Received: by 2002:ab2:2441:0:b0:1f3:1f8c:d0c6 with SMTP id k1csp153918lqe; Thu, 4 Apr 2024 02:40:01 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV+uE477C4o6VhNrFGMvyhFQZpko9L/NTl9cM2ZBeDWmo5nGCLdLyMK2JMuwHseF0LAn1ViVFsz2c43LxI99vN0NnHLz4zRLVS2xJF+Yg== X-Google-Smtp-Source: AGHT+IEWp9SN8Fq7I2z9nDMGIchy+efAOoPGs+bCBs3RsUYO9vckOA/gG+M1KhP6Z0zevKbgTEzC X-Received: by 2002:a17:906:4f13:b0:a49:dfe1:d5e with SMTP id t19-20020a1709064f1300b00a49dfe10d5emr1153818eju.57.1712223601584; Thu, 04 Apr 2024 02:40:01 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712223601; cv=pass; d=google.com; s=arc-20160816; b=rMBLYkoZNg9iRH3l9WrFi3PYHFipYVsaqUnoNRYhu2u8ufD5Y5eq5GUDAOzF52VMwk ZhqpUVgnjXz9tNuCAhJbxB/XIYeqGZ74XizDbAuCYZAFkLBHsR9WuXPy2T62rLjP8AF9 Ys5fIj2PqTJTCEPsW82WHrKe2/nxXU3qc7qK8V5FvQCaMiwbsgkx+SjFvKFuDy2KwUpG hh9NBtoQH6KhNoEawAHznujBF861eXCSuAENJG9FWA3s0jm2zo+60QxAToJpaKfrv3hL XV4pL84/rwHoHsEynFXN0kH7t2srPLVYVp48XGRL179BTmwVvCWCokT9tJcKoNumd9uO k9VQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:message-id :subject:to:from:date:dkim-signature; bh=9Q0Gv0d6rBwe65qsruTCiuIlit9fW3dRsJmEeNPjWAs=; fh=bTwu3wJf5r2vL/8E0pqgpcMfKVvQwfzIBN78EFiksQY=; b=BMsXcCaWeJ+iGd+N8oTRTSt0VwIB44sRauWGFI0KJfWKe6pBtjDvmNh11i0hTCo83R 5W4kXBtqvVLFU2pS+pe5Hwhyere96i6zwT4Cyo27JPeaKIZBhY/Vn6gI5t/MBWbqdG3M I/cKXA3utJyXIOroGJ9p2yHRC25XGKuxgxhIVbgpjAQBRQTMnWUMfjuH6lqVPu+20v3j TG8exuHU8bDdn66lqWh+77EExZiC97ghoXD2CGkcmYJnDTqljzq+jabCwVVRZxHkrunk li/JTt71P2lppE2N4CzRYWRVVUwIsFEhIAEVrJDq6V1EB8oSYCF6nqIwKqp6VX+s39kZ YASQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ca76V2on; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-131197-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131197-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id i9-20020a170906250900b00a46dfb36484si7372294ejb.809.2024.04.04.02.40.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 02:40:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-131197-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=ca76V2on; arc=pass (i=1 spf=pass spfdomain=redhat.com dkim=pass dkdomain=redhat.com dmarc=pass fromdomain=redhat.com); spf=pass (google.com: domain of linux-kernel+bounces-131197-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-131197-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 51A1C1F2996C for ; Thu, 4 Apr 2024 09:40:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 918E774BE4; Thu, 4 Apr 2024 09:39:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="ca76V2on" Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09A1174438 for ; Thu, 4 Apr 2024 09:39:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712223594; cv=none; b=hLCZFApGjZnV9DA5chiZMSQxJIFnKSTiTIZZVzgJa8KQw4JLVXMx1J8mvTDOLjhe3ukmBxxQ/4YPtplPMyZgLRtq+rX7iK/icehStbGlQV+hoEZqFrt5DpxZj6yqBwcjWTM/qvoAAmlooCTgsngA4mz9j7CUN8NE2FDjeYhrI0M= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712223594; c=relaxed/simple; bh=Q2J0SHdbDDTKk3cBCCZk1JWW4uClXx9Nvjj8wbCUCz8=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=co4egBoQyxLyvMQ+qXz7YT8LGfhcyHhwJKFlZhJ7TQ7DcEHPbAcJ7+WjVVqcvJmip0Z3SpaDGNGcO53EiDK7mKxMoh1iUdnNJYrYXp66ghn8aGjkM6nAtvPoUq3m0JntCOlSogM/B4TfxFAK5b4Dzuqb2nS9Kz4S9jG2R1eg8/k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=ca76V2on; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1712223591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=9Q0Gv0d6rBwe65qsruTCiuIlit9fW3dRsJmEeNPjWAs=; b=ca76V2onUiOFhuKmtGMbMiibCyZgHaYh6RUTr1oCgzXzM+pLXzM0Yf0C/7SXRVJxZhJlUL 3AK3xIUG34NEX0dne5Ho0WoshT3Fa4euMa7yllT7zIedBBDvsSaKF97A1izMtGoDOiA8VS mV9Go1omdevASO/b8B+1KJ80eTiY5Z4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-453-3KsI3PBNM1-8XJ9da5_nog-1; Thu, 04 Apr 2024 05:39:50 -0400 X-MC-Unique: 3KsI3PBNM1-8XJ9da5_nog-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C004485A5BA; Thu, 4 Apr 2024 09:39:49 +0000 (UTC) Received: from ws.net.home (unknown [10.45.226.93]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 337BE1C060A4; Thu, 4 Apr 2024 09:39:49 +0000 (UTC) Date: Thu, 4 Apr 2024 11:39:43 +0200 From: Karel Zak To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, util-linux@vger.kernel.org Subject: [ANNOUNCE] util-linux maintenance release v2.39.4 Message-ID: <20240404093943.jkyn4eimk3humbw2@ws.net.home> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7 The util-linux stable maintenance release v2.39.4 is available at http://www.kernel.org/pub/linux/utils/util-linux/v2.39/ Feedback and bug reports, as always, are welcomed. (Please note that the current stable release is v2.40.) Karel util-linux v2.39.4 Release Notes ================================ Security issues --------------- This release fixes CVE-2024-28085. The wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and *wall is setgid*. Not all distros are affected (e.g. CentOS, RHEL, Fedora are not; Ubuntu and Debian wall is both setgid and mesg is set to y by default). Changes between v2.39.3 and v2.39.4 ----------------------------------- build: - only build test_enosys if an audit arch exists [Thomas Wei?schuh] dmesg: - (tests) validate json output [Thomas Wei?schuh] - -r LOG_MAKEPRI needs fac << 3 [Edward Chron] - correctly print all supported facility names [Thomas Wei?schuh] - only write one message to json [Thomas Wei?schuh] - open-code LOG_MAKEPRI [Thomas Wei?schuh] docs: - update AUTHORS file [Karel Zak] fadvise: - (test) don't compare fincore page counts [Thomas Wei?schuh] - (test) dynamically calculate expected test values [Thomas Wei?schuh] - (test) test with 64k blocks [Thomas Wei?schuh] - (tests) factor out calls to "fincore" [Thomas Wei?schuh] github: - add labeler [Karel Zak] jsonwrt: - add ul_jsonwrt_value_s_sized [Thomas Wei?schuh] libblkid: - Check offset in LUKS2 header [Milan Broz] - topology/ioctl correctly handle kernel types [Thomas Wei?schuh] libmount: - don't initialize variable twice (#2714) [Thorsten Kukuk] - make sure "option=" is used as string [Karel Zak] libsmartcols: - (tests) add test for continuous json output [Thomas Wei?schuh] - drop spourious newline in between streamed JSON objects [Thomas Wei?schuh] - flush correct stream [Thomas Wei?schuh] - only recognize closed object as final element [Thomas Wei?schuh] po: - merge changes [Karel Zak] po-man: - merge changes [Karel Zak] wall: - fix calloc cal [-Werror=calloc-transposed-args] [Karel Zak] - fix escape sequence Injection [CVE-2024-28085] [Karel Zak] -- Karel Zak http://karelzak.blogspot.com