From 101ae82b5f2e7b57b6ed20d71e5de2425f6b7754 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Feb 07 2022 15:33:01 +0000 Subject: RHEL-9: 2.37.3-2: (rpm -V, pam_env, logger, partnames, tmpfiles.d) Resolves: #2021462 #2033622 #2000137 #2000477 #2047952 --- diff --git a/0007-sysfs-fallback-for-partitions-not-including-parent-n.patch b/0007-sysfs-fallback-for-partitions-not-including-parent-n.patch new file mode 100644 index 0000000..b9deab7 --- /dev/null +++ b/0007-sysfs-fallback-for-partitions-not-including-parent-n.patch @@ -0,0 +1,51 @@ +From 533d6957a87a52b8088ad87daf7d6dbfaececf02 Mon Sep 17 00:00:00 2001 +From: Portisch +Date: Mon, 8 Nov 2021 12:31:39 +0100 +Subject: sysfs: fallback for partitions not including parent name + +Upstream: http://github.com/util-linux/util-linux/commit/9b59641bcec3df9c451eea4c7057751a153a3fcb +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2021462 +Signed-off-by: Karel Zak +--- + lib/sysfs.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/lib/sysfs.c b/lib/sysfs.c +index bb7183319..191d870f6 100644 +--- a/lib/sysfs.c ++++ b/lib/sysfs.c +@@ -210,9 +210,10 @@ int sysfs_blkdev_is_partition_dirent(DIR *dir, struct dirent *d, const char *par + d->d_type != DT_UNKNOWN) + return 0; + #endif ++ size_t len = 0; ++ + if (parent_name) { + const char *p = parent_name; +- size_t len; + + /* /dev/sda --> "sda" */ + if (*parent_name == '/') { +@@ -223,14 +224,15 @@ int sysfs_blkdev_is_partition_dirent(DIR *dir, struct dirent *d, const char *par + } + + len = strlen(p); +- if (strlen(d->d_name) <= len) +- return 0; ++ if ((strlen(d->d_name) <= len) || (strncmp(p, d->d_name, len) != 0)) ++ len = 0; ++ } + ++ if (len > 0) { + /* partitions subdir name is + * "[:digit:]" or "p[:digit:]" + */ +- return strncmp(p, d->d_name, len) == 0 && +- ((*(d->d_name + len) == 'p' && isdigit(*(d->d_name + len + 1))) ++ return ((*(d->d_name + len) == 'p' && isdigit(*(d->d_name + len + 1))) + || isdigit(*(d->d_name + len))); + } + +-- +2.34.1 + diff --git a/0008-logger-fix-size-use-for-stdin.patch b/0008-logger-fix-size-use-for-stdin.patch new file mode 100644 index 0000000..c8ae479 --- /dev/null +++ b/0008-logger-fix-size-use-for-stdin.patch @@ -0,0 +1,61 @@ +From cac75d851c5e6ba1afb3bf55552fd10666a03ea9 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 21 Oct 2021 18:47:40 +0200 +Subject: logger: fix --size use for stdin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The stdin version counts log header into the message size, but +for example when it reads message from argv[] it counts only message +itself. + + $ logger --stderr --size 3 "abcd" + <13>Oct 21 18:48:29 kzak: abc + + $ echo "abcd" | logger --stderr --size 3 + logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory + +Upstream: http://github.com/util-linux/util-linux/commit/58e4ee082bca100034791a4a74481f263bb30a25 +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2033622 +Signed-off-by: Karel Zak +--- + misc-utils/logger.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/misc-utils/logger.c b/misc-utils/logger.c +index 5b122de79..43284caeb 100644 +--- a/misc-utils/logger.c ++++ b/misc-utils/logger.c +@@ -976,8 +976,7 @@ static void logger_stdin(struct logger_ctl *ctl) + int has_header = 1; + int default_priority = ctl->pri; + int last_pri = default_priority; +- size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr); +- char *const buf = xmalloc(max_usrmsg_size + 2 + 2); ++ char *buf = xmalloc(ctl->max_message_size + 2 + 2); + int pri; + int c; + size_t i; +@@ -1004,16 +1003,14 @@ static void logger_stdin(struct logger_ctl *ctl) + ctl->pri = default_priority; + + if (ctl->pri != last_pri) { +- has_header = 0; +- max_usrmsg_size = +- ctl->max_message_size - strlen(ctl->hdr); ++ generate_syslog_header(ctl); + last_pri = ctl->pri; + } + if (c != EOF && c != '\n') + c = getchar(); + } + +- while (c != EOF && c != '\n' && i < max_usrmsg_size) { ++ while (c != EOF && c != '\n' && i < ctl->max_message_size) { + buf[i++] = c; + c = getchar(); + } +-- +2.34.1 + diff --git a/util-linux-su.pamd b/util-linux-su.pamd index 030657f..5733201 100644 --- a/util-linux-su.pamd +++ b/util-linux-su.pamd @@ -1,4 +1,5 @@ #%PAM-1.0 +auth required pam_env.so auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid diff --git a/util-linux.spec b/util-linux.spec index 35aefdf..63a5fc6 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Summary: A collection of basic system utilities Name: util-linux Version: 2.37.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: http://en.wikipedia.org/wiki/Util-linux @@ -51,6 +51,7 @@ Source0: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v%{upstream_major}/util Source1: util-linux-login.pamd Source2: util-linux-remote.pamd Source3: util-linux-chsh-chfn.pamd +Source4: uuidd-tmpfiles.conf Source5: adjtime Source12: util-linux-su.pamd Source13: util-linux-su-l.pamd @@ -88,6 +89,9 @@ Requires: libsmartcols = %{version}-%{release} Requires: libfdisk = %{version}-%{release} Requires: util-linux-core = %{version}-%{release} + +### RHEL-9.0.0 +# # 151635 - makeing /var/log/lastlog Patch0: 0000-login-create-var-log-lastlog.patch # Add `/run/motd.d` to the hardcoded MOTD_FILE @@ -101,6 +105,10 @@ Patch4: 0004-tests-make-eject-umount-tests-more-robust.patch Patch5: 0005-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch # 2040366 - uuidd can't access lock/status file Patch6: 0006-uuidd-fix-open-lock-state-issue.patch +# 2021462 - partitons detection broken on systems not including the parent name in partition name +Patch7: 0007-sysfs-fallback-for-partitions-not-including-parent-n.patch +# 2033622 - logger from util-linux incorrectly handles long messages +Patch8: 0008-logger-fix-size-use-for-stdin.patch %description @@ -342,14 +350,13 @@ mkdir -p ${RPM_BUILD_ROOT}%{_bindir} mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,6,8,5} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{pam.d,security/console.apps} -mkdir -p ${RPM_BUILD_ROOT}/var/log -touch ${RPM_BUILD_ROOT}/var/log/lastlog -chmod 0644 ${RPM_BUILD_ROOT}/var/log/lastlog +mkdir -p ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d # install util-linux %make_install # And a dirs uuidd needs that the makefiles don't create +install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/uuidd.conf install -d ${RPM_BUILD_ROOT}/run/uuidd install -d ${RPM_BUILD_ROOT}/var/lib/libuuid @@ -432,24 +439,6 @@ find $RPM_BUILD_ROOT%{_mandir}/man8 -regextype posix-egrep \ -printf "%{_mandir}/man8/%f*\n" >> %{name}.files -%post -# only for minimal buildroots without /var/log -[ -d /var/log ] || mkdir -p /var/log -touch /var/log/lastlog -chown root:root /var/log/lastlog -chmod 0644 /var/log/lastlog -# Fix the file context, do not use restorecon -if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then - SECXT=$( /usr/sbin/matchpathcon -n /var/log/lastlog 2> /dev/null ) - if [ -n "$SECXT" ]; then - # Selinux enabled, but without policy? It's true for buildroots - # without selinux stuff on host machine with enabled selinux. - # We don't want to use any RPM dependence on selinux policy for - # matchpathcon(2). SELinux policy should be optional. - /usr/bin/chcon "$SECXT" /var/log/lastlog >/dev/null 2>&1 || : - fi -fi - %post -n util-linux-core if [ ! -L /etc/mtab ]; then ln -sf ../proc/self/mounts /etc/mtab || : @@ -516,8 +505,6 @@ fi %attr(755,root,root) %{_bindir}/login %attr(2755,root,tty) %{_bindir}/write -%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog - %{_unitdir}/fstrim.* %{_bindir}/cal @@ -876,6 +863,7 @@ fi %dir %attr(2775, uuidd, uuidd) /var/lib/libuuid %dir %attr(2775, uuidd, uuidd) /run/uuidd %{compldir}/uuidd +/usr/lib/tmpfiles.d/uuidd.conf %files -n libfdisk @@ -951,6 +939,13 @@ fi %{_libdir}/python*/site-packages/libmount/ %changelog +* Mon Feb 07 2022 Karel Zak 2.37.3-2 +- fix #2021462 - partitons detection broken on systems not including the parent name in partition name +- fix #2033622 - logger from util-linux incorrectly handles long messages +- fix #2000137 - pam_env bypassed for root user when using su +- fix #2000477 - rpm -V setup fail on /var/log/lastlog +- fix #2047952 - rpm -V / --verify reports bad user/group/mtime for /run/uuidd + * Tue Jan 25 2022 Karel Zak 2.37.3-1 - upgrade to v2.37.3 (fix CVE-2021-3996, CVE-2021-3995) - fix #2040366 - uuidd can't access lock/status file diff --git a/uuidd-tmpfiles.conf b/uuidd-tmpfiles.conf new file mode 100644 index 0000000..4158c7d --- /dev/null +++ b/uuidd-tmpfiles.conf @@ -0,0 +1 @@ +d /run/uuidd 2775 uuidd uuidd