A flaw was found in the util-linux chfn and chsh utilities when compiled
with Readline support. The Readline library uses an "INPUTRC" environment
variable to get a path to the library config file. When the library cannot
parse the specified file, it prints an error message containing data from
the file. This flaw allows an unprivileged user to read root-owned files,
potentially leading to privilege escalation. This flaw affects util-linux
versions prior to 2.37.4.
Backport patch from upstream:
faa5a3a83a
Patch required slight modifications to apply cleanly to util-linux 2.35.1
(From OE-Core rev: dffbf6301612ca91f6a1c306b9dde754b44912bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add patches to fix CVE-2021-3995 and CVE-2021-3996
Also, add support include-strutils-cleanup-strto-functions.patch to
solve compilation error where `ul_strtou64` function not found which is
used in CVE-2021-3995.patch
(From OE-Core rev: c8c29e8927474f32343b1f6d47595df95f743cd2)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patches from upstream to fix a build error in the kill utility.
Fixes:
| In file included from ../util-linux-2.35.1/misc-utils/kill.c:57:
| ../util-linux-2.35.1/include/pidfd-utils.h: In function ‘pidfd_open’:
| ../util-linux-2.35.1/include/pidfd-utils.h:19:17: error: ‘SYS_pidfd_open’ undeclared (first use in this function); did you mean ‘pidfd_open’?
(From OE-Core rev: 9620c4e6e0e184b2b3907c8f8da4b7b54b97354e)
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: add GPLv3 text in README.licensing
Also:
- Drop upstreamed patch
- Backport an upstream patch to fix an issue with 'sfdisk'
- Use 'disable-hwclock-gplv3' explicitly.
Since commit 7a3000f7ba548cf7d74ac77cc63fe8de228a669e ("hwclock: use parse_date function") hwclock is linked
with parse_date.y from gnullib. This gnulib code is distributed with GPLv3.
So, we have to use '--disable-hwclock-gplv3' to exclude this code.
See full changelog https://lore.kernel.org/util-linux/20200131095846.ogjtqrs7ai774tka@ws.net.home/T/#u
(From OE-Core rev: 324f33ba5a77d498cfff81c6857c78ad13b27125)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
