Hello community, here is the log from the commit of package util-linux for openSUSE:13.1 checked in at 2013-09-29 17:54:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/util-linux (Old) and /work/SRC/openSUSE:13.1/.util-linux.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "util-linux" Changes: -------- --- /work/SRC/openSUSE:13.1/util-linux/util-linux.changes 2013-09-23 11:13:50.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.util-linux.new/util-linux.changes 2013-09-29 17:54:18.000000000 +0200 @@ -1,0 +2,94 @@ +Fri Sep 27 16:58:40 UTC 2013 - mgorse@suse.com + +- Add more-fix-buffer-overflow.patch (bnc#829720). + +------------------------------------------------------------------- +Fri Sep 13 07:06:19 UTC 2013 - werner@suse.de + +- Avoid build require gpg-offline twice + +------------------------------------------------------------------- +Wed Sep 11 20:54:24 CEST 2013 - sbrabec@suse.cz + +- Update to version 2.23.2: + nsenter(1): + * this NEW COMMAND provides command line interface to setns() + Linux syscall and allows to run program with namespaces of + other processes + unshare(1): + * supports new PID and USER namespaces + fdisk(8): + * provides experimental support for GUID Partition Table (GPT), + the implementation is still not complete and some (unimportant) + features are missing. + * ~50% of fdisk code has been refactored, this task is going to + be complete in the next release. The goal is to have libfdisk + shared between all fdisks. + partx(8): + * supports new "update" command (implemented by + BLKPG_RESIZE_PARTITION ioctl) + mount(8): + * supports new userspace mount option x-mount.mkdir[=<mode>] to + create mountpoints on demand + * the support for propagation flags has been improved, now the + flags could be specified in /etc/fstab and used together with + regular mount options. It's also possible to specify more + propagation flags together. This EXPERIMENTAL feature is + implemented by additional mount(2) syscalls, because Linux does + not allow to use propagation flags with another options or more + flags together. + umount(8): + * supports new command line option --recursive to recursively + unmount all sub-mounts for the specified mountpoint * supports + new command line option --all-targets to unmount all + mountpoints in the current namespace for the specified + filesystem * the options --recursive and --all-targets could be + used together + dmesg(1): + * supports new command line options --color, --human and + --nopager, the --human option enables relative times, colors and + pager support. + su(1): + * supports new command line options --group and --supp-group to + specify primary and supplementary groups + chfn(1) and chsh(1): + * the commands could be linked with libuser to support non-local + accounts modification (e.g. LDAP, etc). + kill(1): + * the command has been improved to be compatible with procps + version, the procps version is deprecated now, the util-linux + version is enabled by default. + blkdiscard(8): + * this NEW COMMAND discard sectors on a device (for example on + SSD disks) + sulogin(8): + * provides multi-console feature from SysVinit + findmnt(8): + * provides new columns FREQ, PASSNO, ID, OPT-FIELDS, PROPAGATION + lslocks(8): + * provides new column BLOCKER and detects blocked locks + lsblk(8): + * supports new command line option --scsi and new columns HCTL, + TRANsport VENDOR and REVision + swapon(8) and losetup(8): + * the commands prints basic overview by default if no option + specified + column(1): + * supports new command line option --output-separator to specify + table output delimiter + rename(1): + * supports new command line option --symlink to rename symlink + target + hwclock(8): + * supports new command line option --compare to periodically + compare the Hardware Clock to the System Time (based on + adjtimex -c) + ipcs(1): + * supports new command line options --bytes and --human + wipefs(1): + * supports new command line option --force to force erase on used + devices +- Removed upstreamed patches (mkfs.bfs_cleanup_64bit.patch-Patch, + mkfs.bfs_cleanup_endian.patch) + +------------------------------------------------------------------- Old: ---- mkfs.bfs_cleanup_64bit.patch mkfs.bfs_cleanup_endian.patch util-linux-2.23.1.tar.bz2 New: ---- more-fix-buffer-overflow.patch util-linux-2.23.2.tar.sign util-linux-2.23.2.tar.xz util-linux.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ util-linux.spec ++++++ --- /var/tmp/diff_new_pack.qGQnB0/_old 2013-09-29 17:54:18.000000000 +0200 +++ /var/tmp/diff_new_pack.qGQnB0/_new 2013-09-29 17:54:18.000000000 +0200 @@ -25,6 +25,13 @@ BuildRequires: binutils-devel BuildRequires: fdupes BuildRequires: gettext-devel +# Use rpmbuild -D 'VERIFY_SIG 1' to verify signature during build or run +# one-shot check by +# xzcat util-linux-*.tar.xz | \ +# sh -x gpg-offline --verify --package=util-linux *.tar.sign - +%if 0%{?VERIFY_SIG} +BuildRequires: gpg-offline +%endif BuildRequires: libselinux-devel BuildRequires: libsepol-devel BuildRequires: libtool @@ -35,7 +42,7 @@ BuildRequires: systemd-rpm-macros BuildRequires: utempter-devel BuildRequires: zlib-devel -Version: 2.23.1 +Version: 2.23.2 Release: 0 # util-linux is a base package and uuidd pre-requiring pwdutils pulls # that into the core build cycle. pwdutils also pulls in the whole @@ -53,7 +60,7 @@ Summary: A collection of basic system utilities License: GPL-2.0+ Group: System/Base -Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.23/%{name}-%{version}.tar.bz2 +Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.23/%{name}-%{version}.tar.xz Source1: util-linux-rpmlintrc # XXX: make nologin part of util-linux upstream Source2: nologin.c @@ -66,6 +73,8 @@ Source9: remote.pamd Source10: su.pamd Source11: su.default +Source12: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.23/%{name}-%{version}.tar.sign +Source13: %{name}.keyring # TODO: split to separate package Source40: klogconsole.tar.bz2 # XXX: Run a program in a new session and with controlling tty @@ -91,6 +100,8 @@ Patch4: make-sure-sbin-resp-usr-sbin-are-in-PATH.diff # PATCH-FIX-UPSTREAM eject-scsi-check-host_status-and-driver_status.patch bnc358033 anicka@suse.cz -- Check eject host_status and driver_status when using SG_IO. Patch5: eject-scsi-check-host_status-and-driver_status.patch +# PATCH-FIX-UPSTREAM more-fix-buffer-overflow.patch bnc839720 mgorse@suse.com -- More: Fix under-allocation of memory. +Patch6: more-fix-buffer-overflow.patch # disable encryption Patch12: util-linux-2.23.1-noenc-suse.diff @@ -103,10 +114,6 @@ Patch55: klogconsole-quiet.patch Patch56: klogconsole.diff -## fix mkfs.bfs -Patch60: mkfs.bfs_cleanup_64bit.patch -Patch61: mkfs.bfs_cleanup_endian.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %insserv_prereq %fillup_prereq /bin/sed # @@ -205,12 +212,16 @@ %lang_package %prep +%if 0%{?VERIFY_SIG} +xzcat %{S:0} | %gpg_verify %{S:12} - +%endif %setup -q -n %{name}-%{version} -b 40 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 %patch12 -p1 # %patch20 -p1 @@ -220,9 +231,6 @@ # nologin cp -p %{S:2} %{S:3} %{S:26} %{S:30} . -%patch60 -p1 -%patch61 -p1 - pushd ../klogconsole %patch55 -p1 %patch56 -p1 ++++++ more-fix-buffer-overflow.patch ++++++
From 1ef2db5a5672e09fa1337099b7d9d6ab61c19bdc Mon Sep 17 00:00:00 2001 From: Karel Zak
Date: Thu, 1 Aug 2013 12:58:22 +0200 Subject: [PATCH] more: fix buffer overflow
The bug has been probably introduced by commit
1ac300932deab8dea2c43050921bbbdb36d62ff1.
Reported-by: "Dr. David Alan Gilbert"