scripts uses either a free-standing "file" argument, or the value
passed as --log-out "file". Additional filenames are ignored.
They are also ignored if --log-in "file" is given, as it turns off
output logging by default (can still be overriden by adding --log-out).
Avoid surprises when passing multiple filenames by writing usage
message instead.
[kzak@redhat.com: - use errtryhelp() rather than usage()]
Signed-off-by: Chris Hofstaedtler <zeha@debian.org> Reported-by: наб <nabijaczleweli@nabijaczleweli.xyz>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016193 Signed-off-by: Karel Zak <kzak@redhat.com>
to somewhat cover architectures where unaligned access can lead to
crashes and make it possible for OSS-Fuzz to catch issues like
https://github.com/util-linux/util-linux/pull/1906.
With this patch applied the libblkid fuzz target built with the OSS-Fuzz
toolchain triggers "runtime error: load of misaligned address" in `probe_exfat`
so it seems to be working.
Karel Zak [Wed, 16 Nov 2022 07:46:29 +0000 (08:46 +0100)]
Merge branch 'rev0' of https://github.com/t-8ch/util-linux
* 'rev0' of https://github.com/t-8ch/util-linux:
rev: allow zero-byte as separator
rev: make separator configurable
rev: use pointer-size-pairs instead of C-string
Karel Zak [Wed, 16 Nov 2022 07:36:19 +0000 (08:36 +0100)]
Merge branch 'oss-fuzz' of https://github.com/t-8ch/util-linux
* 'oss-fuzz' of https://github.com/t-8ch/util-linux:
libblkid: iso9660: allocate enough space for UTF16 decoding
libblkid: ntfs: avoid UB in signed shift
Thomas Weißschuh [Thu, 10 Nov 2022 18:48:20 +0000 (19:48 +0100)]
libblkid: iso9660: allocate enough space for UTF16 decoding
When merge_utf16be_ascii() encounters high-codepoint surrogate pairs it
emits four bytes of output for one byte of ascii input.
In addition with the remaining ascii characters from the second loop we
need up to 5 * sizeof(input) / 2 bytes as output buffer.
As we decode up to 128 ascii characters with merge_utf16be_ascii() we
need 320 bytes of buffer available.
Furthermore adapt merge_utf16be_ascii() to not write paste the output
buffer end.
Karel Zak [Thu, 10 Nov 2022 08:49:20 +0000 (09:49 +0100)]
Merge branch 'meson/fixes' of https://github.com/t-8ch/util-linux
* 'meson/fixes' of https://github.com/t-8ch/util-linux:
meson: libmount: compile test helpers
pylibmount: properly mark initialization function
meson: define USE_LIBMOUNT_SUPPORT_NAMESPACES
dmesg: move fallthrough comment to correct place
meson: use -Wno-cast-function-type for libmount python bindings
meson: fix test for HAVE_LANGINFO_H
Thomas Weißschuh [Thu, 10 Nov 2022 03:05:30 +0000 (04:05 +0100)]
pylibmount: properly mark initialization function
The module initialization function is supposed to only public function
in a module.
Newer versions of meson use -fvisibility=hidden and expected this
function to be marked with PyMODINIT_FUNC [0].
As this does not hurt on autotools either, let's use it everywhere.
This works around warnings about unused parameters.
To be correct we should be checking for the setns syscall, but so far we
don't have logic for this in meson.
David Flor [Fri, 28 Oct 2022 15:31:03 +0000 (17:31 +0200)]
libblkid: new fuzz target
* Added new fuzz target calling blkid_do_safeprobe(), mainly based off of how libblkid is used in the cryptsetup project (same flags used etc.)
* Added the fuzz target to the Makemodule and all relevant scripts.
* Made as part of my upcoming bachelor thesis.
This breaks the ABI interface. Cryptsetup reencrypt code
depends on checking the minimal accessible FS block
to prevent the destruction of the filesystem if a user
requests reencryption to a larger sector than
the filesystem can handle.
This patch removes the condition to make ABI compatible
again (as we cannot add FSINFO bit retrospectively).
Karel Zak [Tue, 1 Nov 2022 09:30:06 +0000 (10:30 +0100)]
logger: always update header when read from stdin
The current code updates the header only when the priority has been
changed. It's incorrect because wanted is a valid header or each entry
(don't forget that logger for stdin use-case is used in pipe to log
long-time running processes).
This patch also fixes the initial timestamp; it was originally generated
on logger startup, it now generates the header on the first message.
old:
<13>Nov 1 10:42:14 kzak: Tue Nov 1 10:42:16 AM CET 2022
<13>Nov 1 10:42:14 kzak: Tue Nov 1 10:42:18 AM CET 2022
<13>Nov 1 10:42:14 kzak: Tue Nov 1 10:42:20 AM CET 2022
new:
<13>Nov 1 10:19:02 kzak: Tue Nov 1 10:19:02 AM CET 2022
<13>Nov 1 10:19:04 kzak: Tue Nov 1 10:19:04 AM CET 2022
<13>Nov 1 10:19:06 kzak: Tue Nov 1 10:19:06 AM CET 2022
Fixes: https://github.com/util-linux/util-linux/issues/1866 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Mon, 31 Oct 2022 12:54:45 +0000 (13:54 +0100)]
Merge branch 'lsfd-s390-proc-net-L3' of https://github.com/masatake/util-linux
* 'lsfd-s390-proc-net-L3' of https://github.com/masatake/util-linux:
lsfd: unify the code for reading /proc/net/tcp and udp
lsfd: make the logic for verifying the initial line of /proc/net/{tcp,udp} more flexible
Chris Down [Wed, 26 Oct 2022 14:47:36 +0000 (15:47 +0100)]
kill: Support mandating the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:
1. A process is using SIGHUP/SIGUSR[12] to request some
application-handled state change -- reloading configs, rotating a log
file, etc;
2. This kind of request is deprecated and removed, so the signal handler
is removed. However, a site where the signal might be sent from is
missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
or later these applications are going to be sent SIGHUP or similar
and end up unexpectedly killed.
I know for a fact that we're not the only organistion experiencing this:
in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.
In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.
This patch adds support for the -r/--require-handler flag, which checks
if a userspace handler is present for the signal being sent. If it is
not, the process will be skipped.
With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.
Inside a container, the file /proc/self/mountinfo may contain many lines
with /dev/root. It is also quite likely that /dev/root is not visible
inside the container. This may cause mnt_guess_system_root() to try to use
libblkid before giving up, through mnt_resolve_spec() and
mnt_resolve_tag(), which calls blkid_evaluate_tag(). The call to
blkid_evaluate_tag() may trigger a scan of all block devices, which is
expensive.
For this reason, it doesn't make any sense for kernel_fs_postparse()
to call mnt_guess_system_root() more than once for every call to
mnt_table_parse_stream. Instead, save the result from the first call and
reuse it for all subsequent calls to kernel_fs_postparse(), so that there
is at most one call to mnt_guess_system_root() for every call
to mnt_table_parse_stream().
[kzak@redhat.com: - use sysroot_ prefix for the cached variables
- simplify code logic in kernel_fs_postparse()
- add free() to parser_cleanup()]
Signed-off-by: Viktor Rosendahl (BMW) <viktor.rosendahl@gmail.com> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Wed, 26 Oct 2022 07:41:29 +0000 (09:41 +0200)]
Merge branch 'cramfs/endianess-mismatch' of https://github.com/t-8ch/util-linux
* 'cramfs/endianess-mismatch' of https://github.com/t-8ch/util-linux:
libblkid: cramfs: report version
libblkid: cramfs: report filesystem size
libblkid: test big endian cramfs image
libblkid: cramfs: handle cross-endianess for checksums
Masatake YAMATO [Wed, 26 Oct 2022 02:56:00 +0000 (11:56 +0900)]
lsfd: make the logic for verifying the initial line of /proc/net/{tcp,udp} more flexible
The format of /proc/net/udp was changed in 6c25449e1a32 ("net: udp: fix alignment problem in udp4_seq_show()").
This kind of change can be applied to /proc/net/tcp, too.
Co-Authored-by: Thomas Weißschuh <thomas@t-8ch.de> Co-Authored-by: Masatake YAMATO <yamato@redhat.com>
Karel Zak [Wed, 12 Oct 2022 07:46:56 +0000 (09:46 +0200)]
libsmartcols: use standard deviation to optimize columns width
The standard deviation together with mean (average) of the data width
can be used to detect "problematic" columns and to calculate optimal
width.
The idea is to sort column by avg+deviation and start columns width
reduction from the column with the most wide and variable width. The
width reduction is also optimized by 68–95–99 rule (aka empirical
rule, avg+n*deviation; where n={1,2,3}) to cover 95% or 68% data in
the column.
The disadvantage is we need to link libsmartcols with -lm (math) due
to sqrt() function.