From 5f9878444222cdc9dd3e832fa198e3e7450e4bf8 Mon Sep 17 00:00:00 2001 From: Yangyang Shen Date: Thu, 27 May 2021 12:26:32 +0800 Subject: [PATCH 1/5] change requires to openssl-libs as post scripts systemctl requires libssl.so.1.1 --- systemd.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/systemd.spec b/systemd.spec index bf1dbd2..a86c8d7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 34 +Release: 35 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -157,7 +157,7 @@ Requires(post): coreutils Requires(post): sed Requires(post): acl Requires(post): grep -Requires(post): openssl +Requires(post): openssl-libs Requires(pre): coreutils Requires(pre): /usr/bin/getent Requires(pre): /usr/sbin/groupadd @@ -1509,6 +1509,12 @@ fi %exclude /usr/share/man/man3/* %changelog +* Thu May 27 2021 shenyangyang - 246-35 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:change requires to openssl-libs as post scripts systemctl requires libssl.so.1.1 + * Mon May 10 2021 shenyangyang - 246-34 - Type:bugfix - ID:NA -- Gitee From 83d7bc9bd7772d6d7d5243c7f5abdc2730d15708 Mon Sep 17 00:00:00 2001 From: overweight Date: Sun, 30 May 2021 22:02:17 -0400 Subject: [PATCH 2/5] fix patches name and patches num (cherry picked from commit b95c118210e62e208c11d9a07e08b770d6ded2f7) --- ...error-caused-by-device-disconnection.patch | 0 ...-parameter-of-get_name_owner_handler.patch | 0 ...re-dont-check-potentially-NULL-error.patch | 0 ...=> 0005-0001-core-shorten-code-a-bit.patch | 0 ...06-0001-core-no-need-to-eat-up-error.patch | 0 ...-unit-bus-name-slots-always-together.patch | 0 ...initial-ListNames-bus-call-from-PID1.patch | 0 ...-rtc-with-system-clock-when-shutdown.patch | 0 ...dd-actions-while-rename-netif-failed.patch | 0 ...1712-1.patch => 0011-CVE-2020-1712-1.patch | 0 ...1712-2.patch => 0012-CVE-2020-1712-2.patch | 0 ...1712-3.patch => 0013-CVE-2020-1712-3.patch | 0 ...1712-4.patch => 0014-CVE-2020-1712-4.patch | 0 ...1712-5.patch => 0015-CVE-2020-1712-5.patch | 0 ...-journal-files-that-were-deleted-by-.patch | 0 ...tTasksMax-to-80-of-the-kernel-pid.ma.patch | 0 ...rtual-machines-have-same-mac-address.patch | 0 ...nd-set-RemoveIPC-to-false-by-default.patch | 0 ...or-naming-Dell-iDRAC-USB-Virtual-NIC.patch | 0 ...nit-don-t-add-Requires-for-tmp.mount.patch | 0 ...switch-net.ipv4.conf.all.rp_filter-f.patch | 0 ...evator-kernel-command-line-parameter.patch | 0 ...le-that-adds-elevator-kernel-command.patch | 0 ...its-add-Install-section-to-tmp.mount.patch | 0 ...vd.service-start-after-systemd-remou.patch | 0 ...patch => 0027-udev-virsh-shutdown-vm.patch | 0 ...8-fix-fd-leak-in-no-memory-condition.patch | 0 ...0029-dbus-execute-avoid-extra-strdup.patch | 0 ...mounted-as-tmpfs-without-the-user-s-.patch | 0 ...d-bus-properly-initialize-containers.patch | 0 ...step-back-again-for-nspawn-we-actual.patch | 0 ...able-systemd-journald-audit.socket-b.patch | 0 ...drop-unit-caches-only-based-on-mtime.patch | 0 ...dd-unit-files-to-dump-the-unit-fragm.patch | 0 ...id1-use-a-cache-for-all-unit-aliases.patch | 0 ...it-file-add-a-function-to-validate-u.patch | 0 ...tl-crash-on-aarch64-when-setting-out.patch | 0 ...prehensive-protection-against-libsec.patch | 0 ...le-free-in-macsec_receive_channel_fr.patch | 0 ...patch => 0041-network-L2TP-fix-crash.patch | 0 ...memleak-caused-by-wrong-cleanup-func.patch | 0 ...ch => 0043-analyze-fix-minor-memleak.patch | 0 ...k-add-one-more-section-validty-check.patch | 0 ...etwork-use-fix-invalid-free-function.patch | 0 ...ak.patch => 0046-network-fix-memleak.patch | 0 ...k-Add-support-to-advertie-ipv6-route.patch | 0 ...network-fix-invalid-cleanup-function.patch | 0 ...ork-fix-memleak-in-route_prefix_free.patch | 0 ...ak.patch => 0050-sd-radv-fix-memleak.patch | 0 ...validate-connection-when-Hello-fails.patch | 0 ...-bus-util-Don-t-replace-exsting-strv.patch | 0 ...systemctl-Add-with-dependencies-flag.patch | 0 ...t-systemctl-with-dependencies-switch.patch | 0 ...-priority-value-via-dbus-only-if-it-.patch | 0 ...we-forgot-to-destroy-some-bus-errors.patch | 0 ...spection-bug-in-signal-parameter-nam.patch | 0 ...pParseFlags-between-dbus-execute-and.patch | 0 ...9-core-swap-priority-can-be-negative.patch | 0 ...initialize-swap-structure-fields-if-.patch | 0 ...priority_set-when-parsing-swap-unit-.patch | 0 ...sed-logging-instead-of-generic-loggi.patch | 0 ... 0063-core-set-error-value-correctly.patch | 0 ...ix-re-realization-of-cgroup-siblings.patch | 0 ...ble-avoid-crash-when-table-is-sparse.patch | 0 ...al-fix-buffer-overrun-when-urlifying.patch | 0 ...or-IP-in-certificate-when-using-DoT-.patch | 0 ...nection-failures-with-TLS-1.3-and-Gn.patch | 0 ...-at-least-version-3.6.0-of-GnuTLS-fo.patch | 0 ...-in-resolved.conf-man-page-with-rega.patch | 0 ...mplement-SNI-when-using-DNS-over-TLS.patch | 0 ...-resolve-error-handling-improvements.patch | 0 ...-use-hostname-for-certificate-valida.patch | 0 ...rdata-pointer-inheritance-from-varli.patch | 0 ...e-_SUN-ACPI-index-as-a-signed-intege.patch | 0 ...t-generate-slot-based-names-if-multi.patch | 0 systemd.spec | 163 +++++++++--------- 76 files changed, 83 insertions(+), 80 deletions(-) rename 0001-udev-ignore-error-caused-by-device-disconnection.patch => 0002-0001-udev-ignore-error-caused-by-device-disconnection.patch (100%) rename 0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch => 0003-0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch (100%) rename 0001-core-dont-check-potentially-NULL-error.patch => 0004-0001-core-dont-check-potentially-NULL-error.patch (100%) rename 0001-core-shorten-code-a-bit.patch => 0005-0001-core-shorten-code-a-bit.patch (100%) rename 0001-core-no-need-to-eat-up-error.patch => 0006-0001-core-no-need-to-eat-up-error.patch (100%) rename 0001-core-create-or-remove-unit-bus-name-slots-always-together.patch => 0007-0001-core-create-or-remove-unit-bus-name-slots-always-together.patch (100%) rename 0001-core-drop-initial-ListNames-bus-call-from-PID1.patch => 0008-0001-core-drop-initial-ListNames-bus-call-from-PID1.patch (100%) rename 1605-update-rtc-with-system-clock-when-shutdown.patch => 0009-1605-update-rtc-with-system-clock-when-shutdown.patch (100%) rename 1603-udev-add-actions-while-rename-netif-failed.patch => 0010-1603-udev-add-actions-while-rename-netif-failed.patch (100%) rename CVE-2020-1712-1.patch => 0011-CVE-2020-1712-1.patch (100%) rename CVE-2020-1712-2.patch => 0012-CVE-2020-1712-2.patch (100%) rename CVE-2020-1712-3.patch => 0013-CVE-2020-1712-3.patch (100%) rename CVE-2020-1712-4.patch => 0014-CVE-2020-1712-4.patch (100%) rename CVE-2020-1712-5.patch => 0015-CVE-2020-1712-5.patch (100%) rename sd-journal-close-journal-files-that-were-deleted-by-.patch => 0016-sd-journal-close-journal-files-that-were-deleted-by-.patch (100%) rename pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch => 0017-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch (100%) rename fix-two-VF-virtual-machines-have-same-mac-address.patch => 0018-fix-two-VF-virtual-machines-have-same-mac-address.patch (100%) rename logind-set-RemoveIPC-to-false-by-default.patch => 0019-logind-set-RemoveIPC-to-false-by-default.patch (100%) rename rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch => 0020-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch (100%) rename unit-don-t-add-Requires-for-tmp.mount.patch => 0021-unit-don-t-add-Requires-for-tmp.mount.patch (100%) rename Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch => 0022-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch (100%) rename rules-add-elevator-kernel-command-line-parameter.patch => 0023-rules-add-elevator-kernel-command-line-parameter.patch (100%) rename rules-add-the-rule-that-adds-elevator-kernel-command.patch => 0024-rules-add-the-rule-that-adds-elevator-kernel-command.patch (100%) rename units-add-Install-section-to-tmp.mount.patch => 0025-units-add-Install-section-to-tmp.mount.patch (100%) rename Make-systemd-udevd.service-start-after-systemd-remou.patch => 0026-Make-systemd-udevd.service-start-after-systemd-remou.patch (100%) rename udev-virsh-shutdown-vm.patch => 0027-udev-virsh-shutdown-vm.patch (100%) rename fix-fd-leak-in-no-memory-condition.patch => 0028-fix-fd-leak-in-no-memory-condition.patch (100%) rename dbus-execute-avoid-extra-strdup.patch => 0029-dbus-execute-avoid-extra-strdup.patch (100%) rename Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch => 0030-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch (100%) rename sd-bus-properly-initialize-containers.patch => 0031-sd-bus-properly-initialize-containers.patch (100%) rename Revert-core-one-step-back-again-for-nspawn-we-actual.patch => 0032-Revert-core-one-step-back-again-for-nspawn-we-actual.patch (100%) rename journal-don-t-enable-systemd-journald-audit.socket-b.patch => 0033-journal-don-t-enable-systemd-journald-audit.socket-b.patch (100%) rename revert-pid1-drop-unit-caches-only-based-on-mtime.patch => 0034-revert-pid1-drop-unit-caches-only-based-on-mtime.patch (100%) rename revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch => 0035-revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch (100%) rename revert-pid1-use-a-cache-for-all-unit-aliases.patch => 0036-revert-pid1-use-a-cache-for-all-unit-aliases.patch (100%) rename revert-shared-unit-file-add-a-function-to-validate-u.patch => 0037-revert-shared-unit-file-add-a-function-to-validate-u.patch (100%) rename systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch => 0038-systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch (100%) rename seccomp-more-comprehensive-protection-against-libsec.patch => 0039-seccomp-more-comprehensive-protection-against-libsec.patch (100%) rename network-fix-double-free-in-macsec_receive_channel_fr.patch => 0040-network-fix-double-free-in-macsec_receive_channel_fr.patch (100%) rename network-L2TP-fix-crash.patch => 0041-network-L2TP-fix-crash.patch (100%) rename systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch => 0042-systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch (100%) rename analyze-fix-minor-memleak.patch => 0043-analyze-fix-minor-memleak.patch (100%) rename network-add-one-more-section-validty-check.patch => 0044-network-add-one-more-section-validty-check.patch (100%) rename network-use-fix-invalid-free-function.patch => 0045-network-use-fix-invalid-free-function.patch (100%) rename network-fix-memleak.patch => 0046-network-fix-memleak.patch (100%) rename network-Add-support-to-advertie-ipv6-route.patch => 0047-network-Add-support-to-advertie-ipv6-route.patch (100%) rename network-fix-invalid-cleanup-function.patch => 0048-network-fix-invalid-cleanup-function.patch (100%) rename network-fix-memleak-in-route_prefix_free.patch => 0049-network-fix-memleak-in-route_prefix_free.patch (100%) rename sd-radv-fix-memleak.patch => 0050-sd-radv-fix-memleak.patch (100%) rename sd-bus-invalidate-connection-when-Hello-fails.patch => 0051-sd-bus-invalidate-connection-when-Hello-fails.patch (100%) rename shared-bus-util-Don-t-replace-exsting-strv.patch => 0052-shared-bus-util-Don-t-replace-exsting-strv.patch (100%) rename systemctl-Add-with-dependencies-flag.patch => 0053-systemctl-Add-with-dependencies-flag.patch (100%) rename man-Document-systemctl-with-dependencies-switch.patch => 0054-man-Document-systemctl-with-dependencies-switch.patch (100%) rename core-expose-swap-priority-value-via-dbus-only-if-it-.patch => 0055-core-expose-swap-priority-value-via-dbus-only-if-it-.patch (100%) rename tree-wide-we-forgot-to-destroy-some-bus-errors.patch => 0056-tree-wide-we-forgot-to-destroy-some-bus-errors.patch (100%) rename sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch => 0057-sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch (100%) rename core-sync-SeccompParseFlags-between-dbus-execute-and.patch => 0058-core-sync-SeccompParseFlags-between-dbus-execute-and.patch (100%) rename core-swap-priority-can-be-negative.patch => 0059-core-swap-priority-can-be-negative.patch (100%) rename core-no-need-to-initialize-swap-structure-fields-if-.patch => 0060-core-no-need-to-initialize-swap-structure-fields-if-.patch (100%) rename core-initialize-priority_set-when-parsing-swap-unit-.patch => 0061-core-initialize-priority_set-when-parsing-swap-unit-.patch (100%) rename core-use-unit-based-logging-instead-of-generic-loggi.patch => 0062-core-use-unit-based-logging-instead-of-generic-loggi.patch (100%) rename core-set-error-value-correctly.patch => 0063-core-set-error-value-correctly.patch (100%) rename core-fix-re-realization-of-cgroup-siblings.patch => 0064-core-fix-re-realization-of-cgroup-siblings.patch (100%) rename basic-string-table-avoid-crash-when-table-is-sparse.patch => 0065-basic-string-table-avoid-crash-when-table-is-sparse.patch (100%) rename journal-fix-buffer-overrun-when-urlifying.patch => 0066-journal-fix-buffer-overrun-when-urlifying.patch (100%) rename backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch => 0071-backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch (100%) rename backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch => 0072-backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch (100%) rename backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch => 0073-backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch (100%) rename backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch => 0074-backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch (100%) rename backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch => 0075-backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch (100%) rename backport-CVE-2018-21029-resolve-error-handling-improvements.patch => 0076-backport-CVE-2018-21029-resolve-error-handling-improvements.patch (100%) rename backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch => 0077-backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch (100%) rename backport-varlink-make-userdata-pointer-inheritance-from-varli.patch => 0078-backport-varlink-make-userdata-pointer-inheritance-from-varli.patch (100%) rename backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch => 0079-backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch (100%) rename backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch => 0080-backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch (100%) diff --git a/0001-udev-ignore-error-caused-by-device-disconnection.patch b/0002-0001-udev-ignore-error-caused-by-device-disconnection.patch similarity index 100% rename from 0001-udev-ignore-error-caused-by-device-disconnection.patch rename to 0002-0001-udev-ignore-error-caused-by-device-disconnection.patch diff --git a/0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch b/0003-0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch similarity index 100% rename from 0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch rename to 0003-0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch diff --git a/0001-core-dont-check-potentially-NULL-error.patch b/0004-0001-core-dont-check-potentially-NULL-error.patch similarity index 100% rename from 0001-core-dont-check-potentially-NULL-error.patch rename to 0004-0001-core-dont-check-potentially-NULL-error.patch diff --git a/0001-core-shorten-code-a-bit.patch b/0005-0001-core-shorten-code-a-bit.patch similarity index 100% rename from 0001-core-shorten-code-a-bit.patch rename to 0005-0001-core-shorten-code-a-bit.patch diff --git a/0001-core-no-need-to-eat-up-error.patch b/0006-0001-core-no-need-to-eat-up-error.patch similarity index 100% rename from 0001-core-no-need-to-eat-up-error.patch rename to 0006-0001-core-no-need-to-eat-up-error.patch diff --git a/0001-core-create-or-remove-unit-bus-name-slots-always-together.patch b/0007-0001-core-create-or-remove-unit-bus-name-slots-always-together.patch similarity index 100% rename from 0001-core-create-or-remove-unit-bus-name-slots-always-together.patch rename to 0007-0001-core-create-or-remove-unit-bus-name-slots-always-together.patch diff --git a/0001-core-drop-initial-ListNames-bus-call-from-PID1.patch b/0008-0001-core-drop-initial-ListNames-bus-call-from-PID1.patch similarity index 100% rename from 0001-core-drop-initial-ListNames-bus-call-from-PID1.patch rename to 0008-0001-core-drop-initial-ListNames-bus-call-from-PID1.patch diff --git a/1605-update-rtc-with-system-clock-when-shutdown.patch b/0009-1605-update-rtc-with-system-clock-when-shutdown.patch similarity index 100% rename from 1605-update-rtc-with-system-clock-when-shutdown.patch rename to 0009-1605-update-rtc-with-system-clock-when-shutdown.patch diff --git a/1603-udev-add-actions-while-rename-netif-failed.patch b/0010-1603-udev-add-actions-while-rename-netif-failed.patch similarity index 100% rename from 1603-udev-add-actions-while-rename-netif-failed.patch rename to 0010-1603-udev-add-actions-while-rename-netif-failed.patch diff --git a/CVE-2020-1712-1.patch b/0011-CVE-2020-1712-1.patch similarity index 100% rename from CVE-2020-1712-1.patch rename to 0011-CVE-2020-1712-1.patch diff --git a/CVE-2020-1712-2.patch b/0012-CVE-2020-1712-2.patch similarity index 100% rename from CVE-2020-1712-2.patch rename to 0012-CVE-2020-1712-2.patch diff --git a/CVE-2020-1712-3.patch b/0013-CVE-2020-1712-3.patch similarity index 100% rename from CVE-2020-1712-3.patch rename to 0013-CVE-2020-1712-3.patch diff --git a/CVE-2020-1712-4.patch b/0014-CVE-2020-1712-4.patch similarity index 100% rename from CVE-2020-1712-4.patch rename to 0014-CVE-2020-1712-4.patch diff --git a/CVE-2020-1712-5.patch b/0015-CVE-2020-1712-5.patch similarity index 100% rename from CVE-2020-1712-5.patch rename to 0015-CVE-2020-1712-5.patch diff --git a/sd-journal-close-journal-files-that-were-deleted-by-.patch b/0016-sd-journal-close-journal-files-that-were-deleted-by-.patch similarity index 100% rename from sd-journal-close-journal-files-that-were-deleted-by-.patch rename to 0016-sd-journal-close-journal-files-that-were-deleted-by-.patch diff --git a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/0017-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch similarity index 100% rename from pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch rename to 0017-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch diff --git a/fix-two-VF-virtual-machines-have-same-mac-address.patch b/0018-fix-two-VF-virtual-machines-have-same-mac-address.patch similarity index 100% rename from fix-two-VF-virtual-machines-have-same-mac-address.patch rename to 0018-fix-two-VF-virtual-machines-have-same-mac-address.patch diff --git a/logind-set-RemoveIPC-to-false-by-default.patch b/0019-logind-set-RemoveIPC-to-false-by-default.patch similarity index 100% rename from logind-set-RemoveIPC-to-false-by-default.patch rename to 0019-logind-set-RemoveIPC-to-false-by-default.patch diff --git a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/0020-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch similarity index 100% rename from rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch rename to 0020-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch diff --git a/unit-don-t-add-Requires-for-tmp.mount.patch b/0021-unit-don-t-add-Requires-for-tmp.mount.patch similarity index 100% rename from unit-don-t-add-Requires-for-tmp.mount.patch rename to 0021-unit-don-t-add-Requires-for-tmp.mount.patch diff --git a/Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch b/0022-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch similarity index 100% rename from Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch rename to 0022-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch diff --git a/rules-add-elevator-kernel-command-line-parameter.patch b/0023-rules-add-elevator-kernel-command-line-parameter.patch similarity index 100% rename from rules-add-elevator-kernel-command-line-parameter.patch rename to 0023-rules-add-elevator-kernel-command-line-parameter.patch diff --git a/rules-add-the-rule-that-adds-elevator-kernel-command.patch b/0024-rules-add-the-rule-that-adds-elevator-kernel-command.patch similarity index 100% rename from rules-add-the-rule-that-adds-elevator-kernel-command.patch rename to 0024-rules-add-the-rule-that-adds-elevator-kernel-command.patch diff --git a/units-add-Install-section-to-tmp.mount.patch b/0025-units-add-Install-section-to-tmp.mount.patch similarity index 100% rename from units-add-Install-section-to-tmp.mount.patch rename to 0025-units-add-Install-section-to-tmp.mount.patch diff --git a/Make-systemd-udevd.service-start-after-systemd-remou.patch b/0026-Make-systemd-udevd.service-start-after-systemd-remou.patch similarity index 100% rename from Make-systemd-udevd.service-start-after-systemd-remou.patch rename to 0026-Make-systemd-udevd.service-start-after-systemd-remou.patch diff --git a/udev-virsh-shutdown-vm.patch b/0027-udev-virsh-shutdown-vm.patch similarity index 100% rename from udev-virsh-shutdown-vm.patch rename to 0027-udev-virsh-shutdown-vm.patch diff --git a/fix-fd-leak-in-no-memory-condition.patch b/0028-fix-fd-leak-in-no-memory-condition.patch similarity index 100% rename from fix-fd-leak-in-no-memory-condition.patch rename to 0028-fix-fd-leak-in-no-memory-condition.patch diff --git a/dbus-execute-avoid-extra-strdup.patch b/0029-dbus-execute-avoid-extra-strdup.patch similarity index 100% rename from dbus-execute-avoid-extra-strdup.patch rename to 0029-dbus-execute-avoid-extra-strdup.patch diff --git a/Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/0030-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch similarity index 100% rename from Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch rename to 0030-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch diff --git a/sd-bus-properly-initialize-containers.patch b/0031-sd-bus-properly-initialize-containers.patch similarity index 100% rename from sd-bus-properly-initialize-containers.patch rename to 0031-sd-bus-properly-initialize-containers.patch diff --git a/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/0032-Revert-core-one-step-back-again-for-nspawn-we-actual.patch similarity index 100% rename from Revert-core-one-step-back-again-for-nspawn-we-actual.patch rename to 0032-Revert-core-one-step-back-again-for-nspawn-we-actual.patch diff --git a/journal-don-t-enable-systemd-journald-audit.socket-b.patch b/0033-journal-don-t-enable-systemd-journald-audit.socket-b.patch similarity index 100% rename from journal-don-t-enable-systemd-journald-audit.socket-b.patch rename to 0033-journal-don-t-enable-systemd-journald-audit.socket-b.patch diff --git a/revert-pid1-drop-unit-caches-only-based-on-mtime.patch b/0034-revert-pid1-drop-unit-caches-only-based-on-mtime.patch similarity index 100% rename from revert-pid1-drop-unit-caches-only-based-on-mtime.patch rename to 0034-revert-pid1-drop-unit-caches-only-based-on-mtime.patch diff --git a/revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch b/0035-revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch similarity index 100% rename from revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch rename to 0035-revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch diff --git a/revert-pid1-use-a-cache-for-all-unit-aliases.patch b/0036-revert-pid1-use-a-cache-for-all-unit-aliases.patch similarity index 100% rename from revert-pid1-use-a-cache-for-all-unit-aliases.patch rename to 0036-revert-pid1-use-a-cache-for-all-unit-aliases.patch diff --git a/revert-shared-unit-file-add-a-function-to-validate-u.patch b/0037-revert-shared-unit-file-add-a-function-to-validate-u.patch similarity index 100% rename from revert-shared-unit-file-add-a-function-to-validate-u.patch rename to 0037-revert-shared-unit-file-add-a-function-to-validate-u.patch diff --git a/systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch b/0038-systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch similarity index 100% rename from systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch rename to 0038-systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch diff --git a/seccomp-more-comprehensive-protection-against-libsec.patch b/0039-seccomp-more-comprehensive-protection-against-libsec.patch similarity index 100% rename from seccomp-more-comprehensive-protection-against-libsec.patch rename to 0039-seccomp-more-comprehensive-protection-against-libsec.patch diff --git a/network-fix-double-free-in-macsec_receive_channel_fr.patch b/0040-network-fix-double-free-in-macsec_receive_channel_fr.patch similarity index 100% rename from network-fix-double-free-in-macsec_receive_channel_fr.patch rename to 0040-network-fix-double-free-in-macsec_receive_channel_fr.patch diff --git a/network-L2TP-fix-crash.patch b/0041-network-L2TP-fix-crash.patch similarity index 100% rename from network-L2TP-fix-crash.patch rename to 0041-network-L2TP-fix-crash.patch diff --git a/systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch b/0042-systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch similarity index 100% rename from systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch rename to 0042-systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch diff --git a/analyze-fix-minor-memleak.patch b/0043-analyze-fix-minor-memleak.patch similarity index 100% rename from analyze-fix-minor-memleak.patch rename to 0043-analyze-fix-minor-memleak.patch diff --git a/network-add-one-more-section-validty-check.patch b/0044-network-add-one-more-section-validty-check.patch similarity index 100% rename from network-add-one-more-section-validty-check.patch rename to 0044-network-add-one-more-section-validty-check.patch diff --git a/network-use-fix-invalid-free-function.patch b/0045-network-use-fix-invalid-free-function.patch similarity index 100% rename from network-use-fix-invalid-free-function.patch rename to 0045-network-use-fix-invalid-free-function.patch diff --git a/network-fix-memleak.patch b/0046-network-fix-memleak.patch similarity index 100% rename from network-fix-memleak.patch rename to 0046-network-fix-memleak.patch diff --git a/network-Add-support-to-advertie-ipv6-route.patch b/0047-network-Add-support-to-advertie-ipv6-route.patch similarity index 100% rename from network-Add-support-to-advertie-ipv6-route.patch rename to 0047-network-Add-support-to-advertie-ipv6-route.patch diff --git a/network-fix-invalid-cleanup-function.patch b/0048-network-fix-invalid-cleanup-function.patch similarity index 100% rename from network-fix-invalid-cleanup-function.patch rename to 0048-network-fix-invalid-cleanup-function.patch diff --git a/network-fix-memleak-in-route_prefix_free.patch b/0049-network-fix-memleak-in-route_prefix_free.patch similarity index 100% rename from network-fix-memleak-in-route_prefix_free.patch rename to 0049-network-fix-memleak-in-route_prefix_free.patch diff --git a/sd-radv-fix-memleak.patch b/0050-sd-radv-fix-memleak.patch similarity index 100% rename from sd-radv-fix-memleak.patch rename to 0050-sd-radv-fix-memleak.patch diff --git a/sd-bus-invalidate-connection-when-Hello-fails.patch b/0051-sd-bus-invalidate-connection-when-Hello-fails.patch similarity index 100% rename from sd-bus-invalidate-connection-when-Hello-fails.patch rename to 0051-sd-bus-invalidate-connection-when-Hello-fails.patch diff --git a/shared-bus-util-Don-t-replace-exsting-strv.patch b/0052-shared-bus-util-Don-t-replace-exsting-strv.patch similarity index 100% rename from shared-bus-util-Don-t-replace-exsting-strv.patch rename to 0052-shared-bus-util-Don-t-replace-exsting-strv.patch diff --git a/systemctl-Add-with-dependencies-flag.patch b/0053-systemctl-Add-with-dependencies-flag.patch similarity index 100% rename from systemctl-Add-with-dependencies-flag.patch rename to 0053-systemctl-Add-with-dependencies-flag.patch diff --git a/man-Document-systemctl-with-dependencies-switch.patch b/0054-man-Document-systemctl-with-dependencies-switch.patch similarity index 100% rename from man-Document-systemctl-with-dependencies-switch.patch rename to 0054-man-Document-systemctl-with-dependencies-switch.patch diff --git a/core-expose-swap-priority-value-via-dbus-only-if-it-.patch b/0055-core-expose-swap-priority-value-via-dbus-only-if-it-.patch similarity index 100% rename from core-expose-swap-priority-value-via-dbus-only-if-it-.patch rename to 0055-core-expose-swap-priority-value-via-dbus-only-if-it-.patch diff --git a/tree-wide-we-forgot-to-destroy-some-bus-errors.patch b/0056-tree-wide-we-forgot-to-destroy-some-bus-errors.patch similarity index 100% rename from tree-wide-we-forgot-to-destroy-some-bus-errors.patch rename to 0056-tree-wide-we-forgot-to-destroy-some-bus-errors.patch diff --git a/sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch b/0057-sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch similarity index 100% rename from sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch rename to 0057-sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch diff --git a/core-sync-SeccompParseFlags-between-dbus-execute-and.patch b/0058-core-sync-SeccompParseFlags-between-dbus-execute-and.patch similarity index 100% rename from core-sync-SeccompParseFlags-between-dbus-execute-and.patch rename to 0058-core-sync-SeccompParseFlags-between-dbus-execute-and.patch diff --git a/core-swap-priority-can-be-negative.patch b/0059-core-swap-priority-can-be-negative.patch similarity index 100% rename from core-swap-priority-can-be-negative.patch rename to 0059-core-swap-priority-can-be-negative.patch diff --git a/core-no-need-to-initialize-swap-structure-fields-if-.patch b/0060-core-no-need-to-initialize-swap-structure-fields-if-.patch similarity index 100% rename from core-no-need-to-initialize-swap-structure-fields-if-.patch rename to 0060-core-no-need-to-initialize-swap-structure-fields-if-.patch diff --git a/core-initialize-priority_set-when-parsing-swap-unit-.patch b/0061-core-initialize-priority_set-when-parsing-swap-unit-.patch similarity index 100% rename from core-initialize-priority_set-when-parsing-swap-unit-.patch rename to 0061-core-initialize-priority_set-when-parsing-swap-unit-.patch diff --git a/core-use-unit-based-logging-instead-of-generic-loggi.patch b/0062-core-use-unit-based-logging-instead-of-generic-loggi.patch similarity index 100% rename from core-use-unit-based-logging-instead-of-generic-loggi.patch rename to 0062-core-use-unit-based-logging-instead-of-generic-loggi.patch diff --git a/core-set-error-value-correctly.patch b/0063-core-set-error-value-correctly.patch similarity index 100% rename from core-set-error-value-correctly.patch rename to 0063-core-set-error-value-correctly.patch diff --git a/core-fix-re-realization-of-cgroup-siblings.patch b/0064-core-fix-re-realization-of-cgroup-siblings.patch similarity index 100% rename from core-fix-re-realization-of-cgroup-siblings.patch rename to 0064-core-fix-re-realization-of-cgroup-siblings.patch diff --git a/basic-string-table-avoid-crash-when-table-is-sparse.patch b/0065-basic-string-table-avoid-crash-when-table-is-sparse.patch similarity index 100% rename from basic-string-table-avoid-crash-when-table-is-sparse.patch rename to 0065-basic-string-table-avoid-crash-when-table-is-sparse.patch diff --git a/journal-fix-buffer-overrun-when-urlifying.patch b/0066-journal-fix-buffer-overrun-when-urlifying.patch similarity index 100% rename from journal-fix-buffer-overrun-when-urlifying.patch rename to 0066-journal-fix-buffer-overrun-when-urlifying.patch diff --git a/backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch b/0071-backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch similarity index 100% rename from backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch rename to 0071-backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch diff --git a/backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch b/0072-backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch similarity index 100% rename from backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch rename to 0072-backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch diff --git a/backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch b/0073-backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch similarity index 100% rename from backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch rename to 0073-backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch diff --git a/backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch b/0074-backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch similarity index 100% rename from backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch rename to 0074-backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch diff --git a/backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch b/0075-backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch similarity index 100% rename from backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch rename to 0075-backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch diff --git a/backport-CVE-2018-21029-resolve-error-handling-improvements.patch b/0076-backport-CVE-2018-21029-resolve-error-handling-improvements.patch similarity index 100% rename from backport-CVE-2018-21029-resolve-error-handling-improvements.patch rename to 0076-backport-CVE-2018-21029-resolve-error-handling-improvements.patch diff --git a/backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch b/0077-backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch similarity index 100% rename from backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch rename to 0077-backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch diff --git a/backport-varlink-make-userdata-pointer-inheritance-from-varli.patch b/0078-backport-varlink-make-userdata-pointer-inheritance-from-varli.patch similarity index 100% rename from backport-varlink-make-userdata-pointer-inheritance-from-varli.patch rename to 0078-backport-varlink-make-userdata-pointer-inheritance-from-varli.patch diff --git a/backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch b/0079-backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch similarity index 100% rename from backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch rename to 0079-backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch diff --git a/backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch b/0080-backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch similarity index 100% rename from backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch rename to 0080-backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch diff --git a/systemd.spec b/systemd.spec index a86c8d7..9d73db7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 35 +Release: 36 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -44,86 +44,86 @@ Source105: rule_generator.functions Source106: write_net_rules Source107: detect_virt -Patch0002: 0001-udev-ignore-error-caused-by-device-disconnection.patch -Patch0003: 0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch -Patch0004: 0001-core-dont-check-potentially-NULL-error.patch -Patch0005: 0001-core-shorten-code-a-bit.patch -Patch0006: 0001-core-no-need-to-eat-up-error.patch -Patch0007: 0001-core-create-or-remove-unit-bus-name-slots-always-together.patch -Patch0008: 0001-core-drop-initial-ListNames-bus-call-from-PID1.patch -Patch0009: 1605-update-rtc-with-system-clock-when-shutdown.patch -Patch0010: 1603-udev-add-actions-while-rename-netif-failed.patch -Patch0011: CVE-2020-1712-1.patch -Patch0012: CVE-2020-1712-2.patch -Patch0013: CVE-2020-1712-3.patch -Patch0014: CVE-2020-1712-4.patch -Patch0015: CVE-2020-1712-5.patch -Patch0016: sd-journal-close-journal-files-that-were-deleted-by-.patch -Patch0017: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0018: fix-two-VF-virtual-machines-have-same-mac-address.patch -Patch0019: logind-set-RemoveIPC-to-false-by-default.patch -Patch0020: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch -Patch0021: unit-don-t-add-Requires-for-tmp.mount.patch -Patch0022: Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch -Patch2023: rules-add-elevator-kernel-command-line-parameter.patch -Patch2024: rules-add-the-rule-that-adds-elevator-kernel-command.patch -Patch2025: units-add-Install-section-to-tmp.mount.patch -Patch0026: Make-systemd-udevd.service-start-after-systemd-remou.patch -Patch0027: udev-virsh-shutdown-vm.patch -Patch0028: fix-fd-leak-in-no-memory-condition.patch -Patch0029: dbus-execute-avoid-extra-strdup.patch -Patch0030: Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch0031: sd-bus-properly-initialize-containers.patch -Patch0032: Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch0033: journal-don-t-enable-systemd-journald-audit.socket-b.patch +Patch0002: 0002-0001-udev-ignore-error-caused-by-device-disconnection.patch +Patch0003: 0003-0001-core-dont-check-error-parameter-of-get_name_owner_handler.patch +Patch0004: 0004-0001-core-dont-check-potentially-NULL-error.patch +Patch0005: 0005-0001-core-shorten-code-a-bit.patch +Patch0006: 0006-0001-core-no-need-to-eat-up-error.patch +Patch0007: 0007-0001-core-create-or-remove-unit-bus-name-slots-always-together.patch +Patch0008: 0008-0001-core-drop-initial-ListNames-bus-call-from-PID1.patch +Patch0009: 0009-1605-update-rtc-with-system-clock-when-shutdown.patch +Patch0010: 0010-1603-udev-add-actions-while-rename-netif-failed.patch +Patch0011: 0011-CVE-2020-1712-1.patch +Patch0012: 0012-CVE-2020-1712-2.patch +Patch0013: 0013-CVE-2020-1712-3.patch +Patch0014: 0014-CVE-2020-1712-4.patch +Patch0015: 0015-CVE-2020-1712-5.patch +Patch0016: 0016-sd-journal-close-journal-files-that-were-deleted-by-.patch +Patch0017: 0017-pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch0018: 0018-fix-two-VF-virtual-machines-have-same-mac-address.patch +Patch0019: 0019-logind-set-RemoveIPC-to-false-by-default.patch +Patch0020: 0020-rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +Patch0021: 0021-unit-don-t-add-Requires-for-tmp.mount.patch +Patch0022: 0022-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +Patch0023: 0023-rules-add-elevator-kernel-command-line-parameter.patch +Patch0024: 0024-rules-add-the-rule-that-adds-elevator-kernel-command.patch +Patch0025: 0025-units-add-Install-section-to-tmp.mount.patch +Patch0026: 0026-Make-systemd-udevd.service-start-after-systemd-remou.patch +Patch0027: 0027-udev-virsh-shutdown-vm.patch +Patch0028: 0028-fix-fd-leak-in-no-memory-condition.patch +Patch0029: 0029-dbus-execute-avoid-extra-strdup.patch +Patch0030: 0030-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch0031: 0031-sd-bus-properly-initialize-containers.patch +Patch0032: 0032-Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch0033: 0033-journal-don-t-enable-systemd-journald-audit.socket-b.patch # The patch of 0026~0029 resolve the pid1 memory leaks -Patch0034: revert-pid1-drop-unit-caches-only-based-on-mtime.patch -Patch0035: revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch -Patch0036: revert-pid1-use-a-cache-for-all-unit-aliases.patch -Patch0037: revert-shared-unit-file-add-a-function-to-validate-u.patch - -Patch0038: systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch -Patch0039: seccomp-more-comprehensive-protection-against-libsec.patch -Patch0040: network-fix-double-free-in-macsec_receive_channel_fr.patch -Patch0041: network-L2TP-fix-crash.patch - -Patch0042: systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch -Patch0043: analyze-fix-minor-memleak.patch -Patch0044: network-add-one-more-section-validty-check.patch -Patch0045: network-use-fix-invalid-free-function.patch -Patch0046: network-fix-memleak.patch -Patch0047: network-Add-support-to-advertie-ipv6-route.patch -Patch0048: network-fix-invalid-cleanup-function.patch -Patch0049: network-fix-memleak-in-route_prefix_free.patch -Patch0050: sd-radv-fix-memleak.patch -Patch0051: sd-bus-invalidate-connection-when-Hello-fails.patch -Patch0052: shared-bus-util-Don-t-replace-exsting-strv.patch -Patch0053: systemctl-Add-with-dependencies-flag.patch -Patch0054: man-Document-systemctl-with-dependencies-switch.patch -Patch0055: core-expose-swap-priority-value-via-dbus-only-if-it-.patch -Patch0056: tree-wide-we-forgot-to-destroy-some-bus-errors.patch -Patch0057: sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch -Patch0058: core-sync-SeccompParseFlags-between-dbus-execute-and.patch -Patch0059: core-swap-priority-can-be-negative.patch -Patch0060: core-no-need-to-initialize-swap-structure-fields-if-.patch -Patch0061: core-initialize-priority_set-when-parsing-swap-unit-.patch -Patch0062: core-use-unit-based-logging-instead-of-generic-loggi.patch -Patch0063: core-set-error-value-correctly.patch -Patch0064: core-fix-re-realization-of-cgroup-siblings.patch -Patch0065: basic-string-table-avoid-crash-when-table-is-sparse.patch -Patch0066: journal-fix-buffer-overrun-when-urlifying.patch - -Patch0071: backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch -Patch0072: backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch -Patch0073: backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch -Patch0074: backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch -Patch0075: backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch -Patch0076: backport-CVE-2018-21029-resolve-error-handling-improvements.patch -Patch0077: backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch -Patch0078: backport-varlink-make-userdata-pointer-inheritance-from-varli.patch -Patch0079: backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch -Patch0080: backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch +Patch0034: 0034-revert-pid1-drop-unit-caches-only-based-on-mtime.patch +Patch0035: 0035-revert-analyze-add-unit-files-to-dump-the-unit-fragm.patch +Patch0036: 0036-revert-pid1-use-a-cache-for-all-unit-aliases.patch +Patch0037: 0037-revert-shared-unit-file-add-a-function-to-validate-u.patch + +Patch0038: 0038-systemd-Fix-busctl-crash-on-aarch64-when-setting-out.patch +Patch0039: 0039-seccomp-more-comprehensive-protection-against-libsec.patch +Patch0040: 0040-network-fix-double-free-in-macsec_receive_channel_fr.patch +Patch0041: 0041-network-L2TP-fix-crash.patch + +Patch0042: 0042-systemctl-fix-memleak-caused-by-wrong-cleanup-func.patch +Patch0043: 0043-analyze-fix-minor-memleak.patch +Patch0044: 0044-network-add-one-more-section-validty-check.patch +Patch0045: 0045-network-use-fix-invalid-free-function.patch +Patch0046: 0046-network-fix-memleak.patch +Patch0047: 0047-network-Add-support-to-advertie-ipv6-route.patch +Patch0048: 0048-network-fix-invalid-cleanup-function.patch +Patch0049: 0049-network-fix-memleak-in-route_prefix_free.patch +Patch0050: 0050-sd-radv-fix-memleak.patch +Patch0051: 0051-sd-bus-invalidate-connection-when-Hello-fails.patch +Patch0052: 0052-shared-bus-util-Don-t-replace-exsting-strv.patch +Patch0053: 0053-systemctl-Add-with-dependencies-flag.patch +Patch0054: 0054-man-Document-systemctl-with-dependencies-switch.patch +Patch0055: 0055-core-expose-swap-priority-value-via-dbus-only-if-it-.patch +Patch0056: 0056-tree-wide-we-forgot-to-destroy-some-bus-errors.patch +Patch0057: 0057-sd-bus-fix-introspection-bug-in-signal-parameter-nam.patch +Patch0058: 0058-core-sync-SeccompParseFlags-between-dbus-execute-and.patch +Patch0059: 0059-core-swap-priority-can-be-negative.patch +Patch0060: 0060-core-no-need-to-initialize-swap-structure-fields-if-.patch +Patch0061: 0061-core-initialize-priority_set-when-parsing-swap-unit-.patch +Patch0062: 0062-core-use-unit-based-logging-instead-of-generic-loggi.patch +Patch0063: 0063-core-set-error-value-correctly.patch +Patch0064: 0064-core-fix-re-realization-of-cgroup-siblings.patch +Patch0065: 0065-basic-string-table-avoid-crash-when-table-is-sparse.patch +Patch0066: 0066-journal-fix-buffer-overrun-when-urlifying.patch + +Patch0071: 0071-backport-CVE-2018-21029-resolved-check-for-IP-in-certificate-when-using-DoT-.patch +Patch0072: 0072-backport-CVE-2018-21029-resolved-fix-connection-failures-with-TLS-1.3-and-Gn.patch +Patch0073: 0073-backport-CVE-2018-21029-resolved-require-at-least-version-3.6.0-of-GnuTLS-fo.patch +Patch0074: 0074-backport-CVE-2018-21029-Be-more-specific-in-resolved.conf-man-page-with-rega.patch +Patch0075: 0075-backport-CVE-2018-21029-Implement-SNI-when-using-DNS-over-TLS.patch +Patch0076: 0076-backport-CVE-2018-21029-resolve-error-handling-improvements.patch +Patch0077: 0077-backport-CVE-2018-21029-systemd-resolved-use-hostname-for-certificate-valida.patch +Patch0078: 0078-backport-varlink-make-userdata-pointer-inheritance-from-varli.patch +Patch0079: 0079-backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch +Patch0080: 0080-backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch #openEuler Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch @@ -1509,6 +1509,9 @@ fi %exclude /usr/share/man/man3/* %changelog +* Mon May 31 2021 overweight - 246-36 +- fix patches name and patches num + * Thu May 27 2021 shenyangyang - 246-35 - Type:bugfix - ID:NA @@ -1632,7 +1635,7 @@ fi - Type:enhancement - ID:NA - SUG:NA -- DESC:add 1603-udev-add-actions-while-rename-netif-failed.patch +- DESC:add 0010-1603-udev-add-actions-while-rename-netif-failed.patch * Sat Feb 29 2020 openEuler Buildteam - 243-15 - Type:enhancement -- Gitee From d3021d7a3bf971eec3cb6f87bcf8be3c9a947389 Mon Sep 17 00:00:00 2001 From: fangxiuning Date: Mon, 31 May 2021 17:13:34 +0800 Subject: [PATCH 3/5] modify --- ...cached-credentials-of-stdout-streams.patch | 148 +++++++++++ ...end-of-line-marker-handling-to-use-a.patch | 77 ++++++ ...-journald-rework-pid-change-handling.patch | 230 ++++++++++++++++++ ...-longer-line-length-limit-during-set.patch | 104 ++++++++ systemd.spec | 22 +- 5 files changed, 575 insertions(+), 6 deletions(-) create mode 100644 0081-journal-refresh-cached-credentials-of-stdout-streams.patch create mode 100644 0082-journald-rework-end-of-line-marker-handling-to-use-a.patch create mode 100644 0083-journald-rework-pid-change-handling.patch create mode 100644 0084-journald-enforce-longer-line-length-limit-during-set.patch diff --git a/0081-journal-refresh-cached-credentials-of-stdout-streams.patch b/0081-journal-refresh-cached-credentials-of-stdout-streams.patch new file mode 100644 index 0000000..195dda4 --- /dev/null +++ b/0081-journal-refresh-cached-credentials-of-stdout-streams.patch @@ -0,0 +1,148 @@ +From 09d0b46ab61bebafe5bdc1be95ee153dfb13d6bc Mon Sep 17 00:00:00 2001 +From: Lorenz Bauer +Date: Mon, 4 Nov 2019 16:35:46 +0000 +Subject: [PATCH] journal: refresh cached credentials of stdout streams + +journald assumes that getsockopt(SO_PEERCRED) correctly identifies the +process on the remote end of the socket. However, this is incorrect +according to man 7 socket: + +The returned credentials are those that were in effect at the + time of the call to connect(2) or socketpair(2). + +This becomes a problem when a new process inherits the stdout stream +from a parent. First, log messages from the child process will +be attributed to the parent. Second, the struct ucred used by journald +becomes invalid as soon as the parent exits. Further sendmsg calls then +fail with ENOENT. Logs for the child process then vanish from the journal. + +Fix this by using recvmsg on the stdout stream, and refreshing the cached +struct ucred if SCM_CREDENTIALS indicate a new process. + +Fixes #13708 +--- + src/journal/journald-stream.c | 49 ++++++++++++++++++++++++++++++++++-- + test/TEST-04-JOURNAL/test-journal.sh | 16 ++++++++++++ + 2 files changed, 63 insertions(+), 2 deletions(-) + +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c +index afebade..22a70ce 100644 +--- a/src/journal/journald-stream.c ++++ b/src/journal/journald-stream.c +@@ -487,11 +487,22 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) { + } + + static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) { ++ uint8_t buf[CMSG_SPACE(sizeof(struct ucred))]; + StdoutStream *s = userdata; ++ struct ucred *ucred = NULL; ++ struct cmsghdr *cmsg; ++ struct iovec iovec; + size_t limit; + ssize_t l; + int r; + ++ struct msghdr msghdr = { ++ .msg_iov = &iovec, ++ .msg_iovlen = 1, ++ .msg_control = buf, ++ .msg_controllen = sizeof(buf), ++ }; ++ + assert(s); + + if ((revents|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) { +@@ -511,20 +522,50 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, + * always leave room for a terminating NUL we might need to add. */ + limit = MIN(s->allocated - 1, s->server->line_max); + +- l = read(s->fd, s->buffer + s->length, limit - s->length); ++ iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length); ++ ++ l = recvmsg(s->fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); + if (l < 0) { +- if (errno == EAGAIN) ++ if (IN_SET(errno, EINTR, EAGAIN)) + return 0; + + log_warning_errno(errno, "Failed to read from stream: %m"); + goto terminate; + } ++ cmsg_close_all(&msghdr); + + if (l == 0) { + stdout_stream_scan(s, true); + goto terminate; + } + ++ CMSG_FOREACH(cmsg, &msghdr) ++ if (cmsg->cmsg_level == SOL_SOCKET && ++ cmsg->cmsg_type == SCM_CREDENTIALS && ++ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { ++ ucred = (struct ucred *)CMSG_DATA(cmsg); ++ break; ++ } ++ ++ /* Invalidate the context if the pid of the sender changed. ++ * This happens when a forked process inherits stdout / stderr ++ * from a parent. In this case getpeercred returns the ucred ++ * of the parent, which can be invalid if the parent has exited ++ * in the meantime. ++ */ ++ if (ucred && ucred->pid != s->ucred.pid) { ++ /* force out any previously half-written lines from a ++ * different process, before we switch to the new ucred ++ * structure for everything we just added */ ++ r = stdout_stream_scan(s, true); ++ if (r < 0) ++ goto terminate; ++ ++ s->ucred = *ucred; ++ client_context_release(s->server, s->context); ++ s->context = NULL; ++ } ++ + s->length += l; + r = stdout_stream_scan(s, false); + if (r < 0) +@@ -562,6 +603,10 @@ int stdout_stream_install(Server *s, int fd, StdoutStream **ret) { + if (r < 0) + return log_error_errno(r, "Failed to determine peer credentials: %m"); + ++ r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true); ++ if (r < 0) ++ return log_error_errno(r, "SO_PASSCRED failed: %m"); ++ + if (mac_selinux_use()) { + r = getpeersec(fd, &stream->label); + if (r < 0 && r != -EOPNOTSUPP) +diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh +index 4e539aa..de27eb0 100755 +--- a/test/TEST-04-JOURNAL/test-journal.sh ++++ b/test/TEST-04-JOURNAL/test-journal.sh +@@ -74,6 +74,22 @@ cmp /expected /output + { journalctl -ball -b -m 2>&1 || :; } | head -1 > /output + cmp /expected /output + ++# https://github.com/systemd/systemd/issues/13708 ++ID=$(systemd-id128 new) ++systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' & ++PID=$! ++wait %% ++journalctl --sync ++# We can drop this grep when https://github.com/systemd/systemd/issues/13937 ++# has a fix. ++journalctl -b -o export -t "$ID" --output-fields=_PID | grep '^_PID=' >/output ++[[ `grep -c . /output` -eq 2 ]] ++grep -q "^_PID=$PID" /output ++grep -vq "^_PID=$PID" /output ++ ++# Add new tests before here, the journald restarts below ++# may make tests flappy. ++ + # Don't lose streams on restart + systemctl start forever-print-hola + sleep 3 +-- +1.8.3.1 + diff --git a/0082-journald-rework-end-of-line-marker-handling-to-use-a.patch b/0082-journald-rework-end-of-line-marker-handling-to-use-a.patch new file mode 100644 index 0000000..c365959 --- /dev/null +++ b/0082-journald-rework-end-of-line-marker-handling-to-use-a.patch @@ -0,0 +1,77 @@ +From 549b7379ba404c33fd448d2bca46a57f6529b00b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 12 May 2020 18:53:35 +0200 +Subject: [PATCH] journald: rework end of line marker handling to use a field + table + +--- + src/journal/journald-stream.c | 29 ++++++++++++++++++++--------- + 1 file changed, 20 insertions(+), 9 deletions(-) + +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c +index 22a70ce..b86ed78 100644 +--- a/src/journal/journald-stream.c ++++ b/src/journal/journald-stream.c +@@ -57,6 +57,8 @@ typedef enum LineBreak { + LINE_BREAK_NUL, + LINE_BREAK_LINE_MAX, + LINE_BREAK_EOF, ++ _LINE_BREAK_MAX, ++ _LINE_BREAK_INVALID = -1, + } LineBreak; + + struct StdoutStream { +@@ -236,7 +238,11 @@ fail: + return log_error_errno(r, "Failed to save stream data %s: %m", s->state_file); + } + +-static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_break) { ++static int stdout_stream_log( ++ StdoutStream *s, ++ const char *p, ++ LineBreak line_break) { ++ + struct iovec *iovec; + int priority; + char syslog_priority[] = "PRIORITY=\0"; +@@ -248,6 +254,9 @@ static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_brea + assert(s); + assert(p); + ++ assert(line_break >= 0); ++ assert(line_break < _LINE_BREAK_MAX); ++ + if (s->context) + (void) client_context_maybe_refresh(s->server, s->context, NULL, NULL, 0, NULL, USEC_INFINITY); + else if (pid_is_valid(s->ucred.pid)) { +@@ -299,17 +308,19 @@ static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_brea + iovec[n++] = IOVEC_MAKE_STRING(syslog_identifier); + } + +- if (line_break != LINE_BREAK_NEWLINE) { +- const char *c; ++ static const char * const line_break_field_table[_LINE_BREAK_MAX] = { ++ [LINE_BREAK_NEWLINE] = NULL, /* Do not add field if traditional newline */ ++ [LINE_BREAK_NUL] = "_LINE_BREAK=nul", ++ [LINE_BREAK_LINE_MAX] = "_LINE_BREAK=line-max", ++ [LINE_BREAK_EOF] = "_LINE_BREAK=eof", ++ }; + +- /* If this log message was generated due to an uncommon line break then mention this in the log +- * entry */ ++ const char *c = line_break_field_table[line_break]; + +- c = line_break == LINE_BREAK_NUL ? "_LINE_BREAK=nul" : +- line_break == LINE_BREAK_LINE_MAX ? "_LINE_BREAK=line-max" : +- "_LINE_BREAK=eof"; ++ /* If this log message was generated due to an uncommon line break then mention this in the log ++ * entry */ ++ if (c) + iovec[n++] = IOVEC_MAKE_STRING(c); +- } + + message = strjoin("MESSAGE=", p); + if (message) +-- +1.8.3.1 + diff --git a/0083-journald-rework-pid-change-handling.patch b/0083-journald-rework-pid-change-handling.patch new file mode 100644 index 0000000..b8edce4 --- /dev/null +++ b/0083-journald-rework-pid-change-handling.patch @@ -0,0 +1,230 @@ +From 45ba1ea5e9264d385fa565328fe957ef1d78caa1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 12 May 2020 18:56:34 +0200 +Subject: [PATCH] journald: rework pid change handling + +Let's introduce an explicit line ending marker for line endings due to +pid change. + +Let's also make sure we don't get confused with buffer management. + +Fixes: #15654 +--- + src/journal/journald-stream.c | 108 +++++++++++++++++++++++++++--------------- + 1 file changed, 69 insertions(+), 39 deletions(-) + +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c +index b86ed78..3219b14 100644 +--- a/src/journal/journald-stream.c ++++ b/src/journal/journald-stream.c +@@ -57,6 +57,7 @@ typedef enum LineBreak { + LINE_BREAK_NUL, + LINE_BREAK_LINE_MAX, + LINE_BREAK_EOF, ++ LINE_BREAK_PID_CHANGE, + _LINE_BREAK_MAX, + _LINE_BREAK_INVALID = -1, + } LineBreak; +@@ -313,6 +314,7 @@ static int stdout_stream_log( + [LINE_BREAK_NUL] = "_LINE_BREAK=nul", + [LINE_BREAK_LINE_MAX] = "_LINE_BREAK=line-max", + [LINE_BREAK_EOF] = "_LINE_BREAK=eof", ++ [LINE_BREAK_PID_CHANGE] = "_LINE_BREAK=pid-change", + }; + + const char *c = line_break_field_table[line_break]; +@@ -434,21 +436,43 @@ static int stdout_stream_line(StdoutStream *s, char *p, LineBreak line_break) { + assert_not_reached("Unknown stream state"); + } + +-static int stdout_stream_scan(StdoutStream *s, bool force_flush) { +- char *p; +- size_t remaining; ++static int stdout_stream_found( ++ StdoutStream *s, ++ char *p, ++ size_t l, ++ LineBreak line_break) { ++ ++ char saved; + int r; + + assert(s); ++ assert(p); ++ ++ /* Let's NUL terminate the specified buffer for this call, and revert back afterwards */ ++ saved = p[l]; ++ p[l] = 0; ++ r = stdout_stream_line(s, p, line_break); ++ p[l] = saved; + +- p = s->buffer; +- remaining = s->length; ++ return r; ++} ++ ++static int stdout_stream_scan( ++ StdoutStream *s, ++ char *p, ++ size_t remaining, ++ LineBreak force_flush, ++ size_t *ret_consumed) { + +- /* XXX: This function does nothing if (s->length == 0) */ ++ size_t consumed = 0; ++ int r; ++ ++ assert(s); ++ assert(p); + + for (;;) { + LineBreak line_break; +- size_t skip; ++ size_t skip, found; + char *end1, *end2; + + end1 = memchr(p, '\n', remaining); +@@ -456,43 +480,40 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) { + + if (end2) { + /* We found a NUL terminator */ +- skip = end2 - p + 1; ++ found = end2 - p; ++ skip = found + 1; + line_break = LINE_BREAK_NUL; + } else if (end1) { + /* We found a \n terminator */ +- *end1 = 0; +- skip = end1 - p + 1; ++ found = end1 - p; ++ skip = found + 1; + line_break = LINE_BREAK_NEWLINE; + } else if (remaining >= s->server->line_max) { + /* Force a line break after the maximum line length */ +- *(p + s->server->line_max) = 0; +- skip = remaining; ++ found = skip = s->server->line_max; + line_break = LINE_BREAK_LINE_MAX; + } else + break; + +- r = stdout_stream_line(s, p, line_break); ++ r = stdout_stream_found(s, p, found, line_break); + if (r < 0) + return r; + +- remaining -= skip; + p += skip; ++ consumed += skip; ++ remaining -= skip; + } + +- if (force_flush && remaining > 0) { +- p[remaining] = 0; +- r = stdout_stream_line(s, p, LINE_BREAK_EOF); ++ if (force_flush >= 0 && remaining > 0) { ++ r = stdout_stream_found(s, p, remaining, force_flush); + if (r < 0) + return r; + +- p += remaining; +- remaining = 0; ++ consumed += remaining; + } + +- if (p > s->buffer) { +- memmove(s->buffer, p, remaining); +- s->length = remaining; +- } ++ if (ret_consumed) ++ *ret_consumed = consumed; + + return 0; + } +@@ -500,11 +521,12 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) { + static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) { + uint8_t buf[CMSG_SPACE(sizeof(struct ucred))]; + StdoutStream *s = userdata; ++ size_t limit, consumed; + struct ucred *ucred = NULL; + struct cmsghdr *cmsg; + struct iovec iovec; +- size_t limit; + ssize_t l; ++ char *p; + int r; + + struct msghdr msghdr = { +@@ -532,7 +554,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, + /* Try to make use of the allocated buffer in full, but never read more than the configured line size. Also, + * always leave room for a terminating NUL we might need to add. */ + limit = MIN(s->allocated - 1, s->server->line_max); +- ++ assert(s->length <= limit); + iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length); + + l = recvmsg(s->fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); +@@ -546,7 +568,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, + cmsg_close_all(&msghdr); + + if (l == 0) { +- stdout_stream_scan(s, true); ++ (void) stdout_stream_scan(s, s->buffer, s->length, /* force_flush = */ LINE_BREAK_EOF, NULL); + goto terminate; + } + +@@ -558,30 +580,38 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, + break; + } + +- /* Invalidate the context if the pid of the sender changed. +- * This happens when a forked process inherits stdout / stderr +- * from a parent. In this case getpeercred returns the ucred +- * of the parent, which can be invalid if the parent has exited +- * in the meantime. +- */ ++ /* Invalidate the context if the PID of the sender changed. This happens when a forked process ++ * inherits stdout/stderr from a parent. In this case getpeercred() returns the ucred of the parent, ++ * which can be invalid if the parent has exited in the meantime. */ + if (ucred && ucred->pid != s->ucred.pid) { +- /* force out any previously half-written lines from a ++ /* Force out any previously half-written lines from a + * different process, before we switch to the new ucred + * structure for everything we just added */ +- r = stdout_stream_scan(s, true); ++ r = stdout_stream_scan(s, s->buffer, s->length, /* force_flush = */ LINE_BREAK_PID_CHANGE, NULL); + if (r < 0) + goto terminate; + +- s->ucred = *ucred; +- client_context_release(s->server, s->context); +- s->context = NULL; ++ s->context = client_context_release(s->server, s->context); ++ ++ p = s->buffer + s->length; ++ } else { ++ p = s->buffer; ++ l += s->length; + } + +- s->length += l; +- r = stdout_stream_scan(s, false); ++ /* Always copy in the new credentials */ ++ if (ucred) ++ s->ucred = *ucred; ++ ++ r = stdout_stream_scan(s, p, l, _LINE_BREAK_INVALID, &consumed); + if (r < 0) + goto terminate; + ++ /* Move what wasn't consumed to the front of the buffer */ ++ assert(consumed <= (size_t) l); ++ s->length = l - consumed; ++ memmove(s->buffer, p + consumed, s->length); ++ + return 1; + + terminate: +-- +1.8.3.1 + diff --git a/0084-journald-enforce-longer-line-length-limit-during-set.patch b/0084-journald-enforce-longer-line-length-limit-during-set.patch new file mode 100644 index 0000000..71aeae5 --- /dev/null +++ b/0084-journald-enforce-longer-line-length-limit-during-set.patch @@ -0,0 +1,104 @@ +From 4e071b5240a29842bc8acd0d7eb0b797f2812b8b Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Fri, 21 May 2021 17:55:38 +0800 +Subject: [PATCH] change + +--- + src/journal/journald-stream.c | 35 ++++++++++++++++++++++++++++------- + 1 file changed, 28 insertions(+), 7 deletions(-) + +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c +index 3219b14..fda75fb 100644 +--- a/src/journal/journald-stream.c ++++ b/src/journal/journald-stream.c +@@ -38,6 +38,12 @@ + + #define STDOUT_STREAMS_MAX 4096 + ++/* During the "setup" protocol phase of the stream logic let's define a different maximum line length than ++ * during the actual operational phase. We want to allow users to specify very short line lengths after all, ++ * but the unit name we embed in the setup protocol might be longer than that. Hence, during the setup phase ++ * let's enforce a line length matching the maximum unit name length (255) */ ++#define STDOUT_STREAM_SETUP_PROTOCOL_LINE_MAX (UNIT_NAME_MAX-1U) ++ + typedef enum StdoutStreamState { + STDOUT_STREAM_IDENTIFIER, + STDOUT_STREAM_UNIT_ID, +@@ -46,7 +52,7 @@ typedef enum StdoutStreamState { + STDOUT_STREAM_FORWARD_TO_SYSLOG, + STDOUT_STREAM_FORWARD_TO_KMSG, + STDOUT_STREAM_FORWARD_TO_CONSOLE, +- STDOUT_STREAM_RUNNING ++ STDOUT_STREAM_RUNNING, + } StdoutStreamState; + + /* The different types of log record terminators: a real \n was read, a NUL character was read, the maximum line length +@@ -457,6 +463,18 @@ static int stdout_stream_found( + return r; + } + ++static size_t stdout_stream_line_max(StdoutStream *s) { ++ assert(s); ++ ++ /* During the "setup" phase of our protocol, let's ensure we use a line length where a full unit name ++ * can fit in */ ++ if (s->state != STDOUT_STREAM_RUNNING) ++ return STDOUT_STREAM_SETUP_PROTOCOL_LINE_MAX; ++ ++ /* After the protocol's "setup" phase is complete, let's use whatever the user configured */ ++ return s->server->line_max; ++} ++ + static int stdout_stream_scan( + StdoutStream *s, + char *p, +@@ -464,19 +482,22 @@ static int stdout_stream_scan( + LineBreak force_flush, + size_t *ret_consumed) { + +- size_t consumed = 0; ++ size_t consumed = 0, line_max; + int r; + + assert(s); + assert(p); + ++ line_max = stdout_stream_line_max(s); ++ + for (;;) { + LineBreak line_break; + size_t skip, found; + char *end1, *end2; ++ size_t tmp_remaining = MIN(remaining, line_max); + +- end1 = memchr(p, '\n', remaining); +- end2 = memchr(p, 0, end1 ? (size_t) (end1 - p) : remaining); ++ end1 = memchr(p, '\n', tmp_remaining); ++ end2 = memchr(p, 0, end1 ? (size_t) (end1 - p) : tmp_remaining); + + if (end2) { + /* We found a NUL terminator */ +@@ -488,9 +509,9 @@ static int stdout_stream_scan( + found = end1 - p; + skip = found + 1; + line_break = LINE_BREAK_NEWLINE; +- } else if (remaining >= s->server->line_max) { ++ } else if (remaining >= line_max) { + /* Force a line break after the maximum line length */ +- found = skip = s->server->line_max; ++ found = skip = line_max; + line_break = LINE_BREAK_LINE_MAX; + } else + break; +@@ -553,7 +574,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, + + /* Try to make use of the allocated buffer in full, but never read more than the configured line size. Also, + * always leave room for a terminating NUL we might need to add. */ +- limit = MIN(s->allocated - 1, s->server->line_max); ++ limit = MIN(s->allocated - 1, MAX(s->server->line_max, STDOUT_STREAM_SETUP_PROTOCOL_LINE_MAX)); + assert(s->length <= limit); + iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length); + +-- +1.8.3.1 + diff --git a/systemd.spec b/systemd.spec index 9d73db7..b81d186 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 36 +Release: 37 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -124,6 +124,10 @@ Patch0077: 0077-backport-CVE-2018-21029-systemd-resolved-use-hostname-for-c Patch0078: 0078-backport-varlink-make-userdata-pointer-inheritance-from-varli.patch Patch0079: 0079-backport-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch Patch0080: 0080-backport-udev-net_id-don-t-generate-slot-based-names-if-multi.patch +Patch0081: 0081-journal-refresh-cached-credentials-of-stdout-streams.patch +Patch0082: 0082-journald-rework-end-of-line-marker-handling-to-use-a.patch +Patch0083: 0083-journald-rework-pid-change-handling.patch +Patch0084: 0084-journald-enforce-longer-line-length-limit-during-set.patch #openEuler Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch @@ -1509,28 +1513,34 @@ fi %exclude /usr/share/man/man3/* %changelog -* Mon May 31 2021 overweight - 246-36 +* Tue Jun 01 2021 fangxiuning - 243-37 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: journald: enforce longer line length limit during "setup" phase of stream protocol + +* Mon May 31 2021 overweight - 243-36 - fix patches name and patches num -* Thu May 27 2021 shenyangyang - 246-35 +* Thu May 27 2021 shenyangyang - 243-35 - Type:bugfix - ID:NA - SUG:NA - DESC:change requires to openssl-libs as post scripts systemctl requires libssl.so.1.1 -* Mon May 10 2021 shenyangyang - 246-34 +* Mon May 10 2021 shenyangyang - 243-34 - Type:bugfix - ID:NA - SUG:NA - DESC:backport from upstream to solve the problem when devices claim the same slot -* Fri Apr 02 2021 fangxiuning - 246-33 +* Fri Apr 02 2021 fangxiuning - 243-33 - Type:bugfix - ID:NA - SUG:NA - DESC:fix userdate double free -* Fri Jan 29 2021 overweight - 246-32 +* Fri Jan 29 2021 overweight - 243-32 - Type:cve - ID:CVE-2018-21029 - SUG:NA -- Gitee From dd6d57a5b2ce226f6adbce21d73a72d81661eda7 Mon Sep 17 00:00:00 2001 From: ExtinctFire Date: Thu, 3 Jun 2021 21:14:06 +0800 Subject: [PATCH 4/5] Fix migration from DynamicUser=yes to no. Signed-off-by: ExtinctFire --- ...migration-from-DynamicUser-yes-to-no.patch | 52 +++++++++++++++++++ systemd.spec | 9 +++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 backport-execute-Fix-migration-from-DynamicUser-yes-to-no.patch diff --git a/backport-execute-Fix-migration-from-DynamicUser-yes-to-no.patch b/backport-execute-Fix-migration-from-DynamicUser-yes-to-no.patch new file mode 100644 index 0000000..ac60fbc --- /dev/null +++ b/backport-execute-Fix-migration-from-DynamicUser-yes-to-no.patch @@ -0,0 +1,52 @@ +From 578dc69f2a60d6282acc2d06ce8a3bf8a9d8ada0 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 6 Mar 2020 15:56:28 +0900 +Subject: [PATCH 0007/6858] execute: Fix migration from DynamicUser=yes to no + +Closes #12131. +Reference: https://github.com/systemd/systemd/pull/15033/commits/578dc69f2a60d6282acc2d06ce8a3bf8a9d8ada0 +Conflict: remove the last arguement "NULL" of function "chase_symlinks" +--- + src/core/execute.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 4595bb12dc..46b5c99ada 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2247,7 +2247,7 @@ static int setup_exec_directory( + + if (type != EXEC_DIRECTORY_CONFIGURATION && + readlink_and_make_absolute(p, &target) >= 0) { +- _cleanup_free_ char *q = NULL; ++ _cleanup_free_ char *q = NULL, *q_resolved = NULL, *target_resolved = NULL; + + /* This already exists and is a symlink? Interesting. Maybe it's one created + * by DynamicUser=1 (see above)? +@@ -2256,13 +2256,22 @@ static int setup_exec_directory( + * since they all support the private/ symlink logic at least in some + * configurations, see above. */ + ++ r = chase_symlinks(target, NULL, 0, &target_resolved); ++ if (r < 0) ++ goto fail; ++ + q = path_join(params->prefix[type], "private", *rt); + if (!q) { + r = -ENOMEM; + goto fail; + } + +- if (path_equal(q, target)) { ++ /* /var/lib or friends may be symlinks. So, let's chase them also. */ ++ r = chase_symlinks(q, NULL, CHASE_NONEXISTENT, &q_resolved); ++ if (r < 0) ++ goto fail; ++ ++ if (path_equal(q_resolved, target_resolved)) { + + /* Hmm, apparently DynamicUser= was once turned on for this service, + * but is no longer. Let's move the directory back up. */ +-- +2.23.0 + diff --git a/systemd.spec b/systemd.spec index b81d186..1f8f1ce 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 37 +Release: 38 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -128,6 +128,7 @@ Patch0081: 0081-journal-refresh-cached-credentials-of-stdout-streams.patch Patch0082: 0082-journald-rework-end-of-line-marker-handling-to-use-a.patch Patch0083: 0083-journald-rework-pid-change-handling.patch Patch0084: 0084-journald-enforce-longer-line-length-limit-during-set.patch +Patch0085: backport-execute-Fix-migration-from-DynamicUser-yes-to-no.patch #openEuler Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch @@ -1513,6 +1514,12 @@ fi %exclude /usr/share/man/man3/* %changelog +* Thu Jun 03 2021 ExtinctFire - 243-38 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix migration from DynamicUser=yes to no. + * Tue Jun 01 2021 fangxiuning - 243-37 - Type:bugfix - ID:NA -- Gitee From 20f2f49198efc6b432f02d754b3bd567e9953665 Mon Sep 17 00:00:00 2001 From: yangmingtaip Date: Wed, 21 Jul 2021 15:55:52 +0800 Subject: [PATCH 5/5] fix CVE-2021-33910 --- 0086-fix-CVE-2021-33910.patch | 72 +++++++++++++++++++++++++++++++++++ systemd.spec | 9 ++++- 2 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 0086-fix-CVE-2021-33910.patch diff --git a/0086-fix-CVE-2021-33910.patch b/0086-fix-CVE-2021-33910.patch new file mode 100644 index 0000000..d4b7ed3 --- /dev/null +++ b/0086-fix-CVE-2021-33910.patch @@ -0,0 +1,72 @@ +From 441e0115646d54f080e5c3bb0ba477c892861ab9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 23 Jun 2021 11:46:41 +0200 +Subject: [PATCH] basic/unit-name: do not use strdupa() on a path + +The path may have unbounded length, for example through a fuse mount. + +CVE-2021-33910: attacked controlled alloca() leads to crash in systemd +and +ultimately a kernel panic. Systemd parses the content of +/proc/self/mountinfo +and each mountpoint is passed to mount_setup_unit(), which calls +unit_name_path_escape() underneath. A local attacker who is able to +mount a +filesystem with a very long path can crash systemd and the whole system. + +https://bugzilla.redhat.com/show_bug.cgi?id=1970887 + +The resulting string length is bounded by UNIT_NAME_MAX, which is 256. +But we +can't easily check the length after simplification before doing the +simplification, which in turns uses a copy of the string we can write +to. +So we can't reject paths that are too long before doing the duplication. +Hence the most obvious solution is to switch back to strdup(), as before +7410616cd9dbbec97cf98d75324da5cda2b2f7a2. + +https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9 + +--- + src/basic/unit-name.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c +index 4226f30..1b01af6 100644 +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -370,12 +370,13 @@ int unit_name_unescape(const char *f, char **ret) { + } + + int unit_name_path_escape(const char *f, char **ret) { +- char *p, *s; ++ _cleanup_free_ char *p = NULL; ++ char *s; + + assert(f); + assert(ret); + +- p = strdupa(f); ++ p = strdup(f); + if (!p) + return -ENOMEM; + +@@ -387,13 +388,9 @@ int unit_name_path_escape(const char *f, char **ret) { + if (!path_is_normalized(p)) + return -EINVAL; + +- /* Truncate trailing slashes */ ++ /* Truncate trailing slashes and skip leading slashes */ + delete_trailing_chars(p, "/"); +- +- /* Truncate leading slashes */ +- p = skip_leading_chars(p, "/"); +- +- s = unit_name_escape(p); ++ s = unit_name_escape(skip_leading_chars(p, "/")); + } + if (!s) + return -ENOMEM; +-- +2.23.0 + diff --git a/systemd.spec b/systemd.spec index 1f8f1ce..6afeb9f 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 38 +Release: 39 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -129,6 +129,7 @@ Patch0082: 0082-journald-rework-end-of-line-marker-handling-to-use-a.patch Patch0083: 0083-journald-rework-pid-change-handling.patch Patch0084: 0084-journald-enforce-longer-line-length-limit-during-set.patch Patch0085: backport-execute-Fix-migration-from-DynamicUser-yes-to-no.patch +Patch0086: 0086-fix-CVE-2021-33910.patch #openEuler Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch @@ -1514,6 +1515,12 @@ fi %exclude /usr/share/man/man3/* %changelog +* Wed Jul 21 2021 yangmingtai - 243-39 +- Type:cve +- ID:CVE-2021-33910 +- SUG:NA +- DESC: fix CVE-2021-33910 + * Thu Jun 03 2021 ExtinctFire - 243-38 - Type:bugfix - ID:NA -- Gitee