sync community patches

(cherry picked from commit bbd2ccebcb5308ef52195c62293c7ed0d1cd0f43)

backport-blkid-fix-call-to-err_exclusive_options.patch

@@ -0,0 +1,32 @@
+From ee84a3bfaf1706269c3a54a546bb057189556e67 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Mon, 2 Oct 2023 11:39:53 +0200
+Subject: [PATCH] blkid: fix call to err_exclusive_options
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+err_exclusive_options needs to be passed the long options array,
+otherwise it will crash.
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ misc-utils/blkid.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/misc-utils/blkid.c b/misc-utils/blkid.c
+index 32bc6feea..6df4e074e 100644
+--- a/misc-utils/blkid.c
++++ b/misc-utils/blkid.c
+@@ -717,7 +717,7 @@ int main(int argc, char **argv)
+ 	while ((c = getopt_long (argc, argv,
+ 			    "c:DdgH:hilL:n:ko:O:ps:S:t:u:U:w:Vv", longopts, NULL)) != -1) {
+ 
+-		err_exclusive_options(c, NULL, excl, excl_st);
++		err_exclusive_options(c, longopts, excl, excl_st);
+ 
+ 		switch (c) {
+ 		case 'c':
+-- 
+2.33.0
+

backport-ldattach-don-t-call-exit-from-signal-handler.patch

@@ -0,0 +1,31 @@
+From de13900d71a968e859ab7aece4537dfd87c7185c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Fri, 22 Sep 2023 20:21:38 +0200
+Subject: [PATCH] ldattach: don't call exit() from signal handler
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Instead use _exit().
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ sys-utils/ldattach.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sys-utils/ldattach.c b/sys-utils/ldattach.c
+index 0a6b6f2d2..9c67eeec8 100644
+--- a/sys-utils/ldattach.c
++++ b/sys-utils/ldattach.c
+@@ -257,7 +257,7 @@ static int my_cfsetspeed(struct termios *ts, int speed)
+ static void handler(int s)
+ {
+ 	dbg("got SIG %i -> exiting", s);
+-	exit(EXIT_SUCCESS);
++	_exit(EXIT_SUCCESS);
+ }
+ 
+ static void gsm0710_set_conf(int tty_fd)
+-- 
+2.33.0
+

backport-lib-path-fix-possible-out-of-boundary-access.patch

@@ -0,0 +1,45 @@
+From 0129c883459894f3e7101cbfb987f08a2242474b Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Sun, 8 Oct 2023 20:41:29 +0200
+Subject: [PATCH] lib/path: fix possible out of boundary access
+
+If fgets reads from a file starting with a NUL byte in ul_path_cpuparse,
+then the check for newline leads to an out of boundary access.
+
+Proof of Concept (compile with --enable-asan):
+
+1. Prepare /tmp/poc with required files
+```
+$ install -d /tmp/poc/sys/devices/system/cpu
+$ dd if=/dev/zero of=/tmp/poc/sys/devices/system/cpu/possible bs=1 count=1
+$ install -D /dev/null /tmp/poc/proc/cpuinfo
+```
+
+2. Run lscpu with sysroot option
+```
+$ lscpu --sysroot /tmp/poc
+=================================================================
+==78238==ERROR: AddressSanitizer: heap-buffer-overflow
+```
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ lib/path.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/path.c b/lib/path.c
+index bf15ab9..5114e44 100644
+--- a/lib/path.c
++++ b/lib/path.c
+@@ -1013,7 +1013,7 @@ static int ul_path_cpuparse(struct path_cxt *pc, cpu_set_t **set, int maxcpus, i
+ 		return rc;
+ 
+ 	len = strlen(buf);
+-	if (buf[len - 1] == '\n')
++	if (len > 0 && buf[len - 1] == '\n')
+ 		buf[len - 1] = '\0';
+ 
+ 	*set = cpuset_alloc(maxcpus, &setsize, NULL);
+-- 
+2.33.0
+

backport-libblkid-avoid-memory-leak-of-cachefile-path.patch

@@ -0,0 +1,28 @@
+From beead87f3b65b1e9149d27779f5aac215a1f8b24 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Fri, 22 Sep 2023 11:20:04 +0200
+Subject: [PATCH] libblkid: avoid memory leak of cachefile path
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/config.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libblkid/src/config.c b/libblkid/src/config.c
+index f229b3e63..d3f5eea3d 100644
+--- a/libblkid/src/config.c
++++ b/libblkid/src/config.c
+@@ -155,6 +155,7 @@ dflt:
+ 		fclose(f);
+ 	return conf;
+ err:
++	free(conf->cachefile);
+ 	free(conf);
+ 	fclose(f);
+ 	return NULL;
+-- 
+2.33.0
+

backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch

@@ -0,0 +1,40 @@
+From 0cf52fc4a03db3c59ad31bde4e9a28b5642086dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Tue, 26 Sep 2023 00:27:22 +0200
+Subject: [PATCH] libblkid: (ntfs) validate that sector_size is a power of two
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The NTFS prober reads data based off an offset of the sector size.
+If the sector size is unaligned and the read data is cached then other
+probers can read unaligned values.
+
+Sector sizes for NTFS actually only make sense as power-of-two so
+validate that and as a sideeffect avoid the unaligned reads.
+
+Also add the reproducer from OSS-Fuzz that found this issue.
+
+Fixes #2509
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/superblocks/ntfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libblkid/src/superblocks/ntfs.c b/libblkid/src/superblocks/ntfs.c
+index dced699..0c4f297 100644
+--- a/libblkid/src/superblocks/ntfs.c
++++ b/libblkid/src/superblocks/ntfs.c
+@@ -97,7 +97,7 @@ static int __probe_ntfs(blkid_probe pr, const struct blkid_idmag *mag, int save_
+ 	 */
+ 	sector_size = le16_to_cpu(ns->bpb.sector_size);
+ 
+-	if (sector_size < 256 || sector_size > 4096)
++	if (sector_size < 256 || sector_size > 4096 || !is_power_of_2(sector_size))
+ 		return 1;
+ 
+ 	switch (ns->bpb.sectors_per_cluster) {
+-- 
+2.33.0
+

backport-libblkid-reset-errno-before-calling-probefuncs.patch

@@ -0,0 +1,58 @@
+From 4bc69757312cad09f0cd9dc0c04f483a76176203 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Mon, 2 Oct 2023 22:24:21 +0200
+Subject: [PATCH] libblkid: reset errno before calling probefuncs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The probers optionally use errno to communicate error details.
+When a leftover errno is set from libblkid internally this can confuse
+the probers.
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ libblkid/src/partitions/partitions.c   | 1 +
+ libblkid/src/superblocks/superblocks.c | 1 +
+ libblkid/src/topology/topology.c       | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/libblkid/src/partitions/partitions.c b/libblkid/src/partitions/partitions.c
+index 0e38cf4..38ec8df 100644
+--- a/libblkid/src/partitions/partitions.c
++++ b/libblkid/src/partitions/partitions.c
+@@ -555,6 +555,7 @@ static int idinfo_probe(blkid_probe pr, const struct blkid_idinfo *id,
+ 	if (id->probefunc) {
+ 		DBG(LOWPROBE, ul_debug(
+ 			"%s: ---> call probefunc()", id->name));
++		errno = 0;
+ 		rc = id->probefunc(pr, mag);
+ 		if (rc < 0) {
+ 			/* reset after error */
+diff --git a/libblkid/src/superblocks/superblocks.c b/libblkid/src/superblocks/superblocks.c
+index f213655..09ac45e 100644
+--- a/libblkid/src/superblocks/superblocks.c
++++ b/libblkid/src/superblocks/superblocks.c
+@@ -410,6 +410,7 @@ static int superblocks_probe(blkid_probe pr, struct blkid_chain *chn)
+ 		/* final check by probing function */
+ 		if (id->probefunc) {
+ 			DBG(LOWPROBE, ul_debug("\tcall probefunc()"));
++			errno = 0;
+ 			rc = id->probefunc(pr, mag);
+ 			if (rc != BLKID_PROBE_OK) {
+ 				blkid_probe_chain_reset_values(pr, chn);
+diff --git a/libblkid/src/topology/topology.c b/libblkid/src/topology/topology.c
+index 53007d1..e8b9ba8 100644
+--- a/libblkid/src/topology/topology.c
++++ b/libblkid/src/topology/topology.c
+@@ -180,6 +180,7 @@ static int topology_probe(blkid_probe pr, struct blkid_chain *chn)
+ 
+ 		if (id->probefunc) {
+ 			DBG(LOWPROBE, ul_debug("%s: call probefunc()", id->name));
++			errno = 0;
+ 			if (id->probefunc(pr, NULL) != 0)
+ 				continue;
+ 		}
+-- 
+2.33.0
+

backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch

@@ -0,0 +1,34 @@
+From 5379f5838df01fa22298a2b4f28270fd6b4cb871 Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 6 Nov 2023 11:40:27 +0100
+Subject: [PATCH] libmount: fix possible NULL dereference [coverity scan]
+
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/tab.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libmount/src/tab.c b/libmount/src/tab.c
+index be0c13a..a19a5ae 100644
+--- a/libmount/src/tab.c
++++ b/libmount/src/tab.c
+@@ -659,7 +659,7 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
+ {
+ 	struct libmnt_fs *fs;
+ 	int parent_id, lastchld_id = 0, chld_id = 0;
+-	int direction = mnt_iter_get_direction(itr);
++	int direction;
+ 
+ 	if (!tb || !itr || !parent || !is_mountinfo(tb))
+ 		return -EINVAL;
+@@ -668,6 +668,7 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
+ 				mnt_fs_get_target(parent)));
+ 
+ 	parent_id = mnt_fs_get_id(parent);
++	direction = mnt_iter_get_direction(itr);
+ 
+ 	/* get ID of the previously returned child */
+ 	if (itr->head && itr->p != itr->head) {
+-- 
+2.33.0
+

backport-libmount-improve-mnt_table_next_child_fs.patch

@@ -0,0 +1,76 @@
+From f64ea9979a5eaddaed98bde17832f855f2f0daee Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Thu, 2 Nov 2023 10:41:03 +0100
+Subject: [PATCH] libmount: improve mnt_table_next_child_fs()
+
+The function utilizes the struct libmnt_itr to iterate through the mountinfo file
+but neglects the direction specified by the iterator. This a bug. The application
+must manage the direction, as, for instance, umount(8) requires the children of
+the mountpoint in reverse order.
+
+Fixes: https://github.com/util-linux/util-linux/issues/2552
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ libmount/src/tab.c | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/libmount/src/tab.c b/libmount/src/tab.c
+index 0d5c115..be0c13a 100644
+--- a/libmount/src/tab.c
++++ b/libmount/src/tab.c
+@@ -649,8 +649,8 @@ int mnt_table_get_root_fs(struct libmnt_table *tb, struct libmnt_fs **root)
+  * @parent: parental FS
+  * @chld: returns the next child filesystem
+  *
+- * Note that filesystems are returned in the order of mounting (according to
+- * IDs in /proc/self/mountinfo).
++ * Since version 2.40, the filesystems are returned in the order specified by
++ * @itr. In the old versions the derection is always MNT_ITER_FORWARD.
+  *
+  * Returns: 0 on success, negative number in case of error or 1 at the end of list.
+  */
+@@ -659,6 +659,7 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
+ {
+ 	struct libmnt_fs *fs;
+ 	int parent_id, lastchld_id = 0, chld_id = 0;
++	int direction = mnt_iter_get_direction(itr);
+ 
+ 	if (!tb || !itr || !parent || !is_mountinfo(tb))
+ 		return -EINVAL;
+@@ -676,7 +677,7 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
+ 
+ 	*chld = NULL;
+ 
+-	mnt_reset_iter(itr, MNT_ITER_FORWARD);
++	mnt_reset_iter(itr, direction);
+ 	while(mnt_table_next_fs(tb, itr, &fs) == 0) {
+ 		int id;
+ 
+@@ -690,10 +691,20 @@ int mnt_table_next_child_fs(struct libmnt_table *tb, struct libmnt_iter *itr,
+ 		if (id == parent_id)
+ 			continue;
+ 
+-		if ((!lastchld_id || id > lastchld_id) &&
+-		    (!*chld || id < chld_id)) {
+-			*chld = fs;
+-			chld_id = id;
++		if (direction == MNT_ITER_FORWARD) {
++			/* return in the order of mounting */
++			if ((!lastchld_id || id > lastchld_id) &&
++			    (!*chld || id < chld_id)) {
++				*chld = fs;
++				chld_id = id;
++			}
++		} else {
++			/* return last child first */
++			if ((!lastchld_id || id < lastchld_id) &&
++			    (!*chld || id > chld_id)) {
++				*chld = fs;
++				chld_id = id;
++			}
+ 		}
+ 	}
+ 
+-- 
+2.33.0
+

backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch

@@ -0,0 +1,96 @@
+From 23884bba3854ed35ebe19adbb2ad1ea2972dab79 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Thu, 21 Sep 2023 20:25:55 +0200
+Subject: [PATCH] login: prevent undefined ioctl and tcsetattr calls
+
+Do not call tcsetattr if tcgetattr fails, because the content of
+tt and ttt is undefined in that case.
+
+Also do not just warn if ioctl fails, but also avoid calling it again
+after tty has been re-opened.
+
+I've solved this by setting struct variables to values which cannot be
+valid at this point. If they do have these exact values, then the
+calls will be prevented.
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ login-utils/login.c | 32 ++++++++++++++++++++------------
+ 1 file changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/login-utils/login.c b/login-utils/login.c
+index d6c6af7..8364497 100644
+--- a/login-utils/login.c
++++ b/login-utils/login.c
+@@ -176,9 +176,10 @@ static void __attribute__((__noreturn__))
+ 	struct termios ti;
+ 
+ 	/* reset echo */
+-	tcgetattr(0, &ti);
+-	ti.c_lflag |= ECHO;
+-	tcsetattr(0, TCSANOW, &ti);
++	if (tcgetattr(0, &ti) >= 0) {
++		ti.c_lflag |= ECHO;
++		tcsetattr(0, TCSANOW, &ti);
++	}
+ 	_exit(EXIT_SUCCESS);	/* %% */
+ }
+ 
+@@ -512,8 +513,8 @@ static void chown_tty(struct login_context *cxt)
+ static void init_tty(struct login_context *cxt)
+ {
+ 	struct stat st;
+-	struct termios tt, ttt;
+-	struct winsize ws;
++	struct termios tt, ttt = { 0 };
++	struct winsize ws = { 0 };
+ 	int fd;
+ 
+ 	cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE);
+@@ -548,13 +549,18 @@ static void init_tty(struct login_context *cxt)
+ 
+ 	/* The TTY size might be reset to 0x0 by the kernel when we close the stdin/stdout/stderr file
+ 	 * descriptors so let's save the size now so we can reapply it later */
+-	memset(&ws, 0, sizeof(struct winsize));
+-	if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
++	if (ioctl(fd, TIOCGWINSZ, &ws) < 0) {
+ 		syslog(LOG_WARNING, _("TIOCGWINSZ ioctl failed: %m"));
++		ws.ws_row = 0;
++		ws.ws_col = 0;
++	}
+ 
+-	tcgetattr(fd, &tt);
+-	ttt = tt;
+-	ttt.c_cflag &= ~HUPCL;
++	if (tcgetattr(fd, &tt) >= 0) {
++		ttt = tt;
++		ttt.c_cflag &= ~HUPCL;
++	} else {
++		ttt.c_cflag = HUPCL;
++	}
+ 
+ 	if ((fchown(fd, 0, 0) || fchmod(fd, cxt->tty_mode)) && errno != EROFS) {
+ 
+@@ -564,7 +570,8 @@ static void init_tty(struct login_context *cxt)
+ 	}
+ 
+ 	/* Kill processes left on this tty */
+-	tcsetattr(fd, TCSANOW, &ttt);
++	if ((ttt.c_cflag & HUPCL) == 0)
++		tcsetattr(fd, TCSANOW, &ttt);
+ 
+ 	/*
+ 	 * Let's close file descriptors before vhangup
+@@ -582,7 +589,8 @@ static void init_tty(struct login_context *cxt)
+ 	open_tty(cxt->tty_path);
+ 
+ 	/* restore tty modes */
+-	tcsetattr(STDIN_FILENO, TCSAFLUSH, &tt);
++	if ((ttt.c_cflag & HUPCL) == 0)
++		tcsetattr(STDIN_FILENO, TCSAFLUSH, &tt);
+ 
+ 	/* Restore tty size */
+ 	if (ws.ws_row > 0 || ws.ws_col > 0)
+-- 
+2.33.0
+

backport-login-use-correct-terminal-fd-during-setup.patch

@@ -0,0 +1,104 @@
+From f7feb6530b5e350c9aa635d7f39110177e34fb83 Mon Sep 17 00:00:00 2001
+From: Tobias Stoeckmann <tobias@stoeckmann.org>
+Date: Thu, 21 Sep 2023 20:15:46 +0200
+Subject: [PATCH] login: use correct terminal fd during setup
+
+The function get_terminal_name iterates through standard file
+descriptors until it finds a terminal. This means that it's not
+guaranteed that STDIN_FILENO (i.e. 0) is actually a terminal.
+
+Do not modify permissions on possible files. Instead, retrieve
+the file descriptor which was used by get_terminal_name as well.
+
+Proof of Concept (as root):
+
+1. Create a temporary file with a mode different than TTYPERM.
+```
+install -m 700 /dev/null /tmp/test
+ls -l /tmp/test
+-rwx------ 1 root root 0 Sep 21 20:15 /tmp/test
+```
+
+2. Run login within a terminal with adjusted stdin.
+```
+login < /tmp/test
+host login:
+            Hangup
+```
+
+3. Check permissions of input file.
+```
+ls -l /tmp/test
+-rw------- 1 root root 0 Sep 21 20:15 /tmp/test
+```
+
+Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
+---
+ login-utils/login.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/login-utils/login.c b/login-utils/login.c
+index 2a4e8cb..d6c6af7 100644
+--- a/login-utils/login.c
++++ b/login-utils/login.c
+@@ -514,10 +514,12 @@ static void init_tty(struct login_context *cxt)
+ 	struct stat st;
+ 	struct termios tt, ttt;
+ 	struct winsize ws;
++	int fd;
+ 
+ 	cxt->tty_mode = (mode_t) getlogindefs_num("TTYPERM", TTY_MODE);
+ 
+ 	get_terminal_name(&cxt->tty_path, &cxt->tty_name, &cxt->tty_number);
++	fd = get_terminal_stdfd();
+ 
+ 	/*
+ 	 * In case login is suid it was possible to use a hardlink as stdin
+@@ -530,7 +532,7 @@ static void init_tty(struct login_context *cxt)
+ 	if (!cxt->tty_path || !*cxt->tty_path ||
+ 	    lstat(cxt->tty_path, &st) != 0 || !S_ISCHR(st.st_mode) ||
+ 	    (st.st_nlink > 1 && strncmp(cxt->tty_path, "/dev/", 5) != 0) ||
+-	    access(cxt->tty_path, R_OK | W_OK) != 0) {
++	    access(cxt->tty_path, R_OK | W_OK) != 0 || fd == -EINVAL) {
+ 
+ 		syslog(LOG_ERR, _("FATAL: bad tty"));
+ 		sleepexit(EXIT_FAILURE);
+@@ -547,14 +549,14 @@ static void init_tty(struct login_context *cxt)
+ 	/* The TTY size might be reset to 0x0 by the kernel when we close the stdin/stdout/stderr file
+ 	 * descriptors so let's save the size now so we can reapply it later */
+ 	memset(&ws, 0, sizeof(struct winsize));
+-	if (ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) < 0)
++	if (ioctl(fd, TIOCGWINSZ, &ws) < 0)
+ 		syslog(LOG_WARNING, _("TIOCGWINSZ ioctl failed: %m"));
+ 
+-	tcgetattr(0, &tt);
++	tcgetattr(fd, &tt);
+ 	ttt = tt;
+ 	ttt.c_cflag &= ~HUPCL;
+ 
+-	if ((fchown(0, 0, 0) || fchmod(0, cxt->tty_mode)) && errno != EROFS) {
++	if ((fchown(fd, 0, 0) || fchmod(fd, cxt->tty_mode)) && errno != EROFS) {
+ 
+ 		syslog(LOG_ERR, _("FATAL: %s: change permissions failed: %m"),
+ 				cxt->tty_path);
+@@ -562,7 +564,7 @@ static void init_tty(struct login_context *cxt)
+ 	}
+ 
+ 	/* Kill processes left on this tty */
+-	tcsetattr(0, TCSANOW, &ttt);
++	tcsetattr(fd, TCSANOW, &ttt);
+ 
+ 	/*
+ 	 * Let's close file descriptors before vhangup
+@@ -580,7 +582,7 @@ static void init_tty(struct login_context *cxt)
+ 	open_tty(cxt->tty_path);
+ 
+ 	/* restore tty modes */
+-	tcsetattr(0, TCSAFLUSH, &tt);
++	tcsetattr(STDIN_FILENO, TCSAFLUSH, &tt);
+ 
+ 	/* Restore tty size */
+ 	if (ws.ws_row > 0 || ws.ws_col > 0)
+-- 
+2.33.0
+

backport-lslogins-fix-realloc-loop-allocation-size.patch

@@ -0,0 +1,32 @@
+From 62104e69455c3add88adc360381176f3e83bda28 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Fri, 22 Sep 2023 20:08:22 +0200
+Subject: [PATCH] lslogins: fix realloc() loop allocation size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If stat() fails the realloc loop would always try to allocate zero
+bytes.
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ login-utils/lslogins.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/login-utils/lslogins.c b/login-utils/lslogins.c
+index ea5afb5ba..c624302bd 100644
+--- a/login-utils/lslogins.c
++++ b/login-utils/lslogins.c
+@@ -478,7 +478,7 @@ static struct utmpx *get_last_btmp(struct lslogins_control *ctl, const char *use
+ 
+ static int parse_utmpx(const char *path, size_t *nrecords, struct utmpx **records)
+ {
+-	size_t i, imax = 0;
++	size_t i, imax = 1;
+ 	struct utmpx *ary = NULL;
+ 	struct stat st;
+ 
+-- 
+2.33.0
+

backport-more-avoid-out-of-bound-access.patch

@@ -0,0 +1,36 @@
+From ecdfc9aa701b4f406c239b6e163a45a5cc5b4a8c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas@t-8ch.de>
+Date: Fri, 22 Sep 2023 19:53:24 +0200
+Subject: [PATCH] more: avoid out-of-bound access
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The realloc() needs to happen before that memory is used.
+
+Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
+---
+ text-utils/more.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/text-utils/more.c b/text-utils/more.c
+index bdb34e076..e25b0e24c 100644
+--- a/text-utils/more.c
++++ b/text-utils/more.c
+@@ -356,11 +356,11 @@ static void env_argscan(struct more_control *ctl, const char *s)
+ 	env_argv = xmalloc(sizeof(char *) * size);
+ 	env_argv[0] = _("MORE environment variable");	/* program name */
+ 	for (tok = strtok_r(str, delim, &key); tok; tok = strtok_r(NULL, delim, &key)) {
+-		env_argv[env_argc++] = tok;
+-		if (size < env_argc) {
++		if (size == env_argc) {
+ 			size *= 2;
+ 			env_argv = xrealloc(env_argv, sizeof(char *) * size);
+ 		}
++		env_argv[env_argc++] = tok;
+ 	}
+ 
+ 	argscan(ctl, env_argc, env_argv);
+-- 
+2.33.0
+

backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch

@@ -0,0 +1,31 @@
+From 584e505186c1aa511ea96761a8d108f4fe734f0e Mon Sep 17 00:00:00 2001
+From: Karel Zak <kzak@redhat.com>
+Date: Mon, 11 Sep 2023 15:17:01 +0200
+Subject: [PATCH] scriptreplay: support ctrl+s and ctrl+g
+
+The old scriptreplay supported XON/XOFF flow control. The new
+implementation uses cfmakeraw() and it disables it by default. Let's
+enable it by IXON iflag.
+
+Fixes: https://github.com/util-linux/util-linux/issues/2480
+References: https://github.com/util-linux/util-linux/pull/1101
+Signed-off-by: Karel Zak <kzak@redhat.com>
+---
+ term-utils/scriptreplay.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/term-utils/scriptreplay.c b/term-utils/scriptreplay.c
+index fb68499c8..38fa4251c 100644
+--- a/term-utils/scriptreplay.c
++++ b/term-utils/scriptreplay.c
+@@ -134,6 +134,7 @@ setterm(struct termios *backup)
+ 	tattr = *backup;
+ 	cfmakeraw(&tattr);
+ 	tattr.c_lflag |= ISIG;
++	tattr.c_iflag |= IXON;
+ 	tcsetattr(STDOUT_FILENO, TCSANOW, &tattr);
+ 	return 1;
+ }
+-- 
+2.33.0
+

util-linux.spec

@@ -3,7 +3,7 @@
 
 Name:           util-linux
 Version:        2.37.2
-Release:        22
+Release:        23
 Summary:        A random collection of Linux utilities
 License:        GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain
 URL:            https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git
@@ -113,6 +113,19 @@ Patch6091:      backport-column-fix-buffer-overflow-when-l-specified.patch
 Patch6092:      backport-column-fix-greedy-mode-on-l.patch
 Patch6093:      backport-column-fix-memory-leak.patch
 Patch6094:      backport-column-fix-l.patch
+Patch6095:      backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch
+Patch6096:      backport-login-use-correct-terminal-fd-during-setup.patch
+Patch6097:      backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch
+Patch6098:      backport-libblkid-avoid-memory-leak-of-cachefile-path.patch
+Patch6099:      backport-more-avoid-out-of-bound-access.patch
+Patch6100:      backport-lslogins-fix-realloc-loop-allocation-size.patch
+Patch6101:      backport-ldattach-don-t-call-exit-from-signal-handler.patch
+Patch6102:      backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch
+Patch6103:      backport-blkid-fix-call-to-err_exclusive_options.patch
+Patch6104:      backport-libblkid-reset-errno-before-calling-probefuncs.patch
+Patch6105:      backport-lib-path-fix-possible-out-of-boundary-access.patch
+Patch6106:      backport-libmount-improve-mnt_table_next_child_fs.patch
+Patch6107:      backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch
 
 Patch9000:      Add-check-to-resolve-uname26-version-test-failed.patch
 Patch9001:      SKIPPED-no-root-permissions-test.patch
@@ -484,6 +497,25 @@ fi
 %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*}
 
 %changelog
+* Thu Dec 14 2023 zhangyao <zhangyao108@huawei.com> - 2.37.2-23
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync community patches
+       [add]backport-scriptreplay-support-ctrl-s-and-ctrl-g.patch
+       backport-login-use-correct-terminal-fd-during-setup.patch
+       backport-login-prevent-undefined-ioctl-and-tcsetattr-calls.patch
+       backport-libblkid-avoid-memory-leak-of-cachefile-path.patch
+       backport-more-avoid-out-of-bound-access.patch
+       backport-lslogins-fix-realloc-loop-allocation-size.patch
+       backport-ldattach-don-t-call-exit-from-signal-handler.patch
+       backport-libblkid-ntfs-validate-that-sector_size-is-a-power-o.patch
+       backport-blkid-fix-call-to-err_exclusive_options.patch
+       backport-libblkid-reset-errno-before-calling-probefuncs.patch
+       backport-lib-path-fix-possible-out-of-boundary-access.patch
+       backport-libmount-improve-mnt_table_next_child_fs.patch
+       backport-libmount-fix-possible-NULL-dereference-coverity-scan.patch
+
 * Mon Sep 4 2023 zhangyao <zhangyao108@huawei.com> - 2.37.2-22
 - Type:bugfix
 - CVE:NA