util-linux 2.37.4 Release Notes
===============================
This release fixes security issue in chsh(1) and chfn(8):
CVE-2022-0563
The readline library uses INPUTRC= environment variable to get a path
to the library config file. When the library cannot parse the
specified file, it prints an error message containing data from the
file.
Unfortunately, the library does not use secure_getenv() (or a similar
concept), or sanitize the config file path to avoid vulnerabilities that
could occur if set-user-ID or set-group-ID programs.
update 2.37.2 (2021-08-16) to 2.37.3 (2022-01-24)
Changelog:
- https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ChangeLog
util-linux 2.37.3 Release Notes
===============================
This release fixes two security mount(8) and umount(8) issues:
CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
update 1.0.24 (2020-12-11) to 1.0.25 (2022-01-31)
Changelog:
- https://github.com/libusb/libusb/blob/master/ChangeLog
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
update 1.0.6 to 1.0.8
NEWS 1.0.8 (6/9/2021):
----------------------
- Fixed double byte swap operation on writes of partition name data on
big-endian systems; this is in addition to the double byte swap fix on
reading partition label data fixed in 1.0.7. (Thanks to Erik Larsson for
both fixes.)
- Added feature to gdisk and sgdisk to enable swapping the byte order of
partition names, so as to correct disks already affected by the preceding
bug. This option is 'b' on the experts' menu in gdisk and
-b/--byte-swap-name in sgdisk. This seems advanced/obscure enough that I
don't want to clutter cgdisk's menu with this option, so I haven't added
it there.
- Added type code for the Barebox boot loader (0xbb00;
4778ED65-BF42-45FA-9C5B-287A1DC4AAB1).
- Trivial code cleanup.
News: 1.0.7 (2021-03-10)
------------------------
- Fixed bug that caused spurious warnings about the partition table
header claiming an invalid size of partition entries when reading
some MBR disks.
- Added ARM64 as an architecture for the Mac builds of gdisk and fixparts.
The official GPT fdisk binaries of these files for macOS are now
"universal" x86-64/ARM64 binaries, so they will run natively on the new M1
(ARM64) Macs. The sgdisk and cgdisk binaries, though, remain built only
for x86-64, because they rely on libraries that are not easily built in
"universal" form.
- Fixed double byte swap operation on partition label data on big-endian
CPUs. This resulted in partition names becoming gibberish on such CPUs.
- Added three new type codes:
- 0x0701 - Microsoft Storage Replica
- 0x0702 - ArcaOS Type 1
- 0x8401 - Storage Performance Development Kit (SPDK) block device
