- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)

4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) [...] For a complete list of changes, visit: 94efce2ee5...cb29bcc5ef - Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it was merged in v248.5. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1172
2021-07-20 16:05:37 +00:00 · 2021-07-20 16:05:37 +00:00 · d7d502c3a5
commit d7d502c3a5
parent 40db07fd11
7 changed files with 37 additions and 84 deletions
--- a/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
+++ b/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
@ -1,67 +0,0 @@
-From f636948448bd8a3588388d21dad737a079266392 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 23 Jun 2021 11:46:41 +0200
-Subject: [PATCH 1002/1003] basic/unit-name: do not use strdupa() on a path
-
-The path may have unbounded length, for example through a fuse mount.
-
-CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
-ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
-and each mountpoint is passed to mount_setup_unit(), which calls
-unit_name_path_escape() underneath. A local attacker who is able to mount a
-filesystem with a very long path can crash systemd and the whole system.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1970887
-
-The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
-can't easily check the length after simplification before doing the
-simplification, which in turns uses a copy of the string we can write to.
-So we can't reject paths that are too long before doing the duplication.
-Hence the most obvious solution is to switch back to strdup(), as before
-7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
-
-[fbui: fixes bsc#1188063]
-[fbui: fixes CVE-2021-33910]
---
- src/basic/unit-name.c | 13 +++++--------
- 1 file changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
-index 85dcba6cb7..46b24f2d9e 100644
--- a/src/basic/unit-name.c
-+++ b/src/basic/unit-name.c
-@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
- }
- 
- int unit_name_path_escape(const char *f, char **ret) {
-        char *p, *s;
-+        _cleanup_free_ char *p = NULL;
-+        char *s;
- 
-         assert(f);
-         assert(ret);
- 
-        p = strdupa(f);
-+        p = strdup(f);
-         if (!p)
-                 return -ENOMEM;
- 
-@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
-                 if (!path_is_normalized(p))
-                         return -EINVAL;
- 
-                /* Truncate trailing slashes */
-+                /* Truncate trailing slashes and skip leading slashes */
-                 delete_trailing_chars(p, "/");
-
-                /* Truncate leading slashes */
-                p = skip_leading_chars(p, "/");
-
-                s = unit_name_escape(p);
-+                s = unit_name_escape(skip_leading_chars(p, "/"));
-         }
-         if (!s)
-                 return -ENOMEM;
-- 
-2.26.2
-
--- a/systemd-mini.changes
+++ b/systemd-mini.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jul 20 15:51:47 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
+
+  4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
+  [...]
+
+  For a complete list of changes, visit:
+  https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50
+
+- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
+  was merged in v248.5.
+
 -------------------------------------------------------------------
 Tue Jul 20 15:25:38 UTC 2021 - Franck Bui <fbui@suse.com>

--- a/systemd-mini.spec
+++ b/systemd-mini.spec
@ -26,7 +26,7 @@
 ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! #####
 %define mini -mini
 %define min_kernel_version 4.5
-%define suse_version +suse.40.g94efce2ee5
+%define suse_version +suse.42.gcb29bcc5ef

 %bcond_with     gnuefi
 %if 0%{?bootstrap}
@ -58,7 +58,7 @@

 Name:           systemd-mini
 URL:            http://www.freedesktop.org/wiki/Software/systemd
-Version:        248.4
+Version:        248.5
 Release:        0
 Summary:        A System and Session Manager
 License:        LGPL-2.1-or-later
@ -196,11 +196,7 @@ Patch12:        0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 # temporary and should be removed as soon as a fix is merged by
 # upstream.
 Patch100:       0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
-
-# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the
-# git repo once the bug will become public.
-Patch1002:      1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
-Patch1003:      1003-basic-unit-name-adjust-comments.patch
+Patch101:       1003-basic-unit-name-adjust-comments.patch

 %description
 Systemd is a system and service manager, compatible with SysV and LSB
--- a/systemd-v248.4+suse.40.g94efce2ee5.tar.xz
+++ b/systemd-v248.4+suse.40.g94efce2ee5.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8cacf34cb67237b28635297628399b4945c7240dccc35efdd355b264ccd6f9e5
-size 7122072
--- a/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz
+++ b/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d9924c8244a6ddc88c345b62356b8a992915cd9073d05271c8b0f9a487b55b87
+size 7121780
--- a/systemd.changes
+++ b/systemd.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jul 20 15:51:47 UTC 2021 - Franck Bui <fbui@suse.com>
+
+- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5)
+
+  4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
+  [...]
+
+  For a complete list of changes, visit:
+  https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50
+
+- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it
+  was merged in v248.5.
+
 -------------------------------------------------------------------
 Tue Jul 20 15:25:38 UTC 2021 - Franck Bui <fbui@suse.com>

--- a/systemd.spec
+++ b/systemd.spec
@ -24,7 +24,7 @@
 %define bootstrap 0
 %define mini %nil
 %define min_kernel_version 4.5
-%define suse_version +suse.40.g94efce2ee5
+%define suse_version +suse.42.gcb29bcc5ef

 %bcond_with     gnuefi
 %if 0%{?bootstrap}
@ -56,7 +56,7 @@

 Name:           systemd
 URL:            http://www.freedesktop.org/wiki/Software/systemd
-Version:        248.4
+Version:        248.5
 Release:        0
 Summary:        A System and Session Manager
 License:        LGPL-2.1-or-later
@ -194,11 +194,7 @@ Patch12:        0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 # temporary and should be removed as soon as a fix is merged by
 # upstream.
 Patch100:       0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch
-
-# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the
-# git repo once the bug will become public.
-Patch1002:      1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch
-Patch1003:      1003-basic-unit-name-adjust-comments.patch
+Patch101:       1003-basic-unit-name-adjust-comments.patch

 %description
 Systemd is a system and service manager, compatible with SysV and LSB