1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch
new file mode 100644
index 0000000000..341976822b
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch
@@ -0,0 +1,65 @@
+Backport of the following upstream commit:
+From fbb77e1e55866633c9f064e2b3bcf2b6402d962d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 23 Nov 2021 15:55:45 +0100
+Subject: [PATCH 1/3] shared/rm_rf: refactor rm_rf_children_inner() to shorten
+ code a bit
+CVE: CVE-2021-3997
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz]
+Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com>
+---
+ src/basic/rm-rf.c | 27 +++++++++------------------
+ 1 file changed, 9 insertions(+), 18 deletions(-)
+--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
+@@ -34,7 +34,7 @@
+                 const struct stat *root_dev) {
+ 
+         struct stat st;
+-        int r;
+        int r, q = 0;
+ 
+         assert(fd >= 0);
+         assert(fname);
+@@ -50,7 +50,6 @@
+ 
+         if (is_dir) {
+                 _cleanup_close_ int subdir_fd = -1;
+-                int q;
+ 
+                 /* if root_dev is set, remove subdirectories only if device is same */
+                 if (root_dev && st.st_dev != root_dev->st_dev)
+@@ -86,23 +85,15 @@
+                  * again for each directory */
+                 q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
+ 
+-                r = unlinkat(fd, fname, AT_REMOVEDIR);
+-                if (r < 0)
+-                        return r;
+-                if (q < 0)
+-                        return q;
+-
+-                return 1;
+-
+-        } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
+-                r = unlinkat(fd, fname, 0);
+-                if (r < 0)
+-                        return r;
+-
+-                return 1;
+-        }
+        } else if (flags & REMOVE_ONLY_DIRECTORIES)
+                return 0;
+ 
+-        return 0;
+        r = unlinkat(fd, fname, is_dir ? AT_REMOVEDIR : 0);
+        if (r < 0)
+                return r;
+        if (q < 0)
+                return q;
+        return 1;
+ }
+ 
+ int rm_rf_children(

diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch new file mode 100644 index 0000000000..341976822b --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch
@@ -0,0 +1,65 @@
	1	Backport of the following upstream commit:
	2	From fbb77e1e55866633c9f064e2b3bcf2b6402d962d Mon Sep 17 00:00:00 2001
	3	From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
	4	Date: Tue, 23 Nov 2021 15:55:45 +0100
	5	Subject: [PATCH 1/3] shared/rm_rf: refactor rm_rf_children_inner() to shorten
	6	code a bit
	7
	8	CVE: CVE-2021-3997
	9	Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz]
	10	Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com>
	11	---
	12	src/basic/rm-rf.c \| 27 +++++++++------------------
	13	1 file changed, 9 insertions(+), 18 deletions(-)
	14
	15	--- a/src/basic/rm-rf.c
	16	+++ b/src/basic/rm-rf.c
	17	@@ -34,7 +34,7 @@
	18	const struct stat *root_dev) {
	19
	20	struct stat st;
	21	- int r;
	22	+ int r, q = 0;
	23
	24	assert(fd >= 0);
	25	assert(fname);
	26	@@ -50,7 +50,6 @@
	27
	28	if (is_dir) {
	29	_cleanup_close_ int subdir_fd = -1;
	30	- int q;
	31
	32	/* if root_dev is set, remove subdirectories only if device is same */
	33	if (root_dev && st.st_dev != root_dev->st_dev)
	34	@@ -86,23 +85,15 @@
	35	* again for each directory */
	36	q = rm_rf_children(TAKE_FD(subdir_fd), flags \| REMOVE_PHYSICAL, root_dev);
	37
	38	- r = unlinkat(fd, fname, AT_REMOVEDIR);
	39	- if (r < 0)
	40	- return r;
	41	- if (q < 0)
	42	- return q;
	43	-
	44	- return 1;
	45	-
	46	- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
	47	- r = unlinkat(fd, fname, 0);
	48	- if (r < 0)
	49	- return r;
	50	-
	51	- return 1;
	52	- }
	53	+ } else if (flags & REMOVE_ONLY_DIRECTORIES)
	54	+ return 0;
	55
	56	- return 0;
	57	+ r = unlinkat(fd, fname, is_dir ? AT_REMOVEDIR : 0);
	58	+ if (r < 0)
	59	+ return r;
	60	+ if (q < 0)
	61	+ return q;
	62	+ return 1;
	63	}
	64
	65	int rm_rf_children(