Karel Zak [Wed, 6 May 2026 10:02:10 +0000 (12:02 +0200)]
Merge branch 'more_fallocate_tests' of https://github.com/cgoesche/util-linux-fork
* 'more_fallocate_tests' of https://github.com/cgoesche/util-linux-fork:
fallocate: (man) mention supported file systems for --insert-range
tests: (fallocate) add --zero-range and --keep-size test
tests: (fallocate) add --punch-hole test
tests: (fallocate) --insert-range test
Karel Zak [Wed, 6 May 2026 09:47:39 +0000 (11:47 +0200)]
Merge branch 'enosys_tests' of https://github.com/cgoesche/util-linux-fork
* 'enosys_tests' of https://github.com/cgoesche/util-linux-fork:
tests: (enosys) add tests for the --dump option
tests: (enosys) add a simple test for --list
Karel Zak [Wed, 6 May 2026 09:41:58 +0000 (11:41 +0200)]
Merge branch 'chrt_reset_on_fork_test' of https://github.com/cgoesche/util-linux-fork
* 'chrt_reset_on_fork_test' of https://github.com/cgoesche/util-linux-fork:
tests: (chrt) add --reset-on-fork test
tests: (helpers) simple tool to create a child process
Karel Zak [Wed, 6 May 2026 09:35:45 +0000 (11:35 +0200)]
Merge branch 'chrt_tests' of https://github.com/cgoesche/util-linux-fork
* 'chrt_tests' of https://github.com/cgoesche/util-linux-fork:
tests: (chrt) add test for the --all-tasks option
tests: (helpers) add a thread creation helper
Karel Zak [Wed, 6 May 2026 09:34:59 +0000 (11:34 +0200)]
Merge branch 'lsfd--ignore-too-large-syscall-args' of https://github.com/masatake/util-linux
* 'lsfd--ignore-too-large-syscall-args' of https://github.com/masatake/util-linux:
lsfd: (cosmetic) adjust indent
lsfd: ignore too large integer read from /proc/PID/syscall
lsfd: handle unexpected values read from /proc/PID/syscall
Karel Zak [Tue, 5 May 2026 11:40:52 +0000 (13:40 +0200)]
Merge branch 'script_toctou' of https://github.com/cgoesche/util-linux-fork
* 'script_toctou' of https://github.com/cgoesche/util-linux-fork:
script: use fopen_at_no_link() for log file opening to prevent TOCTOU
lib: (fileutils) new fopen_at_no_link routine
Karel Zak [Tue, 5 May 2026 11:14:34 +0000 (13:14 +0200)]
Merge branch 'clean_up_test_scripts' of https://github.com/cgoesche/util-linux-fork
* 'clean_up_test_scripts' of https://github.com/cgoesche/util-linux-fork:
tests: do not mix string and array
tests: use bash parameter substitution instead of echo & sed
tests: remove unneeded $ in arithmetic expressions
tests: use find instead of ls for more robust processing
tests: directly check exitcode for stability and code simplicity
tests: (lib) avoid repetitive file openings with identical redirects
tests: quote TS_{OUTPUT,ERRLOG} variables
Karel Zak [Tue, 5 May 2026 11:00:19 +0000 (13:00 +0200)]
Merge branch 'macos-prep' of https://github.com/t-8ch/util-linux
* 'macos-prep' of https://github.com/t-8ch/util-linux:
meson: gate hwclock on LINUX
meson: gate choom on LINUX
meson: gate losetup on LINUX
meson: gate chmem on LINUX
meson: gate lsmem on LINUX
meson: gate utmpdump on LINUX
meson: gate last on LINUX
meson: gate partx on linux/blkpg.h
meson: gate setterm on sys/klog.h
meson: move sys/klog.h check into generic header checks
meson: only build test_enosys when HAVE_FALLOCATE
test_strerror: drop include asm-generic/errno-base.h
script: use fopen_at_no_link() for log file opening to prevent TOCTOU
When no logfile name is provided script(1) uses a default name.
If the default file already exists as sym/hardlink, as checked by the
die_if_link() function, and the --force option is NOT provided,
the program will terminate. Otherwise, it opens the file after
forking a child process, creating a TOCTOU window that allows an
attacker to replace the default file with a link.
This patch moves the log file opening logic from log_start() to
its own function log_open() and uses a openat() + fdopen() wrap
enabled by the internal fopen_at_no_link() helper. It also adds a new
member to struct script_log, namely 'flags', set by log_associate()
if the latter function's new @flags parameter is set. This culminates
to an eventual log file opening with fopen_at_no_link() or fopen(),
depending on log->flags. This is primarily important for security
reasons as it allows us to prevent opening a logfile if it is a symlink
and due to the atomic nature of openat(2) the TOCTOU window is essentially
closed. As a result, die_if_link() becomes dead code and is therefore
removed.
Additionally, we open log files before we fork, so we can avoid
allocation of resources for the child process, if something goes
wrong with log file opening.
Closes: #4280 Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
tests: (helpers) simple tool to create a child process
This basic helper program can be used to create a child process
to test process attribute inheritances between parent and
child processes, e.g. real-time scheduling attributes with chrt(1)
or utilization clamp settings with uclampset(1), where options
like --reset-on-fork need to be tested.
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Jamie Magee [Mon, 4 May 2026 15:47:59 +0000 (08:47 -0700)]
libfdisk: gpt: use ul_strtou16 for attribute bit parsing
Replace bare strtol() with ul_strtou16() which folds the errno/end-pointer/empty-input checks into one call and uses a uint16_t result type matching the bit-index domain. Also add udevadm settle between write/read sfdisk calls in the new attribute subtests.
Thomas Weißschuh [Wed, 29 Apr 2026 12:20:45 +0000 (14:20 +0200)]
test_strerror: drop include asm-generic/errno-base.h
This inclusios has multiple issues:
* It is Linux-only.
* The asm/ namespace is not an offical UAPI.
* Its definitions may be wrong if the architecture does not use it.
* It is unnecessary in the first place.
This simple helper can be used to create an arbitrary amount
of threads to be used in test scripts for tools like chrt(1).
chrt(1) can perform tasks on multiple threads for a process
and to conveniently test this 'test_threads_create' can be
used to spawn threads for a specified amount of time to act on.
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Rong Zhang [Sat, 25 Apr 2026 20:29:57 +0000 (04:29 +0800)]
chrt: Fix confusing error messages when priority argument is required
While making the priority argument optional for non-prio policies, some
confusing error messages were accidentally exposed to users for cases
that do need a priority argument.
$ chrt true #1
chrt: invalid priority argument: 'true'
$ chrt 1 #2
chrt: failed to set pid 0's policy: Operation not permitted
$ sudo chrt 1 #3
chrt: no command specified
$ chrt --other 1 #4
chrt: unsupported priority value for the policy: 1: see --max for valid range
The error message #1 is caused by mixing `have_prio' and `need_prio'
together. Therefore, it always tries to parse the first positional
argument as a priority when `--pid' is not given. #2 shows that
set_sched() is meaninglessly called even when too few arguments are
specified.
At first glance, the error message #3 seems to be correct, but it turns
out to be very wrong -- the only positional argument in this case must
be regarded as a command, and commit 223a502b0208 ("chrt: (man,usage)
mark the priority value as optional in the synopses") also clearly
stated the same in the help message and the manual. In other words, #4
should have tried to execute `1' from PATH.
Fix #1 by decoupling `need_prio' from the priority parsing routine.
Fix #2 by parsing the first argument as a priority only when it's not
the only argument.
Fix #3 and #4 by consuming optind immediately when parsing priority
argument, instead of postponing it with inconsistent conditions (I have
an intuition that the previous code path was vibe-coded...)
Now #1 returns
chrt: policy SCHED_RR requires a priority argument
... #2, #3 return
chrt: no command or priority specified
... and #4 returns
chrt: failed to execute 1: No such file or directory
... which are more sensible and helpful.
This doesn't break existing usage patterns:
$ chrt --other true
$ chrt --other 0 true
$ chrt --other 1 true
chrt: unsupported priority value for the policy: 1: see --max for valid range
$ chrt --other echo meow
meow
Fixes: 4c425142844d ("chrt: Allow optional priority for non‑prio policies without --pid") Signed-off-by: Rong Zhang <i@rong.moe>
Link against libcommon_logindefs.la and libcommon_shells.la
Instead of linking with logindefs.c and shells.c library files, link
against libcommon_logindefs.la and libcommon_shells.la and handle possibly
needed econf libs there.
Stanislav Brabec [Thu, 30 Apr 2026 03:24:41 +0000 (05:24 +0200)]
Fix build with libeconf
Building with libeconf fails. Fix the build:
- Add missing includes.
- Make open_etc_shells() public, as required by login.c.
- shells.c requires linking against libeconf. To prevent linking of all
binaries with libeconf, split shells.c out of libcommon to libcommon_shells and
use it only if it is really needed.
Thomas Weißschuh [Wed, 22 Apr 2026 20:51:43 +0000 (22:51 +0200)]
meson: test for headers earlier
Some upcoming changes will require the header test results earlier, move
them up. Also remove all the conditional header tests, there is no
downside to always test for all of them.
Jamie Magee [Sat, 2 May 2026 05:00:43 +0000 (22:00 -0700)]
libfdisk: gpt: accept numeric attribute bits 0-2
gpt_entry_attrs_from_string() applied the GUID-specific range check
(48-63) to every numeric input. As a result, bare numeric bits 0, 1
and 2 were silently rejected. Those bits are RequiredPartition,
NoBlockIOProtocol and LegacyBIOSBootable, so the only way to set
them was by name.
That trips up any tool that emits attributes as a numeric list.
systemd-repart, for instance, formats Flags= as a comma-separated
list of decimal bit numbers, so Flags=0x4 (LegacyBIOSBootable) was
silently lost.
Split the numeric validation by source token:
- bare <bit> accepts {0,1,2} or [48,63];
- GUID:<bit> stays at [48,63]; the GUID: prefix belongs to the
GUID-specific range only;
- bits 3-47 are still rejected (UEFI-reserved).
Two drive-by fixes in the same block:
- 'end == str' compared strtol's end pointer to the function's
input rather than the current parse position; replace with
'end == p'.
- The diagnostic for an unsupported numeric bit printed p after
the GUID: strip, so "GUID:5" came out as "5". Save the token
start and pass that to fdisk_warnx().
Tests cover the new accepted forms (bare 0-2, mixed "<n>,GUID:<m>",
hex) and the still-rejected reserved range.
This function wraps around openat(2), fstat(2), ftruncate(2) and
fdopen(3) to create a file stream that is not a symbolic or hard
link in a race-free manner. It achieves this by implictly setting
the O_NOFOLLOW bit to openat(2) opening flags and later checks if
any hardlinks are registered for the file pointing to the acquired
file descriptor.
If all checks pass a pointer to the file stream handler is returned.
The relevance for this function becomes apparent in script(2) where
the default logfile is not allowed to be a link unless the --force
option is passed and where the current method is vulnerable to a
TOCTOU attack. It also helps with the code clarity as it moves the
complexity of opening link free file streams to an internal helper
and prevents scope creep as well as keeping the code base focused
on its most relevant concern, which is recording the input/output.
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
column: fix missing out-of-bounds check in table reordering
When the --table-order option is used we allocate memory on
the heap for the actual amount of columns we receive from
the input, and later store the wanted column struct objects,
specified in the --table-order list, in that memory space.
We do this by iterating over the order list and incrementing
the heap pointer with a counter variable. This leads to a
buffer overflow when the amount of input columns is smaller
than the amount of columns specified in the table order list.
To prevent this we iterate over the order list for as long as
the counter is smaller than the number of input columns.
Closes: #4281 Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Karel Zak [Wed, 29 Apr 2026 10:13:19 +0000 (12:13 +0200)]
Merge branch 'libsmartcols/filter-fixes' of https://github.com/t-8ch/util-linux
* 'libsmartcols/filter-fixes' of https://github.com/t-8ch/util-linux:
libsmartcols: (tests) fix failure reporting in filter test
libsmartcols: drop superfluous call yo yylex_init()
libsmartcols: (tests) fix filter test name
Karel Zak [Wed, 29 Apr 2026 10:10:28 +0000 (12:10 +0200)]
Merge branch 'PR/lsmem-cleanup' of https://github.com/karelzak/util-linux-work
* 'PR/lsmem-cleanup' of https://github.com/karelzak/util-linux-work:
lsmem: sort longopts[] alphabetically
lsmem: improve usage() output
lsmem: use bool for struct lsmem members
Karel Zak [Wed, 29 Apr 2026 10:06:27 +0000 (12:06 +0200)]
Merge branch 'feat/4288' of https://github.com/echoechoin/util-linux
* 'feat/4288' of https://github.com/echoechoin/util-linux:
bash-completion: add --expand option for bits
bits: add tests for --expand option
bits: add --expand option to output individual bit IDs
Karel Zak [Wed, 29 Apr 2026 09:28:45 +0000 (11:28 +0200)]
Merge branch 'fix_issue/4272' of https://github.com/echoechoin/util-linux
* 'fix_issue/4272' of https://github.com/echoechoin/util-linux:
test_sigreceive: use ul_getuserpw_str() for user name/UID parsing
renice: use proper types and strutils for ID parsing
Karel Zak [Wed, 29 Apr 2026 08:07:20 +0000 (10:07 +0200)]
Merge branch 'feat/3887/rename' of https://github.com/echoechoin/util-linux
* 'feat/3887/rename' of https://github.com/echoechoin/util-linux:
rename: fix buffer overflow by using PATH_MAX instead of unreliable st_size
rename: add --copy option to copy instead of rename
renice: use proper types and strutils for ID parsing
Use ul_strtou32() instead of strtol() to parse PID/UID/GID and reject
negative values. Use strtos32_or_err() for priority. Change 'who' type
to uid_t and adjust getprio()/donice(). Use %u for unsigned IDs.
bits: add --expand option to output individual bit IDs
Add -e/--expand output mode that prints each set bit as a
comma-separated list without range compression. This is useful
for scripting when individual IDs are needed (e.g., CPU ID iteration).
Thomas Weißschuh [Tue, 28 Apr 2026 17:38:46 +0000 (19:38 +0200)]
libsmartcols: (tests) fix failure reporting in filter test
The pipeline executes the calls to ts_init_subtest and
ts_finalize_subtest in a subshell. This breaks their functionality
and test failures are not reported properly.
Karel Zak [Tue, 28 Apr 2026 13:04:09 +0000 (15:04 +0200)]
cfdisk: remove unnecessary cursor repositioning on exit
Remove the mvcur() call that moved the cursor to the bottom of the
terminal before endwin(). This pattern was inherited from the original
cfdisk (util-linux 2.2, 1996) and is unnecessary on modern terminals
where endwin() properly restores the terminal state.
The old behavior created extra blank lines between the previous shell
prompt and the new one after exiting cfdisk.
Addresses: https://github.com/util-linux/util-linux/discussions/4259 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Tue, 28 Apr 2026 12:51:14 +0000 (14:51 +0200)]
cfdisk: fix memory leak of original_layout table
The original_layout table, allocated via fdisk_get_partitions() to
track the on-disk partition layout, was never freed on exit. Add the
missing fdisk_unref_table() call.
Karel Zak [Tue, 28 Apr 2026 12:18:36 +0000 (14:18 +0200)]
Merge branch 'PR/autotools-pkg-config-libs' of https://github.com/karelzak/util-linux-work
* 'PR/autotools-pkg-config-libs' of https://github.com/karelzak/util-linux-work:
autotools: fix AM_CONDITIONAL for HAVE_UDEV and HAVE_AUDIT
autotools,meson: drop unnecessary libm from test_pty
autotools: split MATH_LIBS and ISNAN_LIBS
autotools: use PKG_CHECK_MODULES for zlib
autotools: use PKG_CHECK_MODULES for libcap-ng
autotools: use PKG_CHECK_MODULES for libaudit
autotools: use PKG_CHECK_MODULES for libudev
autotools: use $(MATH_LIBS) instead of -lm for hwclock
autotools: use $(SQLITE3_LIBS) instead of -lsqlite3
autotools: use $(SELINUX_LIBS) instead of -lselinux
autotools: use $(ECONF_LIBS) instead of -leconf
Karel Zak [Tue, 28 Apr 2026 12:17:24 +0000 (14:17 +0200)]
Merge branch 'cross-platform' of https://github.com/t-8ch/util-linux
* 'cross-platform' of https://github.com/t-8ch/util-linux:
treewide: avoid unused argument and missing return warnings in fallbacks
hardlink: (tests) Ignore xattrs
setpgid: (tests) validate presence of /proc/self/stat
tests: show kernel type
Karel Zak [Tue, 28 Apr 2026 11:55:45 +0000 (13:55 +0200)]
last: fix phantom detection for unset loginuid and X11 sessions
Don't mark a session as phantom when /proc/pid/loginuid exists but
has not been set by pam_loginuid.so (contains the kernel's unset
sentinel value 4294967295).
Skip the /dev/ tty stat() check when the utline starts with ':'
(traditional X11 session registration by xdm/sessreg).
Based on a patch by glangshaw.
Fixes: https://github.com/util-linux/util-linux/issues/4295 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Mon, 27 Apr 2026 10:19:30 +0000 (12:19 +0200)]
autotools: fix AM_CONDITIONAL for HAVE_UDEV and HAVE_AUDIT
Ensure AM_CONDITIONAL is always defined when entering the
else-branch, even when the library is not found. Previously,
when with_udev=auto (default) and libudev was not available,
the conditional was never defined, causing a configure error.
projects / thirdparty / util-linux.git / log
