b03a03bf841cbf5be72 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 16 Jan 2025 13:14:43 +0100 +Subject: [PATCH] sulogin: fix POSIX locale use + +In some cases, sulogin can set LC_CTYPE="POSIX" while retaining the +original LC_MESSAGES. In this scenario, the gettext() function may not +work as intended and sulogin returns "???" (for example for +ja_JP.UTF-8). GNU gettext FAQ: + + This symptom occurs when the LC_CTYPE facet of the locale is not set; + then gettext() doesn't know which character set to use, and converts + all messages to ASCII, as far as possible. + +Addresses: https://issues.redhat.com/browse/RHEL-56983 +Addresses: https://github.com/util-linux/util-linux/issues/2185 +Signed-off-by: Karel Zak + +Reference:https://github.com/util-linux/util-linux/commit/aa11f9a2e163a57455255b03a03bf841cbf5be72 +Conflict:NA +--- + login-utils/sulogin.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/login-utils/sulogin.c b/login-utils/sulogin.c +index d2241396..77fc5b20 100644 +--- a/login-utils/sulogin.c ++++ b/login-utils/sulogin.c +@@ -313,6 +313,7 @@ static void tcinit(struct console *con) + } + + setlocale(LC_CTYPE, "POSIX"); ++ setlocale(LC_MESSAGES, "POSIX"); + goto setattr; + } + #if defined(IUTF8) && defined(KDGKBMODE) +@@ -327,10 +328,12 @@ static void tcinit(struct console *con) + case K_XLATE: + default: + setlocale(LC_CTYPE, "POSIX"); ++ setlocale(LC_MESSAGES, "POSIX"); + break; + } + #else + setlocale(LC_CTYPE, "POSIX"); ++ setlocale(LC_MESSAGES, "POSIX"); + #endif + reset_virtual_console(tio, flags); + setattr: +-- +2.33.0 + diff --git a/backport-sys-utils-fix-add-NULL-check-for-mnt_fs_get_target-r.patch b/backport-sys-utils-fix-add-NULL-check-for-mnt_fs_get_target-r.patch new file mode 100644 index 0000000..f498612 --- /dev/null +++ b/backport-sys-utils-fix-add-NULL-check-for-mnt_fs_get_target-r.patch @@ -0,0 +1,41 @@ +From 0fabec8c7fda554b79327d8713352e7a07539895 Mon Sep 17 00:00:00 2001 +From: AntonMoryakov +Date: Tue, 14 Jan 2025 18:06:49 +0300 +Subject: [PATCH] sys-utils: fix add NULL check for mnt_fs_get_target return + value + +The static analyzer flagged a potential issue: the return value of +mnt_fs_get_target(fs) could be NULL, but it was dereferenced without +a check. This could lead to undefined behavior. + +Added a NULL check before using the tgt pointer. If tgt is NULL, +the current iteration is skipped. + +ChanChanges: +- Added if (!tgt) check before using tgt. + +Signed-off-by: Anton Moryakov + +Reference:https://github.com/util-linux/util-linux/commit/0fabec8c7fda554b79327d8713352e7a07539895 +Conflict:NA +--- + sys-utils/lsns.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sys-utils/lsns.c b/sys-utils/lsns.c +index 500bc013..93bbd758 100644 +--- a/sys-utils/lsns.c ++++ b/sys-utils/lsns.c +@@ -1132,6 +1132,9 @@ static int nsfs_xasputs(char **str, + + const char *tgt = mnt_fs_get_target(fs); + ++ if(!tgt) ++ continue; ++ + if (!*str) + xasprintf(str, "%s", tgt); + +-- +2.33.0 + diff --git a/backport-whereis-avoid-accessing-uninitialized-memory.patch b/backport-whereis-avoid-accessing-uninitialized-memory.patch new file mode 100644 index 0000000..f6f7239 --- /dev/null +++ b/backport-whereis-avoid-accessing-uninitialized-memory.patch @@ -0,0 +1,27 @@ +From 7e06d474b17b9b74aa8e4b8a42ab394c1f80b1fd Mon Sep 17 00:00:00 2001 +From: xiovwx +Date: Thu, 23 Jan 2025 11:06:27 +0000 +Subject: [PATCH] whereis: avoid accessing uninitialized memory + +Reference:https://github.com/util-linux/util-linux/commit/7e06d474b17b9b74aa8e4b8a42ab394c1f80b1fd +Conflict:NA +--- + misc-utils/whereis.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/misc-utils/whereis.c b/misc-utils/whereis.c +index a35c1dff..b575e57a 100644 +--- a/misc-utils/whereis.c ++++ b/misc-utils/whereis.c +@@ -471,7 +471,7 @@ static void findin(const char *dir, const char *pattern, int *count, + + static void lookup(const char *pattern, struct wh_dirlist *ls, int want) + { +- char patbuf[PATH_MAX]; ++ char patbuf[PATH_MAX] = { 0 }; + int count = 0; + char *wait = NULL, *p; + +-- +2.33.0 + diff --git a/util-linux.spec b/util-linux.spec index f216b92..9c49700 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -3,7 +3,7 @@ Name: util-linux Version: 2.39.1 -Release: 18 +Release: 19 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -94,6 +94,13 @@ Patch6072: backport-cfdisk-fix-possible-integer-overflow-coverity-scan.patc Patch6073: backport-more-make-sure-we-have-data-on-stderr.patch Patch6074: backport-libblkid-apfs-validate-checksums.patch Patch6075: backport-lscpu-add-riscv-cputype-support.patch +Patch6076: backport-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch +Patch6077: backport-libblkid-fix-potential-memory-leaks.patch +Patch6078: backport-sys-utils-fix-add-NULL-check-for-mnt_fs_get_target-r.patch +Patch6079: backport-sulogin-fix-POSIX-locale-use.patch +Patch6080: backport-setpriv.c-fix-memory-leak-in-parse_groups-function.patch +Patch6081: backport-whereis-avoid-accessing-uninitialized-memory.patch +Patch6082: backport-dmesg-fix-notime-use.patch Patch9000: SKIPPED-no-root-permissions-test.patch Patch9001: util-linux-Add-sw64-architecture.patch @@ -476,6 +483,19 @@ fi %endif %changelog +* Tue Mar 25 2025 zhangyao - 2.39.1-19 +- Type: bugfix +- CVE: NA +- SUG: NA +- DESC: backport community patches + [add] backport-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch + backport-libblkid-fix-potential-memory-leaks.patch + backport-sys-utils-fix-add-NULL-check-for-mnt_fs_get_target-r.patch + backport-sulogin-fix-POSIX-locale-use.patch + backport-setpriv.c-fix-memory-leak-in-parse_groups-function.patch + backport-whereis-avoid-accessing-uninitialized-memory.patch + backport-dmesg-fix-notime-use.patch + * Wed Mar 12 2025 He, Xinzhe - 2.39.1-18 - Type: bugfix - CVE: NA -- Gitee