[PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.

  • Done
  • quality assurance status badge
Details
2 participants
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
Leo Famulari
Severity
important
L
L
Leo Famulari wrote on 26 Jan 2022 06:25
(address . guix-patches@gnu.org)
2bfaeab3105ac248ee04f8d2f3fb9351ba0eb1db.1643174700.git.leo@famulari.name
* gnu/packages/patches/util-linux-CVE-2021-3995.patch,
gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/linux.scm (util-linux)[replacement]: New field.
(util-linux/fixed): New variable.
---
gnu/local.mk | 2 +
gnu/packages/linux.scm | 15 ++
.../patches/util-linux-CVE-2021-3995.patch | 146 +++++++++++
.../patches/util-linux-CVE-2021-3996.patch | 233 ++++++++++++++++++
4 files changed, 396 insertions(+)
create mode 100644 gnu/packages/patches/util-linux-CVE-2021-3995.patch
create mode 100644 gnu/packages/patches/util-linux-CVE-2021-3996.patch

Toggle diff (414 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index dceaa53145..b7bd6910af 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1925,6 +1925,8 @@ dist_patch_DATA = \
%D%/packages/patches/upx-CVE-2021-20285.patch \
%D%/packages/patches/ustr-fix-build-with-gcc-5.patch \
%D%/packages/patches/util-linux-tests.patch \
+ %D%/packages/patches/util-linux-CVE-2021-3995.patch \
+ %D%/packages/patches/util-linux-CVE-2021-3996.patch \
%D%/packages/patches/upower-builddir.patch \
%D%/packages/patches/valgrind-enable-arm.patch \
%D%/packages/patches/vboot-utils-fix-format-load-address.patch \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index c044f2543d..4fb44c4520 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1820,6 +1820,7 @@ (define-public psmisc
(define-public util-linux
(package
(name "util-linux")
+ (replacement util-linux/fixed)
(version "2.37.2")
(source (origin
(method url-fetch)
@@ -1971,6 +1972,20 @@ (define-public util-linux+udev
`(("udev" ,eudev)
,@(package-inputs util-linux)))))
+;; This is mostly equivalent to the upstream release version v2.37.3, except
+;; that the upstream tarball was generated improperly, which breaks the build.
+;; There will not be a v2.37.3-fixed release or anything like that to fix it:
+;; https://github.com/util-linux/util-linux/issues/1577
+(define-public util-linux/fixed
+ (hidden-package
+ (package
+ (inherit util-linux)
+ (source (origin
+ (inherit (package-source util-linux))
+ (patches (append (search-patches "util-linux-CVE-2021-3995.patch")
+ (search-patches "util-linux-CVE-2021-3996.patch")
+ (origin-patches (package-source util-linux)))))))))
+
(define-public ddate
(package
(name "ddate")
diff --git a/gnu/packages/patches/util-linux-CVE-2021-3995.patch b/gnu/packages/patches/util-linux-CVE-2021-3995.patch
new file mode 100644
index 0000000000..7faea83801
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2021-3995.patch
@@ -0,0 +1,146 @@
+Fix CVE-2021-3995:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
+https://seclists.org/oss-sec/2022/q1/66
+
+Patch copied from upstream source repository:
+
+https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929
+
+From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Wed, 24 Nov 2021 13:53:25 +0100
+Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995]
+
+Improper UID check allows an unprivileged user to unmount FUSE
+filesystems of users with similar UID.
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ include/strutils.h | 2 +-
+ libmount/src/context_umount.c | 14 +++---------
+ libmount/src/mountP.h | 1 +
+ libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++
+ 4 files changed, 47 insertions(+), 12 deletions(-)
+
+diff --git a/include/strutils.h b/include/strutils.h
+index 6e95707ea..a84d29594 100644
+--- a/include/strutils.h
++++ b/include/strutils.h
+@@ -106,8 +106,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma
+ if (n + 1 > nmax)
+ n = nmax - 1;
+
++ memset(dest, '\0', nmax);
+ memcpy(dest, src, n);
+- dest[nmax-1] = '\0';
+ return dest;
+ }
+
+diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c
+index 173637a15..8773c65ff 100644
+--- a/libmount/src/context_umount.c
++++ b/libmount/src/context_umount.c
+@@ -453,10 +453,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ struct libmnt_ns *ns_old;
+ const char *type = mnt_fs_get_fstype(cxt->fs);
+ const char *optstr;
+- char *user_id = NULL;
+- size_t sz;
+- uid_t uid;
+- char uidstr[sizeof(stringify_value(ULONG_MAX))];
++ uid_t uid, entry_uid;
+
+ *errsv = 0;
+
+@@ -473,11 +470,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ optstr = mnt_fs_get_fs_options(cxt->fs);
+ if (!optstr)
+ return 0;
+-
+- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0)
+- return 0;
+-
+- if (sz == 0 || user_id == NULL)
++ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0)
+ return 0;
+
+ /* get current user */
+@@ -494,8 +487,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv)
+ return 0;
+ }
+
+- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid);
+- return strncmp(user_id, uidstr, sz) == 0;
++ return uid == entry_uid;
+ }
+
+ /*
+diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
+index d43a83541..22442ec55 100644
+--- a/libmount/src/mountP.h
++++ b/libmount/src/mountP.h
+@@ -399,6 +399,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry(
+ const struct libmnt_optmap **mapent);
+
+ /* optstr.c */
++extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid);
+ extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end);
+ extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next);
+ extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next);
+diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c
+index 921b9318e..16800f571 100644
+--- a/libmount/src/optstr.c
++++ b/libmount/src/optstr.c
+@@ -1076,6 +1076,48 @@ int mnt_optstr_fix_user(char **optstr)
+ return rc;
+ }
+
++/*
++ * Converts value from @optstr addressed by @name to uid.
++ *
++ * Returns: 0 on success, 1 if not found, <0 on error
++ */
++int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid)
++{
++ char *value = NULL;
++ size_t valsz = 0;
++ char buf[sizeof(stringify_value(UINT64_MAX))];
++ int rc;
++ uint64_t num;
++
++ assert(optstr);
++ assert(name);
++ assert(uid);
++
++ rc = mnt_optstr_get_option(optstr, name, &value, &valsz);
++ if (rc != 0)
++ goto fail;
++
++ if (valsz > sizeof(buf) - 1) {
++ rc = -ERANGE;
++ goto fail;
++ }
++ mem2strcpy(buf, value, valsz, sizeof(buf));
++
++ rc = ul_strtou64(buf, &num, 10);
++ if (rc != 0)
++ goto fail;
++ if (num > ULONG_MAX || (uid_t) num != num) {
++ rc = -ERANGE;
++ goto fail;
++ }
++ *uid = (uid_t) num;
++
++ return 0;
++fail:
++ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc));
++ return rc;
++}
++
+ /**
+ * mnt_match_options:
+ * @optstr: options string
+--
+2.34.0
+
diff --git a/gnu/packages/patches/util-linux-CVE-2021-3996.patch b/gnu/packages/patches/util-linux-CVE-2021-3996.patch
new file mode 100644
index 0000000000..59edf5c7cf
--- /dev/null
+++ b/gnu/packages/patches/util-linux-CVE-2021-3996.patch
@@ -0,0 +1,233 @@
+Fix CVE-2021-3996:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
+https://seclists.org/oss-sec/2022/q1/66
+
+Patch copied from upstream source repository:
+
+https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b
+
+From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 4 Jan 2022 10:54:20 +0100
+Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996]
+
+This issue is related to parsing the /proc/self/mountinfo file allows an
+unprivileged user to unmount other user's filesystems that are either
+world-writable themselves or mounted in a world-writable directory.
+
+The support for "(deleted)" is no more necessary as the Linux kernel does
+not use it in /proc/self/mountinfo and /proc/self/mount files anymore.
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/tab_parse.c | 5 -----
+ tests/expected/findmnt/filter-options | 1 -
+ tests/expected/findmnt/filter-options-nameval-neg | 3 +--
+ tests/expected/findmnt/filter-types-neg | 1 -
+ tests/expected/findmnt/outputs-default | 3 +--
+ tests/expected/findmnt/outputs-force-tree | 3 +--
+ tests/expected/findmnt/outputs-kernel | 3 +--
+ tests/expected/libmount/tabdiff-mount | 1 -
+ tests/expected/libmount/tabdiff-move | 1 -
+ tests/expected/libmount/tabdiff-remount | 1 -
+ tests/expected/libmount/tabdiff-umount | 1 -
+ tests/expected/libmount/tabfiles-parse-mountinfo | 11 -----------
+ tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 -----------
+ tests/ts/findmnt/files/mountinfo | 1 -
+ tests/ts/findmnt/files/mountinfo-nonroot | 1 -
+ tests/ts/libmount/files/mountinfo | 1 -
+ 16 files changed, 4 insertions(+), 44 deletions(-)
+
+diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
+index 917779ab6..4407f9c9c 100644
+--- a/libmount/src/tab_parse.c
++++ b/libmount/src/tab_parse.c
+@@ -227,11 +227,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s)
+ goto fail;
+ }
+
+- /* remove "\040(deleted)" suffix */
+- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX);
+- if (p && *p)
+- *p = '\0';
+-
+ s = skip_separator(s);
+
+ /* (6) vfs options (fs-independent) */
+diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options
+index 2606bce76..97b0ead0a 100644
+--- a/tests/expected/findmnt/filter-options
++++ b/tests/expected/findmnt/filter-options
+@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
+ /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+ /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-/mnt/foo /fooooo bar rw,relatime
+ rc=0
+diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg
+index 5471d65af..f0467ef75 100644
+--- a/tests/expected/findmnt/filter-options-nameval-neg
++++ b/tests/expected/findmnt/filter-options-nameval-neg
+@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg
+index 2606bce76..97b0ead0a 100644
+--- a/tests/expected/findmnt/filter-types-neg
++++ b/tests/expected/findmnt/filter-types-neg
+@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS
+ /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+ /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-/mnt/foo /fooooo bar rw,relatime
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-default
++++ b/tests/expected/findmnt/outputs-default
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-force-tree
++++ b/tests/expected/findmnt/outputs-force-tree
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel
+index 59495797b..01599355e 100644
+--- a/tests/expected/findmnt/outputs-kernel
++++ b/tests/expected/findmnt/outputs-kernel
+@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO
+ |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered
+ | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
+ |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime
+-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+-`-/mnt/foo /fooooo bar rw,relatime
++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
+ rc=0
+diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount
+index 420aeacd5..3c18f8dc4 100644
+--- a/tests/expected/libmount/tabdiff-mount
++++ b/tests/expected/libmount/tabdiff-mount
+@@ -1,3 +1,2 @@
+ /dev/mapper/kzak-home on /home/kzak: MOUNTED
+-/fooooo on /mnt/foo: MOUNTED
+ tmpfs on /mnt/test/foo bar: MOUNTED
+diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move
+index 24f9bc791..95820d93e 100644
+--- a/tests/expected/libmount/tabdiff-move
++++ b/tests/expected/libmount/tabdiff-move
+@@ -1,3 +1,2 @@
+ //foo.home/bar/ on /mnt/music: MOVED to /mnt/music
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount
+index 82ebeab39..876bfd953 100644
+--- a/tests/expected/libmount/tabdiff-remount
++++ b/tests/expected/libmount/tabdiff-remount
+@@ -1,4 +1,3 @@
+ /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered'
+ //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344'
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount
+index a3e0fe48a..c7be725b9 100644
+--- a/tests/expected/libmount/tabdiff-umount
++++ b/tests/expected/libmount/tabdiff-umount
+@@ -1,3 +1,2 @@
+ /dev/mapper/kzak-home on /home/kzak: UMOUNTED
+-/fooooo on /mnt/foo: UMOUNTED
+ tmpfs on /mnt/test/foo bar: UMOUNTED
+diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo
+index 47eb77006..d5ba5248e 100644
+--- a/tests/expected/libmount/tabfiles-parse-mountinfo
++++ b/tests/expected/libmount/tabfiles-parse-mountinfo
+@@ -351,17 +351,6 @@ id: 47
+ parent: 20
+ devno: 0:38
+ ------ fs:
+-source: /fooooo
+-target: /mnt/foo
+-fstype: bar
+-optstr: rw,relatime
+-VFS-optstr: rw,relatime
+-FS-opstr: rw
+-root: /
+-id: 48
+-parent: 20
+-devno: 0:39
+------- fs:
+ source: tmpfs
+ target: /mnt/test/foo bar
+ fstype: tmpfs
+diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo
+index 47eb77006..d5ba5248e 100644
+--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo
++++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo
+@@ -351,17 +351,6 @@ id: 47
+ parent: 20
+ devno: 0:38
+ ------ fs:
+-source: /fooooo
+-target: /mnt/foo
+-fstype: bar
+-optstr: rw,relatime
+-VFS-optstr: rw,relatime
+-FS-opstr: rw
+-root: /
+-id: 48
+-parent: 20
+-devno: 0:39
+------- fs:
+ source: tmpfs
+ target: /mnt/test/foo bar
+ fstype: tmpfs
+diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo
+index 475ea1a33..ff1e664a8 100644
+--- a/tests/ts/findmnt/files/mountinfo
++++ b/tests/ts/findmnt/files/mountinfo
+@@ -30,4 +30,3 @@
+ 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
+ 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
+ 47 20 0:38 / /mnt/sounds rw,relatime - ci
This message was truncated. Download the full message here.
L
L
Ludovic Courtès wrote on 26 Jan 2022 12:22
(name . Leo Famulari)(address . leo@famulari.name)(address . 53545@debbugs.gnu.org)
87v8y6ivvy.fsf@gnu.org
Hi Leo,

Leo Famulari <leo@famulari.name> skribis:

Toggle quote (6 lines)
> * gnu/packages/patches/util-linux-CVE-2021-3995.patch,
> gnu/packages/patches/util-linux-CVE-2021-3996.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
> * gnu/packages/linux.scm (util-linux)[replacement]: New field.
> (util-linux/fixed): New variable.

[...]

Toggle quote (5 lines)
> + (source (origin
> + (inherit (package-source util-linux))
> + (patches (append (search-patches "util-linux-CVE-2021-3995.patch")
> + (search-patches "util-linux-CVE-2021-3996.patch")

You can have (search-patches patch1 patch2).

Otherwise LGTM, thanks a lot for the quick fix!

Ludo’.
L
L
Ludovic Courtès wrote on 26 Jan 2022 12:23
control message for bug #53545
(address . control@debbugs.gnu.org)
87tudqivvs.fsf@gnu.org
tags 53545 + security
quit
L
L
Ludovic Courtès wrote on 26 Jan 2022 12:23
(address . control@debbugs.gnu.org)
87sftaivvo.fsf@gnu.org
severity 53545 important
quit
L
L
Leo Famulari wrote on 26 Jan 2022 19:03
Re: bug#53545: [PATCH] gnu: util-linux: Fix CVE-2021-3995 and CVE-2021-3996.
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 53545-done@debbugs.gnu.org)
YfGM4vKjpMoTb3Wk@jasmine.lan
On Wed, Jan 26, 2022 at 12:22:57PM +0100, Ludovic Court�s wrote:
Toggle quote (6 lines)
> Leo Famulari <leo@famulari.name> skribis:
> > + (patches (append (search-patches "util-linux-CVE-2021-3995.patch")
> > + (search-patches "util-linux-CVE-2021-3996.patch")
>
> You can have (search-patches patch1 patch2).

Ah, right! I'm rusty.

Toggle quote (2 lines)
> Otherwise LGTM, thanks a lot for the quick fix!

Pushed as 16ce73d87f664b2a539c2264671fddc2077f6ecc.

Thanks for the review!
Closed
?