Package: guix-patches;
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 26 Jan 2022 05:26:01 UTC
Severity: important
Tags: patch, security
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 53545 in the body.
You can then email your comments to 53545 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#53545; Package guix-patches.
(Wed, 26 Jan 2022 05:26:01 GMT) Full text and rfc822 format available.Leo Famulari <leo <at> famulari.name>:guix-patches <at> gnu.org.
(Wed, 26 Jan 2022 05:26:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: guix-patches <at> gnu.org Subject: [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996. Date: Wed, 26 Jan 2022 00:25:01 -0500
* gnu/packages/patches/util-linux-CVE-2021-3995.patch,
gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/linux.scm (util-linux)[replacement]: New field.
(util-linux/fixed): New variable.
---
gnu/local.mk | 2 +
gnu/packages/linux.scm | 15 ++
.../patches/util-linux-CVE-2021-3995.patch | 146 +++++++++++
.../patches/util-linux-CVE-2021-3996.patch | 233 ++++++++++++++++++
4 files changed, 396 insertions(+)
create mode 100644 gnu/packages/patches/util-linux-CVE-2021-3995.patch
create mode 100644 gnu/packages/patches/util-linux-CVE-2021-3996.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index dceaa53145..b7bd6910af 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1925,6 +1925,8 @@ dist_patch_DATA = \
%D%/packages/patches/upx-CVE-2021-20285.patch \
%D%/packages/patches/ustr-fix-build-with-gcc-5.patch \
%D%/packages/patches/util-linux-tests.patch \
+ %D%/packages/patches/util-linux-CVE-2021-3995.patch \
+ %D%/packages/patches/util-linux-CVE-2021-3996.patch \
%D%/packages/patches/upower-builddir.patch \
%D%/packages/patches/valgrind-enable-arm.patch \
%D%/packages/patches/vboot-utils-fix-format-load-address.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index c044f2543d..4fb44c4520 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1820,6 +1820,7 @@ (define-public psmisc
(define-public util-linux
(package
(name "util-linux")
+ (replacement util-linux/fixed)
(version "2.37.2")
(source (origin
(method url-fetch)
@@ -1971,6 +1972,20 @@ (define-public util-linux+udev
`(("udev" ,eudev)
,@(package-inputs util-linux)))))
+;; This is mostly equivalent to the upstream release version v2.37.3, except
+;; that the upstream tarball was generated improperly, which breaks the build.
+;; There will not be a v2.37.3-fixed release or anything like that to fix it:
+;; https://github.com/util-linux/util-linux/issues/1577
+(define-public util-linux/fixed
+ (hidden-package
+ (package
+ (inherit util-linux)
+ (source (origin
+ (inherit (package-source util-linux))
+ (patches (append (search-patches "util-linux-CVE-2021-3995.patch")
+ (search-patches "util-linux-CVE-2021-3996.patch")
+ (origin-patches (package-source util-linux)))))))))
+
(define-public ddate
(package
(name "ddate")
diff --git a/gnu/packages/patches/util-linux-CVE-2021-3995.patch b/gnu/packages/patches/util-linux-CVE-2021-3995.patch
new file mode 100644
index 0000000000..7faea83801
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2021-3995.patch
@@ -0,0 +1,146 @@
+Fix CVE-2021-3995:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
+https://seclists.org/oss-sec/2022/q1/66
+
+Patch copied from upstream source repository:
+
+https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929
+
+From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak <at> redhat.com>
+Date: Wed, 24 Nov 2021 13:53:25 +0100
+Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995]
+
+Improper UID check allows an unprivileged user to unmount FUSE
+filesystems of users with similar UID.
+
+Signed-off-by: Karel Zak <kzak <at> redhat.com>
+---
+ include/strutils.h | 2 +-
+ libmount/src/context_umount.c | 14 +++---------
+ libmount/src/mountP.h | 1 +
+ libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++
+ 4 files changed, 47 insertions(+), 12 deletions(-)
+
+diff --git a/include/strutils.h b/include/strutils.h
+index 6e95707ea..a84d29594 100644
+--- a/include/strutils.h
++++ b/include/strutils.h
+@@ -106,8 +106,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma
+ if (n + 1 > nmax)
+ n = nmax - 1;
+
++ memset(dest, '\0', nmax);
+ memcpy(dest, src, n);
+- dest[nmax-1] = '\0';
+ return dest;
+ }
+
+diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
+index 173637a15..8773c65ff 100644
+--- a/libmount/src/context_umount.c
++++ b/libmount/src/context_umount.c
+@@ -453,10 +453,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ struct libmnt_ns *ns_old;
+ const char *type = mnt_fs_get_fstype(cxt->fs);
+ const char *optstr;
+- char *user_id = NULL;
+- size_t sz;
+- uid_t uid;
+- char uidstr[sizeof(stringify_value(ULONG_MAX))];
++ uid_t uid, entry_uid;
+
+ *errsv = 0;
+
+@@ -473,11 +470,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ optstr = mnt_fs_get_fs_options(cxt->fs);
+ if (!optstr)
+ return 0;
+-
+- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0)
+- return 0;
+-
+- if (sz == 0 || user_id == NULL)
++ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0)
+ return 0;
+
+ /* get current user */
+@@ -494,8 +487,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ return 0;
+ }
+
+- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid);
+- return strncmp(user_id, uidstr, sz) == 0;
++ return uid == entry_uid;
+ }
+
+ /*
+diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
+index d43a83541..22442ec55 100644
+--- a/libmount/src/mountP.h
++++ b/libmount/src/mountP.h
+@@ -399,6 +399,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry(
+ const struct libmnt_optmap **mapent);
+
+ /* optstr.c */
++extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid);
+ extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end);
+ extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next);
+ extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next);
+diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c
+index 921b9318e..16800f571 100644
+--- a/libmount/src/optstr.c
++++ b/libmount/src/optstr.c
+@@ -1076,6 +1076,48 @@ int mnt_optstr_fix_user(char **optstr)
+ return rc;
+ }
+
++/*
++ * Converts value from @optstr addressed by @name to uid.
++ *
++ * Returns: 0 on success, 1 if not found, <0 on error
++ */
++int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid)
++{
++ char *value = NULL;
++ size_t valsz = 0;
++ char buf[sizeof(stringify_value(UINT64_MAX))];
++ int rc;
++ uint64_t num;
++
++ assert(optstr);
++ assert(name);
++ assert(uid);
++
++ rc = mnt_optstr_get_option(optstr, name, &value, &valsz);
++ if (rc != 0)
++ goto fail;
++
++ if (valsz > sizeof(buf) - 1) {
++ rc = -ERANGE;
++ goto fail;
++ }
++ mem2strcpy(buf, value, valsz, sizeof(buf));
++
++ rc = ul_strtou64(buf, &num, 10);
++ if (rc != 0)
++ goto fail;
++ if (num > ULONG_MAX || (uid_t) num != num) {
++ rc = -ERANGE;
++ goto fail;
++ }
++ *uid = (uid_t) num;
++
++ return 0;
++fail:
++ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc));
++ return rc;
++}
++
+ /**
+ * mnt_match_options:
+ * @optstr: options string
+--
+2.34.0
+
diff --git a/gnu/packages/patches/util-linux-CVE-2021-3996.patch b/gnu/packages/patches/util-linux-CVE-2021-3996.patch
new file mode 100644
index 0000000000..59edf5c7cf
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2021-3996.patch
@@ -0,0 +1,233 @@
+Fix CVE-2021-3996:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
+https://seclists.org/oss-sec/2022/q1/66
+
+Patch copied from upstream source repository:
+
+https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b
+
+From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak <at> redhat.com>
+Date: Tue, 4 Jan 2022 10:54:20 +0100
+Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996]
+
+This issue is related to parsing the /proc/self/mountinfo file allows an
+unprivileged user to unmount other user's filesystems that are either
+world-writable themselves or mounted in a world-writable directory.
+
+The support for "(deleted)" is no more necessary as the Linux kernel does
+not use it in /proc/self/mountinfo and /proc/self/mount files anymore.
+
+Signed-off-by: Karel Zak <kzak <at> redhat.com>
+---
+ libmount/src/tab_parse.c | 5 -----
+ tests/expected/findmnt/filter-options | 1 -
+ tests/expected/findmnt/filter-options-nameval-neg | 3 +--
+ tests/expected/findmnt/filter-types-neg | 1 -
+ tests/expected/findmnt/outputs-default | 3 +--
+ tests/expected/findmnt/outputs-force-tree | 3 +--
+ tests/expected/findmnt/outputs-kernel | 3 +--
+ tests/expected/libmount/tabdiff-mount | 1 -
+ tests/expected/libmount/tabdiff-move | 1 -
+ tests/expected/libmount/tabdiff-remount | 1 -
+ tests/expected/libmount/tabdiff-umount | 1 -
+ tests/expected/libmount/tabfiles-parse-mountinfo | 11 -----------
+ tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 -----------
+ tests/ts/findmnt/files/mountinfo | 1 -
+ tests/ts/findmnt/files/mountinfo-nonroot | 1 -
+ tests/ts/libmount/files/mountinfo | 1 -
+ 16 files changed, 4 insertions(+), 44 deletions(-)
+
+diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
+index 917779ab6..4407f9c9c 100644
+--- a/libmount/src/tab_parse.c
++++ b/libmount/src/tab_parse.c
+@@ -227,11 +227,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s)
+ goto fail;
+ }
+
+- /* remove "\040(deleted)" suffix */
+- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX);
+- if (p && *p)
+- *p = '\0';
+-
+ s = skip_separator(s);
+
+ /* (6) vfs options (fs-independent) */
+diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options
+index 2606bce76..97b0ead0a 100644
+--- a/tests/expected/findmnt/filter-options
++++ b/tests/expected/findmnt/filter-options
+@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
+ /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+ /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-/mnt/foo /fooooo bar rw,relatime
+ rc=0
+diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg
+index 5471d65af..f0467ef75 100644
+--- a/tests/expected/findmnt/filter-options-nameval-neg
++++ b/tests/expected/findmnt/filter-options-nameval-neg
+@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg
+index 2606bce76..97b0ead0a 100644
+--- a/tests/expected/findmnt/filter-types-neg
++++ b/tests/expected/findmnt/filter-types-neg
+@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
+ /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+ /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-/mnt/foo /fooooo bar rw,relatime
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-default
++++ b/tests/expected/findmnt/outputs-default
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-force-tree
++++ b/tests/expected/findmnt/outputs-force-tree
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-kernel
++++ b/tests/expected/findmnt/outputs-kernel
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount
+index 420aeacd5..3c18f8dc4 100644
+--- a/tests/expected/libmount/tabdiff-mount
++++ b/tests/expected/libmount/tabdiff-mount
+@@ -1,3 +1,2 @@
+ /dev/mapper/kzak-home on /home/kzak: MOUNTED
+-/fooooo on /mnt/foo: MOUNTED
+ tmpfs on /mnt/test/foo
bar: MOUNTED
+diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move
+index 24f9bc791..95820d93e 100644
+--- a/tests/expected/libmount/tabdiff-move
++++ b/tests/expected/libmount/tabdiff-move
+@@ -1,3 +1,2 @@
+ //foo.home/bar/ on /mnt/music: MOVED to /mnt/music
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo
bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount
+index 82ebeab39..876bfd953 100644
+--- a/tests/expected/libmount/tabdiff-remount
++++ b/tests/expected/libmount/tabdiff-remount
+@@ -1,4 +1,3 @@
+ /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered'
+ //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344'
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo
bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount
+index a3e0fe48a..c7be725b9 100644
+--- a/tests/expected/libmount/tabdiff-umount
++++ b/tests/expected/libmount/tabdiff-umount
+@@ -1,3 +1,2 @@
+ /dev/mapper/kzak-home on /home/kzak: UMOUNTED
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo
bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo
+index 47eb77006..d5ba5248e 100644
+--- a/tests/expected/libmount/tabfiles-parse-mountinfo
++++ b/tests/expected/libmount/tabfiles-parse-mountinfo
+@@ -351,17 +351,6 @@ id: 47
+ parent: 20
+ devno: 0:38
+ ------ fs:
+-source: /fooooo
+-target: /mnt/foo
+-fstype: bar
+-optstr: rw,relatime
+-VFS-optstr: rw,relatime
+-FS-opstr: rw
+-root: /
+-id: 48
+-parent: 20
+-devno: 0:39
+------- fs:
+ source: tmpfs
+ target: /mnt/test/foo
bar
+ fstype: tmpfs
+diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo
+index 47eb77006..d5ba5248e 100644
+--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo
++++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo
+@@ -351,17 +351,6 @@ id: 47
+ parent: 20
+ devno: 0:38
+ ------ fs:
+-source: /fooooo
+-target: /mnt/foo
+-fstype: bar
+-optstr: rw,relatime
+-VFS-optstr: rw,relatime
+-FS-opstr: rw
+-root: /
+-id: 48
+-parent: 20
+-devno: 0:39
+------- fs:
+ source: tmpfs
+ target: /mnt/test/foo
bar
+ fstype: tmpfs
+diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo
+index 475ea1a33..ff1e664a8 100644
+--- a/tests/ts/findmnt/files/mountinfo
++++ b/tests/ts/findmnt/files/mountinfo
+@@ -30,4 +30,3 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
+diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot
+index e15b46701..87b421d2e 100644
+--- a/tests/ts/findmnt/files/mountinfo-nonroot
++++ b/tests/ts/findmnt/files/mountinfo-nonroot
+@@ -29,4 +29,3 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
+diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo
+index c06307183..2b0174048 100644
+--- a/tests/ts/libmount/files/mountinfo
++++ b/tests/ts/libmount/files/mountinfo
+@@ -30,5 +30,4 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
+ 49 20 0:56 / /mnt/test/foo
bar rw,relatime shared:323 - tmpfs tmpfs rw
+--
+2.34.0
+
--
2.34.0
guix-patches <at> gnu.org:bug#53545; Package guix-patches.
(Wed, 26 Jan 2022 11:24:02 GMT) Full text and rfc822 format available.Message #8 received at 53545 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: Leo Famulari <leo <at> famulari.name> Cc: 53545 <at> debbugs.gnu.org Subject: Re: bug#53545: [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996. Date: Wed, 26 Jan 2022 12:22:57 +0100
Hi Leo, Leo Famulari <leo <at> famulari.name> skribis: > * gnu/packages/patches/util-linux-CVE-2021-3995.patch, > gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. > * gnu/packages/linux.scm (util-linux)[replacement]: New field. > (util-linux/fixed): New variable. [...] > + (source (origin > + (inherit (package-source util-linux)) > + (patches (append (search-patches "util-linux-CVE-2021-3995.patch") > + (search-patches "util-linux-CVE-2021-3996.patch") You can have (search-patches patch1 patch2). Otherwise LGTM, thanks a lot for the quick fix! Ludo’.
Ludovic Courtès <ludo <at> gnu.org>
to control <at> debbugs.gnu.org.
(Wed, 26 Jan 2022 11:24:02 GMT) Full text and rfc822 format available.Ludovic Courtès <ludo <at> gnu.org>
to control <at> debbugs.gnu.org.
(Wed, 26 Jan 2022 11:24:02 GMT) Full text and rfc822 format available.Leo Famulari <leo <at> famulari.name>:Leo Famulari <leo <at> famulari.name>:Message #17 received at 53545-done <at> debbugs.gnu.org (full text, mbox):
From: Leo Famulari <leo <at> famulari.name> To: Ludovic Courtès <ludo <at> gnu.org> Cc: 53545-done <at> debbugs.gnu.org Subject: Re: bug#53545: [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996. Date: Wed, 26 Jan 2022 13:03:14 -0500
On Wed, Jan 26, 2022 at 12:22:57PM +0100, Ludovic Courtès wrote: > Leo Famulari <leo <at> famulari.name> skribis: > > + (patches (append (search-patches "util-linux-CVE-2021-3995.patch") > > + (search-patches "util-linux-CVE-2021-3996.patch") > > You can have (search-patches patch1 patch2). Ah, right! I'm rusty. > Otherwise LGTM, thanks a lot for the quick fix! Pushed as 16ce73d87f664b2a539c2264671fddc2077f6ecc. Thanks for the review!
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Thu, 24 Feb 2022 12:24:07 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.