rpms/systemd
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-69.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-11-11 04:15:31 +00:00 committed by Stepan Oksanichenko
parent c1ce3660b6
commit a6a51e8d0a
8 changed files with 646 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
SOURCES/0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch Normal file
View File

@ -0,0 +1,59 @@
From 5f69ba3919d32ed93c68bb6b8b70a516f2bb56a8 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 16 Aug 2022 14:34:49 +0200
Subject: [PATCH] ci(lint): add shell linter - Differential ShellCheck
It performs differential ShellCheck scans and report results directly in
pull request.
documentation:
https://github.com/redhat-plumbers-in-action/differential-shellcheck
(inspired by commit
https://github.com/systemd/systemd/commit/3f3c718e79abdac698ae90de5cd4c0560a0a75d4)
RHEL-only
Related: #2122499
---
.github/workflows/differential-shellcheck.yml | 31 +++++++++++++++++++
1 file changed, 31 insertions(+)
create mode 100644 .github/workflows/differential-shellcheck.yml
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
new file mode 100644
index 0000000000..fa94679b51
--- /dev/null
+++ b/.github/workflows/differential-shellcheck.yml
@@ -0,0 +1,31 @@
+---
+# https://github.com/redhat-plumbers-in-action/differential-shellcheck#readme
+
+name: Differential ShellCheck
+on:
+ pull_request:
+ branches:
+ - master
+ - rhel-8.*.0
+
+permissions:
+ contents: read
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+
+ permissions:
+ security-events: write
+ pull-requests: write
+
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Differential ShellCheck
+ uses: redhat-plumbers-in-action/differential-shellcheck@v3
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}

34
SOURCES/0833-meson-do-not-compare-objects-of-different-types.patch Normal file
View File

@ -0,0 +1,34 @@
From deb09b3bd826571149f6b018f3a3ff8a33cd104b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 28 Jun 2018 16:09:04 +0900
Subject: [PATCH] meson: do not compare objects of different types
This fixes the following warning:
```
meson.build:1140: WARNING: Trying to compare values of different types (DependencyHolder, list) using !=.
The result of this is undefined and will become a hard error in a future Meson release.
```
Follow-up for f02582f69fe1e7663a87ba80bd4f90d5d23ee75f(#9410).
(cherry picked from commit 48f5da19b6e8f0d05f5217bc9856093d354ce5d0)
Related: #2122499
---
meson.build | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 6729a9ea5e..af4cf331da 100644
--- a/meson.build
+++ b/meson.build
@@ -1165,7 +1165,8 @@ substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
dns_over_tls = get_option('dns-over-tls')
if dns_over_tls != 'false'
- have = libgnutls != [] and libgnutls.version().version_compare('>=3.5.3')
+ have = (conf.get('HAVE_GNUTLS') == 1 and
+ libgnutls.version().version_compare('>=3.5.3'))
if dns_over_tls == 'true' and not have
error('DNS-over-TLS support was requested, but dependencies are not available')
endif

48
SOURCES/0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch Normal file
View File

@ -0,0 +1,48 @@
From ea9b3a664f5e67d0ee6b0bf6ca362835ae11fedc Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 20 Dec 2021 20:48:32 +0900
Subject: [PATCH] journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as
MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74
(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67)
Related: #2122499
---
src/journal-remote/journal-remote-main.c | 2 +-
src/journal-remote/microhttpd-util.h | 10 +++++++---
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 47fe9d7433..bcaa370099 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -304,7 +304,7 @@ static int request_handler(
/* When serialized, an entry of maximum size might be slightly larger,
* so this does not correspond exactly to the limit in journald. Oh well.
*/
- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
+ return mhd_respondf(connection, 0, MHD_HTTP_CONTENT_TOO_LARGE,
"Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
}
diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
index 26909082a1..dd0ca1d9bd 100644
--- a/src/journal-remote/microhttpd-util.h
+++ b/src/journal-remote/microhttpd-util.h
@@ -38,9 +38,13 @@
# define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE
#endif
-/* Renamed in µhttpd 0.9.53 */
-#ifndef MHD_HTTP_PAYLOAD_TOO_LARGE
-# define MHD_HTTP_PAYLOAD_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE
+/* Renamed in µhttpd 0.9.74 (8c644fc1f4d498ea489add8d40a68f5d3e5899fa) */
+#ifndef MHD_HTTP_CONTENT_TOO_LARGE
+# ifdef MHD_HTTP_PAYLOAD_TOO_LARGE
+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_PAYLOAD_TOO_LARGE /* 0.9.53 or newer */
+# else
+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE
+# endif
#endif
#if MHD_VERSION < 0x00094203

71
SOURCES/0835-Fix-build-with-httpd-0.9.71.patch Normal file
View File

@ -0,0 +1,71 @@
From ca86de228e19cea268ec3eeabc9097d7c28fbf24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 30 Jun 2020 09:56:10 +0200
Subject: [PATCH] =?UTF-8?q?Fix=20build=20with=20=C2=B5httpd=200.9.71?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The return type of callbacks was changed from int to an enum.
(cherry picked from commit d17eabb1052e7c8c432331a7a782845e36164f01)
Related: #2122499
---
src/journal-remote/journal-gatewayd.c | 4 ++--
src/journal-remote/journal-remote-main.c | 2 +-
src/journal-remote/microhttpd-util.h | 6 ++++++
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 54446ff7b5..3ff05a4d72 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -338,7 +338,7 @@ static int request_parse_range(
return 0;
}
-static int request_parse_arguments_iterator(
+static mhd_result request_parse_arguments_iterator(
void *cls,
enum MHD_ValueKind kind,
const char *key,
@@ -795,7 +795,7 @@ static int request_handler_machine(
return MHD_queue_response(connection, MHD_HTTP_OK, response);
}
-static int request_handler(
+static mhd_result request_handler(
void *cls,
struct MHD_Connection *connection,
const char *url,
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index bcaa370099..a1008db6eb 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -241,7 +241,7 @@ static int process_http_upload(
return mhd_respond(connection, MHD_HTTP_ACCEPTED, "OK.");
};
-static int request_handler(
+static mhd_result request_handler(
void *cls,
struct MHD_Connection *connection,
const char *url,
diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
index dd0ca1d9bd..792c07ac20 100644
--- a/src/journal-remote/microhttpd-util.h
+++ b/src/journal-remote/microhttpd-util.h
@@ -51,6 +51,12 @@
# define MHD_create_response_from_fd_at_offset64 MHD_create_response_from_fd_at_offset
#endif
+#if MHD_VERSION >= 0x00097002
+# define mhd_result enum MHD_Result
+#else
+# define mhd_result int
+#endif
+
void microhttpd_logger(void *arg, const char *fmt, va_list ap) _printf_(2, 0);
/* respond_oom() must be usable with return, hence this form. */

303
SOURCES/0836-ci-replace-LGTM-with-CodeQL.patch Normal file
View File

@ -0,0 +1,303 @@
From 2b1dbcab1af1a22f3a46fa23aa551a7394673938 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 15 Sep 2022 15:29:23 +0200
Subject: [PATCH] ci: replace LGTM with CodeQL
As LGTM is going to be shut down by EOY, let's use CodeQL instead.
This is loosely based on upstream's CodeQL configs with some minor
tweaks to avoid backporting tons of unrelated commits.
rhel-only
Related: #2122499
---
.github/codeql-config.yml | 12 ++++
.github/codeql-custom.qls | 44 ++++++++++++
.../PotentiallyDangerousFunction.ql | 3 +
.../UninitializedVariableWithCleanup.ql | 16 ++---
.github/codeql-queries/qlpack.yml | 11 +++
.github/workflows/codeql.yml | 68 +++++++++++++++++++
.lgtm.yml | 37 ----------
7 files changed, 146 insertions(+), 45 deletions(-)
create mode 100644 .github/codeql-config.yml
create mode 100644 .github/codeql-custom.qls
rename {.lgtm/cpp-queries => .github/codeql-queries}/PotentiallyDangerousFunction.ql (93%)
rename {.lgtm/cpp-queries => .github/codeql-queries}/UninitializedVariableWithCleanup.ql (86%)
create mode 100644 .github/codeql-queries/qlpack.yml
create mode 100644 .github/workflows/codeql.yml
delete mode 100644 .lgtm.yml
diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
new file mode 100644
index 0000000000..7c01d32caa
--- /dev/null
+++ b/.github/codeql-config.yml
@@ -0,0 +1,12 @@
+---
+# vi: ts=2 sw=2 et:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+name: "CodeQL config"
+
+disable-default-queries: false
+
+queries:
+ - name: Enable possibly useful queries which are disabled by default
+ uses: ./.github/codeql-custom.qls
+ - name: systemd-specific CodeQL queries
+ uses: ./.github/codeql-queries/
diff --git a/.github/codeql-custom.qls b/.github/codeql-custom.qls
new file mode 100644
index 0000000000..d35fbe3114
--- /dev/null
+++ b/.github/codeql-custom.qls
@@ -0,0 +1,44 @@
+---
+# vi: ts=2 sw=2 et syntax=yaml:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# Note: it is not recommended to directly reference the respective queries from
+# the github/codeql repository, so we have to "dance" around it using
+# a custom QL suite
+# See:
+# - https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#running-additional-queries
+# - https://github.com/github/codeql-action/issues/430#issuecomment-806092120
+# - https://codeql.github.com/docs/codeql-cli/creating-codeql-query-suites/
+
+# Note: the codeql/<lang>-queries pack name can be found in the CodeQL repo[0]
+# in <lang>/ql/src/qlpack.yml. The respective codeql-suites are then
+# under <lang>/ql/src/codeql-suites/.
+#
+# [0] https://github.com/github/codeql
+- import: codeql-suites/cpp-lgtm.qls
+ from: codeql/cpp-queries
+- import: codeql-suites/python-lgtm.qls
+ from: codeql/python-queries
+- include:
+ id:
+ - cpp/bad-strncpy-size
+ - cpp/declaration-hides-variable
+ - cpp/include-non-header
+ - cpp/inconsistent-null-check
+ - cpp/mistyped-function-arguments
+ - cpp/nested-loops-with-same-variable
+ - cpp/sizeof-side-effect
+ - cpp/suspicious-pointer-scaling
+ - cpp/suspicious-pointer-scaling-void
+ - cpp/suspicious-sizeof
+ - cpp/unsafe-strcat
+ - cpp/unsafe-strncat
+ - cpp/unsigned-difference-expression-compared-zero
+ - cpp/unused-local-variable
+ tags:
+ - "security"
+ - "correctness"
+ severity: "error"
+- exclude:
+ id:
+ - cpp/fixme-comment
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.github/codeql-queries/PotentiallyDangerousFunction.ql
similarity index 93%
rename from .lgtm/cpp-queries/PotentiallyDangerousFunction.ql
rename to .github/codeql-queries/PotentiallyDangerousFunction.ql
index 39e8dddd13..63fd14e75f 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.github/codeql-queries/PotentiallyDangerousFunction.ql
@@ -46,6 +46,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
) or (
f.getQualifiedName() = "accept" and
message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
+ ) or (
+ f.getQualifiedName() = "dirname" and
+ message = "Call dirname() is icky. Use path_extract_directory() instead."
)
}
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.github/codeql-queries/UninitializedVariableWithCleanup.ql
similarity index 86%
rename from .lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
rename to .github/codeql-queries/UninitializedVariableWithCleanup.ql
index 6b3b62f8bc..e514111f28 100644
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ b/.github/codeql-queries/UninitializedVariableWithCleanup.ql
@@ -50,16 +50,16 @@ class UninitialisedLocalReachability extends StackVariableReachability {
* fun(&x);
* puts(x);
*
- * `useOfVarActual()` won't treat this an an uninitialized read even if the callee
+ * `useOfVarActual()` won't treat this as an uninitialized read even if the callee
* doesn't modify the argument, however, `useOfVar()` will
*/
override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
- // only report the _first_ possibly uninitialized use
+ /* only report the _first_ possibly uninitialized use */
useOfVar(v, node) or
(
- /* If there's an return statement somewhere between the variable declaration
+ /* If there's a return statement somewhere between the variable declaration
* and a possible definition, don't accept is as a valid initialization.
*
* E.g.:
@@ -71,7 +71,7 @@ class UninitialisedLocalReachability extends StackVariableReachability {
* x = malloc(...);
*
* is not a valid initialization, since we might return from the function
- * _before_ the actual iniitialization (emphasis on _might_, since we
+ * _before_ the actual initialization (emphasis on _might_, since we
* don't know if the return statement might ever evaluate to true).
*/
definitionBarrier(v, node) and
@@ -92,14 +92,14 @@ predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosing
* for this check to exclude them.
*/
VariableAccess commonException() {
- // If the uninitialized use we've found is in a macro expansion, it's
- // typically something like va_start(), and we don't want to complain.
+ /* If the uninitialized use we've found is in a macro expansion, it's
+ * typically something like va_start(), and we don't want to complain. */
result.getParent().isInMacroExpansion()
or
result.getParent() instanceof BuiltInOperation
or
- // Finally, exclude functions that contain assembly blocks. It's
- // anyone's guess what happens in those.
+ /* Finally, exclude functions that contain assembly blocks. It's
+ * anyone's guess what happens in those. */
containsInlineAssembly(result.getEnclosingFunction())
}
diff --git a/.github/codeql-queries/qlpack.yml b/.github/codeql-queries/qlpack.yml
new file mode 100644
index 0000000000..a1a2dec6d6
--- /dev/null
+++ b/.github/codeql-queries/qlpack.yml
@@ -0,0 +1,11 @@
+---
+# vi: ts=2 sw=2 et syntax=yaml:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+library: false
+name: systemd/cpp-queries
+version: 0.0.1
+dependencies:
+ codeql/cpp-all: "*"
+ codeql/suite-helpers: "*"
+extractor: cpp
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000000..c5426d5686
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,68 @@
+---
+# vi: ts=2 sw=2 et:
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+name: "CodeQL"
+
+on:
+ pull_request:
+ branches:
+ - master
+ - rhel-*
+ paths:
+ - '**/meson.build'
+ - '.github/**/codeql*'
+ - 'src/**'
+ - 'test/**'
+ - 'tools/**'
+ push:
+ branches:
+ - master
+ - rhel-*
+
+permissions:
+ contents: read
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-22.04
+ concurrency:
+ group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
+ cancel-in-progress: true
+ permissions:
+ actions: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: ['cpp', 'python']
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ config-file: ./.github/codeql-config.yml
+
+ - name: Install dependencies
+ if: matrix.language == 'cpp'
+ run: |
+ echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
+ sudo apt-get -y update
+ sudo apt-get -y build-dep systemd
+ sudo apt-get -y install libfdisk-dev libpwquality-dev libqrencode-dev libssl-dev libxkbcommon-dev libzstd-dev
+
+ - name: Build
+ if: matrix.language == 'cpp'
+ run: |
+ # EL 8 systemd fails to build with newer gnu-efi (3.0.13 on Ubuntu Jammy ATTOW)
+ meson build -Dlibiptc=false -Dgnu-efi=false
+ ninja -C build -v
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
diff --git a/.lgtm.yml b/.lgtm.yml
deleted file mode 100644
index fe93957b67..0000000000
--- a/.lgtm.yml
+++ /dev/null
@@ -1,37 +0,0 @@
----
-# vi: ts=2 sw=2 et:
-
-# Explicitly enable certain checks which are hidden by default
-queries:
- - include: cpp/bad-strncpy-size
- - include: cpp/declaration-hides-variable
- - include: cpp/inconsistent-null-check
- - include: cpp/mistyped-function-arguments
- - include: cpp/nested-loops-with-same-variable
- - include: cpp/sizeof-side-effect
- - include: cpp/suspicious-pointer-scaling
- - include: cpp/suspicious-pointer-scaling-void
- - include: cpp/suspicious-sizeof
- - include: cpp/unsafe-strcat
- - include: cpp/unsafe-strncat
- - include: cpp/unsigned-difference-expression-compared-zero
- - include: cpp/unused-local-variable
- - include:
- tags:
- - "security"
- - "correctness"
- severity: "error"
-
-extraction:
- cpp:
- prepare:
- packages:
- - python3-pip
- - python3-setuptools
- - python3-wheel
- after_prepare:
- - pip3 install meson
- - export PATH="$HOME/.local/bin/:$PATH"
- python:
- python_setup:
- version: 3

71
SOURCES/0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch Normal file
View File

@ -0,0 +1,71 @@
From 4c241b812ea79f3faa02c45f95834842c7847b76 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 21 Sep 2022 15:14:26 +0200
Subject: [PATCH] ci(mergify): Update policy - Drop LGTM checks
rhel-only
Related: #2122499
---
.github/workflows/differential-shellcheck.yml | 1 +
.mergify.yml | 28 ++++++-------------
2 files changed, 9 insertions(+), 20 deletions(-)
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
index fa94679b51..4399f0bc64 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -13,6 +13,7 @@ permissions:
jobs:
lint:
+ name: Differential ShellCheck
runs-on: ubuntu-latest
permissions:
diff --git a/.mergify.yml b/.mergify.yml
index 3afd04f18e..a5eed6a82a 100644
--- a/.mergify.yml
+++ b/.mergify.yml
@@ -11,16 +11,10 @@ pull_request_rules:
- -check-success=build (stream8, GCC_ASAN)
# CentOS Stream CI
- -check-success=CentOS CI (CentOS Stream 8)
- # LGTM
- - and:
- - "-check-success=LGTM analysis: JavaScript"
- - "-check-neutral=LGTM analysis: JavaScript"
- - and:
- - "-check-success=LGTM analysis: Python"
- - "-check-neutral=LGTM analysis: Python"
- - and:
- - "-check-success=LGTM analysis: C/C++"
- - "-check-neutral=LGTM analysis: C/C++"
+ # CodeQL
+ - -check-success=CodeQL
+ # Other
+ - -check-success=Differential ShellCheck
actions:
label:
add:
@@ -36,16 +30,10 @@ pull_request_rules:
- check-success=build (stream8, GCC_ASAN)
# CentOS Stream CI
- check-success=CentOS CI (CentOS Stream 8)
- # LGTM
- - or:
- - "check-success=LGTM analysis: JavaScript"
- - "check-neutral=LGTM analysis: JavaScript"
- - or:
- - "check-success=LGTM analysis: Python"
- - "check-neutral=LGTM analysis: Python"
- - or:
- - "check-success=LGTM analysis: C/C++"
- - "check-neutral=LGTM analysis: C/C++"
+ # CodeQL
+ - check-success=CodeQL
+ # Other
+ - check-success=Differential ShellCheck
actions:
label:
remove:

44
SOURCES/0838-time-util-fix-buffer-over-run.patch Normal file
View File

@ -0,0 +1,44 @@
From a521f942d5c304bca7c61bacb3c79e565853718e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 7 Jul 2022 18:27:02 +0900
Subject: [PATCH] time-util: fix buffer-over-run
Fixes #23928.
(cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e)
Resolves: #2139391
---
src/basic/time-util.c | 2 +-
src/test/test-time-util.c | 5 +++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/basic/time-util.c b/src/basic/time-util.c
index c36e462193..d46d884be5 100644
--- a/src/basic/time-util.c
+++ b/src/basic/time-util.c
@@ -515,7 +515,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) {
t = b;
}
- n = MIN((size_t) k, l);
+ n = MIN((size_t) k, l-1);
l -= n;
p += n;
diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
index 354a01dd1a..6ebde4153c 100644
--- a/src/test/test-time-util.c
+++ b/src/test/test-time-util.c
@@ -187,6 +187,11 @@ static void test_format_timespan(usec_t accuracy) {
test_format_timespan_one(500 * USEC_PER_MSEC, accuracy);
test_format_timespan_one(9*USEC_PER_YEAR/5 - 23, accuracy);
test_format_timespan_one(USEC_INFINITY, accuracy);
+
+ /* See issue #23928. */
+ _cleanup_free_ char *buf;
+ assert_se(buf = new(char, 5));
+ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
}
static void test_timezone_is_valid(void) {

18
SPECS/systemd.spec
View File

@ -13,7 +13,7 @@
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239 Version: 239
Release: 68%{?dist} Release: 69%{?dist}
# For a breakdown of the licensing, see README # For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+ License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -881,6 +881,13 @@ Patch0828: 0828-core-load-fragment-move-config_parse_sec_fix_0-to-sr.patch
Patch0829: 0829-sd-event-add-relative-timer-calls.patch Patch0829: 0829-sd-event-add-relative-timer-calls.patch
Patch0830: 0830-logind-add-option-to-stop-idle-sessions-after-specif.patch Patch0830: 0830-logind-add-option-to-stop-idle-sessions-after-specif.patch
Patch0831: 0831-logind-schedule-idle-check-full-interval-from-now-if.patch Patch0831: 0831-logind-schedule-idle-check-full-interval-from-now-if.patch
Patch0832: 0832-ci-lint-add-shell-linter-Differential-ShellCheck.patch
Patch0833: 0833-meson-do-not-compare-objects-of-different-types.patch
Patch0834: 0834-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch
Patch0835: 0835-Fix-build-with-httpd-0.9.71.patch
Patch0836: 0836-ci-replace-LGTM-with-CodeQL.patch
Patch0837: 0837-ci-mergify-Update-policy-Drop-LGTM-checks.patch
Patch0838: 0838-time-util-fix-buffer-over-run.patch
%ifarch %{ix86} x86_64 aarch64 %ifarch %{ix86} x86_64 aarch64
%global have_gnu_efi 1 %global have_gnu_efi 1
@ -1510,13 +1517,20 @@ fi
%files tests -f .file-list-tests %files tests -f .file-list-tests
%changelog %changelog
* Tue Sep 27 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-68 * Tue Nov 08 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-69
- logind: optionally watch utmp for login data (#2122288) - logind: optionally watch utmp for login data (#2122288)
- logind: add hashtable for finding session by leader PID (#2122288) - logind: add hashtable for finding session by leader PID (#2122288)
- core/load-fragment: move config_parse_sec_fix_0 to src/shared (#2122288) - core/load-fragment: move config_parse_sec_fix_0 to src/shared (#2122288)
- sd-event: add relative timer calls (#2122288) - sd-event: add relative timer calls (#2122288)
- logind: add option to stop idle sessions after specified timeout (#2122288) - logind: add option to stop idle sessions after specified timeout (#2122288)
- logind: schedule idle check full interval from now if we couldn't figure out atime timestamp (#2122288) - logind: schedule idle check full interval from now if we couldn't figure out atime timestamp (#2122288)
- ci(lint): add shell linter - Differential ShellCheck (#2122499)
- meson: do not compare objects of different types (#2122499)
- journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 (#2122499)
- Fix build with µhttpd 0.9.71 (#2122499)
- ci: replace LGTM with CodeQL (#2122499)
- ci(mergify): Update policy - Drop LGTM checks (#2122499)
- time-util: fix buffer-over-run (#2139391)
* Fri Aug 26 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-67 * Fri Aug 26 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-67
- resolved: pin stream while calling callbacks for it (#2110549) - resolved: pin stream while calling callbacks for it (#2110549)