From d6b5f2a8dd3bcc1e3a658e20f57a8685328bea48 Mon Sep 17 00:00:00 2001
From: AlmaLinux RelEng Bot <eabdullin@almalinux.org>
Date: Tue, 5 May 2026 10:36:27 -0400
Subject: [PATCH] import UBI systemd-252-55.el9_7.9

---
 ...ate-input-cgroup-path-more-prudently.patch | 29 +++++++++++++++++++
 SPECS/systemd.spec                            |  6 +++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/1271-core-validate-input-cgroup-path-more-prudently.patch

diff --git a/SOURCES/1271-core-validate-input-cgroup-path-more-prudently.patch b/SOURCES/1271-core-validate-input-cgroup-path-more-prudently.patch
new file mode 100644
index 0000000..ed379ef
--- /dev/null
+++ b/SOURCES/1271-core-validate-input-cgroup-path-more-prudently.patch
@@ -0,0 +1,29 @@
+From 7750e56f82f608358ba2968ed6d3e53c9f4cd8e6 Mon Sep 17 00:00:00 2001
+From: Mike Yuan <me@yhndnzj.com>
+Date: Thu, 26 Feb 2026 11:06:34 +0100
+Subject: [PATCH] core: validate input cgroup path more prudently
+
+(cherry picked from commit efa6ba2ab625aaa160ac435a09e6482fc63bdbe8)
+
+Resolves: RHEL-155391
+---
+ src/core/dbus-manager.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 386b319c86..60515d09f5 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -666,6 +666,12 @@ static int method_get_unit_by_control_group(sd_bus_message *message, void *userd
+         if (r < 0)
+                 return r;
+ 
++        if (!path_is_absolute(cgroup))
++                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not absolute: %s", cgroup);
++
++        if (!path_is_normalized(cgroup))
++                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Control group path is not normalized: %s", cgroup);
++
+         u = manager_get_unit_by_cgroup(m, cgroup);
+         if (!u)
+                 return sd_bus_error_setf(error, BUS_ERROR_NO_SUCH_UNIT,
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
index 8505e79..a34fb82 100644
--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
@@ -21,7 +21,7 @@
 Name:           systemd
 Url:            https://systemd.io
 Version:        252
-Release:        55%{?dist}.8
+Release:        55%{?dist}.9
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -1353,6 +1353,7 @@ Patch1267: 1267-timer-rebase-the-next-elapse-timestamp-only-if-timer.patch
 Patch1268: 1268-coredump-handle-ENOBUFS-and-EMSGSIZE-the-same-way.patch
 Patch1269: 1269-timer-rebase-last_trigger-timestamp-if-needed.patch
 Patch1270: 1270-core-fix-array-size-in-unit_log_resources.patch
+Patch1271: 1271-core-validate-input-cgroup-path-more-prudently.patch
 
 # Downstream-only patches (9000–9999)
 
@@ -2230,6 +2231,9 @@ systemd-hwdb update &>/dev/null || :
 %{_prefix}/lib/dracut/modules.d/70rhel-net-naming-sysattrs/*
 
 %changelog
+* Thu Apr 02 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-55.9
+- core: validate input cgroup path more prudently (RHEL-155391)
+
 * Tue Feb 24 2026 systemd maintenance team <systemd-maint@redhat.com> - 252-55.8
 - update specfile and sources after renaming rhel-net-naming-sysattrs to net-naming-sysattrs (RHEL-150628)