-
util-linux (2.37.2-4ubuntu3.4) jammy-security; urgency=medium
* SECURITY UPDATE: Improper neutralization of escape sequences in wall
- debian/rules: build with --disable-use-tty-group to properly remove
setgid bit from both wall and write.
- CVE-2024-28085
-- Marc Deslauriers <email address hidden> Tue, 09 Apr 2024 11:32:56 -0400
-
util-linux (2.37.2-4ubuntu3.3) jammy-security; urgency=medium
* SECURITY UPDATE: Improper neutralization of escape sequences in wall
- debian/patches/upstream/CVE-2024-28085-pre1.patch: correctly handle
wide characters in include/carefulputc.h, login-utils/last.c,
term-utils/write.c.
- debian/patches/upstream/CVE-2024-28085-pre2.patch: convert homebrew
buffering to open_memstream() in term-utils/wall.c.
- debian/patches/upstream/CVE-2024-28085-pre3.patch: use
fputs_careful() in include/carefulputc.h, login-utils/last.c,
term-utils/wall.c, term-utils/write.c.
- debian/patches/upstream/CVE-2024-28085.patch: consolidate output on
the terminal in term-utils/wall.c.
- CVE-2024-28085
-- Marc Deslauriers <email address hidden> Fri, 22 Mar 2024 08:25:19 -0400
-
util-linux (2.37.2-4ubuntu3.2) jammy; urgency=medium
* debian/patches/upstream/CVE-2022-0563.patch: Remove readline support
from chsh and chfn. Ubuntu does not ship these binaries, so this
only impacts parties building them from Ubuntu source. (CVE-2022-0563)
(LP: #2048092)
util-linux (2.37.2-4ubuntu3.1) jammy; urgency=low
* Add ARM core support for Grace systems (LP: #2019856)
- /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch
-- dann frazier <email address hidden> Thu, 04 Jan 2024 11:41:57 -0700
-
util-linux (2.37.2-4ubuntu3.1) jammy; urgency=low
* Add ARM core support for Grace systems (LP: #2019856)
- /d/p/ubuntu/lp-2019856-add-missing-arm-cores.patch
-- Heather Lemon <email address hidden> Fri, 19 May 2023 15:37:24 +0000
-
util-linux (2.37.2-4ubuntu3) jammy; urgency=medium
* Revert the change to libsmartcols that outputs shell parsable column
names when -P / --pairs is used in lsblk. The change breaks older
MAAS and curtin versions, such that they cannot deploy Jammy.
(LP: #1961542)
- d/p/ubuntu/lp-1961542-Revert-libsmartcols-sanitize-variable-names-on-ex.patch
-- Matthew Ruffell <email address hidden> Mon, 21 Feb 2022 14:49:57 +1300
-
util-linux (2.37.2-4ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: Unauthorized unmount of FUSE filesystems belonging to
users with similar uid
- debian/patches/upstream/CVE-2021-3995-1.patch: make sure mem2strcpy()
buffer is zeroized in include/strutils.h.
- debian/patches/upstream/CVE-2021-3995-2.patch: fix UID check for FUSE
umount in libmount/src/context_umount.c, libmount/src/mountP.h,
libmount/src/optstr.c.
- CVE-2021-3995
* SECURITY UPDATE: Unauthorized unmount in util-linux's libmount
- debian/patches/upstream/CVE-2021-3996-1.patch: remove support for
deleted mount table entries in libmount/src/tab_parse.c.
- debian/patches/upstream/CVE-2021-3996-2.patch: update mountinfo files
in tests/*.
- CVE-2021-3996
-- Marc Deslauriers <email address hidden> Wed, 16 Feb 2022 07:21:37 -0500
-
util-linux (2.37.2-4ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Build hwclock with audit support.
- Drop debian/hwclock.rules and debian/util-linux.hwclock.default, recent
kernels sync the RTC automatically.
- Add sulogin-fallback-static-sh.patch: Add support for /bin/static-sh as
fallback if the regular shell fails to execute. Patch ported from
sysvinit. (see LP #505887)
- Add sulogin-lockedpwd.patch: Make sure file systems can be fixed on
machines with locked root accounts (as Ubuntu does by default). Don't
require --force for sulogin.
- Clean up weekly fstrim cron file, now a systemd timer unit.
- Allow to build without udeb packages.
- Update translations after changes to HiFive partition names
-- Mario Limonciello <email address hidden> Wed, 27 Oct 2021 00:35:24 -0500
-
util-linux (2.36.1-8ubuntu2) impish; urgency=medium
* Fix HiFive partition names (LP: #1944741)
- include: Rename HiFive partition UUIDs
- po: Update translations after changes to HiFive partition names
-- Alexandre Ghiti <email address hidden> Thu, 23 Sep 2021 16:07:01 +0200
-
util-linux (2.36.1-8ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Build hwclock with audit support.
- Drop debian/hwclock.rules and debian/util-linux.hwclock.default, recent
kernels sync the RTC automatically.
- Add sulogin-fallback-static-sh.patch: Add support for /bin/static-sh as
fallback if the regular shell fails to execute. Patch ported from
sysvinit. (see LP #505887)
- Add sulogin-lockedpwd.patch: Make sure file systems can be fixed on
machines with locked root accounts (as Ubuntu does by default). Don't
require --force for sulogin.
- Clean up weekly fstrim cron file, now a systemd timer unit.
- Allow to build without udeb packages.
-- Michael Hudson-Doyle <email address hidden> Thu, 12 Aug 2021 09:43:10 +1200
