From e819284afb20024ce0eb7b3266e24e42a9633c28e184ee145e978a4fa3f5df32 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jul 2021 15:23:18 +0000 Subject: [PATCH 1/6] - Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease 258a3d2043 sd-dhcp-client: shorten code a bit 0a80303114 sd-dhcp-client: check error earlier and reduce indentation OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1170 --- systemd-mini.changes | 13 +++++++++++++ systemd-mini.spec | 2 +- systemd-v248.3+suse.30.ge9a23d9e06.tar.xz | 3 --- systemd-v248.3+suse.38.gc0aecee593.tar.xz | 3 +++ systemd.changes | 13 +++++++++++++ systemd.spec | 2 +- 6 files changed, 31 insertions(+), 5 deletions(-) delete mode 100644 systemd-v248.3+suse.30.ge9a23d9e06.tar.xz create mode 100644 systemd-v248.3+suse.38.gc0aecee593.tar.xz diff --git a/systemd-mini.changes b/systemd-mini.changes index 84cd5d49..d6f037d9 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Jul 20 15:10:41 UTC 2021 - Franck Bui + +- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 + + 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag + ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag + a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) + ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) + aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease + 258a3d2043 sd-dhcp-client: shorten code a bit + 0a80303114 sd-dhcp-client: check error earlier and reduce indentation + ------------------------------------------------------------------- Thu Jul 8 18:04:31 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 50b3bf24..09df8b27 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.30.ge9a23d9e06 +%define suse_version +suse.38.gc0aecee593 %bcond_with gnuefi %if 0%{?bootstrap} diff --git a/systemd-v248.3+suse.30.ge9a23d9e06.tar.xz b/systemd-v248.3+suse.30.ge9a23d9e06.tar.xz deleted file mode 100644 index 2bda2ab4..00000000 --- a/systemd-v248.3+suse.30.ge9a23d9e06.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bb92dd21edf73541f3ccce6fb95ab6a2c3d261e14c95a77445cada2982913fdc -size 7080532 diff --git a/systemd-v248.3+suse.38.gc0aecee593.tar.xz b/systemd-v248.3+suse.38.gc0aecee593.tar.xz new file mode 100644 index 00000000..c75e0ac8 --- /dev/null +++ b/systemd-v248.3+suse.38.gc0aecee593.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:38eae688b580e7f628054b7657c9997796d90202302802ebacfee98ef56f1fa9 +size 7081196 diff --git a/systemd.changes b/systemd.changes index 84cd5d49..d6f037d9 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Tue Jul 20 15:10:41 UTC 2021 - Franck Bui + +- Import commit c0aecee593511e49638579cb2b9ac8aaf1f8e6c8 + + 42ec1d537a login: use a hwdb entry for tagging Parallels' fb devices with 'master-of-seat' tag + ecc7c7b462 login: use a hwdb entry for tagging HyperV's fb devices with 'master-of-seat' tag + a4cfd70476 login: XGI Z7/Z9 (XG20 core) graphic chip requires master-of-seat to be set (bsc#1187154) + ef553e0199 sd-dhcp-client: tentatively ignore FORCERENEW command (bsc#1185972 CVE-2020-13529) + aae6c575fc sd-dhcp-client: logs when dhcp client unexpectedly gains a new lease + 258a3d2043 sd-dhcp-client: shorten code a bit + 0a80303114 sd-dhcp-client: check error earlier and reduce indentation + ------------------------------------------------------------------- Thu Jul 8 18:04:31 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index dd5ca994..42352611 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.30.ge9a23d9e06 +%define suse_version +suse.38.gc0aecee593 %bcond_with gnuefi %if 0%{?bootstrap} From 40db07fd118c3940a12a4311725fb10e53d7431589b393331e59180cb6433ae9 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jul 2021 15:44:54 +0000 Subject: [PATCH 2/6] - Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 - Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch as it was merged in v248.4. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1171 --- ...te-a-clear-error-code-when-convertin.patch | 63 ------------------- systemd-mini.changes | 11 ++++ systemd-mini.spec | 5 +- systemd-v248.3+suse.38.gc0aecee593.tar.xz | 3 - systemd-v248.4+suse.40.g94efce2ee5.tar.xz | 3 + systemd.changes | 11 ++++ systemd.spec | 5 +- 7 files changed, 29 insertions(+), 72 deletions(-) delete mode 100644 1001-unit-name-generate-a-clear-error-code-when-convertin.patch delete mode 100644 systemd-v248.3+suse.38.gc0aecee593.tar.xz create mode 100644 systemd-v248.4+suse.40.g94efce2ee5.tar.xz diff --git a/1001-unit-name-generate-a-clear-error-code-when-convertin.patch b/1001-unit-name-generate-a-clear-error-code-when-convertin.patch deleted file mode 100644 index 3a090213..00000000 --- a/1001-unit-name-generate-a-clear-error-code-when-convertin.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 83f392a392067d61be24eb720ff0cf1da7f1892b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Jun 2021 19:43:55 +0200 -Subject: [PATCH 1001/1003] unit-name: generate a clear error code when - converting an overly long fs path to a unit name - -(cherry picked from commit 9d5acfab20c5f1177d877d0bec18063c0a6c5929) - -[fbui: adjust context] ---- - src/basic/unit-name.c | 6 ++++++ - src/test/test-unit-name.c | 4 ++-- - 2 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 532f8fa048..85dcba6cb7 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -528,6 +528,9 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { - if (!s) - return -ENOMEM; - -+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ -+ return -ENAMETOOLONG; -+ - /* Refuse this if this got too long or for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) - return -EINVAL; -@@ -559,6 +562,9 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha - if (!s) - return -ENOMEM; - -+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ -+ return -ENAMETOOLONG; -+ - /* Refuse this if this got too long or for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) - return -EINVAL; -diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c -index ece78aa548..c0b79715e1 100644 ---- a/src/test/test-unit-name.c -+++ b/src/test/test-unit-name.c -@@ -130,7 +130,7 @@ static void test_unit_name_from_path(void) { - test_unit_name_from_path_one("///", ".mount", "-.mount", 0); - test_unit_name_from_path_one("/foo/../bar", ".mount", NULL, -EINVAL); - test_unit_name_from_path_one("/foo/./bar", ".mount", NULL, -EINVAL); -- test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -EINVAL); -+ test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -ENAMETOOLONG); - } - - static void test_unit_name_from_path_instance_one(const char *pattern, const char *path, const char *suffix, const char *expected, int ret) { -@@ -160,7 +160,7 @@ static void test_unit_name_from_path_instance(void) { - test_unit_name_from_path_instance_one("waldo", "..", ".mount", NULL, -EINVAL); - test_unit_name_from_path_instance_one("waldo", "/foo", ".waldi", NULL, -EINVAL); - test_unit_name_from_path_instance_one("wa--ldo", "/--", ".mount", "wa--ldo@\\x2d\\x2d.mount", 0); -- test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -EINVAL); -+ test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -ENAMETOOLONG); - } - - static void test_unit_name_to_path_one(const char *unit, const char *path, int ret) { --- -2.26.2 - diff --git a/systemd-mini.changes b/systemd-mini.changes index d6f037d9..53767eae 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Jul 20 15:25:38 UTC 2021 - Franck Bui + +- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 + +- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch + as it was merged in v248.4. + ------------------------------------------------------------------- Tue Jul 20 15:10:41 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 09df8b27..6cf06ecf 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.38.gc0aecee593 +%define suse_version +suse.40.g94efce2ee5 %bcond_with gnuefi %if 0%{?bootstrap} @@ -58,7 +58,7 @@ Name: systemd-mini URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.3 +Version: 248.4 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -199,7 +199,6 @@ Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch # Patches for bsc#1188063/CVE-2021-33910. They will be moved to the # git repo once the bug will become public. -Patch1001: 1001-unit-name-generate-a-clear-error-code-when-convertin.patch Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch Patch1003: 1003-basic-unit-name-adjust-comments.patch diff --git a/systemd-v248.3+suse.38.gc0aecee593.tar.xz b/systemd-v248.3+suse.38.gc0aecee593.tar.xz deleted file mode 100644 index c75e0ac8..00000000 --- a/systemd-v248.3+suse.38.gc0aecee593.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:38eae688b580e7f628054b7657c9997796d90202302802ebacfee98ef56f1fa9 -size 7081196 diff --git a/systemd-v248.4+suse.40.g94efce2ee5.tar.xz b/systemd-v248.4+suse.40.g94efce2ee5.tar.xz new file mode 100644 index 00000000..d2145af0 --- /dev/null +++ b/systemd-v248.4+suse.40.g94efce2ee5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8cacf34cb67237b28635297628399b4945c7240dccc35efdd355b264ccd6f9e5 +size 7122072 diff --git a/systemd.changes b/systemd.changes index d6f037d9..53767eae 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue Jul 20 15:25:38 UTC 2021 - Franck Bui + +- Import commit 94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 (merge of v248.4) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/c0aecee593511e49638579cb2b9ac8aaf1f8e6c8...94efce2ee59fca15a48ff9c232c8dd7cf930c0a0 + +- Drop 1001-unit-name-generate-a-clear-error-code-when-convertin.patch + as it was merged in v248.4. + ------------------------------------------------------------------- Tue Jul 20 15:10:41 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 42352611..6d6ac75d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.38.gc0aecee593 +%define suse_version +suse.40.g94efce2ee5 %bcond_with gnuefi %if 0%{?bootstrap} @@ -56,7 +56,7 @@ Name: systemd URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.3 +Version: 248.4 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -197,7 +197,6 @@ Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch # Patches for bsc#1188063/CVE-2021-33910. They will be moved to the # git repo once the bug will become public. -Patch1001: 1001-unit-name-generate-a-clear-error-code-when-convertin.patch Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch Patch1003: 1003-basic-unit-name-adjust-comments.patch From d7d502c3a56be0128d3fdc485322a3a5613ca6e76ce9d2bf2ff22aa93475c9e4 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jul 2021 16:05:37 +0000 Subject: [PATCH 3/6] - Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 - Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it was merged in v248.5. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1172 --- ...it-name-do-not-use-strdupa-on-a-path.patch | 67 ------------------- systemd-mini.changes | 14 ++++ systemd-mini.spec | 10 +-- systemd-v248.4+suse.40.g94efce2ee5.tar.xz | 3 - systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz | 3 + systemd.changes | 14 ++++ systemd.spec | 10 +-- 7 files changed, 37 insertions(+), 84 deletions(-) delete mode 100644 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch delete mode 100644 systemd-v248.4+suse.40.g94efce2ee5.tar.xz create mode 100644 systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz diff --git a/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch deleted file mode 100644 index a6f54db8..00000000 --- a/1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch +++ /dev/null @@ -1,67 +0,0 @@ -From f636948448bd8a3588388d21dad737a079266392 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH 1002/1003] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -[fbui: fixes bsc#1188063] -[fbui: fixes CVE-2021-33910] ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 85dcba6cb7..46b24f2d9e 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; --- -2.26.2 - diff --git a/systemd-mini.changes b/systemd-mini.changes index 53767eae..21c85b44 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Jul 20 15:51:47 UTC 2021 - Franck Bui + +- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) + + 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) + [...] + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 + +- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it + was merged in v248.5. + ------------------------------------------------------------------- Tue Jul 20 15:25:38 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 6cf06ecf..90ca6d3a 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.40.g94efce2ee5 +%define suse_version +suse.42.gcb29bcc5ef %bcond_with gnuefi %if 0%{?bootstrap} @@ -58,7 +58,7 @@ Name: systemd-mini URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.4 +Version: 248.5 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -196,11 +196,7 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # temporary and should be removed as soon as a fix is merged by # upstream. Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch - -# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the -# git repo once the bug will become public. -Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch -Patch1003: 1003-basic-unit-name-adjust-comments.patch +Patch101: 1003-basic-unit-name-adjust-comments.patch %description Systemd is a system and service manager, compatible with SysV and LSB diff --git a/systemd-v248.4+suse.40.g94efce2ee5.tar.xz b/systemd-v248.4+suse.40.g94efce2ee5.tar.xz deleted file mode 100644 index d2145af0..00000000 --- a/systemd-v248.4+suse.40.g94efce2ee5.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8cacf34cb67237b28635297628399b4945c7240dccc35efdd355b264ccd6f9e5 -size 7122072 diff --git a/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz b/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz new file mode 100644 index 00000000..788dd3ff --- /dev/null +++ b/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d9924c8244a6ddc88c345b62356b8a992915cd9073d05271c8b0f9a487b55b87 +size 7121780 diff --git a/systemd.changes b/systemd.changes index 53767eae..21c85b44 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Tue Jul 20 15:51:47 UTC 2021 - Franck Bui + +- Import commit cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 (merge of v248.5) + + 4a1c5f34bd basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910) + [...] + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/94efce2ee59fca15a48ff9c232c8dd7cf930c0a0...cb29bcc5ef2c0ee659686c5d229646a6ba98ec50 + +- Drop 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch as it + was merged in v248.5. + ------------------------------------------------------------------- Tue Jul 20 15:25:38 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 6d6ac75d..6cdd8b88 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.40.g94efce2ee5 +%define suse_version +suse.42.gcb29bcc5ef %bcond_with gnuefi %if 0%{?bootstrap} @@ -56,7 +56,7 @@ Name: systemd URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.4 +Version: 248.5 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -194,11 +194,7 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # temporary and should be removed as soon as a fix is merged by # upstream. Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch - -# Patches for bsc#1188063/CVE-2021-33910. They will be moved to the -# git repo once the bug will become public. -Patch1002: 1002-basic-unit-name-do-not-use-strdupa-on-a-path.patch -Patch1003: 1003-basic-unit-name-adjust-comments.patch +Patch101: 1003-basic-unit-name-adjust-comments.patch %description Systemd is a system and service manager, compatible with SysV and LSB From b26c7f4e18e0b6c6bd2ed544096ddfbb6a57d300ae04e0263c7604a75548dc00 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jul 2021 16:24:01 +0000 Subject: [PATCH 4/6] - Drop 1003-basic-unit-name-adjust-comments.patch It's been merged in SUSE/v248 branch OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1173 --- 1003-basic-unit-name-adjust-comments.patch | 38 ---------------------- systemd-mini.changes | 7 ++++ systemd-mini.spec | 1 - systemd.changes | 7 ++++ systemd.spec | 1 - 5 files changed, 14 insertions(+), 40 deletions(-) delete mode 100644 1003-basic-unit-name-adjust-comments.patch diff --git a/1003-basic-unit-name-adjust-comments.patch b/1003-basic-unit-name-adjust-comments.patch deleted file mode 100644 index 98cad8b5..00000000 --- a/1003-basic-unit-name-adjust-comments.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 9731d5204357d43204ca83155f5b552594b843bc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:52:56 +0200 -Subject: [PATCH 1003/1003] basic/unit-name: adjust comments -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We already checked for "too long" right aboveā€¦ ---- - src/basic/unit-name.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 46b24f2d9e..c5850949ae 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) { - if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ - return -ENAMETOOLONG; - -- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ -+ /* Refuse if this for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_PLAIN)) - return -EINVAL; - -@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha - if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */ - return -ENAMETOOLONG; - -- /* Refuse this if this got too long or for some other reason didn't result in a valid name */ -+ /* Refuse if this for some other reason didn't result in a valid name */ - if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE)) - return -EINVAL; - --- -2.26.2 - diff --git a/systemd-mini.changes b/systemd-mini.changes index 21c85b44..45c91d07 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 20 16:22:46 UTC 2021 - Franck Bui + +- Drop 1003-basic-unit-name-adjust-comments.patch + + It's been merged in SUSE/v248 branch + ------------------------------------------------------------------- Tue Jul 20 15:51:47 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index 90ca6d3a..feffa955 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -196,7 +196,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # temporary and should be removed as soon as a fix is merged by # upstream. Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch -Patch101: 1003-basic-unit-name-adjust-comments.patch %description Systemd is a system and service manager, compatible with SysV and LSB diff --git a/systemd.changes b/systemd.changes index 21c85b44..45c91d07 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jul 20 16:22:46 UTC 2021 - Franck Bui + +- Drop 1003-basic-unit-name-adjust-comments.patch + + It's been merged in SUSE/v248 branch + ------------------------------------------------------------------- Tue Jul 20 15:51:47 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 6cdd8b88..d3b820c0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -194,7 +194,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # temporary and should be removed as soon as a fix is merged by # upstream. Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch -Patch101: 1003-basic-unit-name-adjust-comments.patch %description Systemd is a system and service manager, compatible with SysV and LSB From 407466dd868f17ee6796af43215e4301a9810b6b4b41472f825af842a23760ff Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Tue, 20 Jul 2021 16:29:26 +0000 Subject: [PATCH 5/6] - Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes https://github.com/systemd/systemd/issues/19464 which makes the aforementioned patch not needed anymore. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1174 --- ...ent-excessive-proc-self-mountinfo-pa.patch | 35 ------------------- systemd-mini.changes | 9 +++++ systemd-mini.spec | 1 - systemd.changes | 9 +++++ systemd.spec | 1 - 5 files changed, 18 insertions(+), 37 deletions(-) delete mode 100644 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch diff --git a/0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch b/0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch deleted file mode 100644 index def1f512..00000000 --- a/0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c9bce1f07276c591d8637dbfc3244ee11e8fa4e1 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Tue, 18 May 2021 11:53:55 +0200 -Subject: [PATCH 1/1] Revert "core: prevent excessive /proc/self/mountinfo - parsing" - -This reverts commit d586f642fd90e3bb378f7b6d3e3a64a753e51756. - -This reverts commit d586f642fd90e3bb378f7b6d3e3a64a753e51756 temporarly until -more investigation is done to find the root cause of -https://github.com/systemd/systemd/issues/19464. ---- - src/core/mount.c | 6 ------ - 1 file changed, 6 deletions(-) - -diff --git a/src/core/mount.c b/src/core/mount.c -index ca5d0939a1..2939062161 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1859,12 +1859,6 @@ static void mount_enumerate(Manager *m) { - goto fail; - } - -- r = sd_event_source_set_ratelimit(m->mount_event_source, 1 * USEC_PER_SEC, 5); -- if (r < 0) { -- log_error_errno(r, "Failed to enable rate limit for mount events: %m"); -- goto fail; -- } -- - (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); - } - --- -2.26.2 - diff --git a/systemd-mini.changes b/systemd-mini.changes index 45c91d07..b3919dd0 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Jul 20 16:26:39 UTC 2021 - Franck Bui + +- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch + + Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes + https://github.com/systemd/systemd/issues/19464 which makes the + aforementioned patch not needed anymore. + ------------------------------------------------------------------- Tue Jul 20 16:22:46 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index feffa955..cf0b08e1 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -195,7 +195,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # upstream and need an urgent fix. Even in this case, the patches are # temporary and should be removed as soon as a fix is merged by # upstream. -Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch %description Systemd is a system and service manager, compatible with SysV and LSB diff --git a/systemd.changes b/systemd.changes index 45c91d07..b3919dd0 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Tue Jul 20 16:26:39 UTC 2021 - Franck Bui + +- Drop 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch + + Commit 81107b8419c39f726fd2805517a5b9faab204e59 fixes + https://github.com/systemd/systemd/issues/19464 which makes the + aforementioned patch not needed anymore. + ------------------------------------------------------------------- Tue Jul 20 16:22:46 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index d3b820c0..48e8638a 100644 --- a/systemd.spec +++ b/systemd.spec @@ -193,7 +193,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # upstream and need an urgent fix. Even in this case, the patches are # temporary and should be removed as soon as a fix is merged by # upstream. -Patch100: 0001-Revert-core-prevent-excessive-proc-self-mountinfo-pa.patch %description Systemd is a system and service manager, compatible with SysV and LSB From 289877b139bc74a51ebf447d99de976eac9ce7ca9023559815a908be9c3bf031 Mon Sep 17 00:00:00 2001 From: Franck Bui Date: Mon, 26 Jul 2021 12:44:37 +0000 Subject: [PATCH 6/6] - Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=1175 --- systemd-mini.changes | 8 ++++++++ systemd-mini.spec | 4 ++-- systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz | 3 --- systemd-v248.6+suse.45.g73e9e6fb84.tar.xz | 3 +++ systemd.changes | 8 ++++++++ systemd.spec | 4 ++-- 6 files changed, 23 insertions(+), 7 deletions(-) delete mode 100644 systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz create mode 100644 systemd-v248.6+suse.45.g73e9e6fb84.tar.xz diff --git a/systemd-mini.changes b/systemd-mini.changes index b3919dd0..6a0a7640 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 26 10:54:10 UTC 2021 - Franck Bui + +- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 + ------------------------------------------------------------------- Tue Jul 20 16:26:39 UTC 2021 - Franck Bui diff --git a/systemd-mini.spec b/systemd-mini.spec index cf0b08e1..6f2afebc 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.42.gcb29bcc5ef +%define suse_version +suse.45.g73e9e6fb84 %bcond_with gnuefi %if 0%{?bootstrap} @@ -58,7 +58,7 @@ Name: systemd-mini URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.5 +Version: 248.6 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later diff --git a/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz b/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz deleted file mode 100644 index 788dd3ff..00000000 --- a/systemd-v248.5+suse.42.gcb29bcc5ef.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d9924c8244a6ddc88c345b62356b8a992915cd9073d05271c8b0f9a487b55b87 -size 7121780 diff --git a/systemd-v248.6+suse.45.g73e9e6fb84.tar.xz b/systemd-v248.6+suse.45.g73e9e6fb84.tar.xz new file mode 100644 index 00000000..a72a623b --- /dev/null +++ b/systemd-v248.6+suse.45.g73e9e6fb84.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f3750afd054f03b6868463ffd663441ead475d31dcd83d429c36580e7c6f748a +size 7123304 diff --git a/systemd.changes b/systemd.changes index b3919dd0..6a0a7640 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 26 10:54:10 UTC 2021 - Franck Bui + +- Import commit 73e9e6fb847513c6d62f2fb445778ef5bc0fe516 (merge of v248.6) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/cb29bcc5ef2c0ee659686c5d229646a6ba98ec50...73e9e6fb847513c6d62f2fb445778ef5bc0fe516 + ------------------------------------------------------------------- Tue Jul 20 16:26:39 UTC 2021 - Franck Bui diff --git a/systemd.spec b/systemd.spec index 48e8638a..f20d2bcf 100644 --- a/systemd.spec +++ b/systemd.spec @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.42.gcb29bcc5ef +%define suse_version +suse.45.g73e9e6fb84 %bcond_with gnuefi %if 0%{?bootstrap} @@ -56,7 +56,7 @@ Name: systemd URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 248.5 +Version: 248.6 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later