diff --git a/0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch b/0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch deleted file mode 100644 index def1f512..00000000 --- a/0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c9bce1f07276c591d8637dbfc3244ee11e8fa4e1 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Tue, 18 May 2021 11:53:55 +0200 -Subject: [PATCH 1/1] Revert "core: prevent excessive /proc/self/mountinfo - parsing" - -This reverts commit d586f642fd90e3bb378f7b6d3e3a64a753e51756. - -This reverts commit d586f642fd90e3bb378f7b6d3e3a64a753e51756 temporarly until -more investigation is done to find the root cause of -https://github.com/systemd/systemd/issues/19464. ---- - src/core/mount.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index ca5d0939a1..2939062161 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1859,12 +1859,6 @@ static void mount_enumerate(Manager *m) { - goto fail; - } - -- r = sd_event_source_set_ratelimit(m->mount_event_source, 1 * USEC_PER_SEC, 5); -- if (r < 0) { -- log_error_errno(r, "Failed to enable rate limit for mount events: %m"); -- goto fail; -- } -- - (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); - } - --- -2.26.2 - diff --git a/1001-unit-name-generate-a-clear-error-code-when-convertin.patch b/1001-unit-name-generate-a-clear-error-code-when-convertin.patch deleted file mode 100644 index 3a090213..00000000 --- a/1001-unit-name-generate-a-clear-error-code-when-convertin.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 83f392a392067d61be24eb720ff0cf1da7f1892b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Jun 2021 19:43:55 +0200 -Subject: [PATCH 1001/1003] unit-name: generate a clear error code when - converting an overly long fs path to a unit name - -(cherry picked from commit 9d5acfab20c5f1177d877d0bec18063c0a6c5929) - -[fbui: adjust context] ---- - src/basic/unit-name.c | 6 ++++++ - src/test/test-unit-name.c | 4 ++-- - 2 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 532f8fa048..85dcba6cb7 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -528,6 +528,9 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { - if (!s) - return -ENOMEM; - -+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ -+ return -ENAMETOOLONG; -+ - /* Refuse this if this got too long or for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) - return -EINVAL; -@@ -559,6 +562,9 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha - if (!s) - return -ENOMEM; - -+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ -+ return -ENAMETOOLONG; -+ - /* Refuse this if this got too long or for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) - return -EINVAL; -diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c -index ece78aa548..c0b79715e1 100644 ---- a/src/test/test-unit-name.c -+++ b/src/test/test-unit-name.c -@@ -130,7 +130,7 @@ static void test_unit_name_from_path(void) { - test_unit_name_from_path_one("///", ".mount", "-.mount", 0); - test_unit_name_from_path_one("/foo/../bar", ".mount", NULL, -EINVAL); - test_unit_name_from_path_one("/foo/./bar", ".mount", NULL, -EINVAL); -- test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -EINVAL); -+ test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -ENAMETOOLONG); - } - - static void test_unit_name_from_path_instance_one(const char *pattern, const char *path, const char *suffix, const char *expected, int ret) { -@@ -160,7 +160,7 @@ static void test_unit_name_from_path_instance(void) { - test_unit_name_from_path_instance_one("waldo", "..", ".mount", NULL, -EINVAL); - test_unit_name_from_path_instance_one("waldo", "/foo", ".waldi", NULL, -EINVAL); - test_unit_name_from_path_instance_one("wa--ldo", "/--", ".mount", "wa--ldo@\\x2d\\x2d.mount", 0); -- test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -EINVAL); -+ test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -ENAMETOOLONG); - } - - static void test_unit_name_to_path_one(const char *unit, const char *path, int ret) { --- -2.26.2 - diff --git a/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch deleted file mode 100644 index a6f54db8..00000000 --- a/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch +++ /dev/null @@ -1,67 +0,0 @@ -From f636948448bd8a3588388d21dad737a079266392 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH 1002/1003] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -[fbui: fixes bsc#1188063] -[fbui: fixes CVE-2021-33910] ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 85dcba6cb7..46b24f2d9e 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; --- -2.26.2 - diff --git a/1003-basic-unit-name-adjust-comments.patch b/1003-basic-unit-name-adjust-comments.patch deleted file mode 100644 index 98cad8b5..00000000 --- a/1003-basic-unit-name-adjust-comments.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 9731d5204357d43204ca83155f5b552594b843bc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:52:56 +0200 -Subject: [PATCH 1003/1003] basic/unit-name: adjust comments -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We already checked for "too long" right aboveā€¦ ---- - src/basic/unit-name.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 46b24f2d9e..c5850949ae 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { - if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ - return -ENAMETOOLONG; - -- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ -+ /* Refuse if this for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) - return -EINVAL; - -@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha - if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ - return -ENAMETOOLONG; - -- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ -+ /* Refuse if this for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) - return -EINVAL; - --- -2.26.2 - diff --git a/systemd-mini.changes b/systemd-mini.changes index 84cd5d49..6a0a7640 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,65 @@ +------------------------------------------------------------------- +Mon Jul 26 10:54:10 UTC 2021 - Franck Bui + +- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 + +------------------------------------------------------------------- +Tue Jul 20 16:26:39 UTC 2021 - Franck Bui + +- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch + + Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes + https://github.com/systemd/systemd/issues/19464 which makes the + aforementioned patch not needed anymore. + +------------------------------------------------------------------- +Tue Jul 20 16:22:46 UTC 2021 - Franck Bui + +- Drop 1003-basic-unit-name-adjust-comments.patch + + It's been merged in SUSE/v248 branch + +------------------------------------------------------------------- +Tue Jul 20 15:51:47 UTC 2021 - Franck Bui + +- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) + + 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) + [...] + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 + +- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it + was merged in v248.5. + +------------------------------------------------------------------- +Tue Jul 20 15:25:38 UTC 2021 - Franck Bui + +- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 + +- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch + as it was merged in v248.4. + +------------------------------------------------------------------- +Tue Jul 20 15:10:41 UTC 2021 - Franck Bui + +- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 + + 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag + ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag + a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) + ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) + aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease + 258a3d2043 sd-dhcp-client: shorten code a bit + 0a80303114 sd-dhcp-client: check error earlier and reduce indentation + ------------------------------------------------------------------- Thu Jul 8 18:04:31 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 50b3bf24..6f2afebc 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.30.ge9a23d9e06 +%define suse_version +suse.45.g73e9e6fb84 %bcond_with gnuefi %if 0%{?bootstrap} @@ -58,7 +58,7 @@ Name: systemd-mini URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.3 +Version: 248.6 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -195,13 +195,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # upstream and need an urgent fix. Even in this case, the patches are # temporary and should be removed as soon as a fix is merged by # upstream. -Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch - -# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the -# git repo once the bug will become public. -Patch1001: 1001-unit-name-generate-a-clear-error-code-when-convertin.patch -Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch -Patch1003: 1003-basic-unit-name-adjust-comments.patch %description Systemd is a system and service manager, compatible with SysV and LSB diff --git a/systemd-v248.3+suse.30.ge9a23d9e06.tar.xz b/systemd-v248.3+suse.30.ge9a23d9e06.tar.xz deleted file mode 100644 index 2bda2ab4..00000000 --- a/systemd-v248.3+suse.30.ge9a23d9e06.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bb92dd21edf73541f3ccce6fb95ab6a2c3d261e14c95a77445cada2982913fdc -size 7080532 diff --git a/systemd-v248.6+suse.45.g73e9e6fb84.tar.xz b/systemd-v248.6+suse.45.g73e9e6fb84.tar.xz new file mode 100644 index 00000000..a72a623b --- /dev/null +++ b/systemd-v248.6+suse.45.g73e9e6fb84.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3750afd054f03b6868463ffd663441ead475d31dcd83d429c36580e7c6f748a +size 7123304 diff --git a/systemd.changes b/systemd.changes index 84cd5d49..6a0a7640 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,65 @@ +------------------------------------------------------------------- +Mon Jul 26 10:54:10 UTC 2021 - Franck Bui + +- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 + +------------------------------------------------------------------- +Tue Jul 20 16:26:39 UTC 2021 - Franck Bui + +- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch + + Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes + https://github.com/systemd/systemd/issues/19464 which makes the + aforementioned patch not needed anymore. + +------------------------------------------------------------------- +Tue Jul 20 16:22:46 UTC 2021 - Franck Bui + +- Drop 1003-basic-unit-name-adjust-comments.patch + + It's been merged in SUSE/v248 branch + +------------------------------------------------------------------- +Tue Jul 20 15:51:47 UTC 2021 - Franck Bui + +- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) + + 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) + [...] + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 + +- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it + was merged in v248.5. + +------------------------------------------------------------------- +Tue Jul 20 15:25:38 UTC 2021 - Franck Bui + +- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 + +- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch + as it was merged in v248.4. + +------------------------------------------------------------------- +Tue Jul 20 15:10:41 UTC 2021 - Franck Bui + +- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 + + 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag + ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag + a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) + ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) + aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease + 258a3d2043 sd-dhcp-client: shorten code a bit + 0a80303114 sd-dhcp-client: check error earlier and reduce indentation + ------------------------------------------------------------------- Thu Jul 8 18:04:31 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index dd5ca994..f20d2bcf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.30.ge9a23d9e06 +%define suse_version +suse.45.g73e9e6fb84 %bcond_with gnuefi %if 0%{?bootstrap} @@ -56,7 +56,7 @@ Name: systemd URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.3 +Version: 248.6 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -193,13 +193,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # upstream and need an urgent fix. Even in this case, the patches are # temporary and should be removed as soon as a fix is merged by # upstream. -Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch - -# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the -# git repo once the bug will become public. -Patch1001: 1001-unit-name-generate-a-clear-error-code-when-convertin.patch -Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch -Patch1003: 1003-basic-unit-name-adjust-comments.patch %description Systemd is a system and service manager, compatible with SysV and LSB