[Buildroot] [PATCH v1] package/util-linux: bump version to 2.37.3 (fixes CVE-2021-3996, CVE-2021-3995)

[Buildroot] [PATCH v1] package/util-linux: bump version to 2.37.3 (fixes CVE-2021-3996, CVE-2021-3995)

[Peter Seiderer]

For details see [1].

[1] https://www.spinics.net/lists/util-linux-ng/msg17037.html

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
---
 package/util-linux/util-linux.hash | 2 +-
 package/util-linux/util-linux.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/util-linux/util-linux.hash b/package/util-linux/util-linux.hash
index eafbe9254a..9c10a42dca 100644
--- a/package/util-linux/util-linux.hash
+++ b/package/util-linux/util-linux.hash
@@ -1,5 +1,5 @@
 # From https://www.kernel.org/pub/linux/utils/util-linux/v2.37/sha256sums.asc
-sha256  6a0764c1aae7fb607ef8a6dd2c0f6c47d5e5fd27aa08820abaad9ec14e28e9d9  util-linux-2.37.2.tar.xz
+sha256  590c592e58cd6bf38519cb467af05ce6a1ab18040e3e3418f24bcfb2f55f9776  util-linux-2.37.3.tar.xz
 # License files, locally calculated
 sha256  869660b5269f4f40a8a679da7f403ea3a6e71d46087aab5e14871b09bcb55955  README.licensing
 sha256  9b718a9460fed5952466421235bc79eb49d4e9eacc920d7a9dd6285ab8fd6c6d  Documentation/licenses/COPYING.BSD-3-Clause
diff --git a/package/util-linux/util-linux.mk b/package/util-linux/util-linux.mk
index cf0fee409b..88d4984e2f 100644
--- a/package/util-linux/util-linux.mk
+++ b/package/util-linux/util-linux.mk
@@ -8,7 +8,7 @@
 # util-linux-libs/util-linux-libs.mk needs to be updated accordingly as well.
 
 UTIL_LINUX_VERSION_MAJOR = 2.37
-UTIL_LINUX_VERSION = $(UTIL_LINUX_VERSION_MAJOR).2
+UTIL_LINUX_VERSION = $(UTIL_LINUX_VERSION_MAJOR).3
 UTIL_LINUX_SOURCE = util-linux-$(UTIL_LINUX_VERSION).tar.xz
 UTIL_LINUX_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/util-linux/v$(UTIL_LINUX_VERSION_MAJOR)
 
-- 
2.34.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v1] package/util-linux: bump version to 2.37.3 (fixes CVE-2021-3996, CVE-2021-3995)

[Thomas Petazzoni]

On Mon, 24 Jan 2022 21:16:28 +0100
Peter Seiderer <ps.report@gmx.net> wrote:

> For details see [1].
> 
> [1] https://www.spinics.net/lists/util-linux-ng/msg17037.html
> 
> Signed-off-by: Peter Seiderer <ps.report@gmx.net>
> ---
>  package/util-linux/util-linux.hash | 2 +-
>  package/util-linux/util-linux.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v1] package/util-linux: bump version to 2.37.3 (fixes CVE-2021-3996, CVE-2021-3995)

[Thomas Petazzoni]

On Mon, 24 Jan 2022 22:07:07 +0100
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> Applied to master, thanks.

And I reverted, because it breaks the build:

  http://autobuild.buildroot.net/?reason=%util-linux-2.37.3

(I didn't investigate, it's too late here.)

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH v1] package/util-linux: bump version to 2.37.3 (fixes CVE-2021-3996, CVE-2021-3995)

[Peter Seiderer]

Hello Thomas,

On Tue, 25 Jan 2022 00:12:22 +0100, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> On Mon, 24 Jan 2022 22:07:07 +0100
> Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:
>
> > Applied to master, thanks.
>
> And I reverted, because it breaks the build:
>
>   http://autobuild.buildroot.net/?reason=%util-linux-2.37.3
>
> (I didn't investigate, it's too late here.)

The failure is

	make[3]: *** No rule to make target 'disk-utils/raw.8', needed by 'all-am'.  Stop.

upstream known [1] and [2] (and fixed in the next release), seems to be a packaging
error and could be fixed/work-around (or hacked) by (will install an empty man page
to staging/target):

	touch build/util-linux-2.37.3/disk-utils/raw.8

Can send an updated patch with this fix(?)...

Regards,
Peter

[1] https://github.com/util-linux/util-linux/issues/1579
[2] https://github.com/util-linux/util-linux/issues/1577

>
> Best regards,
>
> Thomas

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot