diff --git a/SOURCES/9000-core-reorder-systemd-arguments-on-reexec.patch b/SOURCES/9000-core-reorder-systemd-arguments-on-reexec.patch new file mode 100644 index 0000000..8db7c01 --- /dev/null +++ b/SOURCES/9000-core-reorder-systemd-arguments-on-reexec.patch @@ -0,0 +1,57 @@ +From dcc55e1b0930c6db277e87b8a521e82f3d0f74c3 Mon Sep 17 00:00:00 2001 +From: Andrew Lukoshko +Date: Thu, 17 Oct 2024 10:19:25 +0000 +Subject: [PATCH] core: reorder systemd arguments on reexec + +When reexecuting system let's put our arguments carrying deserialization +info first followed by any existing arguments to make sure they get +parsed in case we get weird stuff from the kernel cmdline (like --). + +See: https://github.com/systemd/systemd/issues/28184 +--- + src/core/main.c | 6 +++++- + test/TEST-01-BASIC/test.sh | 5 +++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index e7b8e98..6df29f3 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1813,13 +1813,17 @@ static int do_reexecute( + xsprintf(sfd, "%i", fileno(arg_serialization)); + + i = 1; /* Leave args[0] empty for now. */ +- filter_args(args, &i, argv, argc); + ++ /* Put our stuff first to make sure it always gets parsed in case ++ * we get weird stuff from the kernel cmdline (like --) */ + if (switch_root_dir) + args[i++] = "--switched-root"; + args[i++] = arg_system ? "--system" : "--user"; + args[i++] = "--deserialize"; + args[i++] = sfd; ++ ++ filter_args(args, &i, argv, argc); ++ + args[i++] = NULL; + + assert(i <= args_size); +diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh +index cc6d065..d0e714a 100755 +--- a/test/TEST-01-BASIC/test.sh ++++ b/test/TEST-01-BASIC/test.sh +@@ -8,6 +8,11 @@ RUN_IN_UNPRIVILEGED_CONTAINER=${RUN_IN_UNPRIVILEGED_CONTAINER:-yes} + TEST_REQUIRE_INSTALL_TESTS=0 + TEST_SUPPORTING_SERVICES_SHOULD_BE_MASKED=0 + ++# Check if we can correctly deserialize if the kernel cmdline contains "weird" stuff ++# like an invalid argument, "end of arguments" separator, or a sysvinit argument (-z) ++# See: https://github.com/systemd/systemd/issues/28184 ++KERNEL_APPEND="foo -- -z bar --- baz $KERNEL_APPEND" ++ + # shellcheck source=test/test-functions + . "${TEST_BASE_DIR:?}/test-functions" + +-- +2.43.5 + diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 0dfcb30..8fe101f 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -21,7 +21,7 @@ Name: systemd Url: https://systemd.io Version: 252 -Release: 51%{?dist} +Release: 51%{?dist}.alma.1 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -1194,6 +1194,9 @@ Patch1108: 1108-Fix-failing-test.patch Patch1109: 1109-unit-don-t-gc-unit-in-oom-queue.patch Patch1110: 1110-core-do-not-GC-units-jobs-that-are-in-the-D-Bus-queu.patch +# AlmaLinux Patch +Patch9000: 9000-core-reorder-systemd-arguments-on-reexec.patch + # Downstream-only patches (9000–9999) %ifarch %{ix86} x86_64 aarch64 @@ -1637,9 +1640,9 @@ CONFIGURE_OPTS=( -Duserdb=false -Dportabled=false -Dnetworkd=false - -Dsupport-url=https://access.redhat.com/support + -Dsupport-url=https://wiki.almalinux.org/Help-and-Support # https://issues.redhat.com/browse/RHEL-16810 - -Dsbat-distro-url=mailto:secalert@redhat.com + -Dsbat-distro-url=mailto:security@almalinux.org -Ddefault-net-naming-scheme=rhel-9.0 -Dukify=true ) @@ -2070,6 +2073,10 @@ systemd-hwdb update &>/dev/null || : %{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/* %changelog +* Tue Mar 11 2025 Andrew Lukoshko - 252-51.alma.1 +- core: reorder systemd arguments on reexe +- Debrand for AlmaLinux + * Tue Jan 28 2025 systemd maintenance team - 252-51 - ci: use ubuntu 22:04 for deploy of man pages (RHEL-70884) - man/tmpfiles: fix off-by-one in example (RHEL-74015)