1 files changed, 101 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch
new file mode 100644
index 0000000000..066e10fbbc
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch
@@ -0,0 +1,101 @@
+Backport of the following upstream commit:
+From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 23 Nov 2021 16:56:42 +0100
+Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit
+CVE: CVE-2021-3997
+Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz]
+Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com>
+---
+ src/basic/rm-rf.c | 53 ++++++++++++++++++++--------------------------
+ 1 file changed, 23 insertions(+), 30 deletions(-)
+--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
+@@ -159,7 +159,7 @@
+ }
+ 
+ int rm_rf(const char *path, RemoveFlags flags) {
+-        int fd, r;
+        int fd, r, q = 0;
+ 
+         assert(path);
+ 
+@@ -191,49 +191,47 @@
+         }
+ 
+         fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+-        if (fd < 0) {
+        if (fd >= 0) {
+                /* We have a dir */
+                r = rm_rf_children(fd, flags, NULL);
+
+                if (FLAGS_SET(flags, REMOVE_ROOT)) {
+                        q = rmdir(path);
+                        if (q < 0)
+                                q = -errno;
+                }
+        } else {
+                 if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
+                         return 0;
+ 
+                 if (!IN_SET(errno, ENOTDIR, ELOOP))
+                         return -errno;
+ 
+-                if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES))
+                if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT))
+                         return 0;
+ 
+-                if (FLAGS_SET(flags, REMOVE_ROOT)) {
+-
+-                        if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+-                                struct statfs s;
+-
+-                                if (statfs(path, &s) < 0)
+-                                        return -errno;
+-                                if (is_physical_fs(&s))
+-                                        return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+-                                                               "Attempted to remove files from a disk file system under \"%s\", refusing.",
+-                                                               path);
+-                        }
+-
+-                        if (unlink(path) < 0) {
+-                                if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
+-                                        return 0;
+                if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+                        struct statfs s;
+ 
+                        if (statfs(path, &s) < 0)
+                                 return -errno;
+-                        }
+                        if (is_physical_fs(&s))
+                                return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+                                                       "Attempted to remove files from a disk file system under \"%s\", refusing.",
+                                                       path);
+                 }
+ 
+-                return 0;
+                r = 0;
+                q = unlink(path);
+                if (q < 0)
+                        q = -errno;
+         }
+ 
+-        r = rm_rf_children(fd, flags, NULL);
+-
+-        if (FLAGS_SET(flags, REMOVE_ROOT) &&
+-            rmdir(path) < 0 &&
+-            r >= 0 &&
+-            (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT))
+-                r = -errno;
+-
+-        return r;
+        if (r < 0)
+                return r;
+        if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK)))
+                return q;
+        return 0;
+ }
+ 
+ int rm_rf_child(int fd, const char *name, RemoveFlags flags) {

diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch new file mode 100644 index 0000000000..066e10fbbc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch
@@ -0,0 +1,101 @@
	1	Backport of the following upstream commit:
	2	From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001
	3	From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
	4	Date: Tue, 23 Nov 2021 16:56:42 +0100
	5	Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit
	6
	7	CVE: CVE-2021-3997
	8	Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz]
	9	Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com>
	10	---
	11	src/basic/rm-rf.c \| 53 ++++++++++++++++++++--------------------------
	12	1 file changed, 23 insertions(+), 30 deletions(-)
	13
	14	--- a/src/basic/rm-rf.c
	15	+++ b/src/basic/rm-rf.c
	16	@@ -159,7 +159,7 @@
	17	}
	18
	19	int rm_rf(const char *path, RemoveFlags flags) {
	20	- int fd, r;
	21	+ int fd, r, q = 0;
	22
	23	assert(path);
	24
	25	@@ -191,49 +191,47 @@
	26	}
	27
	28	fd = open(path, O_RDONLY\|O_NONBLOCK\|O_DIRECTORY\|O_CLOEXEC\|O_NOFOLLOW\|O_NOATIME);
	29	- if (fd < 0) {
	30	+ if (fd >= 0) {
	31	+ /* We have a dir */
	32	+ r = rm_rf_children(fd, flags, NULL);
	33	+
	34	+ if (FLAGS_SET(flags, REMOVE_ROOT)) {
	35	+ q = rmdir(path);
	36	+ if (q < 0)
	37	+ q = -errno;
	38	+ }
	39	+ } else {
	40	if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
	41	return 0;
	42
	43	if (!IN_SET(errno, ENOTDIR, ELOOP))
	44	return -errno;
	45
	46	- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES))
	47	+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) \|\| !FLAGS_SET(flags, REMOVE_ROOT))
	48	return 0;
	49
	50	- if (FLAGS_SET(flags, REMOVE_ROOT)) {
	51	-
	52	- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
	53	- struct statfs s;
	54	-
	55	- if (statfs(path, &s) < 0)
	56	- return -errno;
	57	- if (is_physical_fs(&s))
	58	- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
	59	- "Attempted to remove files from a disk file system under \"%s\", refusing.",
	60	- path);
	61	- }
	62	-
	63	- if (unlink(path) < 0) {
	64	- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
	65	- return 0;
	66	+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
	67	+ struct statfs s;
	68
	69	+ if (statfs(path, &s) < 0)
	70	return -errno;
	71	- }
	72	+ if (is_physical_fs(&s))
	73	+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
	74	+ "Attempted to remove files from a disk file system under \"%s\", refusing.",
	75	+ path);
	76	}
	77
	78	- return 0;
	79	+ r = 0;
	80	+ q = unlink(path);
	81	+ if (q < 0)
	82	+ q = -errno;
	83	}
	84
	85	- r = rm_rf_children(fd, flags, NULL);
	86	-
	87	- if (FLAGS_SET(flags, REMOVE_ROOT) &&
	88	- rmdir(path) < 0 &&
	89	- r >= 0 &&
	90	- (!FLAGS_SET(flags, REMOVE_MISSING_OK) \|\| errno != ENOENT))
	91	- r = -errno;
	92	-
	93	- return r;
	94	+ if (r < 0)
	95	+ return r;
	96	+ if (q < 0 && (q != -ENOENT \|\| !FLAGS_SET(flags, REMOVE_MISSING_OK)))
	97	+ return q;
	98	+ return 0;
	99	}
	100
	101	int rm_rf_child(int fd, const char *name, RemoveFlags flags) {