Hello community,
here is the log from the commit of package util-linux.13742 for
openSUSE:Leap:15.2:Update checked in at 2020-08-23 06:21:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/util-linux.13742 (Old)
and /work/SRC/openSUSE:Leap:15.2:Update/.util-linux.13742.new.3399 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "util-linux.13742"
Sun Aug 23 06:21:10 2020 rev:1 rq:827970 version:2.33.1
Changes:
--------
New Changes file:
--- /dev/null 2020-08-06 00:20:10.149648038 +0200
+++
/work/SRC/openSUSE:Leap:15.2:Update/.util-linux.13742.new.3399/python3-libmount.changes
2020-08-23 06:21:11.900561748 +0200
@@ -0,0 +1,4971 @@
+-------------------------------------------------------------------
+Tue Jun 2 02:16:29 UTC 2020 - Stanislav Brabec <[email protected]>
+
+- blockdev: Do not fail --report on kpartx-style partitions on
+ multipath (bsc#1168235, util-linux-blockdev-report-dm.patch).
+
+-------------------------------------------------------------------
+Mon May 25 03:32:33 CEST 2020 - [email protected]
+
+- nologin: Add support for -c to prevent error from su -c
+ (bsc#1151708, util-linux-nologin-su-c.patch).
+
+-------------------------------------------------------------------
+Wed Apr 15 16:05:32 UTC 2020 - Ignaz Forster <[email protected]>
+
+- Add libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch:
+ Avoid triggering autofs in lookup_umount_fs_by_statfs
+ (boo#1168389)
+
+-------------------------------------------------------------------
+Fri Nov 29 08:55:00 UTC 2019 - Martin Wilck <[email protected]>
+
+- mount: fall back to device node name if /dev/mapper link not found
+ (bsc#1149911)
+ * Add patch: util-linux-canonicalize-coverity-scan.patch
+
+-------------------------------------------------------------------
+Tue Aug 6 03:39:25 UTC 2019 - Stanislav Brabec <[email protected]>
+
+- Issue a warning for outdated pam files
+ (bsc#1082293, boo#1081947#c68).
+- Fix comments and unify look of PAM files that were just changed
+ (login.pamd, remote.pamd).
+
+-------------------------------------------------------------------
+Mon Jul 22 17:19:22 CEST 2019 - [email protected]
+
+- Fix /etc/default/su comments and create /etc/default/runuser
+ (bsc#1121197#31).
+- Remove /etc/default/su migration from coreutils.
+
+-------------------------------------------------------------------
+Tue Jul 9 23:25:23 CEST 2019 - [email protected]
+
+- De-duplicate fstrim -A properly (bsc#1127701,
+ util-linux-fstrim-A-1.patch, util-linux-fstrim-A-3.patch,
+ util-linux-fstrim-A-4.patch).
+- Do not trim read-only volumes
+ (boo#1106214, util-linux-fstrim-A-2.patch,
+ util-linux-fstrim-A-4.patch).
+
+-------------------------------------------------------------------
+Tue Jul 9 22:32:56 CEST 2019 - [email protected]
+
+- libmount: To prevent incorrect behavior, recognize more pseudofs
+ and netfs (bsc#1122417, util-linux-libmount-pseudofs.patch).
+
+-------------------------------------------------------------------
+Mon Jul 1 23:45:55 CEST 2019 - [email protected]
+
+- Fix license of libraries: LGPL-2.1-or-later and BSD-3-Clause for
+ libuuid (bsc#1135708).
+
+-------------------------------------------------------------------
+Wed Jun 19 00:21:25 CEST 2019 - [email protected]
+
+- raw.service: Add RemainAfterExit=yes (bsc#1135534).
+
+-------------------------------------------------------------------
+Sat Jun 15 00:35:48 CEST 2019 - [email protected]
+
+- agetty: Return previous response of agetty for special characters
+ (bsc#1085196, bsc#1125886,
+ util-linux-agetty-smart-reload-13.patch,
+ util-linux-agetty-smart-reload-14.patch).
+
+-------------------------------------------------------------------
+Thu May 2 23:51:45 CEST 2019 - [email protected]
+
+- Fix problems in reading of login.defs values (bsc#1121197,
+ util-linux-login_defs-priority1.patch,
+ util-linux-login_defs-priority2.patch,
+ util-linux-login_defs-SYS_UID.patch).
+- Perform one-time reset of /etc/default/su (bsc#1121197).
+
+-------------------------------------------------------------------
+Mon Mar 4 15:23:27 CET 2019 - [email protected]
+
+- Integrate pam_keyinit pam module to login
+ (boo#1081947, login.pamd, remote.pamd).
+
+-------------------------------------------------------------------
+Fri Feb 1 10:43:05 UTC 2019 - Martin Wilck <[email protected]>
+
+- libmount: print a blacklist hint for "unknown filesystem type"
+ (jsc#SUSE-4085, fate#326832), and add documentation
+ * add libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
+ * add Add-documentation-on-blacklisted-modules-to-mount-8-.patch
+
+-------------------------------------------------------------------
+Tue Jan 22 22:29:00 CET 2019 - [email protected]
+
+- Update to version 2.33.1:
+ * agetty fixes (drop util-linux-agetty-smart-reload-10.patch,
+ util-linux-agetty-smart-reload-11.patch,
+ util-linux-agetty-smart-reload-12.patch).
+ * Other minor fixes and documentation updates.
+
+-------------------------------------------------------------------
+Mon Dec 10 19:08:35 CET 2018 - [email protected]
+
+- Drop [email protected] and [email protected] that
+ functionally conflict with [email protected]
+ (boo#1092820#c13).
+
+-------------------------------------------------------------------
+Tue Nov 20 00:41:09 CET 2018 - [email protected]
+
+- Update to version 2.33 (FATE#326844):
+ * choom: new command to adjust and display the current OOM-killer
+ score.
+ * libsmartcols has been improved to differentiate between
+ numbers, booleans and strings in JSON output.
+ * fstrim(8): trim all mounted filesystems from /etc/fstab
+ (-A|--fstab), new command line option --dry-run.
+ * hwclock(8) new command line option --delay.
+ * mount umount, libmount allow to mount and umount filesystem in
+ another namespace.
+ * rename(1) new command line option --interactive.
+ * setarch(8) does not require architecture when modify
+ personality like ADDR_NO_RANDOMIZE. The architecture argument
+ is optional now.
+ * command su(1) new command line option --whitelist-environment.
+ * setpriv(1) new command line option --reset-env and --pdeathsig.
+ * fdisk(8), sfdisk(8): print disk model name to simplify device
+ identification.
+ * column --table-empty-lines" allows to use empty lines in
+ formatted output.
+ * wipefs improved to postpone BLKRRPART ioctl until all magic
+ strings are wiped.
+ * script(1) extended to store more information about terminal
+ size and type to the typescript header. New command line
+ option --output-limit.
+ * libblkid provides BitLocker and basic APFS detection now.
+ * lsblk is possible to execute against /sys and /proc dumps with
+ --sysroot is specified.
+ * agetty(8) reload issue only if it is really needed
+ (bsc#1085196).
+ * cal(1) has been improved and extended.
+ * libblkid has been extended to support LUKS2, Micron mpool, VDO
+ and Atari partition table.
+ * rfkill(8) has been moved to /usr/sbin.
+ * dmesg(1) provides better support for multi-line messages, new
+ command line option --force-prefix.
+ * fallocate(1) --dig-holes is faster and more effect now.
+ * fdisk(8) provides access to Protective MBR accessible from main
+ menu. Sun label support has been improved.
+ * lscpu(1) provides more details about ARM CPUs now
+ (FATE#326453).
+ * lsmem(1) supports memory zone awareness now (FATE#324252,
+ drop util-linux-lsmem-memory-zone-1.patch,
+ util-linux-lsmem-memory-zone-2.patch,
+ util-linux-lsmem-memory-zone-3.patch).
+ * lsns(8) provides netnsid and nsfs columns now.
+ * rtcwake(8) waits stdin to settle down before entering a system
+ sleep.
+ * Many fixes and improvements, see
+ https://www.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32-ReleaseNotes
+
https://www.kernel.org/pub/linux/utils/util-linux/v2.32/v2.32.1-ReleaseNotes
+ https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33-ReleaseNotes
+ (drop util_linux_bigendian.patch, util-linux-cramfs.patch,
+ util-linux-fincore-count.patch,
+ util-linux-sysfs-nvme-devno.patch, util-linux-lscpu-loop.patch,
+ util-linux-libmount-umount-a-segfault.patch,
+ util-linux-libmount-mount-a-nfs-bind-mount.patch,
+ util-linux-lscpu-chcpu-new-cpu-macros.patch,
+ util-linux-chcpu-cpu-count.patch,
+ util-linux-bash-completion-umount-CVE-2018-7738.patch).
+- agetty: Fixes for reload issue only if it is really needed
+ (bsc#1085196, util-linux-agetty-smart-reload-10.patch,
+ util-linux-agetty-smart-reload-11.patch,
+ util-linux-agetty-smart-reload-12.patch).
+- agetty BEHAVIOR CHANGE: Terminal switches to character mode when
+ entering logname; echo is generated by the agetty itself.
+ (In past, logname echo was generated locally by the terminal,
+ using the canonical line editing mode.)
+
+-------------------------------------------------------------------
+Fri Oct 26 17:24:46 CEST 2018 - [email protected]
+
+- Fix runstatedir path (to /run) (boo#1113188#c1).
+
+-------------------------------------------------------------------
+Fri Oct 12 14:06:56 CEST 2018 - [email protected]
+
+- Create empty /etc/issue.d for the new agetty feature.
+
++++ 4774 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.2:Update/.util-linux.13742.new.3399/python3-libmount.changes
New Changes file:
util-linux-systemd.changes: same change
New Changes file:
util-linux.changes: same change
New:
----
Add-documentation-on-blacklisted-modules-to-mount-8-.patch
addnote.c
baselibs.conf
blkid.conf
etc.raw
etc_filesystems
klogconsole.tar.xz
libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch
libmount-print-a-blacklist-hint-for-unknown-filesyst.patch
login.pamd
make-sure-sbin-resp-usr-sbin-are-in-PATH.diff
mkzimage_cmdline.8
mkzimage_cmdline.c
pre_checkin.sh
python3-libmount.changes
python3-libmount.spec
raw.service
remote.pamd
runuser-l.pamd
runuser.pamd
setctsid.8
setctsid.c
su-l.pamd
su.default
su.pamd
util-linux-2.33.1.tar.sign
util-linux-2.33.1.tar.xz
util-linux-agetty-smart-reload-13.patch
util-linux-agetty-smart-reload-14.patch
util-linux-blockdev-report-dm.patch
util-linux-canonicalize-coverity-scan.patch
util-linux-fstrim-A-1.patch
util-linux-fstrim-A-2.patch
util-linux-fstrim-A-3.patch
util-linux-fstrim-A-4.patch
util-linux-libmount-pseudofs.patch
util-linux-login_defs-priority1.patch
util-linux-login_defs-priority2.patch
util-linux-nologin-su-c.patch
util-linux-rpmlintrc
util-linux-systemd.changes
util-linux-systemd.spec
util-linux.changes
util-linux.keyring
util-linux.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-libmount.spec ++++++
++++ 1415 lines (skipped)
util-linux-systemd.spec: same change
util-linux.spec: same change
++++++ Add-documentation-on-blacklisted-modules-to-mount-8-.patch ++++++
>From 1ade50a36f23fc35abb465aa5b7cfc73b2476328 Mon Sep 17 00:00:00 2001
From: Martin Wilck <[email protected]>
Date: Fri, 1 Feb 2019 12:09:11 +0100
Subject: [PATCH] Add documentation on blacklisted modules to mount(8) man page
Signed-off-by: Martin Wilck <[email protected]>
---
sys-utils/mount.8 | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/sys-utils/mount.8 b/sys-utils/mount.8
index da0ac5b..c231e12 100644
--- a/sys-utils/mount.8
+++ b/sys-utils/mount.8
@@ -338,6 +338,32 @@ The
option is similar, with the restriction that the user must be
member of the group of the special file.
+.SS Blacklisted file systems
+In the Linux kernel, file system types are implemented as kernel
+modules. While many of these file systems are well maintained,
+some of the older and less frequently used ones are not. This
+poses a security risk, because maliciously crafted file system
+images might open security holes when mounted either automatically
+or by an inadvertent user. The
+.B mount
+command prints "unsupported file system type 'somefs'" in this case,
+because it can't distinguish between a really unsupported file system
+(kernel module non-existent) and a blacklisted file system.
+
+Users who need the blacklisted file systems and therefore want
+to override the blacklisting can either load the blacklisted module
+directly:
+.RS
+
+.br
+.BI "modprobe -v" " somefs"
+.br
+
+.RE
+or override the blacklist configuration by editing files under the
+.I /etc/modprobe.d
+directory.
+
.SS Bind mount operation
Remount part of the file hierarchy somewhere else. The call is:
--
2.19.2
++++++ addnote.c ++++++
/*
* Program to hack in a PT_NOTE program header entry in an ELF file.
* This is needed for OF on RS/6000s to load an image correctly.
* Note that OF needs a program header entry for the note, not an
* ELF section.
*
* Copyright 2000 Paul Mackerras.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
* Usage: addnote zImage
*/
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <string.h>
/* CHRP note section */
char arch[] = "PowerPC";
#define N_DESCR 6
unsigned int descr[N_DESCR] = {
0xffffffff, /* real-mode = true */
0x02000000, /* real-base, i.e. where we expect OF to be */
0xffffffff, /* real-size */
0xffffffff, /* virt-base */
0xffffffff, /* virt-size */
0x4000, /* load-base */
};
/* RPA note section */
char rpaname[] = "IBM,RPA-Client-Config";
/*
* Note: setting ignore_my_client_config *should* mean that OF ignores
* all the other fields, but there is a firmware bug which means that
* it looks at the splpar field at least. So these values need to be
* reasonable.
*/
#define N_RPA_DESCR 8
unsigned int rpanote[N_RPA_DESCR] = {
0, /* lparaffinity */
64, /* min_rmo_size */
0, /* min_rmo_percent */
40, /* max_pft_size */
1, /* splpar */
-1, /* min_load */
0, /* new_mem_def */
1, /* ignore_my_client_config */
};
#define ROUNDUP(len) (((len) + 3) & ~3)
unsigned char buf[512];
#define GET_16BE(off) ((buf[off] << 8) + (buf[(off)+1]))
#define GET_32BE(off) ((GET_16BE(off) << 16) + GET_16BE((off)+2))
#define PUT_16BE(off, v) (buf[off] = ((v) >> 8) & 0xff, \
buf[(off) + 1] = (v) & 0xff)
#define PUT_32BE(off, v) (PUT_16BE((off), (v) >> 16), \
PUT_16BE((off) + 2, (v)))
/* Structure of an ELF file */
#define E_IDENT 0 /* ELF header */
#define E_PHOFF 28
#define E_PHENTSIZE 42
#define E_PHNUM 44
#define E_HSIZE 52 /* size of ELF header */
#define EI_MAGIC 0 /* offsets in E_IDENT area */
#define EI_CLASS 4
#define EI_DATA 5
#define PH_TYPE 0 /* ELF program header */
#define PH_OFFSET 4
#define PH_FILESZ 16
#define PH_HSIZE 32 /* size of program header */
#define PT_NOTE 4 /* Program header type = note */
#define ELFCLASS32 1
#define ELFDATA2MSB 2
unsigned char elf_magic[4] = { 0x7f, 'E', 'L', 'F' };
int
main(int ac, char **av)
{
int fd, n, i;
int ph, ps, np;
int nnote, nnote2, ns;
if (ac != 2) {
fprintf(stderr, "Usage: %s elf-file\n", av[0]);
exit(1);
}
fd = open(av[1], O_RDWR);
if (fd < 0) {
perror(av[1]);
exit(1);
}
nnote = 12 + ROUNDUP(strlen(arch) + 1) + sizeof(descr);
nnote2 = 12 + ROUNDUP(strlen(rpaname) + 1) + sizeof(rpanote);
n = read(fd, buf, sizeof(buf));
if (n < 0) {
perror("read");
exit(1);
}
if (n < E_HSIZE || memcmp(&buf[E_IDENT+EI_MAGIC], elf_magic, 4) != 0)
goto notelf;
if (buf[E_IDENT+EI_CLASS] != ELFCLASS32
|| buf[E_IDENT+EI_DATA] != ELFDATA2MSB) {
fprintf(stderr, "%s is not a big-endian 32-bit ELF image\n",
av[1]);
exit(1);
}
ph = GET_32BE(E_PHOFF);
ps = GET_16BE(E_PHENTSIZE);
np = GET_16BE(E_PHNUM);
if (ph < E_HSIZE || ps < PH_HSIZE || np < 1)
goto notelf;
if (ph + (np + 2) * ps + nnote + nnote2 > n)
goto nospace;
for (i = 0; i < np; ++i) {
if (GET_32BE(ph + PH_TYPE) == PT_NOTE) {
fprintf(stderr, "%s already has a note entry\n",
av[1]);
exit(0);
}
ph += ps;
}
/* XXX check that the area we want to use is all zeroes */
for (i = 0; i < 2 * ps + nnote + nnote2; ++i)
if (buf[ph + i] != 0)
goto nospace;
/* fill in the program header entry */
ns = ph + 2 * ps;
PUT_32BE(ph + PH_TYPE, PT_NOTE);
PUT_32BE(ph + PH_OFFSET, ns);
PUT_32BE(ph + PH_FILESZ, nnote);
/* fill in the note area we point to */
/* XXX we should probably make this a proper section */
PUT_32BE(ns, strlen(arch) + 1);
PUT_32BE(ns + 4, N_DESCR * 4);
PUT_32BE(ns + 8, 0x1275);
strcpy((char *) &buf[ns + 12], arch);
ns += 12 + strlen(arch) + 1;
for (i = 0; i < N_DESCR; ++i, ns += 4)
PUT_32BE(ns, descr[i]);
/* fill in the second program header entry and the RPA note area */
ph += ps;
PUT_32BE(ph + PH_TYPE, PT_NOTE);
PUT_32BE(ph + PH_OFFSET, ns);
PUT_32BE(ph + PH_FILESZ, nnote2);
/* fill in the note area we point to */
PUT_32BE(ns, strlen(rpaname) + 1);
PUT_32BE(ns + 4, sizeof(rpanote));
PUT_32BE(ns + 8, 0x12759999);
strcpy((char *) &buf[ns + 12], rpaname);
ns += 12 + ROUNDUP(strlen(rpaname) + 1);
for (i = 0; i < N_RPA_DESCR; ++i, ns += 4)
PUT_32BE(ns, rpanote[i]);
/* Update the number of program headers */
PUT_16BE(E_PHNUM, np + 2);
/* write back */
lseek(fd, (long) 0, SEEK_SET);
i = write(fd, buf, n);
if (i < 0) {
perror("write");
exit(1);
}
if (i < n) {
fprintf(stderr, "%s: write truncated\n", av[1]);
exit(1);
}
exit(0);
notelf:
fprintf(stderr, "%s does not appear to be an ELF file\n", av[1]);
exit(1);
nospace:
fprintf(stderr, "sorry, I can't find space in %s to put the note\n",
av[1]);
exit(1);
}
++++++ baselibs.conf ++++++
libuuid1
libuuid-devel
requires -libuuid-<targettype>
requires "libuuid1-<targettype> = <version>"
libblkid1
libblkid-devel
requires -libblkid-<targettype>
requires "libblkid1-<targettype> = <version>"
libmount1
libmount-devel
requires -libmount-<targettype>
requires "libmount1-<targettype> = <version>"
++++++ blkid.conf ++++++
# do not keep cache file across reboots
CACHE_FILE=/dev/.blkid.tab
# never try to sequentially scan all devices in /dev
EVALUATE=udev
++++++ etc.raw ++++++
# /etc/raw
#
# sample configuration to bind raw devices
# to block devices
#
# The format of this file is:
# raw<N>:<blockdev>
#
# example:
# ---------
# raw1:sdb1
#
# this means: bind /dev/raw/raw1 to /dev/sdb1
#
# ...
++++++ etc_filesystems ++++++
vfat
hfs
minix
reiserfs
*
++++++ libmount-Avoid-triggering-autofs-in-lookup_umount_fs.patch ++++++
>From 7065cc0e5312cafc5ae3e4c342f78f264300fb5f Mon Sep 17 00:00:00 2001
From: Fabian Vogt <[email protected]>
Date: Wed, 1 Apr 2020 13:15:13 +0200
Subject: [PATCH 1/4] libmount: Avoid triggering autofs in
lookup_umount_fs_by_statfs
References: boo#1168389
Upstream: merged (gh#karelzak/util-linux#1002)
Currently, umount /foo results in a statfs("/foo") call, which triggers
autofs. This can create another mountpoint on /foo, which is then unmounted
later instead of the actual /foo at the time umount was called.
This is especially an issue for umount -R /bar, which just fails with
-EBUSY as the accidental mountpoint is never accounted for and so it tries
to umount /bar before /bar/someautofs.
Replace the direct statfs call with open(path, O_PATH) + fstatfs, which sees
the autofs mount directly, without triggering it.
---
libmount/src/context_umount.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: util-linux-2.34/libmount/src/context_umount.c
===================================================================
--- util-linux-2.34.orig/libmount/src/context_umount.c
+++ util-linux-2.34/libmount/src/context_umount.c
@@ -283,9 +283,13 @@ static int lookup_umount_fs(struct libmn
if (!type) {
struct statfs vfs;
- DBG(CXT, ul_debugobj(cxt, "umount: trying statfs()"));
- if (statfs(tgt, &vfs) == 0)
+ DBG(CXT, ul_debugobj(cxt, "umount: trying fstatfs()"));
+ /* O_PATH avoids triggering automount points. */
+ int pathfd = open(tgt, O_PATH);
+ if (pathfd >= 0 && fstatfs(pathfd, &vfs) == 0) {
type = mnt_statfs_get_fstype(&vfs);
+ close(pathfd);
+ }
if (type) {
rc = mnt_fs_set_fstype(cxt->fs, type);
if (rc)
++++++ libmount-print-a-blacklist-hint-for-unknown-filesyst.patch ++++++
>From 199ae08b4df09ec4ce9d82584664e61bcb7ab91a Mon Sep 17 00:00:00 2001
From: Martin Wilck <[email protected]>
Date: Fri, 1 Feb 2019 11:36:42 +0100
Subject: [PATCH 1/2] libmount: print a blacklist hint for "unknown filesystem
type"
SUSE blacklists kernel modules for some old, poorly maintained
file systems by default for security reasons. Provide a hopefully
helpful message to users if mounting a possibly blacklisted file
system fails.
Signed-off-by: Martin Wilck <[email protected]>
---
libmount/src/context_mount.c | 41 ++++++++++++++++++++++++++++++++----
1 file changed, 37 insertions(+), 4 deletions(-)
diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
index f914c9b..a48483f 100644
--- a/libmount/src/context_mount.c
+++ b/libmount/src/context_mount.c
@@ -1423,6 +1423,32 @@ done:
return rc;
}
+/*
+ * SUSE blacklists kernel modules for some old, poorly maintained
+ * file systems by default for security reasons.
+ * A set of blacklist files is maintained under /etc/modprobe.d,
+ * in the suse-module-tools package.
+ * Blacklisted file system modules will cause mount(2) to fail
+ * with -ENODEV.
+ * If this happens for one of the blacklisted file systems, provide
+ * a hint to the user where to look.
+ */
+static int is_maybe_blacklisted(const char *fstype)
+{
+ static const char *const fs_blacklist[] = {
+ "adfs", "affs", "bfs", "befs", "cramfs", "efs", "erofs",
+ "exofs", "freevxfs", "f2fs", "hfs", "hpfs", "jffs2",
+ "jfs", "minix", "nilfs2", "ntfs", "omfs", "qnx4", "qnx6",
+ "sysv", "ubifs", "ufs"
+ };
+ size_t i;
+
+ for (i = 0; i < sizeof(fs_blacklist)/sizeof(*fs_blacklist); i++)
+ if (!strcmp(fs_blacklist[i], fstype))
+ return 1;
+ return 0;
+}
+
int mnt_context_get_mount_excode(
struct libmnt_context *cxt,
int rc,
@@ -1670,10 +1696,17 @@ int mnt_context_get_mount_excode(
case ENODEV:
if (!buf)
break;
- if (mnt_context_get_fstype(cxt))
- snprintf(buf, bufsz, _("unknown filesystem type '%s'"),
- mnt_context_get_fstype(cxt));
- else
+ if (mnt_context_get_fstype(cxt)) {
+ size_t n;
+
+ n = snprintf(buf, bufsz,
+ _("unknown filesystem type '%s'"),
+ mnt_context_get_fstype(cxt));
+ if (n < bufsz &&
+ is_maybe_blacklisted(mnt_context_get_fstype(cxt)))
+ snprintf(buf + n, bufsz - n,
+ " (hint: possibly blacklisted, see
mount(8))");
+ } else
snprintf(buf, bufsz, _("unknown filesystem type"));
break;
--
2.19.2
++++++ login.pamd ++++++
#%PAM-1.0
auth requisite pam_nologin.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session
#session optional pam_lastlog.so nowtmp showfailed
session optional pam_mail.so standard
++++++ make-sure-sbin-resp-usr-sbin-are-in-PATH.diff ++++++
Index: util-linux-2.31/login-utils/su-common.c
===================================================================
--- util-linux-2.31.orig/login-utils/su-common.c
+++ util-linux-2.31/login-utils/su-common.c
@@ -944,6 +944,117 @@ static void setenv_path(const struct pas
err(EXIT_FAILURE, _("failed to set the PATH environment
variable"));
}
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
static void modify_environment(struct su_context *su, const char *shell)
{
const struct passwd *pw = su->pwd;
@@ -982,6 +1093,22 @@ static void modify_environment(struct su
if (getlogindefs_bool("ALWAYS_SET_PATH", 0))
setenv_path(pw);
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new, 1);
+ free (new);
+ }
+ }
if (pw->pw_uid) {
xsetenv("USER", pw->pw_name, 1);
++++++ mkzimage_cmdline.8 ++++++
.\" $Id: mkzimage_cmdline.8 590 2006-02-07 14:38:07Z jplack $
.TH mkzimage_cmdline 8
.SH NAME
\fBmkzimage_cmdline\fR - edit the built-in kernel cmdline in a PowerPC CHRP
zImage
.SH SYNOPSIS
\fBmkzimage_cmdline [-a 0|1] [-s 'kernel cmdline'] [-c] zImage\fR
.SH DESCRIPTION
\fBmkzimage_cmdline\fR adds a kernel cmdline to a zImage. This string will be
passed to the kernel, the contents in /options/boot-file will be overwritten
with the provided cmdline.
.SH OPTIONS
.TP
.B \-a 0|1
activate or deactivate the the cmdline
.TP
.B \-s 'kernel cmdline'
pass this string to the kernel. It can be up to 511 chars long.
.TP
.B \-c
clear cmdline area in zImage
.SH AUTHOR
Olaf Hering <[email protected]>
++++++ mkzimage_cmdline.c ++++++
/* $Id: mkzimage_cmdline.c 590 2006-02-07 14:38:07Z jplack $ */
/*
* a little tool to modify the cmdline inside a zImage
* Olaf Hering <[email protected]> Copyright (C) 2003, 2004
*/
/*
2003-10-02, version 1
2003-11-15, version 2: fix short reads if the string is at the end of
the file
2004-08-07, version 3: use mmap
*/
/*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/mman.h>
#define MY_VERSION 3
static int activate;
static int clear;
static int set;
static char *string;
static char *filename;
static const char cmdline_start[] = "cmd_line_start";
static const char cmdline_end[] = "cmd_line_end";
static void my_version(void)
{
printf("version: %d\n", MY_VERSION);
printf("(C) SuSE Linux AG, Nuernberg, Germany, 2003, 2004\n");
return;
}
static void my_rtfm(const char *app)
{
printf("modify the built-in cmdline of a CHRP boot image\n");
printf("%s filename\n", app);
printf("work with zImage named 'filename'\n");
printf(" [-h] display this help\n");
printf(" [-v] display version\n");
printf(" [-a 0|1] disable/enable built-in cmdline\n");
printf(" overrides whatever is passed from OpenFirmware\n");
printf(" [-s STRING] store STRING in the boot image\n");
printf(" [-c] clear previous content before update\n");
printf(" no option will show the current settings in 'filename'\n");
return;
}
int main(int argc, char **argv)
{
struct stat sb;
int fd, found;
unsigned char *p, *s, *e, *tmp, *active;
if (argc < 2) {
my_rtfm(argv[0]);
exit(1);
}
while (1) {
int i;
i = getopt(argc, argv, "a:hcvs:");
if (i == -1)
break;
switch (i) {
case 'a':
if (*optarg == '0')
activate = -1;
else
activate = 1;
break;
case 'c':
clear = 1;
break;
case 'h':
my_rtfm(argv[0]);
exit(0);
case 's':
string = strdup(optarg);
if (!string) {
fprintf(stderr, "set: no mem\n");
exit(1);
}
set = 1;
if (!activate)
activate = 1;
break;
case 'v':
my_version();
exit(0);
default:
printf("unknown option\n");
my_rtfm(argv[0]);
exit(1);
}
}
if (argc <= optind) {
fprintf(stderr, "filename required\n");
exit(1);
}
filename = strdup(argv[optind]);
if (!filename) {
fprintf(stderr, "no mem\n");
exit(1);
}
fd = open(filename, (activate || clear || set) ? O_RDWR : O_RDONLY);
if (fd == -1)
goto error;
found = stat(filename, &sb);
if (found < 0)
goto error;
if (!S_ISREG(sb.st_mode)) {
fprintf(stderr, "%s is not a file\n", filename);
exit(1);
}
p = mmap(NULL, sb.st_size,
((activate || clear || set) ?
PROT_WRITE : 0) | PROT_READ, MAP_SHARED, fd, 0);
if (p == MAP_FAILED)
goto error;
s = p;
e = p + sb.st_size - sizeof(cmdline_start) - sizeof(cmdline_end);
found = 0;
while (s < e) {
if (memcmp(++s, cmdline_start, sizeof(cmdline_start) - 1) != 0)
continue;
found = 1;
break;
}
if (!found)
goto no_start;
found = 0;
active = s - 1;
tmp = s = s + sizeof(cmdline_start) - 1;
e = p + sb.st_size - sizeof(cmdline_end);
while (tmp < e) {
if (memcmp(++tmp, cmdline_end, sizeof(cmdline_end)) != 0)
continue;
found = 1;
break;
}
if (!found)
goto no_end;
if (activate || clear || set) {
if (activate)
*active = activate > 0 ? '1' : '0';
if (clear)
memset(s, 0x0, tmp - s);
if (set)
snprintf((char*)s, tmp - s, "%s", string);
} else {
fprintf(stdout, "cmd_line size:%td\n", tmp - s);
fprintf(stdout, "cmd_line: %s\n", s);
fprintf(stdout, "active: %c\n", *active);
}
munmap(p, sb.st_size);
close(fd);
return 0;
error:
perror(filename);
return 1;
no_start:
fprintf(stderr, "%s: %s not found.\n", filename, cmdline_start);
return 1;
no_end:
fprintf(stderr, "%s: %s not found.\n", filename, cmdline_end);
return 1;
}
++++++ pre_checkin.sh ++++++
#!/bin/sh
if test util-linux.spec -ot python3-libmount.spec ; then
echo "util-linux.spec is older than python3-libmount.spec. Please merge
changes manually and call pre-checkin.sh again."
exit 1
fi
if test util-linux.changes -ot python3-libmount.changes ; then
echo "util-linux.changes is older than python3-libmount.changes. Please
merge changes manually and call pre-checkin.sh again."
exit 1
fi
if test util-linux.spec -ot util-linux-systemd.spec ; then
echo "util-linux.spec is older than util-linux-systemd.spec. Please
merge changes manually and call pre-checkin.sh again."
exit 1
fi
if test util-linux.changes -ot util-linux-systemd.changes ; then
echo "util-linux.changes is older than util-linux-systemd.changes.
Please merge changes manually and call pre-checkin.sh again."
exit 1
fi
sed '
s/spec file for package util-linux/spec file for package
python3-libmount/;
/^Name:/s/util-linux/python3-libmount/;
s/WARNING: After editing this file please/WARNING: Never edit this
file!!! Edit util-linux.spec and/
' <util-linux.spec >python3-libmount.spec
sed '
s/spec file for package util-linux/spec file for package
util-linux-systemd/;
/^Name:/s/util-linux/util-linux-systemd/;
s/WARNING: After editing this file please/WARNING: Never edit this
file!!! Edit util-linux.spec and/
' <util-linux.spec >util-linux-systemd.spec
cp -a util-linux.changes python3-libmount.changes
cp -a util-linux.changes util-linux-systemd.changes
touch util-linux.spec util-linux.changes
++++++ raw.service ++++++
[Unit]
Description=raw devices
After=local-fs.target remote-fs.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/sh -c "\
/sbin/modprobe raw;\
/sbin/udevadm settle;\
for i in `grep -v ^# /etc/raw`; do\
rawdev=`echo $i | cut -f1 -d:`;\
rawbind=`echo $i | cut -f2- -d:`;\
/usr/sbin/raw /dev/raw/$rawdev /dev/$rawbind;\
done"
[Install]
WantedBy=multi-user.target
++++++ remote.pamd ++++++
#%PAM-1.0
# This file is used by /bin/login in case of remote logins (means where
# the -h option is used
auth requisite pam_nologin.so
auth [user_unknown=ignore success=ok ignore=ignore auth_err=die
default=bad] pam_securetty.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session include common-session
session optional pam_lastlog.so nowtmp showfailed
session optional pam_mail.so standard
++++++ runuser-l.pamd ++++++
#%PAM-1.0
# Note that runuser requires only "session" setting (and for example
# "auth sufficient pam_rootok.so" dummy line).
auth sufficient pam_rootok.so
session optional pam_keyinit.so force revoke
session include common-session
session optional pam_xauth.so
++++++ runuser.pamd ++++++
#%PAM-1.0
# Note that runuser requires only "session" setting (and for example
# "auth sufficient pam_rootok.so" dummy line).
auth sufficient pam_rootok.so
session optional pam_keyinit.so revoke
session include common-session
session optional pam_xauth.so
++++++ setctsid.8 ++++++
.\" Rick Sladkey <[email protected]>
.\" In the public domain.
.\" Path modifications by [email protected]
.TH SETCTSID 8 "12 April 1999" "Linux 2.2" "Linux Programmer's Manual"
.SH NAME
setctsid \- run a program in a new session and tty
.SH SYNOPSIS
.B setctsid
.RB [ -f ]
.I /dev/<tty>
.I program
.RB [ args... ]
.SH DESCRIPTION
.B setctsid
runs a program in a new session with a new controlling terminal
.IR /dev/<tty> .
The
.B -f
option causes
.B setctsid
to run the program in a new process.
.SH "SEE ALSO"
.BR setsid (2)
.SH AUTHORS
Rick Sladkey <[email protected]>, Werner Fink <[email protected]>
++++++ setctsid.c ++++++
/*
* setctsid.c -- execute a command in a new session and with
* new controlling terminal
*
* derviated from: setctsid.c of Rick Sladkey <[email protected]>
* In the public domain.
*
* Changed by Werner Fink, <[email protected]>
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/syslog.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#define xerror(n) do { int error = errno; \
if (!isatty(fileno(stderr))) \
syslog(LOG_ERR, n ": %s", strerror(error)); \
else \
errno = error, perror(n); \
} while (0)
int main(int argc, char *argv[])
{
int fd;
struct stat buf;
int dofork = 0;
if (argc > 1 && !strcmp(argv[1], "-f")) {
dofork = 1;
argc--;
argv++;
}
if (argc < 3) {
fprintf(stderr, "usage: setctsid [-f] tty program [arg ...]\n");
exit(1);
}
if (stat(argv[1], &buf) < 0) {
perror(argv[1]);
exit(1);
}
if (!(S_ISCHR(buf.st_mode))) {
/* why do we care? */
fprintf(stderr, "%s: not a character device\n", argv[1]);
exit(1);
}
if (dofork) {
switch (fork()) {
case -1:
perror("fork");
exit(1);
case 0:
break;
default:
exit(0);
}
}
if (setsid() < 0) {
perror("setsid");
exit(1);
}
if ((fd = open(argv[1], O_RDWR, 0)) < 0) {
xerror("open");
exit(1);
}
dup2(fd, fileno(stdin));
dup2(fd, fileno(stdout));
dup2(fd, fileno(stderr));
if (isatty(fd)) {
if (ioctl(fileno(stdin), TIOCSCTTY, argv[1]) < 0) {
xerror("ioctl");
exit(1);
}
}
if (fd > fileno(stderr))
close(fd);
execvp(argv[2], argv + 2);
xerror("execvp");
exit(1);
}
++++++ su-l.pamd ++++++
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session optional pam_keyinit.so force revoke
session include common-session
session optional pam_xauth.so
++++++ su.default ++++++
# /etc/default/su is an override of /etc/login.defs for su.
# See /etc/login.defs and su(1) for more.
#
# List of supported variables:
# ALWAYS_SET_PATH, ENV_PATH, ENV_ROOTPATH, ENV_SUPATH, FAIL_DELAY
#
++++++ su.pamd ++++++
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so
++++++ util-linux-agetty-smart-reload-13.patch ++++++
>From 5de9751997cf490088f62f41fd92be57cf7ceea4 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Wed, 27 Feb 2019 23:22:19 +0100
Subject: [PATCH 13/14] agetty: Fix input of non-ASCII characters in
get_logname()
As login supports non-ASCII characters in the logname, agetty should be
consistent.
8b58ffdd re-activated old and ASCII-only get_logname(), which restricted
the input to ASCII only. As the code does not read whole characters,
isascii(ascval) and isprint(ascval) returns nonsenses after entering a
non-ASCII character.
As keyboard maps don't contain unprintable non-control characters, it
seems to be relatively safe to remove both checks.
Signed-off-by: Stanislav Brabec <[email protected]>
Cc: Lubomir Rintel <[email protected]>
Tested-by: Lubomir Rintel <[email protected]>
---
term-utils/agetty.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/term-utils/agetty.c b/term-utils/agetty.c
index 1a3ebc308..0ef8ba36d 100644
--- a/term-utils/agetty.c
+++ b/term-utils/agetty.c
@@ -2175,8 +2175,6 @@ static char *get_logname(struct issue *ie, struct options
*op, struct termios *t
case CTL('D'):
exit(EXIT_SUCCESS);
default:
- if (!isascii(ascval) || !isprint(ascval))
- break;
if ((size_t)(bp - logname) >= sizeof(logname) -
1)
log_err(_("%s: input overrun"),
op->tty);
if ((tp->c_lflag & ECHO) == 0)
--
2.21.0
++++++ util-linux-agetty-smart-reload-14.patch ++++++
>From dcf03ffb379227678d4035df2c48f6604b9f663a Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Wed, 27 Feb 2019 23:22:40 +0100
Subject: [PATCH 14/14] agetty: Switch to 8-bit processing in get_logname()
for UTF-8 terminals
If the terminal is in the UTF-8 mode, get_logname() should use 8-bit
processing.
Signed-off-by: Stanislav Brabec <[email protected]>
Cc: Lubomir Rintel <[email protected]>
Tested-by: Lubomir Rintel <[email protected]>
---
term-utils/agetty.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/term-utils/agetty.c b/term-utils/agetty.c
index 0ef8ba36d..43dbd6dea 100644
--- a/term-utils/agetty.c
+++ b/term-utils/agetty.c
@@ -2059,7 +2059,7 @@ static char *get_logname(struct issue *ie, struct options
*op, struct termios *t
sleep(1);
tcflush(STDIN_FILENO, TCIFLUSH);
- eightbit = (op->flags & F_EIGHTBITS);
+ eightbit = (op->flags & (F_EIGHTBITS|F_UTF8));
bp = logname;
*bp = '\0';
--
2.21.0
++++++ util-linux-blockdev-report-dm.patch ++++++
>From 9147d2ad8abb73cea5799323fc73ccdaf675826f Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Fri, 5 Jun 2020 10:04:21 +0200
Subject: [PATCH] blockdev: Don't fail on missing start sector
It causes
# blockdev --report" error:
blockdev: /dev/dm-9: failed to read partition start from sysfs: No such file
or directory
There is no reliable way to detect a geometry in this case. Report N/A
instead.
Signed-off-by: Stanislav Brabec <[email protected]>
Cc: Martin Wilck <[email protected]>
Signed-off-by: Karel Zak <[email protected]>
---
disk-utils/blockdev.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/disk-utils/blockdev.c b/disk-utils/blockdev.c
index f1067c815..f425d1533 100644
--- a/disk-utils/blockdev.c
+++ b/disk-utils/blockdev.c
@@ -455,6 +455,7 @@ static void report_device(char *device, int quiet)
long ra;
unsigned long long bytes;
uint64_t start = 0;
+ char start_str[11] = { "\0" };
struct stat st;
fd = open(device, O_RDONLY | O_NONBLOCK);
@@ -476,19 +477,21 @@ static void report_device(char *device, int quiet)
disk != st.st_rdev) {
if (ul_path_read_u64(pc, &start, "start") != 0)
- err(EXIT_FAILURE,
- _("%s: failed to read partition start
from sysfs"),
- device);
+ /* TRANSLATORS: Start sector not available.
Max. 10 letters. */
+ sprintf(start_str, "%10s", _("N/A"));
}
ul_unref_path(pc);
}
+ if (!*start_str)
+ sprintf(start_str, "%10ju", start);
+
if (ioctl(fd, BLKROGET, &ro) == 0 &&
ioctl(fd, BLKRAGET, &ra) == 0 &&
ioctl(fd, BLKSSZGET, &ssz) == 0 &&
ioctl(fd, BLKBSZGET, &bsz) == 0 &&
blkdev_get_size(fd, &bytes) == 0) {
- printf("%s %5ld %5d %5d %10ju %15lld %s\n",
- ro ? "ro" : "rw", ra, ssz, bsz, start, bytes, device);
+ printf("%s %5ld %5d %5d %s %15lld %s\n",
+ ro ? "ro" : "rw", ra, ssz, bsz, start_str, bytes,
device);
} else {
if (!quiet)
warnx(_("ioctl error on %s"), device);
--
2.26.2
++++++ util-linux-canonicalize-coverity-scan.patch ++++++
>From 0ed52c662eea74f4c8a6d926f601a3c77fa3ff69 Mon Sep 17 00:00:00 2001
From: Karel Zak <[email protected]>
Date: Tue, 14 May 2019 15:47:02 +0200
Subject: [PATCH] lib/canonicalize: verify DM paths [coverity scan]
Now the code only checks that /sys/.../dm/name exists, but never
verify the device node in /dev (because path prefix is never NULL).
The prefix is used to redirect hardcoded paths to /sys dumps (e.g.
lsblk regression tests, etc.)
This bug has been introduced in v2.33. Fortunately, it's probably no
big issue as /dev is always in sync with /sys (thanks to udevd).
Signed-off-by: Karel Zak <[email protected]>
---
lib/canonicalize.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/canonicalize.c b/lib/canonicalize.c
index fe10495..e8d170c 100644
--- a/lib/canonicalize.c
+++ b/lib/canonicalize.c
@@ -47,7 +47,7 @@ char *__canonicalize_dm_name(const char *prefix, const char
*ptname)
name[sz - 1] = '\0';
snprintf(path, sizeof(path), _PATH_DEV_MAPPER "/%s", name);
- if (prefix || access(path, F_OK) == 0)
+ if ((prefix && *prefix) || access(path, F_OK) == 0)
res = strdup(path);
}
fclose(f);
--
2.24.0
++++++ util-linux-fstrim-A-1.patch ++++++
>From 4080be3d7d84952e42048d2f266d49412ada955c Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Mon, 10 Jun 2019 21:59:21 +0200
Subject: [PATCH 1/4] fstrim: Fix fstrim_all() comment
"convert LABEL=" does not happens in mnt_fs_get_source(), but later in
mnt_resolve_spec(). To make this more clean, move the comment before this
chunk of code.
Signed-off-by: Stanislav Brabec <[email protected]>
---
sys-utils/fstrim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: util-linux-2.33.1/sys-utils/fstrim.c
===================================================================
--- util-linux-2.33.1.orig/sys-utils/fstrim.c
+++ util-linux-2.33.1/sys-utils/fstrim.c
@@ -256,8 +256,8 @@ static int fstrim_all(struct fstrim_cont
if (!tgt || mnt_fs_is_pseudofs(fs) || mnt_fs_is_netfs(fs))
continue;
+ /* convert LABEL= (etc.) from fstab to paths */
if (!src && cache) {
- /* convert LABEL= (etc.) from fstab to paths */
const char *spec = mnt_fs_get_source(fs);
if (!spec)
++++++ util-linux-fstrim-A-2.patch ++++++
>From 2d22ac64e4d6e6732640f38b7232b5bcdc84a877 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Mon, 10 Jun 2019 21:59:45 +0200
Subject: [PATCH 2/4] fstrim -a/-A: Skip read-only volumes
Calling TRIM on some read-only volumes can fail with:
fstrim: /win: FITRIM ioctl failed: Bad file descriptor
Skipping all read-only mounts seems to be safe and logical strategy.
Fixes opensuse#1106214.
Signed-off-by: Stanislav Brabec <[email protected]>
---
sys-utils/fstrim.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: util-linux-2.33.1/sys-utils/fstrim.c
===================================================================
--- util-linux-2.33.1.orig/sys-utils/fstrim.c
+++ util-linux-2.33.1/sys-utils/fstrim.c
@@ -277,6 +277,14 @@ static int fstrim_all(struct fstrim_cont
if (rc)
continue; /* overlaying mount */
+ /* FSTRIM on read-only filesystem can fail, and it can fail */
+ if (access(path, W_OK) != 0) {
+ if (errno == EROFS)
+ continue;
+ if (errno == EACCES)
+ continue;
+ }
+
if (!has_discard(src, &wholedisk))
continue;
cnt++;
++++++ util-linux-fstrim-A-3.patch ++++++
>From 402006fa6e4dd1ce52758f9be91caaffffb3f337 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Mon, 10 Jun 2019 21:59:17 +0200
Subject: [PATCH 3/4] fstrim: properly de-duplicate fstrim -A
fstab can contain tag based mounts. De-duplication by source has to be
done after resolving the full source path.
Perform the table iteration twice. First time, prepare for
de-duplication, second time perform the TRIM itself.
Signed-off-by: Stanislav Brabec <[email protected]>
---
sys-utils/fstrim.c | 43 ++++++++++++++++++++++++++++++-------------
1 file changed, 30 insertions(+), 13 deletions(-)
Index: util-linux-2.33.1/sys-utils/fstrim.c
===================================================================
--- util-linux-2.33.1.orig/sys-utils/fstrim.c
+++ util-linux-2.33.1/sys-utils/fstrim.c
@@ -224,10 +224,6 @@ static int fstrim_all(struct fstrim_cont
mnt_init_debug(0);
ul_path_init_debug();
- itr = mnt_new_iter(MNT_ITER_BACKWARD);
- if (!itr)
- err(MNT_EX_FAIL, _("failed to initialize libmount iterator"));
-
if (ctl->fstab)
filename = mnt_get_fstab_path();
@@ -238,35 +234,56 @@ static int fstrim_all(struct fstrim_cont
/* de-duplicate by mountpoints */
mnt_table_uniq_fs(tab, 0, uniq_fs_target_cmp);
- /* de-duplicate by source */
- mnt_table_uniq_fs(tab, MNT_UNIQ_FORWARD, uniq_fs_source_cmp);
-
if (ctl->fstab) {
cache = mnt_new_cache();
if (!cache)
err(MNT_EX_FAIL, _("failed to initialize libmount
cache"));
}
+ itr = mnt_new_iter(MNT_ITER_BACKWARD);
+ if (!itr)
+ err(MNT_EX_FAIL, _("failed to initialize libmount iterator"));
+
while (mnt_table_next_fs(tab, itr, &fs) == 0) {
const char *src = mnt_fs_get_srcpath(fs),
*tgt = mnt_fs_get_target(fs);
- char *path;
- int rc = 1;
- if (!tgt || mnt_fs_is_pseudofs(fs) || mnt_fs_is_netfs(fs))
+ if (!tgt || mnt_fs_is_pseudofs(fs) || mnt_fs_is_netfs(fs)) {
+ mnt_table_remove_fs(tab, fs);
continue;
+ }
/* convert LABEL= (etc.) from fstab to paths */
if (!src && cache) {
const char *spec = mnt_fs_get_source(fs);
- if (!spec)
+ if (!spec) {
+ mnt_table_remove_fs(tab, fs);
continue;
+ }
src = mnt_resolve_spec(spec, cache);
+ mnt_fs_set_source(fs, src);
}
- if (!src || *src != '/')
+ if (!src || *src != '/') {
+ mnt_table_remove_fs(tab, fs);
continue;
+ }
+ }
+ mnt_free_iter(itr);
+
+ /* de-duplicate by source */
+ mnt_table_uniq_fs(tab, MNT_UNIQ_FORWARD, uniq_fs_source_cmp);
+
+ itr = mnt_new_iter(MNT_ITER_BACKWARD);
+ if (!itr)
+ err(MNT_EX_FAIL, _("failed to initialize libmount iterator"));
+
+ while (mnt_table_next_fs(tab, itr, &fs) == 0) {
+ const char *src = mnt_fs_get_srcpath(fs),
+ *tgt = mnt_fs_get_target(fs);
+ char *path;
+ int rc = 1;
/* Is it really accessible mountpoint? Not all mountpoints are
* accessible (maybe over mounted by another filesystem) */
@@ -300,10 +317,10 @@ static int fstrim_all(struct fstrim_cont
if (fstrim_filesystem(ctl, tgt, src) < 0)
cnt_err++;
}
+ mnt_free_iter(itr);
ul_unref_path(wholedisk);
mnt_unref_table(tab);
- mnt_free_iter(itr);
mnt_unref_cache(cache);
if (cnt && cnt == cnt_err)
++++++ util-linux-fstrim-A-4.patch ++++++
>From 6466959d9af04a2f720374839c6ecf89de02f4b6 Mon Sep 17 00:00:00 2001
From: Karel Zak <[email protected]>
Date: Tue, 11 Jun 2019 11:05:12 +0200
Subject: [PATCH 4/4] fstrim: update man page, reuse libmnt_iter
* add info about read-only to the man page
* don't be systemd specific, people aso use crond
* reuse libmnt_iter
Signed-off-by: Karel Zak <[email protected]>
---
sys-utils/fstrim.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
Index: util-linux-2.33.1/sys-utils/fstrim.c
===================================================================
--- util-linux-2.33.1.orig/sys-utils/fstrim.c
+++ util-linux-2.33.1/sys-utils/fstrim.c
@@ -244,6 +244,7 @@ static int fstrim_all(struct fstrim_cont
if (!itr)
err(MNT_EX_FAIL, _("failed to initialize libmount iterator"));
+ /* Remove useless entries and canonicalize the table */
while (mnt_table_next_fs(tab, itr, &fs) == 0) {
const char *src = mnt_fs_get_srcpath(fs),
*tgt = mnt_fs_get_target(fs);
@@ -270,15 +271,13 @@ static int fstrim_all(struct fstrim_cont
continue;
}
}
- mnt_free_iter(itr);
/* de-duplicate by source */
mnt_table_uniq_fs(tab, MNT_UNIQ_FORWARD, uniq_fs_source_cmp);
- itr = mnt_new_iter(MNT_ITER_BACKWARD);
- if (!itr)
- err(MNT_EX_FAIL, _("failed to initialize libmount iterator"));
+ mnt_reset_iter(itr, MNT_ITER_BACKWARD);
+ /* Do FITRIM */
while (mnt_table_next_fs(tab, itr, &fs) == 0) {
const char *src = mnt_fs_get_srcpath(fs),
*tgt = mnt_fs_get_target(fs);
@@ -294,7 +293,7 @@ static int fstrim_all(struct fstrim_cont
if (rc)
continue; /* overlaying mount */
- /* FSTRIM on read-only filesystem can fail, and it can fail */
+ /* FITRIM on read-only filesystem can fail, and it can fail */
if (access(path, W_OK) != 0) {
if (errno == EROFS)
continue;
++++++ util-linux-libmount-pseudofs.patch ++++++
>From 89342e0406209f195bf7a1a5396ac74c16470ac6 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Thu, 28 Feb 2019 23:09:40 +0100
Subject: [PATCH] libmount: Recognize more fuse filesystems as pseudofs and
netfs
Add some fuse filesystems to the list of pseudofs and netfs.
There are still tens of filesystems that should be evaluated and added.
Signed-off-by: Stanislav Brabec <[email protected]>
>From 0e36d7c2711ed9f7a1f2479d798e83769d07cbb3 Mon Sep 17 00:00:00 2001
From: Karel Zak <[email protected]>
Date: Wed, 29 May 2019 18:01:04 +0200
Subject: [PATCH] libmount: add bpf between pseudo filesystems
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1714826
Signed-off-by: Karel Zak <[email protected]>
>From 9db442e95482a8a2fe1006d49f6010bf8f7ac35b Mon Sep 17 00:00:00 2001
From: Karel Zak <[email protected]>
Date: Wed, 29 May 2019 18:01:04 +0200
Subject: [PATCH] libmount: add selinuxfs between pseudo filesystems
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1714826
Signed-off-by: Karel Zak <[email protected]>
Index: util-linux-2.33.1/libmount/src/utils.c
===================================================================
--- util-linux-2.33.1.orig/libmount/src/utils.c
+++ util-linux-2.33.1/libmount/src/utils.c
@@ -273,6 +273,7 @@ int mnt_fstype_is_pseudofs(const char *t
"autofs",
"bdev",
"binfmt_misc",
+ "bpf",
"cgroup",
"cgroup2",
"configfs",
@@ -283,7 +284,14 @@ int mnt_fstype_is_pseudofs(const char *t
"devtmpfs",
"dlmfs",
"efivarfs",
- "fuse.gvfs-fuse-daemon",
+ "fuse", /* Fallback name of fuse used by many poorly written
drivers. */
+ "fuse.archivemount", /* Not a true pseudofs (has source), but
source is not reported. */
+ "fuse.dumpfs", /* In fact, it is a netfs, but source is not
reported. */
+ "fuse.encfs", /* Not a true pseudofs (has source), but source
is not reported. */
+ "fuse.gvfs-fuse-daemon", /* Old name, not used by gvfs any
more. */
+ "fuse.gvfsd-fuse",
+ "fuse.rofiles-fuse",
+ "fuse.xwmfs",
"fusectl",
"hugetlbfs",
"mqueue",
@@ -298,6 +306,7 @@ int mnt_fstype_is_pseudofs(const char *t
"rootfs",
"rpc_pipefs",
"securityfs",
+ "selinuxfs",
"sockfs",
"spufs",
"sysfs",
@@ -323,6 +332,8 @@ int mnt_fstype_is_netfs(const char *type
strncmp(type,"nfs", 3) == 0 ||
strcmp(type, "afs") == 0 ||
strcmp(type, "ncpfs") == 0 ||
+ strcmp(type, "fuse.curlftpfs") == 0 ||
+ strcmp(type, "fuse.sshfs") == 0 ||
strncmp(type,"9p", 2) == 0)
return 1;
return 0;
++++++ util-linux-login_defs-priority1.patch ++++++
>From 15a191f6d30dfe202a080a3d90968b63d695a29f Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Thu, 10 Jan 2019 01:28:53 +0100
Subject: [PATCH 1/2] su-common.c: prefer /etc/default/su over login.defs
su(1) documentation says:
/etc/default/su command specific logindef config file
/etc/login.defs global logindef config file
It indirectly indicates that /etc/default/su should take precedence
over /etc/login.defs.
But the reverse is true. It is not possible to define ENV_PATH in
/etc/login.defs and then make su specific customization in
/etc/default/su. We need to change read order to match the documented
behavior.
Signed-off-by: Stanislav Brabec <[email protected]>
---
login-utils/su-common.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index e0604e246..19074247c 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -1229,8 +1229,8 @@ static void load_config(void *data)
struct su_context *su = (struct su_context *) data;
DBG(MISC, ul_debug("loading logindefs"));
- logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER :
_PATH_LOGINDEFS_SU);
logindefs_load_file(_PATH_LOGINDEFS);
+ logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER :
_PATH_LOGINDEFS_SU);
}
/*
--
2.20.1
++++++ util-linux-login_defs-priority2.patch ++++++
>From 86f42e5a2a9d8a483ad0ca85fdf090172fb4d385 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Thu, 10 Jan 2019 01:28:54 +0100
Subject: [PATCH 2/2] su-common.c: prefer ENV_SUPATH over ENV_ROOTPATH
ENV_SUPATH and ENV_ROOTPATH are equivalent and ENV_ROOTPATH takes
precedence in both login and su. It makes no sense. More logical would be
precedence of ENV_SUPATH in su and ENV_ROOTPATH in login.
Signed-off-by: Stanislav Brabec <[email protected]>
---
login-utils/login.1 | 2 +-
login-utils/runuser.1 | 2 +-
login-utils/su-common.c | 4 ++--
login-utils/su.1 | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/login-utils/login.1 b/login-utils/login.1
index cb8addec3..b73eae147 100644
--- a/login-utils/login.1
+++ b/login-utils/login.1
@@ -282,7 +282,7 @@ a regular user logs in. The default value is
(string)
.RS 4
If set, it will be used to define the PATH environment variable when
-the superuser logs in. The default value is
+the superuser logs in. ENV_ROOTPATH takes precedence. The default value is
.I
/usr\:/local\:/sbin:\:/usr\:/local\:/bin:\:/sbin:\:/bin:\:/usr\:/sbin:\:/usr\:/bin
.RE
.SH FILES
diff --git a/login-utils/runuser.1 b/login-utils/runuser.1
index bf0d02471..221672200 100644
--- a/login-utils/runuser.1
+++ b/login-utils/runuser.1
@@ -183,7 +183,7 @@ default value is
.B ENV_SUPATH
(string)
.RS 4
-Defines the PATH environment variable for root. The default value is
+Defines the PATH environment variable for root. ENV_SUPATH takes precedence.
The default value is
.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
.RE
.PP
diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 19074247c..0e44eb87c 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -989,8 +989,8 @@ static void setenv_path(const struct passwd *pw)
if (pw->pw_uid)
rc = logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH);
- else if ((rc = logindefs_setenv("PATH", "ENV_ROOTPATH", NULL)) != 0)
- rc = logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT);
+ else if ((rc = logindefs_setenv("PATH", "ENV_SUPATH", NULL)) != 0)
+ rc = logindefs_setenv("PATH", "ENV_ROOTPATH",
_PATH_DEFPATH_ROOT);
if (rc)
err(EXIT_FAILURE, _("failed to set the PATH environment
variable"));
diff --git a/login-utils/su.1 b/login-utils/su.1
index d6a064fd2..5ae6d6b2d 100644
--- a/login-utils/su.1
+++ b/login-utils/su.1
@@ -209,7 +209,7 @@ default value is
.B ENV_SUPATH
(string)
.RS 4
-Defines the PATH environment variable for root. The default value is
+Defines the PATH environment variable for root. ENV_SUPATH takes precedence.
The default value is
.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin .
.RE
.PP
--
2.20.1
++++++ util-linux-nologin-su-c.patch ++++++
Refresh.
>From a174eefb41a2ce8b467bb7e1546953c8bd1223dd Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <[email protected]>
Date: Thu, 10 Oct 2019 01:08:25 +0200
Subject: [PATCH] nologin: Prevent error from su -c
"su -c" can pass "-c" to nologin. It causes ugly error:
su -c "echo OK" - man
-nologin: invalid option -- 'c'
Try '-nologin --help' for more information.
Accept -c to prevent this error.
Signed-off-by: Josef Cejka <[email protected]>
Signed-off-by: Stanislav Brabec <[email protected]>
---
login-utils/nologin.8 | 11 +++++++++--
login-utils/nologin.c | 9 +++++++--
2 files changed, 16 insertions(+), 4 deletions(-)
Index: util-linux-2.33.2/login-utils/nologin.8
===================================================================
--- util-linux-2.33.2.orig/login-utils/nologin.8
+++ util-linux-2.33.2/login-utils/nologin.8
@@ -18,9 +18,16 @@ The exit code returned by
is always 1.
.PP
.SH OPTIONS
-.IP "\fB\-h, \-\-help\fP"
+
+
+.TP
+.IP "\fB\-c\fR, \fB\-\-command\fR \fIcommand\fR"
+Ignored. For compatibility with
+.I su -c "command" - user
+that would cause error otherwise.
+.IP "\fB\-h\fR, \fB\-\-help\fR"
Display help text and exit.
-.IP "\fB-V, \-\-version"
+.IP "\fB-V\fR, \fB\-\-version\fR"
Display version information and exit.
.SH NOTES
.B nologin
Index: util-linux-2.33.2/login-utils/nologin.c
===================================================================
--- util-linux-2.33.2.orig/login-utils/nologin.c
+++ util-linux-2.33.2/login-utils/nologin.c
@@ -30,7 +30,8 @@ static void __attribute__((__noreturn__)
fputs(_("Politely refuse a login.\n"), out);
fputs(USAGE_OPTIONS, out);
- printf(USAGE_HELP_OPTIONS(16));
+ fputs(_(" -c, --command <command> does nothing (for compatibility with
su -c)\n"), out);
+ printf(USAGE_HELP_OPTIONS(26));
printf(USAGE_MAN_TAIL("nologin(8)"));
exit(EXIT_FAILURE);
@@ -41,6 +42,7 @@ int main(int argc, char *argv[])
int c, fd = -1;
struct stat st;
static const struct option longopts[] = {
+ { "command", required_argument, NULL, 'c' },
{ "help", 0, NULL, 'h' },
{ "version", 0, NULL, 'V' },
{ NULL, 0, NULL, 0 }
@@ -50,8 +52,11 @@ int main(int argc, char *argv[])
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
- while ((c = getopt_long(argc, argv, "hV", longopts, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "c:hV", longopts, NULL)) != -1) {
switch (c) {
+ case 'c':
+ /* Ignore the command, just don't print unknown option
error. */
+ break;
case 'h':
usage();
break;
++++++ util-linux-rpmlintrc ++++++
addFilter("init-script-without-%stop_on_removal-preun /etc/init.d/raw")
addFilter("init-script-without-%restart_on_update-postun /etc/init.d/raw")
addFilter("incoherent-init-script-name raw")
addFilter("no-reload-entry /etc/init.d/raw")
# There is no egrep(1) used -> False positive
addFilter("deprecated-grep")
# Both pam configs for su and su-l are marked as noreplace
addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*")
# Useless warning as the /usr/bin variants are known
addFilter(".*W:.*permissions-symlink.*/bin/su.*")
addFilter(".*W:.*permissions-symlink.*/bin/umount.*")
addFilter(".*W:.*permissions-symlink.*/bin/mount.*")
# UGLY HACK: rpmlint falsely declares problems with files-attr-not-set
addFilter("W: files-attr-not-set")
++++++ util-linux.keyring ++++++
pub 4096R/EC39C284 2011-10-10 [expires: 2016-10-08]
uid Karel Zak <[email protected]>
sub 4096R/7BA16CAC 2011-10-10 [expires: 2016-10-08]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.20 (GNU/Linux)
mQINBE6StA4BEACp9++Y+DgbBloJEuVhsDjDIvAR1n/aHPDyPQQzg/DkKtR3BXHn
dGfTL9/DR8y9YzLNwUf2lWsEAvwHZ2XfUTp5S5nVbgpAB0/Q2ebP0TnkNYaRkxq7
VJF+kvUcA6hxYKYcIos2kJyfVytPE6FpFBqlgTmjcCTx4HHwePkVTVRyotOoA2V/
UUwixgkyG7aVfy4QBKHAkATpTPC4l+ISaOHKUiajxRoa99rpmBPl4FhIw3b5rPYA
26q9Pz8q1AwbXA1PXxzwKVqqfwEkl6sxUVKiM8rUuhic2lnDMIXexNMvqznpFqtB
v7n+z/5N8RbB1DQjWpy/Z7OW6yyYXW9e33c6IgU5n46rIyTPYyzq3mDfOsJdvoG/
nhF7VUkGDPYWfmx9ejvpKdoNCQ2q+MVp20msntcETcOq1r9SJwNXcsx+I/3ptbtX
Q+MQyA1L5FifkpA7+akITF5luOqUb2TToEBLiF/nn8y0sIUa/HGgcUrK2N9E1VNJ
tcIt/z0sZJUHYC+EBh/G0UNt9tRwPdnUks5sua1sCquXnkd9IS0Kr3Kq/C6JOKzz
UDGdFKVc6wExf70hX5h0g1kkypyjNwipGSdk+qVXO0IF/tKMToa8WZqoK3enzryI
Kmdq7IQ0ThdTTTC1ctVk4367/30prpNHF4/642G0OOiQCzWBrb0V217HvQARAQAB
tBtLYXJlbCBaYWsgPGt6YWtAcmVkaGF0LmNvbT6JAj4EEwECACgFAk6StA4CGwMF
CQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOS3HV7sOcKETI8QAI0U
StG6dv1l9kqkmFpXPZJ75hf5SJA69+upcKeTg9BXKrEqjZLeyEn1OVPmfVGwWpz8
SRbiYcHh8AhJaggAxKcIgQ/sAUBkmrTP6RyYEQUV6vFW5qv7dcEOs46d+LE/Wkxs
ymC2FSXxYOFiw7z27gkXQYq/IkdwfhRLFD6aD5egxcBVl91ZlRyklvPPW7qo046B
MWh2LaCVowYg+33GjS4A4JcF+tGkWZc0yqANwov93uhY0VXEdDsT4YWrTVdNDI3/
lZ5u5k9sEUGR03oV336M/j0qNtMfAG5iDt2PFrzhJZcGcQPiGd/DeYuJeLVCd8Nl
jAwsnfGqu9VITgaDOreLbpSTNSj8egPqOoUBAGncMSfdiQ2ZEhluPyCTwspDy5Pa
dESyk0q2Z6tKG9ae01g/RzfTGCVN4GxkORPxcEHloa4XM3C9FBohM1LTWmsvnNXe
cPdbPyCoiFKio/yFZDt1CYDkols4uf/0ztCSH6pI874sCmYJVkYev2W9RCxE4aYK
KMb8XCUPec8L4C1mpmBiej0NT/d9GHQUnJUpRD4EG7UBxMwNWflhO4P4Q81uM0Kr
RMht0lS0EylZXuQPPG5C1nMsa1+eN0wjSTpy7232PTCxu+bhxA1HzvWXYuueUmp2
QuV8PyA1lsfYI7PEgk2skfAvbP5vJszorklo2hVGuQINBE6StA4BEADG5Hind61Y
qoXXHotraJO2ejsPiy3BxSZTQet+IJO5tyURSXVIv+ZuV/MBRS/88fkBL2nHpK5b
BtJT11D2ZESmziZWGgMtZRV4va3fh3GaMeVdi5pXpmPZp4fBc60F3iCKfd1V8/1a
zwicZtdhTphkc6O7ETCr240OrJoOgvilbpv8WuVwhjfEOL2DwKITK6tzba1VScXi
ehDhhTssP14RQiH/OcMFuiHCHJeHQOH9ku4fzqT2/lxxSo4kMWKR2VslW17f3Zr3
Zvrbi/b8UE/3T/RsoaQn2ml9BfDiMgNwT4l2ILlE7HpZMfD2WAP6itGHolcdbhNa
jxAMHdP5t64zSdwKmB8AbuIo7nbMKuJMiPdkOS/8x3YHRle4WEEeRWTEcqyzqkMq
MCqKLxc4SCuSMv+ingDrHr+d5usuMlQjT8c71PIipl9OpM8Jkl8CI2ToVF20wijY
Oof4T/jjObYiZk1KcqqKhQzMXEhKCt9hK5AaKMq5BiublS/Q5EXpzcRgVmG+SMHd
hUNLN7gilFx5939Ev+36TNE/f66r9aiF+WbiI1V1JGs0LYVyFzwmFMCgQUsnyqyA
RNREnLysdLE98PDSO2ESxu9BO7kTvlP0q5p+MKQiYj/s5wSqXw8EDCSBH9u0/FQi
gyV0a+J70WZZNpdi5wq+qVZ16LENQdxtKwARAQABiQIlBBgBAgAPBQJOkrQOAhsM
BQkJZgGAAAoJEOS3HV7sOcKEtCYP/3ji7Kt4+M0N6IOkh7wHfWk3HLqBa1XOD1Oz
X+rp79L1cDK8J1XUHoW/84bsS8Y3NsXlIej1wLOcaH0HOpEsPzqoqP1JxGilRkAu
Yazt3WhqdM2FcOQNEnuk66F8HnN/mD4vLzxdxuPlRtlCruUcDZlZlyzpywk6B7Gi
cVfh1CvUJsDA++aOlgYIHB4Z6nSJWYp64z+5QAVToBHzI7ywVyWTJbjO1RCR5QsV
fPD07p1deSW96QhqLSb2wQfk93I4YGshaVPwG01ZamxPEbspKqrEIG+5S6E4q/B+
VF0zj5GU7jt/6M4qFzKbaY+vxsaqjgCOCPL5bCz5RFTHdtEmC/cmsvVbYuBD/5UY
D3JbyXt7KSG/a5Oel4ynK1pRQbnS6eNcGQqZPUop4PBouRKnUqv8uzljaiL9Wm3G
Hv9tn1L6ly86VcLt1ALTVuqwm5ci1fDVbddSliPv5atWNJ+So2MfEg3qbCzEC8Is
JNsVd4N6fSctYfFvBxsPjy7fw1iEqKq7SzTlHMO5hiKpS+8HSRVv6djHlj3aWtgy
u+BTXT/tRQ6c3TlZadqoyumX1U+Tflb6qMyJaZPsqv3bsOpXwjLAVfT4nPRXqbN6
WWUhdompzuZufyCCL9Tc6lPDgVmuWyycHk4gbdfERodk4SEYJ0cEwFbl+GjL9XFZ
VeljfCzq
=8wc5
-----END PGP PUBLIC KEY BLOCK-----
