From 6fd8bb19021f0c13e4694ae8d800a1970f10f179 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Milan=20P=2E=20Stani=C4=87?= <mps@arvanta.net> Date: Thu, 3 Feb 2022 18:45:15 +0000 Subject: [PATCH] main/util-linux: security upgrade to 2.37.3 security fixes CVE-2021-3995 and CVE-2021-3996 backport latest upstream release instead of picking patches because it is safer this way remove libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch, fixed upstream --- main/util-linux/APKBUILD | 19 +++++---- ...symfollow-for-helpers-on-user-mounts.patch | 40 ------------------- 2 files changed, 12 insertions(+), 47 deletions(-) delete mode 100644 main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch diff --git a/main/util-linux/APKBUILD b/main/util-linux/APKBUILD index a4b0e2e277a0..af708f93aba0 100644 --- a/main/util-linux/APKBUILD +++ b/main/util-linux/APKBUILD @@ -2,25 +2,24 @@ # Contributor: Leonardo Arena <rnalrd@alpinelinux.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=util-linux -pkgver=2.36.1 +pkgver=2.37.3 case $pkgver in *.*.*) _v=${pkgver%.*};; *.*) _v=$pkgver;; esac -pkgrel=1 +pkgrel=0 pkgdesc="Random collection of Linux utilities" url="https://git.kernel.org/cgit/utils/util-linux/util-linux.git" arch="all" license="GPL-3.0-or-later AND GPL-2.0-or-later AND GPL-2.0-only AND LGPL-2.1-or-later AND BSD-3-Clause AND BSD-4-Clause-UC AND Public-Domain" depends="blkid setpriv findmnt mcookie hexdump lsblk sfdisk cfdisk partx" -makedepends_build="autoconf automake libtool" +makedepends_build="autoconf automake libtool asciidoctor" makedepends_host="zlib-dev ncurses-dev linux-headers libcap-ng-dev" options="suid" source="https://www.kernel.org/pub/linux/utils/util-linux/v$_v/util-linux-$pkgver.tar.xz - libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch ttydefaults.h rfkill.confd rfkill.initd @@ -51,6 +50,11 @@ else fi makedepends="$makedepends_build $makedepends_host" +# secfixes: +# 2.37.3-r0: +# - CVE-2021-3995 +# - CVE-2021-3996 + prepare() { default_prepare @@ -146,8 +150,9 @@ _py3() { mv "$pkgdir"/usr/lib/python* "$subpkgdir"/usr/lib/ } -sha512sums="9dfd01ae4c16fa35015dafd222d555988b72e4d1d2fbadd140791b9ef78f84fa8254d4d08dc67cabf41e873338867f19e786b989d708ccfe5161c4f7679bba7a util-linux-2.36.1.tar.xz -ef916685b7b8d36f6c0e5a0b4697bc9edcc139427eb050a16d5af4bc28960ba4760faf37550bc1d8afa183724a884eb23de6316ffca6f2903126872e8394686d libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch +sha512sums=" +2303b5c55b1fd932c73b0a079d37e56e10b6a20270b72d0b7e81ec7a6b715b42ebaa336714c3e1722d05e5aa4499f8be17ceaf61bb1341532bf9697c9a2174e9 util-linux-2.37.3.tar.xz 876bb9041eca1b2cca1e9aac898f282db576f7860aba690a95c0ac629d7c5b2cdeccba504dda87ff55c2a10b67165985ce16ca41a0694a267507e1e0cafd46d9 ttydefaults.h 401d2ccbdbfb0ebd573ac616c1077e2c2b79ff03e9221007759d8ac25eb522c401f705abbf7daac183d5e8017982b8ec5dd0a5ebad39507c5bb0a9f31f04ee97 rfkill.confd -c4e7ba6d257496c99934add2ca532db16fb070ea2367554587c9fb4e24ab1d80b8ba3fd0fd4fdd5ef1374c3ec6414007369b292ee334ef23171d0232ef709db2 rfkill.initd" +c4e7ba6d257496c99934add2ca532db16fb070ea2367554587c9fb4e24ab1d80b8ba3fd0fd4fdd5ef1374c3ec6414007369b292ee334ef23171d0232ef709db2 rfkill.initd +" diff --git a/main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch b/main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch deleted file mode 100644 index 9504df6f9dbb..000000000000 --- a/main/util-linux/libmount-dont-use-symfollow-for-helpers-on-user-mounts.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 76bb9b30cfcf54b59591a57a3d2a747e514469b2 Mon Sep 17 00:00:00 2001 -From: Karel Zak <kzak@redhat.com> -Date: Thu, 19 Nov 2020 09:49:16 +0100 -Subject: libmount: don't use "symfollow" for helpers on user mounts - -Addresses: https://github.com/karelzak/util-linux/issues/1193 -Signed-off-by: Karel Zak <kzak@redhat.com> ---- - libmount/src/context_mount.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c -index 8c394c1ff..dd1786176 100644 ---- a/libmount/src/context_mount.c -+++ b/libmount/src/context_mount.c -@@ -415,6 +415,9 @@ static int generate_helper_optstr(struct libmnt_context *cxt, char **optstr) - * string, because there is nothing like MS_EXEC (we only have - * MS_NOEXEC in mount flags and we don't care about the original - * mount string in libmount for VFS options). -+ * -+ * This use-case makes sense for MS_SECURE flags only (see -+ * mnt_optstr_get_flags() and mnt_context_merge_mflags()). - */ - if (!(cxt->mountflags & MS_NOEXEC)) - mnt_optstr_append_option(optstr, "exec", NULL); -@@ -422,11 +425,8 @@ static int generate_helper_optstr(struct libmnt_context *cxt, char **optstr) - mnt_optstr_append_option(optstr, "suid", NULL); - if (!(cxt->mountflags & MS_NODEV)) - mnt_optstr_append_option(optstr, "dev", NULL); -- if (!(cxt->mountflags & MS_NOSYMFOLLOW)) -- mnt_optstr_append_option(optstr, "symfollow", NULL); - } - -- - if (cxt->flags & MNT_FL_SAVED_USER) - rc = mnt_optstr_set_option(optstr, "user", cxt->orig_user); - if (rc) --- -cgit 1.2.3-1.el7 - -- GitLab