Fix CVE-2021-3996:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://seclists.org/oss-sec/2022/q1/66

Patch copied from upstream source repository:

https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b

From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Tue, 4 Jan 2022 10:54:20 +0100
Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996]

This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.

The support for "(deleted)" is no more necessary as the Linux kernel does
not use it in /proc/self/mountinfo and /proc/self/mount files anymore.

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 libmount/src/tab_parse.c                            |  5 -----
 tests/expected/findmnt/filter-options               |  1 -
 tests/expected/findmnt/filter-options-nameval-neg   |  3 +--
 tests/expected/findmnt/filter-types-neg             |  1 -
 tests/expected/findmnt/outputs-default              |  3 +--
 tests/expected/findmnt/outputs-force-tree           |  3 +--
 tests/expected/findmnt/outputs-kernel               |  3 +--
 tests/expected/libmount/tabdiff-mount               |  1 -
 tests/expected/libmount/tabdiff-move                |  1 -
 tests/expected/libmount/tabdiff-remount             |  1 -
 tests/expected/libmount/tabdiff-umount              |  1 -
 tests/expected/libmount/tabfiles-parse-mountinfo    | 11 -----------
 tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 -----------
 tests/ts/findmnt/files/mountinfo                    |  1 -
 tests/ts/findmnt/files/mountinfo-nonroot            |  1 -
 tests/ts/libmount/files/mountinfo                   |  1 -
 16 files changed, 4 insertions(+), 44 deletions(-)

diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c
index 917779ab6..4407f9c9c 100644
--- a/libmount/src/tab_parse.c
+++ b/libmount/src/tab_parse.c
@@ -227,11 +227,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s)
 		goto fail;
 	}
 
-	/* remove "\040(deleted)" suffix */
-	p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX);
-	if (p && *p)
-		*p = '\0';
-
 	s = skip_separator(s);
 
 	/* (6) vfs options (fs-independent) */
diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options
index 2606bce76..97b0ead0a 100644
--- a/tests/expected/findmnt/filter-options
+++ b/tests/expected/findmnt/filter-options
@@ -28,5 +28,4 @@ TARGET                       SOURCE           FSTYPE                OPTIONS
 /home/kzak/.gvfs             gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
 /var/lib/nfs/rpc_pipefs      sunrpc           rpc_pipefs            rw,relatime
 /mnt/sounds                  //foo.home/bar/  cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-/mnt/foo                     /fooooo          bar                   rw,relatime
 rc=0
diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg
index 5471d65af..f0467ef75 100644
--- a/tests/expected/findmnt/filter-options-nameval-neg
+++ b/tests/expected/findmnt/filter-options-nameval-neg
@@ -29,6 +29,5 @@ TARGET                         SOURCE                FSTYPE                OPTIO
 |-/home/kzak                   /dev/mapper/kzak-home ext4                  rw,noatime,barrier=1,data=ordered
 | `-/home/kzak/.gvfs           gvfs-fuse-daemon      fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
 |-/var/lib/nfs/rpc_pipefs      sunrpc                rpc_pipefs            rw,relatime
-|-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo                     /fooooo               bar                   rw,relatime
+`-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
 rc=0
diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg
index 2606bce76..97b0ead0a 100644
--- a/tests/expected/findmnt/filter-types-neg
+++ b/tests/expected/findmnt/filter-types-neg
@@ -28,5 +28,4 @@ TARGET                       SOURCE           FSTYPE                OPTIONS
 /home/kzak/.gvfs             gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
 /var/lib/nfs/rpc_pipefs      sunrpc           rpc_pipefs            rw,relatime
 /mnt/sounds                  //foo.home/bar/  cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-/mnt/foo                     /fooooo          bar                   rw,relatime
 rc=0
diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default
index 59495797b..01599355e 100644
--- a/tests/expected/findmnt/outputs-default
+++ b/tests/expected/findmnt/outputs-default
@@ -30,6 +30,5 @@ TARGET                         SOURCE                FSTYPE                OPTIO
 |-/home/kzak                   /dev/mapper/kzak-home ext4                  rw,noatime,barrier=1,data=ordered
 | `-/home/kzak/.gvfs           gvfs-fuse-daemon      fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
 |-/var/lib/nfs/rpc_pipefs      sunrpc                rpc_pipefs            rw,relatime
-|-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo                     /fooooo               bar                   rw,relatime
+`-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
 rc=0
diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree
index 59495797b..01599355e 100644
--- a/tests/expected/findmnt/outputs-force-tree
+++ b/tests/expected/findmnt/outputs-force-tree
@@ -30,6 +30,5 @@ TARGET                         SOURCE                FSTYPE                OPTIO
 |-/home/kzak                   /dev/mapper/kzak-home ext4                  rw,noatime,barrier=1,data=ordered
 | `-/home/kzak/.gvfs           gvfs-fuse-daemon      fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
 |-/var/lib/nfs/rpc_pipefs      sunrpc                rpc_pipefs            rw,relatime
-|-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo                     /fooooo               bar                   rw,relatime
+`-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
 rc=0
diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel
index 59495797b..01599355e 100644
--- a/tests/expected/findmnt/outputs-kernel
+++ b/tests/expected/findmnt/outputs-kernel
@@ -30,6 +30,5 @@ TARGET                         SOURCE                FSTYPE                OPTIO
 |-/home/kzak                   /dev/mapper/kzak-home ext4                  rw,noatime,barrier=1,data=ordered
 | `-/home/kzak/.gvfs           gvfs-fuse-daemon      fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500
 |-/var/lib/nfs/rpc_pipefs      sunrpc                rpc_pipefs            rw,relatime
-|-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-`-/mnt/foo                     /fooooo               bar                   rw,relatime
+`-/mnt/sounds                  //foo.home/bar/       cifs                  rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
 rc=0
diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount
index 420aeacd5..3c18f8dc4 100644
--- a/tests/expected/libmount/tabdiff-mount
+++ b/tests/expected/libmount/tabdiff-mount
@@ -1,3 +1,2 @@
 /dev/mapper/kzak-home on /home/kzak: MOUNTED
-/fooooo on /mnt/foo: MOUNTED
 tmpfs on /mnt/test/foo
bar: MOUNTED
diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move
index 24f9bc791..95820d93e 100644
--- a/tests/expected/libmount/tabdiff-move
+++ b/tests/expected/libmount/tabdiff-move
@@ -1,3 +1,2 @@
 //foo.home/bar/ on /mnt/music: MOVED to /mnt/music
-/fooooo on /mnt/foo: UMOUNTED
 tmpfs on /mnt/test/foo
bar: UMOUNTED
diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount
index 82ebeab39..876bfd953 100644
--- a/tests/expected/libmount/tabdiff-remount
+++ b/tests/expected/libmount/tabdiff-remount
@@ -1,4 +1,3 @@
 /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered'
 //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344'
-/fooooo on /mnt/foo: UMOUNTED
 tmpfs on /mnt/test/foo
bar: UMOUNTED
diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount
index a3e0fe48a..c7be725b9 100644
--- a/tests/expected/libmount/tabdiff-umount
+++ b/tests/expected/libmount/tabdiff-umount
@@ -1,3 +1,2 @@
 /dev/mapper/kzak-home on /home/kzak: UMOUNTED
-/fooooo on /mnt/foo: UMOUNTED
 tmpfs on /mnt/test/foo
bar: UMOUNTED
diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo
index 47eb77006..d5ba5248e 100644
--- a/tests/expected/libmount/tabfiles-parse-mountinfo
+++ b/tests/expected/libmount/tabfiles-parse-mountinfo
@@ -351,17 +351,6 @@ id:     47
 parent: 20
 devno:  0:38
 ------ fs:
-source: /fooooo
-target: /mnt/foo
-fstype: bar
-optstr: rw,relatime
-VFS-optstr: rw,relatime
-FS-opstr: rw
-root:   /
-id:     48
-parent: 20
-devno:  0:39
------- fs:
 source: tmpfs
 target: /mnt/test/foo
bar
 fstype: tmpfs
diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo
index 47eb77006..d5ba5248e 100644
--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo
+++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo
@@ -351,17 +351,6 @@ id:     47
 parent: 20
 devno:  0:38
 ------ fs:
-source: /fooooo
-target: /mnt/foo
-fstype: bar
-optstr: rw,relatime
-VFS-optstr: rw,relatime
-FS-opstr: rw
-root:   /
-id:     48
-parent: 20
-devno:  0:39
------- fs:
 source: tmpfs
 target: /mnt/test/foo
bar
 fstype: tmpfs
diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo
index 475ea1a33..ff1e664a8 100644
--- a/tests/ts/findmnt/files/mountinfo
+++ b/tests/ts/findmnt/files/mountinfo
@@ -30,4 +30,3 @@
 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot
index e15b46701..87b421d2e 100644
--- a/tests/ts/findmnt/files/mountinfo-nonroot
+++ b/tests/ts/findmnt/files/mountinfo-nonroot
@@ -29,4 +29,3 @@
 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo
index c06307183..2b0174048 100644
--- a/tests/ts/libmount/files/mountinfo
+++ b/tests/ts/libmount/files/mountinfo
@@ -30,5 +30,4 @@
 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500
 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw
 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344
-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw
 49 20 0:56 / /mnt/test/foo
bar rw,relatime shared:323 - tmpfs tmpfs rw
-- 
2.34.0