From 0214da5fc8ee82563e05ed3dffca627062056d0b Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Jan 11 2019 12:37:03 +0000 Subject: Patches for the journal CVEs and various other fixes --- diff --git a/0001-test-json-check-absolute-and-relative-difference-in-.patch b/0001-test-json-check-absolute-and-relative-difference-in-.patch deleted file mode 100644 index a34b45a..0000000 --- a/0001-test-json-check-absolute-and-relative-difference-in-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 847364f5123f108884f8c59fb05d7ff941693dfb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 21 Dec 2018 22:49:53 +0100 -Subject: [PATCH] test-json: check absolute and relative difference in floating - point test - -The test fails under valgrind, so there was an exception for valgrind. -Unfortunately that check only works when valgrind-devel headers are -available during build. But it is possible to have just valgrind installed, -or simply install it after the build, and then "valgrind test-json" would -fail. - -It also seems that even without valgrind, this fails on some arm32 CPUs. -Let's do the usual-style test for absolute and relative differences. ---- - src/test/test-json.c | 16 +++++++--------- - 1 file changed, 7 insertions(+), 9 deletions(-) - -diff --git a/src/test/test-json.c b/src/test/test-json.c -index 5aa4d19dbe..cd6269f798 100644 ---- a/src/test/test-json.c -+++ b/src/test/test-json.c -@@ -1,9 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1+ */ - - #include --#if HAVE_VALGRIND_VALGRIND_H --#include --#endif - - #include "alloc-util.h" - #include "fd-util.h" -@@ -45,12 +42,13 @@ static void test_tokenizer(const char *data, ...) { - - d = va_arg(ap, long double); - --#if HAVE_VALGRIND_VALGRIND_H -- if (!RUNNING_ON_VALGRIND) --#endif -- /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit: -- * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits */ -- assert_se(fabsl(d - v.real) < 0.001L); -+ /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit: -+ * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits. -+ * Some architectures might not support long double either. -+ */ -+ -+ assert_se(fabsl(d - v.real) < 1e-10 || -+ fabsl((d - v.real) / v.real) < 1e-10); - - } else if (t == JSON_TOKEN_INTEGER) { - intmax_t i; --- -2.19.2 - diff --git a/0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch b/0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch deleted file mode 100644 index 47bd8dd..0000000 --- a/0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1f17a35ef85e943965ffafe2ef6eebd98d6b917a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 22 Dec 2018 19:39:51 +0900 -Subject: [PATCH 3/4] Revert "sd-device: ignore bind/unbind events for now" - -This reverts commit 56c886dc7ed5b2bb0882ba85136f4070545bfc1b. ---- - src/libsystemd/sd-device/device-private.c | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c -index 01a5aa3d3f..36beb3e7df 100644 ---- a/src/libsystemd/sd-device/device-private.c -+++ b/src/libsystemd/sd-device/device-private.c -@@ -326,15 +326,6 @@ static int device_append(sd_device *device, char *key, const char **_major, cons - action = device_action_from_string(value); - if (action == _DEVICE_ACTION_INVALID) - return -EINVAL; -- /* FIXME: remove once we no longer flush previuos state for each action */ -- if (action == DEVICE_ACTION_BIND || action == DEVICE_ACTION_UNBIND) { -- static bool warned; -- if (!warned) { -- log_device_debug(device, "sd-device: ignoring actions 'bind' and 'unbind'"); -- warned = true; -- } -- return -EINVAL; -- } - } else if (streq(key, "SEQNUM")) { - r = safe_atou64(value, &seqnum); - if (r < 0) --- -2.19.2 - diff --git a/0004-Revert-udevd-configure-a-child-process-name-for-work.patch b/0004-Revert-udevd-configure-a-child-process-name-for-work.patch deleted file mode 100644 index 9c2417d..0000000 --- a/0004-Revert-udevd-configure-a-child-process-name-for-work.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 6d243cc3e79fa1b4de4388661c9318d17a3d9d1a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 22 Dec 2018 19:49:47 +0900 -Subject: [PATCH 4/4] Revert "udevd: configure a child process name for worker - processes" - -This reverts commit 49f3ee7e74c714f55aab395c080b1099fc17f7fd. ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index fb8724ea87..ec77bd4a71 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -534,7 +534,7 @@ static int worker_spawn(Manager *manager, struct event *event) { - if (r < 0) - return log_error_errno(r, "Worker: Failed to enable receiving of device: %m"); - -- r = safe_fork("(worker)", FORK_DEATHSIG, &pid); -+ r = safe_fork(NULL, FORK_DEATHSIG, &pid); - if (r < 0) { - event->state = EVENT_QUEUED; - return log_error_errno(r, "Failed to fork() worker: %m"); --- -2.19.2 - diff --git a/sources b/sources index 323ec5c..d7959bb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-240.tar.gz) = da7467781b16f65d868931ae88fd07554db61542aec7f11dbec9f7279b529f900301edfea2d3813ddb64eeb3fdcfb7be86e540c65212dd7cfdcdebbc80de2ff5 +SHA512 (systemd-f02b547.tar.gz) = a7d774ed00d572eb2d9313ff25a09c707112443020d173d4d350bdb9b269fcef519da8efc2d93b3b72f4ebdd3ff295716e2f640f8c1e679cb24b26e71fca56ee diff --git a/systemd.spec b/systemd.spec index a04ebfe..29bb228 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,7 +1,7 @@ -#global commit a188229ade906a1374efea4d1851b510d6216c38 +%global commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})} -#global stable 1 +%global stable 1 # We ship a .pc file but don't want to have a dep on pkg-config. We # strip the automatically generated dep here and instead co-own the @@ -14,8 +14,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 240%{?commit:~0.git%{shortcommit}} -Release: 2%{?dist} +Version: 240 +Release: 3%{?commit:.git%{shortcommit}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -50,10 +50,7 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done| GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch %endif -Patch0001: 0001-test-json-check-absolute-and-relative-difference-in-.patch Patch0002: 0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch -Patch0003: 0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch -Patch0004: 0004-Revert-udevd-configure-a-child-process-name-for-work.patch Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -688,6 +685,13 @@ fi %files tests -f .file-list-tests %changelog +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 240-3.gitf02b547 +- systemd-journald and systemd-journal-remote reject entries which + contain too many fields (CVE-2018-16865, #1664973) and set limits on the + process' command line length (CVE-2018-16864, #1664972) +- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857) +- A fix for systemd-udevd crash (#1662303) + * Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek - 240-2 - Add two more patches that revert recent udev changes