From 6fd8bb19021f0c13e4694ae8d800a1970f10f179 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Milan=20P=2E=20Stani=C4=87?= <mps@arvanta.net>
Date: Thu, 3 Feb 2022 18:45:15 +0000
Subject: [PATCH] main/util-linux: security upgrade to 2.37.3

security fixes CVE-2021-3995 and CVE-2021-3996
backport latest upstream release instead of picking patches because it
is safer this way

remove libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch,
fixed upstream
---
 main/util-linux/APKBUILD                      | 19 +++++----
 ...symfollow-for-helpers-on-user-mounts.patch | 40 -------------------
 2 files changed, 12 insertions(+), 47 deletions(-)
 delete mode 100644 main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch

diff --git a/main/util-linux/APKBUILD b/main/util-linux/APKBUILD
index a4b0e2e277a0..af708f93aba0 100644
--- a/main/util-linux/APKBUILD
+++ b/main/util-linux/APKBUILD
@@ -2,25 +2,24 @@
 # Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=util-linux
-pkgver=2.36.1
+pkgver=2.37.3
 
 case $pkgver in
 	*.*.*) _v=${pkgver%.*};;
 	*.*) _v=$pkgver;;
 esac
 
-pkgrel=1
+pkgrel=0
 pkgdesc="Random collection of Linux utilities"
 url="https://git.kernel.org/cgit/utils/util-linux/util-linux.git"
 arch="all"
 license="GPL-3.0-or-later AND GPL-2.0-or-later AND GPL-2.0-only AND
 	LGPL-2.1-or-later AND BSD-3-Clause AND BSD-4-Clause-UC AND Public-Domain"
 depends="blkid setpriv findmnt mcookie hexdump lsblk sfdisk cfdisk partx"
-makedepends_build="autoconf automake libtool"
+makedepends_build="autoconf automake libtool asciidoctor"
 makedepends_host="zlib-dev ncurses-dev linux-headers libcap-ng-dev"
 options="suid"
 source="https://www.kernel.org/pub/linux/utils/util-linux/v$_v/util-linux-$pkgver.tar.xz
-	libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch
 	ttydefaults.h
 	rfkill.confd
 	rfkill.initd
@@ -51,6 +50,11 @@ else
 fi
 makedepends="$makedepends_build $makedepends_host"
 
+# secfixes:
+#   2.37.3-r0:
+#     - CVE-2021-3995
+#     - CVE-2021-3996
+
 prepare() {
 	default_prepare
 
@@ -146,8 +150,9 @@ _py3() {
 	mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/
 }
 
-sha512sums="9dfd01ae4c16fa35015dafd222d555988b72e4d1d2fbadd140791b9ef78f84fa8254d4d08dc67cabf41e873338867f19e786b989d708ccfe5161c4f7679bba7a  util-linux-2.36.1.tar.xz
-ef916685b7b8d36f6c0e5a0b4697bc9edcc139427eb050a16d5af4bc28960ba4760faf37550bc1d8afa183724a884eb23de6316ffca6f2903126872e8394686d  libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch
+sha512sums="
+2303b5c55b1fd932c73b0a079d37e56e10b6a20270b72d0b7e81ec7a6b715b42ebaa336714c3e1722d05e5aa4499f8be17ceaf61bb1341532bf9697c9a2174e9  util-linux-2.37.3.tar.xz
 876bb9041eca1b2cca1e9aac898f282db576f7860aba690a95c0ac629d7c5b2cdeccba504dda87ff55c2a10b67165985ce16ca41a0694a267507e1e0cafd46d9  ttydefaults.h
 401d2ccbdbfb0ebd573ac616c1077e2c2b79ff03e9221007759d8ac25eb522c401f705abbf7daac183d5e8017982b8ec5dd0a5ebad39507c5bb0a9f31f04ee97  rfkill.confd
-c4e7ba6d257496c99934add2ca532db16fb070ea2367554587c9fb4e24ab1d80b8ba3fd0fd4fdd5ef1374c3ec6414007369b292ee334ef23171d0232ef709db2  rfkill.initd"
+c4e7ba6d257496c99934add2ca532db16fb070ea2367554587c9fb4e24ab1d80b8ba3fd0fd4fdd5ef1374c3ec6414007369b292ee334ef23171d0232ef709db2  rfkill.initd
+"
diff --git a/main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch b/main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch
deleted file mode 100644
index 9504df6f9dbb..000000000000
--- a/main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 76bb9b30cfcf54b59591a57a3d2a747e514469b2 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Thu, 19 Nov 2020 09:49:16 +0100
-Subject: libmount: don't use "symfollow" for helpers on user mounts
-
-Addresses: https://github.com/karelzak/util-linux/issues/1193
-Signed-off-by: Karel Zak <kzak@redhat.com>
----
- libmount/src/context_mount.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
-index 8c394c1ff..dd1786176 100644
---- a/libmount/src/context_mount.c
-+++ b/libmount/src/context_mount.c
-@@ -415,6 +415,9 @@ static int generate_helper_optstr(struct libmnt_context *cxt, char **optstr)
- 		 * string, because there is nothing like MS_EXEC (we only have
- 		 * MS_NOEXEC in mount flags and we don't care about the original
- 		 * mount string in libmount for VFS options).
-+		 *
-+		 * This use-case makes sense for MS_SECURE flags only (see
-+		 * mnt_optstr_get_flags() and mnt_context_merge_mflags()).
- 		 */
- 		if (!(cxt->mountflags & MS_NOEXEC))
- 			mnt_optstr_append_option(optstr, "exec", NULL);
-@@ -422,11 +425,8 @@ static int generate_helper_optstr(struct libmnt_context *cxt, char **optstr)
- 			mnt_optstr_append_option(optstr, "suid", NULL);
- 		if (!(cxt->mountflags & MS_NODEV))
- 			mnt_optstr_append_option(optstr, "dev", NULL);
--		if (!(cxt->mountflags & MS_NOSYMFOLLOW))
--			mnt_optstr_append_option(optstr, "symfollow", NULL);
- 	}
- 
--
- 	if (cxt->flags & MNT_FL_SAVED_USER)
- 		rc = mnt_optstr_set_option(optstr, "user", cxt->orig_user);
- 	if (rc)
--- 
-cgit 1.2.3-1.el7
-
-- 
GitLab