Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package util-linux for openSUSE:Factory checked in at 2026-02-25 21:06:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/util-linux (Old) and /work/SRC/openSUSE:Factory/.util-linux.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "util-linux" Wed Feb 25 21:06:35 2026 rev:305 rq:1334452 version:2.41.3 Changes: -------- --- /work/SRC/openSUSE:Factory/util-linux/util-linux.changes 2026-02-14 21:37:54.086090890 +0100 +++ /work/SRC/openSUSE:Factory/.util-linux.new.1977/util-linux.changes 2026-02-25 21:06:37.180424779 +0100 @@ -1,0 +2,7 @@ +Mon Feb 23 00:37:02 UTC 2026 - Stanislav Brabec <[email protected]> + +- Prevent leaking of NETLINK_ROUTE socket to login, which causes + SELinux AVC denial (gh#util-linux/util-linux#4032, + util-linux-lib-netlink-fix5.patch). + +------------------------------------------------------------------- New: ---- util-linux-lib-netlink-fix5.patch ----------(New B)---------- New: SELinux AVC denial (gh#util-linux/util-linux#4032, util-linux-lib-netlink-fix5.patch). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ util-linux.spec ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:38.888495482 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:38.888495482 +0100 @@ -123,28 +123,30 @@ Patch10: util-linux-lib-netlink-fix3.patch # PATCH-FIX-UPSTREAM util-linux-agetty-netlink-fix4.patch jsc#PED-8734 [email protected] -- Implement netlink based IP address detection and issue reload. Patch11: util-linux-agetty-netlink-fix4.patch +# PATCH-FIX-UPSTREAM util-linux-lib-netlink-fix5.patch gh#util-linux/util-linux#4032 [email protected] -- Fix NETLINK_ROUTE socket leak. +Patch12: util-linux-lib-netlink-fix5.patch # PATCH-FEATURE-UPSTREAM util-linux-lib-configs.patch gh#util-linux/util-linux#3752 [email protected] -- Added lib "configs" for parsing configuration. -Patch12: util-linux-lib-configs.patch +Patch13: util-linux-lib-configs.patch # PATCH-FEATURE-UPSTREAM util-linux-agetty-configs.patch gh#util-linux/util-linux#3752 [email protected] -- agetty: using configs lib for parsing issue files. -Patch13: util-linux-agetty-configs.patch +Patch14: util-linux-agetty-configs.patch # PATCH-FIX-UPSTREAM util-linux-lib-configs-fix1.patch [email protected] -- Fix agetty: using configs lib. -Patch14: util-linux-lib-configs-fix1.patch +Patch15: util-linux-lib-configs-fix1.patch # PATCH-FIX-UPSTREAM util-linux-lib-configs-fix2.patch [email protected] -- Fix agetty: using configs lib. -Patch15: util-linux-lib-configs-fix2.patch +Patch16: util-linux-lib-configs-fix2.patch # PATCH-FIX-UPSTREAM util-linux-lib-configs-fix3.patch [email protected] -- Fix agetty: using configs lib. -Patch16: util-linux-lib-configs-fix3.patch +Patch17: util-linux-lib-configs-fix3.patch # PATCH-FIX-UPSTREAM util-linux-lib-configs-fix4.patch [email protected] -- Fix agetty: using configs lib. -Patch17: util-linux-lib-configs-fix4.patch +Patch18: util-linux-lib-configs-fix4.patch # PATCH-FIX-UPSTREAM util-linux-lib-configs-fix5.patch [email protected] -- Fix agetty: using configs lib. -Patch18: util-linux-lib-configs-fix5.patch +Patch19: util-linux-lib-configs-fix5.patch # PATCH-FIX-UPSTREAM util-linux-lib-configs-fix6.patch [email protected] -- Fix agetty: using configs lib. -Patch19: util-linux-lib-configs-fix6.patch +Patch20: util-linux-lib-configs-fix6.patch # PATCH-FIX-UPSTREAM util-linux-agetty-escape-erase.patch bsc#1194818 [email protected] -- Fix agetty erase of escape characters. -Patch20: util-linux-agetty-escape-erase.patch +Patch21: util-linux-agetty-escape-erase.patch # PATCH-FIX-BUILD util-linux-man-generated.patch [email protected] -- Update generated man pages modified by patches. -Patch21: util-linux-man-generated.patch +Patch22: util-linux-man-generated.patch # PATCH-FIX-OPENSUSE bsc#1222465: fdisk creates broken partition table -Patch22: util-linux-bsc-1222465.patch +Patch23: util-linux-bsc-1222465.patch BuildRequires: audit-devel BuildRequires: bc BuildRequires: binutils-devel ++++++ util-linux-agetty-netlink-fix4.patch ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:39.100504259 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:39.104504425 +0100 @@ -1,7 +1,7 @@ From fa9b5740f67bc64d7b58f9b2fcc4f2883d7dcc91 Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <[email protected]> Date: Fri, 10 Oct 2025 13:17:26 +0200 -Subject: [PATCH 6/6] agetty: Process all data from ul_nl_process() +Subject: [PATCH 6/7] agetty: Process all data from ul_nl_process() However select() normally triggers immediately after a partial read, it does not happen for netlink socket. It keeps unprocessed data until the next netlink ++++++ util-linux-agetty-netlink.patch ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:39.120505088 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:39.124505253 +0100 @@ -1,7 +1,7 @@ From b8b5030d792c0ffe51ee4a5925d43735b5d782d8 Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <[email protected]> Date: Wed, 9 Jul 2025 14:35:28 +0200 -Subject: [PATCH 2/6] agetty: Implement netlink based IP processing +Subject: [PATCH 2/7] agetty: Implement netlink based IP processing The current \4 and \6 issue file escapes implementation is inferior. It uses get getifaddrs() to get a list of IP addresses. This function does not ++++++ util-linux-lib-netlink-fix1.patch ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:39.176507407 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:39.180507572 +0100 @@ -1,7 +1,7 @@ From a5db8d0a9ed63969381feeee1eb0c3b39d32876b Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <[email protected]> Date: Sun, 5 Oct 2025 02:29:00 +0200 -Subject: [PATCH 3/6] ul_nl_addr_dup(): Fix address comparison +Subject: [PATCH 3/7] ul_nl_addr_dup(): Fix address comparison When duplicating struct ul_nl_addr, set address to ifa_local, if it is set to ifa_local in the source. This fixes the address for PtP IPv4 network ++++++ util-linux-lib-netlink-fix2.patch ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:39.200508400 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:39.204508566 +0100 @@ -1,7 +1,7 @@ From 030303e4b93b65a5172a0c80f9f864b06f76cb81 Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <[email protected]> Date: Sun, 5 Oct 2025 02:53:17 +0200 -Subject: [PATCH 4/6] netlink process_addr(): Ignore UL_NL_SOFT_ERROR +Subject: [PATCH 4/7] netlink process_addr(): Ignore UL_NL_SOFT_ERROR UL_NL_SOFT_ERROR can be issued if kernel sends unpaired RTM_DELADDR. It should not happen, but it can happen due to race condition. And it happened ++++++ util-linux-lib-netlink-fix3.patch ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:39.220509228 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:39.228509560 +0100 @@ -1,7 +1,7 @@ From 60c5c0516e6ce52863b12343a1cd276423ab3bae Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <[email protected]> Date: Wed, 8 Oct 2025 01:14:32 +0200 -Subject: [PATCH 5/6] netaddrq: Fix crash if there are no IP addresses +Subject: [PATCH 5/7] netaddrq: Fix crash if there are no IP addresses If there are no IP addresses, ul_netaddrq_bestaddr() returns threshold ULNETLINK_RATING_BAD, but there were no addresses in the best array, and ++++++ util-linux-lib-netlink-fix5.patch ++++++ >From 889d454aaa10b70e6cdbca3183414ead52f0e379 Mon Sep 17 00:00:00 2001 From: Karel Zak <[email protected]> Date: Tue, 17 Feb 2026 11:35:17 +0100 Subject: [PATCH 7/7] lib/netlink: set SOCK_CLOEXEC on netlink socket Set SOCK_CLOEXEC when creating the NETLINK_ROUTE socket in ul_nl_open() to prevent the file descriptor from leaking to child processes across execv(). In agetty, the netlink socket used to monitor IP address changes for \4/\6 issue escapes was inherited by the login program, causing SELinux AVC denials (local_login_t denied read/write on getty_t's netlink_route_socket). Fixes: https://github.com/util-linux/util-linux/issues/4032 Signed-off-by: Karel Zak <[email protected]> --- lib/netlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/netlink.c b/lib/netlink.c index a6c7f25f2..28eb185d5 100644 --- a/lib/netlink.c +++ b/lib/netlink.c @@ -310,7 +310,7 @@ int ul_nl_open(struct ul_nl_data *nl, uint32_t nl_groups) int rc; DBG(NLMSG, ul_debugobj(nl, "opening socket")); - sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + sock = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_ROUTE); if (sock < 0) return sock; addr.nl_family = AF_NETLINK; -- 2.51.0 ++++++ util-linux-lib-netlink.patch ++++++ --- /var/tmp/diff_new_pack.mOHz5Q/_old 2026-02-25 21:06:39.260510885 +0100 +++ /var/tmp/diff_new_pack.mOHz5Q/_new 2026-02-25 21:06:39.264511050 +0100 @@ -1,7 +1,7 @@ From ee8586cbdfb20bea6b1a7e3f10f136b6c8554f02 Mon Sep 17 00:00:00 2001 From: Stanislav Brabec <[email protected]> Date: Wed, 9 Jul 2025 14:29:10 +0200 -Subject: [PATCH 1/6] New netlink library +Subject: [PATCH 1/7] New netlink library To support netlink and IP address processing, two new library files were added:
