From 5edfdfcc7f2335e99127b5ef41256e2930626667 Mon Sep 17 00:00:00 2001 From: dashnfschina Date: Mon, 6 May 2024 22:09:36 -0400 Subject: [PATCH 1/3] fix:CVE-2024-28085 --- 0001-fix-CVE-2024-28085.patch | 25 +++++++++++++++++++++++++ util-linux.spec | 6 +++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 0001-fix-CVE-2024-28085.patch diff --git a/0001-fix-CVE-2024-28085.patch b/0001-fix-CVE-2024-28085.patch new file mode 100644 index 0000000..cb30d9b --- /dev/null +++ b/0001-fix-CVE-2024-28085.patch @@ -0,0 +1,25 @@ +From f5874e2f26976cf7ff86f4e3e50d9e1779599b38 Mon Sep 17 00:00:00 2001 +From: dashnfschina +Date: Mon, 6 May 2024 22:06:39 -0400 +Subject: [PATCH] fix CVE-2024-28085 + +--- + term-utils/wall.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/term-utils/wall.c b/term-utils/wall.c +index 377db45..1e7e9ab 100644 +--- a/term-utils/wall.c ++++ b/term-utils/wall.c +@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz, + int i; + + for (i = 0; i < mvecsz; i++) { +- fputs(mvec[i], fs); ++ fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH); + if (i < mvecsz - 1) + fputc(' ', fs); + } +-- +2.18.2 + diff --git a/util-linux.spec b/util-linux.spec index 772bd9a..7715609 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -1,7 +1,7 @@ Summary: Collection of basic system utilities Name: util-linux Version: 2.39.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://en.wikipedia.org/wiki/Util-linux @@ -94,6 +94,7 @@ Patch1: login-default-motd-file.patch ### Upstream ### Patch2: libmount-Fix-regression-when-mounting-with-atime.patch +Patch3: 0001-fix-CVE-2024-28085.patch %description @@ -876,6 +877,9 @@ fi %changelog +* Tue May 7 2024 dash - 2.39.1-2 +- fix CVE-2024-28085 + * Mon Mar 11 2024 huang yang - 2.39.1-1 - New version 2.39.1 -- Gitee From 186f1027990b76da1ce63db87b8d7e8195d0f807 Mon Sep 17 00:00:00 2001 From: dashnfschina Date: Tue, 7 May 2024 03:47:38 -0400 Subject: [PATCH 2/3] 222 --- util-linux.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util-linux.spec b/util-linux.spec index 7715609..9a0c704 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -1,7 +1,7 @@ Summary: Collection of basic system utilities Name: util-linux Version: 2.39.1 -Release: 2%{?dist} +Release: 1%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://en.wikipedia.org/wiki/Util-linux @@ -877,7 +877,7 @@ fi %changelog -* Tue May 7 2024 dash - 2.39.1-2 +* Tue May 7 2024 dash - 2.39.1-1 - fix CVE-2024-28085 * Mon Mar 11 2024 huang yang - 2.39.1-1 -- Gitee From 936dbb9d315ea2231e37a8605eb3eb4aaf05735b Mon Sep 17 00:00:00 2001 From: dashnfschina Date: Tue, 7 May 2024 04:22:49 -0400 Subject: [PATCH 3/3] 2 --- util-linux.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util-linux.spec b/util-linux.spec index 9a0c704..7715609 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -1,7 +1,7 @@ Summary: Collection of basic system utilities Name: util-linux Version: 2.39.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://en.wikipedia.org/wiki/Util-linux @@ -877,7 +877,7 @@ fi %changelog -* Tue May 7 2024 dash - 2.39.1-1 +* Tue May 7 2024 dash - 2.39.1-2 - fix CVE-2024-28085 * Mon Mar 11 2024 huang yang - 2.39.1-1 -- Gitee