[ptxdist] [PATCH 0/2] util-linux: Switch back to tarball download and version bump to 2.42.2

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

* [ptxdist] [PATCH 0/2] util-linux: Switch back to tarball download and version bump to 2.42.2
@ 2026-06-19  7:47 Alexander Dahl via ptxdist
  2026-06-19  7:47 ` [ptxdist] [PATCH 1/2] util-linux: Switch back from git to tarball download Alexander Dahl via ptxdist
  2026-06-19  7:47 ` [ptxdist] [PATCH 2/2] util-linux: version bump 2.42.1 -> 2.42.2 Alexander Dahl via ptxdist
  0 siblings, 2 replies; 5+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-06-19  7:47 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl, Christian Melki

Hei hei,

before doing the version bump with security fixes, I checked release
checksums and signatures and got confused about the file
util-linux-2.42.2.tar.gz I had just downloaded.  Turns out ptxdist got
that from git.  However upstream repaired its tarball generation and now
it is possible to use meson to build from release tarball.  Thus
switching back to tarball download before doing the version bump.  See
commit messages for details.

Greets
Alex

Alexander Dahl (2):
  util-linux: Switch back from git to tarball download
  util-linux: version bump 2.42.1 -> 2.42.2

 rules/util-linux.make | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

base-commit: 3d185e7c01807e7a2f58a89fe811ed572d267099
-- 
2.47.3

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [ptxdist] [PATCH 1/2] util-linux: Switch back from git to tarball download
  2026-06-19  7:47 [ptxdist] [PATCH 0/2] util-linux: Switch back to tarball download and version bump to 2.42.2 Alexander Dahl via ptxdist
@ 2026-06-19  7:47 ` Alexander Dahl via ptxdist
  2026-06-25 19:23   ` [ptxdist] [APPLIED] " Michael Olbrich
  2026-06-19  7:47 ` [ptxdist] [PATCH 2/2] util-linux: version bump 2.42.1 -> 2.42.2 Alexander Dahl via ptxdist
  1 sibling, 1 reply; 5+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-06-19  7:47 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl, Christian Melki

Meanwhile util-linux release process checks tarballs have all the
meson.build files required, and meson build from tarball succeeds.

Rolling back url related changes from commit c7f0ce7be8df ("util-linux:
Version bump.  2.39.3 -> 2.40"), which includes switching from tar.gz to
tar.xz, thus updating checksum.  User might have some .tar.gz files from
git which are not equal to distributed .tar.gz files, but switching to
.tar.xz here should avoid checksum mismatches.

Allows for verifying tarballs against .tar.sign and comparing checksums
to other distributions again.

Link: https://github.com/util-linux/util-linux/issues/3460
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/util-linux.make | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/rules/util-linux.make b/rules/util-linux.make
index f77666d7f..bf6817c2a 100644
--- a/rules/util-linux.make
+++ b/rules/util-linux.make
@@ -16,10 +16,11 @@ PACKAGES-$(PTXCONF_UTIL_LINUX) += util-linux
 # Paths and names
 #
 UTIL_LINUX_VERSION	:= 2.42.1
-UTIL_LINUX_SHA256	:= 138a3bd9049afa5eeeea73f1e9c0ed7bddf3e55ba4ec29924965a932ec738f01
+UTIL_LINUX_SHA256	:= 82e9158eb12a9b0b569d84e1687fed9dd18fe89ccd8ef5ac3427218a7c0d7f7f
 UTIL_LINUX		:= util-linux-$(UTIL_LINUX_VERSION)
-UTIL_LINUX_SUFFIX	:= tar.gz
-UTIL_LINUX_URL		:= https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/snapshot/$(UTIL_LINUX).$(UTIL_LINUX_SUFFIX)
+UTIL_LINUX_SUFFIX	:= tar.xz
+UTIL_LINUX_BASENAME	:= v$(if $(filter 2,$(basename $(UTIL_LINUX_VERSION))),$(UTIL_LINUX_VERSION),$(basename $(UTIL_LINUX_VERSION)))
+UTIL_LINUX_URL		:= $(call ptx/mirror, KERNEL, utils/util-linux/$(UTIL_LINUX_BASENAME)/$(UTIL_LINUX).$(UTIL_LINUX_SUFFIX))
 UTIL_LINUX_SOURCE	:= $(SRCDIR)/$(UTIL_LINUX).$(UTIL_LINUX_SUFFIX)
 UTIL_LINUX_DIR		:= $(BUILDDIR)/$(UTIL_LINUX)
 UTIL_LINUX_LICENSE	:= GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.0-or-later AND BSD-3-Clause AND BSD-4-Clause AND MIT AND ISC AND public_domain
-- 
2.47.3




^ permalink raw reply	[flat|nested] 5+ messages in thread

* [ptxdist] [PATCH 2/2] util-linux: version bump 2.42.1 -> 2.42.2
  2026-06-19  7:47 [ptxdist] [PATCH 0/2] util-linux: Switch back to tarball download and version bump to 2.42.2 Alexander Dahl via ptxdist
  2026-06-19  7:47 ` [ptxdist] [PATCH 1/2] util-linux: Switch back from git to tarball download Alexander Dahl via ptxdist
@ 2026-06-19  7:47 ` Alexander Dahl via ptxdist
  2026-06-25 19:23   ` [ptxdist] [APPLIED] " Michael Olbrich
  1 sibling, 1 reply; 5+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-06-19  7:47 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl, Christian Melki

Security fixes:

 CVE-2026-53613 - mount(8) TOCTOU race on target path.
 CVE-2026-53612 - mount(8) TOCTOU race on post-mount owner/mode change.
 CVE-2026-53614 - mount(8) SUID bypass via LIBMOUNT_FORCE_MOUNT2.
 CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device (follow-up).
 libblkid: use-after-free in nested partition probing.

Link: https://www.kernel.org/pub/linux/utils/util-linux/v2.42/v2.42.2-ReleaseNotes
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/util-linux.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/util-linux.make b/rules/util-linux.make
index bf6817c2a..33e525820 100644
--- a/rules/util-linux.make
+++ b/rules/util-linux.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_UTIL_LINUX) += util-linux
 #
 # Paths and names
 #
-UTIL_LINUX_VERSION	:= 2.42.1
-UTIL_LINUX_SHA256	:= 82e9158eb12a9b0b569d84e1687fed9dd18fe89ccd8ef5ac3427218a7c0d7f7f
+UTIL_LINUX_VERSION	:= 2.42.2
+UTIL_LINUX_SHA256	:= 03a05d3adf9602ef128f2da05b84b3205ce60c351e5737c0370f74000679ce8a
 UTIL_LINUX		:= util-linux-$(UTIL_LINUX_VERSION)
 UTIL_LINUX_SUFFIX	:= tar.xz
 UTIL_LINUX_BASENAME	:= v$(if $(filter 2,$(basename $(UTIL_LINUX_VERSION))),$(UTIL_LINUX_VERSION),$(basename $(UTIL_LINUX_VERSION)))
-- 
2.47.3




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [ptxdist] [APPLIED] util-linux: Switch back from git to tarball download
  2026-06-19  7:47 ` [ptxdist] [PATCH 1/2] util-linux: Switch back from git to tarball download Alexander Dahl via ptxdist
@ 2026-06-25 19:23   ` Michael Olbrich
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2026-06-25 19:23 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl

Thanks, applied as 13089cf480c362d10412e2761fb24459a03eaf53.

Michael

[sent from post-receive hook]

On Thu, 25 Jun 2026 21:23:31 +0200, Alexander Dahl <ada@thorsis.com> wrote:
> Meanwhile util-linux release process checks tarballs have all the
> meson.build files required, and meson build from tarball succeeds.
> 
> Rolling back url related changes from commit c7f0ce7be8df ("util-linux:
> Version bump.  2.39.3 -> 2.40"), which includes switching from tar.gz to
> tar.xz, thus updating checksum.  User might have some .tar.gz files from
> git which are not equal to distributed .tar.gz files, but switching to
> .tar.xz here should avoid checksum mismatches.
> 
> Allows for verifying tarballs against .tar.sign and comparing checksums
> to other distributions again.
> 
> Link: https://github.com/util-linux/util-linux/issues/3460
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20260619074744.1129667-2-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/util-linux.make b/rules/util-linux.make
> index f77666d7f83f..bf6817c2a565 100644
> --- a/rules/util-linux.make
> +++ b/rules/util-linux.make
> @@ -16,10 +16,11 @@ PACKAGES-$(PTXCONF_UTIL_LINUX) += util-linux
>  # Paths and names
>  #
>  UTIL_LINUX_VERSION	:= 2.42.1
> -UTIL_LINUX_SHA256	:= 138a3bd9049afa5eeeea73f1e9c0ed7bddf3e55ba4ec29924965a932ec738f01
> +UTIL_LINUX_SHA256	:= 82e9158eb12a9b0b569d84e1687fed9dd18fe89ccd8ef5ac3427218a7c0d7f7f
>  UTIL_LINUX		:= util-linux-$(UTIL_LINUX_VERSION)
> -UTIL_LINUX_SUFFIX	:= tar.gz
> -UTIL_LINUX_URL		:= https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/snapshot/$(UTIL_LINUX).$(UTIL_LINUX_SUFFIX)
> +UTIL_LINUX_SUFFIX	:= tar.xz
> +UTIL_LINUX_BASENAME	:= v$(if $(filter 2,$(basename $(UTIL_LINUX_VERSION))),$(UTIL_LINUX_VERSION),$(basename $(UTIL_LINUX_VERSION)))
> +UTIL_LINUX_URL		:= $(call ptx/mirror, KERNEL, utils/util-linux/$(UTIL_LINUX_BASENAME)/$(UTIL_LINUX).$(UTIL_LINUX_SUFFIX))
>  UTIL_LINUX_SOURCE	:= $(SRCDIR)/$(UTIL_LINUX).$(UTIL_LINUX_SUFFIX)
>  UTIL_LINUX_DIR		:= $(BUILDDIR)/$(UTIL_LINUX)
>  UTIL_LINUX_LICENSE	:= GPL-2.0-only AND GPL-2.0-or-later AND LGPL-2.0-or-later AND BSD-3-Clause AND BSD-4-Clause AND MIT AND ISC AND public_domain



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [ptxdist] [APPLIED] util-linux: version bump 2.42.1 -> 2.42.2
  2026-06-19  7:47 ` [ptxdist] [PATCH 2/2] util-linux: version bump 2.42.1 -> 2.42.2 Alexander Dahl via ptxdist
@ 2026-06-25 19:23   ` Michael Olbrich
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2026-06-25 19:23 UTC (permalink / raw)
  To: ptxdist; +Cc: Alexander Dahl

Thanks, applied as f7c655564f624a8ba4385496a4cbf8252a8b9b09.

Michael

[sent from post-receive hook]

On Thu, 25 Jun 2026 21:23:32 +0200, Alexander Dahl <ada@thorsis.com> wrote:
> Security fixes:
> 
>  CVE-2026-53613 - mount(8) TOCTOU race on target path.
>  CVE-2026-53612 - mount(8) TOCTOU race on post-mount owner/mode change.
>  CVE-2026-53614 - mount(8) SUID bypass via LIBMOUNT_FORCE_MOUNT2.
>  CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device (follow-up).
>  libblkid: use-after-free in nested partition probing.
> 
> Link: https://www.kernel.org/pub/linux/utils/util-linux/v2.42/v2.42.2-ReleaseNotes
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20260619074744.1129667-3-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/util-linux.make b/rules/util-linux.make
> index bf6817c2a565..33e5258209a2 100644
> --- a/rules/util-linux.make
> +++ b/rules/util-linux.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_UTIL_LINUX) += util-linux
>  #
>  # Paths and names
>  #
> -UTIL_LINUX_VERSION	:= 2.42.1
> -UTIL_LINUX_SHA256	:= 82e9158eb12a9b0b569d84e1687fed9dd18fe89ccd8ef5ac3427218a7c0d7f7f
> +UTIL_LINUX_VERSION	:= 2.42.2
> +UTIL_LINUX_SHA256	:= 03a05d3adf9602ef128f2da05b84b3205ce60c351e5737c0370f74000679ce8a
>  UTIL_LINUX		:= util-linux-$(UTIL_LINUX_VERSION)
>  UTIL_LINUX_SUFFIX	:= tar.xz
>  UTIL_LINUX_BASENAME	:= v$(if $(filter 2,$(basename $(UTIL_LINUX_VERSION))),$(UTIL_LINUX_VERSION),$(basename $(UTIL_LINUX_VERSION)))



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-06-25 19:23 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-19  7:47 [ptxdist] [PATCH 0/2] util-linux: Switch back to tarball download and version bump to 2.42.2 Alexander Dahl via ptxdist
2026-06-19  7:47 ` [ptxdist] [PATCH 1/2] util-linux: Switch back from git to tarball download Alexander Dahl via ptxdist
2026-06-25 19:23   ` [ptxdist] [APPLIED] " Michael Olbrich
2026-06-19  7:47 ` [ptxdist] [PATCH 2/2] util-linux: version bump 2.42.1 -> 2.42.2 Alexander Dahl via ptxdist
2026-06-25 19:23   ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox