From ef156c60655243f659bf77f9ae0d53e025930189 Mon Sep 17 00:00:00 2001 From: y30009332 Date: Thu, 16 Mar 2023 11:32:42 +0800 Subject: [PATCH] sync community patches --- ...alyze-add-forgotten-return-statement.patch | 33 ++++++ ...nnect-stdin-stdout-stderr-to-dev-nul.patch | 41 +++++++ ...-stdout-stderr-to-dev-null-before-do.patch | 45 ++++++++ ...t-dhcp-fix-potential-buffer-overflow.patch | 102 ++++++++++++++++++ ...omain-make-each-label-nul-terminated.patch | 50 +++++++++ ...wfs-don-t-actually-resize-on-dry-run.patch | 37 +++++++ ...don-t-attempt-to-duplicate-closed-fd.patch | 39 +++++++ ...ng-property-OnExternalPower-via-D-Bu.patch | 45 ++++++++ ...-buffer-overflow-reported-by-ASAN-wi.patch | 34 ++++++ ...ket_extract_matching_rrs-may-return-.patch | 42 ++++++++ ...d-condition-avoid-nss-lookup-in-PID1.patch | 76 +++++++++++++ ...e-is_dir-is_dir_fd-by-single-is_dir_.patch | 85 +++++++++++++++ ...he-directory-we-were-supposed-to-cre.patch | 36 +++++++ systemd.spec | 18 +++- 14 files changed, 682 insertions(+), 1 deletion(-) create mode 100644 backport-analyze-add-forgotten-return-statement.patch create mode 100644 backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch create mode 100644 backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch create mode 100644 backport-dhcp-fix-potential-buffer-overflow.patch create mode 100644 backport-dns-domain-make-each-label-nul-terminated.patch create mode 100644 backport-growfs-don-t-actually-resize-on-dry-run.patch create mode 100644 backport-log-don-t-attempt-to-duplicate-closed-fd.patch create mode 100644 backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch create mode 100644 backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch create mode 100644 backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch create mode 100644 backport-shared-condition-avoid-nss-lookup-in-PID1.patch create mode 100644 backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch create mode 100644 backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch diff --git a/backport-analyze-add-forgotten-return-statement.patch b/backport-analyze-add-forgotten-return-statement.patch new file mode 100644 index 0000000..5bed62e --- /dev/null +++ b/backport-analyze-add-forgotten-return-statement.patch @@ -0,0 +1,33 @@ +From 53fd101c2144cb104d34aea8e68c7c24443107bd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 7 Oct 2022 15:52:33 +0200 +Subject: [PATCH] analyze: add forgotten return statement + +We would fail with an assert in sd_bus_message_enter_container() afterwards. + +(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5) +(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc) +(cherry picked from commit 1316666e98accf6b8ab8cb0fb5ef73d275049a34) + +Conflict:adapt context +Reference:https://github.com/systemd/systemd/commit/53fd101c2144cb104d34aea8e68c7c24443107bd +--- + src/analyze/analyze.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c +index 3d1cd2f..b8eaad2 100644 +--- a/src/analyze/analyze.c ++++ b/src/analyze/analyze.c +@@ -1296,7 +1296,7 @@ static int dot(int argc, char *argv[], void *userdata) { + &reply, + ""); + if (r < 0) +- log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); ++ return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); + + r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)"); + if (r < 0) +-- +2.27.0 + diff --git a/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch b/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch new file mode 100644 index 0000000..67decec --- /dev/null +++ b/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch @@ -0,0 +1,41 @@ +From a59a7227a29a73e8e1b0d80153f258e20354c0d7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 15 Jul 2022 11:02:40 +0200 +Subject: [PATCH] cgroups-agent: connect stdin/stdout/stderr to /dev/null + +Inspired by https://github.com/systemd/systemd/pull/24024 this is +another user mode helper, where this might be an issue. hence let's +rather be safe than sorry, and also connect stdin/stdout/stderr +explicitly with /dev/null. + +(cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf) +(cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde) +(cherry picked from commit d8464304f03e6644bfc6ed42e13fb3a460b9ff60) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a59a7227a29a73e8e1b0d80153f258e20354c0d7 +--- + src/cgroups-agent/cgroups-agent.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c +index 071cba3099..9126736235 100644 +--- a/src/cgroups-agent/cgroups-agent.c ++++ b/src/cgroups-agent/cgroups-agent.c +@@ -16,6 +16,13 @@ int main(int argc, char *argv[]) { + _cleanup_close_ int fd = -1; + ssize_t n; + size_t l; ++ int r; ++ ++ r = rearrange_stdio(-1, -1, -1); ++ if (r < 0) { ++ log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m"); ++ return EXIT_FAILURE; ++ } + + if (argc != 2) { + log_error("Incorrect number of arguments."); +-- +2.27.0 + diff --git a/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch b/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch new file mode 100644 index 0000000..f6f3bcb --- /dev/null +++ b/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch @@ -0,0 +1,45 @@ +From 098a25754b0835ffe078b12f75a1862cf528a986 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 15 Jul 2022 01:49:25 +0200 +Subject: [PATCH] coredump: Connect stdout/stderr to /dev/null before doing + anything + +When invoked as the coredump handler by the kernel, systemd-coredump's +stdout and stderr streams are closed. This is dangerous as this means +the fd's can get reallocated, leading to hard to debug errors such as +log messages ending up being appended to a compressed coredump file. + +To avoid such issues in the future, let's bind stdout/stderr to +/dev/null so the file descriptors can't get used for anything else. + +(cherry picked from commit 1f9d2a8199c261593aa6a11df9cce5d31e23c714) +(cherry picked from commit fba50bc0fc5a69e5573ceadb5d6224f365d3c3f5) +(cherry picked from commit 3e1224d4ac3f44558c7bc3ceec2d6080afe21dc3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/098a25754b0835ffe078b12f75a1862cf528a986 +--- + src/coredump/coredump.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index c6639c0100..72df958bc3 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -1268,6 +1268,13 @@ static int process_kernel(int argc, char* argv[]) { + struct iovec_wrapper *iovw; + int r; + ++ /* When we're invoked by the kernel, stdout/stderr are closed which is dangerous because the fds ++ * could get reallocated. To avoid hard to debug issues, let's instead bind stdout/stderr to ++ * /dev/null. */ ++ r = rearrange_stdio(STDIN_FILENO, -1, -1); ++ if (r < 0) ++ return log_error_errno(r, "Failed to connect stdout/stderr to /dev/null: %m"); ++ + log_debug("Processing coredump received from the kernel..."); + + iovw = iovw_new(); +-- +2.27.0 + diff --git a/backport-dhcp-fix-potential-buffer-overflow.patch b/backport-dhcp-fix-potential-buffer-overflow.patch new file mode 100644 index 0000000..29d70b2 --- /dev/null +++ b/backport-dhcp-fix-potential-buffer-overflow.patch @@ -0,0 +1,102 @@ +From d903e94e8ea532d2128c5c4686ae440ebf17a07d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 6 Aug 2022 13:05:59 +0900 +Subject: [PATCH] dhcp: fix potential buffer overflow + +Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315. + +This also renames several macros for DHCP packet size. + +(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b) +(cherry picked from commit 037b1a8acc50cbeeebb82f95594a4909375577c2) +(cherry picked from commit 887837a5a9425945b91488db661122459af94c52) + +Conflict:adapt context +Reference:https://github.com/systemd/systemd/commit/d903e94e8ea532d2128c5c4686ae440ebf17a07d +--- + src/libsystemd-network/dhcp-protocol.h | 7 ++++--- + src/libsystemd-network/sd-dhcp-client.c | 11 +++++------ + src/libsystemd-network/sd-dhcp-lease.c | 6 +++--- + 3 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/libsystemd-network/dhcp-protocol.h b/src/libsystemd-network/dhcp-protocol.h +index f036632..ef1283a 100644 +--- a/src/libsystemd-network/dhcp-protocol.h ++++ b/src/libsystemd-network/dhcp-protocol.h +@@ -43,9 +43,10 @@ typedef struct DHCPPacket DHCPPacket; + + #define DHCP_IP_SIZE (int32_t)(sizeof(struct iphdr)) + #define DHCP_IP_UDP_SIZE (int32_t)(sizeof(struct udphdr) + DHCP_IP_SIZE) +-#define DHCP_MESSAGE_SIZE (int32_t)(sizeof(DHCPMessage)) +-#define DHCP_DEFAULT_MIN_SIZE 576 /* the minimum internet hosts must be able to receive */ +-#define DHCP_MIN_OPTIONS_SIZE (DHCP_DEFAULT_MIN_SIZE - DHCP_IP_UDP_SIZE - DHCP_MESSAGE_SIZE) ++#define DHCP_HEADER_SIZE (int32_t)(sizeof(DHCPMessage)) ++#define DHCP_MIN_MESSAGE_SIZE 576 /* the minimum internet hosts must be able to receive, see RFC 2132 Section 9.10 */ ++#define DHCP_MIN_OPTIONS_SIZE (DHCP_MIN_MESSAGE_SIZE - DHCP_HEADER_SIZE) ++#define DHCP_MIN_PACKET_SIZE (DHCP_MIN_MESSAGE_SIZE + DHCP_IP_UDP_SIZE) + #define DHCP_MAGIC_COOKIE (uint32_t)(0x63825363) + + enum { +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index 842386a..c688245 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -524,7 +524,7 @@ int sd_dhcp_client_set_client_port( + + int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) { + assert_return(client, -EINVAL); +- assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE); ++ assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE); + + client->mtu = mtu; + +@@ -606,7 +606,6 @@ static int client_message_init( + + _cleanup_free_ DHCPPacket *packet = NULL; + size_t optlen, optoffset, size; +- be16_t max_size; + usec_t time_now; + uint16_t secs; + int r; +@@ -739,9 +738,9 @@ static int client_message_init( + */ + /* RFC7844 section 3: + SHOULD NOT contain any other option. */ +- if (!client->anonymize && type != DHCP_RELEASE) { +- max_size = htobe16(size); +- r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0, ++ if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) { ++ be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX)); ++ r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0, + SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE, + 2, &max_size); + if (r < 0) +@@ -2017,7 +2016,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { + .state = DHCP_STATE_INIT, + .ifindex = -1, + .fd = -1, +- .mtu = DHCP_DEFAULT_MIN_SIZE, ++ .mtu = DHCP_MIN_PACKET_SIZE, + .port = DHCP_PORT_CLIENT, + .anonymize = !!anonymize, + .max_attempts = (uint64_t) -1, +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index c07936b..ca1b21e 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -565,9 +565,9 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void + r = lease_parse_u16(option, len, &lease->mtu, 68); + if (r < 0) + log_debug_errno(r, "Failed to parse MTU, ignoring: %m"); +- if (lease->mtu < DHCP_DEFAULT_MIN_SIZE) { +- log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_DEFAULT_MIN_SIZE); +- lease->mtu = DHCP_DEFAULT_MIN_SIZE; ++ if (lease->mtu < DHCP_MIN_PACKET_SIZE) { ++ log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_MIN_PACKET_SIZE); ++ lease->mtu = DHCP_MIN_PACKET_SIZE; + } + + break; +-- +2.27.0 + diff --git a/backport-dns-domain-make-each-label-nul-terminated.patch b/backport-dns-domain-make-each-label-nul-terminated.patch new file mode 100644 index 0000000..11d9d70 --- /dev/null +++ b/backport-dns-domain-make-each-label-nul-terminated.patch @@ -0,0 +1,50 @@ +From ec5a6e5a3011f095e739fa0636c3273fe868f2cf Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 11 Jun 2022 05:51:03 +0900 +Subject: [PATCH] dns-domain: make each label nul-terminated + +dns_label_unescape() does not nul-terminate the buffer if it does not +have enough space. Hence, if a lable is enough long, then strjoin() +triggers buffer-overflow. + +Fixes #23705. + +(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a) +(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321) +(cherry picked from commit ac4e64939d05ed81739028c0a45c3f99d2f91ba4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ec5a6e5a3011f095e739fa0636c3273fe868f2cf +--- + src/shared/dns-domain.c | 2 +- + src/test/test-dns-domain.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c +index 787bb8fec9..517fe85600 100644 +--- a/src/shared/dns-domain.c ++++ b/src/shared/dns-domain.c +@@ -1035,7 +1035,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) { + int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) { + _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; + const char *p = joined, *q = NULL, *d = NULL; +- char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX]; ++ char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1]; + int an, bn, cn, r; + unsigned x = 0; + +diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c +index 2df2380de4..10916dd057 100644 +--- a/src/test/test-dns-domain.c ++++ b/src/test/test-dns-domain.c +@@ -560,6 +560,7 @@ static void test_dns_service_split(void) { + test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0); + test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0); + test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0); ++ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0); + } + + static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) { +-- +2.27.0 + diff --git a/backport-growfs-don-t-actually-resize-on-dry-run.patch b/backport-growfs-don-t-actually-resize-on-dry-run.patch new file mode 100644 index 0000000..de97257 --- /dev/null +++ b/backport-growfs-don-t-actually-resize-on-dry-run.patch @@ -0,0 +1,37 @@ +From e9a1f6237f281b4bf05386bd9b2c921ea999232f Mon Sep 17 00:00:00 2001 +From: undef +Date: Thu, 14 Jul 2022 05:53:15 +0000 +Subject: [PATCH] growfs: don't actually resize on dry-run + +This causes systemd-growfs to exit before resizing the partition when +`--dry-run` is passed. Resizing during a dry run of a change breaks the +users expectations. + +(cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0) +(cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678) +(cherry picked from commit e39019fd1065c8e2eb078b72359c5e755b013493) + +Conflict:adapt context +Reference:https://github.com/systemd/systemd/commit/e9a1f6237f281b4bf05386bd9b2c921ea999232f +--- + src/partition/growfs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/partition/growfs.c b/src/partition/growfs.c +index 9e7178a..413259d 100644 +--- a/src/partition/growfs.c ++++ b/src/partition/growfs.c +@@ -309,6 +309,10 @@ int main(int argc, char *argv[]) { + return EXIT_FAILURE; + } + ++ ++ if (arg_dry_run) ++ return 0; ++ + switch(sfs.f_type) { + case EXT4_SUPER_MAGIC: + r = resize_ext4(arg_target, mountfd, devfd, numblocks, blocksize); +-- +2.27.0 + diff --git a/backport-log-don-t-attempt-to-duplicate-closed-fd.patch b/backport-log-don-t-attempt-to-duplicate-closed-fd.patch new file mode 100644 index 0000000..d8cf413 --- /dev/null +++ b/backport-log-don-t-attempt-to-duplicate-closed-fd.patch @@ -0,0 +1,39 @@ +From 417f37c1455fe770d96559205b864766188d9866 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 2 Sep 2022 18:35:03 +0200 +Subject: [PATCH] log: don't attempt to duplicate closed fd +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +if the console fd is not open we shouldn#t try to move it out of the 0…2 +range. + +Fixes: #24535 +Alternative-for: #24537 +(cherry picked from commit f1ee066840eea748ad4074ac2bc859bb897953b9) +(cherry picked from commit e0dde8a14f8b05b88e1add1abdb68c364913346b) +(cherry picked from commit 40cedddab7e5c84c8fa4738de423971997d9aef5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/417f37c1455fe770d96559205b864766188d9866 +--- + src/basic/log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/log.c b/src/basic/log.c +index 1d68b49963..4a1d3c0d6d 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -1477,7 +1477,7 @@ int log_dup_console(void) { + /* Duplicate the fd we use for fd logging if it's < 3 and use the copy from now on. This call is useful + * whenever we want to continue logging through the original fd, but want to rearrange stderr. */ + +- if (console_fd >= 3) ++ if (console_fd < 0 || console_fd >= 3) + return 0; + + copy = fcntl(console_fd, F_DUPFD_CLOEXEC, 3); +-- +2.27.0 + diff --git a/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch b/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch new file mode 100644 index 0000000..562f739 --- /dev/null +++ b/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch @@ -0,0 +1,45 @@ +From 848586f6f46e58c4960c2675102757d8c11ce046 Mon Sep 17 00:00:00 2001 +From: Michael Biebl +Date: Wed, 12 Oct 2022 11:07:57 +0200 +Subject: [PATCH] logind: fix getting property OnExternalPower via D-Bus + +The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third +argument, so we need to call manager_is_on_external_power(). Otherwise +the function pointer is interpreted as a boolean and always returns +true: + +``` +$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower +b true +$ /lib/systemd/systemd-ac-power --verbose +no +``` + +Thanks: Helmut Grohne +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644 +(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150) +(cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9) +(cherry picked from commit c622de4c9d474c2b666881ccbf60c7e2bf1fb484) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/848586f6f46e58c4960c2675102757d8c11ce046 +--- + src/login/logind-dbus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index b3c204f0b0..1d0cf904bc 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -353,7 +353,7 @@ static int property_get_scheduled_shutdown( + static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction); + static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays); + static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed); +-static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power); ++static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power()); + static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX); + static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size); + +-- +2.27.0 + diff --git a/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch b/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch new file mode 100644 index 0000000..eef6c0e --- /dev/null +++ b/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch @@ -0,0 +1,34 @@ +From c285d500d0fe356f74f34846bc2ac0e25fe6ae42 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 8 Jul 2022 22:00:58 +0900 +Subject: [PATCH] resolve: fix heap-buffer-overflow reported by ASAN with + strict_string_checks=1 + +Fixes #23942. + +(cherry picked from commit beeab352de413e1c04de0a67ee36525fcf6e99dd) +(cherry picked from commit feb244676baa246e660b713544c2cb8766c25b34) +(cherry picked from commit 63c0ce2346cb70a2959bd539541119866223a619) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c285d500d0fe356f74f34846bc2ac0e25fe6ae42 +--- + src/resolve/resolved-dns-packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index b37f57fe67..c4cfbf7820 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1393,7 +1393,7 @@ int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) { + if (memchr(d, 0, c)) + return -EBADMSG; + +- t = strndup(d, c); ++ t = memdup_suffix0(d, c); + if (!t) + return -ENOMEM; + +-- +2.27.0 + diff --git a/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch b/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch new file mode 100644 index 0000000..1a9209c --- /dev/null +++ b/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch @@ -0,0 +1,42 @@ +From 9b1f4d855aa7b16b425545fdd888dbef918d1daa Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 4 Jul 2022 11:23:33 +0900 +Subject: [PATCH] resolve: mdns_packet_extract_matching_rrs() may return 0 + +Fixes the following assertion: + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa +--- +Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa +--- + +(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad) +(cherry picked from commit 0070302b3cdc1350bf7bfd5d032dbea420f4ed40) +(cherry picked from commit 30d24c8df600545d1878a868bcd409e65479af77) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa +--- + src/resolve/resolved-mdns.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c +index 24241249b1..8c8ee81da1 100644 +--- a/src/resolve/resolved-mdns.c ++++ b/src/resolve/resolved-mdns.c +@@ -165,8 +165,6 @@ static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p + if (r < 0) + return r; + +- assert(r > 0); +- + if (proposed_rrs_cmp(remote, r, our, size) > 0) + return 1; + +-- +2.27.0 + diff --git a/backport-shared-condition-avoid-nss-lookup-in-PID1.patch b/backport-shared-condition-avoid-nss-lookup-in-PID1.patch new file mode 100644 index 0000000..0bc1868 --- /dev/null +++ b/backport-shared-condition-avoid-nss-lookup-in-PID1.patch @@ -0,0 +1,76 @@ +From 03101b5186a43b893165f44726f4865702005d8e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 7 Oct 2022 17:34:53 +0200 +Subject: [PATCH] shared/condition: avoid nss lookup in PID1 + +PID 1 is not allowed to do nss lookups because this may take a long time or +even deadlock. + +While at it, the comparisons are reordered to do the "easy" comparisons which +only require a string comparison first. Delay parsing of the UID until it is +really necessary. The result is the same, because we know that "root" and +"nobody" parse as valid. + +(cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1) +(cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5) +(cherry picked from commit 4ddeea92faf69291449af95dc9ba6440ad06ec1b) + +Conflict:adapt context +Reference:https://github.com/systemd/systemd/commit/03101b5186a43b893165f44726f4865702005d8e +--- + src/shared/condition.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/src/shared/condition.c b/src/shared/condition.c +index 8d460f9..b07b71b 100644 +--- a/src/shared/condition.c ++++ b/src/shared/condition.c +@@ -314,31 +314,36 @@ static int condition_test_cpus(Condition *c) { + static int condition_test_user(Condition *c) { + uid_t id; + int r; +- _cleanup_free_ char *username = NULL; +- const char *u; + + assert(c); + assert(c->parameter); + assert(c->type == CONDITION_USER); + ++ /* Do the quick&easy comparisons first, and only parse the UID later. */ ++ if (streq(c->parameter, "root")) ++ return getuid() == 0 || geteuid() == 0; ++ if (streq(c->parameter, NOBODY_USER_NAME)) ++ return getuid() == UID_NOBODY || geteuid() == UID_NOBODY; ++ if (streq(c->parameter, "@system")) ++ return uid_is_system(getuid()) || uid_is_system(geteuid()); ++ + r = parse_uid(c->parameter, &id); + if (r >= 0) + return id == getuid() || id == geteuid(); + +- if (streq("@system", c->parameter)) +- return uid_is_system(getuid()) || uid_is_system(geteuid()); ++ if (getpid_cached() == 1) /* We already checked for "root" above, and we know that ++ * PID 1 is running as root, hence we know it cannot match. */ ++ return false; + +- username = getusername_malloc(); ++ /* getusername_malloc() may do an nss lookup, which is not allowed in PID 1. */ ++ _cleanup_free_ char *username = getusername_malloc(); + if (!username) + return -ENOMEM; + + if (streq(username, c->parameter)) + return 1; + +- if (getpid_cached() == 1) +- return streq(c->parameter, "root"); +- +- u = c->parameter; ++ const char *u = c->parameter; + r = get_user_creds(&u, &id, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING); + if (r < 0) + return 0; +-- +2.27.0 + diff --git a/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch b/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch new file mode 100644 index 0000000..882354f --- /dev/null +++ b/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch @@ -0,0 +1,85 @@ +From ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 13 Jul 2022 23:43:36 +0200 +Subject: [PATCH] stat-util: replace is_dir() + is_dir_fd() by single + is_dir_full() call + +This new call can execute both of the old operations, but also do +generic fstatat() like behaviour. + +(cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d) +(cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b) +(cherry picked from commit a77b81f1240ff7e0ea5d084d61875e1bdefc075d) + +Conflict:adapt context +Reference:https://github.com/systemd/systemd/commit/ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 +--- + src/basic/stat-util.c | 20 ++++++-------------- + src/basic/stat-util.h | 9 +++++++-- + 2 files changed, 13 insertions(+), 16 deletions(-) + +diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c +index d5db6e6..aff8081 100644 +--- a/src/basic/stat-util.c ++++ b/src/basic/stat-util.c +@@ -31,31 +31,23 @@ int is_symlink(const char *path) { + return !!S_ISLNK(info.st_mode); + } + +-int is_dir(const char* path, bool follow) { ++int is_dir_full(int atfd, const char* path, bool follow) { + struct stat st; + int r; + +- assert(path); ++ assert(atfd >= 0 || atfd == AT_FDCWD); ++ assert(atfd >= 0 || path); + +- if (follow) +- r = stat(path, &st); ++ if (path) ++ r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW); + else +- r = lstat(path, &st); ++ r = fstat(atfd, &st); + if (r < 0) + return -errno; + + return !!S_ISDIR(st.st_mode); + } + +-int is_dir_fd(int fd) { +- struct stat st; +- +- if (fstat(fd, &st) < 0) +- return -errno; +- +- return !!S_ISDIR(st.st_mode); +-} +- + int is_device_node(const char *path) { + struct stat info; + +diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h +index 59aedcb..38cab63 100644 +--- a/src/basic/stat-util.h ++++ b/src/basic/stat-util.h +@@ -12,8 +12,13 @@ + #include "macro.h" + + int is_symlink(const char *path); +-int is_dir(const char *path, bool follow); +-int is_dir_fd(int fd); ++int is_dir_full(int atfd, const char *fname, bool follow); ++static inline int is_dir(const char *path, bool follow) { ++ return is_dir_full(AT_FDCWD, path, follow); ++} ++static inline int is_dir_fd(int fd) { ++ return is_dir_full(fd, NULL, false); ++} + int is_device_node(const char *path); + + int dir_is_empty_at(int dir_fd, const char *path); +-- +2.27.0 + diff --git a/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch b/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch new file mode 100644 index 0000000..33f0dab --- /dev/null +++ b/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch @@ -0,0 +1,36 @@ +From 675dd1039c69ff28ce9c7e617fcede80e998b3e9 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 13 Jul 2022 23:44:45 +0200 +Subject: [PATCH] tmpfiles: check the directory we were supposed to create, not + its parent + +This current code checks the wrong directory. This was broken in +4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous +code incorrectly. + +(cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe) +(cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb) +(cherry picked from commit 8b674cf43f1ba8137da3a90c67826f13c865838c) + +Conflict:adapt context +Reference:https://github.com/systemd/systemd/commit/675dd1039c69ff28ce9c7e617fcede80e998b3e9 +--- + src/tmpfiles/tmpfiles.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 38136d6..e795821 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -1556,7 +1556,7 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub + if (!IN_SET(r, -EEXIST, -EROFS)) + return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path); + +- k = is_dir_fd(pfd); ++ k = is_dir_full(pfd, basename(path), /* follow= */ false); + if (k == -ENOENT && r == -EROFS) + return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path); + if (k < 0) +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index d022716..bca28c4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 60 +Release: 61 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -195,6 +195,19 @@ Patch0147: backport-CVE-2023-26604-pager-set-LESSSECURE-whenver-we-invoke-a Patch0148: backport-CVE-2023-26604-test-login-always-test-sd_pid_get_owner_uid.patch Patch0149: backport-CVE-2023-26604-pager-make-pager-secure-when-under-euid-is-changed.patch Patch0150: backport-CVE-2023-26604-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch +Patch0151: backport-dns-domain-make-each-label-nul-terminated.patch +Patch0152: backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch +Patch0153: backport-growfs-don-t-actually-resize-on-dry-run.patch +Patch0154: backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch +Patch0155: backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch +Patch0156: backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch +Patch0157: backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch +Patch0158: backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch +Patch0159: backport-dhcp-fix-potential-buffer-overflow.patch +Patch0160: backport-log-don-t-attempt-to-duplicate-closed-fd.patch +Patch0161: backport-analyze-add-forgotten-return-statement.patch +Patch0162: backport-shared-condition-avoid-nss-lookup-in-PID1.patch +Patch0163: backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch #openEuler Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch @@ -1602,6 +1615,9 @@ fi %exclude /usr/share/man/man3/* %changelog +* Thu Mar 16 2023 yangmingtai - 243-61 +- sync community patches + * Tue Mar 14 2023 huyubiao - 243-60 - fix CVE-2023-26604