AndyLau-SOC [Wed, 6 May 2026 12:14:31 +0000 (20:14 +0800)]
docs: clarify wipefs --force description for partition-table signatures
The current description states that --force "is required in order to erase
a partition-table signature on a block device", which is misleading.
According to the source code (do_wipe() in wipefs.c), --force is needed
for mounted filesystems and for nested partition tables on non-whole-disk
devices, not for all partition tables on all block devices.
Update the text to say "a nested partition-table signature on a non-whole
disk device", consistent with the note earlier in the man page.
Karel Zak [Wed, 6 May 2026 10:02:10 +0000 (12:02 +0200)]
Merge branch 'more_fallocate_tests' of https://github.com/cgoesche/util-linux-fork
* 'more_fallocate_tests' of https://github.com/cgoesche/util-linux-fork:
fallocate: (man) mention supported file systems for --insert-range
tests: (fallocate) add --zero-range and --keep-size test
tests: (fallocate) add --punch-hole test
tests: (fallocate) --insert-range test
Karel Zak [Wed, 6 May 2026 09:58:50 +0000 (11:58 +0200)]
more: align MORE_SHELL_LINES semantics with less(1)
Change MORE_SHELL_LINES to subtract lines from lines_per_screen
(like LESS_SHELL_LINES in less(1)) rather than setting the absolute
number of lines per screenful.
The block is moved after lines_per_screen is finalized (either from
the default lines_per_page - 1 or from an explicit -n/--lines), so
it correctly adjusts both cases. Values that are zero or would exceed
lines_per_screen are silently ignored.
Addresses: https://github.com/util-linux/util-linux/issues/3476 Co-authored-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Wed, 6 May 2026 09:47:39 +0000 (11:47 +0200)]
Merge branch 'enosys_tests' of https://github.com/cgoesche/util-linux-fork
* 'enosys_tests' of https://github.com/cgoesche/util-linux-fork:
tests: (enosys) add tests for the --dump option
tests: (enosys) add a simple test for --list
Karel Zak [Wed, 6 May 2026 09:41:58 +0000 (11:41 +0200)]
Merge branch 'chrt_reset_on_fork_test' of https://github.com/cgoesche/util-linux-fork
* 'chrt_reset_on_fork_test' of https://github.com/cgoesche/util-linux-fork:
tests: (chrt) add --reset-on-fork test
tests: (helpers) simple tool to create a child process
Karel Zak [Wed, 6 May 2026 09:35:45 +0000 (11:35 +0200)]
Merge branch 'chrt_tests' of https://github.com/cgoesche/util-linux-fork
* 'chrt_tests' of https://github.com/cgoesche/util-linux-fork:
tests: (chrt) add test for the --all-tasks option
tests: (helpers) add a thread creation helper
Karel Zak [Wed, 6 May 2026 09:34:59 +0000 (11:34 +0200)]
Merge branch 'lsfd--ignore-too-large-syscall-args' of https://github.com/masatake/util-linux
* 'lsfd--ignore-too-large-syscall-args' of https://github.com/masatake/util-linux:
lsfd: (cosmetic) adjust indent
lsfd: ignore too large integer read from /proc/PID/syscall
lsfd: handle unexpected values read from /proc/PID/syscall
Leefancy [Tue, 5 May 2026 10:01:36 +0000 (12:01 +0200)]
sfdisk: add --no-device-names option
Add --no-device-names option to suppress device names in --dump output,
using partition numbers instead (e.g., "1 : ..." rather than
"/dev/sda1 : ...").
The new libfdisk API:
- fdisk_script_disable_devnames()
- fdisk_script_has_devnames()
[kzak@redhat.com: - fix gtk-doc comments format
- move new symbols to FDISK_2_43
- simplify error handling in command_dump
- fix man page to mention --dump
- move --no-device-names in usage() with --no-* group]
Signed-off-by: Leefancy <lijian01@kylinos.cn> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Tue, 5 May 2026 11:40:52 +0000 (13:40 +0200)]
Merge branch 'script_toctou' of https://github.com/cgoesche/util-linux-fork
* 'script_toctou' of https://github.com/cgoesche/util-linux-fork:
script: use fopen_at_no_link() for log file opening to prevent TOCTOU
lib: (fileutils) new fopen_at_no_link routine
Karel Zak [Tue, 5 May 2026 11:21:10 +0000 (13:21 +0200)]
tests: fix remaining shellcheck warnings
- fstab-devname: remove broken '|| >>' pattern (SC2188), the bare
redirection after || has no command
- fstab-all: quote $(basename ...) to prevent word splitting (SC2046)
- libmount/lock, fsck/ismounted: use ':' no-op with bare file
truncation redirections (SC2188)
Karel Zak [Tue, 5 May 2026 11:14:34 +0000 (13:14 +0200)]
Merge branch 'clean_up_test_scripts' of https://github.com/cgoesche/util-linux-fork
* 'clean_up_test_scripts' of https://github.com/cgoesche/util-linux-fork:
tests: do not mix string and array
tests: use bash parameter substitution instead of echo & sed
tests: remove unneeded $ in arithmetic expressions
tests: use find instead of ls for more robust processing
tests: directly check exitcode for stability and code simplicity
tests: (lib) avoid repetitive file openings with identical redirects
tests: quote TS_{OUTPUT,ERRLOG} variables
Karel Zak [Tue, 5 May 2026 11:00:19 +0000 (13:00 +0200)]
Merge branch 'macos-prep' of https://github.com/t-8ch/util-linux
* 'macos-prep' of https://github.com/t-8ch/util-linux:
meson: gate hwclock on LINUX
meson: gate choom on LINUX
meson: gate losetup on LINUX
meson: gate chmem on LINUX
meson: gate lsmem on LINUX
meson: gate utmpdump on LINUX
meson: gate last on LINUX
meson: gate partx on linux/blkpg.h
meson: gate setterm on sys/klog.h
meson: move sys/klog.h check into generic header checks
meson: only build test_enosys when HAVE_FALLOCATE
test_strerror: drop include asm-generic/errno-base.h
script: use fopen_at_no_link() for log file opening to prevent TOCTOU
When no logfile name is provided script(1) uses a default name.
If the default file already exists as sym/hardlink, as checked by the
die_if_link() function, and the --force option is NOT provided,
the program will terminate. Otherwise, it opens the file after
forking a child process, creating a TOCTOU window that allows an
attacker to replace the default file with a link.
This patch moves the log file opening logic from log_start() to
its own function log_open() and uses a openat() + fdopen() wrap
enabled by the internal fopen_at_no_link() helper. It also adds a new
member to struct script_log, namely 'flags', set by log_associate()
if the latter function's new @flags parameter is set. This culminates
to an eventual log file opening with fopen_at_no_link() or fopen(),
depending on log->flags. This is primarily important for security
reasons as it allows us to prevent opening a logfile if it is a symlink
and due to the atomic nature of openat(2) the TOCTOU window is essentially
closed. As a result, die_if_link() becomes dead code and is therefore
removed.
Additionally, we open log files before we fork, so we can avoid
allocation of resources for the child process, if something goes
wrong with log file opening.
Closes: #4280 Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
tests: (helpers) simple tool to create a child process
This basic helper program can be used to create a child process
to test process attribute inheritances between parent and
child processes, e.g. real-time scheduling attributes with chrt(1)
or utilization clamp settings with uclampset(1), where options
like --reset-on-fork need to be tested.
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Jamie Magee [Mon, 4 May 2026 15:47:59 +0000 (08:47 -0700)]
libfdisk: gpt: use ul_strtou16 for attribute bit parsing
Replace bare strtol() with ul_strtou16() which folds the errno/end-pointer/empty-input checks into one call and uses a uint16_t result type matching the bit-index domain. Also add udevadm settle between write/read sfdisk calls in the new attribute subtests.
Thomas Weißschuh [Wed, 29 Apr 2026 12:20:45 +0000 (14:20 +0200)]
test_strerror: drop include asm-generic/errno-base.h
This inclusios has multiple issues:
* It is Linux-only.
* The asm/ namespace is not an offical UAPI.
* Its definitions may be wrong if the architecture does not use it.
* It is unnecessary in the first place.
This simple helper can be used to create an arbitrary amount
of threads to be used in test scripts for tools like chrt(1).
chrt(1) can perform tasks on multiple threads for a process
and to conveniently test this 'test_threads_create' can be
used to spawn threads for a specified amount of time to act on.
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Rong Zhang [Sat, 25 Apr 2026 20:29:57 +0000 (04:29 +0800)]
chrt: Fix confusing error messages when priority argument is required
While making the priority argument optional for non-prio policies, some
confusing error messages were accidentally exposed to users for cases
that do need a priority argument.
$ chrt true #1
chrt: invalid priority argument: 'true'
$ chrt 1 #2
chrt: failed to set pid 0's policy: Operation not permitted
$ sudo chrt 1 #3
chrt: no command specified
$ chrt --other 1 #4
chrt: unsupported priority value for the policy: 1: see --max for valid range
The error message #1 is caused by mixing `have_prio' and `need_prio'
together. Therefore, it always tries to parse the first positional
argument as a priority when `--pid' is not given. #2 shows that
set_sched() is meaninglessly called even when too few arguments are
specified.
At first glance, the error message #3 seems to be correct, but it turns
out to be very wrong -- the only positional argument in this case must
be regarded as a command, and commit 223a502b0208 ("chrt: (man,usage)
mark the priority value as optional in the synopses") also clearly
stated the same in the help message and the manual. In other words, #4
should have tried to execute `1' from PATH.
Fix #1 by decoupling `need_prio' from the priority parsing routine.
Fix #2 by parsing the first argument as a priority only when it's not
the only argument.
Fix #3 and #4 by consuming optind immediately when parsing priority
argument, instead of postponing it with inconsistent conditions (I have
an intuition that the previous code path was vibe-coded...)
Now #1 returns
chrt: policy SCHED_RR requires a priority argument
... #2, #3 return
chrt: no command or priority specified
... and #4 returns
chrt: failed to execute 1: No such file or directory
... which are more sensible and helpful.
This doesn't break existing usage patterns:
$ chrt --other true
$ chrt --other 0 true
$ chrt --other 1 true
chrt: unsupported priority value for the policy: 1: see --max for valid range
$ chrt --other echo meow
meow
Fixes: 4c425142844d ("chrt: Allow optional priority for non‑prio policies without --pid") Signed-off-by: Rong Zhang <i@rong.moe>
Link against libcommon_logindefs.la and libcommon_shells.la
Instead of linking with logindefs.c and shells.c library files, link
against libcommon_logindefs.la and libcommon_shells.la and handle possibly
needed econf libs there.
Stanislav Brabec [Thu, 30 Apr 2026 03:24:41 +0000 (05:24 +0200)]
Fix build with libeconf
Building with libeconf fails. Fix the build:
- Add missing includes.
- Make open_etc_shells() public, as required by login.c.
- shells.c requires linking against libeconf. To prevent linking of all
binaries with libeconf, split shells.c out of libcommon to libcommon_shells and
use it only if it is really needed.
Thomas Weißschuh [Wed, 22 Apr 2026 20:51:43 +0000 (22:51 +0200)]
meson: test for headers earlier
Some upcoming changes will require the header test results earlier, move
them up. Also remove all the conditional header tests, there is no
downside to always test for all of them.
Jamie Magee [Sat, 2 May 2026 05:00:43 +0000 (22:00 -0700)]
libfdisk: gpt: accept numeric attribute bits 0-2
gpt_entry_attrs_from_string() applied the GUID-specific range check
(48-63) to every numeric input. As a result, bare numeric bits 0, 1
and 2 were silently rejected. Those bits are RequiredPartition,
NoBlockIOProtocol and LegacyBIOSBootable, so the only way to set
them was by name.
That trips up any tool that emits attributes as a numeric list.
systemd-repart, for instance, formats Flags= as a comma-separated
list of decimal bit numbers, so Flags=0x4 (LegacyBIOSBootable) was
silently lost.
Split the numeric validation by source token:
- bare <bit> accepts {0,1,2} or [48,63];
- GUID:<bit> stays at [48,63]; the GUID: prefix belongs to the
GUID-specific range only;
- bits 3-47 are still rejected (UEFI-reserved).
Two drive-by fixes in the same block:
- 'end == str' compared strtol's end pointer to the function's
input rather than the current parse position; replace with
'end == p'.
- The diagnostic for an unsupported numeric bit printed p after
the GUID: strip, so "GUID:5" came out as "5". Save the token
start and pass that to fdisk_warnx().
Tests cover the new accepted forms (bare 0-2, mixed "<n>,GUID:<m>",
hex) and the still-rejected reserved range.
This function wraps around openat(2), fstat(2), ftruncate(2) and
fdopen(3) to create a file stream that is not a symbolic or hard
link in a race-free manner. It achieves this by implictly setting
the O_NOFOLLOW bit to openat(2) opening flags and later checks if
any hardlinks are registered for the file pointing to the acquired
file descriptor.
If all checks pass a pointer to the file stream handler is returned.
The relevance for this function becomes apparent in script(2) where
the default logfile is not allowed to be a link unless the --force
option is passed and where the current method is vulnerable to a
TOCTOU attack. It also helps with the code clarity as it moves the
complexity of opening link free file streams to an internal helper
and prevents scope creep as well as keeping the code base focused
on its most relevant concern, which is recording the input/output.
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
column: fix missing out-of-bounds check in table reordering
When the --table-order option is used we allocate memory on
the heap for the actual amount of columns we receive from
the input, and later store the wanted column struct objects,
specified in the --table-order list, in that memory space.
We do this by iterating over the order list and incrementing
the heap pointer with a counter variable. This leads to a
buffer overflow when the amount of input columns is smaller
than the amount of columns specified in the table order list.
To prevent this we iterate over the order list for as long as
the counter is smaller than the number of input columns.
Closes: #4281 Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
Karel Zak [Wed, 29 Apr 2026 10:13:19 +0000 (12:13 +0200)]
Merge branch 'libsmartcols/filter-fixes' of https://github.com/t-8ch/util-linux
* 'libsmartcols/filter-fixes' of https://github.com/t-8ch/util-linux:
libsmartcols: (tests) fix failure reporting in filter test
libsmartcols: drop superfluous call yo yylex_init()
libsmartcols: (tests) fix filter test name
Karel Zak [Wed, 29 Apr 2026 10:10:28 +0000 (12:10 +0200)]
Merge branch 'PR/lsmem-cleanup' of https://github.com/karelzak/util-linux-work
* 'PR/lsmem-cleanup' of https://github.com/karelzak/util-linux-work:
lsmem: sort longopts[] alphabetically
lsmem: improve usage() output
lsmem: use bool for struct lsmem members
Karel Zak [Wed, 29 Apr 2026 10:06:27 +0000 (12:06 +0200)]
Merge branch 'feat/4288' of https://github.com/echoechoin/util-linux
* 'feat/4288' of https://github.com/echoechoin/util-linux:
bash-completion: add --expand option for bits
bits: add tests for --expand option
bits: add --expand option to output individual bit IDs
Karel Zak [Wed, 29 Apr 2026 09:28:45 +0000 (11:28 +0200)]
Merge branch 'fix_issue/4272' of https://github.com/echoechoin/util-linux
* 'fix_issue/4272' of https://github.com/echoechoin/util-linux:
test_sigreceive: use ul_getuserpw_str() for user name/UID parsing
renice: use proper types and strutils for ID parsing
Karel Zak [Wed, 29 Apr 2026 08:07:20 +0000 (10:07 +0200)]
Merge branch 'feat/3887/rename' of https://github.com/echoechoin/util-linux
* 'feat/3887/rename' of https://github.com/echoechoin/util-linux:
rename: fix buffer overflow by using PATH_MAX instead of unreliable st_size
rename: add --copy option to copy instead of rename
renice: use proper types and strutils for ID parsing
Use ul_strtou32() instead of strtol() to parse PID/UID/GID and reject
negative values. Use strtos32_or_err() for priority. Change 'who' type
to uid_t and adjust getprio()/donice(). Use %u for unsigned IDs.
bits: add --expand option to output individual bit IDs
Add -e/--expand output mode that prints each set bit as a
comma-separated list without range compression. This is useful
for scripting when individual IDs are needed (e.g., CPU ID iteration).
Thomas Weißschuh [Tue, 28 Apr 2026 17:38:46 +0000 (19:38 +0200)]
libsmartcols: (tests) fix failure reporting in filter test
The pipeline executes the calls to ts_init_subtest and
ts_finalize_subtest in a subshell. This breaks their functionality
and test failures are not reported properly.
Karel Zak [Tue, 28 Apr 2026 13:04:09 +0000 (15:04 +0200)]
cfdisk: remove unnecessary cursor repositioning on exit
Remove the mvcur() call that moved the cursor to the bottom of the
terminal before endwin(). This pattern was inherited from the original
cfdisk (util-linux 2.2, 1996) and is unnecessary on modern terminals
where endwin() properly restores the terminal state.
The old behavior created extra blank lines between the previous shell
prompt and the new one after exiting cfdisk.
Addresses: https://github.com/util-linux/util-linux/discussions/4259 Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Tue, 28 Apr 2026 12:51:14 +0000 (14:51 +0200)]
cfdisk: fix memory leak of original_layout table
The original_layout table, allocated via fdisk_get_partitions() to
track the on-disk partition layout, was never freed on exit. Add the
missing fdisk_unref_table() call.
projects / thirdparty / util-linux.git / log
