packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!393 sync community patches

Browse Source 
From: @yangmingtaip 
Reviewed-by: @licunlong 
Signed-off-by: @licunlong
This commit is contained in:
openeuler-ci-bot 2023-03-16 11:33:49 +00:00 committed by Gitee
commit a1683a1ef9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
14 changed files with 682 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
backport-analyze-add-forgotten-return-statement.patch Normal file
View File

@ -0,0 +1,33 @@
From 53fd101c2144cb104d34aea8e68c7c24443107bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Oct 2022 15:52:33 +0200
Subject: [PATCH] analyze: add forgotten return statement
We would fail with an assert in sd_bus_message_enter_container() afterwards.
(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5)
(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc)
(cherry picked from commit 1316666e98accf6b8ab8cb0fb5ef73d275049a34)
Conflict:adapt context
Reference:https://github.com/systemd/systemd/commit/53fd101c2144cb104d34aea8e68c7c24443107bd
---
src/analyze/analyze.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 3d1cd2f..b8eaad2 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -1296,7 +1296,7 @@ static int dot(int argc, char *argv[], void *userdata) {
&reply,
"");
if (r < 0)
- log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r));
+ return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r));
r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
if (r < 0)
--
2.27.0

41
backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch Normal file
View File

@ -0,0 +1,41 @@
From a59a7227a29a73e8e1b0d80153f258e20354c0d7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Jul 2022 11:02:40 +0200
Subject: [PATCH] cgroups-agent: connect stdin/stdout/stderr to /dev/null
Inspired by https://github.com/systemd/systemd/pull/24024 this is
another user mode helper, where this might be an issue. hence let's
rather be safe than sorry, and also connect stdin/stdout/stderr
explicitly with /dev/null.
(cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf)
(cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde)
(cherry picked from commit d8464304f03e6644bfc6ed42e13fb3a460b9ff60)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/a59a7227a29a73e8e1b0d80153f258e20354c0d7
---
src/cgroups-agent/cgroups-agent.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c
index 071cba3099..9126736235 100644
--- a/src/cgroups-agent/cgroups-agent.c
+++ b/src/cgroups-agent/cgroups-agent.c
@@ -16,6 +16,13 @@ int main(int argc, char *argv[]) {
_cleanup_close_ int fd = -1;
ssize_t n;
size_t l;
+ int r;
+
+ r = rearrange_stdio(-1, -1, -1);
+ if (r < 0) {
+ log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m");
+ return EXIT_FAILURE;
+ }
if (argc != 2) {
log_error("Incorrect number of arguments.");
--
2.27.0

45
backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch Normal file
View File

@ -0,0 +1,45 @@
From 098a25754b0835ffe078b12f75a1862cf528a986 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 15 Jul 2022 01:49:25 +0200
Subject: [PATCH] coredump: Connect stdout/stderr to /dev/null before doing
anything
When invoked as the coredump handler by the kernel, systemd-coredump's
stdout and stderr streams are closed. This is dangerous as this means
the fd's can get reallocated, leading to hard to debug errors such as
log messages ending up being appended to a compressed coredump file.
To avoid such issues in the future, let's bind stdout/stderr to
/dev/null so the file descriptors can't get used for anything else.
(cherry picked from commit 1f9d2a8199c261593aa6a11df9cce5d31e23c714)
(cherry picked from commit fba50bc0fc5a69e5573ceadb5d6224f365d3c3f5)
(cherry picked from commit 3e1224d4ac3f44558c7bc3ceec2d6080afe21dc3)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/098a25754b0835ffe078b12f75a1862cf528a986
---
src/coredump/coredump.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index c6639c0100..72df958bc3 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -1268,6 +1268,13 @@ static int process_kernel(int argc, char* argv[]) {
struct iovec_wrapper *iovw;
int r;
+ /* When we're invoked by the kernel, stdout/stderr are closed which is dangerous because the fds
+ * could get reallocated. To avoid hard to debug issues, let's instead bind stdout/stderr to
+ * /dev/null. */
+ r = rearrange_stdio(STDIN_FILENO, -1, -1);
+ if (r < 0)
+ return log_error_errno(r, "Failed to connect stdout/stderr to /dev/null: %m");
+
log_debug("Processing coredump received from the kernel...");
iovw = iovw_new();
--
2.27.0

102
backport-dhcp-fix-potential-buffer-overflow.patch Normal file
View File

@ -0,0 +1,102 @@
From d903e94e8ea532d2128c5c4686ae440ebf17a07d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 6 Aug 2022 13:05:59 +0900
Subject: [PATCH] dhcp: fix potential buffer overflow
Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315.
This also renames several macros for DHCP packet size.
(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b)
(cherry picked from commit 037b1a8acc50cbeeebb82f95594a4909375577c2)
(cherry picked from commit 887837a5a9425945b91488db661122459af94c52)
Conflict:adapt context
Reference:https://github.com/systemd/systemd/commit/d903e94e8ea532d2128c5c4686ae440ebf17a07d
---
src/libsystemd-network/dhcp-protocol.h | 7 ++++---
src/libsystemd-network/sd-dhcp-client.c | 11 +++++------
src/libsystemd-network/sd-dhcp-lease.c | 6 +++---
3 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/libsystemd-network/dhcp-protocol.h b/src/libsystemd-network/dhcp-protocol.h
index f036632..ef1283a 100644
--- a/src/libsystemd-network/dhcp-protocol.h
+++ b/src/libsystemd-network/dhcp-protocol.h
@@ -43,9 +43,10 @@ typedef struct DHCPPacket DHCPPacket;
#define DHCP_IP_SIZE (int32_t)(sizeof(struct iphdr))
#define DHCP_IP_UDP_SIZE (int32_t)(sizeof(struct udphdr) + DHCP_IP_SIZE)
-#define DHCP_MESSAGE_SIZE (int32_t)(sizeof(DHCPMessage))
-#define DHCP_DEFAULT_MIN_SIZE 576 /* the minimum internet hosts must be able to receive */
-#define DHCP_MIN_OPTIONS_SIZE (DHCP_DEFAULT_MIN_SIZE - DHCP_IP_UDP_SIZE - DHCP_MESSAGE_SIZE)
+#define DHCP_HEADER_SIZE (int32_t)(sizeof(DHCPMessage))
+#define DHCP_MIN_MESSAGE_SIZE 576 /* the minimum internet hosts must be able to receive, see RFC 2132 Section 9.10 */
+#define DHCP_MIN_OPTIONS_SIZE (DHCP_MIN_MESSAGE_SIZE - DHCP_HEADER_SIZE)
+#define DHCP_MIN_PACKET_SIZE (DHCP_MIN_MESSAGE_SIZE + DHCP_IP_UDP_SIZE)
#define DHCP_MAGIC_COOKIE (uint32_t)(0x63825363)
enum {
diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
index 842386a..c688245 100644
--- a/src/libsystemd-network/sd-dhcp-client.c
+++ b/src/libsystemd-network/sd-dhcp-client.c
@@ -524,7 +524,7 @@ int sd_dhcp_client_set_client_port(
int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) {
assert_return(client, -EINVAL);
- assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE);
+ assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE);
client->mtu = mtu;
@@ -606,7 +606,6 @@ static int client_message_init(
_cleanup_free_ DHCPPacket *packet = NULL;
size_t optlen, optoffset, size;
- be16_t max_size;
usec_t time_now;
uint16_t secs;
int r;
@@ -739,9 +738,9 @@ static int client_message_init(
*/
/* RFC7844 section 3:
SHOULD NOT contain any other option. */
- if (!client->anonymize && type != DHCP_RELEASE) {
- max_size = htobe16(size);
- r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0,
+ if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) {
+ be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX));
+ r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE,
2, &max_size);
if (r < 0)
@@ -2017,7 +2016,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) {
.state = DHCP_STATE_INIT,
.ifindex = -1,
.fd = -1,
- .mtu = DHCP_DEFAULT_MIN_SIZE,
+ .mtu = DHCP_MIN_PACKET_SIZE,
.port = DHCP_PORT_CLIENT,
.anonymize = !!anonymize,
.max_attempts = (uint64_t) -1,
diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c
index c07936b..ca1b21e 100644
--- a/src/libsystemd-network/sd-dhcp-lease.c
+++ b/src/libsystemd-network/sd-dhcp-lease.c
@@ -565,9 +565,9 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void
r = lease_parse_u16(option, len, &lease->mtu, 68);
if (r < 0)
log_debug_errno(r, "Failed to parse MTU, ignoring: %m");
- if (lease->mtu < DHCP_DEFAULT_MIN_SIZE) {
- log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_DEFAULT_MIN_SIZE);
- lease->mtu = DHCP_DEFAULT_MIN_SIZE;
+ if (lease->mtu < DHCP_MIN_PACKET_SIZE) {
+ log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_MIN_PACKET_SIZE);
+ lease->mtu = DHCP_MIN_PACKET_SIZE;
}
break;
--
2.27.0

50
backport-dns-domain-make-each-label-nul-terminated.patch Normal file
View File

@ -0,0 +1,50 @@
From ec5a6e5a3011f095e739fa0636c3273fe868f2cf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 11 Jun 2022 05:51:03 +0900
Subject: [PATCH] dns-domain: make each label nul-terminated
dns_label_unescape() does not nul-terminate the buffer if it does not
have enough space. Hence, if a lable is enough long, then strjoin()
triggers buffer-overflow.
Fixes #23705.
(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a)
(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321)
(cherry picked from commit ac4e64939d05ed81739028c0a45c3f99d2f91ba4)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/ec5a6e5a3011f095e739fa0636c3273fe868f2cf
---
src/shared/dns-domain.c | 2 +-
src/test/test-dns-domain.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index 787bb8fec9..517fe85600 100644
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1035,7 +1035,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) {
int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) {
_cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL;
const char *p = joined, *q = NULL, *d = NULL;
- char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX];
+ char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1];
int an, bn, cn, r;
unsigned x = 0;
diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c
index 2df2380de4..10916dd057 100644
--- a/src/test/test-dns-domain.c
+++ b/src/test/test-dns-domain.c
@@ -560,6 +560,7 @@ static void test_dns_service_split(void) {
test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0);
test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0);
test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0);
+ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0);
}
static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) {
--
2.27.0

37
backport-growfs-don-t-actually-resize-on-dry-run.patch Normal file
View File

@ -0,0 +1,37 @@
From e9a1f6237f281b4bf05386bd9b2c921ea999232f Mon Sep 17 00:00:00 2001
From: undef <gitlab@undef.tools>
Date: Thu, 14 Jul 2022 05:53:15 +0000
Subject: [PATCH] growfs: don't actually resize on dry-run
This causes systemd-growfs to exit before resizing the partition when
`--dry-run` is passed. Resizing during a dry run of a change breaks the
users expectations.
(cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0)
(cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678)
(cherry picked from commit e39019fd1065c8e2eb078b72359c5e755b013493)
Conflict:adapt context
Reference:https://github.com/systemd/systemd/commit/e9a1f6237f281b4bf05386bd9b2c921ea999232f
---
src/partition/growfs.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/partition/growfs.c b/src/partition/growfs.c
index 9e7178a..413259d 100644
--- a/src/partition/growfs.c
+++ b/src/partition/growfs.c
@@ -309,6 +309,10 @@ int main(int argc, char *argv[]) {
return EXIT_FAILURE;
}
+
+ if (arg_dry_run)
+ return 0;
+
switch(sfs.f_type) {
case EXT4_SUPER_MAGIC:
r = resize_ext4(arg_target, mountfd, devfd, numblocks, blocksize);
--
2.27.0

39
backport-log-don-t-attempt-to-duplicate-closed-fd.patch Normal file
View File

@ -0,0 +1,39 @@
From 417f37c1455fe770d96559205b864766188d9866 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 2 Sep 2022 18:35:03 +0200
Subject: [PATCH] log: don't attempt to duplicate closed fd
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
if the console fd is not open we shouldn#t try to move it out of the 0…2
range.
Fixes: #24535
Alternative-for: #24537
(cherry picked from commit f1ee066840eea748ad4074ac2bc859bb897953b9)
(cherry picked from commit e0dde8a14f8b05b88e1add1abdb68c364913346b)
(cherry picked from commit 40cedddab7e5c84c8fa4738de423971997d9aef5)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/417f37c1455fe770d96559205b864766188d9866
---
src/basic/log.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/log.c b/src/basic/log.c
index 1d68b49963..4a1d3c0d6d 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -1477,7 +1477,7 @@ int log_dup_console(void) {
/* Duplicate the fd we use for fd logging if it's < 3 and use the copy from now on. This call is useful
* whenever we want to continue logging through the original fd, but want to rearrange stderr. */
- if (console_fd >= 3)
+ if (console_fd < 0 || console_fd >= 3)
return 0;
copy = fcntl(console_fd, F_DUPFD_CLOEXEC, 3);
--
2.27.0

45
backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch Normal file
View File

@ -0,0 +1,45 @@
From 848586f6f46e58c4960c2675102757d8c11ce046 Mon Sep 17 00:00:00 2001
From: Michael Biebl <biebl@debian.org>
Date: Wed, 12 Oct 2022 11:07:57 +0200
Subject: [PATCH] logind: fix getting property OnExternalPower via D-Bus
The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
argument, so we need to call manager_is_on_external_power(). Otherwise
the function pointer is interpreted as a boolean and always returns
true:
```
$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
b true
$ /lib/systemd/systemd-ac-power --verbose
no
```
Thanks: Helmut Grohne <helmut@subdivi.de>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150)
(cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9)
(cherry picked from commit c622de4c9d474c2b666881ccbf60c7e2bf1fb484)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/848586f6f46e58c4960c2675102757d8c11ce046
---
src/login/logind-dbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index b3c204f0b0..1d0cf904bc 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -353,7 +353,7 @@ static int property_get_scheduled_shutdown(
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction);
static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays);
static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed);
-static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power);
+static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power());
static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX);
static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size);
--
2.27.0

34
backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch Normal file
View File

@ -0,0 +1,34 @@
From c285d500d0fe356f74f34846bc2ac0e25fe6ae42 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 8 Jul 2022 22:00:58 +0900
Subject: [PATCH] resolve: fix heap-buffer-overflow reported by ASAN with
strict_string_checks=1
Fixes #23942.
(cherry picked from commit beeab352de413e1c04de0a67ee36525fcf6e99dd)
(cherry picked from commit feb244676baa246e660b713544c2cb8766c25b34)
(cherry picked from commit 63c0ce2346cb70a2959bd539541119866223a619)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/c285d500d0fe356f74f34846bc2ac0e25fe6ae42
---
src/resolve/resolved-dns-packet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
index b37f57fe67..c4cfbf7820 100644
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@@ -1393,7 +1393,7 @@ int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) {
if (memchr(d, 0, c))
return -EBADMSG;
- t = strndup(d, c);
+ t = memdup_suffix0(d, c);
if (!t)
return -ENOMEM;
--
2.27.0

42
backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch Normal file
View File

@ -0,0 +1,42 @@
From 9b1f4d855aa7b16b425545fdd888dbef918d1daa Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 4 Jul 2022 11:23:33 +0900
Subject: [PATCH] resolve: mdns_packet_extract_matching_rrs() may return 0
Fixes the following assertion:
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa
---
Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting.
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa
---
(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad)
(cherry picked from commit 0070302b3cdc1350bf7bfd5d032dbea420f4ed40)
(cherry picked from commit 30d24c8df600545d1878a868bcd409e65479af77)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa
---
src/resolve/resolved-mdns.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c
index 24241249b1..8c8ee81da1 100644
--- a/src/resolve/resolved-mdns.c
+++ b/src/resolve/resolved-mdns.c
@@ -165,8 +165,6 @@ static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p
if (r < 0)
return r;
- assert(r > 0);
-
if (proposed_rrs_cmp(remote, r, our, size) > 0)
return 1;
--
2.27.0

76
backport-shared-condition-avoid-nss-lookup-in-PID1.patch Normal file
View File

@ -0,0 +1,76 @@
From 03101b5186a43b893165f44726f4865702005d8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Oct 2022 17:34:53 +0200
Subject: [PATCH] shared/condition: avoid nss lookup in PID1
PID 1 is not allowed to do nss lookups because this may take a long time or
even deadlock.
While at it, the comparisons are reordered to do the "easy" comparisons which
only require a string comparison first. Delay parsing of the UID until it is
really necessary. The result is the same, because we know that "root" and
"nobody" parse as valid.
(cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1)
(cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5)
(cherry picked from commit 4ddeea92faf69291449af95dc9ba6440ad06ec1b)
Conflict:adapt context
Reference:https://github.com/systemd/systemd/commit/03101b5186a43b893165f44726f4865702005d8e
---
src/shared/condition.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/shared/condition.c b/src/shared/condition.c
index 8d460f9..b07b71b 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -314,31 +314,36 @@ static int condition_test_cpus(Condition *c) {
static int condition_test_user(Condition *c) {
uid_t id;
int r;
- _cleanup_free_ char *username = NULL;
- const char *u;
assert(c);
assert(c->parameter);
assert(c->type == CONDITION_USER);
+ /* Do the quick&easy comparisons first, and only parse the UID later. */
+ if (streq(c->parameter, "root"))
+ return getuid() == 0 || geteuid() == 0;
+ if (streq(c->parameter, NOBODY_USER_NAME))
+ return getuid() == UID_NOBODY || geteuid() == UID_NOBODY;
+ if (streq(c->parameter, "@system"))
+ return uid_is_system(getuid()) || uid_is_system(geteuid());
+
r = parse_uid(c->parameter, &id);
if (r >= 0)
return id == getuid() || id == geteuid();
- if (streq("@system", c->parameter))
- return uid_is_system(getuid()) || uid_is_system(geteuid());
+ if (getpid_cached() == 1) /* We already checked for "root" above, and we know that
+ * PID 1 is running as root, hence we know it cannot match. */
+ return false;
- username = getusername_malloc();
+ /* getusername_malloc() may do an nss lookup, which is not allowed in PID 1. */
+ _cleanup_free_ char *username = getusername_malloc();
if (!username)
return -ENOMEM;
if (streq(username, c->parameter))
return 1;
- if (getpid_cached() == 1)
- return streq(c->parameter, "root");
-
- u = c->parameter;
+ const char *u = c->parameter;
r = get_user_creds(&u, &id, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING);
if (r < 0)
return 0;
--
2.27.0

85
backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch Normal file
View File

@ -0,0 +1,85 @@
From ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Jul 2022 23:43:36 +0200
Subject: [PATCH] stat-util: replace is_dir() + is_dir_fd() by single
is_dir_full() call
This new call can execute both of the old operations, but also do
generic fstatat() like behaviour.
(cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d)
(cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b)
(cherry picked from commit a77b81f1240ff7e0ea5d084d61875e1bdefc075d)
Conflict:adapt context
Reference:https://github.com/systemd/systemd/commit/ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8
---
src/basic/stat-util.c | 20 ++++++--------------
src/basic/stat-util.h | 9 +++++++--
2 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c
index d5db6e6..aff8081 100644
--- a/src/basic/stat-util.c
+++ b/src/basic/stat-util.c
@@ -31,31 +31,23 @@ int is_symlink(const char *path) {
return !!S_ISLNK(info.st_mode);
}
-int is_dir(const char* path, bool follow) {
+int is_dir_full(int atfd, const char* path, bool follow) {
struct stat st;
int r;
- assert(path);
+ assert(atfd >= 0 || atfd == AT_FDCWD);
+ assert(atfd >= 0 || path);
- if (follow)
- r = stat(path, &st);
+ if (path)
+ r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW);
else
- r = lstat(path, &st);
+ r = fstat(atfd, &st);
if (r < 0)
return -errno;
return !!S_ISDIR(st.st_mode);
}
-int is_dir_fd(int fd) {
- struct stat st;
-
- if (fstat(fd, &st) < 0)
- return -errno;
-
- return !!S_ISDIR(st.st_mode);
-}
-
int is_device_node(const char *path) {
struct stat info;
diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h
index 59aedcb..38cab63 100644
--- a/src/basic/stat-util.h
+++ b/src/basic/stat-util.h
@@ -12,8 +12,13 @@
#include "macro.h"
int is_symlink(const char *path);
-int is_dir(const char *path, bool follow);
-int is_dir_fd(int fd);
+int is_dir_full(int atfd, const char *fname, bool follow);
+static inline int is_dir(const char *path, bool follow) {
+ return is_dir_full(AT_FDCWD, path, follow);
+}
+static inline int is_dir_fd(int fd) {
+ return is_dir_full(fd, NULL, false);
+}
int is_device_node(const char *path);
int dir_is_empty_at(int dir_fd, const char *path);
--
2.27.0

36
backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch Normal file
View File

@ -0,0 +1,36 @@
From 675dd1039c69ff28ce9c7e617fcede80e998b3e9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 13 Jul 2022 23:44:45 +0200
Subject: [PATCH] tmpfiles: check the directory we were supposed to create, not
its parent
This current code checks the wrong directory. This was broken in
4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous
code incorrectly.
(cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe)
(cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb)
(cherry picked from commit 8b674cf43f1ba8137da3a90c67826f13c865838c)
Conflict:adapt context
Reference:https://github.com/systemd/systemd/commit/675dd1039c69ff28ce9c7e617fcede80e998b3e9
---
src/tmpfiles/tmpfiles.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 38136d6..e795821 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -1556,7 +1556,7 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub
if (!IN_SET(r, -EEXIST, -EROFS))
return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path);
- k = is_dir_fd(pfd);
+ k = is_dir_full(pfd, basename(path), /* follow= */ false);
if (k == -ENOENT && r == -EROFS)
return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path);
if (k < 0)
--
2.27.0

18
systemd.spec
View File

@ -16,7 +16,7 @@
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 243
Release: 60
Release: 61
License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager
@ -195,6 +195,19 @@ Patch0147: backport-CVE-2023-26604-pager-set-LESSSECURE-whenver-we-invoke-a
Patch0148: backport-CVE-2023-26604-test-login-always-test-sd_pid_get_owner_uid.patch
Patch0149: backport-CVE-2023-26604-pager-make-pager-secure-when-under-euid-is-changed.patch
Patch0150: backport-CVE-2023-26604-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch
Patch0151: backport-dns-domain-make-each-label-nul-terminated.patch
Patch0152: backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch
Patch0153: backport-growfs-don-t-actually-resize-on-dry-run.patch
Patch0154: backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch
Patch0155: backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch
Patch0156: backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch
Patch0157: backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch
Patch0158: backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch
Patch0159: backport-dhcp-fix-potential-buffer-overflow.patch
Patch0160: backport-log-don-t-attempt-to-duplicate-closed-fd.patch
Patch0161: backport-analyze-add-forgotten-return-statement.patch
Patch0162: backport-shared-condition-avoid-nss-lookup-in-PID1.patch
Patch0163: backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch
#openEuler
Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch
@ -1602,6 +1615,9 @@ fi
%exclude /usr/share/man/man3/*
%changelog
* Thu Mar 16 2023 yangmingtai <yangmingtai@huawei.com> - 243-61
- sync community patches
* Tue Mar 14 2023 huyubiao <huyubiao@huawei.com> - 243-60
- fix CVE-2023-26604