RHEL-9: 2.37.3-2: (rpm -V, pam_env, logger, partnames, tmpfiles.d)

Resolves: #2021462 #2033622 #2000137 #2000477 #2047952

0007-sysfs-fallback-for-partitions-not-including-parent-n.patch

@@ -0,0 +1,51 @@
+From 533d6957a87a52b8088ad87daf7d6dbfaececf02 Mon Sep 17 00:00:00 2001
+From: Portisch <hugo.portisch@yahoo.de>
+Date: Mon, 8 Nov 2021 12:31:39 +0100
+Subject: sysfs: fallback for partitions not including parent name
+
+Upstream: http://github.com/util-linux/util-linux/commit/9b59641bcec3df9c451eea4c7057751a153a3fcb
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2021462
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ lib/sysfs.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/lib/sysfs.c b/lib/sysfs.c
+index bb7183319..191d870f6 100644
+--- a/lib/sysfs.c
++++ b/lib/sysfs.c
+@@ -210,9 +210,10 @@ int sysfs_blkdev_is_partition_dirent(DIR *dir, struct dirent *d, const char *par
+ 	    d->d_type != DT_UNKNOWN)
+ 		return 0;
+ #endif
++	size_t len = 0;
++
+ 	if (parent_name) {
+ 		const char *p = parent_name;
+-		size_t len;
+ 
+ 		/* /dev/sda --> "sda" */
+ 		if (*parent_name == '/') {
+@@ -223,14 +224,15 @@ int sysfs_blkdev_is_partition_dirent(DIR *dir, struct dirent *d, const char *par
+ 		}
+ 
+ 		len = strlen(p);
+-		if (strlen(d->d_name) <= len)
+-			return 0;
++		if ((strlen(d->d_name) <= len) || (strncmp(p, d->d_name, len) != 0))
++			len = 0;
++	}
+ 
++	if (len > 0) {
+ 		/* partitions subdir name is
+ 		 *	"<parent>[:digit:]" or "<parent>p[:digit:]"
+ 		 */
+-		return strncmp(p, d->d_name, len) == 0 &&
+-		       ((*(d->d_name + len) == 'p' && isdigit(*(d->d_name + len + 1)))
++		return ((*(d->d_name + len) == 'p' && isdigit(*(d->d_name + len + 1)))
+ 			|| isdigit(*(d->d_name + len)));
+ 	}
+ 
+-- 
+2.34.1
+

0008-logger-fix-size-use-for-stdin.patch

@@ -0,0 +1,61 @@
+From cac75d851c5e6ba1afb3bf55552fd10666a03ea9 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Oct 2021 18:47:40 +0200
+Subject: logger: fix --size use for stdin
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The stdin version counts log header into the message size, but
+for example when it reads message from argv[] it counts only message
+itself.
+
+ $ logger --stderr  --size 3 "abcd"
+ <13>Oct 21 18:48:29 kzak: abc
+
+ $ echo "abcd" | logger --stderr  --size 3
+ logger: cannot allocate 18446744073709551597 bytes: Cannot allocate memory
+
+Upstream: http://github.com/util-linux/util-linux/commit/58e4ee082bca100034791a4a74481f263bb30a25
+Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2033622
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ misc-utils/logger.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/misc-utils/logger.c b/misc-utils/logger.c
+index 5b122de79..43284caeb 100644
+--- a/misc-utils/logger.c
++++ b/misc-utils/logger.c
+@@ -976,8 +976,7 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 	int has_header = 1;
+ 	int default_priority = ctl->pri;
+ 	int last_pri = default_priority;
+-	size_t max_usrmsg_size = ctl->max_message_size - strlen(ctl->hdr);
+-	char *const buf = xmalloc(max_usrmsg_size + 2 + 2);
++	char *buf = xmalloc(ctl->max_message_size + 2 + 2);
+ 	int pri;
+ 	int c;
+ 	size_t i;
+@@ -1004,16 +1003,14 @@ static void logger_stdin(struct logger_ctl *ctl)
+ 				ctl->pri = default_priority;
+ 
+ 			if (ctl->pri != last_pri) {
+-				has_header = 0;
+-				max_usrmsg_size =
+-				    ctl->max_message_size - strlen(ctl->hdr);
++				generate_syslog_header(ctl);
+ 				last_pri = ctl->pri;
+ 			}
+ 			if (c != EOF && c != '\n')
+ 				c = getchar();
+ 		}
+ 
+-		while (c != EOF && c != '\n' && i < max_usrmsg_size) {
++		while (c != EOF && c != '\n' && i < ctl->max_message_size) {
+ 			buf[i++] = c;
+ 			c = getchar();
+ 		}
+-- 
+2.34.1
+

util-linux-su.pamd

@@ -1,4 +1,5 @@
 #%PAM-1.0
+auth		required	pam_env.so
 auth		sufficient	pam_rootok.so
 # Uncomment the following line to implicitly trust users in the "wheel" group.
 #auth		sufficient	pam_wheel.so trust use_uid

util-linux.spec

@@ -2,7 +2,7 @@
 Summary: A collection of basic system utilities
 Name: util-linux
 Version: 2.37.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL: http://en.wikipedia.org/wiki/Util-linux
 
@@ -51,6 +51,7 @@ Source0: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v%{upstream_major}/util
 Source1: util-linux-login.pamd
 Source2: util-linux-remote.pamd
 Source3: util-linux-chsh-chfn.pamd
+Source4: uuidd-tmpfiles.conf
 Source5: adjtime
 Source12: util-linux-su.pamd
 Source13: util-linux-su-l.pamd
@@ -88,6 +89,9 @@ Requires: libsmartcols = %{version}-%{release}
 Requires: libfdisk = %{version}-%{release}
 Requires: util-linux-core = %{version}-%{release}
 
+
+### RHEL-9.0.0
+#
 # 151635 - makeing /var/log/lastlog
 Patch0: 0000-login-create-var-log-lastlog.patch
 # Add `/run/motd.d` to the hardcoded MOTD_FILE
@@ -101,6 +105,10 @@ Patch4: 0004-tests-make-eject-umount-tests-more-robust.patch
 Patch5: 0005-Complete-Linux-PAM-compliance-for-forked-child-in-su.patch
 # 2040366 - uuidd can't access lock/status file
 Patch6: 0006-uuidd-fix-open-lock-state-issue.patch
+# 2021462 - partitons detection broken on systems not including the parent name in partition name
+Patch7: 0007-sysfs-fallback-for-partitions-not-including-parent-n.patch
+# 2033622 - logger from util-linux incorrectly handles long messages
+Patch8: 0008-logger-fix-size-use-for-stdin.patch
 
 
 %description
@@ -342,14 +350,13 @@ mkdir -p ${RPM_BUILD_ROOT}%{_bindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{1,6,8,5}
 mkdir -p ${RPM_BUILD_ROOT}%{_sbindir}
 mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/{pam.d,security/console.apps}
-mkdir -p ${RPM_BUILD_ROOT}/var/log
+mkdir -p ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d
-touch ${RPM_BUILD_ROOT}/var/log/lastlog
-chmod 0644 ${RPM_BUILD_ROOT}/var/log/lastlog
 
 # install util-linux
 %make_install
 
 # And a dirs uuidd needs that the makefiles don't create
+install -m 644 %{SOURCE4} ${RPM_BUILD_ROOT}/usr/lib/tmpfiles.d/uuidd.conf
 install -d ${RPM_BUILD_ROOT}/run/uuidd
 install -d ${RPM_BUILD_ROOT}/var/lib/libuuid
 
@@ -432,24 +439,6 @@ find  $RPM_BUILD_ROOT%{_mandir}/man8 -regextype posix-egrep  \
 	-printf "%{_mandir}/man8/%f*\n" >> %{name}.files
 
 
-%post
-# only for minimal buildroots without /var/log
-[ -d /var/log ] || mkdir -p /var/log
-touch /var/log/lastlog
-chown root:root /var/log/lastlog
-chmod 0644 /var/log/lastlog
-# Fix the file context, do not use restorecon
-if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
-	SECXT=$( /usr/sbin/matchpathcon -n /var/log/lastlog 2> /dev/null )
-	if [ -n "$SECXT" ]; then
-		# Selinux enabled, but without policy? It's true for buildroots
-		# without selinux stuff on host machine with enabled selinux.
-		# We don't want to use any RPM dependence on selinux policy for
-		# matchpathcon(2). SELinux policy should be optional.
-		/usr/bin/chcon "$SECXT"  /var/log/lastlog >/dev/null 2>&1 || :
-	fi
-fi
-
 %post -n util-linux-core
 if [ ! -L /etc/mtab ]; then
 	ln -sf ../proc/self/mounts /etc/mtab || :
@@ -516,8 +505,6 @@ fi
 %attr(755,root,root)	%{_bindir}/login
 %attr(2755,root,tty)	%{_bindir}/write
 
-%ghost %attr(0644,root,root) %verify(not md5 size mtime) /var/log/lastlog
-
 %{_unitdir}/fstrim.*
 
 %{_bindir}/cal
@@ -876,6 +863,7 @@ fi
 %dir %attr(2775, uuidd, uuidd) /var/lib/libuuid
 %dir %attr(2775, uuidd, uuidd) /run/uuidd
 %{compldir}/uuidd
+/usr/lib/tmpfiles.d/uuidd.conf
 
 
 %files -n libfdisk
@@ -951,6 +939,13 @@ fi
 %{_libdir}/python*/site-packages/libmount/
 
 %changelog
+* Mon Feb 07 2022 Karel Zak <kzak@redhat.com> 2.37.3-2
+- fix #2021462 - partitons detection broken on systems not including the parent name in partition name
+- fix #2033622 - logger from util-linux incorrectly handles long messages
+- fix #2000137 - pam_env bypassed for root user when using su
+- fix #2000477 - rpm -V setup fail on /var/log/lastlog
+- fix #2047952 - rpm -V / --verify reports bad user/group/mtime for /run/uuidd
+
 * Tue Jan 25 2022 Karel Zak <kzak@redhat.com> 2.37.3-1
 - upgrade to v2.37.3 (fix CVE-2021-3996, CVE-2021-3995)
 - fix #2040366 - uuidd can't access lock/status file

uuidd-tmpfiles.conf

@@ -0,0 +1 @@
+d /run/uuidd 2775 uuidd uuidd