!353 mkfs.bfs fix memory leaks

From: @hugel 
Reviewed-by: @jiayi0118 
Signed-off-by: @jiayi0118

backport-CVE-2024-28085.patch

@@ -0,0 +1,29 @@
+From 404b0781f52f7c045ca811b2dceec526408ac253 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 21 Mar 2024 11:16:20 +0100
+Subject: [PATCH] wall: fix escape sequence Injection [CVE-2024-28085]
+
+Let's use for all cases the same output function.
+
+Reported-by: Skyler Ferrante <sjf5462@rit.edu>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/wall.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index fa5e027..d6714c6 100644
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -329,7 +329,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		int i;
+ 
+ 		for (i = 0; i < mvecsz; i++) {
+-			fputs(mvec[i], fs);
++			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
+ 			if (i < mvecsz - 1)
+ 				fputc(' ', fs);
+ 		}
+-- 
+2.19.1
+

backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch

@@ -0,0 +1,35 @@
+From 68459714838c8c0c2d34b6d658638f5d59298bc7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Sun, 1 Oct 2023 13:57:12 +0200
+Subject: [PATCH] include/c.h: add helpers for unaligned structure access
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ include/c.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/include/c.h b/include/c.h
+index 752f568c5..224a8e54f 100644
+--- a/include/c.h
++++ b/include/c.h
+@@ -213,6 +213,14 @@
+ 	(type *)( (char *)__mptr - offsetof(type,member) );})
+ #endif
+ 
++#define read_unaligned_member(p, m) __extension__ ({          \
++	size_t offset = offsetof(__typeof__(* p), m);         \
++	__typeof__(p->m) v;                                   \
++	memcpy(&v, ((unsigned char *)p) + offset, sizeof(v)); \
++	v; })
++
++#define member_ptr(p, m) (((unsigned char *)p) + offsetof(__typeof__(*p), m))
++
+ #ifndef HAVE_PROGRAM_INVOCATION_SHORT_NAME
+ # ifdef HAVE___PROGNAME
+ extern char *__progname;
+-- 
+2.33.0
+

backport-libblkid-drbd-reduce-false-positive.patch

@@ -0,0 +1,50 @@
+From 1ab5d84d66f144ef0a9d1ac9502a59a842466504 Mon Sep 17 00:00:00 2001
+From: biubiuzy <294772273@qq.com>
+Date: Wed, 17 Jan 2024 11:23:47 +0800
+Subject: [PATCH] libblkid: (drbd) reduce false-positive
+
+---
+ libblkid/src/superblocks/drbd.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/libblkid/src/superblocks/drbd.c b/libblkid/src/superblocks/drbd.c
+index 1723229..410e21d 100644
+--- a/libblkid/src/superblocks/drbd.c
++++ b/libblkid/src/superblocks/drbd.c
+@@ -18,6 +18,13 @@
+ 
+ #include "superblocks.h"
+ 
++/*
++ * drbd/drbd_int.h
++ */
++#define BM_BLOCK_SHIFT	12			 /* 4k per bit */
++#define BM_BLOCK_SIZE	 (1<<BM_BLOCK_SHIFT)
++
++
+ /*
+  * drbd/linux/drbd.h
+  */
+@@ -153,6 +160,9 @@ static int probe_drbd_84(blkid_probe pr)
+ 			be32_to_cpu(md->magic) != DRBD_MD_MAGIC_84_UNCLEAN)
+ 		return 1;
+ 
++	if (be32_to_cpu(read_unaligned_member(md, bm_bytes_per_bit)) != BM_BLOCK_SIZE)
++		return 1;
++
+ 	/*
+ 	 * DRBD does not have "real" uuids; the following resembles DRBD's
+ 	 * notion of uuids (64 bit, see struct above)
+@@ -197,6 +197,9 @@ static int probe_drbd_90(blkid_probe pr)
+ 	if (be32_to_cpu(md->magic) != DRBD_MD_MAGIC_09)
+ 		return 1;
+ 
++	if (be32_to_cpu(read_unaligned_member(md, bm_bytes_per_bit)) != BM_BLOCK_SIZE)
++		return 1;
++
+ 	/*
+ 	 * DRBD does not have "real" uuids; the following resembles DRBD's
+ 	 * notion of uuids (64 bit, see struct above)
+-- 
+2.33.0
+

backport-libfdisk-fix-fdisk_reread_changes-for-extended-partitions.patch

@@ -0,0 +1,40 @@
+commit b0098c1ebd3bd068edaa38be67ac48b6c1218e98
+Author: Karel Zak <kzak@redhat.com>
+Date:   Thu Aug 6 11:32:33 2020 +0200
+
+    libfdisk: fix fdisk_reread_changes() for extended partitions
+    
+    Linux kernel assumes only 1KiB extended partition to avoid overlapping
+    with nested logical partitions. We need to follow this rule for
+    BLKPG_ADD_PARTITION.
+    
+    Addresses: https://github.com/karelzak/util-linux/issues/1112
+    Signed-off-by: Karel Zak <kzak@redhat.com>
+
+diff --git a/libfdisk/src/context.c b/libfdisk/src/context.c
+index 363db30f4..327e03b42 100644
+--- a/libfdisk/src/context.c
++++ b/libfdisk/src/context.c
+@@ -939,10 +939,21 @@ int fdisk_reread_changes(struct fdisk_context *cxt, struct fdisk_table *org)
+ 		}
+ 	}
+ 	for (i = 0; i < nadds; i++) {
++		uint64_t sz;
++
+ 		pa = add[i];
++		sz = pa->size * ssf;
++
+ 		DBG(PART, ul_debugobj(pa, "#%zu calling BLKPG_ADD_PARTITION", pa->partno));
++
++		if (fdisk_is_label(cxt, DOS) && fdisk_partition_is_container(pa))
++			/* Let's follow the Linux kernel and reduce
++                         * DOS extended partition to 1 or 2 sectors.
++			 */
++			sz = min(sz, (uint64_t) 2);
++
+ 		if (partx_add_partition(cxt->dev_fd, pa->partno + 1,
+-					pa->start * ssf, pa->size * ssf) != 0) {
++					pa->start * ssf, sz) != 0) {
+ 			fdisk_warn(cxt, _("Failed to add partition %zu to system"), pa->partno + 1);
+ 			err++;
+ 		}

backport-mkfs.bfs-fix-memory-leaks-and-weak-code.patch

@@ -0,0 +1,112 @@
+From 2c6ce1240f118a2d00ad93060da409c3995b7f67 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Tue, 1 Apr 2025 15:54:07 +0200
+Subject: [PATCH] mkfs.bfs: fix memory leaks and weak code
+
+- use size_t to store strlen() result
+- init superblock with the default volume and fsname
+- don't use strdup(), it's unnecessary as getopt_long() does not
+  modify arguments
+- don't use memcpy() as we need to check string sizes
+- restrict verbose output 6 bytes
+
+Addresses: https://github.com/util-linux/util-linux/pull/3488
+Signed-off-by: Karel Zak <kzak@redhat.com>
+
+Reference:https://github.com/util-linux/util-linux/commit/2c6ce1240f118a2d00ad93060da409c3995b7f67
+Conflict:context adaptation
+
+---
+ disk-utils/mkfs.bfs.c | 34 ++++++++++++++++++++++------------
+ 1 file changed, 22 insertions(+), 12 deletions(-)
+
+diff --git a/disk-utils/mkfs.bfs.c b/disk-utils/mkfs.bfs.c
+index 895a1f27b..d18589ab2 100644
+--- a/disk-utils/mkfs.bfs.c
++++ b/disk-utils/mkfs.bfs.c
+@@ -103,7 +103,7 @@ static void __attribute__((__noreturn__)) usage(void)
+ 
+ int main(int argc, char **argv)
+ {
+-	char *device, *volume, *fsname;
++	char *device, *volume = NULL, *fsname = NULL;
+ 	long inodes;
+ 	unsigned long long total_blocks, ino_bytes, ino_blocks, data_blocks;
+ 	unsigned long long user_specified_total_blocks = 0;
+@@ -111,12 +111,16 @@ int main(int argc, char **argv)
+ 	int verbose = 0;
+ 	int fd;
+ 	uint32_t first_block;
+-	struct bfssb sb;
+ 	struct bfsi ri;
+ 	struct bfsde de;
+ 	struct stat statbuf;
+ 	time_t now;
+-	int c, i, len;
++	int c, i;
++	size_t len;
++	struct bfssb sb = {
++		.s_fsname = "\x20\x20\x20\x20\x20\x20",
++		.s_volume = "\x20\x20\x20\x20\x20\x20"
++	};
+ 
+ 	enum { VERSION_OPTION = CHAR_MAX + 1 };
+ 	static const struct option longopts[] = {
+@@ -145,7 +149,6 @@ int main(int argc, char **argv)
+ 	if (argc == 2 && !strcmp(argv[1], "-V"))
+ 		print_version(EXIT_SUCCESS);
+ 
+-	volume = fsname = "      ";	/* is there a default? */
+ 	inodes = 0;
+ 
+ 	while ((c = getopt_long(argc, argv, "N:V:F:vhcl", longopts, NULL)) != -1) {
+@@ -155,17 +158,21 @@ int main(int argc, char **argv)
+ 			break;
+ 
+ 		case 'V':
++			if (volume)
++				errx(EXIT_FAILURE, _("more than one volume"));
+ 			len = strlen(optarg);
+-			if (len <= 0 || len > 6)
++			if (!len || len > sizeof(sb.s_volume))
+ 				errx(EXIT_FAILURE, _("volume name too long"));
+-			volume = xstrdup(optarg);
++			volume = optarg;
+ 			break;
+ 
+ 		case 'F':
++			if (fsname)
++				errx(EXIT_FAILURE, _("more than one fsname"));
+ 			len = strlen(optarg);
+-			if (len <= 0 || len > 6)
++			if (!len || len > sizeof(sb.s_fsname))
+ 				errx(EXIT_FAILURE, _("fsname name too long"));
+-			fsname = xstrdup(optarg);
++			fsname = optarg;
+ 			break;
+ 
+ 		case 'v':
+@@ -260,13 +267,16 @@ int main(int argc, char **argv)
+ 	sb.s_start = cpu_to_le32(ino_bytes + sizeof(struct bfssb));
+ 	sb.s_end = cpu_to_le32(total_blocks * BFS_BLOCKSIZE - 1);
+ 	sb.s_from = sb.s_to = sb.s_backup_from = sb.s_backup_to = -1;
+-	memcpy(sb.s_fsname, fsname, 6);
+-	memcpy(sb.s_volume, volume, 6);
++
++	if (fsname)
++		str2memcpy(sb.s_fsname, fsname, sizeof(sb.s_fsname));
++	if (volume)
++		str2memcpy(sb.s_volume, volume, sizeof(sb.s_volume));
+ 
+ 	if (verbose) {
+ 		fprintf(stderr, _("Device: %s\n"), device);
+-		fprintf(stderr, _("Volume: <%-6s>\n"), volume);
+-		fprintf(stderr, _("FSname: <%-6s>\n"), fsname);
++		fprintf(stderr, _("Volume: <%.6s>\n"), sb.s_volume);
++		fprintf(stderr, _("FSname: <%.6s>\n"), sb.s_fsname);
+ 		fprintf(stderr, _("BlockSize: %d\n"), BFS_BLOCKSIZE);
+ 		if (ino_blocks == 1)
+ 			fprintf(stderr, _("Inodes: %ld (in 1 block)\n"),
+-- 
+2.20.1
+

backport-tests-fix-misc-setarch-run-in-a-docker-environment.patch

@@ -0,0 +1,25 @@
+From c41e859b238998453a99a3fbe6f082f081372b86 Mon Sep 17 00:00:00 2001
+From: Anatoly Pugachev <matorola@gmail.com>
+Date: Fri, 8 Apr 2022 17:53:58 +0300
+Subject: [PATCH] tests: fix misc/setarch run in a docker environment
+
+Fixes: #601
+---
+ tests/ts/misc/setarch | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tests/ts/misc/setarch b/tests/ts/misc/setarch
+index 6c872bf70..ab2f6c009 100755
+--- a/tests/ts/misc/setarch
++++ b/tests/ts/misc/setarch
+@@ -23,6 +23,7 @@ ts_check_test_command "$TS_CMD_SETARCH"
+ ARCH=$(uname -m)
+ 
+ ts_init_subtest options
++test -e /.dockerenv && ts_skip "unsupported in docker environment"
+ ts_log_both "###### unknown arch"
+ $TS_CMD_SETARCH qubit -v echo "success" >> $TS_OUTPUT 2>> $TS_ERRLOG
+ echo "exit: $?" >>$TS_OUTPUT
+-- 
+2.33.0
+

backport-wall-add-__format__-attribute.patch

@@ -0,0 +1,28 @@
+From 0c753d8d6b6c4342f4ede5e8aba1491d9119d010 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Fri, 18 Jun 2021 16:56:52 +0200
+Subject: [PATCH] wall: add __format__ attribute
+
+Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/wall.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index 97d9a56b5..fb283d3bf 100644
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -296,7 +296,8 @@ static void buf_puts(struct buffer *bs, const char *s)
+ 	bs->used += len;
+ }
+ 
+-static void buf_printf(struct buffer *bs, const char *fmt, ...)
++static void __attribute__((__format__ (__printf__, 2, 3)))
++	buf_printf(struct buffer *bs, const char *fmt, ...)
+ {
+ 	int rc;
+ 	va_list ap;
+-- 
+2.19.1
+

backport-wall-convert-homebrew-buffering-to-open_memstream.patch

@@ -0,0 +1,171 @@
+From 27ee6446503af7ec0c2647704ca47ac4de3852ef Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Wed, 15 Mar 2023 16:16:43 +0100
+Subject: [PATCH] wall: convert homebrew buffering to open_memstream()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The struct buffer system duplicates a plethora of standard I/O
+functions (including a fork of fputc_careful())
+and adds a lot of complexity ‒ open_memstream() is standard,
+and fits perfectly into this niche
+---
+ term-utils/wall.c | 95 ++++++++++-------------------------------------
+ 1 file changed, 20 insertions(+), 75 deletions(-)
+
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index 53718e6..0531a7f 100644
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -272,74 +272,22 @@ int main(int argc, char **argv)
+ 	exit(EXIT_SUCCESS);
+ }
+ 
+-struct buffer {
+-	size_t	sz;
+-	size_t	used;
+-	char	*data;
+-};
+-
+-static void buf_enlarge(struct buffer *bs, size_t len)
++static void buf_putc_careful(FILE *fs, int c)
+ {
+-	if (bs->sz == 0 || len > bs->sz - bs->used) {
+-		bs->sz += len < 128 ? 128 : len;
+-		bs->data = xrealloc(bs->data, bs->sz);
+-	}
+-}
+-
+-static void buf_puts(struct buffer *bs, const char *s)
+-{
+-	size_t len = strlen(s);
+-
+-	buf_enlarge(bs, len + 1);
+-	memcpy(bs->data + bs->used, s, len + 1);
+-	bs->used += len;
+-}
+-
+-static void __attribute__((__format__ (__printf__, 2, 3)))
+-	buf_printf(struct buffer *bs, const char *fmt, ...)
+-{
+-	int rc;
+-	va_list ap;
+-	size_t limit;
+-
+-	buf_enlarge(bs, 0);	/* default size */
+-	limit = bs->sz - bs->used;
+-
+-	va_start(ap, fmt);
+-	rc = vsnprintf(bs->data + bs->used, limit, fmt, ap);
+-	va_end(ap);
+-
+-	if (rc >= 0 && (size_t) rc >= limit) {	/* not enough, enlarge */
+-		buf_enlarge(bs, (size_t)rc + 1);
+-		limit = bs->sz - bs->used;
+-		va_start(ap, fmt);
+-		rc = vsnprintf(bs->data  + bs->used, limit, fmt, ap);
+-		va_end(ap);
+-	}
+-
+-	if (rc > 0)
+-		bs->used += rc;
+-}
+-
+-static void buf_putc_careful(struct buffer *bs, int c)
+-{
+-	if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n') {
+-		buf_enlarge(bs, 1);
+-		bs->data[bs->used++] = c;
+-	} else if (!c_isascii(c))
+-		buf_printf(bs, "\\%3o", (unsigned char)c);
+-	else {
+-		char tmp[] = { '^', c ^ 0x40, '\0' };
+-		buf_puts(bs, tmp);
+-	}
++	if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n')
++		fputc(c, fs);
++	else if (!c_isascii(c))
++		fprintf(fs, "\\%3o", (unsigned char)c);
++	else
++		fputs((char[]){ '^', c ^ 0x40, '\0' }, fs);
+ }
+ 
+ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		     size_t *mbufsize, int print_banner)
+ {
+-	struct buffer _bs = {.used = 0}, *bs = &_bs;
+ 	register int ch, cnt;
+-	char *p, *lbuf;
++	char *p, *lbuf, *retbuf;
++	FILE * fs = open_memstream(&retbuf, mbufsize);
+ 	long line_max;
+ 
+ 	line_max = sysconf(_SC_LINE_MAX);
+@@ -379,16 +327,16 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		 */
+ 		/* snprintf is not always available, but the sprintf's here
+ 		   will not overflow as long as %d takes at most 100 chars */
+-		buf_printf(bs, "\r%*s\r\n", TERM_WIDTH, " ");
++		fprintf(fs, "\r%*s\r\n", TERM_WIDTH, " ");
+ 
+ 		snprintf(lbuf, line_max,
+ 				_("Broadcast message from %s@%s (%s) (%s):"),
+ 				whom, hostname, where, date);
+-		buf_printf(bs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
++		fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
+ 		free(hostname);
+ 		free(date);
+ 	}
+-	buf_printf(bs, "%*s\r\n", TERM_WIDTH, " ");
++	fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
+ 
+ 	 if (mvec) {
+ 		/*
+@@ -397,11 +345,11 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		int i;
+ 
+ 		for (i = 0; i < mvecsz; i++) {
+-			buf_puts(bs, mvec[i]);
++			fputs(mvec[i], fs);
+ 			if (i < mvecsz - 1)
+-				buf_puts(bs, " ");
++				fputc(' ', fs);
+ 		}
+-		buf_puts(bs, "\r\n");
++		fputs("\r\n", fs);
+ 	} else {
+ 		/*
+ 		 * read message from <file>
+@@ -429,23 +377,20 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		while (fgets(lbuf, line_max, stdin)) {
+ 			for (cnt = 0, p = lbuf; (ch = *p) != '\0'; ++p, ++cnt) {
+ 				if (cnt == TERM_WIDTH || ch == '\n') {
+-					for (; cnt < TERM_WIDTH; ++cnt)
+-						buf_puts(bs, " ");
+-					buf_puts(bs, "\r\n");
++					fprintf(fs, "%*s\r\n", TERM_WIDTH - cnt, "");
+ 					cnt = 0;
+ 				}
+ 				if (ch == '\t')
+ 					cnt += (7 - (cnt % 8));
+ 				if (ch != '\n')
+-					buf_putc_careful(bs, ch);
++					buf_putc_careful(fs, ch);
+ 			}
+ 		}
+ 	}
+-	buf_printf(bs, "%*s\r\n", TERM_WIDTH, " ");
++	fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
+ 
+ 	free(lbuf);
+ 
+-	bs->data[bs->used] = '\0';	/* be paranoid */
+-	*mbufsize = bs->used;
+-	return bs->data;
++	fclose(fs);
++	return retbuf;
+ }
+-- 
+2.33.0
+

backport-wall-use-fputs_careful.patch

@@ -0,0 +1,218 @@
+From aa13246a1bf1be9e4f6eb331f4d4d2dbc875e22f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Wed, 15 Mar 2023 16:16:48 +0100
+Subject: [PATCH] wall: use fputs_careful()
+
+LINE_MAX only applies to teletypes in canonical mode: when stdin is a
+file, it could still very much tear; start off at 512 for the sprintf(),
+then use getline() like in write.
+
+The line wrapping has one suboptimal edge-case:
+  $ wall < all
+
+  Broadcast message from nabijaczleweli@tarta (pts/4) (Tue Mar 14 22:31:25
+  2023):
+
+  ^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\^]^^^_
+  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ
+  KLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~^?\200\201\202\203\204\205\206
+  \207\210\211\212\213\214\215\216\217\220\221\222\223\224\225\226\227\230\231\232
+  \233\234\235\236\237\240\241\242\243\244\245\246\247\250\251\252\253\254\255\256
+  \257\260\261\262\263\264\265\266\267\270\271\272\273\274\275\276\277\300\301\302
+  \303\304\305\306\307\310\311\312\313\314\315\316\317\320\321\322\323\324\325\326
+  \327\330\331\332\333\334\335\336\337\340\341\342\343\344\345\346\347\350\351\352
+  \353\354\355\356\357\360\361\362\363\364\365\366\367\370\371\372\373\374\375\376
+  \377
+but that's a pathological input, and the result is still infinitely
+better than it was before, so fixing that is more trouble than it's
+worth.
+
+Bug-Debian: https://bugs.debian.org/826596
+---
+ include/carefulputc.h | 42 +++++++++++++++++++++++++++++++++---------
+ login-utils/last.c    |  2 +-
+ term-utils/wall.c     | 38 ++++++--------------------------------
+ term-utils/write.c    |  2 +-
+ 4 files changed, 41 insertions(+), 43 deletions(-)
+
+diff --git a/include/carefulputc.h b/include/carefulputc.h
+index 4f74526..51d1c99 100644
+--- a/include/carefulputc.h
++++ b/include/carefulputc.h
+@@ -6,6 +6,7 @@
+ #include <ctype.h>
+ #ifdef HAVE_WIDECHAR
+ #include <wctype.h>
++#include <wchar.h>
+ #endif
+ #include <stdbool.h>
+ 
+@@ -15,18 +16,35 @@
+  * A puts() for use in write and wall (that sometimes are sgid tty).
+  * It avoids control and invalid characters.
+  * The locale of the recipient is nominally unknown,
+- * but it's a solid bet that the encoding is compatible with the author's.
++ * but it's a solid bet that it's compatible with the author's.
++ * Use soft_width=0 to disable wrapping.
+  */
+-static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool cr_lf)
++static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool cr_lf, int soft_width)
+ {
+-	int ret = 0;
++	int ret = 0, col = 0;
+ 
+ 	for (size_t slen = strlen(s); *s; ++s, --slen) {
+-		if (*s == '\n')
++		if (*s == '\t')
++			col += (7 - (col % 8)) - 1;
++		else if (*s == '\r')
++			col = -1;
++		else if (*s == '\a')
++			--col;
++
++		if ((soft_width && col >= soft_width) || *s == '\n') {
++			if (soft_width) {
++				fprintf(fp, "%*s", soft_width - col, "");
++				col = 0;
++			}
+ 			ret = fputs(cr_lf ? "\r\n" : "\n", fp);
+-		else if (isprint(*s) || *s == '\a' || *s == '\t' || *s == '\r')
++			if (*s == '\n' || ret < 0)
++				goto wrote;
++		}
++
++		if (isprint(*s) || *s == '\a' || *s == '\t' || *s == '\r') {
+ 			ret = putc(*s, fp);
+-		else if (!c_isascii(*s)) {
++			++col;
++		} else if (!c_isascii(*s)) {
+ #ifdef HAVE_WIDECHAR
+ 			wchar_t w;
+ 			size_t clen = mbtowc(&w, s, slen);
+@@ -35,21 +53,27 @@ static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool
+ 				case (size_t)-1:  // EILSEQ
+ 					mbtowc(NULL, NULL, 0);
+ 				nonprint:
+-					ret = fprintf(fp, "\\%3hho", *s);
++					col += ret = fprintf(fp, "\\%3hho", *s);
+ 					break;
+ 				default:
+ 					if(!iswprint(w))
+ 						goto nonprint;
+ 					ret = fwrite(s, 1, clen, fp);
++					if (soft_width)
++						col += wcwidth(w);
+ 					s += clen - 1;
+ 					slen -= clen - 1;
+ 					break;
+ 			}
+ #else
+-			ret = fprintf(fp, "\\%3hho", *s);
++			col += ret = fprintf(fp, "\\%3hho", *s);
+ #endif
+-		} else
++		} else {
+ 			ret = fputs((char[]){ ctrl, *s ^ 0x40, '\0' }, fp);
++			col += 2;
++		}
++
++	wrote:
+ 		if (ret < 0)
+ 			return EOF;
+ 	}
+diff --git a/login-utils/last.c b/login-utils/last.c
+index c5984f1..8386f08 100644
+--- a/login-utils/last.c
++++ b/login-utils/last.c
+@@ -550,7 +550,7 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
+ 	/*
+ 	 *	Print out "final" string safely.
+ 	 */
+-	fputs_careful(final, stdout, '*', false);
++	fputs_careful(final, stdout, '*', false, 0);
+ 
+ 	if (len < 0 || (size_t)len >= sizeof(final))
+ 		putchar('\n');
+diff --git a/term-utils/wall.c b/term-utils/wall.c
+index 97623b8..fa5e027 100644
+--- a/term-utils/wall.c
++++ b/term-utils/wall.c
+@@ -273,29 +273,13 @@ int main(int argc, char **argv)
+ 	exit(EXIT_SUCCESS);
+ }
+ 
+-static void buf_putc_careful(FILE *fs, int c)
+-{
+-	if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n')
+-		fputc(c, fs);
+-	else if (!c_isascii(c))
+-		fprintf(fs, "\\%3o", (unsigned char)c);
+-	else
+-		fputs((char[]){ '^', c ^ 0x40, '\0' }, fs);
+-}
+-
+ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		     size_t *mbufsize, int print_banner)
+ {
+-	register int ch, cnt;
+-	char *p, *lbuf, *retbuf;
++	char *lbuf, *retbuf;
+ 	FILE * fs = open_memstream(&retbuf, mbufsize);
+-	long line_max;
+-
+-	line_max = sysconf(_SC_LINE_MAX);
+-	if (line_max <= 0)
+-		line_max = 512;
+-
+-	lbuf = xmalloc(line_max);
++	size_t lbuflen = 512;
++	lbuf = xmalloc(lbuflen);
+ 
+ 	if (print_banner == TRUE) {
+ 		char *hostname = xgethostname();
+@@ -330,7 +314,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		   will not overflow as long as %d takes at most 100 chars */
+ 		fprintf(fs, "\r%*s\r\n", TERM_WIDTH, " ");
+ 
+-		snprintf(lbuf, line_max,
++		snprintf(lbuf, lbuflen,
+ 				_("Broadcast message from %s@%s (%s) (%s):"),
+ 				whom, hostname, where, date);
+ 		fprintf(fs, "%-*.*s\007\007\r\n", TERM_WIDTH, TERM_WIDTH, lbuf);
+@@ -374,18 +358,8 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
+ 		/*
+ 		 * Read message from stdin.
+ 		 */
+-		while (fgets(lbuf, line_max, stdin)) {
+-			for (cnt = 0, p = lbuf; (ch = *p) != '\0'; ++p, ++cnt) {
+-				if (cnt == TERM_WIDTH || ch == '\n') {
+-					fprintf(fs, "%*s\r\n", TERM_WIDTH - cnt, "");
+-					cnt = 0;
+-				}
+-				if (ch == '\t')
+-					cnt += (7 - (cnt % 8));
+-				if (ch != '\n')
+-					buf_putc_careful(fs, ch);
+-			}
+-		}
++		while (getline(&lbuf, &lbuflen, stdin) >= 0)
++			fputs_careful(lbuf, fs, '^', true, TERM_WIDTH);
+ 	}
+ 	fprintf(fs, "%*s\r\n", TERM_WIDTH, " ");
+ 
+diff --git a/term-utils/write.c b/term-utils/write.c
+index 710a58c..1d57fce 100644
+--- a/term-utils/write.c
++++ b/term-utils/write.c
+@@ -276,7 +276,7 @@ static void do_write(const struct write_control *ctl)
+ 		if (signal_received)
+ 			break;
+ 
+-		if (fputs_careful(line, stdout, '^', true) == EOF)
++		if (fputs_careful(line, stdout, '^', true, 0) == EOF)
+ 			err(EXIT_FAILURE, _("carefulputc failed"));
+ 	}
+ 	free(line);
+-- 
+2.19.1
+

backport-write-correctly-handle-wide-characters.patch

@@ -0,0 +1,200 @@
+From 8a7b8456d1dc0e7ca557d1ac31f638986704757f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
+Date: Wed, 15 Mar 2023 16:16:31 +0100
+Subject: [PATCH] write: correctly handle wide characters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do this by replacing fputc_careful() (notice that the description said
+it's locale-aware ‒ it very much is /not/), with a fputs_careful() which
+does the same thing, but if it were to output a byte in the \123 format,
+first it checks whether this byte starts a valid multibyte character.
+
+If it does, and that character is printable, write it verbatim.
+This means that
+  echo 'foo åäö ąęćźżń bar' | write nabijaczleweli pts/4
+instead of
+  foo \303\245\303\244\303\266
+  \304\205\304\231\304\207\305\272\305\274\305\204 bar
+yields
+  foo åäö ąęćźżń bar
+or, more realistically, from a message I got earlier today,
+  Filip powiedzia\305\202 \305\274e zap\305\202aci jutro
+becomes
+  Filip powiedział że zapłaci jutro
+
+Invalid/non-printable sequences get processed as before.
+
+Line reading in write must become getline() to avoid dealing with
+partial characters: for example on input consisting solely of
+ąęćźżń, where every {1} is an instance, the output would be
+  {42}ąęć\305\272żń{84}ąęćź\305\274ń{84}ąęćźż\305\204{39}
+with just fixed-512 fgets()
+
+Bug-Debian: https://bugs.debian.org/826596
+---
+ include/carefulputc.h | 62 +++++++++++++++++++++++++++++++------------
+ login-utils/last.c    |  4 +--
+ term-utils/write.c    | 25 +++++------------
+ 3 files changed, 53 insertions(+), 38 deletions(-)
+
+diff --git a/include/carefulputc.h b/include/carefulputc.h
+index f1c0356..4f74526 100644
+--- a/include/carefulputc.h
++++ b/include/carefulputc.h
+@@ -1,31 +1,59 @@
+ #ifndef UTIL_LINUX_CAREFULPUTC_H
+ #define UTIL_LINUX_CAREFULPUTC_H
+ 
+-/*
+- * A putc() for use in write and wall (that sometimes are sgid tty).
+- * It avoids control characters in our locale, and also ASCII control
+- * characters.   Note that the locale of the recipient is unknown.
+-*/
+ #include <stdio.h>
+ #include <string.h>
+ #include <ctype.h>
++#ifdef HAVE_WIDECHAR
++#include <wctype.h>
++#endif
++#include <stdbool.h>
+ 
+ #include "cctype.h"
+ 
+-static inline int fputc_careful(int c, FILE *fp, const char fail)
++/*
++ * A puts() for use in write and wall (that sometimes are sgid tty).
++ * It avoids control and invalid characters.
++ * The locale of the recipient is nominally unknown,
++ * but it's a solid bet that the encoding is compatible with the author's.
++ */
++static inline int fputs_careful(const char * s, FILE *fp, const char ctrl, bool cr_lf)
+ {
+-	int ret;
+-
+-	if (isprint(c) || c == '\a' || c == '\t' || c == '\r' || c == '\n')
+-		ret = putc(c, fp);
+-	else if (!c_isascii(c))
+-		ret = fprintf(fp, "\\%3o", (unsigned char)c);
+-	else {
+-		ret = putc(fail, fp);
+-		if (ret != EOF)
+-			ret = putc(c ^ 0x40, fp);
++	int ret = 0;
++
++	for (size_t slen = strlen(s); *s; ++s, --slen) {
++		if (*s == '\n')
++			ret = fputs(cr_lf ? "\r\n" : "\n", fp);
++		else if (isprint(*s) || *s == '\a' || *s == '\t' || *s == '\r')
++			ret = putc(*s, fp);
++		else if (!c_isascii(*s)) {
++#ifdef HAVE_WIDECHAR
++			wchar_t w;
++			size_t clen = mbtowc(&w, s, slen);
++			switch(clen) {
++				case (size_t)-2:  // incomplete
++				case (size_t)-1:  // EILSEQ
++					mbtowc(NULL, NULL, 0);
++				nonprint:
++					ret = fprintf(fp, "\\%3hho", *s);
++					break;
++				default:
++					if(!iswprint(w))
++						goto nonprint;
++					ret = fwrite(s, 1, clen, fp);
++					s += clen - 1;
++					slen -= clen - 1;
++					break;
++			}
++#else
++			ret = fprintf(fp, "\\%3hho", *s);
++#endif
++		} else
++			ret = fputs((char[]){ ctrl, *s ^ 0x40, '\0' }, fp);
++		if (ret < 0)
++			return EOF;
+ 	}
+-	return (ret < 0) ? EOF : 0;
++	return 0;
+ }
+ 
+ /*
+diff --git a/login-utils/last.c b/login-utils/last.c
+index 9d71ba4..c5984f1 100644
+--- a/login-utils/last.c
++++ b/login-utils/last.c
+@@ -395,7 +395,6 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
+ 	char		final[512];
+ 	char		utline[sizeof(p->ut_line) + 1];
+ 	char		domain[256];
+-	char		*s;
+ 	int		mins, hours, days;
+ 	int		r, len;
+ 	struct last_timefmt *fmt;
+@@ -551,8 +550,7 @@ static int list(const struct last_control *ctl, struct utmpx *p, time_t logout_t
+ 	/*
+ 	 *	Print out "final" string safely.
+ 	 */
+-	for (s = final; *s; s++)
+-		fputc_careful(*s, stdout, '*');
++	fputs_careful(final, stdout, '*', false);
+ 
+ 	if (len < 0 || (size_t)len >= sizeof(final))
+ 		putchar('\n');
+diff --git a/term-utils/write.c b/term-utils/write.c
+index 50f18dc..710a58c 100644
+--- a/term-utils/write.c
++++ b/term-utils/write.c
+@@ -223,21 +223,6 @@ static void signal_handler(int signo)
+ 	signal_received = signo;
+ }
+ 
+-/*
+- * write_line - like fputs(), but makes control characters visible and
+- *     turns \n into \r\n.
+- */
+-static void write_line(char *s)
+-{
+-	while (*s) {
+-		const int c = *s++;
+-
+-		if ((c == '\n' && fputc_careful('\r', stdout, '^') == EOF)
+-		    || fputc_careful(c, stdout, '^') == EOF)
+-			err(EXIT_FAILURE, _("carefulputc failed"));
+-	}
+-}
+-
+ /*
+  * do_write - actually make the connection
+  */
+@@ -247,7 +232,8 @@ static void do_write(const struct write_control *ctl)
+ 	struct passwd *pwd;
+ 	time_t now;
+ 	struct tm *tm;
+-	char *host, line[512];
++	char *host, *line = NULL;
++	size_t linelen = 0;
+ 	struct sigaction sigact;
+ 
+ 	/* Determine our login name(s) before the we reopen() stdout */
+@@ -286,11 +272,14 @@ static void do_write(const struct write_control *ctl)
+ 	free(host);
+ 	printf("\r\n");
+ 
+-	while (fgets(line, sizeof(line), stdin) != NULL) {
++	while (getline(&line, &linelen, stdin) >= 0) {
+ 		if (signal_received)
+ 			break;
+-		write_line(line);
++
++		if (fputs_careful(line, stdout, '^', true) == EOF)
++			err(EXIT_FAILURE, _("carefulputc failed"));
+ 	}
++	free(line);
+ 	printf("EOF\r\n");
+ }
+ 
+-- 
+2.19.1
+

util-linux.spec

@@ -2,7 +2,7 @@
 
 Name:           util-linux
 Version:        2.35.2
-Release:        15
+Release:        20
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -82,12 +82,23 @@ Patch6002:      backport-CVE-2021-3995.patch
 Patch6003:      backport-CVE-2021-3996.patch
 Patch6004:      backport-prlimit-fix-optional-arguments-parsing.patch
 Patch6005:      backport-lscpu-use-SMBIOS-tables-on-ARM-for-lscpu.patch
+Patch6006:      backport-wall-add-__format__-attribute.patch
+Patch6007:      backport-write-correctly-handle-wide-characters.patch
+Patch6008:      backport-wall-convert-homebrew-buffering-to-open_memstream.patch
+Patch6009:      backport-wall-use-fputs_careful.patch
+Patch6010:      backport-CVE-2024-28085.patch
+Patch6011:      backport-tests-fix-misc-setarch-run-in-a-docker-environment.patch
+Patch6012:      backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch
+Patch6013:      backport-libblkid-drbd-reduce-false-positive.patch
+Patch6014:      backport-libfdisk-fix-fdisk_reread_changes-for-extended-partitions.patch
+Patch6015:      backport-mkfs.bfs-fix-memory-leaks-and-weak-code.patch
 
 Patch9000:	Add-check-to-resolve-uname26-version-test-failed.patch
 Patch9001:      modify-rescuemode-chinese-error.patch
 Patch9002:      huawei-bios-model-name.patch
 Patch9003:      backport-uuidd-fix-open-lock-state-issue.patch
 
+
 %description
 The util-linux package contains a random collection of files that
 implements some low-level basic linux utilities.
@@ -167,7 +178,7 @@ This package provides python support for users to use the libmount library
 to work with mount tables and mount filesystems.
 
 %package devel
-Summary:        Development package for ${name}
+Summary:        Development package for %{name}
 License:        LGPLv2+ and BSD
 Requires:       %{name} = %{version}-%{release} pkgconfig
 Provides:       libfdisk-devel libsmartcols-devel libmount-devel libblkid-devel libuuid-devel
@@ -178,7 +189,7 @@ This package contains some library and other necessary files for the
 development of %{name}.
 
 %package help
-Summary:        Help package for ${name}
+Summary:        Help package for %{name}
 BuildArch:      noarch
 Requires:       %{name} = %{version}-%{release}
 Obsoletes:      hardlink-help <= 1:1.3-9
@@ -433,6 +444,36 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
 
 %changelog
+* Mon Apr 14 2025 hugel <gengqihu2@h-partners.com> - 2.35.2-20
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:mkfs.bfs fix memory leaks
+
+* Fri Sep 20 2024 Yu Peng <yupeng@kylinos.cn> - 2.35.2-19
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync community patches
+	   backport-libfdisk-fix-fdisk_reread_changes-for-extended-partitions.patch
+
+* Mon Aug 5 2024 liyuzhe <liyuzhe@cqsoftware.com.cn> - 2.35.2-18
+- Fixed incorrect macro usage in summary fields of devel and help subpackages
+
+* Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 2.35.2-17
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync community patches
+       backport-include-c.h-add-helpers-for-unaligned-structure-acce.patch
+       backport-libblkid-drbd-reduce-false-positive.patch
+
+* Fri Mar 29 2024 zhangyao<zhangyao108@huawei.com> - 2.35.2-16
+- Type:CVE
+- CVE:CVE-2024-28085
+- SUG:NA
+- DESC:fix CVE-2024-28085 and fix setarch test failed
+
 * Tue Mar 19 2024 cenhuilin <cenhuilin@kylinos.cn> - 2.35.2-15
 - Type:bugfix
 - CVE:NA

write-fix-potential-string-overflow.patch

@@ -1,41 +0,0 @@
-From cdf84bf65804873708b2b76551d64116123ac128 Mon Sep 17 00:00:00 2001
-From: Sami Kerola <kerolasa@iki.fi>
-Date: Sat, 8 Feb 2020 21:12:14 +0000
-Subject: [PATCH 038/389] write: fix potential string overflow
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Noticed when compiled with gcc verion 9.2.1 20200130.
-
-term-utils/write.c:182:7: warning: ‘strcmp’ argument 1 declared attribute
-			  ‘nonstring’ [-Wstringop-overflow=]
-  182 |   if (strcmp(u->ut_line, ctl->src_tty_name) == 0) {
-      |       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-In file included from /usr/include/utmpx.h:31,
-                 from term-utils/write.c:60:
-/usr/include/bits/utmpx.h:59:8: note: argument ‘ut_line’ declared here
-   59 |   char ut_line[__UT_LINESIZE]
-      |        ^~~~~~~
-
-Signed-off-by: Sami Kerola <kerolasa@iki.fi>
----
- term-utils/write.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/term-utils/write.c b/term-utils/write.c
-index 3436fbd..90eb18c 100644
---- a/term-utils/write.c
-+++ b/term-utils/write.c
-@@ -179,7 +179,7 @@ static void search_utmp(struct write_control *ctl)
- 		if (ctl->src_uid && !tty_writeable)
- 			/* skip ttys with msgs off */
- 			continue;
--		if (strcmp(u->ut_line, ctl->src_tty_name) == 0) {
-+		if (memcmp(u->ut_line, ctl->src_tty_name, strlen(ctl->src_tty_name) + 1) == 0) {
- 			user_is_me = 1;
- 			/* don't write to yourself */
- 			continue;
--- 
-1.8.3.1
-