From 2c277aee9a3a033ce18135ad616682e1c67cb910 Mon Sep 17 00:00:00 2001 From: leeffo Date: Mon, 25 Sep 2023 17:49:12 +0800 Subject: [PATCH] backport update stream --- ...ll-protect-against-broken-links-poin.patch | 74 +++++++++++++++++++ ...it-if-resolving-executable-dependenc.patch | 41 ++++++++++ ...e-quoting-form-the-first-argument-of.patch | 25 +++++++ dracut.spec | 8 +- 4 files changed, 147 insertions(+), 1 deletion(-) create mode 100644 backport-fix-dracut-install-protect-against-broken-links-poin.patch create mode 100644 backport-fix-dracut.sh-exit-if-resolving-executable-dependenc.patch create mode 100644 backport-fix-fs-lib-remove-quoting-form-the-first-argument-of.patch diff --git a/backport-fix-dracut-install-protect-against-broken-links-poin.patch b/backport-fix-dracut-install-protect-against-broken-links-poin.patch new file mode 100644 index 0000000..c2e734a --- /dev/null +++ b/backport-fix-dracut-install-protect-against-broken-links-poin.patch @@ -0,0 +1,74 @@ +From 32f6f364ddeb706bf8741f2895d60022aee264e7 Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Thu, 10 Aug 2023 09:22:28 +0200 +Subject: [PATCH] fix(dracut-install): protect against broken links pointing to + themselves + +`readlink` does not return an error if a symbolic link points to itself, which +can cause a stack overflow due to infinite recursion in the `get_real_file` +function. + +Although this type of recursive links should not exist, we discovered this +issue on a real system. It can be reproduced as follows: + +``` +> ls -l /lib64/libblkid.so +-rwxr-xr-x 1 root root 224368 Aug 9 15:13 /lib64/libblkid.so +> rm -f /lib64/libblkid.so +> ln -s /lib64/libblkid.so /lib64/libblkid.so +> ls -l /lib64/libblkid.so +lrwxrwxrwx 1 root root 18 Aug 9 15:06 /lib64/libblkid.so -> /lib64/libblkid.so +> dracut -f -I "/lib64/libblkid.so" test.img +... +dracut-install: Handle '/lib64/libblkid.so' +dracut-install: dracut_install('/lib64/libblkid.so', '/lib64/libblkid.so', 0, 0, 1) +dracut-install: get_real_file('/lib64/libblkid.so') +dracut-install: get_real_file: readlink('/lib64/libblkid.so') returns '/lib64/libblkid.so' +dracut-install: get_real_file('/lib64/libblkid.so') => '/lib64/libblkid.so' +... +[infinite recursion] +... +dracut-install: dracut_install('/lib64/libblkid.so', '/lib64/libblkid.so', 0, 0, 1) +dracut-install: get_real_file('/lib64/libblkid.so') +dracut-install: get_real_file: readlink('/lib64/libblkid.so') returns '/lib64/libblkid.so' +dracut-install: get_real_file('/lib64/libblkid.so') => '/lib64/libblkid.so' +dracut-install: dracut_install('/lib64/libblkid.so', '/lib64/libblkid.so', 0, 0, 1) +/usr/lib/dracut/dracut-init.sh: line 298: 20949 Segmentation fault (core dumped) $DRACUT_INSTALL ${dracutsysrootdir:+-r "$dracutsysrootdir"} ${initdir:+-D "$initdir"} -a ${loginstall:+-L "$loginstall"} ${DRACUT_RESOLVE_DEPS:+-l} ${DRACUT_FIPS_MODE:+-f} ${_hostonly_install:+-H} "$@" +dracut: FAILED: /usr/lib/dracut/dracut-install --debug -D /var/tmp/dracut.dqLmOS/initramfs -a /lib64/libblkid.so +... +``` + +After applying this patch: + +``` +> dracut -f -I "/lib64/libblkid.so" test.img +... +dracut-install: Handle '/lib64/libblkid.so' +dracut-install: dracut_install('/lib64/libblkid.so', '/lib64/libblkid.so', 0, 0, 1) +dracut-install: get_real_file('/lib64/libblkid.so') +dracut-install: get_real_file: readlink('/lib64/libblkid.so') returns '/lib64/libblkid.so' +dracut-install: ERROR: '/lib64/libblkid.so' is pointing to itself. +dracut-install: ERROR: installing '/lib64/libblkid.so' +dracut: FAILED: /usr/lib/dracut/dracut-install --debug -D /var/tmp/dracut.4w8FVL/initramfs -a /lib64/libblkid.so +... +``` +--- + src/install/dracut-install.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/install/dracut-install.c b/src/install/dracut-install.c +index 5cfcf5170..485143a58 100644 +--- a/src/install/dracut-install.c ++++ b/src/install/dracut-install.c +@@ -480,6 +480,11 @@ static char *get_real_file(const char *src, bool fullyresolve) + + log_debug("get_real_file: readlink('%s') returns '%s'", fullsrcpath, linktarget); + ++ if (streq(fullsrcpath, linktarget)) { ++ log_error("ERROR: '%s' is pointing to itself", fullsrcpath); ++ return NULL; ++ } ++ + if (linktarget[0] == '/') { + _asprintf(&abspath, "%s%s", (sysrootdirlen ? sysrootdir : ""), linktarget); + } else { diff --git a/backport-fix-dracut.sh-exit-if-resolving-executable-dependenc.patch b/backport-fix-dracut.sh-exit-if-resolving-executable-dependenc.patch new file mode 100644 index 0000000..aee3bab --- /dev/null +++ b/backport-fix-dracut.sh-exit-if-resolving-executable-dependenc.patch @@ -0,0 +1,41 @@ +From b2c6b584e2227e68f54c8843925dcb73aefe87ac Mon Sep 17 00:00:00 2001 +From: Antonio Alvarez Feijoo +Date: Wed, 9 Aug 2023 11:28:15 +0200 +Subject: [PATCH] fix(dracut.sh): exit if resolving executable dependencies + fails + +We came across an issue where, when resolving executable dependencies, a call to +a buggy glib function in `dracut-install` was causing a termination with +SIGSEGV, but dracut didn't stop the build process, which resulted in an +unbootable initrd, due to missing required libraries. + +``` +dracut: *** Resolving executable dependencies *** +xargs: /usr/lib/dracut/dracut-install: terminated by signal 11 +dracut: *** Resolving executable dependencies done *** +``` + +Therefore, stop the initrd creation in this case. +--- + dracut.sh | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/dracut.sh b/dracut.sh +index fe2954a04..d7bf4b071 100755 +--- a/dracut.sh ++++ b/dracut.sh +@@ -2045,7 +2045,13 @@ if [[ $kernel_only != yes ]]; then + # shellcheck disable=SC2086 + find "$initdir" -type f -perm /0111 -not -path '*.ko' -print0 \ + | xargs -r -0 $DRACUT_INSTALL ${initdir:+-D "$initdir"} ${dracutsysrootdir:+-r "$dracutsysrootdir"} -R ${DRACUT_FIPS_MODE:+-f} -- +- dinfo "*** Resolving executable dependencies done ***" ++ # shellcheck disable=SC2181 ++ if (($? == 0)); then ++ dinfo "*** Resolving executable dependencies done ***" ++ else ++ dfatal "Resolving executable dependencies failed" ++ exit 1 ++ fi + fi + + # Now we are done with lazy resolving, always install dependencies diff --git a/backport-fix-fs-lib-remove-quoting-form-the-first-argument-of.patch b/backport-fix-fs-lib-remove-quoting-form-the-first-argument-of.patch new file mode 100644 index 0000000..22ed5b8 --- /dev/null +++ b/backport-fix-fs-lib-remove-quoting-form-the-first-argument-of.patch @@ -0,0 +1,25 @@ +From 9aa332cad7196b6e05b9e2f1810dc54bb38ed2ac Mon Sep 17 00:00:00 2001 +From: Laszlo Gombos +Date: Sat, 4 Mar 2023 23:28:17 +0000 +Subject: [PATCH] fix(fs-lib): remove quoting form the first argument of the + e2fsck call + +Fix regression. +--- + modules.d/99fs-lib/fs-lib.sh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/modules.d/99fs-lib/fs-lib.sh b/modules.d/99fs-lib/fs-lib.sh +index dd20731f29..c4640fa8a4 100755 +--- a/modules.d/99fs-lib/fs-lib.sh ++++ b/modules.d/99fs-lib/fs-lib.sh +@@ -107,7 +107,8 @@ fsck_drv_com() { + + info "issuing $_drv $_fop $_dev" + # we enforce non-interactive run, so $() is fine +- _out=$($_drv "$_fop" "$_dev") ++ # shellcheck disable=SC2086 ++ _out=$($_drv $_fop "$_dev") + _ret=$? + fsck_tail + diff --git a/dracut.spec b/dracut.spec index c8ebd02..97f22ee 100644 --- a/dracut.spec +++ b/dracut.spec @@ -9,7 +9,7 @@ Name: dracut Version: 059 -Release: 3 +Release: 4 Summary: Initramfs generator using udev @@ -32,6 +32,9 @@ Patch5: revert-fix-systemd-networkd-make-systemd-networkd.patch Patch6: make-network-legacy-instead-of-network-manager-the-network.patch Patch7: bring-back-51-dracut-rescue-postinst.sh.patch Patch8: backport-fix-multipath-remove-dependency-on-multipathd-socket.patch +Patch9: backport-fix-dracut-install-protect-against-broken-links-poin.patch +Patch10: backport-fix-dracut.sh-exit-if-resolving-executable-dependenc.patch +Patch11: backport-fix-fs-lib-remove-quoting-form-the-first-argument-of.patch Source1: https://www.gnu.org/licenses/lgpl-2.1.txt Source2: openEuler.conf.example @@ -520,6 +523,9 @@ rm -f 51-dracut-rescue-postinst.sh %endif %changelog +* Mon Sep 25 2023 liweigang - 059-4 +- backport update stream + * Tue Apr 11 2023 Jiayi Chen - 059-3 - remove dependency on multipathd.socket to fix initrd hanging -- Gitee