pool/systemd
SHA256
2
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 908417 from Base:System

Browse Source 
- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6)
  For a complete list of changes, visit:
  cb29bcc5ef...73e9e6fb84

- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
  Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes
  https://github.com/systemd/systemd/issues/19464 which makes the
  aforementioned patch not needed anymore.

- Drop 1003-basic-unit-name-adjust-comments.patch
  It's been merged in SUSE/v248 branch

- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
  4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
  [...]
  For a complete list of changes, visit:
  94efce2ee5...cb29bcc5ef
- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
  was merged in v248.5.

- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4)
  For a complete list of changes, visit:
  c0aecee593...94efce2ee5
- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
  as it was merged in v248.4.

- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8
  42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag
  ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag
  a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154)

OBS-URL: https://build.opensuse.org/request/show/908417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=333
This commit is contained in:
Dominique Leuenberger 2021-08-02 10:04:37 +00:00 committed by Git OBS Bridge
parent fed1c9a7ac
commit cff4d1a6d1
10 changed files with 131 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
View File

@ -1,35 +0,0 @@
From c9bce1f07276c591d8637dbfc3244ee11e8fa4e1 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Tue, 18 May 2021 11:53:55 +0200
Subject: [PATCH 1/1] Revert "core: prevent excessive /proc/self/mountinfo
parsing"
This reverts commit d586f642fd90e3bb378f7b6d3e3a64a753e51756.
This reverts commit d586f642fd90e3bb378f7b6d3e3a64a753e51756 temporarly until
more investigation is done to find the root cause of
https://github.com/systemd/systemd/issues/19464.
---
src/core/mount.c | 6 ------
1 file changed, 6 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index ca5d0939a1..2939062161 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1859,12 +1859,6 @@ static void mount_enumerate(Manager *m) {
goto fail;
}
- r = sd_event_source_set_ratelimit(m->mount_event_source, 1 * USEC_PER_SEC, 5);
- if (r < 0) {
- log_error_errno(r, "Failed to enable rate limit for mount events: %m");
- goto fail;
- }
-
(void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch");
}
--
2.26.2

63
1001-unit-name-generate-a-clear-error-code-when-convertin.patch
View File

@ -1,63 +0,0 @@
From 83f392a392067d61be24eb720ff0cf1da7f1892b Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 1 Jun 2021 19:43:55 +0200
Subject: [PATCH 1001/1003] unit-name: generate a clear error code when
converting an overly long fs path to a unit name
(cherry picked from commit 9d5acfab20c5f1177d877d0bec18063c0a6c5929)
[fbui: adjust context]
---
src/basic/unit-name.c | 6 ++++++
src/test/test-unit-name.c | 4 ++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 532f8fa048..85dcba6cb7 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -528,6 +528,9 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
if (!s)
return -ENOMEM;
+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
+ return -ENAMETOOLONG;
+
/* Refuse this if this got too long or for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
return -EINVAL;
@@ -559,6 +562,9 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (!s)
return -ENOMEM;
+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
+ return -ENAMETOOLONG;
+
/* Refuse this if this got too long or for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL;
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index ece78aa548..c0b79715e1 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -130,7 +130,7 @@ static void test_unit_name_from_path(void) {
test_unit_name_from_path_one("///", ".mount", "-.mount", 0);
test_unit_name_from_path_one("/foo/../bar", ".mount", NULL, -EINVAL);
test_unit_name_from_path_one("/foo/./bar", ".mount", NULL, -EINVAL);
- test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -EINVAL);
+ test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -ENAMETOOLONG);
}
static void test_unit_name_from_path_instance_one(const char *pattern, const char *path, const char *suffix, const char *expected, int ret) {
@@ -160,7 +160,7 @@ static void test_unit_name_from_path_instance(void) {
test_unit_name_from_path_instance_one("waldo", "..", ".mount", NULL, -EINVAL);
test_unit_name_from_path_instance_one("waldo", "/foo", ".waldi", NULL, -EINVAL);
test_unit_name_from_path_instance_one("wa--ldo", "/--", ".mount", "wa--ldo@\\x2d\\x2d.mount", 0);
- test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -EINVAL);
+ test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -ENAMETOOLONG);
}
static void test_unit_name_to_path_one(const char *unit, const char *path, int ret) {
--
2.26.2

67
1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
View File

@ -1,67 +0,0 @@
From f636948448bd8a3588388d21dad737a079266392 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:46:41 +0200
Subject: [PATCH 1002/1003] basic/unit-name: do not use strdupa() on a path
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
[fbui: fixes bsc#1188063]
[fbui: fixes CVE-2021-33910]
---
src/basic/unit-name.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 85dcba6cb7..46b24f2d9e 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
}
int unit_name_path_escape(const char *f, char **ret) {
- char *p, *s;
+ _cleanup_free_ char *p = NULL;
+ char *s;
assert(f);
assert(ret);
- p = strdupa(f);
+ p = strdup(f);
if (!p)
return -ENOMEM;
@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
if (!path_is_normalized(p))
return -EINVAL;
- /* Truncate trailing slashes */
+ /* Truncate trailing slashes and skip leading slashes */
delete_trailing_chars(p, "/");
-
- /* Truncate leading slashes */
- p = skip_leading_chars(p, "/");
-
- s = unit_name_escape(p);
+ s = unit_name_escape(skip_leading_chars(p, "/"));
}
if (!s)
return -ENOMEM;
--
2.26.2

38
1003-basic-unit-name-adjust-comments.patch
View File

@ -1,38 +0,0 @@
From 9731d5204357d43204ca83155f5b552594b843bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:52:56 +0200
Subject: [PATCH 1003/1003] basic/unit-name: adjust comments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We already checked for "too long" right above…
---
src/basic/unit-name.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 46b24f2d9e..c5850949ae 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
return -EINVAL;
@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL;
--
2.26.2

62
systemd-mini.changes
View File

@ -1,3 +1,65 @@
-------------------------------------------------------------------
Mon Jul 26 10:54:10 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516
-------------------------------------------------------------------
Tue Jul 20 16:26:39 UTC 2021 - Franck Bui <fbui@suse.com>
- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes
https://github.com/systemd/systemd/issues/19464 which makes the
aforementioned patch not needed anymore.
-------------------------------------------------------------------
Tue Jul 20 16:22:46 UTC 2021 - Franck Bui <fbui@suse.com>
- Drop 1003-basic-unit-name-adjust-comments.patch
It's been merged in SUSE/v248 branch
-------------------------------------------------------------------
Tue Jul 20 15:51:47 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50
- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
was merged in v248.5.
-------------------------------------------------------------------
Tue Jul 20 15:25:38 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0
- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
as it was merged in v248.4.
-------------------------------------------------------------------
Tue Jul 20 15:10:41 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8
42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag
ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag
a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154)
ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529)
aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease
258a3d2043 sd-dhcp-client: shorten code a bit
0a80303114 sd-dhcp-client: check error earlier and reduce indentation
-------------------------------------------------------------------
Thu Jul 8 18:04:31 UTC 2021 - Franck Bui <fbui@suse.com>

11
systemd-mini.spec
View File

@ -26,7 +26,7 @@
##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! #####
%define mini -mini
%define min_kernel_version 4.5
%define suse_version +suse.30.ge9a23d9e06
%define suse_version +suse.45.g73e9e6fb84
%bcond_with gnuefi
%if 0%{?bootstrap}
@ -58,7 +58,7 @@
Name: systemd-mini
URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 248.3
Version: 248.6
Release: 0
Summary: A System and Session Manager
License: LGPL-2.1-or-later
@ -195,13 +195,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# upstream and need an urgent fix. Even in this case, the patches are
# temporary and should be removed as soon as a fix is merged by
# upstream.
Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the
# git repo once the bug will become public.
Patch1001: 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
Patch1003: 1003-basic-unit-name-adjust-comments.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB

3
systemd-v248.3+suse.30.ge9a23d9e06.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bb92dd21edf73541f3ccce6fb95ab6a2c3d261e14c95a77445cada2982913fdc
size 7080532

3
systemd-v248.6+suse.45.g73e9e6fb84.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f3750afd054f03b6868463ffd663441ead475d31dcd83d429c36580e7c6f748a
size 7123304

62
systemd.changes
View File

@ -1,3 +1,65 @@
-------------------------------------------------------------------
Mon Jul 26 10:54:10 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516
-------------------------------------------------------------------
Tue Jul 20 16:26:39 UTC 2021 - Franck Bui <fbui@suse.com>
- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes
https://github.com/systemd/systemd/issues/19464 which makes the
aforementioned patch not needed anymore.
-------------------------------------------------------------------
Tue Jul 20 16:22:46 UTC 2021 - Franck Bui <fbui@suse.com>
- Drop 1003-basic-unit-name-adjust-comments.patch
It's been merged in SUSE/v248 branch
-------------------------------------------------------------------
Tue Jul 20 15:51:47 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
[...]
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50
- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
was merged in v248.5.
-------------------------------------------------------------------
Tue Jul 20 15:25:38 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0
- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
as it was merged in v248.4.
-------------------------------------------------------------------
Tue Jul 20 15:10:41 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8
42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag
ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag
a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154)
ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529)
aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease
258a3d2043 sd-dhcp-client: shorten code a bit
0a80303114 sd-dhcp-client: check error earlier and reduce indentation
-------------------------------------------------------------------
Thu Jul 8 18:04:31 UTC 2021 - Franck Bui <fbui@suse.com>

11
systemd.spec
View File

@ -24,7 +24,7 @@
%define bootstrap 0
%define mini %nil
%define min_kernel_version 4.5
%define suse_version +suse.30.ge9a23d9e06
%define suse_version +suse.45.g73e9e6fb84
%bcond_with gnuefi
%if 0%{?bootstrap}
@ -56,7 +56,7 @@
Name: systemd
URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 248.3
Version: 248.6
Release: 0
Summary: A System and Session Manager
License: LGPL-2.1-or-later
@ -193,13 +193,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# upstream and need an urgent fix. Even in this case, the patches are
# temporary and should be removed as soon as a fix is merged by
# upstream.
Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the
# git repo once the bug will become public.
Patch1001: 1001-unit-name-generate-a-clear-error-code-when-convertin.patch
Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
Patch1003: 1003-basic-unit-name-adjust-comments.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB