commit: 172b16c18b35c538e32c120969c7c751bfcd24ad Author: Christopher Fore <csfore <AT> posteo <DOT> net> AuthorDate: Mon Apr 1 22:22:47 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Apr 4 01:08:02 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=172b16c1
sys-apps/util-linux: fix use-after-free in su This fixes a use-after-free introduced by the musl 1.2.5 patch. Upstream fix: https://github.com/util-linux/util-linux/commit/4b2e6f5071a4c5beebbd9668d24dc05defc096d7 Closes: https://bugs.gentoo.org/928396 Signed-off-by: Christopher Fore <csfore <AT> posteo.net> Closes: https://github.com/gentoo/gentoo/pull/36050 Signed-off-by: Sam James <sam <AT> gentoo.org> .../util-linux-2.39.3-fix-use-after-free.patch | 49 +++ sys-apps/util-linux/util-linux-2.39.3-r7.ebuild | 416 +++++++++++++++++++++ 2 files changed, 465 insertions(+) diff --git a/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch b/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch new file mode 100644 index 000000000000..dac2edaf4791 --- /dev/null +++ b/sys-apps/util-linux/files/util-linux-2.39.3-fix-use-after-free.patch @@ -0,0 +1,49 @@ +From 4b2e6f5071a4c5beebbd9668d24dc05defc096d7 Mon Sep 17 00:00:00 2001 +From: Tanish Yadav <[email protected]> +Date: Tue, 5 Mar 2024 00:51:41 +0530 +Subject: [PATCH] su: fix use after free in run_shell + +Do not free tmp for non login branch as basename may return a pointer to +some part of it. + +[[email protected]: - improve coding style of the function] + +Signed-off-by: Tanish Yadav <[email protected]> +Signed-off-by: Karel Zak <[email protected]> +--- + login-utils/su-common.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 242b6ce4ea..9bc0231961 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -835,13 +835,14 @@ static void run_shell( + size_t n_args = 1 + su->fast_startup + 2 * ! !command + n_additional_args + 1; + const char **args = xcalloc(n_args, sizeof *args); + size_t argno = 1; ++ char *tmp; + + DBG(MISC, ul_debug("starting shell [shell=%s, command=\"%s\"%s%s]", + shell, command, + su->simulate_login ? " login" : "", + su->fast_startup ? " fast-start" : "")); ++ tmp = xstrdup(shell); + +- char* tmp = xstrdup(shell); + if (su->simulate_login) { + char *arg0; + char *shell_basename; +@@ -851,10 +852,8 @@ static void run_shell( + arg0[0] = '-'; + strcpy(arg0 + 1, shell_basename); + args[0] = arg0; +- } else { +- args[0] = basename(tmp); +- } +- free(tmp); ++ } else ++ args[0] = basename(tmp); + + if (su->fast_startup) + args[argno++] = "-f"; diff --git a/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild b/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild new file mode 100644 index 000000000000..7892f3ad5d47 --- /dev/null +++ b/sys-apps/util-linux/util-linux-2.39.3-r7.ebuild @@ -0,0 +1,416 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..12} ) + +inherit toolchain-funcs libtool flag-o-matic bash-completion-r1 \ + pam python-r1 multilib-minimal multiprocessing systemd + +MY_PV="${PV/_/-}" +MY_P="${PN}-${MY_PV}" + +DESCRIPTION="Various useful Linux utilities" +HOMEPAGE="https://www.kernel.org/pub/linux/utils/util-linux/ https://github.com/util-linux/util-linux"; + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git"; + inherit autotools git-r3 +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/karelzak.asc + inherit verify-sig + + if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos" + fi + + SRC_URI="https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.xz"; + SRC_URI+=" verify-sig? ( https://www.kernel.org/pub/linux/utils/util-linux/v${PV:0:4}/${MY_P}.tar.sign )" +fi + +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2 GPL-3 LGPL-2.1 BSD-4 MIT public-domain" +SLOT="0" +IUSE="audit build caps +cramfs cryptsetup fdformat +hardlink kill +logger magic ncurses nls pam python +readline rtas selinux slang static-libs +su +suid systemd test tty-helpers udev unicode" + +# Most lib deps here are related to programs rather than our libs, +# so we rarely need to specify ${MULTILIB_USEDEP}. +RDEPEND=" + virtual/libcrypt:= + audit? ( >=sys-process/audit-2.6:= ) + caps? ( sys-libs/libcap-ng ) + cramfs? ( sys-libs/zlib:= ) + cryptsetup? ( >=sys-fs/cryptsetup-2.1.0 ) + hardlink? ( dev-libs/libpcre2:= ) + ncurses? ( + sys-libs/ncurses:=[unicode(+)?] + magic? ( sys-apps/file:0= ) + ) + nls? ( virtual/libintl[${MULTILIB_USEDEP}] ) + pam? ( sys-libs/pam ) + python? ( ${PYTHON_DEPS} ) + readline? ( sys-libs/readline:0= ) + rtas? ( sys-libs/librtas ) + selinux? ( >=sys-libs/libselinux-2.2.2-r4[${MULTILIB_USEDEP}] ) + slang? ( sys-libs/slang ) + !build? ( + systemd? ( sys-apps/systemd ) + udev? ( virtual/libudev:= ) + ) +" +BDEPEND=" + virtual/pkgconfig + nls? ( + app-text/po4a + sys-devel/gettext + ) + test? ( app-alternatives/bc ) +" +DEPEND=" + ${RDEPEND} + virtual/os-headers + acct-group/root +" +RDEPEND+=" + hardlink? ( !app-arch/hardlink ) + logger? ( !>=app-admin/sysklogd-2.0[logger] ) + kill? ( + !sys-apps/coreutils[kill] + !sys-process/procps[kill] + ) + su? ( + !<sys-apps/shadow-4.7-r2 + !>=sys-apps/shadow-4.7-r2[su] + ) + !net-wireless/rfkill +" + +if [[ ${PV} == 9999 ]] ; then + # Required for man-page generation + BDEPEND+=" dev-ruby/asciidoctor" +else + BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-karelzak-20230517 )" +fi + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} ) su? ( pam )" +RESTRICT="!test? ( test )" + +PATCHES=( + "${FILESDIR}"/${PN}-2.39.2-fincore-test.patch + "${FILESDIR}"/${PN}-2.39.2-backport-pr2251.patch + "${FILESDIR}"/${PN}-2.39.2-backport-1d4456d.patch + "${FILESDIR}"/${PN}-2.39.3-libblkid-luks.patch + "${FILESDIR}"/${PN}-2.39.3-musl-1.2.5-basename.patch + "${FILESDIR}"/${PN}-2.39.3-libmount-Fix-export-of-mnt_context_is_lazy-and-mnt_c.patch + "${FILESDIR}"/${PN}-2.39.3-CVE-2024-28085.patch + "${FILESDIR}"/${PN}-2.39.3-fix-use-after-free.patch +) + +pkg_pretend() { + if use su && ! use suid ; then + elog "su will be installed as suid despite USE=-suid (bug #832092)" + elog "To use su without suid, see e.g. Portage's suidctl feature." + fi +} + +src_unpack() { + if [[ ${PV} == 9999 ]] ; then + git-r3_src_unpack + return + fi + + if use verify-sig ; then + mkdir "${T}"/verify-sig || die + pushd "${T}"/verify-sig &>/dev/null || die + + # Upstream sign the decompressed .tar + # Let's do it separately in ${T} then cleanup to avoid external + # effects on normal unpack. + cp "${DISTDIR}"/${MY_P}.tar.xz . || die + xz -d ${MY_P}.tar.xz || die + verify-sig_verify_detached ${MY_P}.tar "${DISTDIR}"/${MY_P}.tar.sign + + popd &>/dev/null || die + rm -r "${T}"/verify-sig || die + fi + + default +} + +src_prepare() { + default + + if use test ; then + # Known-failing tests + # TODO: investigate these + local known_failing_tests=( + # Subtest 'options-maximum-size-8192' fails + hardlink/options + + # Fails in sandbox + lsns/ioctl_ns + + lsfd/mkfds-symlink + lsfd/mkfds-rw-character-device + # Fails with network-sandbox at least in nspawn + lsfd/option-inet + utmp/last-ipv6 + ) + + local known_failing_test + for known_failing_test in "${known_failing_tests[@]}" ; do + einfo "Removing known-failing test: ${known_failing_test}" + rm tests/ts/${known_failing_test} || die + done + fi + + if [[ ${PV} == 9999 ]] ; then + po/update-potfiles + eautoreconf + else + elibtoolize + fi +} + +python_configure() { + local myeconfargs=( + "${commonargs[@]}" + --disable-all-programs + --disable-bash-completion + --without-systemdsystemunitdir + --with-python + --enable-libblkid + --enable-libmount + --enable-pylibmount + ) + + mkdir "${BUILD_DIR}" || die + pushd "${BUILD_DIR}" >/dev/null || die + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + popd >/dev/null || die +} + +multilib_src_configure() { + # The scanf test in a run-time test which fails while cross-compiling. + # Blindly assume a POSIX setup since we require libmount, and libmount + # itself fails when the scanf test fails. bug #531856 + tc-is-cross-compiler && export scanf_cv_alloc_modifier=ms + + # bug #485486 + export ac_cv_header_security_pam_misc_h=$(multilib_native_usex pam) + # bug #545042 + export ac_cv_header_security_pam_appl_h=$(multilib_native_usex pam) + + # Undo bad ncurses handling by upstream. Fall back to pkg-config. + # bug #601530 + export NCURSES6_CONFIG=false NCURSES5_CONFIG=false + export NCURSESW6_CONFIG=false NCURSESW5_CONFIG=false + + # Avoid automagic dependency on ppc* + export ac_cv_lib_rtas_rtas_get_sysparm=$(usex rtas) + + # configure args shared by python and non-python builds + local commonargs=( + --localstatedir="${EPREFIX}/var" + --runstatedir="${EPREFIX}/run" + --enable-fs-paths-extra="${EPREFIX}/usr/sbin:${EPREFIX}/bin:${EPREFIX}/usr/bin" + + # Temporary workaround until ~2.39.2. 2.39.x introduced a big rewrite. + # https://github.com/util-linux/util-linux/issues/2287#issuecomment-1576640373 + --disable-libmount-mountfd-support + ) + + local myeconfargs=( + "${commonargs[@]}" + --with-bashcompletiondir="$(get_bashcompdir)" + --without-python + $(multilib_native_use_enable suid makeinstall-chown) + $(multilib_native_use_enable suid makeinstall-setuid) + $(multilib_native_use_with readline) + $(multilib_native_use_with slang) + $(multilib_native_usex ncurses "$(use_with magic libmagic)" '--without-libmagic') + $(multilib_native_usex ncurses "$(use_with unicode ncursesw)" '--without-ncursesw') + $(multilib_native_usex ncurses "$(use_with !unicode ncurses)" '--without-ncurses') + $(multilib_native_use_with audit) + $(tc-has-tls || echo --disable-tls) + $(use_enable nls) + $(use_enable nls poman) + $(use_enable unicode widechar) + $(use_enable static-libs static) + $(use_with ncurses tinfo) + $(use_with selinux) + ) + + if use build ; then + myeconfargs+=( + --without-systemd + --without-udev + ) + else + myeconfargs+=( + $(multilib_native_use_with systemd) + $(multilib_native_use_with udev) + ) + fi + + if multilib_is_native_abi ; then + myeconfargs+=( + --disable-chfn-chsh + --disable-login + --disable-newgrp + --disable-nologin + --disable-pylibmount + --disable-raw + --disable-vipw + --enable-agetty + --enable-bash-completion + --enable-line + --enable-partx + --enable-rename + --enable-rfkill + --enable-schedutils + --with-systemdsystemunitdir="$(systemd_get_systemunitdir)" + $(use_enable caps setpriv) + $(use_enable cramfs) + $(use_enable fdformat) + $(use_enable hardlink) + $(use_enable kill) + $(use_enable logger) + $(use_enable ncurses pg) + $(use_enable su) + $(use_enable tty-helpers mesg) + $(use_enable tty-helpers wall) + $(use_enable tty-helpers write) + $(use_with cryptsetup) + ) + if [[ ${PV} == *9999 ]] ; then + myeconfargs+=( --enable-asciidoc ) + else + # Upstream is shipping pre-generated man-pages for releases + myeconfargs+=( --disable-asciidoc ) + fi + else + myeconfargs+=( + --disable-all-programs + --disable-asciidoc + --disable-bash-completion + --without-systemdsystemunitdir + --disable-poman + + # build libraries + --enable-libuuid + --enable-libblkid + --enable-libsmartcols + --enable-libfdisk + --enable-libmount + ) + fi + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" + + if multilib_is_native_abi && use python ; then + python_foreach_impl python_configure + fi +} + +src_configure() { + append-lfs-flags + multilib-minimal_src_configure +} + +python_compile() { + pushd "${BUILD_DIR}" >/dev/null || die + emake all + popd >/dev/null || die +} + +multilib_src_compile() { + emake all + + if multilib_is_native_abi && use python ; then + python_foreach_impl python_compile + fi +} + +python_test() { + pushd "${BUILD_DIR}" >/dev/null || die + emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot" + popd >/dev/null || die +} + +multilib_src_test() { + emake check TS_OPTS="--parallel=$(makeopts_jobs) --nonroot" + if multilib_is_native_abi && use python ; then + python_foreach_impl python_test + fi +} + +python_install() { + pushd "${BUILD_DIR}" >/dev/null || die + emake DESTDIR="${D}" install + python_optimize + popd >/dev/null || die +} + +multilib_src_install() { + if multilib_is_native_abi && use python ; then + python_foreach_impl python_install + fi + + # This needs to be called AFTER python_install call, bug #689190 + emake DESTDIR="${D}" install +} + +multilib_src_install_all() { + dodoc AUTHORS NEWS README* Documentation/{TODO,*.txt,releases/*} + + dosym hexdump /usr/bin/hd + newman - hd.1 <<< '.so man1/hexdump.1' + + # e2fsprogs-libs didn't install .la files, and .pc work fine + find "${ED}" -name "*.la" -delete || die + + if use pam ; then + # See https://github.com/util-linux/util-linux/blob/master/Documentation/PAM-configuration.txt + newpamd "${FILESDIR}/runuser.pamd" runuser + newpamd "${FILESDIR}/runuser-l.pamd" runuser-l + + newpamd "${FILESDIR}/su-l.pamd" su-l + fi + + if use su && ! use suid ; then + # Always force suid su, even when USE=-suid, as su is useless + # for the overwhelming-majority case without suid. + # Users who wish to truly have a no-suid su can strip it out + # via e.g. Portage's suidctl or some other hook. + # See bug #832092 + fperms u+s /bin/su + fi + + # Note: + # Bash completion for "runuser" command is provided by same file which + # would also provide bash completion for "su" command. However, we don't + # use "su" command from this package. + # This triggers a known QA warning which we ignore for now to magically + # keep bash completion for "su" command which shadow package does not + # provide. + + local ver=$(tools/git-version-gen .tarballversion) + local major=$(ver_cut 1 ${ver}) + local minor=$(ver_cut 2 ${ver}) + local release=$(ver_cut 3 ${ver}) + export QA_PKGCONFIG_VERSION="${major}.${minor}.${release:-0}" +} + +pkg_postinst() { + if ! use tty-helpers ; then + elog "The mesg/wall/write tools have been disabled due to USE=-tty-helpers." + fi + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "The agetty util now clears the terminal by default. You" + elog "might want to add --noclear to your /etc/inittab lines." + fi +}
