From 5107dbda6c6770ad281088ed1081cf8c64cceba8fa813c243d316ed462358177 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 1 Oct 2013 07:23:27 +0000 Subject: [PATCH] - Add set-ignoreonisolate-noauto-cryptsetup.patch: ensure noauto encrypted mounts survives runlevel changes (bnc#843085). - Add 0001-Fix-buffer-overrun-when-enumerating-files.patch: fix logind crash when /run/systemd/sessions was too big (bnc#840055, initial fix from hpj@suse.com). - Update sysctl-handle-boot-sysctl.conf-kernel_release.patch to only check for /boot/sysctl.conf- presence. - Add service wrapper for after.local (bnc#778715). OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=447 --- ...uffer-overrun-when-enumerating-files.patch | 139 ++++++++++++++++++ after-local.service | 18 +++ set-ignoreonisolate-noauto-cryptsetup.patch | 27 ++++ ...ndle-boot-sysctl.conf-kernel_release.patch | 2 +- systemd-mini.changes | 12 ++ systemd-mini.spec | 11 ++ systemd.changes | 12 ++ systemd.spec | 11 ++ 8 files changed, 231 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-buffer-overrun-when-enumerating-files.patch create mode 100644 after-local.service create mode 100644 set-ignoreonisolate-noauto-cryptsetup.patch diff --git a/0001-Fix-buffer-overrun-when-enumerating-files.patch b/0001-Fix-buffer-overrun-when-enumerating-files.patch new file mode 100644 index 0000000..257889d --- /dev/null +++ b/0001-Fix-buffer-overrun-when-enumerating-files.patch @@ -0,0 +1,139 @@ +From 893fa014de0f73337ff4a4c9c531d6789b72f5bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 29 Sep 2013 14:40:58 +0200 +Subject: [PATCH] Fix buffer overrun when enumerating files + +https://bugs.freedesktop.org/show_bug.cgi?id=69887 + +Based-on-a-patch-by: Hans Petter Jansson +--- + src/shared/util.c | 79 +++++++++++++++++----------------------------------- + src/test/test-util.c | 10 +++++++ + 2 files changed, 36 insertions(+), 53 deletions(-) + +Index: systemd-207/src/shared/util.c +=================================================================== +--- systemd-207.orig/src/shared/util.c ++++ systemd-207/src/shared/util.c +@@ -4435,38 +4435,31 @@ int dirent_ensure_type(DIR *d, struct di + } + + int in_search_path(const char *path, char **search) { +- char **i, *parent; ++ char **i; ++ _cleanup_free_ char *parent = NULL; + int r; + + r = path_get_parent(path, &parent); + if (r < 0) + return r; + +- r = 0; ++ STRV_FOREACH(i, search) ++ if (path_equal(parent, *i)) ++ return 1; + +- STRV_FOREACH(i, search) { +- if (path_equal(parent, *i)) { +- r = 1; +- break; +- } +- } +- +- free(parent); +- +- return r; ++ return 0; + } + + int get_files_in_directory(const char *path, char ***list) { +- DIR *d; +- int r = 0; +- unsigned n = 0; +- char **l = NULL; ++ _cleanup_closedir_ DIR *d = NULL; ++ size_t bufsize = 0, n = 0; ++ _cleanup_strv_free_ char **l = NULL; + + assert(path); + + /* Returns all files in a directory in *list, and the number + * of files as return value. If list is NULL returns only the +- * number */ ++ * number. */ + + d = opendir(path); + if (!d) +@@ -4478,11 +4471,9 @@ int get_files_in_directory(const char *p + int k; + + k = readdir_r(d, &buf.de, &de); +- if (k != 0) { +- r = -k; +- goto finish; +- } +- ++ assert(k >= 0); ++ if (k > 0) ++ return -k; + if (!de) + break; + +@@ -4492,43 +4483,25 @@ int get_files_in_directory(const char *p + continue; + + if (list) { +- if ((unsigned) r >= n) { +- char **t; +- +- n = MAX(16, 2*r); +- t = realloc(l, sizeof(char*) * n); +- if (!t) { +- r = -ENOMEM; +- goto finish; +- } +- +- l = t; +- } +- +- assert((unsigned) r < n); +- +- l[r] = strdup(de->d_name); +- if (!l[r]) { +- r = -ENOMEM; +- goto finish; +- } ++ /* one extra slot is needed for the terminating NULL */ ++ if (!GREEDY_REALLOC(l, bufsize, n + 2)) ++ return -ENOMEM; ++ ++ l[n] = strdup(de->d_name); ++ if (!l[n]) ++ return -ENOMEM; + +- l[++r] = NULL; ++ l[++n] = NULL; + } else +- r++; ++ n++; + } + +-finish: +- if (d) +- closedir(d); +- +- if (r >= 0) { +- if (list) +- *list = l; +- } else +- strv_free(l); ++ if (list) { ++ *list = l; ++ l = NULL; /* avoid freeing */ ++ } + +- return r; ++ return n; + } + + char *strjoin(const char *x, ...) { diff --git a/after-local.service b/after-local.service new file mode 100644 index 0000000..a9fb26a --- /dev/null +++ b/after-local.service @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +[Unit] +Description=/etc/init.d/after.local Compatibility +ConditionFileIsExecutable=/etc/init.d/after.local +After=getty.target + +[Service] +Type=idle +ExecStart=/etc/init.d/after.local +TimeoutSec=0 +RemainAfterExit=yes +SysVStartPriority=99 diff --git a/set-ignoreonisolate-noauto-cryptsetup.patch b/set-ignoreonisolate-noauto-cryptsetup.patch new file mode 100644 index 0000000..5770394 --- /dev/null +++ b/set-ignoreonisolate-noauto-cryptsetup.patch @@ -0,0 +1,27 @@ +From 4469ff4adebbed4778e7fe767f0165776c1ba62a Mon Sep 17 00:00:00 2001 +From: Andrey Borzenkov +Date: Sun, 29 Sep 2013 15:37:30 +0400 +Subject: [PATCH] set IgnoreOnIsolate=true for systemd-cryptsetup@.service + +When crypttab contains noauto, cryptsetup service does not have any +explicit dependencies. If service is started later manually (directly or via +mount dependency) it will be stopped on isolate. + +mount units already have IgnoreOnIsolate set by default. Set it by +default for cryptsetup units as well. +--- + src/cryptsetup/cryptsetup-generator.c | 1 + + 1 file changed, 1 insertion(+) + +Index: systemd-207/src/cryptsetup/cryptsetup-generator.c +=================================================================== +--- systemd-207.orig/src/cryptsetup/cryptsetup-generator.c ++++ systemd-207/src/cryptsetup/cryptsetup-generator.c +@@ -111,6 +111,7 @@ static int create_disk( + "Conflicts=umount.target\n" + "DefaultDependencies=no\n" + "BindsTo=dev-mapper-%i.device\n" ++ "IgnoreOnIsolate=true\n" + "After=md.service dmraid.service\n" + "After=systemd-readahead-collect.service systemd-readahead-replay.service\n", + f); diff --git a/sysctl-handle-boot-sysctl.conf-kernel_release.patch b/sysctl-handle-boot-sysctl.conf-kernel_release.patch index 3381072..9b3defb 100644 --- a/sysctl-handle-boot-sysctl.conf-kernel_release.patch +++ b/sysctl-handle-boot-sysctl.conf-kernel_release.patch @@ -44,7 +44,7 @@ Index: systemd-207/units/systemd-sysctl.service.in ConditionDirectoryNotEmpty=|/usr/local/lib/sysctl.d ConditionDirectoryNotEmpty=|/etc/sysctl.d ConditionDirectoryNotEmpty=|/run/sysctl.d -+ConditionPathExistsGlob=|/boot/sysctl.conf-* ++ConditionPathExistsGlob=|/boot/sysctl.conf-%v +RequiresMountsFor=/boot [Service] diff --git a/systemd-mini.changes b/systemd-mini.changes index 08f7576..635e220 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Sep 30 15:42:45 UTC 2013 - fcrozat@suse.com + +- Add set-ignoreonisolate-noauto-cryptsetup.patch: ensure noauto + encrypted mounts survives runlevel changes (bnc#843085). +- Add 0001-Fix-buffer-overrun-when-enumerating-files.patch: fix + logind crash when /run/systemd/sessions was too big (bnc#840055, + initial fix from hpj@suse.com). +- Update sysctl-handle-boot-sysctl.conf-kernel_release.patch to + only check for /boot/sysctl.conf- presence. +- Add service wrapper for after.local (bnc#778715). + ------------------------------------------------------------------- Fri Sep 27 15:47:15 UTC 2013 - fcrozat@suse.com diff --git a/systemd-mini.spec b/systemd-mini.spec index 3cb60d4..1badd59 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -112,6 +112,7 @@ Source7: libgcrypt.m4 Source8: systemd-journald.init Source9: nss-myhostname-config Source10: macros.systemd.upstream +Source11: after-local.service Source1060: boot.udev Source1061: write_dev_root_rule @@ -191,6 +192,10 @@ Patch54: 0008-swap-create-.wants-symlink-to-auto-swap-devices.patch Patch55: 0009-polkit-Avoid-race-condition-in-scraping-proc.patch # PATCH-FIX-UPSTREAM Fix-timeout-when-stopping-Type-notify-service.patch -- watch MAINPID after it becomed known [bnc#841544] Patch56: Fix-timeout-when-stopping-Type-notify-service.patch +# PATCH-FIX-UPSTREAM set-ignoreonisolate-noauto-cryptsetup.patch bnc#843085 fcrozat@suse.com -- Ensure noauto crypt mount points survives runlevel change +Patch57: set-ignoreonisolate-noauto-cryptsetup.patch +# PATCH-FIX-UPSTREAM 0001-Fix-buffer-overrun-when-enumerating-files.patch bnc#840055 fdo#69887 fcrozat@suse.com -- Fix crash when /run/systemd/sessions was too big +Patch58: 0001-Fix-buffer-overrun-when-enumerating-files.patch # udev patches # PATCH-FIX-OPENSUSE 1001-re-enable-by_path-links-for-ata-devices.patch @@ -447,6 +452,8 @@ cp %{SOURCE7} m4/ %patch54 -p1 %patch55 -p1 %patch56 -p1 +%patch57 -p1 +%patch58 -p1 # udev patches %patch1001 -p1 @@ -627,6 +634,10 @@ cat << EOF > %{buildroot}%{_prefix}/lib/systemd/system/getty@tty1.service.d/nocl TTYVTDisallocate=no EOF +# ensure after.local wrapper is called +install -m 644 %{S:9} %{buildroot}/%{_prefix}/lib/systemd/system/ +ln -s ../after-local.service %{buildroot}/%{_prefix}/lib/systemd/system/multi-user.target.wants/ + %fdupes -s %{buildroot}%{_mandir} # packaged in systemd-rpm-macros diff --git a/systemd.changes b/systemd.changes index 08f7576..635e220 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Sep 30 15:42:45 UTC 2013 - fcrozat@suse.com + +- Add set-ignoreonisolate-noauto-cryptsetup.patch: ensure noauto + encrypted mounts survives runlevel changes (bnc#843085). +- Add 0001-Fix-buffer-overrun-when-enumerating-files.patch: fix + logind crash when /run/systemd/sessions was too big (bnc#840055, + initial fix from hpj@suse.com). +- Update sysctl-handle-boot-sysctl.conf-kernel_release.patch to + only check for /boot/sysctl.conf- presence. +- Add service wrapper for after.local (bnc#778715). + ------------------------------------------------------------------- Fri Sep 27 15:47:15 UTC 2013 - fcrozat@suse.com diff --git a/systemd.spec b/systemd.spec index 80890da..7431f5f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -107,6 +107,7 @@ Source7: libgcrypt.m4 Source8: systemd-journald.init Source9: nss-myhostname-config Source10: macros.systemd.upstream +Source11: after-local.service Source1060: boot.udev Source1061: write_dev_root_rule @@ -186,6 +187,10 @@ Patch54: 0008-swap-create-.wants-symlink-to-auto-swap-devices.patch Patch55: 0009-polkit-Avoid-race-condition-in-scraping-proc.patch # PATCH-FIX-UPSTREAM Fix-timeout-when-stopping-Type-notify-service.patch -- watch MAINPID after it becomed known [bnc#841544] Patch56: Fix-timeout-when-stopping-Type-notify-service.patch +# PATCH-FIX-UPSTREAM set-ignoreonisolate-noauto-cryptsetup.patch bnc#843085 fcrozat@suse.com -- Ensure noauto crypt mount points survives runlevel change +Patch57: set-ignoreonisolate-noauto-cryptsetup.patch +# PATCH-FIX-UPSTREAM 0001-Fix-buffer-overrun-when-enumerating-files.patch bnc#840055 fdo#69887 fcrozat@suse.com -- Fix crash when /run/systemd/sessions was too big +Patch58: 0001-Fix-buffer-overrun-when-enumerating-files.patch # udev patches # PATCH-FIX-OPENSUSE 1001-re-enable-by_path-links-for-ata-devices.patch @@ -442,6 +447,8 @@ cp %{SOURCE7} m4/ %patch54 -p1 %patch55 -p1 %patch56 -p1 +%patch57 -p1 +%patch58 -p1 # udev patches %patch1001 -p1 @@ -622,6 +629,10 @@ cat << EOF > %{buildroot}%{_prefix}/lib/systemd/system/getty@tty1.service.d/nocl TTYVTDisallocate=no EOF +# ensure after.local wrapper is called +install -m 644 %{S:11} %{buildroot}/%{_prefix}/lib/systemd/system/ +ln -s ../after-local.service %{buildroot}/%{_prefix}/lib/systemd/system/multi-user.target.wants/ + %fdupes -s %{buildroot}%{_mandir} # packaged in systemd-rpm-macros