diff options
author | Chen Qi <Qi.Chen@windriver.com> | 2019-02-26 09:20:16 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-03 15:38:13 +0000 |
commit | 4eb2b3f1503a41474d0c40ada296a9800840267c (patch) | |
tree | a8115d141b07b7d064f434dbaa237676abb517b1 /meta/recipes-core/systemd/systemd/0015-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | |
parent | f1c766fc4e51ada80c022a63176aafd9b40ef07c (diff) | |
download | poky-4eb2b3f1503a41474d0c40ada296a9800840267c.tar.gz |
systemd: upgrade to 241
PATCH REBASED:
==============
0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch
0004-rules-whitelist-hd-devices.patch
0007-rules-watch-metadata-changes-in-ide-devices.patch
0001-Use-getenv-when-secure-versions-are-not-available.patch
0002-don-t-use-glibc-specific-qsort_r.patch
0004-add-fallback-parse_printf_format-implementation.patch
0006-src-basic-missing.h-check-for-missing-strndupa.patch
0007-Include-netinet-if_ether.h.patch
0008-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
0009-add-missing-FTW_-macros-for-musl.patch
0012-fix-missing-of-__register_atfork-for-non-glibc-build.patch
0013-Use-uintmax_t-for-handling-rlim_t.patch
0014-fix-missing-ULONG_LONG_MAX-definition-in-case-of-mus.patch
0021-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
PATCH DROPPED:
==============
0005-Make-root-s-home-directory-configurable.patch
systemd has its hardcoded assumption about /home and /, and it also respects
$HOME environment var, so this patch is somehow useless. This patch was originally
added but in fact had no real runtime effect except messing up some hardcoded assumptions,
and it was accidently manipulated during systemd upgrade. We have in fact not
used the orignal patch for more than two releases and things were working out
well.
0006-remove-nobody-user-group-checking.patch
The issue has been fixed upstream by the following commit.
"check nobody user/group validity only when not cross compiling"
0008-Do-not-enable-nss-tests-if-nss-systemd-is-not-enable.patch
0009-nss-mymachines-Build-conditionally-when-ENABLE_MYHOS.patch
The issue has been fixed upstream by the following commit.
"meson: allow building resolved and machined without nss modules"
0001-login-use-parse_uid-when-unmounting-user-runtime-dir.patch
0001-sd-bus-make-BUS_DEFAULT_TIMEOUT-configurable.patch
Backport
0022-build-sys-Detect-whether-struct-statx-is-defined-in-.patch
Merged
0023-resolvconf-fixes-for-the-compatibility-interface.patch
0001-core-when-deserializing-state-always-use-read_line-L.patch
0001-chown-recursive-let-s-rework-the-recursive-logic-to-.patch
0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
0001-Revert-sysctl.d-request-ECN-on-both-in-and-outgoing-.patch
0001-timesync-changes-type-of-drift_freq-to-int64_t.patch
Backport
0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch
0002-core-Fix-use-after-free-case-in-load_from_path.patch
Merged
0001-meson-rename-Ddebug-to-Ddebug-extra.patch
0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
0025-journald-set-a-limit-on-the-number-of-fields.patch
0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
CVE-2019-6454.patch
sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
0005-basic-user-util-properly-protect-use-of-gshadow.patch
0022-Use-if-instead-of-ifdef-for-ENABLE_GSHADOW.patch
Backport
0001-Remove-fstack-protector-flags-to-workaround-musl-bui.patch
No build failure for qemux86/qemuppc + musl
PATCH ADDED:
============
0020-missing_type.h-add-__compar_d_fn_t-definition.patch
0021-avoid-redefinition-of-prctl_mm_map-structure.patch
0022-include-sys-wait.h-to-avoid-compile-failure.patch
0023-socket-util.h-include-string.h.patch
0024-test-json.c-define-M_PIl.patch
0001-do-not-disable-buffer-in-writing-files.patch
PATCH OTHERS:
=============
0003-comparison_fn_t-is-glibc-specific-use-raw-signature-.patch
0011-src-basic-missing.h-check-for-missing-__compar_fn_t-.patch
are combined into one patch:
0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
Add two more PACKAGECONFIG, nss-mymachines and nss-resolve which are introduced
by the following commit.
meson: allow building resolved and machined without nss modules
(From OE-Core rev: 816e08c18dbcf6e84dedc7a4bd96ddfbf2f86ebc)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/systemd/systemd/0015-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch')
-rw-r--r-- | meta/recipes-core/systemd/systemd/0015-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/0015-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0015-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch new file mode 100644 index 0000000000..fd407f604d --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0015-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | |||
@@ -0,0 +1,99 @@ | |||
1 | From 48c628f532f6025c2d1646b6819cd81eb789d7fb Mon Sep 17 00:00:00 2001 | ||
2 | From: Andre McCurdy <armccurdy@gmail.com> | ||
3 | Date: Tue, 10 Oct 2017 14:33:30 -0700 | ||
4 | Subject: [PATCH 15/24] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat() | ||
5 | |||
6 | Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right | ||
7 | thing to do and it's not portable (not supported by musl). See: | ||
8 | |||
9 | http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html | ||
10 | http://www.openwall.com/lists/musl/2015/02/05/2 | ||
11 | |||
12 | Note that laccess() is never passing AT_EACCESS so a lot of the | ||
13 | discussion in the links above doesn't apply. Note also that | ||
14 | (currently) all systemd callers of laccess() pass mode as F_OK, so | ||
15 | only check for existence of a file, not access permissions. | ||
16 | Therefore, in this case, the only distiction between faccessat() | ||
17 | with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the behaviour | ||
18 | for broken symlinks; laccess() on a broken symlink will succeed with | ||
19 | (flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0). | ||
20 | |||
21 | The laccess() macros was added to systemd some time ago and it's not | ||
22 | clear if or why it needs to return success for broken symlinks. Maybe | ||
23 | just historical and not actually necessary or desired behaviour? | ||
24 | |||
25 | Upstream-Status: Inappropriate [musl specific] | ||
26 | |||
27 | Signed-off-by: Andre McCurdy <armccurdy@gmail.com> | ||
28 | --- | ||
29 | src/basic/fs-util.h | 22 +++++++++++++++++++++- | ||
30 | src/shared/base-filesystem.c | 6 +++--- | ||
31 | 2 files changed, 24 insertions(+), 4 deletions(-) | ||
32 | |||
33 | diff --git a/src/basic/fs-util.h b/src/basic/fs-util.h | ||
34 | index 7ad030b..d4cb1e9 100644 | ||
35 | --- a/src/basic/fs-util.h | ||
36 | +++ b/src/basic/fs-util.h | ||
37 | @@ -32,7 +32,27 @@ int fchmod_opath(int fd, mode_t m); | ||
38 | |||
39 | int fd_warn_permissions(const char *path, int fd); | ||
40 | |||
41 | -#define laccess(path, mode) faccessat(AT_FDCWD, (path), (mode), AT_SYMLINK_NOFOLLOW) | ||
42 | +/* | ||
43 | + Avoid using AT_SYMLINK_NOFOLLOW flag. It doesn't seem like the right thing to | ||
44 | + do and it's not portable (not supported by musl). See: | ||
45 | + | ||
46 | + http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003610.html | ||
47 | + http://www.openwall.com/lists/musl/2015/02/05/2 | ||
48 | + | ||
49 | + Note that laccess() is never passing AT_EACCESS so a lot of the discussion in | ||
50 | + the links above doesn't apply. Note also that (currently) all systemd callers | ||
51 | + of laccess() pass mode as F_OK, so only check for existence of a file, not | ||
52 | + access permissions. Therefore, in this case, the only distiction between | ||
53 | + faccessat() with (flag == 0) and (flag == AT_SYMLINK_NOFOLLOW) is the | ||
54 | + behaviour for broken symlinks; laccess() on a broken symlink will succeed | ||
55 | + with (flag == AT_SYMLINK_NOFOLLOW) and fail (flag == 0). | ||
56 | + | ||
57 | + The laccess() macros was added to systemd some time ago and it's not clear if | ||
58 | + or why it needs to return success for broken symlinks. Maybe just historical | ||
59 | + and not actually necessary or desired behaviour? | ||
60 | +*/ | ||
61 | + | ||
62 | +#define laccess(path, mode) faccessat(AT_FDCWD, (path), (mode), 0) | ||
63 | |||
64 | int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode); | ||
65 | int touch(const char *path); | ||
66 | diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c | ||
67 | index 89d7a7d..34b4ad5 100644 | ||
68 | --- a/src/shared/base-filesystem.c | ||
69 | +++ b/src/shared/base-filesystem.c | ||
70 | @@ -53,7 +53,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { | ||
71 | return log_error_errno(errno, "Failed to open root file system: %m"); | ||
72 | |||
73 | for (i = 0; i < ELEMENTSOF(table); i ++) { | ||
74 | - if (faccessat(fd, table[i].dir, F_OK, AT_SYMLINK_NOFOLLOW) >= 0) | ||
75 | + if (faccessat(fd, table[i].dir, F_OK, 0) >= 0) | ||
76 | continue; | ||
77 | |||
78 | if (table[i].target) { | ||
79 | @@ -61,7 +61,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { | ||
80 | |||
81 | /* check if one of the targets exists */ | ||
82 | NULSTR_FOREACH(s, table[i].target) { | ||
83 | - if (faccessat(fd, s, F_OK, AT_SYMLINK_NOFOLLOW) < 0) | ||
84 | + if (faccessat(fd, s, F_OK, 0) < 0) | ||
85 | continue; | ||
86 | |||
87 | /* check if a specific file exists at the target path */ | ||
88 | @@ -72,7 +72,7 @@ int base_filesystem_create(const char *root, uid_t uid, gid_t gid) { | ||
89 | if (!p) | ||
90 | return log_oom(); | ||
91 | |||
92 | - if (faccessat(fd, p, F_OK, AT_SYMLINK_NOFOLLOW) < 0) | ||
93 | + if (faccessat(fd, p, F_OK, 0) < 0) | ||
94 | continue; | ||
95 | } | ||
96 | |||
97 | -- | ||
98 | 2.7.4 | ||
99 | |||