--- v2.30-ReleaseNotes-orig 2017-05-12 08:39:25.300530082 -0400 +++ v2.30-ReleaseNotes-new 2017-05-12 10:13:43.159848475 -0400 @@ -9,7 +9,6 @@ The deprecated command tailf has been removed. Use "tail -f" from coreutils. - blkzone -- NEW COMMAND to run zone commands on block device that support Zoned Block Commands (ZBC) or Zoned-device ATA Commands (ZAC). The currently supported functionality is 'report' and 'reset'. @@ -19,13 +18,12 @@ [thanks to Masatake YAMATO (Red Hat)] lsmem -- NEW COMMAND to list the ranges of available memory with their online -status (originally implementd in Perl for s390-tools). [thanks to Clemens von Mann +status (originally implemented in Perl for s390-tools). [thanks to Clemens von Mann and Heiko Carstens (IBM)] -chmem -- NEW COMMAND to set memeory online/offline status [thanks to Heiko +chmem -- NEW COMMAND to set memory online/offline status [thanks to Heiko Carstens (IBM)] - The old and dead Alpha and Cmos code has been removed from hwclock command. The command fallocate supports "insert range" operation now. @@ -39,21 +37,36 @@ messages compatible with mount(8). +Security issues +--------------- + +hwclock - no longer makes any internal permission checks. The System + Administrator must set proper permissions to control user access to + the RTC. It is NOT recommended to use set-user-ID. + +CVE-2016-2779 - This security issue is NOT FIXED yet. It is possible to + disable the ioctl TIOCSTI by setsid() only. Unfortunately, setsid() + has well-defined use cases in su(1) and runuser(1) and any changes + would introduce regressions. It seems we need a better way -- ideally + another ioctl to disable TIOCSTI without setsid() or in userspace + implemented pty container (planned as experimental su(1) feature). + + Stable maintenance releases between v2.29 and v2.30 --------------------------------------------------- - -util-linux 2.29.2 [Fed 02 2017] - + +util-linux 2.29.2 [Feb 02 2017] + * https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.2-ChangeLog - -util-linux 2.29.1 [Jan 01 2017] - + +util-linux 2.29.1 [Jan 01 2017] + * https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.1-ReleaseNotes https://www.kernel.org/pub/linux/utils/util-linux/v2.29/v2.29.1-ChangeLog - + Changes between v2.29 and v2.30 -------------------------------- +------------------------------- agetty: - fix a memory leak when parsing \S in issue files [Matthias Gerstner] @@ -274,7 +287,7 @@ - clarify cmos inb and outb preprocessor directives [Sami Kerola] - clarify set_cmos_epoch() code [Sami Kerola] - do not hardcode date command magic string twice [Sami Kerola] - - don't check for permissions [Karel Zak] + - *SECURITY* don't check for permissions [Karel Zak] See 'Security issues' - extra messages for debug only [J William Piggott] - fix rtc atexit registration [Sami Kerola] - fix whitespace in hwclock-rtc.c [J William Piggott] -- To unsubscribe from this list: send the line "unsubscribe util-linux" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
