[Deepin Integration]~[V23-Release] fix: CVE-2024-28085 by UTsweetyfish@deepin-community/util-linux by deepin-community-ci-bot[bot]

[deepin-bot]

Package information | 软件包信息

包名	版本
util-linux	2.39.3-6deepin1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-1199/testing/ ./

Changelog | 更新信息

util-linux (2.39.3-6deepin1) unstable; urgency=medium

This upload matches 2.39.3-11 in Debian unstable.

Cherry-pick changes from Debian to avoid time_t transition:

[ Johannes Schauer Marin Rodrigues ]

• util-linux.postinst: avoid running uname in maintainer script for
  chrootless hurd support (Closes: #1063638)

[ Chris Hofstaedtler ]

• Run wrap-and-sort -kas
• Tighten dependencies between programs and our own shlibs
• Apply upstream patch fixing CVE-2024-28085
• No longer install wall, write setgid tty

[deepin-bot]

Integration Test Info

Test suggestion | 测试建议

集成 util-linux，修复 CVE-2024-28085

Influence | 影响范围

ADDITIONAL INFORMATION | 额外补充

https://www.openwall.com/lists/oss-security/2024/03/27/5

https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt

https://github.com/skyler-ferrante/CVE-2024-28085

[deepin-bot]

IntegrationProjector Notify the author
@UTsweetyfish: Integrated issue updated

[deepin-bot]

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#1199

[babyfengfjx]

@kobe337 请开展集成验证。

[kobe337]

CVE-2024-28085修复：通过查看官方上游提供的CVE修复代码和本次提测的修复代码，字符数组均增加了校验，本次核对通过。以下为官方修改代码：

[kobe337]

验证通过
【环境】：
镜像：https://cdimage.uniontech.com/community/releases/23-Beta3/
仓库：提测单仓库
内核：Linux deepinb3-PC 6.6.21-amd64-desktop-hwe #23.01.00.23 SMP PREEMPT_DYNAMIC Mon Mar 18 09:58:09 CST 2024 x86_64 GNU/Linux

【结论】：
测试通过，暂无严重问题及影响

util-linux是包含基本命令行工具的开源软件包
1、版本核对，安装校验。
2、CVE-2024-28085的修复确认。
3、utill-linux工具包常用命令验证：blkid、fsck、lsblk、mkfs、su、more、lslogins、lsmem、lsipc、lscpu、last、ipcs、dmesg。
以上已验证