diff options
author | Richard Neill <richard.neill@arm.com> | 2022-03-16 10:37:24 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-03-17 16:44:33 +0000 |
commit | 2dfe8c74cf25446002147f5c34b59f04e5e23718 (patch) | |
tree | a400da0d49a586c6b2a649fc1875e1baa7062498 /meta/recipes-core | |
parent | 197c379d2bae0bb279154e050122516116ae385c (diff) | |
download | poky-2dfe8c74cf25446002147f5c34b59f04e5e23718.tar.gz |
systemd: Update 250.3 -> 250.4
The following security and bug-fix patches are included as part of the 250.4
update:
c6603da3ad boot: Properly check status code of console_key_read
2198c08d07 core: really skip automatic restart when a JOB_STOP job is pending
367041af81 pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon
160eeab224 virt: Fix Xen Dom0 detection logic to no longer report as VM
514a4c051c network: bridge: fix endian of vlan protocol
4dbc210124 resolve: fix possible memleak
d82bd80cf4 resolve: fix potential memleak and use-after-free
dcba78244e util: another set of CVE-2021-4034 assert()s
74dfb51f70 sd-dhcp6-client: fix sending prefix delegation request during rebind
df59c65a23 mkdir: allow to create directory whose path contains symlink
ae95ca27be sd-dhcp-lease: fix memleak
2b04d3b3fc sd-dhcp-lease: fix reading unaligned memory
1ef56ad928 network: xfrm: refuse zero interface ID
7dc0f80588 sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
426807c54b sd-dhcp-lease: fix an infinite loop found by the fuzzer
0456e3aaaa oomd: fix race with path unavailability when killing cgroups
As the following two patches:
0001-mkdir-allow-to-create-directory-whose-path-contains-.patch
0001-src-fundamental-list-fundamental_source_paths-using-.patch
have been merged in 250.4 or replaced, remove them.
(From OE-Core rev: ccf7b8948f0c02e28e8a0151c48bf169d3fc36c8)
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/systemd/systemd-boot_250.4.bb (renamed from meta/recipes-core/systemd/systemd-boot_250.3.bb) | 0 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd.inc | 6 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0001-mkdir-allow-to-create-directory-whose-path-contains-.patch | 130 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd/0001-src-fundamental-list-fundamental_source_paths-using-.patch | 28 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd_250.4.bb (renamed from meta/recipes-core/systemd/systemd_250.3.bb) | 1 |
5 files changed, 2 insertions, 163 deletions
diff --git a/meta/recipes-core/systemd/systemd-boot_250.3.bb b/meta/recipes-core/systemd/systemd-boot_250.4.bb index 23a64bf30d..23a64bf30d 100644 --- a/meta/recipes-core/systemd/systemd-boot_250.3.bb +++ b/meta/recipes-core/systemd/systemd-boot_250.4.bb | |||
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index e69738add5..ac454b8afd 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc | |||
@@ -14,10 +14,8 @@ LICENSE = "GPL-2.0-only & LGPL-2.1-only" | |||
14 | LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ | 14 | LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ |
15 | file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" | 15 | file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" |
16 | 16 | ||
17 | SRCREV = "1b003bbc806198dbdd57b405d968f30565495e70" | 17 | SRCREV = "c3aead556847dd2694d559620123b65ff16afe8c" |
18 | SRCBRANCH = "v250-stable" | 18 | SRCBRANCH = "v250-stable" |
19 | SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH} \ | 19 | SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}" |
20 | file://0001-src-fundamental-list-fundamental_source_paths-using-.patch \ | ||
21 | " | ||
22 | 20 | ||
23 | S = "${WORKDIR}/git" | 21 | S = "${WORKDIR}/git" |
diff --git a/meta/recipes-core/systemd/systemd/0001-mkdir-allow-to-create-directory-whose-path-contains-.patch b/meta/recipes-core/systemd/systemd/0001-mkdir-allow-to-create-directory-whose-path-contains-.patch deleted file mode 100644 index 003db430b7..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-mkdir-allow-to-create-directory-whose-path-contains-.patch +++ /dev/null | |||
@@ -1,130 +0,0 @@ | |||
1 | From b060c53503339c45808efeb4294a03105a2999a5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Yu Watanabe <watanabe.yu+github@gmail.com> | ||
3 | Date: Wed, 2 Feb 2022 14:05:45 +0900 | ||
4 | Subject: [PATCH] mkdir: allow to create directory whose path contains symlink | ||
5 | Cc: pavel@zhukoff.net | ||
6 | |||
7 | Upstream-Status: Backport | ||
8 | Upstream-Url: https://github.com/systemd/systemd/pull/22359 | ||
9 | |||
10 | Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> | ||
11 | |||
12 | |||
13 | core/mount: fail early if directory cannot be created | ||
14 | |||
15 | Prompted by #22334. | ||
16 | |||
17 | mkdir: CHASE_NONEXISTENT cannot used in chase_symlinks_and_stat() | ||
18 | |||
19 | mkdir: allow to create directory whose path contains symlink | ||
20 | |||
21 | Fixes a regression caused by 3008a6f21c1c42efe852d69798a2fdd63fe657ec. | ||
22 | |||
23 | Before the commit, when `mkdir_parents_internal()` is called from `mkdir_p()`, | ||
24 | it uses `_mkdir()` as `flag` is zero. But after the commit, `mkdir_safe_internal()` | ||
25 | is always used. Hence, if the path contains a symlink, it fails with -ENOTDIR. | ||
26 | |||
27 | To fix the issue, this makes `mkdir_p()` calls `mkdir_parents_internal()` with | ||
28 | MKDIR_FOLLOW_SYMLINK flag. | ||
29 | |||
30 | Fixes #22334. | ||
31 | |||
32 | test: add a test for mkdir_p() | ||
33 | --- | ||
34 | src/basic/mkdir.c | 4 ++-- | ||
35 | src/core/mount.c | 4 +++- | ||
36 | src/test/meson.build | 2 ++ | ||
37 | src/test/test-mkdir.c | 30 ++++++++++++++++++++++++++++++ | ||
38 | 4 files changed, 37 insertions(+), 3 deletions(-) | ||
39 | create mode 100644 src/test/test-mkdir.c | ||
40 | |||
41 | diff --git a/src/basic/mkdir.c b/src/basic/mkdir.c | ||
42 | index 6e2b94d024..51a0d74e87 100644 | ||
43 | --- a/src/basic/mkdir.c | ||
44 | +++ b/src/basic/mkdir.c | ||
45 | @@ -42,7 +42,7 @@ int mkdir_safe_internal( | ||
46 | if ((flags & MKDIR_FOLLOW_SYMLINK) && S_ISLNK(st.st_mode)) { | ||
47 | _cleanup_free_ char *p = NULL; | ||
48 | |||
49 | - r = chase_symlinks_and_stat(path, NULL, CHASE_NONEXISTENT, &p, &st, NULL); | ||
50 | + r = chase_symlinks_and_stat(path, NULL, 0, &p, &st, NULL); | ||
51 | if (r < 0) | ||
52 | return r; | ||
53 | if (r == 0) | ||
54 | @@ -162,7 +162,7 @@ int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, uid_t ui | ||
55 | |||
56 | assert(_mkdirat != mkdirat); | ||
57 | |||
58 | - r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags, _mkdirat); | ||
59 | + r = mkdir_parents_internal(prefix, path, mode, uid, gid, flags | MKDIR_FOLLOW_SYMLINK, _mkdirat); | ||
60 | if (r < 0) | ||
61 | return r; | ||
62 | |||
63 | diff --git a/src/core/mount.c b/src/core/mount.c | ||
64 | index 0170406351..c650b5abe2 100644 | ||
65 | --- a/src/core/mount.c | ||
66 | +++ b/src/core/mount.c | ||
67 | @@ -1027,8 +1027,10 @@ static void mount_enter_mounting(Mount *m) { | ||
68 | r = mkdir_p_label(p->what, m->directory_mode); | ||
69 | /* mkdir_p_label() can return -EEXIST if the target path exists and is not a directory - which is | ||
70 | * totally OK, in case the user wants us to overmount a non-directory inode. */ | ||
71 | - if (r < 0 && r != -EEXIST) | ||
72 | + if (r < 0 && r != -EEXIST) { | ||
73 | log_unit_error_errno(UNIT(m), r, "Failed to make bind mount source '%s': %m", p->what); | ||
74 | + goto fail; | ||
75 | + } | ||
76 | } | ||
77 | |||
78 | if (p) { | ||
79 | diff --git a/src/test/meson.build b/src/test/meson.build | ||
80 | index 9a1c481f22..7aa1d9c6ea 100644 | ||
81 | --- a/src/test/meson.build | ||
82 | +++ b/src/test/meson.build | ||
83 | @@ -193,6 +193,8 @@ tests += [ | ||
84 | |||
85 | [['src/test/test-macro.c']], | ||
86 | |||
87 | + [['src/test/test-mkdir.c']], | ||
88 | + | ||
89 | [['src/test/test-json.c']], | ||
90 | |||
91 | [['src/test/test-modhex.c']], | ||
92 | diff --git a/src/test/test-mkdir.c b/src/test/test-mkdir.c | ||
93 | new file mode 100644 | ||
94 | index 0000000000..c715d5f096 | ||
95 | --- /dev/null | ||
96 | +++ b/src/test/test-mkdir.c | ||
97 | @@ -0,0 +1,30 @@ | ||
98 | +/* SPDX-License-Identifier: LGPL-2.1-or-later */ | ||
99 | + | ||
100 | +#include <unistd.h> | ||
101 | + | ||
102 | +#include "mkdir.h" | ||
103 | +#include "path-util.h" | ||
104 | +#include "rm-rf.h" | ||
105 | +#include "tests.h" | ||
106 | +#include "tmpfile-util.h" | ||
107 | + | ||
108 | +TEST(mkdir_p) { | ||
109 | + _cleanup_(rm_rf_physical_and_freep) char *tmp = NULL; | ||
110 | + _cleanup_free_ char *p = NULL; | ||
111 | + | ||
112 | + assert_se(mkdtemp_malloc("/tmp/test-mkdir-XXXXXX", &tmp) >= 0); | ||
113 | + | ||
114 | + assert_se(p = path_join(tmp, "run")); | ||
115 | + assert_se(mkdir_p(p, 0755) >= 0); | ||
116 | + | ||
117 | + p = mfree(p); | ||
118 | + assert_se(p = path_join(tmp, "var/run")); | ||
119 | + assert_se(mkdir_parents(p, 0755) >= 0); | ||
120 | + assert_se(symlink("../run", p) >= 0); | ||
121 | + | ||
122 | + p = mfree(p); | ||
123 | + assert_se(p = path_join(tmp, "var/run/hoge/foo/baz")); | ||
124 | + assert_se(mkdir_p(p, 0755) >= 0); | ||
125 | +} | ||
126 | + | ||
127 | +DEFINE_TEST_MAIN(LOG_DEBUG); | ||
128 | -- | ||
129 | 2.34.1 | ||
130 | |||
diff --git a/meta/recipes-core/systemd/systemd/0001-src-fundamental-list-fundamental_source_paths-using-.patch b/meta/recipes-core/systemd/systemd/0001-src-fundamental-list-fundamental_source_paths-using-.patch deleted file mode 100644 index 1d0887490c..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-src-fundamental-list-fundamental_source_paths-using-.patch +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | From 8e882df78ede98c15a3f2567fabebfde1d774b02 Mon Sep 17 00:00:00 2001 | ||
2 | From: Alexander Kanavin <alex@linutronix.de> | ||
3 | Date: Fri, 7 Jan 2022 21:20:15 +0100 | ||
4 | Subject: [PATCH] src/fundamental: list fundamental_source_paths using relative | ||
5 | paths | ||
6 | |||
7 | Otherwise, the compiler takes the full path to the source file | ||
8 | and writes it into the binary output, breaking reproducibility. | ||
9 | |||
10 | Upstream-Status: Submitted [https://github.com/systemd/systemd/pull/22047] | ||
11 | Signed-off-by: Alexander Kanavin <alex@linutronix.de> | ||
12 | --- | ||
13 | src/fundamental/meson.build | 2 +- | ||
14 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
15 | |||
16 | diff --git a/src/fundamental/meson.build b/src/fundamental/meson.build | ||
17 | index 287f0fe36a..954bdf150b 100644 | ||
18 | --- a/src/fundamental/meson.build | ||
19 | +++ b/src/fundamental/meson.build | ||
20 | @@ -20,7 +20,7 @@ sources = ''' | ||
21 | # for sd-boot | ||
22 | fundamental_source_paths = [] | ||
23 | foreach source : sources | ||
24 | - fundamental_source_paths += meson.current_source_dir() / source | ||
25 | + fundamental_source_paths += '../../fundamental/' + source | ||
26 | endforeach | ||
27 | |||
28 | # for libbasic | ||
diff --git a/meta/recipes-core/systemd/systemd_250.3.bb b/meta/recipes-core/systemd/systemd_250.4.bb index 31c5c55c3f..2b346113b5 100644 --- a/meta/recipes-core/systemd/systemd_250.3.bb +++ b/meta/recipes-core/systemd/systemd_250.4.bb | |||
@@ -25,7 +25,6 @@ SRC_URI += "file://touchscreen.rules \ | |||
25 | file://0003-implment-systemd-sysv-install-for-OE.patch \ | 25 | file://0003-implment-systemd-sysv-install-for-OE.patch \ |
26 | file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \ | 26 | file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \ |
27 | file://0001-test-parse-argument-Include-signal.h.patch \ | 27 | file://0001-test-parse-argument-Include-signal.h.patch \ |
28 | file://0001-mkdir-allow-to-create-directory-whose-path-contains-.patch \ | ||
29 | file://0029-network-enable-KeepConfiguration-when-running-on-net.patch \ | 28 | file://0029-network-enable-KeepConfiguration-when-running-on-net.patch \ |
30 | " | 29 | " |
31 | 30 | ||