deepin-community · Zeno-sole · Dec 25, 2025 · Dec 25, 2025
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+util-linux (2.40.4-3deepin9) unstable; urgency=medium
+
+  * fix CVE-2025-14104 
+
+ -- zengwei <[email protected]>  Thu, 25 Dec 2025 15:02:15 +0800
+
 util-linux (2.40.4-3deepin8) unstable; urgency=medium
 
   * fix lscpu wrong at Phytium.

diff --git a/debian/patches/CVE-2025-14104-1.patch b/debian/patches/CVE-2025-14104-1.patch
@@ -0,0 +1,30 @@
+From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <[email protected]>
+Date: Sat, 24 May 2025 03:16:09 +0100
+Subject: [PATCH] Update setpwnam.c
+
+---
+ login-utils/setpwnam.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 3e3c1abde50..95e470b5a34 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ 		}
+
+ 		/* Is this the username we were sent to change? */
+-		if (!found && linebuf[namelen] == ':' &&
+-		    !strncmp(linebuf, pwd->pw_name, namelen)) {
+-			/* Yes! So go forth in the name of the Lord and
+-			 * change it!  */
++		if (!found &&
++		    strncmp(linebuf, pwd->pw_name, namelen) == 0 &&
++		    strlen(linebuf) > namelen &&
++		    linebuf[namelen] == ':') {
++			/* Yes! But this time let’s not walk past the end of the buffer
++			 * in the name of the Lord, SUID, or anything else. */
+ 			if (putpwent(pwd, fp) < 0)
+ 				goto fail;
+ 			found = 1;
diff --git a/debian/patches/CVE-2025-14104-2.patch b/debian/patches/CVE-2025-14104-2.patch
@@ -0,0 +1,24 @@
+From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001
+From: Mohamed Maatallah <[email protected]>
+Date: Mon, 26 May 2025 10:06:02 +0100
+Subject: [PATCH] Update bufflen
+
+Update buflen
+---
+ login-utils/setpwnam.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c
+index 95e470b5a34..7778e98f7cc 100644
+--- a/login-utils/setpwnam.c
++++ b/login-utils/setpwnam.c
+@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix)
+ 		goto fail;
+
+ 	namelen = strlen(pwd->pw_name);
+-
++	if (namelen > buflen)
++		buflen += namelen;
+ 	linebuf = malloc(buflen);
+ 	if (!linebuf)
+ 		goto fail;
diff --git a/debian/patches/series b/debian/patches/series
@@ -27,3 +27,6 @@ debian/usec-umac-adapt.patch
 uniontech-backward-lsblk.patch
 add-sunway-support.patch
 uniontech-fix-arm-lscpu-modename.patch
+CVE-2025-14104-1.patch
+CVE-2025-14104-2.patch
+