Patches for the journal CVEs and various other fixes

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-01-11 13:35:20 +01:00
parent ea91d39bdd
commit 0214da5fc8
5 changed files with 12 additions and 123 deletions

View File

@ -1,55 +0,0 @@
From 847364f5123f108884f8c59fb05d7ff941693dfb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 21 Dec 2018 22:49:53 +0100
Subject: [PATCH] test-json: check absolute and relative difference in floating
point test
The test fails under valgrind, so there was an exception for valgrind.
Unfortunately that check only works when valgrind-devel headers are
available during build. But it is possible to have just valgrind installed,
or simply install it after the build, and then "valgrind test-json" would
fail.
It also seems that even without valgrind, this fails on some arm32 CPUs.
Let's do the usual-style test for absolute and relative differences.
---
src/test/test-json.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/src/test/test-json.c b/src/test/test-json.c
index 5aa4d19dbe..cd6269f798 100644
--- a/src/test/test-json.c
+++ b/src/test/test-json.c
@@ -1,9 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#include <math.h>
-#if HAVE_VALGRIND_VALGRIND_H
-#include <valgrind/valgrind.h>
-#endif
#include "alloc-util.h"
#include "fd-util.h"
@@ -45,12 +42,13 @@ static void test_tokenizer(const char *data, ...) {
d = va_arg(ap, long double);
-#if HAVE_VALGRIND_VALGRIND_H
- if (!RUNNING_ON_VALGRIND)
-#endif
- /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
- * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits */
- assert_se(fabsl(d - v.real) < 0.001L);
+ /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
+ * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits.
+ * Some architectures might not support long double either.
+ */
+
+ assert_se(fabsl(d - v.real) < 1e-10 ||
+ fabsl((d - v.real) / v.real) < 1e-10);
} else if (t == JSON_TOKEN_INTEGER) {
intmax_t i;
--
2.19.2

View File

@ -1,33 +0,0 @@
From 1f17a35ef85e943965ffafe2ef6eebd98d6b917a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 22 Dec 2018 19:39:51 +0900
Subject: [PATCH 3/4] Revert "sd-device: ignore bind/unbind events for now"
This reverts commit 56c886dc7ed5b2bb0882ba85136f4070545bfc1b.
---
src/libsystemd/sd-device/device-private.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c
index 01a5aa3d3f..36beb3e7df 100644
--- a/src/libsystemd/sd-device/device-private.c
+++ b/src/libsystemd/sd-device/device-private.c
@@ -326,15 +326,6 @@ static int device_append(sd_device *device, char *key, const char **_major, cons
action = device_action_from_string(value);
if (action == _DEVICE_ACTION_INVALID)
return -EINVAL;
- /* FIXME: remove once we no longer flush previuos state for each action */
- if (action == DEVICE_ACTION_BIND || action == DEVICE_ACTION_UNBIND) {
- static bool warned;
- if (!warned) {
- log_device_debug(device, "sd-device: ignoring actions 'bind' and 'unbind'");
- warned = true;
- }
- return -EINVAL;
- }
} else if (streq(key, "SEQNUM")) {
r = safe_atou64(value, &seqnum);
if (r < 0)
--
2.19.2

View File

@ -1,27 +0,0 @@
From 6d243cc3e79fa1b4de4388661c9318d17a3d9d1a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 22 Dec 2018 19:49:47 +0900
Subject: [PATCH 4/4] Revert "udevd: configure a child process name for worker
processes"
This reverts commit 49f3ee7e74c714f55aab395c080b1099fc17f7fd.
---
src/udev/udevd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index fb8724ea87..ec77bd4a71 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -534,7 +534,7 @@ static int worker_spawn(Manager *manager, struct event *event) {
if (r < 0)
return log_error_errno(r, "Worker: Failed to enable receiving of device: %m");
- r = safe_fork("(worker)", FORK_DEATHSIG, &pid);
+ r = safe_fork(NULL, FORK_DEATHSIG, &pid);
if (r < 0) {
event->state = EVENT_QUEUED;
return log_error_errno(r, "Failed to fork() worker: %m");
--
2.19.2

View File

@ -1 +1 @@
SHA512 (systemd-240.tar.gz) = da7467781b16f65d868931ae88fd07554db61542aec7f11dbec9f7279b529f900301edfea2d3813ddb64eeb3fdcfb7be86e540c65212dd7cfdcdebbc80de2ff5 SHA512 (systemd-f02b547.tar.gz) = a7d774ed00d572eb2d9313ff25a09c707112443020d173d4d350bdb9b269fcef519da8efc2d93b3b72f4ebdd3ff295716e2f640f8c1e679cb24b26e71fca56ee

View File

@ -1,7 +1,7 @@
#global commit a188229ade906a1374efea4d1851b510d6216c38 %global commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
#global stable 1 %global stable 1
# We ship a .pc file but don't want to have a dep on pkg-config. We # We ship a .pc file but don't want to have a dep on pkg-config. We
# strip the automatically generated dep here and instead co-own the # strip the automatically generated dep here and instead co-own the
@ -14,8 +14,8 @@
Name: systemd Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 240%{?commit:~0.git%{shortcommit}} Version: 240
Release: 2%{?dist} Release: 3%{?commit:.git%{shortcommit}}%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -50,10 +50,7 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
%endif %endif
Patch0001: 0001-test-json-check-absolute-and-relative-difference-in-.patch
Patch0002: 0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch Patch0002: 0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch
Patch0003: 0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch
Patch0004: 0004-Revert-udevd-configure-a-child-process-name-for-work.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
@ -688,6 +685,13 @@ fi
%files tests -f .file-list-tests %files tests -f .file-list-tests
%changelog %changelog
* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-3.gitf02b547
- systemd-journald and systemd-journal-remote reject entries which
contain too many fields (CVE-2018-16865, #1664973) and set limits on the
process' command line length (CVE-2018-16864, #1664972)
- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857)
- A fix for systemd-udevd crash (#1662303)
* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-2 * Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-2
- Add two more patches that revert recent udev changes - Add two more patches that revert recent udev changes