2.24.2-2: CVE-2014-9114

.gitignore

@@ -31,62 +31,3 @@
 /util-linux-2.24.tar.xz
 /util-linux-2.24.1.tar.xz
 /util-linux-2.24.2.tar.xz
-/util-linux-2.25-rc1.tar.xz
-/util-linux-2.25-rc2.tar.xz
-/util-linux-2.25.tar.xz
-/util-linux-2.25.1-rc1.tar.xz
-/util-linux-2.25.1.tar.xz
-/util-linux-2.25.2.tar.xz
-/util-linux-2.26-rc1.tar.xz
-/util-linux-2.26-rc2.tar.xz
-/util-linux-2.26.tar.xz
-/util-linux-2.26.2.tar.xz
-/util-linux-2.27-rc1.tar.xz
-/util-linux-2.27-rc2.tar.xz
-/util-linux-2.27.tar.xz
-/util-linux-2.27.1.tar.xz
-/util-linux-2.28-rc1.tar.xz
-/util-linux-2.28-rc2.tar.xz
-/util-linux-2.28.tar.xz
-/util-linux-2.28.1.tar.xz
-/util-linux-2.28.2.tar.xz
-/util-linux-2.29-rc1.tar.xz
-/util-linux-2.29-rc2.tar.xz
-/util-linux-2.29.tar.xz
-/util-linux-2.29.1.tar.xz
-/util-linux-2.29.2.tar.xz
-/util-linux-2.30-rc1.tar.xz
-/util-linux-2.30.tar.xz
-/util-linux-2.30.1.tar.xz
-/util-linux-2.30.2.tar.xz
-/util-linux-2.31-rc1.tar.xz
-/util-linux-2.31-rc2.tar.xz
-/util-linux-2.31.tar.xz
-/util-linux-2.32-rc1.tar.xz
-/util-linux-2.32.tar.xz
-/util-linux-2.32.1.tar.xz
-/util-linux-2.33-rc2.tar.xz
-/util-linux-2.33.1.tar.xz
-/util-linux-2.33.2.tar.xz
-/util-linux-2.34-rc1.tar.xz
-/util-linux-2.34-rc2.tar.xz
-/util-linux-2.34.tar.xz
-/util-linux-2.35-rc1.tar.xz
-/util-linux-2.35-rc1-20-63f8.tar.xz
-/util-linux-2.35-rc2.tar.xz
-/util-linux-2.35.tar.xz
-/util-linux-2.35.1.tar.xz
-/util-linux-2.35.2.tar.xz
-/util-linux-2.36.tar.xz
-/util-linux-2.36.1.tar.xz
-/util-linux-2.36.2.tar.xz
-/util-linux-2.37-rc2.tar.xz
-/util-linux-2.37.tar.xz
-/util-linux-2.37.2.tar.xz
-/util-linux-2.38-rc1.tar.xz
-/util-linux-2.38-rc3.tar.xz
-/util-linux-2.38.tar.xz
-/util-linux-2.38.1.tar.xz
-/util-linux-2.39-rc1.tar.xz
-/util-linux-2.39-rc2.tar.xz
-/util-linux-2.39-rc3.tar.xz

2.23-login-lastlog-create.patch

@@ -0,0 +1,11 @@
+diff -up util-linux-2.23.2/login-utils/login.c.kzak util-linux-2.23.2/login-utils/login.c
+--- util-linux-2.23.2/login-utils/login.c.kzak	2013-07-30 10:39:26.222738397 +0200
++++ util-linux-2.23.2/login-utils/login.c	2013-09-09 09:01:39.923225757 +0200
+@@ -502,7 +502,7 @@ static void log_lastlog(struct login_con
+	if (!cxt->pwd)
+		return;
+
+-	fd = open(_PATH_LASTLOG, O_RDWR, 0);
++	fd = open(_PATH_LASTLOG, O_RDWR | O_CREAT, 0);
+	if (fd < 0)
+		return;

2.26-libblkid-escape.patch

@@ -0,0 +1,126 @@
+diff -up util-linux-2.24.2/libblkid/src/read.c.kzak util-linux-2.24.2/libblkid/src/read.c
+--- util-linux-2.24.2/libblkid/src/read.c.kzak	2014-11-27 14:46:24.073912962 +0100
++++ util-linux-2.24.2/libblkid/src/read.c	2014-11-27 14:49:42.718210261 +0100
+@@ -252,15 +252,30 @@ static int parse_token(char **name, char
+ 	*value = skip_over_blank(*value + 1);
+ 
+ 	if (**value == '"') {
+-		end = strchr(*value + 1, '"');
+-		if (!end) {
++		char *p = end = *value + 1;
++
++		/* convert 'foo\"bar'  to 'foo"bar' */
++		while (*p) {
++			if (*p == '\\') {
++				p++;
++				*end = *p;
++			} else {
++				*end = *p;
++				if (*p == '"')
++					break;
++			}
++			p++;
++			end++;
++		}
++
++		if (*end != '"') {
+ 			DBG(READ, blkid_debug("unbalanced quotes at: %s", *value));
+ 			*cp = *value;
+ 			return -BLKID_ERR_CACHE;
+ 		}
+ 		(*value)++;
+ 		*end = '\0';
+-		end++;
++		end = ++p;
+ 	} else {
+ 		end = skip_over_word(*value);
+ 		if (*end) {
+diff -up util-linux-2.24.2/libblkid/src/save.c.kzak util-linux-2.24.2/libblkid/src/save.c
+--- util-linux-2.24.2/libblkid/src/save.c.kzak	2014-04-24 09:37:04.356704228 +0200
++++ util-linux-2.24.2/libblkid/src/save.c	2014-11-27 14:46:24.074912973 +0100
+@@ -26,6 +26,21 @@
+ 
+ #include "blkidP.h"
+ 
++
++static void save_quoted(const char *data, FILE *file)
++{
++	const char *p;
++
++	fputc('"', file);
++	for (p = data; p && *p; p++) {
++		if ((unsigned char) *p == 0x22 ||		/* " */
++		    (unsigned char) *p == 0x5c)			/* \ */
++			fputc('\\', file);
++
++		fputc(*p, file);
++	}
++	fputc('"', file);
++}
+ static int save_dev(blkid_dev dev, FILE *file)
+ {
+ 	struct list_head *p;
+@@ -43,9 +58,14 @@ static int save_dev(blkid_dev dev, FILE
+ 
+ 	if (dev->bid_pri)
+ 		fprintf(file, " PRI=\"%d\"", dev->bid_pri);
++
+ 	list_for_each(p, &dev->bid_tags) {
+ 		blkid_tag tag = list_entry(p, struct blkid_struct_tag, bit_tags);
+-		fprintf(file, " %s=\"%s\"", tag->bit_name,tag->bit_val);
++
++		fputc(' ', file);			/* space between tags */
++		fputs(tag->bit_name, file);		/* tag NAME */
++		fputc('=', file);			/* separator between NAME and VALUE */
++		save_quoted(tag->bit_val, file);	/* tag "VALUE" */
+ 	}
+ 	fprintf(file, ">%s</device>\n", dev->bid_name);
+ 
+diff -up util-linux-2.24.2/lib/tt.c.kzak util-linux-2.24.2/lib/tt.c
+--- util-linux-2.24.2/lib/tt.c.kzak	2014-11-27 14:55:40.144349070 +0100
++++ util-linux-2.24.2/lib/tt.c	2014-11-27 14:56:02.254605467 +0100
+@@ -680,6 +680,8 @@ void tt_fputs_quoted(const char *data, F
+ 	for (p = data; p && *p; p++) {
+ 		if ((unsigned char) *p == 0x22 ||		/* " */
+ 		    (unsigned char) *p == 0x5c ||		/* \ */
++		    (unsigned char) *p == 0x60 ||		/* ` */
++		    (unsigned char) *p == 0x24 ||		/* $ */
+ 		    !isprint((unsigned char) *p) ||
+ 		    iscntrl((unsigned char) *p)) {
+ 
+diff -up util-linux-2.24.2/misc-utils/blkid.8.kzak util-linux-2.24.2/misc-utils/blkid.8
+--- util-linux-2.24.2/misc-utils/blkid.8.kzak	2013-09-18 15:50:12.690263681 +0200
++++ util-linux-2.24.2/misc-utils/blkid.8	2014-11-27 14:46:24.074912973 +0100
+@@ -193,7 +193,10 @@ partitions.  This output format is \fBDE
+ .TP
+ .B export
+ print key=value pairs for easy import into the environment; this output format
+-is automatically enabled when I/O Limits (\fB-i\fR option) are requested
++is automatically enabled when I/O Limits (\fB-i\fR option) are requested.
++
++The non-printing characters are encoded by ^ and M- notation and all
++potentially unsafe characters are escaped.
+ .RE
+ .TP
+ .BI \-O " offset"
+diff -up util-linux-2.24.2/misc-utils/blkid.c.kzak util-linux-2.24.2/misc-utils/blkid.c
+--- util-linux-2.24.2/misc-utils/blkid.c.kzak	2014-04-24 09:37:04.369704437 +0200
++++ util-linux-2.24.2/misc-utils/blkid.c	2014-11-27 14:52:03.869842664 +0100
+@@ -306,7 +306,7 @@ static void print_value(int output, int
+ 			printf("DEVNAME=%s\n", devname);
+ 		fputs(name, stdout);
+ 		fputs("=", stdout);
+-		safe_print(value, valsz, NULL);
++		safe_print(value, valsz, " \\\"'$`<>");
+ 		fputs("\n", stdout);
+ 
+ 	} else {
+@@ -314,7 +314,7 @@ static void print_value(int output, int
+ 			printf("%s: ", devname);
+ 		fputs(name, stdout);
+ 		fputs("=\"", stdout);
+-		safe_print(value, valsz, "\"");
++		safe_print(value, valsz, "\"\\");
+ 		fputs("\" ", stdout);
+ 	}
+ }

STAGE1-util-linux

@@ -1,12 +0,0 @@
-srpm util-linux
-mcd $BUILDDIR/$1
-cat <<EOF > config.cache
-ax_cv_have_tls=yes
-scanf_cv_alloc_modifier=ms
-EOF
-$SRC/${1}-*/configure $TCONFIGARGS --without-ncurses --without-tinfo \
-   --prefix=/usr --libexecdir=/usr/lib${SUFFIX} --libdir=/usr/lib${SUFFIX} \
-   --disable-wall --cache-file=config.cache --without-python --without-systemd
-notparallel
-make $J V=1
-make $J install DESTDIR=${ROOTFS}

adjtime

@@ -1,2 +0,0 @@
-0.0 0 0.0
-0

login-default-motd-file.patch

@@ -1,13 +0,0 @@
-diff --git a/include/pathnames.h b/include/pathnames.h
-index 3845d4c33..fac3a0783 100644
---- a/include/pathnames.h
-+++ b/include/pathnames.h
-@@ -41,7 +41,7 @@
- #ifndef _PATH_MAILDIR
- # define _PATH_MAILDIR		"/var/spool/mail"
- #endif
--#define	_PATH_MOTDFILE		"/usr/share/misc/motd:/run/motd:/etc/motd"
-+#define	_PATH_MOTDFILE		"/usr/share/misc/motd:/run/motd:/run/motd.d:/etc/motd:/etc/motd.d"
- #ifndef _PATH_NOLOGIN
- # define _PATH_NOLOGIN		"/etc/nologin"
- #endif

login-lastlog-create.patch

@@ -1,12 +0,0 @@
-diff -up util-linux-2.36/login-utils/login.c.kzak util-linux-2.36/login-utils/login.c
---- util-linux-2.36/login-utils/login.c.kzak	2020-07-23 14:13:26.777030764 +0200
-+++ util-linux-2.36/login-utils/login.c	2020-07-23 14:11:22.793686983 +0200
-@@ -585,7 +585,7 @@ static void log_lastlog(struct login_con
- 	sa.sa_handler = SIG_IGN;
- 	sigaction(SIGXFSZ, &sa, &oldsa_xfsz);
- 
--	fd = open(_PATH_LASTLOG, O_RDWR, 0);
-+	fd = open(_PATH_LASTLOG, O_RDWR | O_CREAT, 0);
- 	if (fd < 0)
- 		goto done;
- 	offset = cxt->pwd->pw_uid * sizeof(ll);

sources

@@ -1 +1 @@
-SHA512 (util-linux-2.39-rc3.tar.xz) = 8a93d32a5ceb38d50a4b2c8bfa48bcab7ec9b758c89b5a1a4f7fd74558dce37385bd7ea203345148d4389de4ea60ec42058f9d7889a8075d3e616773d085427e
+3f191727a0d28f7204b755cf1b6ea0aa  util-linux-2.24.2.tar.xz

tests/tests.yml

@@ -1,13 +0,0 @@
-# Test which run in classic and docker environemnt
-- hosts: localhost
-  tags:
-  - classic
-  - container
-  - atomic
-  roles:
-  - role: standard-test-beakerlib
-    tests:
-    - various
-    required_packages:
-    - util-linux
-    - util-linux-user

tests/various/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/util-linux/various
-#   Description: This test groups small sanity and regression tests for util-linux
-#   Author: Miroslav Vadkerti <mvadkert@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/util-linux/Sanity/various
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Miroslav Vadkerti <mvadkert@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     This test groups small sanity and regression tests for util-linux" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        10m" >> $(METADATA)
-	@echo "RunFor:          util-linux" >> $(METADATA)
-	@echo "Requires:        util-linux util-linux-user" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL3 -RHEL4 -RHEL5Server -RHEL5Client -RHEL6" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/various/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/util-linux/various
-Description: This test groups small sanity and regression tests for util-linux
-Author: Miroslav Vadkerti <mvadkert@redhat.com>

tests/various/runtest.sh

@@ -1,52 +0,0 @@
-#!/bin/bash
-# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/util-linux/various
-#   Description: This test groups small sanity and regression tests for util-linux
-#   Author: Miroslav Vadkerti <mvadkert@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
-#
-#   This copyrighted material is made available to anyone wishing
-#   to use, modify, copy, or redistribute it subject to the terms
-#   and conditions of the GNU General Public License version 2.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE. See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public
-#   License along with this program; if not, write to the Free
-#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-#   Boston, MA 02110-1301, USA.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-#. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="util-linux"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-    rlPhaseEnd
-
-    rlPhaseStartTest "return code of chfn should be always 1 in case failure"
-        rlRun "chfn -f a:b" 1
-        rlRun "chfn -o a:b" 1
-        rlRun "chfn -p a:b" 1
-        rlRun "chfn -h a:b" 1
-        rlRun "chfn -x a:b" 1
-        rlRun "chfn -f a -o b -p c -h d unknown-user" 1
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

util-linux-60-raw.rules

@@ -0,0 +1,8 @@
+#
+# Enter raw device bindings here.
+#
+# An example would be:
+#   ACTION=="add", KERNEL=="sda", RUN+="/usr/bin/raw /dev/raw/raw1 %N"
+# to bind /dev/raw/raw1 to /dev/sda, or
+#   ACTION=="add", ENV{MAJOR}=="8", ENV{MINOR}=="1", RUN+="/usr/bin/raw /dev/raw/raw2 %M %m"
+# to bind /dev/raw/raw2 to the device with major 8, minor 1.

util-linux-login.pamd

@@ -1,4 +1,5 @@
 #%PAM-1.0
+auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
 auth       substack     system-auth
 auth       include      postlogin
 account    required     pam_nologin.so
@@ -7,6 +8,7 @@ password   include      system-auth
 # pam_selinux.so close should be the first session rule
 session    required     pam_selinux.so close
 session    required     pam_loginuid.so
+session    optional     pam_console.so
 # pam_selinux.so open should only be followed by sessions to be executed in the user context
 session    required     pam_selinux.so open
 session    required     pam_namespace.so

util-linux-remote.pamd

@@ -1,4 +1,5 @@
 #%PAM-1.0
+auth       required     pam_securetty.so
 auth       substack     password-auth
 auth       include      postlogin
 account    required     pam_nologin.so

uuidd-tmpfiles.conf

@@ -1 +0,0 @@
-d /run/uuidd 2775 uuidd uuidd