Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package util-linux for openSUSE:Factory checked in at 2022-03-14 19:33:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/util-linux (Old) and /work/SRC/openSUSE:Factory/.util-linux.new.25692 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "util-linux" Mon Mar 14 19:33:56 2022 rev:254 rq:960950 version:2.37.4 Changes: -------- --- /work/SRC/openSUSE:Factory/util-linux/python3-libmount.changes 2021-12-18 20:30:32.066252153 +0100 +++ /work/SRC/openSUSE:Factory/.util-linux.new.25692/python3-libmount.changes 2022-03-14 19:33:57.533902836 +0100 @@ -1,0 +2,26 @@ +Tue Mar 8 02:00:05 UTC 2022 - Stanislav Brabec <[email protected]> + +- Update to version 2.37.4: + * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563). + SUSE is not affected (bsc#1196241). + +------------------------------------------------------------------- +Thu Mar 3 03:22:45 UTC 2022 - Stanislav Brabec <[email protected]> + +- Fix "su -s" bash completion + (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). + +------------------------------------------------------------------- +Mon Jan 24 21:57:01 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 2.37.3 (bsc#1194976): + This release fixes two security mount(8) and umount(8) issues: + * CVE-2021-3996 + Improper UID check in libmount allows an unprivileged user to unmount FUSE + filesystems of users with similar UID. + * CVE-2021-3995 + This issue is related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. + +------------------------------------------------------------------- util-linux-systemd.changes: same change --- /work/SRC/openSUSE:Factory/util-linux/util-linux.changes 2022-01-28 22:12:26.578928187 +0100 +++ /work/SRC/openSUSE:Factory/.util-linux.new.25692/util-linux.changes 2022-03-14 19:33:57.677903008 +0100 @@ -1,0 +2,13 @@ +Tue Mar 8 02:00:05 UTC 2022 - Stanislav Brabec <[email protected]> + +- Update to version 2.37.4: + * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563). + SUSE is not affected (bsc#1196241). + +------------------------------------------------------------------- +Thu Mar 3 03:22:45 UTC 2022 - Stanislav Brabec <[email protected]> + +- Fix "su -s" bash completion + (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch). + +------------------------------------------------------------------- Old: ---- util-linux-2.37.3.tar.sign util-linux-2.37.3.tar.xz New: ---- util-linux-2.37.4.tar.sign util-linux-2.37.4.tar.xz util-linux-bash-completion-su-chsh-l.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python3-libmount.spec ++++++ --- /var/tmp/diff_new_pack.COPUXg/_old 2022-03-14 19:33:58.929904509 +0100 +++ /var/tmp/diff_new_pack.COPUXg/_new 2022-03-14 19:33:58.933904514 +0100 @@ -125,7 +125,7 @@ %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.3 +Version: 2.37.4 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz @@ -149,6 +149,8 @@ Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices Patch3: util-linux-sulogin4bsc1175514.patch +# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion. +Patch4: util-linux-bash-completion-su-chsh-l.patch # %if %build_util_linux Supplements: filesystem(minix) util-linux-systemd.spec: same change ++++++ util-linux.spec ++++++ --- /var/tmp/diff_new_pack.COPUXg/_old 2022-03-14 19:33:59.005904600 +0100 +++ /var/tmp/diff_new_pack.COPUXg/_new 2022-03-14 19:33:59.009904605 +0100 @@ -125,7 +125,7 @@ %endif %endif #END SECOND STAGE DEPENDENCIES -Version: 2.37.3 +Version: 2.37.4 Release: 0 URL: https://www.kernel.org/pub/linux/utils/util-linux/ Source: https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-%{version}.tar.xz @@ -149,6 +149,8 @@ Patch2: Add-documentation-on-blacklisted-modules-to-mount-8-.patch # PATCH-FIX-SUSE: Avoid sulogin failing on not existing or not functional console devices Patch3: util-linux-sulogin4bsc1175514.patch +# PATCH-FIX-SUSE util-linux-bash-completion-su-chsh-l.patch bsc1172427 -- Fix "su -s" bash completion. +Patch4: util-linux-bash-completion-su-chsh-l.patch # %if %build_util_linux Supplements: filesystem(minix) ++++++ util-linux-2.37.3.tar.xz -> util-linux-2.37.4.tar.xz ++++++ ++++ 10794 lines of diff (skipped) ++++++ util-linux-bash-completion-su-chsh-l.patch ++++++ su -s <TAB> completion depends on "chsh -l" present in the util-linux implementation of chsh. But SUSE uses chsh from shadow package that does not include this feature. Use /etc/shells instead. --- util-linux/bash-completion/su +++ util-linux/bash-completion/su @@ -14,7 +14,7 @@ _su_module() return 0 ;; '-s'|'--shell') - COMPREPLY=( $(compgen -W "$(chsh -l)" -- $cur) ) + COMPREPLY=( $(compgen -W "$(</etc/shells)" -- $cur) ) return 0 ;; '-h'|'--help'|'-V'|'--version')
