diff --git a/0001-util-never-follow-symlinks-in-rm_rf_children.patch b/0001-util-never-follow-symlinks-in-rm_rf_children.patch index 8f12746b..38579dee 100644 --- a/0001-util-never-follow-symlinks-in-rm_rf_children.patch +++ b/0001-util-never-follow-symlinks-in-rm_rf_children.patch @@ -30,3 +30,30 @@ index 20cbc2b..dfc1dc6 100644 -- 1.7.7 +From c9d8629baa09f853fbcc44972c9748e70562270c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 01:43:36 +0100 +Subject: [PATCH] logind: extend comment about X11 socket symlink + +--- + src/login/logind-session.c | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index af9c12d..4e0af86 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -391,6 +391,10 @@ static int session_link_x11_socket(Session *s) { + return -ENOENT; + } + ++ /* Note that this cannot be in a subdir to avoid ++ * vulnerabilities since we are privileged but the runtime ++ * path is owned by the user */ ++ + t = strappend(s->user->runtime_path, "/X11-display"); + if (!t) { + log_error("Out of memory"); +-- +1.7.7 + diff --git a/fixppc.patch b/fixppc.patch index e087f608..eeb7ce56 100644 --- a/fixppc.patch +++ b/fixppc.patch @@ -1,3 +1,60 @@ +From 7264278fbbdc1dc6c30fedc902d1337594aa6ff6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 21 Mar 2012 23:47:44 +0100 +Subject: [PATCH] journal: PAGE_SIZE is not known on ppc and other archs + +Let's use NAME_MAX, as suggested by Dan Walsh +--- + src/journal/journald.c | 15 ++++++++++++--- + 1 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/src/journal/journald.c b/src/journal/journald.c +index d27cb60..87390bd 100644 +--- a/src/journal/journald.c ++++ b/src/journal/journald.c +@@ -29,7 +29,6 @@ + #include + #include + #include +-#include + + #include + #include +@@ -2149,10 +2148,20 @@ static int process_event(Server *s, struct epoll_event *ev) { + size_t label_len = 0; + union { + struct cmsghdr cmsghdr; ++ ++ /* We use NAME_MAX space for the ++ * SELinux label here. The kernel ++ * currently enforces no limit, but ++ * according to suggestions from the ++ * SELinux people this will change and ++ * it will probably be identical to ++ * NAME_MAX. For now we use that, but ++ * this should be updated one day when ++ * the final limit is known.*/ + uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) + + CMSG_SPACE(sizeof(struct timeval)) + +- CMSG_SPACE(sizeof(int)) + +- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */ ++ CMSG_SPACE(sizeof(int)) + /* fd */ ++ CMSG_SPACE(NAME_MAX)]; /* selinux label */ + } control; + ssize_t n; + int v; +-- +1.7.7 + +From dd1e3d5a396284d1afdb2828991a543eb80c8040 Mon Sep 17 00:00:00 2001 +From: Frederic Crozat +Date: Thu, 22 Mar 2012 09:39:54 +0100 +Subject: [PATCH] journal: char is unsigned on ppc, use int8_t instead. + +--- + src/journal/cat.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + diff --git a/src/journal/cat.c b/src/journal/cat.c index 31d76f3..8a51fb7 100644 --- a/src/journal/cat.c @@ -11,16 +68,6 @@ index 31d76f3..8a51fb7 100644 static bool arg_level_prefix = true; static int help(void) { -diff --git a/src/journal/journald.c b/src/journal/journald.c -index baad3ab..1899ad6 100644 ---- a/src/journal/journald.c -+++ b/src/journal/journald.c -@@ -2144,7 +2144,7 @@ static int process_event(Server *s, struct epoll_event *ev) { - uint8_t buf[CMSG_SPACE(sizeof(struct ucred)) + - CMSG_SPACE(sizeof(struct timeval)) + - CMSG_SPACE(sizeof(int)) + -- CMSG_SPACE(PAGE_SIZE)]; /* selinux label */ -+ CMSG_SPACE(PATH_MAX)]; /* selinux label */ - } control; - ssize_t n; - int v; +-- +1.7.7 + diff --git a/logind-logout.patch b/logind-logout.patch new file mode 100644 index 00000000..5949223a --- /dev/null +++ b/logind-logout.patch @@ -0,0 +1,156 @@ +From 75c8e3cffd7da8eede614cf61384957af2c82a29 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 22 Mar 2012 02:06:40 +0100 +Subject: [PATCH] logind: close FIFO before ending sessions cleanly + +For clean session endings ask logind explicitly to get rid of the FIFO +before closing it so that the FIFO logic doesn't result in su/sudo to be +terminated immediately. +--- + src/login/logind-dbus.c | 30 ++++++++++++++++++++ + src/login/pam-module.c | 71 +++++++++++++++++++++++++++++++++++++++++++++-- + 2 files changed, 98 insertions(+), 3 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index d8f4d89..ea6b89f 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -80,6 +80,9 @@ + " \n" \ + " \n" \ + " \n" \ ++ " \n" \ ++ " \n" \ ++ " \n" \ + " \n" \ + " \n" \ + " \n" \ +@@ -1075,6 +1078,33 @@ static DBusHandlerResult manager_message_handler( + if (r < 0) + return bus_send_error_reply(connection, message, &error, r); + ++ } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ReleaseSession")) { ++ const char *name; ++ Session *session; ++ ++ if (!dbus_message_get_args( ++ message, ++ &error, ++ DBUS_TYPE_STRING, &name, ++ DBUS_TYPE_INVALID)) ++ return bus_send_error_reply(connection, message, &error, -EINVAL); ++ ++ session = hashmap_get(m->sessions, name); ++ if (!session) ++ return bus_send_error_reply(connection, message, &error, -ENOENT); ++ ++ /* We use the FIFO to detect stray sessions where the ++ process invoking PAM dies abnormally. We need to make ++ sure that that process is not killed if at the clean ++ end of the session it closes the FIFO. Hence, with ++ this call explicitly turn off the FIFO logic, so that ++ the PAM code can finish clean up on its own */ ++ session_remove_fifo(session); ++ ++ reply = dbus_message_new_method_return(message); ++ if (!reply) ++ goto oom; ++ + } else if (dbus_message_is_method_call(message, "org.freedesktop.login1.Manager", "ActivateSession")) { + const char *name; + Session *session; +diff --git a/src/login/pam-module.c b/src/login/pam-module.c +index 8544413..4106d2b 100644 +--- a/src/login/pam-module.c ++++ b/src/login/pam-module.c +@@ -414,7 +414,6 @@ _public_ PAM_EXTERN int pam_sm_open_session( + "/org/freedesktop/login1", + "org.freedesktop.login1.Manager", + "CreateSession"); +- + if (!m) { + pam_syslog(handle, LOG_ERR, "Could not allocate create session message."); + r = PAM_BUF_ERR; +@@ -620,11 +619,77 @@ _public_ PAM_EXTERN int pam_sm_close_session( + int argc, const char **argv) { + + const void *p = NULL; ++ const char *id; ++ DBusConnection *bus = NULL; ++ DBusMessage *m = NULL, *reply = NULL; ++ DBusError error; ++ int r; + +- pam_get_data(handle, "systemd.session-fd", &p); ++ assert(handle); ++ ++ dbus_error_init(&error); ++ ++ id = pam_getenv(handle, "XDG_SESSION_ID"); ++ if (id) { ++ ++ /* Before we go and close the FIFO we need to tell ++ * logind that this is a clean session shutdown, so ++ * that it doesn't just go and slaughter us ++ * immediately after closing the fd */ ++ ++ bus = dbus_bus_get_private(DBUS_BUS_SYSTEM, &error); ++ if (!bus) { ++ pam_syslog(handle, LOG_ERR, "Failed to connect to system bus: %s", bus_error_message(&error)); ++ r = PAM_SESSION_ERR; ++ goto finish; ++ } ++ ++ m = dbus_message_new_method_call( ++ "org.freedesktop.login1", ++ "/org/freedesktop/login1", ++ "org.freedesktop.login1.Manager", ++ "ReleaseSession"); ++ if (!m) { ++ pam_syslog(handle, LOG_ERR, "Could not allocate release session message."); ++ r = PAM_BUF_ERR; ++ goto finish; ++ } ++ ++ if (!dbus_message_append_args(m, ++ DBUS_TYPE_STRING, &id, ++ DBUS_TYPE_INVALID)) { ++ pam_syslog(handle, LOG_ERR, "Could not attach parameters to message."); ++ r = PAM_BUF_ERR; ++ goto finish; ++ } + ++ reply = dbus_connection_send_with_reply_and_block(bus, m, -1, &error); ++ if (!reply) { ++ pam_syslog(handle, LOG_ERR, "Failed to release session: %s", bus_error_message(&error)); ++ r = PAM_SESSION_ERR; ++ goto finish; ++ } ++ } ++ ++ r = PAM_SUCCESS; ++ ++finish: ++ pam_get_data(handle, "systemd.session-fd", &p); + if (p) + close_nointr(PTR_TO_INT(p) - 1); + +- return PAM_SUCCESS; ++ dbus_error_free(&error); ++ ++ if (bus) { ++ dbus_connection_close(bus); ++ dbus_connection_unref(bus); ++ } ++ ++ if (m) ++ dbus_message_unref(m); ++ ++ if (reply) ++ dbus_message_unref(reply); ++ ++ return r; + } +-- +1.7.7 + diff --git a/systemd-gtk.changes b/systemd-gtk.changes index 1119cb17..b9c3ba18 100644 --- a/systemd-gtk.changes +++ b/systemd-gtk.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Mar 22 08:47:36 UTC 2012 - fcrozat@suse.com + +- Update fixppc.patch with upstream patches +- Add comments from upstream in + 0001-util-never-follow-symlinks-in-rm_rf_children.patch. +- Add logind-logout.patch: it should fix sudo / su with pam_systemd + (bnc#746704). + ------------------------------------------------------------------- Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com diff --git a/systemd.changes b/systemd.changes index 1119cb17..b9c3ba18 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Mar 22 08:47:36 UTC 2012 - fcrozat@suse.com + +- Update fixppc.patch with upstream patches +- Add comments from upstream in + 0001-util-never-follow-symlinks-in-rm_rf_children.patch. +- Add logind-logout.patch: it should fix sudo / su with pam_systemd + (bnc#746704). + ------------------------------------------------------------------- Mon Mar 19 14:07:23 UTC 2012 - fcrozat@suse.com diff --git a/systemd.spec b/systemd.spec index 2f9371fd..d424e471 100644 --- a/systemd.spec +++ b/systemd.spec @@ -82,13 +82,14 @@ Patch36: sysctl-modules.patch Patch38: dm-lvm-after-local-fs-pre-target.patch Patch39: correct_plymouth_paths_and_conflicts.patch Patch41: 0001-add-sparse-support-to-detect-endianness-bug.patch -Patch42: fixppc.patch # Upstream First - Policy: # Never add any patches to this package without the upstream commit id # in the patch. Any patches added here without a very good reason to make # an exception will be silently removed with the next version update. Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch +Patch42: fixppc.patch +Patch43: logind-logout.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -150,6 +151,7 @@ Plymouth integration for systemd %patch40 -p1 %patch41 -p1 %patch42 -p1 +%patch43 -p1 %build autoreconf -fiv