From 9ec39d0745bab7996f165b7322c45554f560b66d Mon Sep 17 00:00:00 2001 From: Xin Shi Date: Thu, 24 Aug 2023 10:30:22 +0800 Subject: [PATCH 1/2] add embedded directory and add some features for embedded Signed-off-by: Xin Shi (cherry picked from commit decc956d9cea842432cea9e6d6f03e520b9b9414) --- ...relabel-systemd-process-for-embedded.patch | 36 ++ ...xec-mount-option-to-strenthen-tmp-pa.patch | 50 ++ ...dns-server-address-to-avoid-security.patch | 483 ++++++++++++++++++ ...s_dir-sysctl_dir-binfmt_dir-modules_.patch | 122 +++++ embedded-use-yocto-configs.patch | 170 ++++++ systemd.spec | 12 + 6 files changed, 873 insertions(+) create mode 100644 add-support-to-relabel-systemd-process-for-embedded.patch create mode 100644 embedded-add-noexec-mount-option-to-strenthen-tmp-pa.patch create mode 100644 embedded-modify-dns-server-address-to-avoid-security.patch create mode 100644 embedded-sysuesrs_dir-sysctl_dir-binfmt_dir-modules_.patch create mode 100644 embedded-use-yocto-configs.patch diff --git a/add-support-to-relabel-systemd-process-for-embedded.patch b/add-support-to-relabel-systemd-process-for-embedded.patch new file mode 100644 index 0000000..ffdc2d2 --- /dev/null +++ b/add-support-to-relabel-systemd-process-for-embedded.patch @@ -0,0 +1,36 @@ +From eae8bc192e19dbdce118bf7b936befb3953a21ea Mon Sep 17 00:00:00 2001 +From: Xin Shi +Date: Thu, 24 Aug 2023 09:34:46 +0800 +Subject: [PATCH 3/5] add support to relabel systemd process for embedded + +Signed-off-by: Xin Shi +--- + src/core/selinux-setup.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c +index 2bafbee..74e2a2f 100644 +--- a/src/core/selinux-setup.c ++++ b/src/core/selinux-setup.c +@@ -6,6 +6,7 @@ + + #if HAVE_SELINUX + #include ++#include + #endif + + #include "log.h" +@@ -68,6 +69,10 @@ int mac_selinux_setup(bool *loaded_policy) { + + mac_selinux_retest(); + ++ int ret = selinux_restorecon(SYSTEMD_BINARY_PATH, 0); ++ if (ret != 0) ++ log_warning("Failed to relabel %s, errno=%d.", SYSTEMD_BINARY_PATH, errno); ++ + /* Transition to the new context */ + r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label); + if (r < 0 || !label) { +-- +2.27.0 + diff --git a/embedded-add-noexec-mount-option-to-strenthen-tmp-pa.patch b/embedded-add-noexec-mount-option-to-strenthen-tmp-pa.patch new file mode 100644 index 0000000..69f98d2 --- /dev/null +++ b/embedded-add-noexec-mount-option-to-strenthen-tmp-pa.patch @@ -0,0 +1,50 @@ +From b6bcc208dda00ae4b310bd2fd513fe250f8b2c10 Mon Sep 17 00:00:00 2001 +From: Xin Shi +Date: Thu, 24 Aug 2023 09:35:40 +0800 +Subject: [PATCH 4/5] embedded: add noexec mount option to strenthen tmp + partition + +Signed-off-by: Xin Shi +--- + embedded/tmp.mount | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + create mode 100644 embedded/tmp.mount + +diff --git a/embedded/tmp.mount b/embedded/tmp.mount +new file mode 100644 +index 0000000..c2df09d +--- /dev/null ++++ b/embedded/tmp.mount +@@ -0,0 +1,29 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Temporary Directory /tmp ++Documentation=https://systemd.io/TEMPORARY_DIRECTORIES ++Documentation=man:file-hierarchy(7) ++Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems ++ConditionPathIsSymbolicLink=!/tmp ++DefaultDependencies=no ++Conflicts=umount.target ++Before=local-fs.target umount.target ++After=swap.target ++ ++[Mount] ++What=tmpfs ++Where=/tmp ++Type=tmpfs ++Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m,noexec ++ ++# Make 'systemctl enable tmp.mount' work: ++[Install] ++WantedBy=local-fs.target +-- +2.27.0 + diff --git a/embedded-modify-dns-server-address-to-avoid-security.patch b/embedded-modify-dns-server-address-to-avoid-security.patch new file mode 100644 index 0000000..04ea932 --- /dev/null +++ b/embedded-modify-dns-server-address-to-avoid-security.patch @@ -0,0 +1,483 @@ +From 29f0311e6fe30b6e492e0bd323c6c1e975719e6b Mon Sep 17 00:00:00 2001 +From: Xin Shi +Date: Wed, 23 Aug 2023 18:11:25 +0800 +Subject: [PATCH 2/5] embedded: modify dns server address to avoid security + risk + +Signed-off-by: Xin Shi +--- + embedded/meson_options.txt | 462 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 462 insertions(+) + create mode 100644 embedded/meson_options.txt + +diff --git a/embedded/meson_options.txt b/embedded/meson_options.txt +new file mode 100644 +index 0000000..24a44c5 +--- /dev/null ++++ b/embedded/meson_options.txt +@@ -0,0 +1,462 @@ ++# -*- mode: meson -*- ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++option('version-tag', type : 'string', ++ description : 'override the git version string') ++ ++option('mode', type : 'combo', choices : ['developer', 'release'], ++ description : 'autoenable features suitable for systemd development/release builds') ++ ++option('split-usr', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : '''/bin, /sbin aren't symlinks into /usr''') ++option('split-bin', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : '''sbin is not a symlink to bin''') ++option('rootlibdir', type : 'string', ++ description : '''[/usr]/lib/x86_64-linux-gnu or such''') ++option('rootprefix', type : 'string', ++ description : '''override the root prefix [default '/' if split-usr and '/usr' otherwise]''') ++option('link-udev-shared', type : 'boolean', ++ description : 'link systemd-udev and its helpers to libsystemd-shared.so') ++option('link-systemctl-shared', type: 'boolean', ++ description : 'link systemctl against libsystemd-shared.so') ++option('link-networkd-shared', type: 'boolean', ++ description : 'link systemd-networkd and its helpers to libsystemd-shared.so') ++option('link-timesyncd-shared', type: 'boolean', ++ description : 'link systemd-timesyncd and its helpers to libsystemd-shared.so') ++option('static-libsystemd', type : 'combo', ++ choices : ['false', 'true', 'pic', 'no-pic'], ++ description : '''install a static library for libsystemd''') ++option('static-libudev', type : 'combo', ++ choices : ['false', 'true', 'pic', 'no-pic'], ++ description : 'install a static library for libudev') ++option('standalone-binaries', type : 'boolean', value : 'false', ++ description : 'also build standalone versions of supported binaries') ++ ++option('sysvinit-path', type : 'string', value : '/etc/init.d', ++ description : 'the directory where the SysV init scripts are located') ++option('sysvrcnd-path', type : 'string', value : '/etc/rc.d', ++ description : 'the base directory for SysV rcN.d directories') ++option('telinit-path', type : 'string', value : '/lib/sysvinit/telinit', ++ description : 'path to telinit') ++option('rc-local', type : 'string', ++ value : '/etc/rc.local') ++option('initrd', type : 'boolean', ++ description : 'install services for use when running systemd in initrd') ++option('compat-mutable-uid-boundaries', type : 'boolean', value : 'false', ++ description : 'look at uid boundaries in /etc/login.defs for compatibility') ++option('nscd', type : 'boolean', ++ description : 'build support for flushing of the nscd caches') ++ ++option('quotaon-path', type : 'string', description : 'path to quotaon') ++option('quotacheck-path', type : 'string', description : 'path to quotacheck') ++option('kmod-path', type : 'string', description : 'path to kmod') ++option('kexec-path', type : 'string', description : 'path to kexec') ++option('sulogin-path', type : 'string', description : 'path to sulogin') ++option('mount-path', type : 'string', description : 'path to mount') ++option('umount-path', type : 'string', description : 'path to umount') ++option('loadkeys-path', type : 'string', description : 'path to loadkeys') ++option('setfont-path', type : 'string', description : 'path to setfont') ++option('nologin-path', type : 'string', description : 'path to nologin') ++ ++option('debug-shell', type : 'string', value : '/bin/sh', ++ description : 'path to debug shell binary') ++option('debug-tty', type : 'string', value : '/dev/tty9', ++ description : 'specify the tty device for debug shell') ++option('debug-extra', type : 'array', choices : ['hashmap', 'mmap-cache', 'siphash'], value : [], ++ description : 'enable extra debugging') ++option('memory-accounting-default', type : 'boolean', ++ description : 'enable MemoryAccounting= by default') ++option('bump-proc-sys-fs-file-max', type : 'boolean', ++ description : 'bump /proc/sys/fs/file-max to LONG_MAX') ++option('bump-proc-sys-fs-nr-open', type : 'boolean', ++ description : 'bump /proc/sys/fs/nr_open to INT_MAX') ++option('valgrind', type : 'boolean', value : false, ++ description : 'do extra operations to avoid valgrind warnings') ++option('log-trace', type : 'boolean', value : false, ++ description : 'enable low level debug logging') ++option('user-path', type : 'string', ++ description : '$PATH to use for user sessions') ++ ++option('utmp', type : 'boolean', ++ description : 'support for utmp/wtmp log handling') ++option('hibernate', type : 'boolean', ++ description : 'support for hibernation') ++option('ldconfig', type : 'boolean', ++ description : 'support for dynamic linker cache creation') ++option('resolve', type : 'boolean', ++ description : 'systemd-resolved stack') ++option('efi', type : 'boolean', ++ description : 'enable systemd-boot and bootctl') ++option('tpm', type : 'boolean', ++ description : 'TPM should be used to log events and extend the registers') ++option('environment-d', type : 'boolean', ++ description : 'support for environment.d') ++option('binfmt', type : 'boolean', ++ description : 'support for custom binary formats') ++option('repart', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'install the systemd-repart tool') ++option('coredump', type : 'boolean', ++ description : 'install the coredump handler') ++option('pstore', type : 'boolean', ++ description : 'install the pstore archival tool') ++option('oomd', type : 'boolean', ++ description : 'install the userspace oom killer') ++option('logind', type : 'boolean', ++ description : 'install the systemd-logind stack') ++option('hostnamed', type : 'boolean', ++ description : 'install the systemd-hostnamed stack') ++option('localed', type : 'boolean', ++ description : 'install the systemd-localed stack') ++option('machined', type : 'boolean', ++ description : 'install the systemd-machined stack') ++option('portabled', type : 'boolean', ++ description : 'install the systemd-portabled stack') ++option('sysext', type : 'boolean', ++ description : 'install the systemd-sysext stack') ++option('userdb', type : 'boolean', ++ description : 'install the systemd-userdbd stack') ++option('homed', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'install the systemd-homed stack') ++option('networkd', type : 'boolean', ++ description : 'install the systemd-networkd stack') ++option('timedated', type : 'boolean', ++ description : 'install the systemd-timedated daemon') ++option('timesyncd', type : 'boolean', ++ description : 'install the systemd-timesyncd daemon') ++option('remote', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'support for "journal over the network"') ++option('create-log-dirs', type : 'boolean', ++ description : 'create /var/log/journal{,/remote}') ++option('nss-myhostname', type : 'boolean', ++ description : 'install nss-myhostname module') ++option('nss-mymachines', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'install nss-mymachines module') ++option('nss-resolve', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'install nss-resolve module') ++option('nss-systemd', type : 'boolean', ++ description : 'install nss-systemd module') ++option('firstboot', type : 'boolean', ++ description : 'support for firstboot mechanism') ++option('randomseed', type : 'boolean', ++ description : 'support for restoring random seed') ++option('backlight', type : 'boolean', ++ description : 'support for restoring backlight state') ++option('vconsole', type : 'boolean', ++ description : 'support for vconsole configuration') ++option('quotacheck', type : 'boolean', ++ description : 'support for the quotacheck tools') ++option('sysusers', type : 'boolean', ++ description : 'support for the sysusers configuration') ++option('tmpfiles', type : 'boolean', ++ description : 'support for tmpfiles.d') ++option('importd', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'install the systemd-importd daemon') ++option('hwdb', type : 'boolean', ++ description : 'support for the hardware database') ++option('rfkill', type : 'boolean', ++ description : 'support for the rfkill tools') ++option('xdg-autostart', type : 'boolean', ++ description : 'install the xdg-autostart-generator and unit') ++option('man', type : 'combo', choices : ['auto', 'true', 'false'], ++ value : 'false', ++ description : 'build and install man pages') ++option('html', type : 'combo', choices : ['auto', 'true', 'false'], ++ value : 'false', ++ description : 'build and install html pages') ++option('translations', type : 'boolean', value : true, ++ description : 'build and install translations') ++ ++option('certificate-root', type : 'string', value : '/etc/ssl', ++ description : 'the prefix for TLS certificates') ++option('dbuspolicydir', type : 'string', ++ description : 'D-Bus policy directory') ++option('dbussessionservicedir', type : 'string', ++ description : 'D-Bus session service directory') ++option('dbussystemservicedir', type : 'string', ++ description : 'D-Bus system service directory') ++option('pkgconfigdatadir', type : 'string', value : '', ++ description : 'directory for arch-independent pkg-config files') ++option('pkgconfiglibdir', type : 'string', value : '', ++ description : 'directory for standard pkg-config files') ++option('xinitrcdir', type : 'string', value : '', ++ description : 'directory for xinitrc files') ++option('rpmmacrosdir', type : 'string', value : 'lib/rpm/macros.d', ++ description : 'directory for rpm macros ["no" disables]') ++option('pamlibdir', type : 'string', ++ description : 'directory for PAM modules') ++option('pamconfdir', type : 'string', ++ description : 'directory for PAM configuration ["no" disables]') ++option('docdir', type : 'string', ++ description : 'documentation directory') ++option('install-sysconfdir', type : 'combo', choices : ['true', 'no-samples', 'false'], value : 'true', ++ description : 'install configuration files and directories to $sysconfdir') ++ ++option('fallback-hostname', type : 'string', value : 'localhost', ++ description : 'the hostname used if none configured') ++option('default-hierarchy', type : 'combo', ++ choices : ['legacy', 'hybrid', 'unified'], value : 'unified', ++ description : 'default cgroup hierarchy') ++option('default-net-naming-scheme', type : 'combo', ++ choices : ['latest', 'v238', 'v239', 'v240'], ++ description : 'default net.naming-scheme= value') ++option('status-unit-format-default', type : 'combo', ++ choices : ['description', 'name', 'combined'], ++ description : 'use unit name or description in messages by default') ++option('time-epoch', type : 'integer', value : '-1', ++ description : 'time epoch for time clients') ++ ++option('system-alloc-uid-min', type : 'integer', value : '-1', ++ description : 'minimum system UID used when allocating') ++option('system-alloc-gid-min', type : 'integer', value : '-1', ++ description : 'minimum system GID used when allocating') ++option('system-uid-max', type : 'integer', value : '-1', ++ description : 'maximum system UID') ++option('system-gid-max', type : 'integer', value : '-1', ++ description : 'maximum system GID') ++option('dynamic-uid-min', type : 'integer', value : 0x0000EF00, ++ description : 'minimum dynamic UID') ++option('dynamic-uid-max', type : 'integer', value : 0x0000FFEF, ++ description : 'maximum dynamic UID') ++option('container-uid-base-min', type : 'integer', value : 0x00080000, ++ description : 'minimum container UID base') ++option('container-uid-base-max', type : 'integer', value : 0x6FFF0000, ++ description : 'maximum container UID base') ++option('adm-group', type : 'boolean', ++ description : 'the ACL for adm group should be added') ++option('wheel-group', type : 'boolean', ++ description : 'the ACL for wheel group should be added') ++option('nobody-user', type : 'string', ++ description : 'The name of the nobody user (the one with UID 65534)', ++ value : 'nobody') ++option('nobody-group', type : 'string', ++ description : 'The name of the nobody group (the one with GID 65534)', ++ value : 'nobody') ++option('adm-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "adm" group') ++option('audio-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "audio" group') ++option('cdrom-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "cdrom" group') ++option('dialout-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "dialout" group') ++option('disk-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "disk" group') ++option('input-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "input" group') ++option('kmem-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "kmem" group') ++option('kvm-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "kvm" group') ++option('lp-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "lp" group') ++option('render-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "render" group') ++option('sgx-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "sgx" group') ++option('tape-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "tape" group') ++option('tty-gid', type : 'integer', value : 5, ++ description : 'the numeric GID of the "tty" group') ++option('users-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "users" group') ++option('utmp-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "utmp" group') ++option('video-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "video" group') ++option('wheel-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the "wheel" group') ++option('systemd-journal-gid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-journal group') ++option('systemd-network-uid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-network user') ++option('systemd-resolve-uid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-resolve user') ++option('systemd-timesync-uid', type : 'integer', value : '-1', ++ description : 'soft-static allocation for the systemd-timesync user') ++ ++option('dev-kvm-mode', type : 'string', value : '0666', ++ description : '/dev/kvm access mode') ++option('group-render-mode', type : 'string', value : '0666', ++ description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).') ++option('default-kill-user-processes', type : 'boolean', ++ description : 'the default value for KillUserProcesses= setting') ++option('gshadow', type : 'boolean', ++ description : 'support for shadow group') ++option('default-locale', type : 'string', value : '', ++ description : 'default locale used when /etc/locale.conf does not exist') ++option('localegen-path', type : 'string', value : '', ++ description : 'absolute path to the locale-gen binary in case the system is using locale-gen') ++option('service-watchdog', type : 'string', value : '3min', ++ description : 'default watchdog setting for systemd services') ++ ++option('default-dnssec', type : 'combo', ++ description : 'default DNSSEC mode', ++ choices : ['yes', 'allow-downgrade', 'no'], ++ value : 'allow-downgrade') ++option('default-dns-over-tls', type : 'combo', ++ description : 'default DNS-over-TLS mode', ++ choices : ['yes', 'opportunistic', 'no'], ++ value : 'no') ++option('default-mdns', type : 'combo', ++ choices : ['yes', 'resolve', 'no'], ++ description : 'default MulticastDNS mode', ++ value : 'yes') ++option('default-llmnr', type : 'combo', ++ choices : ['yes', 'resolve', 'no'], ++ description : 'default LLMNR mode', ++ value : 'yes') ++option('dns-over-tls', type : 'combo', choices : ['auto', 'gnutls', 'openssl', 'true', 'false'], ++ description : 'DNS-over-TLS support') ++option('dns-servers', type : 'string', ++ description : 'space-separated list of default DNS servers', ++ value : '127.0.0.1') ++option('ntp-servers', type : 'string', ++ description : 'space-separated list of default NTP servers', ++ value : '0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org') ++option('support-url', type : 'string', ++ description : 'the support URL to show in catalog entries included in systemd', ++ value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel') ++option('www-target', type : 'string', ++ description : 'the address and dir to upload docs too', ++ value : 'www.freedesktop.org:/srv/www.freedesktop.org/www/software/systemd') ++ ++option('seccomp', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'SECCOMP support') ++option('selinux', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'SELinux support') ++option('apparmor', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'AppArmor support') ++option('smack', type : 'boolean', ++ description : 'SMACK support') ++option('smack-run-label', type : 'string', ++ description : 'run systemd --system itself with a specific SMACK label') ++option('polkit', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'polkit support') ++option('ima', type : 'boolean', ++ description : 'IMA support') ++ ++option('acl', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libacl support') ++option('audit', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libaudit support') ++option('blkid', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libblkid support') ++option('fdisk', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libfdisk support') ++option('kmod', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'support for loadable modules') ++option('pam', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'PAM support') ++option('pwquality', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libpwquality support') ++option('microhttpd', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libµhttpd support') ++option('libcryptsetup', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libcryptsetup support') ++option('libcurl', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libcurl support') ++option('idn', type : 'boolean', ++ description : 'use IDN when printing hostnames') ++option('libidn2', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libidn2 support') ++option('libidn', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libidn support') ++option('libiptc', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libiptc support') ++option('qrencode', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libqrencode support') ++option('gcrypt', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'gcrypt support') ++option('gnutls', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'gnutls support') ++option('openssl', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'openssl support') ++option('p11kit', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'p11kit support') ++option('libfido2', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'FIDO2 support') ++option('tpm2', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'TPM2 support') ++option('elfutils', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'elfutils support') ++option('zlib', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'zlib compression support') ++option('bzip2', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'bzip2 compression support') ++option('xz', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'xz compression support') ++option('lz4', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'lz4 compression support') ++option('zstd', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'zstd compression support') ++option('xkbcommon', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'xkbcommon keymap support') ++option('pcre2', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'regexp matching support using pcre2') ++option('glib', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libglib support (for tests only)') ++option('dbus', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'libdbus support (for tests only)') ++ ++option('gnu-efi', type : 'combo', choices : ['auto', 'true', 'false'], ++ description : 'gnu-efi support for sd-boot') ++option('efi-cc', type : 'array', ++ description : 'the compiler to use for EFI modules') ++option('efi-ld', type : 'string', value : 'ld', ++ description : 'the linker to use for EFI modules') ++option('efi-libdir', type : 'string', ++ description : 'path to the EFI lib directory') ++option('efi-includedir', type : 'string', value : '/usr/include/efi', ++ description : 'path to the EFI header directory') ++option('tpm-pcrindex', type : 'integer', value : 8, ++ description : 'TPM PCR register number to use') ++option('sbat-distro', type : 'string', ++ description : 'SBAT distribution ID, e.g. fedora, or auto for autodetection') ++option('sbat-distro-generation', type : 'integer', value : 1, ++ description : 'SBAT distribution generation') ++option('sbat-distro-summary', type : 'string', ++ description : 'SBAT distribution summary, e.g. Fedora') ++option('sbat-distro-pkgname', type : 'string', ++ description : 'SBAT distribution package name, e.g. systemd') ++option('sbat-distro-version', type : 'string', ++ description : 'SBAT distribution package version, e.g. 248-7.fc34') ++option('sbat-distro-url', type : 'string', ++ description : 'SBAT distribution URL, e.g. https://src.fedoraproject.org/rpms/systemd') ++ ++option('bashcompletiondir', type : 'string', ++ description : 'directory for bash completion scripts ["no" disables]') ++option('zshcompletiondir', type : 'string', ++ description : 'directory for zsh completion scripts ["no" disables]') ++ ++option('tests', type : 'combo', choices : ['true', 'unsafe', 'false'], ++ description : 'enable extra tests with =unsafe') ++option('slow-tests', type : 'boolean', value : 'false', ++ description : 'run the slow tests by default') ++option('fuzz-tests', type : 'boolean', value : 'false', ++ description : 'run the fuzzer regression tests by default (with sanitizers)') ++option('install-tests', type : 'boolean', value : 'false', ++ description : 'install test executables') ++ ++option('ok-color', type : 'combo', ++ choices : ['black', 'red', 'green', 'yellow', 'blue', 'magenta', 'cyan', ++ 'white', 'highlight-black', 'highlight-red', 'highlight-green', ++ 'highlight-yellow', 'highlight-blue', 'highlight-magenta', ++ 'highlight-cyan', 'highlight-white'], ++ value : 'green', ++ description: 'color of the "OK" status message') ++option('urlify', type : 'boolean', value : 'true', ++ description : 'enable pager Hyperlink ANSI sequence support') ++option('fexecve', type : 'boolean', value : 'false', ++ description : 'use fexecve() to spawn children') ++ ++option('oss-fuzz', type : 'boolean', value : 'false', ++ description : 'build against oss-fuzz') ++option('llvm-fuzz', type : 'boolean', value : 'false', ++ description : 'build against LLVM libFuzzer') ++option('kernel-install', type: 'boolean', value: 'true', ++ description : 'install kernel-install and associated files') ++option('analyze', type: 'boolean', value: 'true', ++ description : 'install systemd-analyze') ++ ++option('bpf-framework', type : 'combo', choices : ['auto', 'true', 'false'], ++ description: 'build BPF programs from source code in restricted C') +-- +2.27.0 + diff --git a/embedded-sysuesrs_dir-sysctl_dir-binfmt_dir-modules_.patch b/embedded-sysuesrs_dir-sysctl_dir-binfmt_dir-modules_.patch new file mode 100644 index 0000000..b6a31f3 --- /dev/null +++ b/embedded-sysuesrs_dir-sysctl_dir-binfmt_dir-modules_.patch @@ -0,0 +1,122 @@ +From e64cff49bced685b5abeb03e89940314d72e49ae Mon Sep 17 00:00:00 2001 +From: Xin Shi +Date: Wed, 23 Aug 2023 18:06:49 +0800 +Subject: [PATCH 1/5] embedded: sysuesrs_dir, sysctl_dir, binfmt_dir, + modules_load_dir reference directories in /usr/lib + +Signed-off-by: Xin Shi +--- + embedded/systemd.pc.in | 101 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 101 insertions(+) + create mode 100644 embedded/systemd.pc.in + +diff --git a/embedded/systemd.pc.in b/embedded/systemd.pc.in +new file mode 100644 +index 0000000..65996bb +--- /dev/null ++++ b/embedded/systemd.pc.in +@@ -0,0 +1,101 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++# Names with prefixes are preferred, and the run-together names should be ++# considered deprecated (though there is no plan to remove them). New names ++# shall have underscores. ++ ++prefix=/usr ++root_prefix={{ROOTPREFIX_NOSLASH}} ++rootprefix=${root_prefix} ++sysconf_dir={{SYSCONF_DIR}} ++sysconfdir=${sysconf_dir} ++ ++systemd_util_dir=${root_prefix}/lib/systemd ++systemdutildir=${systemd_util_dir} ++ ++systemd_system_unit_dir=${rootprefix}/lib/systemd/system ++systemdsystemunitdir=${systemd_system_unit_dir} ++ ++systemd_system_preset_dir=${rootprefix}/lib/systemd/system-preset ++systemdsystempresetdir=${systemd_system_preset_dir} ++ ++systemd_user_unit_dir=${prefix}/lib/systemd/user ++systemduserunitdir=${systemd_user_unit_dir} ++ ++systemd_user_preset_dir=${prefix}/lib/systemd/user-preset ++systemduserpresetdir=${systemd_user_preset_dir} ++ ++systemd_system_conf_dir=${sysconfdir}/systemd/system ++systemdsystemconfdir=${systemd_system_conf_dir} ++ ++systemd_user_conf_dir=${sysconfdir}/systemd/user ++systemduserconfdir=${systemd_user_conf_dir} ++ ++systemd_system_unit_path=${systemd_system_conf_dir}:/etc/systemd/system:/run/systemd/system:/usr/local/lib/systemd/system:${systemd_system_unit_dir}:/usr/lib/systemd/system:/lib/systemd/system ++systemdsystemunitpath=${systemd_system_unit_path} ++ ++systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemd_user_unit_dir}:/usr/lib/systemd/user:/usr/share/systemd/user ++systemduserunitpath=${systemd_user_unit_path} ++ ++systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators ++systemdsystemgeneratordir=${systemd_system_generator_dir} ++ ++systemd_user_generator_dir=${prefix}/lib/systemd/user-generators ++systemdusergeneratordir=${systemd_user_generator_dir} ++ ++systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir} ++systemdsystemgeneratorpath=${systemd_system_generator_path} ++ ++systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:/usr/local/lib/systemd/user-generators:${systemd_user_generator_dir} ++systemdusergeneratorpath=${systemd_user_generator_path} ++ ++systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep ++systemdsleepdir=${systemd_sleep_dir} ++ ++systemd_shutdown_dir=${root_prefix}/lib/systemd/system-shutdown ++systemdshutdowndir=${systemd_shutdown_dir} ++ ++tmpfiles_dir=${prefix}/lib/tmpfiles.d ++tmpfilesdir=${tmpfiles_dir} ++ ++sysusers_dir=${prefix}/lib/sysusers.d ++sysusersdir=${sysusers_dir} ++ ++sysctl_dir=${prefix}/lib/sysctl.d ++sysctldir=${sysctl_dir} ++ ++binfmt_dir=${prefix}/lib/binfmt.d ++binfmtdir=${binfmt_dir} ++ ++modules_load_dir=${prefix}/lib/modules-load.d ++modulesloaddir=${modules_load_dir} ++ ++catalog_dir=${prefix}/lib/systemd/catalog ++catalogdir=${catalog_dir} ++ ++system_uid_max={{SYSTEM_UID_MAX}} ++systemuidmax=${system_uid_max} ++system_gid_max={{SYSTEM_GID_MAX}} ++systemgidmax=${system_gid_max} ++ ++dynamic_uid_min={{DYNAMIC_UID_MIN}} ++dynamicuidmin=${dynamic_uid_min} ++dynamic_uid_max={{DYNAMIC_UID_MAX}} ++dynamicuidmax=${dynamic_uid_max} ++ ++container_uid_base_min={{CONTAINER_UID_BASE_MIN}} ++containeruidbasemin=${container_uid_base_min} ++container_uid_base_max={{CONTAINER_UID_BASE_MAX}} ++containeruidbasemax=${container_uid_base_max} ++ ++Name: systemd ++Description: systemd System and Service Manager ++URL: {{PROJECT_URL}} ++Version: {{PROJECT_VERSION}} +-- +2.27.0 + diff --git a/embedded-use-yocto-configs.patch b/embedded-use-yocto-configs.patch new file mode 100644 index 0000000..e976c84 --- /dev/null +++ b/embedded-use-yocto-configs.patch @@ -0,0 +1,170 @@ +From 0b43b9daeb0b194cd064830728b36a8cccbbea9b Mon Sep 17 00:00:00 2001 +From: Xin Shi +Date: Thu, 24 Aug 2023 10:02:32 +0800 +Subject: [PATCH 5/5] embedded: use yocto configs + +Signed-off-by: Xin Shi +--- + embedded/00-create-volatile.conf | 12 ++++ + embedded/init | 104 +++++++++++++++++++++++++++++++ + embedded/touchscreen.rules | 18 ++++++ + 3 files changed, 134 insertions(+) + create mode 100644 embedded/00-create-volatile.conf + create mode 100644 embedded/init + create mode 100644 embedded/touchscreen.rules + +diff --git a/embedded/00-create-volatile.conf b/embedded/00-create-volatile.conf +new file mode 100644 +index 0000000..55333b6 +--- /dev/null ++++ b/embedded/00-create-volatile.conf +@@ -0,0 +1,12 @@ ++#This goes hand-in-hand with the base-files of OE-Core. The file must ++# be sorted before 'systemd.conf' because this attempts to create a file ++# inside /var/log. ++ ++ ++d /var/volatile/log - - - - ++d /var/volatile/tmp 1777 - - ++d /var/log 0750 root root - ++f /var/log/wtmp 0640 root root - ++f /var/log/btmp 0600 root root - ++f /var/log/lastlog 0600 root root - ++f /var/log/faillog 0600 root root - +diff --git a/embedded/init b/embedded/init +new file mode 100644 +index 0000000..4931b77 +--- /dev/null ++++ b/embedded/init +@@ -0,0 +1,104 @@ ++#!/bin/sh ++ ++### BEGIN INIT INFO ++# Provides: udev ++# Required-Start: mountvirtfs ++# Required-Stop: ++# Default-Start: S ++# Default-Stop: ++# Short-Description: Start udevd, populate /dev and load drivers. ++### END INIT INFO ++ ++. /etc/init.d/functions ++ ++export TZ=/etc/localtime ++ ++[ -d /sys/class ] || exit 1 ++[ -r /proc/mounts ] || exit 1 ++[ -x @UDEVD@ ] || exit 1 ++[ -f /etc/default/udev-cache ] && . /etc/default/udev-cache ++[ -f /etc/udev/udev.conf ] && . /etc/udev/udev.conf ++ ++readfile () { ++ filename=$1 ++ READDATA="" ++ if [ -r $filename ]; then ++ while read line; do ++ READDATA="$READDATA$line" ++ done < $filename ++ fi ++} ++ ++case "$1" in ++ start) ++ export ACTION=add ++ # propagate /dev from /sys ++ echo "Starting udev" ++ ++ # mount the devtmpfs on /dev, if not already done ++ LANG=C awk '$2 == "/dev" && ($3 == "devtmpfs") { exit 1 }' /proc/mounts && { ++ mount -n -o mode=0755 -t devtmpfs none "/dev" ++ } ++ [ -e /dev/pts ] || mkdir -m 0755 /dev/pts ++ [ -e /dev/shm ] || mkdir -m 1777 /dev/shm ++ mount -a -t tmpfs 2>/dev/null ++ ++ # cache handling ++ if [ "$DEVCACHE" != "" ]; then ++ readfile /proc/version ++ VERSION="$READDATA" ++ readfile /proc/cmdline ++ CMDLINE="$READDATA" ++ readfile /proc/devices ++ DEVICES="$READDATA" ++ readfile /proc/atags ++ ATAGS="$READDATA" ++ ++ if [ -e $DEVCACHE ]; then ++ readfile /etc/udev/cache.data ++ if [ "$READDATA" = "$VERSION$CMDLINE$DEVICES$ATAGS" ]; then ++ (cd /; tar xf $DEVCACHE > /dev/null 2>&1) ++ not_first_boot=1 ++ [ "$VERBOSE" != "no" ] && echo "udev: using cache file $DEVCACHE" ++ [ -e /dev/shm/udev.cache ] && rm -f /dev/shm/udev.cache ++ else ++ echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache ++ fi ++ else ++ echo "$VERSION$CMDLINE$DEVICES$ATAGS" > /dev/shm/udev.cache ++ fi ++ fi ++ ++ # make_extra_nodes ++ killproc systemd-udevd > "/dev/null" 2>&1 ++ ++ # trigger the sorted events ++ echo -e '\000\000\000\000' > /proc/sys/kernel/hotplug ++ @UDEVD@ -d ++ ++ udevadm control --env=STARTUP=1 ++ if [ "$not_first_boot" != "" ]; then ++ udevadm trigger --action=add --subsystem-nomatch=tty --subsystem-nomatch=mem --subsystem-nomatch=vc --subsystem-nomatch=vtconsole --subsystem-nomatch=misc --subsystem-nomatch=dcon --subsystem-nomatch=pci_bus --subsystem-nomatch=graphics --subsystem-nomatch=backlight --subsystem-nomatch=video4linux --subsystem-nomatch=platform ++ (udevadm settle --timeout=3; udevadm control --env=STARTUP=)& ++ else ++ udevadm trigger --action=add ++ udevadm settle ++ fi ++ ;; ++ stop) ++ echo "Stopping udevd" ++ start-stop-daemon --stop --name systemd-udevd --quiet ++ ;; ++ restart) ++ $0 stop ++ sleep 1 ++ $0 start ++ ;; ++ status) ++ status systemd-udevd ++ ;; ++ *) ++ echo "Usage: $0 {start|stop|status|restart}" ++ exit 1 ++esac ++exit 0 +diff --git a/embedded/touchscreen.rules b/embedded/touchscreen.rules +new file mode 100644 +index 0000000..d83fd16 +--- /dev/null ++++ b/embedded/touchscreen.rules +@@ -0,0 +1,18 @@ ++# There are a number of modifiers that are allowed to be used in some ++# of the different fields. They provide the following subsitutions: ++# ++# %n the "kernel number" of the device. ++# For example, 'sda3' has a "kernel number" of '3' ++# %e the smallest number for that name which does not matches an existing node ++# %k the kernel name for the device ++# %M the kernel major number for the device ++# %m the kernel minor number for the device ++# %b the bus id for the device ++# %c the string returned by the PROGRAM ++# %s{filename} the content of a sysfs attribute ++# %% the '%' char itself ++# ++ ++# Create a symlink to any touchscreen input device ++SUBSYSTEM=="input", KERNEL=="event[0-9]*", ATTRS{modalias}=="input:*-e0*,3,*a0,1,*18,*", SYMLINK+="input/touchscreen0" ++SUBSYSTEM=="input", KERNEL=="event[0-9]*", ATTRS{modalias}=="ads7846", SYMLINK+="input/touchscreen0" +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index eb43f0b..b5771e0 100644 --- a/systemd.spec +++ b/systemd.spec @@ -589,6 +589,11 @@ Patch9055: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch Patch9056: delete-journal-files-except-system.journal-when-jour.patch Patch9057: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch Patch9058: add-a-new-switch-to-control-whether-udev-complies-wi.patch +Patch9059: embedded-sysuesrs_dir-sysctl_dir-binfmt_dir-modules_.patch +Patch9060: embedded-modify-dns-server-address-to-avoid-security.patch +Patch9061: add-support-to-relabel-systemd-process-for-embedded.patch +Patch9062: embedded-add-noexec-mount-option-to-strenthen-tmp-pa.patch +Patch9063: embedded-use-yocto-configs.patch BuildRequires: gcc, gcc-c++ BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel @@ -2006,6 +2011,13 @@ fi %{_libdir}/security/pam_systemd.so %changelog +* Thu Aug 24 2023 shixin - 249-55 +- sysuesrs_dir, sysctl_dir, binfmt_dir, modules_load_dir reference directories in /usr/lib for embedded +- modify dns server address to avoid security risk for embedded +- add support to relabel systemd process for embedded +- add noexec mount option to strenthen tmp partition for embedded +- use yocto configs for embedded + * Thu Aug 17 2023 wangyuhang - 249-54 - add a new switch to control whether udev complies with the new SAT standards and add sense_data.py to check if the device meets the new SAT standards From a4f95d3244efee69e5f4c99117ed6b9cc0dffb15 Mon Sep 17 00:00:00 2001 From: wangyuhang <524413304@qq.com> Date: Mon, 9 Oct 2023 20:11:40 +0800 Subject: [PATCH 2/2] sync patch from systemd community (cherry picked from commit 88369f234ec01b60fb047caf87b90ef10a92b0db) --- ...-cgtop-Do-not-rewrite-P-or-k-options.patch | 72 ++++++ backport-core-Fix-memory-leaks.patch | 35 +++ ...-from-unit_add_dependency-on-success.patch | 45 ++++ ...char-rtc-with-ProtectClock-yes-only-.patch | 90 +++++++ ...x-memleak-in-GetUnitFileLinks-method.patch | 53 ++++ ...-make-merge_unit_ids-always-return-N.patch | 64 +++++ ...-make-merge_unit_ids-return-non-NULL.patch | 33 +++ ...tification-about-unit-dependency-cha.patch | 73 ++++++ ...oinsNamespaceOf-implies-the-inverse-.patch | 79 ++++++ ...-bidirectional-dependency-simultaneo.patch | 238 ++++++++++++++++++ ...add-mask-for-all-using-UINT32_MAX-no.patch | 65 +++++ ...p-filter-fix-stack-overflow-with-all.patch | 69 +++++ ...take-it-down-a-notch-when-converting.patch | 45 ++++ ...fix-wrong-octescape-of-bad-character.patch | 75 ++++++ ...ort-hexdecoct-add-missing-NULL-check.patch | 34 +++ ...-NULL-pointer-dereferences-in-hexmem.patch | 87 +++++++ ...y-to-write-garbage-if-journal-entry-.patch | 63 +++++ ...finite-recursion-when-closing-bad-jo.patch | 71 ++++++ ...event-segfault-on-empty-attr-current.patch | 40 +++ ...andle-magic-strings-when-parsing-var.patch | 110 ++++++++ backport-list-fix-double-evaluation.patch | 36 +++ ...lid-free-after-shifting-pointers-usi.patch | 85 +++++++ ...mory-leak-when-showing-multiple-imag.patch | 90 +++++++ ...mory-leak-when-showing-multiple-mach.patch | 90 +++++++ ...ge-fix-UseBPDU-and-AllowPortToBeRoot.patch | 74 ++++++ ...d-update-MAC-address-on-change-26753.patch | 35 +++ ...json_dispatch-with-a-correct-pointer.patch | 59 +++++ backport-nspawn-fix-UID-map-string.patch | 36 +++ ...-nspawn-fix-a-global-buffer-overflow.patch | 86 +++++++ backport-nspawn-fix-inverted-condition.patch | 31 +++ ...ort-pid1-fix-coredump_filter-setting.patch | 33 +++ ...-possession-of-passed-fds-check-O_CL.patch | 130 ++++++++++ backport-rm-rf-fix-errno-handling.patch | 79 ++++++ ...able-timer-event-source-when-state-i.patch | 41 +++ ...finish-instead-of-return-in-bus_add_.patch | 33 +++ ...message_type_from_string-is-not-pure.patch | 67 +++++ ...allow-querying-of-description-even-a.patch | 50 ++++ ...lper-to-read-a-unsigned-int-attribut.patch | 99 ++++++++ backport-sd-device-fix-double-free.patch | 46 ++++ ...er-allow-to-send-header-only-message.patch | 35 +++ backport-sd-journal-avoid-double-free.patch | 104 ++++++++ backport-sd-journal-copy-boot-ID.patch | 54 ++++ ...journal_file_copy_entry-return-earli.patch | 31 +++ ...rt-sd-journal-tighten-variable-scope.patch | 40 +++ backport-sd-netlink-fix-segfault.patch | 31 +++ ...-null_or_empty_path-does-not-return-.patch | 36 +++ backport-shared-refuse-fd-INT_MAX.patch | 61 +++++ ...-shared-reject-empty-attachment-path.patch | 32 +++ ...ory-leak-on-incomplete-SocketPort-ob.patch | 112 +++++++++ ...rt-socket-util-fix-socket_get_family.patch | 126 ++++++++++ ...d-leaking-memory-on-allocation-error.patch | 74 ++++++ ...y-process-user-entries-with-an-expli.patch | 40 +++ ...t-test-add-basic-tests-for-octescape.patch | 51 ++++ ...est-add-some-tests-for-RuntimeMaxSec.patch | 101 ++++++++ ..._type-sysattr-never-exists-for-enume.patch | 48 ++++ ...LOEXEC-filtering-of-fdset-fill-logic.patch | 78 ++++++ ...ID_PATH-and-by-path-symlink-for-nvmf.patch | 48 ++++ ...e-tags-in-rules-using-current-device.patch | 36 +++ systemd.spec | 63 ++++- 59 files changed, 3841 insertions(+), 1 deletion(-) create mode 100644 backport-cgtop-Do-not-rewrite-P-or-k-options.patch create mode 100644 backport-core-Fix-memory-leaks.patch create mode 100644 backport-core-Return-1-from-unit_add_dependency-on-success.patch create mode 100644 backport-core-allow-list-char-rtc-with-ProtectClock-yes-only-.patch create mode 100644 backport-core-fix-memleak-in-GetUnitFileLinks-method.patch create mode 100644 backport-core-transaction-make-merge_unit_ids-always-return-N.patch create mode 100644 backport-core-transaction-make-merge_unit_ids-return-non-NULL.patch create mode 100644 backport-core-unit-fix-notification-about-unit-dependency-cha.patch create mode 100644 backport-core-unit-make-JoinsNamespaceOf-implies-the-inverse-.patch create mode 100644 backport-core-unit-update-bidirectional-dependency-simultaneo.patch create mode 100644 backport-coredump-filter-add-mask-for-all-using-UINT32_MAX-no.patch create mode 100644 backport-coredump-filter-fix-stack-overflow-with-all.patch create mode 100644 backport-dbus-util-let-s-take-it-down-a-notch-when-converting.patch create mode 100644 backport-escape-fix-wrong-octescape-of-bad-character.patch create mode 100644 backport-hexdecoct-add-missing-NULL-check.patch create mode 100644 backport-hexdecoct-fix-NULL-pointer-dereferences-in-hexmem.patch create mode 100644 backport-journal-Don-t-try-to-write-garbage-if-journal-entry-.patch create mode 100644 backport-journal-avoid-infinite-recursion-when-closing-bad-jo.patch create mode 100644 backport-journald-prevent-segfault-on-empty-attr-current.patch create mode 100644 backport-json-correctly-handle-magic-strings-when-parsing-var.patch create mode 100644 backport-list-fix-double-evaluation.patch create mode 100644 backport-localed-fix-invalid-free-after-shifting-pointers-usi.patch create mode 100644 backport-machine-fix-a-memory-leak-when-showing-multiple-imag.patch create mode 100644 backport-machine-fix-a-memory-leak-when-showing-multiple-mach.patch create mode 100644 backport-network-bridge-fix-UseBPDU-and-AllowPortToBeRoot.patch create mode 100644 backport-network-ipv4acd-update-MAC-address-on-change-26753.patch create mode 100644 backport-nspawn-call-json_dispatch-with-a-correct-pointer.patch create mode 100644 backport-nspawn-fix-UID-map-string.patch create mode 100644 backport-nspawn-fix-a-global-buffer-overflow.patch create mode 100644 backport-nspawn-fix-inverted-condition.patch create mode 100644 backport-pid1-fix-coredump_filter-setting.patch create mode 100644 backport-pid1-when-taking-possession-of-passed-fds-check-O_CL.patch create mode 100644 backport-rm-rf-fix-errno-handling.patch create mode 100644 backport-scope-do-not-disable-timer-event-source-when-state-i.patch create mode 100644 backport-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch create mode 100644 backport-sd-bus-bus_message_type_from_string-is-not-pure.patch create mode 100644 backport-sd-bus-sd-event-allow-querying-of-description-even-a.patch create mode 100644 backport-sd-device-add-helper-to-read-a-unsigned-int-attribut.patch create mode 100644 backport-sd-device-fix-double-free.patch create mode 100644 backport-sd-dhcp-server-allow-to-send-header-only-message.patch create mode 100644 backport-sd-journal-avoid-double-free.patch create mode 100644 backport-sd-journal-copy-boot-ID.patch create mode 100644 backport-sd-journal-make-journal_file_copy_entry-return-earli.patch create mode 100644 backport-sd-journal-tighten-variable-scope.patch create mode 100644 backport-sd-netlink-fix-segfault.patch create mode 100644 backport-shared-exec-util-null_or_empty_path-does-not-return-.patch create mode 100644 backport-shared-refuse-fd-INT_MAX.patch create mode 100644 backport-shared-reject-empty-attachment-path.patch create mode 100644 backport-socket-avoid-memory-leak-on-incomplete-SocketPort-ob.patch create mode 100644 backport-socket-util-fix-socket_get_family.patch create mode 100644 backport-specifier-avoid-leaking-memory-on-allocation-error.patch create mode 100644 backport-sysusers-properly-process-user-entries-with-an-expli.patch create mode 100644 backport-test-add-basic-tests-for-octescape.patch create mode 100644 backport-test-add-some-tests-for-RuntimeMaxSec.patch create mode 100644 backport-test-name_assign_type-sysattr-never-exists-for-enume.patch create mode 100644 backport-test-test-O_CLOEXEC-filtering-of-fdset-fill-logic.patch create mode 100644 backport-udev-do-not-set-ID_PATH-and-by-path-symlink-for-nvmf.patch create mode 100644 backport-udev-match-device-tags-in-rules-using-current-device.patch diff --git a/backport-cgtop-Do-not-rewrite-P-or-k-options.patch b/backport-cgtop-Do-not-rewrite-P-or-k-options.patch new file mode 100644 index 0000000..6d1dfb9 --- /dev/null +++ b/backport-cgtop-Do-not-rewrite-P-or-k-options.patch @@ -0,0 +1,72 @@ +From 598260221c8184a92098a750bba32aeb56ca2872 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Fri, 25 Nov 2022 17:50:27 +0100 +Subject: [PATCH] cgtop: Do not rewrite -P or -k options + +--recursive=no will overwrite possible -P or -k option hence making the +recursive disabling impossible. + +Check what counting types the system supports (encoded in the ordering +of our enum) of and pick whatever user requests but is also supported. + +Fixes: #25248 +(cherry picked from commit 48600b3524afe05d0faa8a5c88b5aaa53b801199) +(cherry picked from commit b97c1c427c2156495e141c736babbccabba7265d) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/598260221c8184a92098a750bba32aeb56ca2872 +--- + src/cgtop/cgtop.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/src/cgtop/cgtop.c b/src/cgtop/cgtop.c +index b023e71757..29454cd1eb 100644 +--- a/src/cgtop/cgtop.c ++++ b/src/cgtop/cgtop.c +@@ -55,6 +55,12 @@ typedef struct Group { + uint64_t io_input_bps, io_output_bps; + } Group; + ++typedef enum PidsCount { ++ COUNT_USERSPACE_PROCESSES, ++ COUNT_ALL_PROCESSES, ++ COUNT_PIDS, ++} PidsCount; ++ + static unsigned arg_depth = 3; + static unsigned arg_iterations = UINT_MAX; + static bool arg_batch = false; +@@ -65,11 +71,7 @@ static char* arg_root = NULL; + static bool arg_recursive = true; + static bool arg_recursive_unset = false; + +-static enum { +- COUNT_PIDS, +- COUNT_USERSPACE_PROCESSES, +- COUNT_ALL_PROCESSES, +-} arg_count = COUNT_PIDS; ++static PidsCount arg_count = COUNT_PIDS; + + static enum { + ORDER_PATH, +@@ -913,6 +915,7 @@ static int run(int argc, char *argv[]) { + usec_t last_refresh = 0; + bool quit = false, immediate_refresh = false; + _cleanup_free_ char *root = NULL; ++ PidsCount possible_count; + CGroupMask mask; + int r; + +@@ -926,7 +929,8 @@ static int run(int argc, char *argv[]) { + if (r < 0) + return log_error_errno(r, "Failed to determine supported controllers: %m"); + +- arg_count = (mask & CGROUP_MASK_PIDS) ? COUNT_PIDS : COUNT_USERSPACE_PROCESSES; ++ possible_count = (mask & CGROUP_MASK_PIDS) ? COUNT_PIDS : COUNT_ALL_PROCESSES; ++ arg_count = MIN(possible_count, arg_count); + + if (arg_recursive_unset && arg_count == COUNT_PIDS) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), +-- +2.33.0 + diff --git a/backport-core-Fix-memory-leaks.patch b/backport-core-Fix-memory-leaks.patch new file mode 100644 index 0000000..67c9b3a --- /dev/null +++ b/backport-core-Fix-memory-leaks.patch @@ -0,0 +1,35 @@ +From 12b790995c2d4fa86e1a316a78a8dff9f525541a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= +Date: Tue, 21 Jun 2022 12:12:01 +0200 +Subject: [PATCH] core: Fix memory leaks + +arg_early_core_pattern and arg_watchdog_device hold pointers to memory +allocated with strdup() (inside path_make_absolute_cwd). The memory needs +to be freed in reset_arguments() during reload rather than forgotten. + +(cherry picked from commit 919ea64f69f710840c1bc93f0f7cb7c51aae45d0) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/12b790995c2d4fa86e1a316a78a8dff9f525541a +--- + src/core/main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 409b84a006..f6d12cca04 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2377,8 +2377,8 @@ static void reset_arguments(void) { + arg_runtime_watchdog = 0; + arg_reboot_watchdog = 10 * USEC_PER_MINUTE; + arg_kexec_watchdog = 0; +- arg_early_core_pattern = NULL; +- arg_watchdog_device = NULL; ++ arg_early_core_pattern = mfree(arg_early_core_pattern); ++ arg_watchdog_device = mfree(arg_watchdog_device); + + arg_default_environment = strv_free(arg_default_environment); + arg_manager_environment = strv_free(arg_manager_environment); +-- +2.33.0 + diff --git a/backport-core-Return-1-from-unit_add_dependency-on-success.patch b/backport-core-Return-1-from-unit_add_dependency-on-success.patch new file mode 100644 index 0000000..b898dd1 --- /dev/null +++ b/backport-core-Return-1-from-unit_add_dependency-on-success.patch @@ -0,0 +1,45 @@ +From f971def3c23d780aab99d988bd71b94931d74be6 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Thu, 12 May 2022 00:05:04 +0200 +Subject: [PATCH] core: Return 1 from unit_add_dependency() on success + +To allow checking if adding dependency was skipped or not. + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/f971def3c23d780aab99d988bd71b94931d74be6 +--- + src/core/unit.c | 2 +- + src/test/test-engine.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index b0756bc6f4..fd95e02153 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3146,7 +3146,7 @@ int unit_add_dependency( + if (!noop) + unit_add_to_dbus_queue(u); + +- return 0; ++ return 1; + } + + int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) { +diff --git a/src/test/test-engine.c b/src/test/test-engine.c +index ef055360fb..d430076056 100644 +--- a/src/test/test-engine.c ++++ b/src/test/test-engine.c +@@ -189,8 +189,8 @@ int main(int argc, char *argv[]) { + assert_se(!hashmap_get(unit_get_dependencies(a, UNIT_PROPAGATES_RELOAD_TO), c)); + assert_se(!hashmap_get(unit_get_dependencies(c, UNIT_RELOAD_PROPAGATED_FROM), a)); + +- assert_se(unit_add_dependency(a, UNIT_PROPAGATES_RELOAD_TO, b, true, UNIT_DEPENDENCY_UDEV) == 0); +- assert_se(unit_add_dependency(a, UNIT_PROPAGATES_RELOAD_TO, c, true, UNIT_DEPENDENCY_PROC_SWAP) == 0); ++ assert_se(unit_add_dependency(a, UNIT_PROPAGATES_RELOAD_TO, b, true, UNIT_DEPENDENCY_UDEV) >= 0); ++ assert_se(unit_add_dependency(a, UNIT_PROPAGATES_RELOAD_TO, c, true, UNIT_DEPENDENCY_PROC_SWAP) >= 0); + + assert_se(hashmap_get(unit_get_dependencies(a, UNIT_PROPAGATES_RELOAD_TO), b)); + assert_se(hashmap_get(unit_get_dependencies(b, UNIT_RELOAD_PROPAGATED_FROM), a)); +-- +2.33.0 + diff --git a/backport-core-allow-list-char-rtc-with-ProtectClock-yes-only-.patch b/backport-core-allow-list-char-rtc-with-ProtectClock-yes-only-.patch new file mode 100644 index 0000000..e58d9de --- /dev/null +++ b/backport-core-allow-list-char-rtc-with-ProtectClock-yes-only-.patch @@ -0,0 +1,90 @@ +From f6bba0b47e9038373627b7d2bfedac0b3e4f076e Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 20 Oct 2022 00:37:08 +0100 +Subject: [PATCH] core: allow-list char-rtc with ProtectClock=yes only if + needed + +Allow-listing a device implicitly blocks everything else, so this +has the opposite of the intended effect when PrivateDevices= is +not used. +Allow-list char-rtc only if there is a device policy set. + +Fixes https://github.com/systemd/systemd/issues/18142 + +(cherry picked from commit 63857bf4f7a5dd48a2b971d9bae2c06cc829b630) + +Conflict:delete modifications related to the ExecLoadCredential structure +Reference:https://github.com/systemd/systemd-stable/commit/f6bba0b47e9038373627b7d2bfedac0b3e4f076e +--- + src/core/unit.c | 64 +++++++++++++++++++++++++------------------------ + 1 file changed, 33 insertions(+), 31 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index ffac4ac719..fe509d400d 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -4134,36 +4134,39 @@ int unit_patch_contexts(Unit *u) { + cc->device_policy == CGROUP_DEVICE_POLICY_AUTO) + cc->device_policy = CGROUP_DEVICE_POLICY_CLOSED; + +- if ((ec->root_image || !LIST_IS_EMPTY(ec->mount_images)) && +- (cc->device_policy != CGROUP_DEVICE_POLICY_AUTO || cc->device_allow)) { ++ /* Only add these if needed, as they imply that everything else is blocked. */ ++ if (cc->device_policy != CGROUP_DEVICE_POLICY_AUTO || cc->device_allow) { ++ if (ec->root_image || !LIST_IS_EMPTY(ec->mount_images)) { +- const char *p; ++ const char *p; ++ ++ /* When RootImage= or MountImages= is specified, the following devices are touched. */ ++ FOREACH_STRING(p, "/dev/loop-control", "/dev/mapper/control") { ++ r = cgroup_add_device_allow(cc, p, "rw"); ++ if (r < 0) ++ return r; ++ } ++ FOREACH_STRING(p, "block-loop", "block-blkext", "block-device-mapper") { ++ r = cgroup_add_device_allow(cc, p, "rwm"); ++ if (r < 0) ++ return r; ++ } + +- /* When RootImage= or MountImages= is specified, the following devices are touched. */ +- FOREACH_STRING(p, "/dev/loop-control", "/dev/mapper/control") { +- r = cgroup_add_device_allow(cc, p, "rw"); +- if (r < 0) +- return r; +- } +- FOREACH_STRING(p, "block-loop", "block-blkext", "block-device-mapper") { +- r = cgroup_add_device_allow(cc, p, "rwm"); +- if (r < 0) +- return r; ++ /* Make sure "block-loop" can be resolved, i.e. make sure "loop" shows up in /proc/devices. ++ * Same for mapper and verity. */ ++ FOREACH_STRING(p, "modprobe@loop.service", "modprobe@dm_mod.service", "modprobe@dm_verity.service") { ++ r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, p, true, UNIT_DEPENDENCY_FILE); ++ if (r < 0) ++ return r; ++ } + } + +- /* Make sure "block-loop" can be resolved, i.e. make sure "loop" shows up in /proc/devices. +- * Same for mapper and verity. */ +- FOREACH_STRING(p, "modprobe@loop.service", "modprobe@dm_mod.service", "modprobe@dm_verity.service") { +- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, p, true, UNIT_DEPENDENCY_FILE); ++ if (ec->protect_clock) { ++ r = cgroup_add_device_allow(cc, "char-rtc", "r"); + if (r < 0) + return r; + } +- } + +- if (ec->protect_clock) { +- r = cgroup_add_device_allow(cc, "char-rtc", "r"); +- if (r < 0) +- return r; + } + } + + return 0; +-- +2.33.0 + diff --git a/backport-core-fix-memleak-in-GetUnitFileLinks-method.patch b/backport-core-fix-memleak-in-GetUnitFileLinks-method.patch new file mode 100644 index 0000000..73dd324 --- /dev/null +++ b/backport-core-fix-memleak-in-GetUnitFileLinks-method.patch @@ -0,0 +1,53 @@ +From 45090f34185cb71b87bd21d2a1d5a59ecc6f9f57 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 2 Nov 2022 07:06:46 +0900 +Subject: [PATCH] core: fix memleak in GetUnitFileLinks method + +(cherry picked from commit a12ba535fa677e642c7ba19e81062ed6e9365ceb) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/45090f34185cb71b87bd21d2a1d5a59ecc6f9f57 +--- + src/core/dbus-manager.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 92e717a00c..03ab35a941 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -2639,21 +2639,27 @@ static int method_get_unit_file_links(sd_bus_message *message, void *userdata, s + (runtime ? UNIT_FILE_RUNTIME : 0); + + r = unit_file_disable(UNIT_FILE_SYSTEM, flags, NULL, p, &changes, &n_changes); +- if (r < 0) +- return log_error_errno(r, "Failed to get file links for %s: %m", name); ++ if (r < 0) { ++ log_error_errno(r, "Failed to get file links for %s: %m", name); ++ goto finish; ++ } + + for (i = 0; i < n_changes; i++) + if (changes[i].type_or_errno == UNIT_FILE_UNLINK) { + r = sd_bus_message_append(reply, "s", changes[i].path); + if (r < 0) +- return r; ++ goto finish; + } + + r = sd_bus_message_close_container(reply); + if (r < 0) +- return r; ++ goto finish; + +- return sd_bus_send(NULL, reply, NULL); ++ r = sd_bus_send(NULL, reply, NULL); ++ ++finish: ++ unit_file_changes_free(changes, n_changes); ++ return r; + } + + static int method_get_job_waiting(sd_bus_message *message, void *userdata, sd_bus_error *error) { +-- +2.33.0 + diff --git a/backport-core-transaction-make-merge_unit_ids-always-return-N.patch b/backport-core-transaction-make-merge_unit_ids-always-return-N.patch new file mode 100644 index 0000000..c63a4e0 --- /dev/null +++ b/backport-core-transaction-make-merge_unit_ids-always-return-N.patch @@ -0,0 +1,64 @@ +From 1ece85e7d4af7517aa9cfe12b21cde1d82fa3167 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 18 Mar 2023 12:12:01 +0900 +Subject: [PATCH] core/transaction: make merge_unit_ids() always return + NUL-terminated string + +Follow-up for 924775e8ce49817f96df19c2b06356c12ecfc754. + +The loop run with `STRV_FOREACH_PAIR()`, hence `if (*(unit_id+1))` is +not a good way to detect if there exist a next entry. + +Fixes #26872. + +(cherry picked from commit 366eced4c81a15a25b9225347fa203aa67798b02) +(cherry picked from commit 7002c5c210a7ae3607bd8a424112e9f8789bc5f9) +(cherry picked from commit 89f780969b4436cf766eb9c0d6412362fc85f042) + +Conflict:keep variable unit_id and job_type to solve compilation failure +Reference:https://github.com/systemd/systemd-stable/commit/1ece85e7d4af7517aa9cfe12b21cde1d82fa3167 +--- + src/core/transaction.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/src/core/transaction.c b/src/core/transaction.c +index ebe5f19..9532531 100644 +--- a/src/core/transaction.c ++++ b/src/core/transaction.c +@@ -328,22 +328,26 @@ _pure_ static bool unit_matters_to_anchor(Unit *u, Job *j) { + return false; + } + +-static char* merge_unit_ids(const char* unit_log_field, char **pairs) { +- char **unit_id, **job_type, *ans = NULL; +- size_t size = 0, next; ++static char* merge_unit_ids(const char* unit_log_field, char * const* pairs) { ++ char **unit_id, **job_type = NULL; ++ _cleanup_free_ char *ans = NULL; ++ size_t size = 0; + + STRV_FOREACH_PAIR(unit_id, job_type, pairs) { ++ size_t next; ++ ++ if (size > 0) ++ ans[size - 1] = '\n'; ++ + next = strlen(unit_log_field) + strlen(*unit_id); + if (!GREEDY_REALLOC(ans, size + next + 1)) +- return mfree(ans); ++ return NULL; + + sprintf(ans + size, "%s%s", unit_log_field, *unit_id); +- if (*(unit_id+1)) +- ans[size + next] = '\n'; + size += next + 1; + } + +- return ans; ++ return TAKE_PTR(ans); + } + + static int transaction_verify_order_one(Transaction *tr, Job *j, Job *from, unsigned generation, sd_bus_error *e) { +-- +2.33.0 + diff --git a/backport-core-transaction-make-merge_unit_ids-return-non-NULL.patch b/backport-core-transaction-make-merge_unit_ids-return-non-NULL.patch new file mode 100644 index 0000000..6f8eb3e --- /dev/null +++ b/backport-core-transaction-make-merge_unit_ids-return-non-NULL.patch @@ -0,0 +1,33 @@ +From d938e482075db406ae56f9dd37ec0d353b165aac Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 18 Mar 2023 12:17:54 +0900 +Subject: [PATCH] core/transaction: make merge_unit_ids() return non-NULL on + success + +(cherry picked from commit 999f16514367224cbc50cb3ccc1e4392e43f6811) +(cherry picked from commit d084528c49e84354b9a032a1138175bff1198cfa) +(cherry picked from commit 8974821f7925d07089c29d619b7996714e833aa5) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/d938e482075db406ae56f9dd37ec0d353b165aac +--- + src/core/transaction.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/core/transaction.c b/src/core/transaction.c +index 043998078c..7c862f35be 100644 +--- a/src/core/transaction.c ++++ b/src/core/transaction.c +@@ -341,6 +341,9 @@ static char* merge_unit_ids(const char* unit_log_field, char * const* pairs) { + size += next + 1; + } + ++ if (!ans) ++ return strdup(""); ++ + return TAKE_PTR(ans); + } + +-- +2.33.0 + diff --git a/backport-core-unit-fix-notification-about-unit-dependency-cha.patch b/backport-core-unit-fix-notification-about-unit-dependency-cha.patch new file mode 100644 index 0000000..0ae28ad --- /dev/null +++ b/backport-core-unit-fix-notification-about-unit-dependency-cha.patch @@ -0,0 +1,73 @@ +From ac17080c040481c35bdfa10d4e08da76175fe9d7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 31 May 2022 01:43:15 +0900 +Subject: [PATCH] core/unit: fix notification about unit dependency change + +This also makes unit_add_dependency() return 1 only when a dependency +is added. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/ac17080c040481c35bdfa10d4e08da76175fe9d7 +--- + src/core/unit.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index fd95e02153..b00d4d0e36 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3062,7 +3062,7 @@ int unit_add_dependency( + + /* Helper to know whether sending a notification is necessary or not: if the dependency is already + * there, no need to notify! */ +- bool noop; ++ bool notify, notify_other = false; + + assert(u); + assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX); +@@ -3119,34 +3119,33 @@ int unit_add_dependency( + r = unit_add_dependency_hashmap(&u->dependencies, d, other, mask, 0); + if (r < 0) + return r; +- noop = !r; ++ notify = r > 0; + + if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) { + r = unit_add_dependency_hashmap(&other->dependencies, inverse_table[d], u, 0, mask); + if (r < 0) + return r; +- if (r) +- noop = false; ++ notify_other = r > 0; + } + + if (add_reference) { + r = unit_add_dependency_hashmap(&u->dependencies, UNIT_REFERENCES, other, mask, 0); + if (r < 0) + return r; +- if (r) +- noop = false; ++ notify = notify || r > 0; + + r = unit_add_dependency_hashmap(&other->dependencies, UNIT_REFERENCED_BY, u, 0, mask); + if (r < 0) + return r; +- if (r) +- noop = false; ++ notify_other = notify_other || r > 0; + } + +- if (!noop) ++ if (notify) + unit_add_to_dbus_queue(u); ++ if (notify_other) ++ unit_add_to_dbus_queue(other); + +- return 1; ++ return notify || notify_other; + } + + int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) { +-- +2.33.0 + diff --git a/backport-core-unit-make-JoinsNamespaceOf-implies-the-inverse-.patch b/backport-core-unit-make-JoinsNamespaceOf-implies-the-inverse-.patch new file mode 100644 index 0000000..a7a6ab1 --- /dev/null +++ b/backport-core-unit-make-JoinsNamespaceOf-implies-the-inverse-.patch @@ -0,0 +1,79 @@ +From a60f96fcf55c3452e5b13d6daec537af1909eda3 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 23 May 2023 06:36:44 +0900 +Subject: [PATCH] core/unit: make JoinsNamespaceOf= implies the inverse + dependency + +Previously, even if a.service has JoinsNamespaceOf=b.service, the +inverse direction of reference was not introduced. +Hence, a.service is started earlier than b.service, the namespace will +not shared with b.service. +Also, even if a.service had the reference to b.service, b.service did not. +If b.service is freed earlier, then unit_clear_dependencies() does not clear +the reference from a to b, and will cause use-after-free on unit_free() for +a.service. + +Let's make JoinsNamespaceOf=b.service in a.service implies the inverse +dependency, i.e. JoinsNamespaceOf=a.service for b.service. Then, we can safely +free b.service. + +Conflict:delete testcases because test files are not existed +Reference:https://github.com/systemd/systemd-stable/commit/a60f96fcf55c3452e5b13d6daec537af1909eda3 +--- + man/systemd.unit.xml | 12 +++++++----- + src/core/unit.c | 11 +++++------ + 2 files changed, 13 insertions(+), 12 deletions(-) + +diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml +index d603ec9744..fcd1f914a8 100644 +--- a/man/systemd.unit.xml ++++ b/man/systemd.unit.xml +@@ -856,16 +856,18 @@ + JoinsNamespaceOf= + + For units that start processes (such as service units), lists one or more other units +- whose network and/or temporary file namespace to join. This only applies to unit types which support +- the PrivateNetwork=, NetworkNamespacePath=, ++ whose network and/or temporary file namespace to join. If this is specified on a unit (say, a.service ++ has JoinsNamespaceOf=b.service), then this the inverse dependency ++ (JoinsNamespaceOf=a.service for b.service) is implied. This only applies to unit ++ types which support the PrivateNetwork=, NetworkNamespacePath=, + PrivateIPC=, IPCNamespacePath=, and + PrivateTmp= directives (see + systemd.exec5 for + details). If a unit that has this setting set is started, its processes will see the same + /tmp/, /var/tmp/, IPC namespace and network namespace as +- one listed unit that is started. If multiple listed units are already started, it is not defined +- which namespace is joined. Note that this setting only has an effect if +- PrivateNetwork=/NetworkNamespacePath=, ++ one listed unit that is started. If multiple listed units are already started and these do not share ++ their namespace, then it is not defined which namespace is joined. Note that this setting only has an ++ effect if PrivateNetwork=/NetworkNamespacePath=, + PrivateIPC=/IPCNamespacePath= and/or + PrivateTmp= is enabled for both the unit that joins the namespace and the unit + whose namespace is joined. +diff --git a/src/core/unit.c b/src/core/unit.c +index 7a43355832..be57bdbd1d 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3209,12 +3209,11 @@ int unit_add_dependency( + return r; + notify = r > 0; + +- if (inverse_table[d] != _UNIT_DEPENDENCY_INVALID && inverse_table[d] != d) { +- r = unit_add_dependency_hashmap(&other->dependencies, inverse_table[d], u, 0, mask); +- if (r < 0) +- return r; +- notify_other = r > 0; +- } ++ assert(inverse_table[d] >= 0 && inverse_table[d] < _UNIT_DEPENDENCY_MAX); ++ r = unit_add_dependency_hashmap(&other->dependencies, inverse_table[d], u, 0, mask); ++ if (r < 0) ++ return r; ++ notify_other = r > 0; + + if (add_reference) { + r = unit_add_dependency_hashmap(&u->dependencies, UNIT_REFERENCES, other, mask, 0); +-- +2.33.0 + diff --git a/backport-core-unit-update-bidirectional-dependency-simultaneo.patch b/backport-core-unit-update-bidirectional-dependency-simultaneo.patch new file mode 100644 index 0000000..952915b --- /dev/null +++ b/backport-core-unit-update-bidirectional-dependency-simultaneo.patch @@ -0,0 +1,238 @@ +From 831108245eb757f41fe0ebbccf1b42c9dd0ce297 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 23 May 2023 17:49:16 +0900 +Subject: [PATCH] core/unit: update bidirectional dependency simultaneously + +Previously, if unit_add_dependency_hashmap() failed, then a +one-directional unit dependency reference might be created, and +triggeres use-after-free. See issue #27742 for more details. + +This makes unit dependency always bidirectional, and cleanly revert +partial update on failure. + +Fixes #27742. + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/831108245eb757f41fe0ebbccf1b42c9dd0ce297 +--- + src/core/unit.c | 164 ++++++++++++++++++++++++++++++------------------ + 1 file changed, 103 insertions(+), 61 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 35f41531c4..90f87a95f5 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1056,46 +1056,6 @@ static int unit_per_dependency_type_hashmap_update( + return 1; + } + +-static int unit_add_dependency_hashmap( +- Hashmap **dependencies, +- UnitDependency d, +- Unit *other, +- UnitDependencyMask origin_mask, +- UnitDependencyMask destination_mask) { +- +- Hashmap *per_type; +- int r; +- +- assert(dependencies); +- assert(other); +- assert(origin_mask < _UNIT_DEPENDENCY_MASK_FULL); +- assert(destination_mask < _UNIT_DEPENDENCY_MASK_FULL); +- assert(origin_mask > 0 || destination_mask > 0); +- +- /* Ensure the top-level dependency hashmap exists that maps UnitDependency → Hashmap(Unit* → +- * UnitDependencyInfo) */ +- r = hashmap_ensure_allocated(dependencies, NULL); +- if (r < 0) +- return r; +- +- /* Acquire the inner hashmap, that maps Unit* → UnitDependencyInfo, for the specified dependency +- * type, and if it's missing allocate it and insert it. */ +- per_type = hashmap_get(*dependencies, UNIT_DEPENDENCY_TO_PTR(d)); +- if (!per_type) { +- per_type = hashmap_new(NULL); +- if (!per_type) +- return -ENOMEM; +- +- r = hashmap_put(*dependencies, UNIT_DEPENDENCY_TO_PTR(d), per_type); +- if (r < 0) { +- hashmap_free(per_type); +- return r; +- } +- } +- +- return unit_per_dependency_type_hashmap_update(per_type, other, origin_mask, destination_mask); +-} +- + static void unit_merge_dependencies(Unit *u, Unit *other) { + Hashmap *deps; + void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, +@@ -3103,11 +3063,38 @@ bool unit_job_is_applicable(Unit *u, JobType j) { + } + } + +-int unit_add_dependency( ++static Hashmap *unit_get_dependency_hashmap_per_type(Unit *u, UnitDependency d) { ++ Hashmap *deps; ++ ++ assert(u); ++ assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX); ++ ++ deps = hashmap_get(u->dependencies, UNIT_DEPENDENCY_TO_PTR(d)); ++ if (!deps) { ++ _cleanup_hashmap_free_ Hashmap *h = NULL; ++ ++ h = hashmap_new(NULL); ++ if (!h) ++ return NULL; ++ ++ if (hashmap_ensure_put(&u->dependencies, NULL, UNIT_DEPENDENCY_TO_PTR(d), h) < 0) ++ return NULL; ++ ++ deps = TAKE_PTR(h); ++ } ++ ++ return deps; ++} ++ ++typedef enum NotifyDependencyFlags { ++ NOTIFY_DEPENDENCY_UPDATE_FROM = 1 << 0, ++ NOTIFY_DEPENDENCY_UPDATE_TO = 1 << 1, ++} NotifyDependencyFlags; ++ ++static int unit_add_dependency_impl( + Unit *u, + UnitDependency d, + Unit *other, +- bool add_reference, + UnitDependencyMask mask) { + + static const UnitDependency inverse_table[_UNIT_DEPENDENCY_MAX] = { +@@ -3143,12 +3130,78 @@ int unit_add_dependency( + [UNIT_IN_SLICE] = UNIT_SLICE_OF, + [UNIT_SLICE_OF] = UNIT_IN_SLICE, + }; ++ ++ Hashmap *u_deps, *other_deps; ++ UnitDependencyInfo u_info, u_info_old, other_info, other_info_old; ++ NotifyDependencyFlags flags = 0; ++ int r; ++ ++ assert(u); ++ assert(other); ++ assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX); ++ assert(inverse_table[d] >= 0 && inverse_table[d] < _UNIT_DEPENDENCY_MAX); ++ assert(mask > 0 && mask < _UNIT_DEPENDENCY_MASK_FULL); ++ ++ /* Ensure the following two hashmaps for each unit exist: ++ * - the top-level dependency hashmap that maps UnitDependency → Hashmap(Unit* → UnitDependencyInfo), ++ * - the inner hashmap, that maps Unit* → UnitDependencyInfo, for the specified dependency type. */ ++ u_deps = unit_get_dependency_hashmap_per_type(u, d); ++ if (!u_deps) ++ return -ENOMEM; ++ ++ other_deps = unit_get_dependency_hashmap_per_type(other, inverse_table[d]); ++ if (!other_deps) ++ return -ENOMEM; ++ ++ /* Save the original dependency info. */ ++ u_info.data = u_info_old.data = hashmap_get(u_deps, other); ++ other_info.data = other_info_old.data = hashmap_get(other_deps, u); ++ ++ /* Update dependency info. */ ++ u_info.origin_mask |= mask; ++ other_info.destination_mask |= mask; ++ ++ /* Save updated dependency info. */ ++ if (u_info.data != u_info_old.data) { ++ r = hashmap_replace(u_deps, other, u_info.data); ++ if (r < 0) ++ return r; ++ ++ flags = NOTIFY_DEPENDENCY_UPDATE_FROM; ++ } ++ ++ if (other_info.data != other_info_old.data) { ++ r = hashmap_replace(other_deps, u, other_info.data); ++ if (r < 0) { ++ if (u_info.data != u_info_old.data) { ++ /* Restore the old dependency. */ ++ if (u_info_old.data) ++ (void) hashmap_update(u_deps, other, u_info_old.data); ++ else ++ hashmap_remove(u_deps, other); ++ } ++ return r; ++ } ++ ++ flags |= NOTIFY_DEPENDENCY_UPDATE_TO; ++ } ++ ++ return flags; ++} ++ ++int unit_add_dependency( ++ Unit *u, ++ UnitDependency d, ++ Unit *other, ++ bool add_reference, ++ UnitDependencyMask mask) { ++ + UnitDependencyAtom a; + int r; + + /* Helper to know whether sending a notification is necessary or not: if the dependency is already + * there, no need to notify! */ +- bool notify, notify_other = false; ++ NotifyDependencyFlags notify_flags; + + assert(u); + assert(d >= 0 && d < _UNIT_DEPENDENCY_MAX); +@@ -3204,35 +3257,24 @@ int unit_add_dependency( + return log_unit_error_errno(u, SYNTHETIC_ERRNO(EINVAL), + "Requested dependency SliceOf=%s refused (%s is not a cgroup unit).", other->id, other->id); + +- r = unit_add_dependency_hashmap(&u->dependencies, d, other, mask, 0); +- if (r < 0) +- return r; +- notify = r > 0; +- +- assert(inverse_table[d] >= 0 && inverse_table[d] < _UNIT_DEPENDENCY_MAX); +- r = unit_add_dependency_hashmap(&other->dependencies, inverse_table[d], u, 0, mask); ++ r = unit_add_dependency_impl(u, d, other, mask); + if (r < 0) + return r; +- notify_other = r > 0; ++ notify_flags = r; + + if (add_reference) { +- r = unit_add_dependency_hashmap(&u->dependencies, UNIT_REFERENCES, other, mask, 0); +- if (r < 0) +- return r; +- notify = notify || r > 0; +- +- r = unit_add_dependency_hashmap(&other->dependencies, UNIT_REFERENCED_BY, u, 0, mask); ++ r = unit_add_dependency_impl(u, UNIT_REFERENCES, other, mask); + if (r < 0) + return r; +- notify_other = notify_other || r > 0; ++ notify_flags |= r; + } + +- if (notify) ++ if (FLAGS_SET(notify_flags, NOTIFY_DEPENDENCY_UPDATE_FROM)) + unit_add_to_dbus_queue(u); +- if (notify_other) ++ if (FLAGS_SET(notify_flags, NOTIFY_DEPENDENCY_UPDATE_TO)) + unit_add_to_dbus_queue(other); + +- return notify || notify_other; ++ return notify_flags != 0; + } + + int unit_add_two_dependencies(Unit *u, UnitDependency d, UnitDependency e, Unit *other, bool add_reference, UnitDependencyMask mask) { +-- +2.33.0 + diff --git a/backport-coredump-filter-add-mask-for-all-using-UINT32_MAX-no.patch b/backport-coredump-filter-add-mask-for-all-using-UINT32_MAX-no.patch new file mode 100644 index 0000000..15d427b --- /dev/null +++ b/backport-coredump-filter-add-mask-for-all-using-UINT32_MAX-no.patch @@ -0,0 +1,65 @@ +From 085d847ae7e90f2a10d1cbe29d450a35ddc198bc Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 26 Apr 2023 14:19:33 +0100 +Subject: [PATCH] coredump filter: add mask for 'all' using UINT32_MAX, not + UINT64_MAX + +The kernel returns ERANGE when UINT64_MAX is passed. Create a mask +and use UINT32_max, which is accepted, so that future bits will also +be set. + +(cherry picked from commit 7f3bb8f20dcccaceea8b1ee05f0560b81162037b) +(cherry picked from commit 4f8b2abf699f092576efff55a061efede795d99e) +(cherry picked from commit 5bba2890ef53ca166670aaa715bd1a5386b8cf91) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/085d847ae7e90f2a10d1cbe29d450a35ddc198bc +--- + src/shared/coredump-util.c | 2 +- + src/shared/coredump-util.h | 3 +++ + src/test/test-coredump-util.c | 2 ++ + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c +index aaf3e16eff..7a44816834 100644 +--- a/src/shared/coredump-util.c ++++ b/src/shared/coredump-util.c +@@ -43,7 +43,7 @@ int coredump_filter_mask_from_string(const char *s, uint64_t *ret) { + } + + if (streq(n, "all")) { +- m = UINT64_MAX; ++ m = COREDUMP_FILTER_MASK_ALL; + continue; + } + +diff --git a/src/shared/coredump-util.h b/src/shared/coredump-util.h +index 09e7ed443f..f4d4098136 100644 +--- a/src/shared/coredump-util.h ++++ b/src/shared/coredump-util.h +@@ -22,6 +22,9 @@ typedef enum CoredumpFilter { + 1u << COREDUMP_FILTER_ELF_HEADERS | \ + 1u << COREDUMP_FILTER_PRIVATE_HUGE) + ++/* The kernel doesn't like UINT64_MAX and returns ERANGE, use UINT32_MAX to support future new flags */ ++#define COREDUMP_FILTER_MASK_ALL UINT32_MAX ++ + const char* coredump_filter_to_string(CoredumpFilter i) _const_; + CoredumpFilter coredump_filter_from_string(const char *s) _pure_; + int coredump_filter_mask_from_string(const char *s, uint64_t *ret); +diff --git a/src/test/test-coredump-util.c b/src/test/test-coredump-util.c +index a669da7746..4f68dd57d8 100644 +--- a/src/test/test-coredump-util.c ++++ b/src/test/test-coredump-util.c +@@ -23,6 +23,8 @@ TEST(coredump_filter_mask_from_string) { + uint64_t f; + assert_se(coredump_filter_mask_from_string("default", &f) == 0); + assert_se(f == COREDUMP_FILTER_MASK_DEFAULT); ++ assert_se(coredump_filter_mask_from_string("all", &f) == 0); ++ assert_se(f == COREDUMP_FILTER_MASK_ALL); + + assert_se(coredump_filter_mask_from_string(" default\tdefault\tdefault ", &f) == 0); + assert_se(f == COREDUMP_FILTER_MASK_DEFAULT); +-- +2.33.0 + diff --git a/backport-coredump-filter-fix-stack-overflow-with-all.patch b/backport-coredump-filter-fix-stack-overflow-with-all.patch new file mode 100644 index 0000000..d8ac470 --- /dev/null +++ b/backport-coredump-filter-fix-stack-overflow-with-all.patch @@ -0,0 +1,69 @@ +From 30a4629e4760fba96735365c31d279d402ec11e3 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Wed, 26 Apr 2023 14:18:04 +0100 +Subject: [PATCH] coredump filter: fix stack overflow with =all + +We translate 'all' to UNIT64_MAX, which has a lot more 'f's. Use the +helper macro, since a decimal uint64_t will always be >> than a hex +representation. + +root@image:~# systemd-run -t --property CoredumpFilter=all ls /tmp +Running as unit: run-u13.service +Press ^] three times within 1s to disconnect TTY. +*** stack smashing detected ***: terminated +[137256.320511] systemd[1]: run-u13.service: Main process exited, code=dumped, status=6/ABRT +[137256.320850] systemd[1]: run-u13.service: Failed with result 'core-dump'. + +(cherry picked from commit 37232d55a7bcace37280e28b207c85f5ca9b3f6b) +(cherry picked from commit 021bb972ffd87aae9f9f7bcc691bf5b812db309b) +(cherry picked from commit ab33ee67d58780eccd9082d7d75bbc1d48f50468) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/30a4629e4760fba96735365c31d279d402ec11e3 +--- + src/basic/macro.h | 4 ++++ + src/shared/coredump-util.c | 5 +++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/basic/macro.h b/src/basic/macro.h +index f5d63ce408..a5453fc9d7 100644 +--- a/src/basic/macro.h ++++ b/src/basic/macro.h +@@ -309,6 +309,10 @@ #define char_array_0(x) x[sizeof(x)-1] = 0; + + #define sizeof_field(struct_type, member) sizeof(((struct_type *) 0)->member) + ++/* Maximum buffer size needed for formatting an unsigned integer type as hex, including space for '0x' ++ * prefix and trailing NUL suffix. */ ++#define HEXADECIMAL_STR_MAX(type) (2 + sizeof(type) * 2 + 1) ++ + /* Returns the number of chars needed to format variables of the + * specified type as a decimal string. Adds in extra space for a + * negative '-' prefix (hence works correctly on signed +diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c +index a0b648bf79..aaf3e16eff 100644 +--- a/src/shared/coredump-util.c ++++ b/src/shared/coredump-util.c +@@ -3,6 +3,7 @@ + #include "coredump-util.h" + #include "extract-word.h" + #include "fileio.h" ++#include "stdio-util.h" + #include "string-table.h" + + static const char *const coredump_filter_table[_COREDUMP_FILTER_MAX] = { +@@ -65,9 +66,9 @@ int coredump_filter_mask_from_string(const char *s, uint64_t *ret) { + } + + int set_coredump_filter(uint64_t value) { +- char t[STRLEN("0xFFFFFFFF")]; ++ char t[HEXADECIMAL_STR_MAX(uint64_t)]; + +- sprintf(t, "0x%"PRIx64, value); ++ xsprintf(t, "0x%"PRIx64, value); + + return write_string_file("/proc/self/coredump_filter", t, + WRITE_STRING_FILE_VERIFY_ON_FAILURE|WRITE_STRING_FILE_DISABLE_BUFFER); +-- +2.33.0 + diff --git a/backport-dbus-util-let-s-take-it-down-a-notch-when-converting.patch b/backport-dbus-util-let-s-take-it-down-a-notch-when-converting.patch new file mode 100644 index 0000000..9fde0f1 --- /dev/null +++ b/backport-dbus-util-let-s-take-it-down-a-notch-when-converting.patch @@ -0,0 +1,45 @@ +From 0d8dd903ff55c9aba7322005c374522387cf2713 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 1 Jun 2023 20:22:20 +0200 +Subject: [PATCH] dbus-util: let's take it down a notch when converting file + mode to string + +I'm definitely a fan of precision, but in this case it's a bit too much: + + $ systemd-run --unit=test --socket-property=ListenFIFO=/tmp/foo --socket-property=SocketMode=0644 true + $ systemctl cat test.socket + # /run/systemd/transient/test.socket + # This is a transient unit file, created programmatically via the systemd API. Do not edit. + [Unit] + Description=/usr/bin/true + + [Socket] + ListenFIFO=/tmp/foo + SocketMode=0000000000000000000000000000000000000644 + +(cherry picked from commit b86ed7f710b89b7a7e36da158c1bb8c69ffed144) +(cherry picked from commit 47edca1731788fc53249b95d28c66d88a85b4165) +(cherry picked from commit f566389f239addd529824e3d7b5bd9ad184b1590) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0d8dd903ff55c9aba7322005c374522387cf2713 +--- + src/core/dbus-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/dbus-util.c b/src/core/dbus-util.c +index 32a2ec0ff9..c253f44c35 100644 +--- a/src/core/dbus-util.c ++++ b/src/core/dbus-util.c +@@ -30,7 +30,7 @@ int bus_property_get_triggered_unit( + return sd_bus_message_append(reply, "s", trigger ? trigger->id : NULL); + } + +-BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%040o"); ++BUS_DEFINE_SET_TRANSIENT(mode_t, "u", uint32_t, mode_t, "%04o"); + BUS_DEFINE_SET_TRANSIENT(unsigned, "u", uint32_t, unsigned, "%" PRIu32); + + static inline bool valid_user_group_name_or_id_relaxed(const char *u) { +-- +2.33.0 + diff --git a/backport-escape-fix-wrong-octescape-of-bad-character.patch b/backport-escape-fix-wrong-octescape-of-bad-character.patch new file mode 100644 index 0000000..cc15576 --- /dev/null +++ b/backport-escape-fix-wrong-octescape-of-bad-character.patch @@ -0,0 +1,75 @@ +From 0fc5cdd98a205a7bbfe4413f8b158ce9776882eb Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 6 Dec 2022 12:00:41 +0900 +Subject: [PATCH] escape: fix wrong octescape of bad character + +Fixes a bug introduced by 95052df3760523e1f3bb9705c918d85aae7fb431. + +This also makes octescape() support NULL or zero length string. + +Fixes [oss-fuzz#54059](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54059). + +Fixes #25643. + +(cherry picked from commit 76519cecc749a3d0e2054fd6db8a99143666e123) +(cherry picked from commit 2ea5de7881edcd1665207bb55bfd5ae2b6ccdc10) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0fc5cdd98a205a7bbfe4413f8b158ce9776882eb +--- + src/basic/escape.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +diff --git a/src/basic/escape.c b/src/basic/escape.c +index 1cb7ced545..e04b435d5b 100644 +--- a/src/basic/escape.c ++++ b/src/basic/escape.c +@@ -445,31 +445,30 @@ char* escape_non_printable_full(const char *str, size_t console_width, XEscapeFl + } + + char* octescape(const char *s, size_t len) { +- char *r, *t; +- const char *f; ++ char *buf, *t; + +- /* Escapes all chars in bad, in addition to \ and " chars, +- * in \nnn style escaping. */ ++ /* Escapes all chars in bad, in addition to \ and " chars, in \nnn style escaping. */ + +- r = new(char, len * 4 + 1); +- if (!r) ++ assert(s || len == 0); ++ ++ t = buf = new(char, len * 4 + 1); ++ if (!buf) + return NULL; + +- for (f = s, t = r; f < s + len; f++) { ++ for (size_t i = 0; i < len; i++) { ++ uint8_t u = (uint8_t) s[i]; + +- if (*f < ' ' || *f >= 127 || IN_SET(*f, '\\', '"')) { ++ if (u < ' ' || u >= 127 || IN_SET(u, '\\', '"')) { + *(t++) = '\\'; +- *(t++) = '0' + (*f >> 6); +- *(t++) = '0' + ((*f >> 3) & 8); +- *(t++) = '0' + (*f & 8); ++ *(t++) = '0' + (u >> 6); ++ *(t++) = '0' + ((u >> 3) & 7); ++ *(t++) = '0' + (u & 7); + } else +- *(t++) = *f; ++ *(t++) = u; + } + + *t = 0; +- +- return r; +- ++ return buf; + } + + static char* strcpy_backslash_escaped(char *t, const char *s, const char *bad) { +-- +2.33.0 + diff --git a/backport-hexdecoct-add-missing-NULL-check.patch b/backport-hexdecoct-add-missing-NULL-check.patch new file mode 100644 index 0000000..a1e8c75 --- /dev/null +++ b/backport-hexdecoct-add-missing-NULL-check.patch @@ -0,0 +1,34 @@ +From 671ea8cce47e9c556d283bd53b2c82b9c5ec2da4 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 7 Dec 2022 06:58:23 +0900 +Subject: [PATCH] hexdecoct: add missing NULL check + +Fixes oss-fuzz#54065 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54065). + +Fixes #25650. + +(cherry picked from commit 45655e776f3a4deaf68cc21a7716eba5181cbd49) +(cherry picked from commit 002fc46688e7d7057dbd7845defcc5bae758adde) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/671ea8cce47e9c556d283bd53b2c82b9c5ec2da4 +--- + src/basic/hexdecoct.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/hexdecoct.c b/src/basic/hexdecoct.c +index 0922a49bb1..b9de5bfcda 100644 +--- a/src/basic/hexdecoct.c ++++ b/src/basic/hexdecoct.c +@@ -606,7 +606,7 @@ ssize_t base64mem_full( + if (!r) + return -ENOMEM; + +- for (x = p; x < (const uint8_t*) p + (l / 3) * 3; x += 3) { ++ for (x = p; x && x < (const uint8_t*) p + (l / 3) * 3; x += 3) { + /* x[0] == XXXXXXXX; x[1] == YYYYYYYY; x[2] == ZZZZZZZZ */ + *(z++) = base64char(x[0] >> 2); /* 00XXXXXX */ + *(z++) = base64char((x[0] & 3) << 4 | x[1] >> 4); /* 00XXYYYY */ +-- +2.33.0 + diff --git a/backport-hexdecoct-fix-NULL-pointer-dereferences-in-hexmem.patch b/backport-hexdecoct-fix-NULL-pointer-dereferences-in-hexmem.patch new file mode 100644 index 0000000..e4f1ed3 --- /dev/null +++ b/backport-hexdecoct-fix-NULL-pointer-dereferences-in-hexmem.patch @@ -0,0 +1,87 @@ +From 18bfa23b9b52fecf6f551f4c225abe8034f9dac2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 7 Dec 2022 09:06:48 +0900 +Subject: [PATCH] hexdecoct: fix NULL pointer dereferences in hexmem() + +Fixes oss-fuzz#54090 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54090). + +Fixes #25655. + +(cherry picked from commit 7d34567444304ea0acec7ed3c44c09bb65cea32c) +(cherry picked from commit 772e89452e8e72347360bfe6556ecc3d95b2caf4) + +Conflict:adapt test cases based on the existing test case framework +Reference:https://github.com/systemd/systemd-stable/commit/18bfa23b9b52fecf6f551f4c225abe8034f9dac2 +--- + src/basic/hexdecoct.c | 4 +++- + src/test/test-hexdecoct.c | 21 +++++++++++++++++++++ + 2 files changed, 24 insertions(+), 1 deletion(-) + +diff --git a/src/basic/hexdecoct.c b/src/basic/hexdecoct.c +index 99b82d4..c9cda67 100644 +--- a/src/basic/hexdecoct.c ++++ b/src/basic/hexdecoct.c +@@ -59,11 +59,13 @@ char *hexmem(const void *p, size_t l) { + const uint8_t *x; + char *r, *z; + ++ assert(p || l == 0); ++ + z = r = new(char, l * 2 + 1); + if (!r) + return NULL; + +- for (x = p; x < (const uint8_t*) p + l; x++) { ++ for (x = p; x && x < (const uint8_t*) p + l; x++) { + *(z++) = hexchar(*x >> 4); + *(z++) = hexchar(*x & 15); + } +diff --git a/src/test/test-hexdecoct.c b/src/test/test-hexdecoct.c +index c9d318b..413ad0e 100644 +--- a/src/test/test-hexdecoct.c ++++ b/src/test/test-hexdecoct.c +@@ -6,6 +6,7 @@ + #include "hexdecoct.h" + #include "macro.h" + #include "string-util.h" ++#include "memory-util.h" + + static void test_hexchar(void) { + assert_se(hexchar(0xa) == 'a'); +@@ -71,6 +72,25 @@ static void test_undecchar(void) { + assert_se(undecchar('9') == 9); + } + ++static void test_hexmem_one(const char *in, const char *expected) { ++ _cleanup_free_ char *result = NULL; ++ _cleanup_free_ void *mem = NULL; ++ size_t len; ++ ++ assert_se(result = hexmem(in, strlen_ptr(in))); ++ log_debug("hexmem(\"%s\") → \"%s\" (expected: \"%s\")", strnull(in), result, expected); ++ assert_se(streq(result, expected)); ++ ++ assert_se(unhexmem(result, SIZE_MAX, &mem, &len) >= 0); ++ assert_se(memcmp_safe(mem, in, len) == 0); ++} ++ ++static void test_hexmem(void) { ++ test_hexmem_one(NULL, ""); ++ test_hexmem_one("", ""); ++ test_hexmem_one("foo", "666f6f"); ++} ++ + static void test_unhexmem_one(const char *s, size_t l, int retval) { + _cleanup_free_ char *hex = NULL; + _cleanup_free_ void *mem = NULL; +@@ -350,6 +370,7 @@ int main(int argc, char *argv[]) { + test_base64mem(); + test_unbase64mem(); + test_hexdump(); ++ test_hexmem(); + + return 0; + } +-- +2.33.0 + diff --git a/backport-journal-Don-t-try-to-write-garbage-if-journal-entry-.patch b/backport-journal-Don-t-try-to-write-garbage-if-journal-entry-.patch new file mode 100644 index 0000000..3412262 --- /dev/null +++ b/backport-journal-Don-t-try-to-write-garbage-if-journal-entry-.patch @@ -0,0 +1,63 @@ +From 3d88973ff61a7e2c572fa2d80ab5446510c9a8b2 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 26 Apr 2023 13:21:55 +0200 +Subject: [PATCH] journal: Don't try to write garbage if journal entry is + corrupted + +If journal_file_data_payload() returns -EBADMSG or -EADDRNOTAVAIL, +we skip the entry and go to the next entry, but we never modify +the number of items that we pass to journal_file_append_entry_internal() +if that happens, which means we could try to append garbage to the +journal file. + +Let's keep track of the number of fields we've appended to avoid this +problem. + +(cherry picked from commit f81409f844ae8077f7ee7664871f73fa7d440581) +(cherry picked from commit 3821e3ea077810a7271dbdaccf67b08c33a28fcf) +(cherry picked from commit b9d96f2803b6fbf703463b72bb63d0c936f558e8) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/3d88973ff61a7e2c572fa2d80ab5446510c9a8b2 +--- + src/libsystemd/sd-journal/journal-file.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 3c9221c..1988488 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -3839,7 +3839,7 @@ int journal_file_open_reliably( + } + + int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p) { +- uint64_t q, n, xor_hash = 0; ++ uint64_t q, n, m = 0, xor_hash = 0; + const sd_id128_t *boot_id; + dual_timestamp ts; + EntryItem *items; +@@ -3918,15 +3918,18 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 + else + xor_hash ^= le64toh(u->data.hash); + +- items[i].object_offset = htole64(h); +- items[i].hash = u->data.hash; ++ items[m].object_offset = htole64(h); ++ items[m++].hash = u->data.hash; + + r = journal_file_move_to_object(from, OBJECT_ENTRY, p, &o); + if (r < 0) + return r; + } + +- r = journal_file_append_entry_internal(to, &ts, boot_id, xor_hash, items, n, ++ if (m == 0) ++ return 0; ++ ++ r = journal_file_append_entry_internal(to, &ts, boot_id, xor_hash, items, m, + NULL, NULL, NULL); + + if (mmap_cache_got_sigbus(to->mmap, to->cache_fd)) +-- +2.33.0 + diff --git a/backport-journal-avoid-infinite-recursion-when-closing-bad-jo.patch b/backport-journal-avoid-infinite-recursion-when-closing-bad-jo.patch new file mode 100644 index 0000000..5498ed8 --- /dev/null +++ b/backport-journal-avoid-infinite-recursion-when-closing-bad-jo.patch @@ -0,0 +1,71 @@ +From 2890d17f26c73a2e9e4a9635d353388fde82151d Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Fri, 16 Jun 2023 22:31:04 +0100 +Subject: [PATCH] journal: avoid infinite recursion when closing bad journal FD + +When trying to log, if we fail we try to close the journal FD. If +it is bad, safe_close() will fail and assert, which will try to log, +which will fail, which will try to close the journal FD... +Infinite recursion looks very pretty live in gdb, but let's avoid +that by immediately invalidating the journal FD before closing it. + +(cherry picked from commit 40cdb3b756abbeb66091b8e9f1a3d38308456828) +(cherry picked from commit 228bfcf041e89f09c798af864a93543f9d43ec05) +(cherry picked from commit f62c831ba704119194ecd6aabaaee0ecb8edf559) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/2890d17f26c73a2e9e4a9635d353388fde82151d +--- + src/basic/log.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/src/basic/log.c b/src/basic/log.c +index 02e37ed6ce..ef44aea948 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -83,7 +83,8 @@ bool _log_message_dummy = false; /* Always false */ + } while (false) + + static void log_close_console(void) { +- console_fd = safe_close_above_stdio(console_fd); ++ /* See comment in log_close_journal() */ ++ (void) safe_close_above_stdio(TAKE_FD(console_fd)); + } + + static int log_open_console(void) { +@@ -107,7 +108,8 @@ static int log_open_console(void) { + } + + static void log_close_kmsg(void) { +- kmsg_fd = safe_close(kmsg_fd); ++ /* See comment in log_close_journal() */ ++ (void) safe_close(TAKE_FD(kmsg_fd)); + } + + static int log_open_kmsg(void) { +@@ -124,7 +126,8 @@ static int log_open_kmsg(void) { + } + + static void log_close_syslog(void) { +- syslog_fd = safe_close(syslog_fd); ++ /* See comment in log_close_journal() */ ++ (void) safe_close(TAKE_FD(syslog_fd)); + } + + static int create_log_socket(int type) { +@@ -196,7 +199,11 @@ fail: + } + + static void log_close_journal(void) { +- journal_fd = safe_close(journal_fd); ++ /* If the journal FD is bad, safe_close will fail, and will try to log, which will fail, so we'll ++ * try to close the journal FD, which is bad, so safe_close will fail... Whether we can close it ++ * or not, invalidate it immediately so that we don't get in a recursive loop until we run out of ++ * stack. */ ++ (void) safe_close(TAKE_FD(journal_fd)); + } + + static int log_open_journal(void) { +-- +2.33.0 + diff --git a/backport-journald-prevent-segfault-on-empty-attr-current.patch b/backport-journald-prevent-segfault-on-empty-attr-current.patch new file mode 100644 index 0000000..fee1502 --- /dev/null +++ b/backport-journald-prevent-segfault-on-empty-attr-current.patch @@ -0,0 +1,40 @@ +From 9070c9f2f33aacc10eb65a9430e3bf78bce5aea7 Mon Sep 17 00:00:00 2001 +From: Space Meyer +Date: Wed, 7 Dec 2022 14:11:30 +0100 +Subject: [PATCH] journald: prevent segfault on empty attr/current + +getpidcon() might set con to NULL, even when it returned a 0 return +code[0]. The subsequent strlen(con) will then cause a segfault. + +Alternatively the behaviour could also be changed in getpidcon. I +don't know whether the libselinux folks are comitted to the current +behaviour, but the getpidcon man page doesn't really make it obvious +this case could happen. + +[0] https://github.com/SELinuxProject/selinux/blob/fb7f35495fbad468d6efa76c5fed727659903038/libselinux/src/procattr.c#L155-L158 + +(cherry picked from commit ff868eaadecde2568d1e08a375ec8a3b327984fa) +(cherry picked from commit 4119d25e621b5e5b7860e971092239379768081c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/9070c9f2f33aacc10eb65a9430e3bf78bce5aea7 +--- + src/journal/journald-context.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c +index 27608ff089..0953fb2119 100644 +--- a/src/journal/journald-context.c ++++ b/src/journal/journald-context.c +@@ -258,7 +258,7 @@ static int client_context_read_label( + + /* If we got no SELinux label passed in, let's try to acquire one */ + +- if (getpidcon(c->pid, &con) >= 0) { ++ if (getpidcon(c->pid, &con) >= 0 && con) { + free_and_replace(c->label, con); + c->label_size = strlen(c->label); + } +-- +2.33.0 + diff --git a/backport-json-correctly-handle-magic-strings-when-parsing-var.patch b/backport-json-correctly-handle-magic-strings-when-parsing-var.patch new file mode 100644 index 0000000..5075164 --- /dev/null +++ b/backport-json-correctly-handle-magic-strings-when-parsing-var.patch @@ -0,0 +1,110 @@ +From 3ee13066884acb4ac16cb41ed4ac01bb94fab4f6 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 23 May 2023 09:55:17 +0200 +Subject: [PATCH] json: correctly handle magic strings when parsing variant + strv + +We can't dereference the variant object directly, as it might be +a magic object (which has an address on a faulting page); use +json_variant_is_sensitive() instead that handles this case. + +For example, with an empty array: + +==1547789==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000023 (pc 0x7fd616ca9a18 bp 0x7ffcba1dc7c0 sp 0x7ffcba1dc6d0 T0) +==1547789==The signal is caused by a READ memory access. +==1547789==Hint: address points to the zero page. +SCARINESS: 10 (null-deref) + #0 0x7fd616ca9a18 in json_variant_strv ../src/shared/json.c:2190 + #1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173 + #2 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400 + #3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428 + #4 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400 + #5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187 + #6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23 + #7 0x40691c in main ../src/fuzz/fuzz-main.c:50 + #8 0x7fd61564a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + #9 0x7fd61564a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) + #10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4) + +DEDUP_TOKEN: json_variant_strv--oci_args--json_dispatch +AddressSanitizer can not provide additional info. +SUMMARY: AddressSanitizer: SEGV ../src/shared/json.c:2190 in json_variant_strv +==1547789==ABORTING + +Or with an empty string in an array: + +../src/shared/json.c:2202:39: runtime error: member access within misaligned address 0x000000000007 for type 'struct JsonVariant', which requires 8 byte alignment +0x000000000007: note: pointer points here + + #0 0x7f35f4ca9bcf in json_variant_strv ../src/shared/json.c:2202 + #1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173 + #2 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400 + #3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428 + #4 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400 + #5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187 + #6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23 + #7 0x40691c in main ../src/fuzz/fuzz-main.c:50 + #8 0x7f35f364a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + #9 0x7f35f364a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) + #10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4) + +SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/json.c:2202:39 in + +Note: this happens only if json_variant_copy() in json_variant_set_source() fails. + +Found by Nallocfuzz. + +(cherry picked from commit 909eb4c01de03a32c915a2267166501dca5b78f6) +(cherry picked from commit 58c1816aa43b96b5ce0953bc8ff78c37c4226216) +(cherry picked from commit 89ab32d166a6920a14c19b90fe528c02ed5f4142) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/3ee13066884acb4ac16cb41ed4ac01bb94fab4f6 +--- + src/shared/json.c | 4 ++-- + test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string | 1 + + test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string2 | 1 + + 3 files changed, 4 insertions(+), 2 deletions(-) + create mode 100644 test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string + create mode 100644 test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string2 + +diff --git a/src/shared/json.c b/src/shared/json.c +index 3ab562e219..6748dbcf8d 100644 +--- a/src/shared/json.c ++++ b/src/shared/json.c +@@ -2103,7 +2103,7 @@ int json_variant_strv(JsonVariant *v, char ***ret) { + if (!json_variant_is_array(v)) + return -EINVAL; + +- sensitive = v->sensitive; ++ sensitive = json_variant_is_sensitive(v); + + n = json_variant_elements(v); + l = new(char*, n+1); +@@ -2114,7 +2114,7 @@ int json_variant_strv(JsonVariant *v, char ***ret) { + JsonVariant *e; + + assert_se(e = json_variant_by_index(v, i)); +- sensitive = sensitive || e->sensitive; ++ sensitive = sensitive || json_variant_is_sensitive(e); + + if (!json_variant_is_string(e)) { + l[i] = NULL; +diff --git a/test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string b/test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string +new file mode 100644 +index 0000000000..675bed0505 +--- /dev/null ++++ b/test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string +@@ -0,0 +1 @@ ++{"ociVersion":"1.0.0","process":{"args":[]}} +diff --git a/test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string2 b/test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string2 +new file mode 100644 +index 0000000000..fb1269b9c8 +--- /dev/null ++++ b/test/fuzz/fuzz-nspawn-oci/invalid-read-magic-string2 +@@ -0,0 +1 @@ ++{"ociVersion":"1.0.0","process":{"args":[""]}} +\ No newline at end of file +-- +2.33.0 + diff --git a/backport-list-fix-double-evaluation.patch b/backport-list-fix-double-evaluation.patch new file mode 100644 index 0000000..1f11965 --- /dev/null +++ b/backport-list-fix-double-evaluation.patch @@ -0,0 +1,36 @@ +From 42094f7b796cdf4df467ba31529962c643a08cae Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 20 Apr 2023 04:04:03 +0900 +Subject: [PATCH] list: fix double evaluation + +(cherry picked from commit 24a5370bbc1b52fee52d8891f66af13e9d77d799) +(cherry picked from commit 7b437659b15c0cd87b5720b3570dcd5e5ad9abca) +(cherry picked from commit 73f7c65d34d507c75b3044e2205d1393e43a7534) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/42094f7b796cdf4df467ba31529962c643a08cae +--- + src/basic/list.h | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/basic/list.h b/src/basic/list.h +index 58e83a6cb2..0dba7648e6 100644 +--- a/src/basic/list.h ++++ b/src/basic/list.h +@@ -133,8 +133,11 @@ + } \ + } while (false) + +-#define LIST_JUST_US(name,item) \ +- (!(item)->name##_prev && !(item)->name##_next) \ ++#define LIST_JUST_US(name, item) \ ++ ({ \ ++ typeof(*(item)) *_item = (item); \ ++ !(_item)->name##_prev && !(_item)->name##_next; \ ++ }) + + #define LIST_FOREACH(name,i,head) \ + for ((i) = (head); (i); (i) = (i)->name##_next) +-- +2.33.0 + diff --git a/backport-localed-fix-invalid-free-after-shifting-pointers-usi.patch b/backport-localed-fix-invalid-free-after-shifting-pointers-usi.patch new file mode 100644 index 0000000..3c3ab35 --- /dev/null +++ b/backport-localed-fix-invalid-free-after-shifting-pointers-usi.patch @@ -0,0 +1,85 @@ +From 3e880530377fcda5b203b3abfb8b58b7db867cc7 Mon Sep 17 00:00:00 2001 +From: Olivier Gayot +Date: Fri, 7 Apr 2023 10:32:07 +0200 +Subject: [PATCH] localed: fix invalid free after shifting pointers using + strstrip + +After manually editing /etc/locale.gen, calling localectl set-locale +sometimes fails. When it fails, the systemd journal shows: +systemd-localed: free() / invalid pointer. + +It turned out that it only fails if some of the uncommented lines in +/etc/locale.gen have leading spaces, as in: + + * C.UTF-8 <= OK + * en_US.UTF-8 <= OK + * fr_FR.UTF-8 <= NOK + +After parsing a line from /etc/locale.gen, we use strstrip() to obtain +the "trimmed" line (without leading or trailing spaces). + +However, we store the result of strstrip() in the original pointer +containing the untrimmed line. This pointer is later passed to free +(this is done automatically using _cleanup_free_). + +This is a problem because if any leading space is present, the pointer +will essentially be shifted from its original value. This will result in +an invalid free upon cleanup. + +The same issue is present in the locale_gen_locale_supported function. + +Fixed by storing the result of strstrip() in a different pointer. + +(cherry picked from commit b24b10592d74b73529817813ff33f7e28e79ca41) +(cherry picked from commit d18037b8ff43a1d7310708a50786f92c1291ce80) +(cherry picked from commit fcd9ec3effc9cad63f73cba024697011c5963766) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/3e880530377fcda5b203b3abfb8b58b7db867cc7 +--- + src/locale/keymap-util.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c +index 2d1b9826d0..77035d6584 100644 +--- a/src/locale/keymap-util.c ++++ b/src/locale/keymap-util.c +@@ -784,6 +784,7 @@ static int locale_gen_locale_supported(const char *locale_entry) { + + for (;;) { + _cleanup_free_ char *line = NULL; ++ char *l; + + r = read_line(f, LONG_LINE_MAX, &line); + if (r < 0) +@@ -791,8 +792,8 @@ static int locale_gen_locale_supported(const char *locale_entry) { + if (r == 0) + return 0; + +- line = strstrip(line); +- if (strcaseeq_ptr(line, locale_entry)) ++ l = strstrip(line); ++ if (strcaseeq_ptr(l, locale_entry)) + return 1; + } + } +@@ -870,14 +871,13 @@ int locale_gen_enable_locale(const char *locale) { + continue; + } + +- line = strstrip(line); +- if (isempty(line)) { ++ line_locale = strstrip(line); ++ if (isempty(line_locale)) { + fputc('\n', fw); + first_line = false; + continue; + } + +- line_locale = line; + if (line_locale[0] == '#') + line_locale = strstrip(line_locale + 1); + else if (strcaseeq_ptr(line_locale, locale_entry)) +-- +2.33.0 + diff --git a/backport-machine-fix-a-memory-leak-when-showing-multiple-imag.patch b/backport-machine-fix-a-memory-leak-when-showing-multiple-imag.patch new file mode 100644 index 0000000..3c62add --- /dev/null +++ b/backport-machine-fix-a-memory-leak-when-showing-multiple-imag.patch @@ -0,0 +1,90 @@ +From 548f64dd4c270cd40f8e764606fe2dc36d3ac265 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 12 May 2023 14:43:23 +0200 +Subject: [PATCH] machine: fix a memory leak when showing multiple images + ++ machinectl image-status container1 container1 container0 container1 container2 container3 container4 + ================================================================= + ==1354==ERROR: LeakSanitizer: detected memory leaks + Direct leak of 4704 byte(s) in 6 object(s) allocated from: + #0 0x7fc3670ba097 in calloc (/lib64/libasan.so.8+0xba097) + #1 0x7fc365e91e8e in message_from_header ../src/libsystemd/sd-bus/bus-message.c:372 + #2 0x7fc365e92dfd in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:421 + #3 0x7fc365f089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 + #4 0x7fc365f0affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 + #5 0x7fc365f2db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 + #6 0x7fc365f33352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 + #7 0x7fc365e4da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 + #8 0x7fc3658789e8 in bus_call_method ../src/shared/bus-locator.c:109 + #9 0x413b76 in show_image ../src/machine/machinectl.c:1014 + #10 0x7fc365c5c8cf in dispatch_verb ../src/shared/verbs.c:103 + #11 0x42e992 in machinectl_main ../src/machine/machinectl.c:2981 + #12 0x42ebbd in run ../src/machine/machinectl.c:3006 + #13 0x42ece3 in main ../src/machine/machinectl.c:3009 + #14 0x7fc36444a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + Indirect leak of 666 byte(s) in 6 object(s) allocated from: + #0 0x7fc3670b95b5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xb95b5) + #1 0x7fc365f09822 in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1214 + #2 0x7fc365f2db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 + #3 0x7fc365f33352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 + #4 0x7fc365e4da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 + #5 0x7fc3658789e8 in bus_call_method ../src/shared/bus-locator.c:109 + #6 0x413b76 in show_image ../src/machine/machinectl.c:1014 + #7 0x7fc365c5c8cf in dispatch_verb ../src/shared/verbs.c:103 + #8 0x42e992 in machinectl_main ../src/machine/machinectl.c:2981 + #9 0x42ebbd in run ../src/machine/machinectl.c:3006 + #10 0x42ece3 in main ../src/machine/machinectl.c:3009 + #11 0x7fc36444a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + Indirect leak of 12 byte(s) in 6 object(s) allocated from: + #0 0x7fc36707243b in strdup (/lib64/libasan.so.8+0x7243b) + #1 0x7fc365ec1543 in message_parse_fields ../src/libsystemd/sd-bus/bus-message.c:4125 + #2 0x7fc365e93586 in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:443 + #3 0x7fc365f089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 + #4 0x7fc365f0affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 + #5 0x7fc365f2db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 + #6 0x7fc365f33352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 + #7 0x7fc365e4da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 + #8 0x7fc3658789e8 in bus_call_method ../src/shared/bus-locator.c:109 + #9 0x413b76 in show_image ../src/machine/machinectl.c:1014 + #10 0x7fc365c5c8cf in dispatch_verb ../src/shared/verbs.c:103 + #11 0x42e992 in machinectl_main ../src/machine/machinectl.c:2981 + #12 0x42ebbd in run ../src/machine/machinectl.c:3006 + #13 0x42ece3 in main ../src/machine/machinectl.c:3009 + #14 0x7fc36444a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + SUMMARY: AddressSanitizer: 5382 byte(s) leaked in 18 allocation(s). + +(cherry picked from commit 4b6ce580eee3f70412637c1df4239e448995535f) +(cherry picked from commit e6a719598c80c284fb4b570c0eb89e7416616a98) +(cherry picked from commit 8dd68c29ff5a56bb4215fe9fcbb7399e21f6560c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/548f64dd4c270cd40f8e764606fe2dc36d3ac265 +--- + src/machine/machinectl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c +index 4ac48746ef..0f42f9f304 100644 +--- a/src/machine/machinectl.c ++++ b/src/machine/machinectl.c +@@ -993,9 +993,7 @@ static int show_image_properties(sd_bus *bus, const char *path, bool *new_line) + } + + static int show_image(int argc, char *argv[], void *userdata) { +- + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; +- _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + bool properties, new_line = false; + sd_bus *bus = userdata; + int r = 0; +@@ -1020,6 +1018,7 @@ static int show_image(int argc, char *argv[], void *userdata) { + } + + for (int i = 1; i < argc; i++) { ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + const char *path = NULL; + + r = bus_call_method(bus, bus_machine_mgr, "GetImage", &error, &reply, "s", argv[i]); +-- +2.33.0 + diff --git a/backport-machine-fix-a-memory-leak-when-showing-multiple-mach.patch b/backport-machine-fix-a-memory-leak-when-showing-multiple-mach.patch new file mode 100644 index 0000000..274b0f3 --- /dev/null +++ b/backport-machine-fix-a-memory-leak-when-showing-multiple-mach.patch @@ -0,0 +1,90 @@ +From 85f4849b4b86cd2246d733b48321abf804367d80 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Fri, 12 May 2023 14:50:52 +0200 +Subject: [PATCH] machine: fix a memory leak when showing multiple machines + ++ machinectl status long-running long-running long-running +================================================================= +==986==ERROR: LeakSanitizer: detected memory leaks +Direct leak of 1568 byte(s) in 2 object(s) allocated from: + #0 0x7fe57caba097 in calloc (/lib64/libasan.so.8+0xba097) + #1 0x7fe57b891e8e in message_from_header ../src/libsystemd/sd-bus/bus-message.c:372 + #2 0x7fe57b892dfd in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:421 + #3 0x7fe57b9089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 + #4 0x7fe57b90affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 + #5 0x7fe57b92db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 + #6 0x7fe57b933352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 + #7 0x7fe57b84da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 + #8 0x7fe57b2789e8 in bus_call_method ../src/shared/bus-locator.c:109 + #9 0x40f71c in show_machine ../src/machine/machinectl.c:713 + #10 0x7fe57b65c8cf in dispatch_verb ../src/shared/verbs.c:103 + #11 0x42e9ce in machinectl_main ../src/machine/machinectl.c:2980 + #12 0x42ebf9 in run ../src/machine/machinectl.c:3005 + #13 0x42ed1f in main ../src/machine/machinectl.c:3008 + #14 0x7fe579e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) +Indirect leak of 234 byte(s) in 2 object(s) allocated from: + #0 0x7fe57cab95b5 in __interceptor_realloc.part.0 (/lib64/libasan.so.8+0xb95b5) + #1 0x7fe57b909822 in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1214 + #2 0x7fe57b92db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 + #3 0x7fe57b933352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 + #4 0x7fe57b84da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 + #5 0x7fe57b2789e8 in bus_call_method ../src/shared/bus-locator.c:109 + #6 0x40f71c in show_machine ../src/machine/machinectl.c:713 + #7 0x7fe57b65c8cf in dispatch_verb ../src/shared/verbs.c:103 + #8 0x42e9ce in machinectl_main ../src/machine/machinectl.c:2980 + #9 0x42ebf9 in run ../src/machine/machinectl.c:3005 + #10 0x42ed1f in main ../src/machine/machinectl.c:3008 + #11 0x7fe579e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) +Indirect leak of 4 byte(s) in 2 object(s) allocated from: + #0 0x7fe57ca7243b in strdup (/lib64/libasan.so.8+0x7243b) + #1 0x7fe57b8c1543 in message_parse_fields ../src/libsystemd/sd-bus/bus-message.c:4125 + #2 0x7fe57b893586 in bus_message_from_malloc ../src/libsystemd/sd-bus/bus-message.c:443 + #3 0x7fe57b9089a8 in bus_socket_make_message ../src/libsystemd/sd-bus/bus-socket.c:1165 + #4 0x7fe57b90affe in bus_socket_read_message ../src/libsystemd/sd-bus/bus-socket.c:1294 + #5 0x7fe57b92db71 in bus_read_message ../src/libsystemd/sd-bus/sd-bus.c:2082 + #6 0x7fe57b933352 in sd_bus_call ../src/libsystemd/sd-bus/sd-bus.c:2483 + #7 0x7fe57b84da61 in sd_bus_call_methodv ../src/libsystemd/sd-bus/bus-convenience.c:183 + #8 0x7fe57b2789e8 in bus_call_method ../src/shared/bus-locator.c:109 + #9 0x40f71c in show_machine ../src/machine/machinectl.c:713 + #10 0x7fe57b65c8cf in dispatch_verb ../src/shared/verbs.c:103 + #11 0x42e9ce in machinectl_main ../src/machine/machinectl.c:2980 + #12 0x42ebf9 in run ../src/machine/machinectl.c:3005 + #13 0x42ed1f in main ../src/machine/machinectl.c:3008 + #14 0x7fe579e4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) +SUMMARY: AddressSanitizer: 1806 byte(s) leaked in 6 allocation(s). + +(cherry picked from commit efdaa92ecb1b358e9f27f7d263bb3383f6ab69c9) +(cherry picked from commit 4d29f741c853b95b198f58a3b8f2ae1df175522e) +(cherry picked from commit ee06c7db0cd9d3d1104ae8bfdd1a6968a6b6b6a9) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/85f4849b4b86cd2246d733b48321abf804367d80 +--- + src/machine/machinectl.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/machine/machinectl.c b/src/machine/machinectl.c +index 0f42f9f304..d5f8b5bbb3 100644 +--- a/src/machine/machinectl.c ++++ b/src/machine/machinectl.c +@@ -694,9 +694,7 @@ static int show_machine_properties(sd_bus *bus, const char *path, bool *new_line + } + + static int show_machine(int argc, char *argv[], void *userdata) { +- + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; +- _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + bool properties, new_line = false; + sd_bus *bus = userdata; + int r = 0; +@@ -717,6 +715,7 @@ static int show_machine(int argc, char *argv[], void *userdata) { + } + + for (int i = 1; i < argc; i++) { ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + const char *path = NULL; + + r = bus_call_method(bus, bus_machine_mgr, "GetMachine", &error, &reply, "s", argv[i]); +-- +2.33.0 + diff --git a/backport-network-bridge-fix-UseBPDU-and-AllowPortToBeRoot.patch b/backport-network-bridge-fix-UseBPDU-and-AllowPortToBeRoot.patch new file mode 100644 index 0000000..9a91465 --- /dev/null +++ b/backport-network-bridge-fix-UseBPDU-and-AllowPortToBeRoot.patch @@ -0,0 +1,74 @@ +From 06dc900efa69bbebe1cff59112b4cfd40ed6b3b5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 13 Aug 2022 05:08:38 +0900 +Subject: [PATCH] network/bridge: fix UseBPDU= and AllowPortToBeRoot= + +Fixes bugs caused by 7f9915f0de67f3a10a4b22810d119da65af8c84a. + +Fixes #24268. + +(cherry picked from commit 3f504b892b92f54087feeb3fb35e3938567d7fa0) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/06dc900efa69bbebe1cff59112b4cfd40ed6b3b5 +--- + src/network/networkd-setlink.c | 4 ++-- + test/networkd-test.py | 4 ++-- + test/test-network/systemd-networkd-tests.py | 8 ++++---- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c +index 97c6848717..71ecaf4abf 100644 +--- a/src/network/networkd-setlink.c ++++ b/src/network/networkd-setlink.c +@@ -230,7 +230,7 @@ static int link_configure_fill_message( + return log_link_debug_errno(link, r, "Could not open IFLA_PROTINFO container: %m"); + + if (link->network->use_bpdu >= 0) { +- r = sd_netlink_message_append_u8(req, IFLA_BRPORT_GUARD, link->network->use_bpdu); ++ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_GUARD, !link->network->use_bpdu); + if (r < 0) + return log_link_debug_errno(link, r, "Could not append IFLA_BRPORT_GUARD attribute: %m"); + } +@@ -254,7 +254,7 @@ static int link_configure_fill_message( + } + + if (link->network->allow_port_to_be_root >= 0) { +- r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROTECT, link->network->allow_port_to_be_root); ++ r = sd_netlink_message_append_u8(req, IFLA_BRPORT_PROTECT, !link->network->allow_port_to_be_root); + if (r < 0) + return log_link_debug_errno(link, r, "Could not append IFLA_BRPORT_PROTECT attribute: %m"); + } +diff --git a/test/networkd-test.py b/test/networkd-test.py +index 4b5ba622fa..0a5ba11f89 100755 +--- a/test/networkd-test.py ++++ b/test/networkd-test.py +@@ -291,8 +291,8 @@ Priority=23 + self.assertEqual(self.read_attr('port2', 'brport/path_cost'), '555') + self.assertEqual(self.read_attr('port2', 'brport/multicast_fast_leave'), '1') + self.assertEqual(self.read_attr('port2', 'brport/unicast_flood'), '1') +- self.assertEqual(self.read_attr('port2', 'brport/bpdu_guard'), '1') +- self.assertEqual(self.read_attr('port2', 'brport/root_block'), '1') ++ self.assertEqual(self.read_attr('port2', 'brport/bpdu_guard'), '0') ++ self.assertEqual(self.read_attr('port2', 'brport/root_block'), '0') + + class ClientTestBase(NetworkdTestingUtilities): + """Provide common methods for testing networkd against servers.""" +diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py +index 989020e0c6..37d2151a8d 100755 +--- a/test/test-network/systemd-networkd-tests.py ++++ b/test/test-network/systemd-networkd-tests.py +@@ -3931,8 +3931,8 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities): + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'neigh_suppress'), '1') + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'learning'), '0') + self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'priority'), '23') +- self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'bpdu_guard'), '1') +- self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'root_block'), '1') ++ self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'bpdu_guard'), '0') ++ self.assertEqual(read_bridge_port_attr('bridge99', 'dummy98', 'root_block'), '0') + + output = check_output('bridge -d link show test1') + print(output) +-- +2.33.0 + diff --git a/backport-network-ipv4acd-update-MAC-address-on-change-26753.patch b/backport-network-ipv4acd-update-MAC-address-on-change-26753.patch new file mode 100644 index 0000000..bbc190b --- /dev/null +++ b/backport-network-ipv4acd-update-MAC-address-on-change-26753.patch @@ -0,0 +1,35 @@ +From 922cdcc6aed81f869fbdd875ad779ef9a2b02e75 Mon Sep 17 00:00:00 2001 +From: Brett Holman +Date: Mon, 13 Mar 2023 09:21:30 -0600 +Subject: [PATCH] network: ipv4acd: update MAC address on change (#26753) + +Commit 76a86ffdbee2dd9ef0f2b5338e14eb6ba7671456 added function +ipv4acd_update_mac() but invoked ipv4ll_update_mac(), which doesn't +align with debug or commit messages. + +(cherry picked from commit 0a14f83a0edb2c809c932b5d98240dd10a6bb79a) +(cherry picked from commit 59ae2a45a92025097de94cc7c0c622aa990179cf) +(cherry picked from commit 0703aa328c0c405e3771af8078c43fa9d5980860) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/922cdcc6aed81f869fbdd875ad779ef9a2b02e75 +--- + src/network/networkd-link.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 14d0f8eab4..5da0e4c563 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -2127,7 +2127,7 @@ static int link_update_hardware_address(Link *link, sd_netlink_message *message) + log_link_debug_errno(link, r, "Failed to manage link by its new hardware address, ignoring: %m"); + } + +- r = ipv4ll_update_mac(link); ++ r = ipv4acd_update_mac(link); + if (r < 0) + return log_link_debug_errno(link, r, "Could not update MAC address in IPv4 ACD client: %m"); + +-- +2.33.0 + diff --git a/backport-nspawn-call-json_dispatch-with-a-correct-pointer.patch b/backport-nspawn-call-json_dispatch-with-a-correct-pointer.patch new file mode 100644 index 0000000..5b089fc --- /dev/null +++ b/backport-nspawn-call-json_dispatch-with-a-correct-pointer.patch @@ -0,0 +1,59 @@ +From 67fac85b82e6d91bea8ef86977d2ced2ca54692c Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 15 May 2023 19:45:13 +0200 +Subject: [PATCH] nspawn: call json_dispatch() with a correct pointer + +Otherwise hilarity ensues: + + AddressSanitizer:DEADLYSIGNAL + ================================================================= + ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) + ==722==The signal is caused by a READ memory access. + #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) + #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 + #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 + #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 + #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 + #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 + #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 + #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 + #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 + #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 + #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 + #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 + #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 + #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 + #14 0x4552fb in main ../src/nspawn/nspawn.c:5920 + #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) + #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) + AddressSanitizer can not provide additional info. + SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 + ==722==ABORTING + +(cherry picked from commit f4e5c042c9a5659a5eebb4c91c0f1132f02a2c59) +(cherry picked from commit c7861222ba57e929fa6bb3efd73ab20540b243c2) +(cherry picked from commit d45301d66053ce3c96c6aa9a33b91eeeafff741b) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/67fac85b82e6d91bea8ef86977d2ced2ca54692c +--- + src/nspawn/nspawn-oci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c +index 81b40c5431..4d69543254 100644 +--- a/src/nspawn/nspawn-oci.c ++++ b/src/nspawn/nspawn-oci.c +@@ -2150,7 +2150,7 @@ static int oci_hooks_array(const char *name, JsonVariant *v, JsonDispatchFlags f + .timeout = USEC_INFINITY, + }; + +- r = json_dispatch(e, table, oci_unexpected, flags, userdata); ++ r = json_dispatch(e, table, oci_unexpected, flags, new_item); + if (r < 0) { + free(new_item->path); + strv_free(new_item->args); +-- +2.33.0 + diff --git a/backport-nspawn-fix-UID-map-string.patch b/backport-nspawn-fix-UID-map-string.patch new file mode 100644 index 0000000..bc0165e --- /dev/null +++ b/backport-nspawn-fix-UID-map-string.patch @@ -0,0 +1,36 @@ +From 20037219b702dd34b9b34050bf64030d4f93db98 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 15 Jun 2022 22:32:40 +0900 +Subject: [PATCH] nspawn: fix UID map string + +We send/recv the set of payload uid, host uid, payload gid, host gid. +Hence, the index must be incremented with 4, instead of 2. + +Fixes #23664. + +(cherry picked from commit 05ab439a62de8bb47e4137d2a8a473a307ccfb33) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/20037219b702dd34b9b34050bf64030d4f93db98 +--- + src/nspawn/nspawn.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index c5fd978395..4ce80bba70 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -4137,8 +4137,8 @@ static int make_uid_map_string( + * quadruplet, consisting of host and container UID + GID. */ + + for (size_t i = 0; i < n_bind_user_uid; i++) { +- uid_t payload_uid = bind_user_uid[i*2+offset], +- host_uid = bind_user_uid[i*2+offset+1]; ++ uid_t payload_uid = bind_user_uid[i*4+offset], ++ host_uid = bind_user_uid[i*4+offset+1]; + + assert(previous_uid <= payload_uid); + assert(payload_uid < arg_uid_range); +-- +2.33.0 + diff --git a/backport-nspawn-fix-a-global-buffer-overflow.patch b/backport-nspawn-fix-a-global-buffer-overflow.patch new file mode 100644 index 0000000..35b9455 --- /dev/null +++ b/backport-nspawn-fix-a-global-buffer-overflow.patch @@ -0,0 +1,86 @@ +From ccb4b3522cdc6abf8a0a5443f6318fe3918795fd Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 15 May 2023 20:25:43 +0200 +Subject: [PATCH] nspawn: fix a global-buffer-overflow + +Whoopsie. + +================================================================= +==3789231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000051d0b8 at pc 0x7f70850bc904 bp 0x7ffd9bbdf660 sp 0x7ffd9bbdf658 +READ of size 8 at 0x00000051d0b8 thread T0 + #0 0x7f70850bc903 in json_dispatch ../src/shared/json.c:4347 + #1 0x4a5b54 in oci_seccomp_syscalls ../src/nspawn/nspawn-oci.c:1838 + #2 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 + #3 0x4a668c in oci_seccomp ../src/nspawn/nspawn-oci.c:1905 + #4 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 + #5 0x4a7d8c in oci_linux ../src/nspawn/nspawn-oci.c:2030 + #6 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 + #7 0x4aa31c in oci_load ../src/nspawn/nspawn-oci.c:2198 + #8 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 + #9 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 + #10 0x4552fb in main ../src/nspawn/nspawn.c:5920 + #11 0x7f7083a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + #12 0x7f7083a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) + #13 0x40d284 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/systemd-nspawn+0x40d284) + +0x00000051d0b8 is located 40 bytes to the left of global variable 'bus_standard_errors_copy_0' defined in '../src/libsystemd/sd-bus/bus-error.h:57:1' (0x51d0e0) of size 8 +0x00000051d0b8 is located 0 bytes to the right of global variable 'table' defined in '../src/nspawn/nspawn-oci.c:1829:43' (0x51d040) of size 120 +SUMMARY: AddressSanitizer: global-buffer-overflow ../src/shared/json.c:4347 in json_dispatch +Shadow bytes around the buggy address: + 0x00008009b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x00008009b9d0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 + 0x00008009b9e0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 + 0x00008009b9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x00008009ba00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 +=>0x00008009ba10: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 f9 f9 f9 + 0x00008009ba20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 + 0x00008009ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x00008009ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x00008009ba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + 0x00008009ba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Shadow byte legend (one shadow byte represents 8 application bytes): + Addressable: 00 + Partially addressable: 01 02 03 04 05 06 07 + Heap left redzone: fa + Freed heap region: fd + Stack left redzone: f1 + Stack mid redzone: f2 + Stack right redzone: f3 + Stack after return: f5 + Stack use after scope: f8 + Global redzone: f9 + Global init order: f6 + Poisoned by user: f7 + Container overflow: fc + Array cookie: ac + Intra object redzone: bb + ASan internal: fe + Left alloca redzone: ca + Right alloca redzone: cb +==3789231==ABORTING + +(cherry picked from commit 525c3e3438a7e4cd78b42f5f6ccdc3df1e363ca9) +(cherry picked from commit b8ed81660f0ad27f047153da8c28d9be4e8e1540) +(cherry picked from commit 6f52d1bf9e0a4a4e959c9967d4643084b9ed6f17) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/ccb4b3522cdc6abf8a0a5443f6318fe3918795fd +--- + src/nspawn/nspawn-oci.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c +index 86b838bd0e..ded7fe0d41 100644 +--- a/src/nspawn/nspawn-oci.c ++++ b/src/nspawn/nspawn-oci.c +@@ -1888,6 +1888,7 @@ static int oci_seccomp_syscalls(const char *name, JsonVariant *v, JsonDispatchFl + { "names", JSON_VARIANT_ARRAY, json_dispatch_strv, offsetof(struct syscall_rule, names), JSON_MANDATORY }, + { "action", JSON_VARIANT_STRING, oci_seccomp_action, offsetof(struct syscall_rule, action), JSON_MANDATORY }, + { "args", JSON_VARIANT_ARRAY, oci_seccomp_args, 0, 0 }, ++ {} + }; + struct syscall_rule rule = { + .action = UINT32_MAX, +-- +2.33.0 + diff --git a/backport-nspawn-fix-inverted-condition.patch b/backport-nspawn-fix-inverted-condition.patch new file mode 100644 index 0000000..4c8b800 --- /dev/null +++ b/backport-nspawn-fix-inverted-condition.patch @@ -0,0 +1,31 @@ +From 3f9f8a6ed3c05f21d6bc95e1f29cb9fbfac981e1 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Mon, 15 May 2023 20:10:05 +0200 +Subject: [PATCH] nspawn: fix inverted condition + +(cherry picked from commit fc832965476d106fb3d5a6c9a43f5ff3166987b2) +(cherry picked from commit 756e77b93636a6de55110e46158defd1d7e69aca) +(cherry picked from commit 40024e6d39bbcc9ee9a3f2de60edaaa7fc5a132c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/3f9f8a6ed3c05f21d6bc95e1f29cb9fbfac981e1 +--- + src/nspawn/nspawn-oci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-oci.c b/src/nspawn/nspawn-oci.c +index 4d69543254..86b838bd0e 100644 +--- a/src/nspawn/nspawn-oci.c ++++ b/src/nspawn/nspawn-oci.c +@@ -1638,7 +1638,7 @@ static int oci_sysctl(const char *name, JsonVariant *v, JsonDispatchFlags flags, + + assert_se(m = json_variant_string(w)); + +- if (sysctl_key_valid(k)) ++ if (!sysctl_key_valid(k)) + return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL), + "sysctl key invalid, refusing: %s", k); + +-- +2.33.0 + diff --git a/backport-pid1-fix-coredump_filter-setting.patch b/backport-pid1-fix-coredump_filter-setting.patch new file mode 100644 index 0000000..7a9ccf9 --- /dev/null +++ b/backport-pid1-fix-coredump_filter-setting.patch @@ -0,0 +1,33 @@ +From 857fdbc6081a80e45b391ebce70539e5f900020f Mon Sep 17 00:00:00 2001 +From: David Schroeder +Date: Wed, 12 Apr 2023 16:48:21 -0700 +Subject: [PATCH] pid1: fix coredump_filter setting + +Correct what appears to be a copy/paste error in config_parse_exec_coredump_filter that is preventing the coredump_filter setting from working correctly. + +(cherry picked from commit 9c669abb7106ae340ea47e7747d3bd054fbacdc5) +(cherry picked from commit 91953109ecd0956775b5bef442cd567917b11050) +(cherry picked from commit be49fcd07b3fa6db96dc8ff237f4bad959350b6c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/857fdbc6081a80e45b391ebce70539e5f900020f +--- + src/core/load-fragment.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 8a14cd569c..478026e3ae 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -780,7 +780,7 @@ int config_parse_exec_coredump_filter( + } + + c->coredump_filter |= f; +- c->oom_score_adjust_set = true; ++ c->coredump_filter_set = true; + return 0; + } + +-- +2.33.0 + diff --git a/backport-pid1-when-taking-possession-of-passed-fds-check-O_CL.patch b/backport-pid1-when-taking-possession-of-passed-fds-check-O_CL.patch new file mode 100644 index 0000000..197a2dc --- /dev/null +++ b/backport-pid1-when-taking-possession-of-passed-fds-check-O_CL.patch @@ -0,0 +1,130 @@ +From 4981dd7c8771e83d625ee42dec709c5504cbad80 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 30 May 2023 15:33:59 +0200 +Subject: [PATCH] pid1: when taking possession of passed fds check O_CLOEXEC + state first + +So here's the thing. One library we use (libselinux) is opening fds +behind our back when we initialize it and keeps it open. On the other +hand we want to automatically pick up all fds passed in to us, so that +we can distribute them to our services and close the rest. We pick them +up very early in our code, to ensure that we don't get confused by open +fds at that point. Except that libselinux insists on being initialized +even earlier. So suddenly we might take possession of libselinux' fds, +and then close them later when we decide no service wants them. Then +during shutdown we close down selinux and selinux closes its fds, but +since already closed long ago this ight close our fds instead. Hilarity +ensues. + +I wish low-level software wouldn't do such things behind our back, but +well, let's make the best of it. + +This changes the fd pick-up logic to only pick up fds that have +O_CLOEXEC unset. O_CLOEXEC must be unset for any fds passed in to us +over execve() after all. And for all our own fds we should set O_CLOEXEC +since we generally don't want to litter fd tables for execve(). Also, +libselinux thankfully appears to set O_CLOEXEC correctly on its fds, +hence the filter works. + +Fixes: #27491 + +(cherry picked from commit eb564f928e401def8d3aaa2a90f33cb09cdc1517) +Backport of the cloexec filter for v253, and for v252 (actually tested +with v252). Note that I've left the name _s of the function parameter as +it was before. +(cherry picked from commit 88bf6b5815d81cb6d29e9a41f752c70584fac062) +(cherry picked from commit 4dd3f8934a51d065d2b3df6d368989f9610a37b5) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/4981dd7c8771e83d625ee42dec709c5504cbad80 +--- + src/core/main.c | 16 ++++++++++++---- + src/shared/fdset.c | 18 +++++++++++++++++- + src/shared/fdset.h | 2 +- + 3 files changed, 30 insertions(+), 6 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 46d6968b6b..9934bda1f3 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2578,16 +2578,24 @@ static int collect_fds(FDSet **ret_fds, const char **ret_error_message) { + assert(ret_fds); + assert(ret_error_message); + +- r = fdset_new_fill(ret_fds); ++ /* Pick up all fds passed to us. We apply a filter here: we only take the fds that have O_CLOEXEC ++ * off. All fds passed via execve() to us must have O_CLOEXEC off, and our own code and dependencies ++ * should be clean enough to set O_CLOEXEC universally. Thus checking the bit should be a safe ++ * mechanism to distinguish passed in fds from our own. ++ * ++ * Why bother? Some subsystems we initialize early, specifically selinux might keep fds open in our ++ * process behind our back. We should not take possession of that (and then accidentally close ++ * it). SELinux thankfully sets O_CLOEXEC on its fds, so this test should work. */ ++ r = fdset_new_fill(/* filter_cloexec= */ 0, ret_fds); + if (r < 0) { + *ret_error_message = "Failed to allocate fd set"; + return log_emergency_errno(r, "Failed to allocate fd set: %m"); + } + +- fdset_cloexec(*ret_fds, true); ++ (void) fdset_cloexec(*ret_fds, true); + +- if (arg_serialization) +- assert_se(fdset_remove(*ret_fds, fileno(arg_serialization)) >= 0); ++ /* The serialization fd should have O_CLOEXEC turned on already, let's verify that we didn't pick it up here */ ++ assert_se(!arg_serialization || !fdset_contains(*ret_fds, fileno(arg_serialization))); + + return 0; + } +diff --git a/src/shared/fdset.c b/src/shared/fdset.c +index c621c14ba6..6f40c6aa0d 100644 +--- a/src/shared/fdset.c ++++ b/src/shared/fdset.c +@@ -124,7 +124,9 @@ int fdset_remove(FDSet *s, int fd) { + return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT; + } + +-int fdset_new_fill(FDSet **_s) { ++int fdset_new_fill( ++ int filter_cloexec, /* if < 0 takes all fds, otherwise only those with O_CLOEXEC set (1) or unset (0) */ ++ FDSet **_s) { + _cleanup_closedir_ DIR *d = NULL; + struct dirent *de; + int r = 0; +@@ -157,6 +159,20 @@ int fdset_new_fill(FDSet **_s) { + if (fd == dirfd(d)) + continue; + ++ if (filter_cloexec >= 0) { ++ int fl; ++ ++ /* If user asked for that filter by O_CLOEXEC. This is useful so that fds that have ++ * been passed in can be collected and fds which have been created locally can be ++ * ignored, under the assumption that only the latter have O_CLOEXEC set. */ ++ fl = fcntl(fd, F_GETFD); ++ if (fl < 0) ++ return -errno; ++ ++ if (FLAGS_SET(fl, FD_CLOEXEC) != !!filter_cloexec) ++ continue; ++ } ++ + r = fdset_put(s, fd); + if (r < 0) + goto finish; +diff --git a/src/shared/fdset.h b/src/shared/fdset.h +index 39d15ee4aa..e8a6b4869d 100644 +--- a/src/shared/fdset.h ++++ b/src/shared/fdset.h +@@ -19,7 +19,7 @@ bool fdset_contains(FDSet *s, int fd); + int fdset_remove(FDSet *s, int fd); + + int fdset_new_array(FDSet **ret, const int *fds, size_t n_fds); +-int fdset_new_fill(FDSet **ret); ++int fdset_new_fill(int filter_cloexec, FDSet **ret); + int fdset_new_listen_fds(FDSet **ret, bool unset); + + int fdset_cloexec(FDSet *fds, bool b); +-- +2.33.0 + diff --git a/backport-rm-rf-fix-errno-handling.patch b/backport-rm-rf-fix-errno-handling.patch new file mode 100644 index 0000000..111be5b --- /dev/null +++ b/backport-rm-rf-fix-errno-handling.patch @@ -0,0 +1,79 @@ +From 37db6597daa992702b3a8a5b7a636f935e6861ba Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 18 Mar 2023 23:35:04 +0900 +Subject: [PATCH] rm-rf: fix errno handling + +(cherry picked from commit cd2cd095db6f26bf9889ef26f1b105843220b803) +(cherry picked from commit 80417f90b03707a873bbff89f246ece3fb9f2c95) +(cherry picked from commit 25a8b163be1558cc837af68baefac3c8f1ba3497) + +Conflict:add function RET_NERRNO +Reference:https://github.com/systemd/systemd-stable/commit/37db6597daa992702b3a8a5b7a636f935e6861ba +--- + src/basic/errno-util.h | 23 +++++++++++++++++++++++ + src/shared/rm-rf.c | 8 ++++---- + 2 files changed, 27 insertions(+), 4 deletions(-) + +diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h +index ffa3e12..57071e5 100644 +--- a/src/basic/errno-util.h ++++ b/src/basic/errno-util.h +@@ -31,6 +31,29 @@ static inline int negative_errno(void) { + return -errno; + } + ++static inline int RET_NERRNO(int ret) { ++ ++ /* Helper to wrap system calls in to make them return negative errno errors. This brings system call ++ * error handling in sync with how we usually handle errors in our own code, i.e. with immediate ++ * returning of negative errno. Usage is like this: ++ * ++ * … ++ * r = RET_NERRNO(unlink(t)); ++ * … ++ * ++ * or ++ * ++ * … ++ * fd = RET_NERRNO(open("/etc/fstab", O_RDONLY|O_CLOEXEC)); ++ * … ++ */ ++ ++ if (ret < 0) ++ return negative_errno(); ++ ++ return ret; ++} ++ + static inline const char *strerror_safe(int error) { + /* 'safe' here does NOT mean thread safety. */ + return strerror(abs(error)); /* lgtm [cpp/potentially-dangerous-function] */ +diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c +index 954686f..58e54f6 100644 +--- a/src/shared/rm-rf.c ++++ b/src/shared/rm-rf.c +@@ -288,8 +288,8 @@ int rm_rf_children( + if (!newdirname) + return log_oom(); + +- int newfd = openat(fd, de->d_name, +- O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ int newfd = RET_NERRNO(openat(fd, de->d_name, ++ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME)); + if (newfd >= 0) { + todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; + fd = newfd; +@@ -297,8 +297,8 @@ int rm_rf_children( + + goto next_fd; + +- } else if (errno != -ENOENT && ret == 0) +- ret = -errno; ++ } else if (newfd != -ENOENT && ret == 0) ++ ret = newfd; + + } else if (r < 0 && r != -ENOENT && ret == 0) + ret = r; +-- +2.33.0 + diff --git a/backport-scope-do-not-disable-timer-event-source-when-state-i.patch b/backport-scope-do-not-disable-timer-event-source-when-state-i.patch new file mode 100644 index 0000000..555b2e1 --- /dev/null +++ b/backport-scope-do-not-disable-timer-event-source-when-state-i.patch @@ -0,0 +1,41 @@ +From 7aa7e9e93db471b1811a916a3c3c6e3d53abad4a Mon Sep 17 00:00:00 2001 +From: Nick Rosbrook +Date: Tue, 4 Apr 2023 18:39:26 -0400 +Subject: [PATCH] scope: do not disable timer event source when state is + SCOPE_RUNNING + +In scope_set_state(), the timer event source may be disabled depending +on the state. Currently, it will be disabled when the state is +SCOPE_RUNNING. This has the effect of new RuntimeMaxSec values being +ignored on coldplug. + +Note that this issue is not currently present when scopes are started +because when scope_start() is called, scope_arm_timer() is called after +scope_set_state(). + +(cherry picked from commit e1f85b49b09ed3e3717cf7776c9da7acc4e906c6) +(cherry picked from commit 999f48558bbe5d4665b97d76c530edc12f71b70b) +(cherry picked from commit 6bdcd58a88ca70b4fc097941a8f435400eb90e53) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/7aa7e9e93db471b1811a916a3c3c6e3d53abad4a +--- + src/core/scope.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/scope.c b/src/core/scope.c +index 1289bb8cb4..a2c9a3fd4d 100644 +--- a/src/core/scope.c ++++ b/src/core/scope.c +@@ -107,7 +107,7 @@ static void scope_set_state(Scope *s, ScopeState state) { + old_state = s->state; + s->state = state; + +- if (!IN_SET(state, SCOPE_STOP_SIGTERM, SCOPE_STOP_SIGKILL)) ++ if (!IN_SET(state, SCOPE_STOP_SIGTERM, SCOPE_STOP_SIGKILL, SCOPE_RUNNING)) + s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source); + + if (IN_SET(state, SCOPE_DEAD, SCOPE_FAILED)) { +-- +2.33.0 + diff --git a/backport-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch b/backport-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch new file mode 100644 index 0000000..a135d17 --- /dev/null +++ b/backport-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch @@ -0,0 +1,33 @@ +From 85d37c860d29041df21038d14a4268419836bb51 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Fri, 11 Nov 2022 11:09:28 +0100 +Subject: [PATCH] sd-bus: Use goto finish instead of return in + bus_add_match_full + +Fixes #25340 + +(cherry picked from commit 0f3c342903d1a09577378912717539b530af1fcf) +(cherry picked from commit eea92b179d07ef46b2fdfe4e0a918278ac43a81c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/85d37c860d29041df21038d14a4268419836bb51 +--- + src/libsystemd/sd-bus/sd-bus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index a9189360fd..287d7d4753 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -3530,7 +3530,7 @@ static int bus_add_match_full( + s); + + if (r < 0) +- return r; ++ goto finish; + + /* Make the slot of the match call floating now. We need the reference, but we don't + * want that this match pins the bus object, hence we first create it non-floating, but +-- +2.33.0 + diff --git a/backport-sd-bus-bus_message_type_from_string-is-not-pure.patch b/backport-sd-bus-bus_message_type_from_string-is-not-pure.patch new file mode 100644 index 0000000..9103412 --- /dev/null +++ b/backport-sd-bus-bus_message_type_from_string-is-not-pure.patch @@ -0,0 +1,67 @@ +From a810ea5f9595103b834000374061f4fd30ea74e0 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Wed, 10 May 2023 01:41:28 +0800 +Subject: [PATCH] sd-bus: bus_message_type_from_string is not pure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +GCC document [1] says: + + The pure attribute prohibits a function from modifying the state + of the program that is observable by means other than inspecting + the function’s return value. + +And there is an example: + + `int hash (char *) __attribute__ ((pure));` + ... Even though hash takes a non-const pointer argument it must + not modify the array it points to, ... + +But we are modifying the object pointed to by the pointer u, which is +clearly a violation of the semantic of pure. + +With -ftrivial-auto-var-init (enabled by -Dmode=release), on some +targets (GCC 12.2 on AArch64 and GCC 13.1 on x86_64) performs an +optimization: as the variable "u" in bus_match_parse has been +zero-initialized (by the -ftrivial-auto-var-init option) and never +modified (because a "pure" bus_message_type_from_string is not allowed +to modify it), "u" will be always 0. + +Then 0 is used to initialize .value_u8 field of struct +bus_match_component. This then causes a infinite event loop, so +"systemctl restart" never stops, and pam_systemd timeouts communicating +with logind, etc. + +So we should remove the "pure" attribute here. + +Fixes #26395. + +[1]:https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-pure-function-attribute + +(cherry picked from commit 6723c28f36ea566faf61d3610012cd89f95ee4a0) +(cherry picked from commit 59dccdfddbdde5d4ff047108a545106f2bac6872) +(cherry picked from commit bf2f71a0615b3831f170728760171d8bfb13fc5e) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/a810ea5f9595103b834000374061f4fd30ea74e0 +--- + src/libsystemd/sd-bus/bus-internal.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h +index 51673ad1c5..d486e17fc9 100644 +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -361,7 +361,7 @@ bool path_complex_pattern(const char *pattern, const char *value) _pure_; + bool namespace_simple_pattern(const char *pattern, const char *value) _pure_; + bool path_simple_pattern(const char *pattern, const char *value) _pure_; + +-int bus_message_type_from_string(const char *s, uint8_t *u) _pure_; ++int bus_message_type_from_string(const char *s, uint8_t *u); + const char *bus_message_type_to_string(uint8_t u) _pure_; + + #define error_name_is_valid interface_name_is_valid +-- +2.33.0 + diff --git a/backport-sd-bus-sd-event-allow-querying-of-description-even-a.patch b/backport-sd-bus-sd-event-allow-querying-of-description-even-a.patch new file mode 100644 index 0000000..58d2d00 --- /dev/null +++ b/backport-sd-bus-sd-event-allow-querying-of-description-even-a.patch @@ -0,0 +1,50 @@ +From a1d045bb9cb781b64033be8d593a0d16d7df5053 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 18 May 2023 17:05:41 +0200 +Subject: [PATCH] sd-bus,sd-event: allow querying of description even after + fork + +This in unnecessarilly unpleasant: the code might report about a bus +connection, e.g. in an error message or assert. Let's let it query +the name of the object. + +This partially reverts f4b2933ee7890e5d414ab266d8586f19027a2bd9. + +(cherry picked from commit ed7a6f51eab5af40d3d7884ce846f74aea0c00f0) +(cherry picked from commit a3e5eb5606d92b5c4db9306cbd3fcac56e9ff10a) +(cherry picked from commit 299573b5d7eeec6b25e07cf6ec12b2ffef151f85) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/a1d045bb9cb781b64033be8d593a0d16d7df5053 +--- + src/libsystemd/sd-bus/sd-bus.c | 1 - + src/libsystemd/sd-event/sd-event.c | 1 - + 2 files changed, 2 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index dae85becc2..c53686f6b0 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -4162,7 +4162,6 @@ _public_ int sd_bus_get_description(sd_bus *bus, const char **description) { + assert_return(bus = bus_resolve(bus), -ENOPKG); + assert_return(description, -EINVAL); + assert_return(bus->description, -ENXIO); +- assert_return(!bus_pid_changed(bus), -ECHILD); + + if (bus->description) + *description = bus->description; +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 00bf6ac1e5..95102921a5 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -2162,7 +2162,6 @@ _public_ int sd_event_source_set_description(sd_event_source *s, const char *des + _public_ int sd_event_source_get_description(sd_event_source *s, const char **description) { + assert_return(s, -EINVAL); + assert_return(description, -EINVAL); +- assert_return(!event_pid_changed(s->event), -ECHILD); + + if (!s->description) + return -ENXIO; +-- +2.33.0 + diff --git a/backport-sd-device-add-helper-to-read-a-unsigned-int-attribut.patch b/backport-sd-device-add-helper-to-read-a-unsigned-int-attribut.patch new file mode 100644 index 0000000..1768bee --- /dev/null +++ b/backport-sd-device-add-helper-to-read-a-unsigned-int-attribut.patch @@ -0,0 +1,99 @@ +From 1fc74d251e30196c9196cafd60d163c218bdc1aa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 23 Aug 2022 16:24:02 +0200 +Subject: [PATCH] sd-device: add helper to read a unsigned int attribute + +There are dozens of places where this could be used, but I don't +want to do the conversion now because it's quite a bit of work. +I think we could export this function later on, because reading +numerical attributes is so common. But for now, I'm just adding the +helper to use it one place. + +(cherry picked from commit 48a511cf92cbf202e9ef6064a9b5ebd1f497e1a8) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/1fc74d251e30196c9196cafd60d163c218bdc1aa +--- + src/libsystemd/sd-device/device-private.h | 2 ++ + src/libsystemd/sd-device/sd-device.c | 33 +++++++++++++++++++++++ + src/libsystemd/sd-device/test-sd-device.c | 7 +++++ + 3 files changed, 42 insertions(+) + +diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h +index 9602f9eda3..7fa8dc0035 100644 +--- a/src/libsystemd/sd-device/device-private.h ++++ b/src/libsystemd/sd-device/device-private.h +@@ -18,6 +18,8 @@ static inline int device_new_from_watch_handle(sd_device **ret, int wd) { + return device_new_from_watch_handle_at(ret, -1, wd); + } + ++int device_get_sysattr_unsigned(sd_device *device, const char *sysattr, unsigned *ret_value); ++int device_get_sysattr_bool(sd_device *device, const char *sysattr); + int device_get_device_id(sd_device *device, const char **ret); + + int device_get_devlink_priority(sd_device *device, int *priority); +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 62531b9564..5660538dd3 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -2172,6 +2172,39 @@ _public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr, + return 0; + } + ++int device_get_sysattr_unsigned(sd_device *device, const char *sysattr, unsigned *ret_value) { ++ const char *value; ++ int r; ++ ++ r = sd_device_get_sysattr_value(device, sysattr, &value); ++ if (r < 0) ++ return r; ++ ++ unsigned v; ++ r = safe_atou(value, &v); ++ if (r < 0) ++ return log_device_debug_errno(device, r, "Failed to parse '%s' attribute: %m", sysattr); ++ ++ if (ret_value) ++ *ret_value = v; ++ /* We return "true" if the value is positive. */ ++ return v > 0; ++} ++ ++int device_get_sysattr_bool(sd_device *device, const char *sysattr) { ++ const char *value; ++ int r; ++ ++ assert(device); ++ assert(sysattr); ++ ++ r = sd_device_get_sysattr_value(device, sysattr, &value); ++ if (r < 0) ++ return r; ++ ++ return parse_boolean(value); ++} ++ + static void device_remove_cached_sysattr_value(sd_device *device, const char *_key) { + _cleanup_free_ char *key = NULL; + +diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c +index fa334df6c7..01c184a7d0 100644 +--- a/src/libsystemd/sd-device/test-sd-device.c ++++ b/src/libsystemd/sd-device/test-sd-device.c +@@ -177,6 +177,13 @@ static void test_sd_device_one(sd_device *d) { + + r = sd_device_get_sysattr_value(d, "name_assign_type", &val); + assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || IN_SET(r, -ENOENT, -EINVAL)); ++ ++ if (r > 0) { ++ unsigned x; ++ ++ assert_se(device_get_sysattr_unsigned(d, "name_assign_type", NULL) >= 0); ++ assert_se(device_get_sysattr_unsigned(d, "name_assign_type", &x) >= 0); ++ } + + r = sd_device_get_property_value(d, "ID_NET_DRIVER", &val); + assert_se(r >= 0 || r == -ENOENT); +-- +2.33.0 + diff --git a/backport-sd-device-fix-double-free.patch b/backport-sd-device-fix-double-free.patch new file mode 100644 index 0000000..1c6d002 --- /dev/null +++ b/backport-sd-device-fix-double-free.patch @@ -0,0 +1,46 @@ +From 8f4d5828aa16756ea5653a8dec46043710c3587c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 12 Dec 2022 14:16:09 +0900 +Subject: [PATCH] sd-device: fix double-free + +If an attribute is read but the value is not used (i.e. ret_value is NULL), +then sd_device_get_sysattr_value() mistakenly frees the read data even though +it is cached internally. + +Fixes a bug introduced by acfc2a1d15560084e077ffb3be472cd117e9020a. + +Fixes #25702. + +(cherry picked from commit eb18e7b7825e8320bb4d6269690ef8c3f5461d2b) +(cherry picked from commit aeb36537443272f0bf73dd672837eabcecb34f3a) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/8f4d5828aa16756ea5653a8dec46043710c3587c +--- + src/libsystemd/sd-device/sd-device.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 5660538dd3..b0f6318fd8 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -2166,9 +2166,14 @@ _public_ int sd_device_get_sysattr_value(sd_device *device, const char *sysattr, + sysattr, value, ret_value ? "" : ", ignoring"); + if (ret_value) + return r; +- } else if (ret_value) +- *ret_value = TAKE_PTR(value); + ++ return 0; ++ } ++ ++ if (ret_value) ++ *ret_value = value; ++ ++ TAKE_PTR(value); + return 0; + } + +-- +2.33.0 + diff --git a/backport-sd-dhcp-server-allow-to-send-header-only-message.patch b/backport-sd-dhcp-server-allow-to-send-header-only-message.patch new file mode 100644 index 0000000..e9c51f5 --- /dev/null +++ b/backport-sd-dhcp-server-allow-to-send-header-only-message.patch @@ -0,0 +1,35 @@ +From 41fdc8ed32408d598ddafc7feb3beece7f654262 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 28 Jan 2023 14:01:37 +0900 +Subject: [PATCH] sd-dhcp-server: allow to send header only message + +If we receive a header only message, and the server is running in relay +mode, then the assertion was triggered. + +Fixes #26151. + +(cherry picked from commit b52031dbbcabe4b1e3016ba64d4a2822740188bc) +(cherry picked from commit 7aeb2a8d4ea660ad863e7b2c5432f64f903f1cd5) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/41fdc8ed32408d598ddafc7feb3beece7f654262 +--- + src/libsystemd-network/sd-dhcp-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index 5c9ba9f618..c99f8a86ad 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c ++++ b/src/libsystemd-network/sd-dhcp-server.c +@@ -390,7 +390,7 @@ static int dhcp_server_send_udp(sd_dhcp_server *server, be32_t destination, + assert(server); + assert(server->fd >= 0); + assert(message); +- assert(len > sizeof(DHCPMessage)); ++ assert(len >= sizeof(DHCPMessage)); + + if (server->bind_to_interface) { + msg.msg_control = &control; +-- +2.33.0 + diff --git a/backport-sd-journal-avoid-double-free.patch b/backport-sd-journal-avoid-double-free.patch new file mode 100644 index 0000000..055caf5 --- /dev/null +++ b/backport-sd-journal-avoid-double-free.patch @@ -0,0 +1,104 @@ +From 541d8d76b9dcc059ab7b77c76bb5c916377f4c63 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 23 May 2023 18:09:23 +0200 +Subject: [PATCH] sd-journal: avoid double-free + +If we fail to combine the new entry with a previous one, or update it in +the hashmap, we might later on attempt a double-free: + +================================================================= +==10==ERROR: AddressSanitizer: attempting double-free on 0x611000039fc0 in thread T0: +SCARINESS: 42 (double-free) + #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 + #1 0x7f55e431d9f2 in _hashmap_clear /work/build/../../src/systemd/src/basic/hashmap.c:927:33 + #2 0x7f55e431d4c8 in _hashmap_free /work/build/../../src/systemd/src/basic/hashmap.c:896:17 + #3 0x4de1de in ordered_hashmap_free_free_free /work/build/../../src/systemd/src/basic/hashmap.h:120:24 + #4 0x4de1de in ordered_hashmap_free_free_freep /work/build/../../src/systemd/src/basic/hashmap.h:434:1 + #5 0x4de1de in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:26:1 + #6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8) + #7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 + #8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 + #9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 + #10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 + #11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 + #12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 + #13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35) + #14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) + #15 0x41f7cd in _start (/build/fuzz-catalog+0x41f7cd) + +DEDUP_TOKEN: __interceptor_free--_hashmap_clear--_hashmap_free +0x611000039fc0 is located 0 bytes inside of 224-byte region [0x611000039fc0,0x61100003a0a0) +freed by thread T0 here: + #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 + #1 0x7f55e451493d in freep /work/build/../../src/systemd/src/basic/alloc-util.h:107:22 + #2 0x7f55e451493d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:187:1 + #3 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45 + #4 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16 + #5 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8) + #6 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 + #7 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 + #8 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 + #9 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 + #10 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 + #11 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 + #12 0x4deb35 in main (/build/fuzz-catalog+0x4deb35) + #13 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) + +DEDUP_TOKEN: __interceptor_free--freep--finish_item +previously allocated by thread T0 here: + #0 0x4a0c06 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 + #1 0x4de539 in malloc (/build/fuzz-catalog+0x4de539) + #2 0x7f55e42bf96b in memdup /work/build/../../src/systemd/src/basic/alloc-util.c:16:15 + #3 0x7f55e451475d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:176:28 + #4 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45 + #5 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16 + #6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8) + #7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 + #8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 + #9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 + #10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 + #11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 + #12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 + #13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35) + #14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) + +DEDUP_TOKEN: __interceptor_malloc--malloc--memdup +SUMMARY: AddressSanitizer: double-free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in __interceptor_free + +Found by Nallocfuzz. + +(cherry picked from commit ac874b8fb13bf293986a3814149a820729b27a30) +(cherry picked from commit b1663b83338dc335e86eda05e28f229f25bdfa48) +(cherry picked from commit 6ebbc8fcdc844e1fa82cc995880470e0f8b31239) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/541d8d76b9dcc059ab7b77c76bb5c916377f4c63 +--- + src/libsystemd/sd-journal/catalog.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c +index b988ee3bba..046d4e0920 100644 +--- a/src/libsystemd/sd-journal/catalog.c ++++ b/src/libsystemd/sd-journal/catalog.c +@@ -145,7 +145,8 @@ static int finish_item( + char *payload, size_t payload_size) { + + _cleanup_free_ CatalogItem *i = NULL; +- _cleanup_free_ char *prev = NULL, *combined = NULL; ++ _cleanup_free_ char *combined = NULL; ++ char *prev; + + assert(h); + assert(payload); +@@ -171,6 +172,7 @@ static int finish_item( + if (ordered_hashmap_update(h, i, combined) < 0) + return log_oom(); + combined = NULL; ++ free(prev); + } else { + /* A new item */ + combined = memdup(payload, payload_size + 1); +-- +2.33.0 + diff --git a/backport-sd-journal-copy-boot-ID.patch b/backport-sd-journal-copy-boot-ID.patch new file mode 100644 index 0000000..075b53b --- /dev/null +++ b/backport-sd-journal-copy-boot-ID.patch @@ -0,0 +1,54 @@ +From 905553acb1b604377ebc50010336a365f2553e1a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 26 Apr 2023 20:37:00 +0900 +Subject: [PATCH] sd-journal: copy boot ID + +The pointer to boot ID may be invalidate by journal_file_move_to_object() +calls in the later loop. + +(cherry picked from commit bf9b7728e6e8eb185d2c9bfc6641077489384bc8) +(cherry picked from commit 3bc2553cfcc57144aadacff0555b1a0e45e3fdbf) +(cherry picked from commit 2a4dca19f1667f9ae7d273d552e0247d3e405c62) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/905553acb1b604377ebc50010336a365f2553e1a +--- + src/libsystemd/sd-journal/journal-file.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 204debed64..6561b12aca 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -3737,7 +3737,7 @@ int journal_file_dispose(int dir_fd, const char *fname) { + + int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p) { + uint64_t n, m = 0, xor_hash = 0; +- const sd_id128_t *boot_id; ++ sd_id128_t boot_id; + dual_timestamp ts; + EntryItem *items; + int r; +@@ -3754,7 +3754,7 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 + + ts.monotonic = le64toh(o->entry.monotonic); + ts.realtime = le64toh(o->entry.realtime); +- boot_id = &o->entry.boot_id; ++ boot_id = o->entry.boot_id; + + n = journal_file_entry_n_items(o); + /* alloca() can't take 0, hence let's allocate at least one */ +@@ -3831,8 +3831,8 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 + if (m == 0) + return 0; + +- r = journal_file_append_entry_internal(to, &ts, boot_id, xor_hash, items, m, +- NULL, NULL, NULL); ++ r = journal_file_append_entry_internal(to, &ts, &boot_id, xor_hash, items, m, ++ NULL, NULL, NULL); + + if (mmap_cache_got_sigbus(to->mmap, to->cache_fd)) + return -EIO; +-- +2.33.0 + diff --git a/backport-sd-journal-make-journal_file_copy_entry-return-earli.patch b/backport-sd-journal-make-journal_file_copy_entry-return-earli.patch new file mode 100644 index 0000000..58cd4aa --- /dev/null +++ b/backport-sd-journal-make-journal_file_copy_entry-return-earli.patch @@ -0,0 +1,31 @@ +From fb1078b2e83445756e77e636a5f222f9d2c95c5a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 26 Apr 2023 20:54:08 +0900 +Subject: [PATCH] sd-journal: make journal_file_copy_entry() return earlier + +(cherry picked from commit 85e38da2ec2d9d3a56659105fe4d47c84462d5f9) +(cherry picked from commit df9d1d9bb20846d081cfddfc271b40fdd0550b92) +(cherry picked from commit 141b891de7d420d5fce706e376403007dbf77712) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/fb1078b2e83445756e77e636a5f222f9d2c95c5a +--- + src/libsystemd/sd-journal/journal-file.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 6561b12aca..a415dafedd 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -3757,6 +3757,8 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 + boot_id = o->entry.boot_id; + + n = journal_file_entry_n_items(o); ++ if (n == 0) ++ return 0; + /* alloca() can't take 0, hence let's allocate at least one */ + items = newa(EntryItem, MAX(1u, n)); + +-- +2.33.0 + diff --git a/backport-sd-journal-tighten-variable-scope.patch b/backport-sd-journal-tighten-variable-scope.patch new file mode 100644 index 0000000..9a751a0 --- /dev/null +++ b/backport-sd-journal-tighten-variable-scope.patch @@ -0,0 +1,40 @@ +From 6e42053a1234c4c6e857569e36955ed0b0f27147 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 26 Apr 2023 20:40:08 +0900 +Subject: [PATCH] sd-journal: tighten variable scope + +(cherry picked from commit 265b1dc04845788973ef95e80fae8db258a8c49a) +(cherry picked from commit 45b045880c5816b36fc496e519249f57d256136d) +(cherry picked from commit 413405d856503f68afc5576644cd919485ade45e) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/6e42053a1234c4c6e857569e36955ed0b0f27147 +--- + src/libsystemd/sd-journal/journal-file.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 4510db6d3e..204debed64 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -3736,7 +3736,7 @@ int journal_file_dispose(int dir_fd, const char *fname) { + } + + int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint64_t p) { +- uint64_t q, n, m = 0, xor_hash = 0; ++ uint64_t n, m = 0, xor_hash = 0; + const sd_id128_t *boot_id; + dual_timestamp ts; + EntryItem *items; +@@ -3761,7 +3761,7 @@ int journal_file_copy_entry(JournalFile *from, JournalFile *to, Object *o, uint6 + items = newa(EntryItem, MAX(1u, n)); + + for (uint64_t i = 0; i < n; i++) { +- uint64_t l, h; ++ uint64_t l, h, q; + le64_t le_hash; + size_t t; + void *data; +-- +2.33.0 + diff --git a/backport-sd-netlink-fix-segfault.patch b/backport-sd-netlink-fix-segfault.patch new file mode 100644 index 0000000..2ab1f99 --- /dev/null +++ b/backport-sd-netlink-fix-segfault.patch @@ -0,0 +1,31 @@ +From 814acf7a6f893e77a714dee4e4b1cd1882001b28 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sat, 26 Nov 2022 09:57:16 +0900 +Subject: [PATCH] sd-netlink: fix segfault + +(cherry picked from commit 766417bd763db913efdd9c48442b1094c23d7042) +(cherry picked from commit 25050101780f95c27ebf094fca23d665cff5fb8c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/814acf7a6f893e77a714dee4e4b1cd1882001b28 +--- + src/libsystemd/sd-netlink/sd-netlink.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-netlink/sd-netlink.c b/src/libsystemd/sd-netlink/sd-netlink.c +index e23e2cc163..3c482192a0 100644 +--- a/src/libsystemd/sd-netlink/sd-netlink.c ++++ b/src/libsystemd/sd-netlink/sd-netlink.c +@@ -701,7 +701,8 @@ int sd_netlink_read( + return r; + + if (type == NLMSG_DONE) { +- *ret = NULL; ++ if (ret) ++ *ret = NULL; + return 0; + } + +-- +2.33.0 + diff --git a/backport-shared-exec-util-null_or_empty_path-does-not-return-.patch b/backport-shared-exec-util-null_or_empty_path-does-not-return-.patch new file mode 100644 index 0000000..c7e3270 --- /dev/null +++ b/backport-shared-exec-util-null_or_empty_path-does-not-return-.patch @@ -0,0 +1,36 @@ +From 0626f71d90df6aba62523c111cfbce13a51273fb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 28 Mar 2023 18:50:31 +0200 +Subject: [PATCH] shared/exec-util: null_or_empty_path() does not return + boolean + +We shouldn't report that the file is empty if the stating fails. Let's do the +same as in other places, and just ignore the error and let the subsequent +operation fail. + +(cherry picked from commit 7d0c47dad0d4282c3924a654a8fe18fc5d7766f8) +(cherry picked from commit bfc03cae41ae051c9eedcb48f66b3266346719aa) +(cherry picked from commit 48e03955356c5095553ac9c26e4fea83af3814ee) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0626f71d90df6aba62523c111cfbce13a51273fb +--- + src/shared/exec-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index d1f50249d0..d188154575 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -38,7 +38,7 @@ static int do_spawn(const char *path, char *argv[], int stdout_fd, pid_t *pid, b + pid_t _pid; + int r; + +- if (null_or_empty_path(path)) { ++ if (null_or_empty_path(path) > 0) { + log_debug("%s is empty (a mask).", path); + return 0; + } +-- +2.33.0 + diff --git a/backport-shared-refuse-fd-INT_MAX.patch b/backport-shared-refuse-fd-INT_MAX.patch new file mode 100644 index 0000000..c661834 --- /dev/null +++ b/backport-shared-refuse-fd-INT_MAX.patch @@ -0,0 +1,61 @@ +From 1ced463496ddf3ff0c33d595ee102e975f69554d Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 4 May 2023 16:45:36 +0200 +Subject: [PATCH] shared: refuse fd == INT_MAX + +Since we do `FD_TO_PTR(fd)` that expands to `INT_TO_PTR(fd) + 1` which +triggers an integer overflow. + +Resolves: #27522 +(cherry picked from commit cc938f1ce0f1eafc435e0dd1d9fe45aaedc526e1) +(cherry picked from commit 154b108513fe4aa50e7f347abeb0f0d9789a32df) +(cherry picked from commit dd38a90202a78d54d163049d2f0a96f8153470b3) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/1ced463496ddf3ff0c33d595ee102e975f69554d +--- + src/shared/fdset.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/shared/fdset.c b/src/shared/fdset.c +index 183fa239b6..c621c14ba6 100644 +--- a/src/shared/fdset.c ++++ b/src/shared/fdset.c +@@ -74,6 +74,10 @@ int fdset_put(FDSet *s, int fd) { + assert(s); + assert(fd >= 0); + ++ /* Avoid integer overflow in FD_TO_PTR() */ ++ if (fd == INT_MAX) ++ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Refusing invalid fd: %d", fd); ++ + return set_put(MAKE_SET(s), FD_TO_PTR(fd)); + } + +@@ -100,6 +104,12 @@ bool fdset_contains(FDSet *s, int fd) { + assert(s); + assert(fd >= 0); + ++ /* Avoid integer overflow in FD_TO_PTR() */ ++ if (fd == INT_MAX) { ++ log_debug("Refusing invalid fd: %d", fd); ++ return false; ++ } ++ + return !!set_get(MAKE_SET(s), FD_TO_PTR(fd)); + } + +@@ -107,6 +117,10 @@ int fdset_remove(FDSet *s, int fd) { + assert(s); + assert(fd >= 0); + ++ /* Avoid integer overflow in FD_TO_PTR() */ ++ if (fd == INT_MAX) ++ return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "Refusing invalid fd: %d", fd); ++ + return set_remove(MAKE_SET(s), FD_TO_PTR(fd)) ? fd : -ENOENT; + } + +-- +2.33.0 + diff --git a/backport-shared-reject-empty-attachment-path.patch b/backport-shared-reject-empty-attachment-path.patch new file mode 100644 index 0000000..185a98b --- /dev/null +++ b/backport-shared-reject-empty-attachment-path.patch @@ -0,0 +1,32 @@ +From b38eae99f5dd7c796ade7865fe8093475715a21f Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Tue, 2 May 2023 22:37:17 +0200 +Subject: [PATCH] shared: reject empty attachment path + +(cherry picked from commit 740831076cfcf2f73f3063fbb040c1ea593dfe6c) +(cherry picked from commit ce096b0212aac52fad658aaec5ff53b0d6eb18ad) +(cherry picked from commit f76199e779444590c50f7df60b8c5b235b9447b0) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/b38eae99f5dd7c796ade7865fe8093475715a21f +--- + src/shared/bpf-program.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/shared/bpf-program.c b/src/shared/bpf-program.c +index 31fa4448b0..57a009a965 100644 +--- a/src/shared/bpf-program.c ++++ b/src/shared/bpf-program.c +@@ -452,6 +452,9 @@ int bpf_program_deserialize_attachment(const char *v, FDSet *fds, BPFProgram **b + return at; + + /* The rest is the path */ ++ if (isempty(v)) ++ return -EINVAL; ++ + r = cunescape(v, 0, &unescaped); + if (r < 0) + return r; +-- +2.33.0 + diff --git a/backport-socket-avoid-memory-leak-on-incomplete-SocketPort-ob.patch b/backport-socket-avoid-memory-leak-on-incomplete-SocketPort-ob.patch new file mode 100644 index 0000000..7d80be6 --- /dev/null +++ b/backport-socket-avoid-memory-leak-on-incomplete-SocketPort-ob.patch @@ -0,0 +1,112 @@ +From e7d800784a3ce5b03d457688c31b72cbe8ec0401 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Thu, 1 Jun 2023 22:11:01 +0200 +Subject: [PATCH] socket: avoid memory leak on incomplete SocketPort object + +==1==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 17 byte(s) in 1 object(s) allocated from: + #0 0x7fc096c7243b in strdup (/lib64/libasan.so.8+0x7243b) + #1 0x7fc095db3899 in bus_socket_set_transient_property ../src/core/dbus-socket.c:386 + #2 0x7fc095db5140 in bus_socket_set_property ../src/core/dbus-socket.c:460 + #3 0x7fc095dd20f1 in bus_unit_set_properties ../src/core/dbus-unit.c:2473 + #4 0x7fc095d87d53 in transient_unit_from_message ../src/core/dbus-manager.c:1025 + #5 0x7fc095d8872f in method_start_transient_unit ../src/core/dbus-manager.c:1112 + #6 0x7fc0944ddf4f in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 + #7 0x7fc0944e7854 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 + #8 0x7fc0944e8f03 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 + #9 0x7fc09454ad78 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3011 + #10 0x7fc09454b302 in process_running ../src/libsystemd/sd-bus/sd-bus.c:3053 + #11 0x7fc09454e158 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3273 + #12 0x7fc09454e2f2 in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3300 + #13 0x7fc094551a59 in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3642 + #14 0x7fc094727830 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 + #15 0x7fc094731009 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 + #16 0x7fc094732124 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 + #17 0x7fc095f7af9f in manager_loop ../src/core/manager.c:3242 + #18 0x41cc7c in invoke_main_loop ../src/core/main.c:1937 + #19 0x4252e0 in main ../src/core/main.c:3072 + #20 0x7fc092a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) + +SUMMARY: AddressSanitizer: 17 byte(s) leaked in 1 allocation(s). +(cherry picked from commit f8b21a08aa0a8db34212bccca13bfc58dbdc5667) +(cherry picked from commit 98d2a09393b6d9133d4d7e9f77f212db9685d3f3) +(cherry picked from commit e94157e6dc0f18e0c170e0f908e1f82f7829a4cb) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/e7d800784a3ce5b03d457688c31b72cbe8ec0401 +--- + src/core/dbus-socket.c | 2 +- + src/core/socket.c | 21 ++++++++++++++------- + src/core/socket.h | 3 +++ + 3 files changed, 18 insertions(+), 8 deletions(-) + +diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c +index 6173d3ff7e..536483fc7c 100644 +--- a/src/core/dbus-socket.c ++++ b/src/core/dbus-socket.c +@@ -364,7 +364,7 @@ static int bus_socket_set_transient_property( + return r; + + while ((r = sd_bus_message_read(message, "(ss)", &t, &a)) > 0) { +- _cleanup_free_ SocketPort *p = NULL; ++ _cleanup_(socket_port_freep) SocketPort *p = NULL; + + p = new(SocketPort, 1); + if (!p) +diff --git a/src/core/socket.c b/src/core/socket.c +index 0d96f1a933..73dfdf2c23 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -120,6 +120,19 @@ static void socket_cleanup_fd_list(SocketPort *p) { + p->n_auxiliary_fds = 0; + } + ++SocketPort *socket_port_free(SocketPort *p) { ++ if (!p) ++ return NULL; ++ ++ sd_event_source_unref(p->event_source); ++ ++ socket_cleanup_fd_list(p); ++ safe_close(p->fd); ++ free(p->path); ++ ++ return mfree(p); ++} ++ + void socket_free_ports(Socket *s) { + SocketPort *p; + +@@ -127,13 +140,7 @@ void socket_free_ports(Socket *s) { + + while ((p = s->ports)) { + LIST_REMOVE(port, s->ports, p); +- +- sd_event_source_unref(p->event_source); +- +- socket_cleanup_fd_list(p); +- safe_close(p->fd); +- free(p->path); +- free(p); ++ socket_port_free(p); + } + } + +diff --git a/src/core/socket.h b/src/core/socket.h +index 6813bdcf8c..17e912af31 100644 +--- a/src/core/socket.h ++++ b/src/core/socket.h +@@ -173,6 +173,9 @@ int socket_collect_fds(Socket *s, int **fds); + /* Called from the service code when a per-connection service ended */ + void socket_connection_unref(Socket *s); + ++SocketPort *socket_port_free(SocketPort *p); ++DEFINE_TRIVIAL_CLEANUP_FUNC(SocketPort*, socket_port_free); ++ + void socket_free_ports(Socket *s); + + int socket_load_service_unit(Socket *s, int cfd, Unit **ret); +-- +2.33.0 + diff --git a/backport-socket-util-fix-socket_get_family.patch b/backport-socket-util-fix-socket_get_family.patch new file mode 100644 index 0000000..8b1f701 --- /dev/null +++ b/backport-socket-util-fix-socket_get_family.patch @@ -0,0 +1,126 @@ +From 01ef1b83d7c3afb5d9382b238ad6717f1e12ca8a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 7 Mar 2023 22:50:41 +0100 +Subject: [PATCH] socket-util: fix socket_get_family() + +Function didn't actually return anything useful. Quite a shame. + +(cherry picked from commit 5f64d2bf332371bdfdcb91b588e57d4c0c20428f) +(cherry picked from commit 59514a6d87be7013d61b4f15b993918f5d1e44e5) +(cherry picked from commit b77f041885fa68cc3bfefcae97b6ca76a327c77a) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/01ef1b83d7c3afb5d9382b238ad6717f1e12ca8a +--- + src/basic/socket-util.c | 30 +++++++++++++----------------- + src/basic/socket-util.h | 2 +- + src/resolve/resolved-manager.c | 6 +++--- + 3 files changed, 17 insertions(+), 21 deletions(-) + +diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c +index 0dfe2a7dbc..cbbfa01eb5 100644 +--- a/src/basic/socket-util.c ++++ b/src/basic/socket-util.c +@@ -1309,7 +1309,7 @@ ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags) { + return n; + } + +-int socket_get_family(int fd, int *ret) { ++int socket_get_family(int fd) { + int af; + socklen_t sl = sizeof(af); + +@@ -1323,12 +1323,11 @@ int socket_get_family(int fd, int *ret) { + } + + int socket_set_recvpktinfo(int fd, int af, bool b) { +- int r; + + if (af == AF_UNSPEC) { +- r = socket_get_family(fd, &af); +- if (r < 0) +- return r; ++ af = socket_get_family(fd); ++ if (af < 0) ++ return af; + } + + switch (af) { +@@ -1352,12 +1351,11 @@ int socket_set_recvpktinfo(int fd, int af, bool b) { + + int socket_set_unicast_if(int fd, int af, int ifi) { + be32_t ifindex_be = htobe32(ifi); +- int r; + + if (af == AF_UNSPEC) { +- r = socket_get_family(fd, &af); +- if (r < 0) +- return r; ++ af = socket_get_family(fd); ++ if (af < 0) ++ return af; + } + + switch (af) { +@@ -1374,12 +1372,10 @@ int socket_set_unicast_if(int fd, int af, int ifi) { + } + + int socket_set_option(int fd, int af, int opt_ipv4, int opt_ipv6, int val) { +- int r; +- + if (af == AF_UNSPEC) { +- r = socket_get_family(fd, &af); +- if (r < 0) +- return r; ++ af = socket_get_family(fd); ++ if (af < 0) ++ return af; + } + + switch (af) { +@@ -1399,9 +1395,9 @@ int socket_get_mtu(int fd, int af, size_t *ret) { + int mtu, r; + + if (af == AF_UNSPEC) { +- r = socket_get_family(fd, &af); +- if (r < 0) +- return r; ++ af = socket_get_family(fd); ++ if (af < 0) ++ return af; + } + + switch (af) { +diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h +index 5d9c056744..22cdb94c1d 100644 +--- a/src/basic/socket-util.h ++++ b/src/basic/socket-util.h +@@ -304,7 +304,7 @@ struct timespec_large { + + ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags); + +-int socket_get_family(int fd, int *ret); ++int socket_get_family(int fd); + int socket_set_recvpktinfo(int fd, int af, bool b); + int socket_set_unicast_if(int fd, int af, int ifi); + +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index 12e7d87f22..9d8fd4191c 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -1630,9 +1630,9 @@ int socket_disable_pmtud(int fd, int af) { + assert(fd >= 0); + + if (af == AF_UNSPEC) { +- r = socket_get_family(fd, &af); +- if (r < 0) +- return r; ++ af = socket_get_family(fd); ++ if (af < 0) ++ return af; + } + + switch (af) { +-- +2.33.0 + diff --git a/backport-specifier-avoid-leaking-memory-on-allocation-error.patch b/backport-specifier-avoid-leaking-memory-on-allocation-error.patch new file mode 100644 index 0000000..b13424f --- /dev/null +++ b/backport-specifier-avoid-leaking-memory-on-allocation-error.patch @@ -0,0 +1,74 @@ +From d6ff3663d24fd45b31444a4c07d6252dc74fa313 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Wed, 24 May 2023 11:39:24 +0200 +Subject: [PATCH] specifier: avoid leaking memory on allocation error + +==8036==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 64 byte(s) in 1 object(s) allocated from: + #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3 + #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1) + #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13 + #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38 + #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13 + #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16 + #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13 + #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13 + #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16 + #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45 + #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16 + #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13 + #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24 + #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16 + #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21 + #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16 + #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208) + #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 + #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3 + #19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19 + #20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5 + #21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 + #22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10 + #23 0x4df485 in main (/build/fuzz-unit-file+0x4df485) + #24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) + +DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc +SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s). + +Found by Nallocfuzz. + +(cherry picked from commit 6c13a39ac731a23c38685aa65b38bc0b10449b81) +(cherry picked from commit b4c9a9bfca3b65a573329056095961446462aae9) +(cherry picked from commit 6b8b0f5dcaec4e8e4a64f8ce4cdda5c0db9da42c) + +Conflict:modify the corresponding memory leakage issue in the function specifier_os_release_common +Reference:https://github.com/systemd/systemd-stable/commit/d6ff3663d24fd45b31444a4c07d6252dc74fa313 +--- + src/shared/specifier.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/specifier.c b/src/shared/specifier.c +index cb4d6da..5782175 100644 +--- a/src/shared/specifier.c ++++ b/src/shared/specifier.c +@@ -211,7 +211,7 @@ int specifier_architecture(char specifier, const void *data, const char *root, c + } + + static int specifier_os_release_common(const char *field, const char *root, char **ret) { +- char *t = NULL; ++ _cleanup_free_ char *t = NULL; + int r; + + r = parse_os_release(root, field, &t); +@@ -225,7 +225,7 @@ static int specifier_os_release_common(const char *field, const char *root, char + return -ENOMEM; + } + +- *ret = t; ++ *ret = TAKE_PTR(t); + return 0; + } + +-- +2.33.0 + diff --git a/backport-sysusers-properly-process-user-entries-with-an-expli.patch b/backport-sysusers-properly-process-user-entries-with-an-expli.patch new file mode 100644 index 0000000..d95365a --- /dev/null +++ b/backport-sysusers-properly-process-user-entries-with-an-expli.patch @@ -0,0 +1,40 @@ +From f9d936b86561c23f5b40211254544b91e33eae7a Mon Sep 17 00:00:00 2001 +From: Luca BRUNO +Date: Mon, 8 Aug 2022 15:56:06 +0000 +Subject: [PATCH] sysusers: properly process user entries with an explicit GID + +This tweaks user creation logic to properly take into consideration +an explicitly requested GID. +It fixes a bug where the creation flow would mistakenly fall back +to use the username instead, resulting in wrong lookups in case of +users and groups using the same name. + +(cherry picked from commit 5ed47c4d230b9491339c16c6ea4181dfd293bc98) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/f9d936b86561c23f5b40211254544b91e33eae7a +--- + src/sysusers/sysusers.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 77034abc8b..afbac4fb5e 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -1348,9 +1348,11 @@ static int process_item(Item *i) { + switch (i->type) { + + case ADD_USER: { +- Item *j; ++ Item *j = NULL; ++ ++ if (!i->gid_set) ++ j = ordered_hashmap_get(groups, i->group_name ?: i->name); + +- j = ordered_hashmap_get(groups, i->group_name ?: i->name); + if (j && j->todo_group) { + /* When a group with the target name is already in queue, + * use the information about the group and do not create +-- +2.33.0 + diff --git a/backport-test-add-basic-tests-for-octescape.patch b/backport-test-add-basic-tests-for-octescape.patch new file mode 100644 index 0000000..3f62b86 --- /dev/null +++ b/backport-test-add-basic-tests-for-octescape.patch @@ -0,0 +1,51 @@ +From 10fa59adb6e7a1df537c939e1de90a4abe880a87 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Tue, 6 Dec 2022 12:00:45 +0900 +Subject: [PATCH] test: add basic tests for octescape() + +(cherry picked from commit 4f438c638b5335cd5d8f614804743a04311689f8) +(cherry picked from commit bc6fc812fdd56925b4125395d537fc8af9ffc58d) + +Conflict:adapt test cases based on the existing test case framework +Reference:https://github.com/systemd/systemd-stable/commit/10fa59adb6e7a1df537c939e1de90a4abe880a87 +--- + src/test/test-escape.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/src/test/test-escape.c b/src/test/test-escape.c +index 8bda9cd..240545c 100644 +--- a/src/test/test-escape.c ++++ b/src/test/test-escape.c +@@ -215,6 +215,22 @@ static void test_quote_command_line(void) { + "true \"\\$dollar\""); + } + ++static void test_octescape_one(const char *s, const char *expected) { ++ _cleanup_free_ char *ret; ++ ++ assert_se(ret = octescape(s, strlen_ptr(s))); ++ log_debug("octescape(\"%s\") → \"%s\" (expected: \"%s\")", strnull(s), ret, expected); ++ assert_se(streq(ret, expected)); ++} ++ ++static void test_octescap(void) { ++ test_octescape_one(NULL, ""); ++ test_octescape_one("", ""); ++ test_octescape_one("foo", "foo"); ++ test_octescape_one("\"\\\"", "\\042\\134\\042"); ++ test_octescape_one("\123\213\222", "\123\\213\\222"); ++} ++ + int main(int argc, char *argv[]) { + test_setup_logging(LOG_DEBUG); + +@@ -226,6 +242,7 @@ int main(int argc, char *argv[]) { + test_shell_escape(); + test_shell_maybe_quote(); + test_quote_command_line(); ++ test_octescap(); + + return 0; + } +-- +2.33.0 \ No newline at end of file diff --git a/backport-test-add-some-tests-for-RuntimeMaxSec.patch b/backport-test-add-some-tests-for-RuntimeMaxSec.patch new file mode 100644 index 0000000..845d4bb --- /dev/null +++ b/backport-test-add-some-tests-for-RuntimeMaxSec.patch @@ -0,0 +1,101 @@ +From af4688398f55b110c9d7d57be5cd0199b06e18c8 Mon Sep 17 00:00:00 2001 +From: Nick Rosbrook +Date: Thu, 13 Apr 2023 11:29:32 -0400 +Subject: [PATCH] test: add some tests for RuntimeMaxSec + +Make sure the RuntimeMaxSec is applied correctly to service and scope +units when they are started, and also on coldplug. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/af4688398f55b110c9d7d57be5cd0199b06e18c8 +--- + test/units/testsuite-16.sh | 66 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 66 insertions(+) + +diff --git a/test/units/testsuite-16.sh b/test/units/testsuite-16.sh +index 1b8cd018bb..9b8a7bd6fa 100755 +--- a/test/units/testsuite-16.sh ++++ b/test/units/testsuite-16.sh +@@ -23,6 +23,25 @@ function wait_for() + fi + } + ++function wait_for_timeout() ++{ ++ local unit="$1" ++ local time="$2" ++ ++ while [[ $time -gt 0 ]]; do ++ if [[ "$(systemctl show --property=Result "$unit")" == "Result=timeout" ]]; then ++ return 0 ++ fi ++ ++ sleep 1 ++ time=$((time - 1)) ++ done ++ ++ journalctl -u "$unit" >>"$TESTLOG" ++ ++ return 1 ++} ++ + # This checks all stages, start, runtime and stop, can be extended by + # EXTEND_TIMEOUT_USEC + +@@ -44,6 +63,53 @@ wait_for fail_start startfail + wait_for fail_stop stopfail + wait_for fail_runtime runtimefail + ++# These ensure that RuntimeMaxSec is honored for scope and service units ++# when they are created. ++runtime_max_sec=5 ++ ++systemd-run \ ++ --property=RuntimeMaxSec=${runtime_max_sec}s \ ++ -u runtime-max-sec-test-1.service \ ++ /usr/bin/sh -c "while true; do sleep 1; done" ++wait_for_timeout runtime-max-sec-test-1.service $((runtime_max_sec + 2)) ++ ++systemd-run \ ++ --property=RuntimeMaxSec=${runtime_max_sec}s \ ++ --scope \ ++ -u runtime-max-sec-test-2.scope \ ++ /usr/bin/sh -c "while true; do sleep 1; done" & ++wait_for_timeout runtime-max-sec-test-2.scope $((runtime_max_sec + 2)) ++ ++# These ensure that RuntimeMaxSec is honored for scope and service ++# units if the value is changed and then the manager is reloaded. ++systemd-run \ ++ -u runtime-max-sec-test-3.service \ ++ /usr/bin/sh -c "while true; do sleep 1; done" ++mkdir -p /etc/systemd/system/runtime-max-sec-test-3.service.d/ ++cat > /etc/systemd/system/runtime-max-sec-test-3.service.d/override.conf << EOF ++[Service] ++RuntimeMaxSec=${runtime_max_sec}s ++EOF ++systemctl daemon-reload ++wait_for_timeout runtime-max-sec-test-3.service $((runtime_max_sec + 2)) ++ ++systemd-run \ ++ --scope \ ++ -u runtime-max-sec-test-4.scope \ ++ /usr/bin/sh -c "while true; do sleep 1; done" & ++ ++# Wait until the unit is running to avoid race with creating the override. ++until systemctl is-active runtime-max-sec-test-4.scope; do ++ sleep 1 ++done ++mkdir -p /etc/systemd/system/runtime-max-sec-test-4.scope.d/ ++cat > /etc/systemd/system/runtime-max-sec-test-4.scope.d/override.conf << EOF ++[Scope] ++RuntimeMaxSec=${runtime_max_sec}s ++EOF ++systemctl daemon-reload ++wait_for_timeout runtime-max-sec-test-4.scope $((runtime_max_sec + 2)) ++ + if [[ -f "$TESTLOG" ]]; then + # no mv + cp "$TESTLOG" /test.log +-- +2.33.0 + diff --git a/backport-test-name_assign_type-sysattr-never-exists-for-enume.patch b/backport-test-name_assign_type-sysattr-never-exists-for-enume.patch new file mode 100644 index 0000000..cd2905f --- /dev/null +++ b/backport-test-name_assign_type-sysattr-never-exists-for-enume.patch @@ -0,0 +1,48 @@ +From 2682dc216483b3da1af89bc80c315344c5e96ea3 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 12 Dec 2022 15:04:02 +0900 +Subject: [PATCH] test: name_assign_type sysattr never exists for enumerated + devices + +As we filtered out network devices in the test. + +(cherry picked from commit 733529d81227ca713de2d6be77939e3bfedb926f) +(cherry picked from commit a8dd94e0cc162d3d020d49af7d1e238b9c7afca3) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/2682dc216483b3da1af89bc80c315344c5e96ea3 +--- + src/libsystemd/sd-device/test-sd-device.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/src/libsystemd/sd-device/test-sd-device.c b/src/libsystemd/sd-device/test-sd-device.c +index 01c184a7d0..3e0cfa0ee7 100644 +--- a/src/libsystemd/sd-device/test-sd-device.c ++++ b/src/libsystemd/sd-device/test-sd-device.c +@@ -175,15 +175,16 @@ static void test_sd_device_one(sd_device *d) { + assert_se((r >= 0 && usec > 0) || r == -ENODATA); + } + +- r = sd_device_get_sysattr_value(d, "name_assign_type", &val); +- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || IN_SET(r, -ENOENT, -EINVAL)); +- +- if (r > 0) { ++ r = sd_device_get_sysattr_value(d, "nsid", NULL); ++ if (r >= 0) { + unsigned x; + +- assert_se(device_get_sysattr_unsigned(d, "name_assign_type", NULL) >= 0); +- assert_se(device_get_sysattr_unsigned(d, "name_assign_type", &x) >= 0); +- } ++ assert_se(device_get_sysattr_unsigned(d, "nsid", NULL) >= 0); ++ r = device_get_sysattr_unsigned(d, "nsid", &x); ++ assert_se(r >= 0); ++ assert_se((x > 0) == (r > 0)); ++ } else ++ assert_se(ERRNO_IS_PRIVILEGE(r) || IN_SET(r, -ENOENT, -EINVAL)); + + r = sd_device_get_property_value(d, "ID_NET_DRIVER", &val); + assert_se(r >= 0 || r == -ENOENT); +-- +2.33.0 + diff --git a/backport-test-test-O_CLOEXEC-filtering-of-fdset-fill-logic.patch b/backport-test-test-O_CLOEXEC-filtering-of-fdset-fill-logic.patch new file mode 100644 index 0000000..fdcc32f --- /dev/null +++ b/backport-test-test-O_CLOEXEC-filtering-of-fdset-fill-logic.patch @@ -0,0 +1,78 @@ +From fc9deee642e554e6bdd39617375df76546c26891 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 30 May 2023 15:35:24 +0200 +Subject: [PATCH] test: test O_CLOEXEC filtering of fdset fill logic + +(cherry picked from commit d7aee3f41f69f46d8328f658cab84f8a4b05bb86) +Backport of the cloexec filter for v253, and for v252 (actually tested +with v252). Note that I've left the name _s of the function parameter as +it was before. +(cherry picked from commit 4c3b06f255642c39b6dccb8b063efaf66bce88c9) +(cherry picked from commit 1e932bf95e5536fea97bc48f1a409e4f1d0f7f30) + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/fc9deee642e554e6bdd39617375df76546c26891 +--- + src/test/test-fdset.c | 42 ++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 38 insertions(+), 4 deletions(-) + +diff --git a/src/test/test-fdset.c b/src/test/test-fdset.c +index 5d63eeee37..e2ef86343a 100644 +--- a/src/test/test-fdset.c ++++ b/src/test/test-fdset.c +@@ -13,14 +13,48 @@ + static void test_fdset_new_fill(void) { + int fd = -1; + _cleanup_fdset_free_ FDSet *fdset = NULL; +- char name[] = "/tmp/test-fdset_new_fill.XXXXXX"; + +- fd = mkostemp_safe(name); ++ log_close(); ++ log_set_open_when_needed(true); ++ ++ fd = open("/dev/null", O_CLOEXEC|O_RDONLY); + assert_se(fd >= 0); +- assert_se(fdset_new_fill(&fdset) >= 0); ++ ++ assert_se(fdset_new_fill(/* filter_cloexec= */ -1, &fdset) >= 0); + assert_se(fdset_contains(fdset, fd)); ++ fdset = fdset_free(fdset); ++ assert_se(fcntl(fd, F_GETFD) < 0); ++ assert_se(errno == EBADF); + +- unlink(name); ++ fd = open("/dev/null", O_CLOEXEC|O_RDONLY); ++ assert_se(fd >= 0); ++ ++ assert_se(fdset_new_fill(/* filter_cloexec= */ 0, &fdset) >= 0); ++ assert_se(!fdset_contains(fdset, fd)); ++ fdset = fdset_free(fdset); ++ assert_se(fcntl(fd, F_GETFD) >= 0); ++ ++ assert_se(fdset_new_fill(/* filter_cloexec= */ 1, &fdset) >= 0); ++ assert_se(fdset_contains(fdset, fd)); ++ fdset = fdset_free(fdset); ++ assert_se(fcntl(fd, F_GETFD) < 0); ++ assert_se(errno == EBADF); ++ ++ fd = open("/dev/null", O_RDONLY); ++ assert_se(fd >= 0); ++ ++ assert_se(fdset_new_fill(/* filter_cloexec= */ 1, &fdset) >= 0); ++ assert_se(!fdset_contains(fdset, fd)); ++ fdset = fdset_free(fdset); ++ assert_se(fcntl(fd, F_GETFD) >= 0); ++ ++ assert_se(fdset_new_fill(/* filter_cloexec= */ 0, &fdset) >= 0); ++ assert_se(fdset_contains(fdset, fd)); ++ fdset = fdset_free(fdset); ++ assert_se(fcntl(fd, F_GETFD) < 0); ++ assert_se(errno == EBADF); ++ ++ log_open(); + } + + static void test_fdset_put_dup(void) { +-- +2.33.0 + diff --git a/backport-udev-do-not-set-ID_PATH-and-by-path-symlink-for-nvmf.patch b/backport-udev-do-not-set-ID_PATH-and-by-path-symlink-for-nvmf.patch new file mode 100644 index 0000000..2325224 --- /dev/null +++ b/backport-udev-do-not-set-ID_PATH-and-by-path-symlink-for-nvmf.patch @@ -0,0 +1,48 @@ +From 1807b8f1fc0afdf01e366dfa694295063e2eb982 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 10 May 2023 15:47:44 +0900 +Subject: [PATCH] udev: do not set ID_PATH and by-path symlink for nvmf disks + +Prompted by #27391. + +(cherry picked from commit 39a39f18f2bd2b1ef7b4fa4823472d129c514030) +(cherry picked from commit dbf50f19112cf39c6f281c6dd2a0a9177774f932) +(cherry picked from commit 5ec7ad9588172bae561ce77ffadfa8f9eb44aa45) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/1807b8f1fc0afdf01e366dfa694295063e2eb982 +--- + src/udev/udev-builtin-path_id.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c +index 1084eb2d81..483350d98d 100644 +--- a/src/udev/udev-builtin-path_id.c ++++ b/src/udev/udev-builtin-path_id.c +@@ -545,7 +545,7 @@ static sd_device *handle_ap(sd_device *parent, char **path) { + + static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { + _cleanup_(sd_device_unrefp) sd_device *nvme = NULL; +- const char *sysname, *end; ++ const char *sysname, *end, *devpath; + int r; + + /* If the device belongs to "nvme-subsystem" (not to be confused with "nvme"), which happens when +@@ -576,6 +576,14 @@ static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { + if (r < 0) + return r; + ++ r = sd_device_get_devpath(nvme, &devpath); ++ if (r < 0) ++ return r; ++ ++ /* If the 'real parent' is (still) virtual, e.g. for nvmf disks, refuse to set ID_PATH. */ ++ if (path_startswith(devpath, "/devices/virtual/")) ++ return -ENXIO; ++ + *ret = TAKE_PTR(nvme); + return 0; + } +-- +2.33.0 + diff --git a/backport-udev-match-device-tags-in-rules-using-current-device.patch b/backport-udev-match-device-tags-in-rules-using-current-device.patch new file mode 100644 index 0000000..2983eb0 --- /dev/null +++ b/backport-udev-match-device-tags-in-rules-using-current-device.patch @@ -0,0 +1,36 @@ +From ca948c9601714c8de53a87a548dfad05fef37c40 Mon Sep 17 00:00:00 2001 +From: msizanoen1 +Date: Tue, 27 Dec 2022 11:57:12 +0700 +Subject: [PATCH] udev: match device tags in rules using current device tags + +This ensures that udev scripts using `TAG-="..."` and expecting later +udev rules to honor it will work properly. An use case is removing the +`uaccess` tag from a device without overriding the original file and +ensuring that `73-seat-uaccess.rules` won't run the uaccess builtin later. + +(cherry picked from commit 310249903986957997b76bc52441cabb5843aad8) +(cherry picked from commit 7d4ea095d5e3e5aa87761c6c0f5f30287596dd75) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/ca948c9601714c8de53a87a548dfad05fef37c40 +--- + src/udev/udev-rules.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c +index f95b751b75..9dc68e401e 100644 +--- a/src/udev/udev-rules.c ++++ b/src/udev/udev-rules.c +@@ -1622,7 +1622,7 @@ static int udev_rule_apply_token_to_event( + case TK_M_PARENTS_TAG: { + const char *val; + +- FOREACH_DEVICE_TAG(dev, val) ++ FOREACH_DEVICE_CURRENT_TAG(dev, val) + if (token_match_string(token, val)) + return token->op == OP_MATCH; + return token->op == OP_NOMATCH; +-- +2.33.0 + + \ No newline at end of file diff --git a/systemd.spec b/systemd.spec index b5771e0..3a45d6b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 249 -Release: 54 +Release: 56 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -529,6 +529,64 @@ Patch6480: backport-mount-retrigger-run-queue-after-ratelimit-expired-to.pa Patch6481: backport-pid1-add-a-manager_trigger_run_queue-helper.patch Patch6482: backport-unit-add-jobs-that-were-skipped-because-of-ratelimit.patch Patch6483: backport-unit-check-for-mount-rate-limiting-before-checking-a.patch +Patch6484: backport-nspawn-fix-UID-map-string.patch +Patch6485: backport-core-Fix-memory-leaks.patch +Patch6486: backport-sysusers-properly-process-user-entries-with-an-expli.patch +Patch6487: backport-network-bridge-fix-UseBPDU-and-AllowPortToBeRoot.patch +Patch6488: backport-core-fix-memleak-in-GetUnitFileLinks-method.patch +Patch6489: backport-sd-bus-Use-goto-finish-instead-of-return-in-bus_add_.patch +Patch6490: backport-cgtop-Do-not-rewrite-P-or-k-options.patch +Patch6491: backport-sd-netlink-fix-segfault.patch +Patch6492: backport-escape-fix-wrong-octescape-of-bad-character.patch +Patch6493: backport-test-add-basic-tests-for-octescape.patch +Patch6494: backport-journald-prevent-segfault-on-empty-attr-current.patch +Patch6495: backport-hexdecoct-add-missing-NULL-check.patch +Patch6496: backport-hexdecoct-fix-NULL-pointer-dereferences-in-hexmem.patch +Patch6497: backport-sd-device-fix-double-free.patch +Patch6498: backport-sd-device-add-helper-to-read-a-unsigned-int-attribut.patch +Patch6499: backport-test-name_assign_type-sysattr-never-exists-for-enume.patch +Patch6500: backport-udev-match-device-tags-in-rules-using-current-device.patch +Patch6501: backport-sd-dhcp-server-allow-to-send-header-only-message.patch +Patch6502: backport-core-allow-list-char-rtc-with-ProtectClock-yes-only-.patch +Patch6503: backport-socket-util-fix-socket_get_family.patch +Patch6504: backport-network-ipv4acd-update-MAC-address-on-change-26753.patch +Patch6505: backport-core-transaction-make-merge_unit_ids-always-return-N.patch +Patch6506: backport-core-transaction-make-merge_unit_ids-return-non-NULL.patch +Patch6507: backport-shared-exec-util-null_or_empty_path-does-not-return-.patch +Patch6508: backport-rm-rf-fix-errno-handling.patch +Patch6509: backport-localed-fix-invalid-free-after-shifting-pointers-usi.patch +Patch6510: backport-pid1-fix-coredump_filter-setting.patch +Patch6511: backport-scope-do-not-disable-timer-event-source-when-state-i.patch +Patch6512: backport-test-add-some-tests-for-RuntimeMaxSec.patch +Patch6513: backport-list-fix-double-evaluation.patch +Patch6514: backport-coredump-filter-fix-stack-overflow-with-all.patch +Patch6515: backport-coredump-filter-add-mask-for-all-using-UINT32_MAX-no.patch +Patch6516: backport-journal-Don-t-try-to-write-garbage-if-journal-entry-.patch +Patch6517: backport-sd-journal-tighten-variable-scope.patch +Patch6518: backport-sd-journal-copy-boot-ID.patch +Patch6519: backport-sd-journal-make-journal_file_copy_entry-return-earli.patch +Patch6520: backport-shared-reject-empty-attachment-path.patch +Patch6521: backport-shared-refuse-fd-INT_MAX.patch +Patch6522: backport-sd-bus-bus_message_type_from_string-is-not-pure.patch +Patch6523: backport-pid1-when-taking-possession-of-passed-fds-check-O_CL.patch +Patch6524: backport-test-test-O_CLOEXEC-filtering-of-fdset-fill-logic.patch +Patch6525: backport-machine-fix-a-memory-leak-when-showing-multiple-imag.patch +Patch6526: backport-machine-fix-a-memory-leak-when-showing-multiple-mach.patch +Patch6527: backport-nspawn-call-json_dispatch-with-a-correct-pointer.patch +Patch6528: backport-nspawn-fix-inverted-condition.patch +Patch6529: backport-nspawn-fix-a-global-buffer-overflow.patch +Patch6530: backport-sd-bus-sd-event-allow-querying-of-description-even-a.patch +Patch6531: backport-json-correctly-handle-magic-strings-when-parsing-var.patch +Patch6532: backport-sd-journal-avoid-double-free.patch +Patch6533: backport-udev-do-not-set-ID_PATH-and-by-path-symlink-for-nvmf.patch +Patch6534: backport-specifier-avoid-leaking-memory-on-allocation-error.patch +Patch6535: backport-dbus-util-let-s-take-it-down-a-notch-when-converting.patch +Patch6536: backport-socket-avoid-memory-leak-on-incomplete-SocketPort-ob.patch +Patch6537: backport-journal-avoid-infinite-recursion-when-closing-bad-jo.patch +Patch6538: backport-core-Return-1-from-unit_add_dependency-on-success.patch +Patch6539: backport-core-unit-fix-notification-about-unit-dependency-cha.patch +Patch6540: backport-core-unit-make-JoinsNamespaceOf-implies-the-inverse-.patch +Patch6541: backport-core-unit-update-bidirectional-dependency-simultaneo.patch Patch9001: update-rtc-with-system-clock-when-shutdown.patch Patch9002: udev-add-actions-while-rename-netif-failed.patch @@ -2011,6 +2069,9 @@ fi %{_libdir}/security/pam_systemd.so %changelog +* Mon Oct 9 2023 wangyuhang - 249-56 +- backport: sync patches from systemd community + * Thu Aug 24 2023 shixin - 249-55 - sysuesrs_dir, sysctl_dir, binfmt_dir, modules_load_dir reference directories in /usr/lib for embedded - modify dns server address to avoid security risk for embedded