From: Leo Famulari <leo@famulari.name>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.
Date: Wed, 26 Jan 2022 00:25:01 -0500
| Package | Source(s) | Maintainer(s) | |
|---|---|---|---|
| guix-patches | PTS Buildd Popcon |
Report forwarded
to guix-patches@gnu.org:
bug#53545; Package guix-patches.
(Wed, 26 Jan 2022 05:26:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Leo Famulari <leo@famulari.name>:
New bug report received and forwarded. Copy sent to guix-patches@gnu.org.
(Wed, 26 Jan 2022 05:26:01 GMT) (full text, mbox, link).
Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):
* gnu/packages/patches/util-linux-CVE-2021-3995.patch,
gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/linux.scm (util-linux)[replacement]: New field.
(util-linux/fixed): New variable.
---
gnu/local.mk | 2 +
gnu/packages/linux.scm | 15 ++
.../patches/util-linux-CVE-2021-3995.patch | 146 +++++++++++
.../patches/util-linux-CVE-2021-3996.patch | 233 ++++++++++++++++++
4 files changed, 396 insertions(+)
create mode 100644 gnu/packages/patches/util-linux-CVE-2021-3995.patch
create mode 100644 gnu/packages/patches/util-linux-CVE-2021-3996.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index dceaa53145..b7bd6910af 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1925,6 +1925,8 @@ dist_patch_DATA = \
%D%/packages/patches/upx-CVE-2021-20285.patch \
%D%/packages/patches/ustr-fix-build-with-gcc-5.patch \
%D%/packages/patches/util-linux-tests.patch \
+ %D%/packages/patches/util-linux-CVE-2021-3995.patch \
+ %D%/packages/patches/util-linux-CVE-2021-3996.patch \
%D%/packages/patches/upower-builddir.patch \
%D%/packages/patches/valgrind-enable-arm.patch \
%D%/packages/patches/vboot-utils-fix-format-load-address.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index c044f2543d..4fb44c4520 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1820,6 +1820,7 @@ (define-public psmisc
(define-public util-linux
(package
(name "util-linux")
+ (replacement util-linux/fixed)
(version "2.37.2")
(source (origin
(method url-fetch)
@@ -1971,6 +1972,20 @@ (define-public util-linux+udev
`(("udev" ,eudev)
,@(package-inputs util-linux)))))
+;; This is mostly equivalent to the upstream release version v2.37.3, except
+;; that the upstream tarball was generated improperly, which breaks the build.
+;; There will not be a v2.37.3-fixed release or anything like that to fix it:
+;; https://github.com/util-linux/util-linux/issues/1577
+(define-public util-linux/fixed
+ (hidden-package
+ (package
+ (inherit util-linux)
+ (source (origin
+ (inherit (package-source util-linux))
+ (patches (append (search-patches "util-linux-CVE-2021-3995.patch")
+ (search-patches "util-linux-CVE-2021-3996.patch")
+ (origin-patches (package-source util-linux)))))))))
+
(define-public ddate
(package
(name "ddate")
diff --git a/gnu/packages/patches/util-linux-CVE-2021-3995.patch b/gnu/packages/patches/util-linux-CVE-2021-3995.patch
new file mode 100644
index 0000000000..7faea83801
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2021-3995.patch
@@ -0,0 +1,146 @@
+Fix CVE-2021-3995:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
+https://seclists.org/oss-sec/2022/q1/66
+
+Patch copied from upstream source repository:
+
+https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929
+
+From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 24 Nov 2021 13:53:25 +0100
+Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995]
+
+Improper UID check allows an unprivileged user to unmount FUSE
+filesystems of users with similar UID.
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ include/strutils.h | 2 +-
+ libmount/src/context_umount.c | 14 +++---------
+ libmount/src/mountP.h | 1 +
+ libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++
+ 4 files changed, 47 insertions(+), 12 deletions(-)
+
+diff --git a/include/strutils.h b/include/strutils.h
+index 6e95707ea..a84d29594 100644
+--- a/include/strutils.h
++++ b/include/strutils.h
+@@ -106,8 +106,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma
+ if (n + 1 > nmax)
+ n = nmax - 1;
+
++ memset(dest, '\0', nmax);
+ memcpy(dest, src, n);
+- dest[nmax-1] = '\0';
+ return dest;
+ }
+
+diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
+index 173637a15..8773c65ff 100644
+--- a/libmount/src/context_umount.c
++++ b/libmount/src/context_umount.c
+@@ -453,10 +453,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ struct libmnt_ns *ns_old;
+ const char *type = mnt_fs_get_fstype(cxt->fs);
+ const char *optstr;
+- char *user_id = NULL;
+- size_t sz;
+- uid_t uid;
+- char uidstr[sizeof(stringify_value(ULONG_MAX))];
++ uid_t uid, entry_uid;
+
+ *errsv = 0;
+
+@@ -473,11 +470,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ optstr = mnt_fs_get_fs_options(cxt->fs);
+ if (!optstr)
+ return 0;
+-
+- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0)
+- return 0;
+-
+- if (sz == 0 || user_id == NULL)
++ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0)
+ return 0;
+
+ /* get current user */
+@@ -494,8 +487,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ return 0;
+ }
+
+- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid);
+- return strncmp(user_id, uidstr, sz) == 0;
++ return uid == entry_uid;
+ }
+
+ /*
+diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
+index d43a83541..22442ec55 100644
+--- a/libmount/src/mountP.h
++++ b/libmount/src/mountP.h
+@@ -399,6 +399,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry(
+ const struct libmnt_optmap **mapent);
+
+ /* optstr.c */
++extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid);
+ extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end);
+ extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next);
+ extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next);
+diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c
+index 921b9318e..16800f571 100644
+--- a/libmount/src/optstr.c
++++ b/libmount/src/optstr.c
+@@ -1076,6 +1076,48 @@ int mnt_optstr_fix_user(char **optstr)
+ return rc;
+ }
+
++/*
++ * Converts value from @optstr addressed by @name to uid.
++ *
++ * Returns: 0 on success, 1 if not found, <0 on error
++ */
++int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid)
++{
++ char *value = NULL;
++ size_t valsz = 0;
++ char buf[sizeof(stringify_value(UINT64_MAX))];
++ int rc;
++ uint64_t num;
++
++ assert(optstr);
++ assert(name);
++ assert(uid);
++
++ rc = mnt_optstr_get_option(optstr, name, &value, &valsz);
++ if (rc != 0)
++ goto fail;
++
++ if (valsz > sizeof(buf) - 1) {
++ rc = -ERANGE;
++ goto fail;
++ }
++ mem2strcpy(buf, value, valsz, sizeof(buf));
++
++ rc = ul_strtou64(buf, &num, 10);
++ if (rc != 0)
++ goto fail;
++ if (num > ULONG_MAX || (uid_t) num != num) {
++ rc = -ERANGE;
++ goto fail;
++ }
++ *uid = (uid_t) num;
++
++ return 0;
++fail:
++ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc));
++ return rc;
++}
++
+ /**
+ * mnt_match_options:
+ * @optstr: options string
+--
+2.34.0
+
diff --git a/gnu/packages/patches/util-linux-CVE-2021-3996.patch b/gnu/packages/patches/util-linux-CVE-2021-3996.patch
new file mode 100644
index 0000000000..59edf5c7cf
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2021-3996.patch
@@ -0,0 +1,233 @@
+Fix CVE-2021-3996:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
+https://seclists.org/oss-sec/2022/q1/66
+
+Patch copied from upstream source repository:
+
+https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b
+
+From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 4 Jan 2022 10:54:20 +0100
+Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996]
+
+This issue is related to parsing the /proc/self/mountinfo file allows an
+unprivileged user to unmount other user's filesystems that are either
+world-writable themselves or mounted in a world-writable directory.
+
+The support for "(deleted)" is no more necessary as the Linux kernel does
+not use it in /proc/self/mountinfo and /proc/self/mount files anymore.
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/tab_parse.c | 5 -----
+ tests/expected/findmnt/filter-options | 1 -
+ tests/expected/findmnt/filter-options-nameval-neg | 3 +--
+ tests/expected/findmnt/filter-types-neg | 1 -
+ tests/expected/findmnt/outputs-default | 3 +--
+ tests/expected/findmnt/outputs-force-tree | 3 +--
+ tests/expected/findmnt/outputs-kernel | 3 +--
+ tests/expected/libmount/tabdiff-mount | 1 -
+ tests/expected/libmount/tabdiff-move | 1 -
+ tests/expected/libmount/tabdiff-remount | 1 -
+ tests/expected/libmount/tabdiff-umount | 1 -
+ tests/expected/libmount/tabfiles-parse-mountinfo | 11 -----------
+ tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 -----------
+ tests/ts/findmnt/files/mountinfo | 1 -
+ tests/ts/findmnt/files/mountinfo-nonroot | 1 -
+ tests/ts/libmount/files/mountinfo | 1 -
+ 16 files changed, 4 insertions(+), 44 deletions(-)
+
+diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
+index 917779ab6..4407f9c9c 100644
+--- a/libmount/src/tab_parse.c
++++ b/libmount/src/tab_parse.c
+@@ -227,11 +227,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s)
+ goto fail;
+ }
+
+- /* remove "\040(deleted)" suffix */
+- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX);
+- if (p && *p)
+- *p = '\0';
+-
+ s = skip_separator(s);
+
+ /* (6) vfs options (fs-independent) */
+diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options
+index 2606bce76..97b0ead0a 100644
+--- a/tests/expected/findmnt/filter-options
++++ b/tests/expected/findmnt/filter-options
+@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
+ /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+ /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-/mnt/foo /fooooo bar rw,relatime
+ rc=0
+diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg
+index 5471d65af..f0467ef75 100644
+--- a/tests/expected/findmnt/filter-options-nameval-neg
++++ b/tests/expected/findmnt/filter-options-nameval-neg
+@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg
+index 2606bce76..97b0ead0a 100644
+--- a/tests/expected/findmnt/filter-types-neg
++++ b/tests/expected/findmnt/filter-types-neg
+@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
+ /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+ /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-/mnt/foo /fooooo bar rw,relatime
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-default
++++ b/tests/expected/findmnt/outputs-default
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-force-tree
++++ b/tests/expected/findmnt/outputs-force-tree
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-kernel
++++ b/tests/expected/findmnt/outputs-kernel
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount
+index 420aeacd5..3c18f8dc4 100644
+--- a/tests/expected/libmount/tabdiff-mount
++++ b/tests/expected/libmount/tabdiff-mount
+@@ -1,3 +1,2 @@
+ /dev/mapper/kzak-home on /home/kzak: MOUNTED
+-/fooooo on /mnt/foo: MOUNTED
+ tmpfs on /mnt/test/foo
bar: MOUNTED
+diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move
+index 24f9bc791..95820d93e 100644
+--- a/tests/expected/libmount/tabdiff-move
++++ b/tests/expected/libmount/tabdiff-move
+@@ -1,3 +1,2 @@
+ //foo.home/bar/ on /mnt/music: MOVED to /mnt/music
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo
bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount
+index 82ebeab39..876bfd953 100644
+--- a/tests/expected/libmount/tabdiff-remount
++++ b/tests/expected/libmount/tabdiff-remount
+@@ -1,4 +1,3 @@
+ /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered'
+ //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344'
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo
bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount
+index a3e0fe48a..c7be725b9 100644
+--- a/tests/expected/libmount/tabdiff-umount
++++ b/tests/expected/libmount/tabdiff-umount
+@@ -1,3 +1,2 @@
+ /dev/mapper/kzak-home on /home/kzak: UMOUNTED
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo
bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo
+index 47eb77006..d5ba5248e 100644
+--- a/tests/expected/libmount/tabfiles-parse-mountinfo
++++ b/tests/expected/libmount/tabfiles-parse-mountinfo
+@@ -351,17 +351,6 @@ id: 47
+ parent: 20
+ devno: 0:38
+ ------ fs:
+-source: /fooooo
+-target: /mnt/foo
+-fstype: bar
+-optstr: rw,relatime
+-VFS-optstr: rw,relatime
+-FS-opstr: rw
+-root: /
+-id: 48
+-parent: 20
+-devno: 0:39
+------- fs:
+ source: tmpfs
+ target: /mnt/test/foo
bar
+ fstype: tmpfs
+diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo
+index 47eb77006..d5ba5248e 100644
+--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo
++++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo
+@@ -351,17 +351,6 @@ id: 47
+ parent: 20
+ devno: 0:38
+ ------ fs:
+-source: /fooooo
+-target: /mnt/foo
+-fstype: bar
+-optstr: rw,relatime
+-VFS-optstr: rw,relatime
+-FS-opstr: rw
+-root: /
+-id: 48
+-parent: 20
+-devno: 0:39
+------- fs:
+ source: tmpfs
+ target: /mnt/test/foo
bar
+ fstype: tmpfs
+diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo
+index 475ea1a33..ff1e664a8 100644
+--- a/tests/ts/findmnt/files/mountinfo
++++ b/tests/ts/findmnt/files/mountinfo
+@@ -30,4 +30,3 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
+diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot
+index e15b46701..87b421d2e 100644
+--- a/tests/ts/findmnt/files/mountinfo-nonroot
++++ b/tests/ts/findmnt/files/mountinfo-nonroot
+@@ -29,4 +29,3 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
+diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo
+index c06307183..2b0174048 100644
+--- a/tests/ts/libmount/files/mountinfo
++++ b/tests/ts/libmount/files/mountinfo
+@@ -30,5 +30,4 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
+ 49 20 0:56 / /mnt/test/foo
bar rw,relatime shared:323 - tmpfs tmpfs rw
+--
+2.34.0
+
--
2.34.0
Information forwarded
to guix-patches@gnu.org:
bug#53545; Package guix-patches.
(Wed, 26 Jan 2022 11:24:02 GMT) (full text, mbox, link).
Message #8 received at 53545@debbugs.gnu.org (full text, mbox, reply):
Hi Leo, Leo Famulari <leo@famulari.name> skribis: > * gnu/packages/patches/util-linux-CVE-2021-3995.patch, > gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. > * gnu/packages/linux.scm (util-linux)[replacement]: New field. > (util-linux/fixed): New variable. [...] > + (source (origin > + (inherit (package-source util-linux)) > + (patches (append (search-patches "util-linux-CVE-2021-3995.patch") > + (search-patches "util-linux-CVE-2021-3996.patch") You can have (search-patches patch1 patch2). Otherwise LGTM, thanks a lot for the quick fix! Ludo’.
Added tag(s) security.
Request was from Ludovic Courtès <ludo@gnu.org>
to control@debbugs.gnu.org.
(Wed, 26 Jan 2022 11:24:02 GMT) (full text, mbox, link).
Severity set to 'important' from 'normal'
Request was from Ludovic Courtès <ludo@gnu.org>
to control@debbugs.gnu.org.
(Wed, 26 Jan 2022 11:24:02 GMT) (full text, mbox, link).
Reply sent
to Leo Famulari <leo@famulari.name>:
You have taken responsibility.
(Wed, 26 Jan 2022 18:04:02 GMT) (full text, mbox, link).
Notification sent
to Leo Famulari <leo@famulari.name>:
bug acknowledged by developer.
(Wed, 26 Jan 2022 18:04:02 GMT) (full text, mbox, link).
Message #17 received at 53545-done@debbugs.gnu.org (full text, mbox, reply):
On Wed, Jan 26, 2022 at 12:22:57PM +0100, Ludovic Courtès wrote: > Leo Famulari <leo@famulari.name> skribis: > > + (patches (append (search-patches "util-linux-CVE-2021-3995.patch") > > + (search-patches "util-linux-CVE-2021-3996.patch") > > You can have (search-patches patch1 patch2). Ah, right! I'm rusty. > Otherwise LGTM, thanks a lot for the quick fix! Pushed as 16ce73d87f664b2a539c2264671fddc2077f6ecc. Thanks for the review!
bug archived.
Request was from Debbugs Internal Request <help-debbugs@gnu.org>
to internal_control@debbugs.gnu.org.
(Thu, 24 Feb 2022 12:24:07 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.