diff options
| author | Peter Marko <peter.marko@siemens.com> | 2025-06-13 23:46:54 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-06-16 17:57:30 +0100 |
| commit | df52422072065b49ce49776acd0d54cc5427157c (patch) | |
| tree | 4495f61841da9deeec86def20c8fb679bdf0261d | |
| parent | 2837c4ab1d00b807fbe6302ef14b87386e5646b8 (diff) | |
| download | poky-df52422072065b49ce49776acd0d54cc5427157c.tar.gz | |
systemd: upgrade 257.5 -> 257.6
Handles CVE-2025-4598
Rebase patches
(From OE-Core rev: fddfca638818e16bf4d2486f5a5e0bbaaaa0a20f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/recipes-core/systemd/systemd-boot-native_257.6.bb (renamed from meta/recipes-core/systemd/systemd-boot-native_257.5.bb) | 0 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd-boot_257.6.bb (renamed from meta/recipes-core/systemd/systemd-boot_257.5.bb) | 0 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd-systemctl-native_257.6.bb (renamed from meta/recipes-core/systemd/systemd-systemctl-native_257.5.bb) | 0 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd.inc | 2 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch | 2 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch | 14 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch | 4 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch | 7 | ||||
| -rw-r--r-- | meta/recipes-core/systemd/systemd_257.6.bb (renamed from meta/recipes-core/systemd/systemd_257.5.bb) | 0 |
9 files changed, 14 insertions, 15 deletions
diff --git a/meta/recipes-core/systemd/systemd-boot-native_257.5.bb b/meta/recipes-core/systemd/systemd-boot-native_257.6.bb index 05ebe7b63e..05ebe7b63e 100644 --- a/meta/recipes-core/systemd/systemd-boot-native_257.5.bb +++ b/meta/recipes-core/systemd/systemd-boot-native_257.6.bb | |||
diff --git a/meta/recipes-core/systemd/systemd-boot_257.5.bb b/meta/recipes-core/systemd/systemd-boot_257.6.bb index c6c443f929..c6c443f929 100644 --- a/meta/recipes-core/systemd/systemd-boot_257.5.bb +++ b/meta/recipes-core/systemd/systemd-boot_257.6.bb | |||
diff --git a/meta/recipes-core/systemd/systemd-systemctl-native_257.5.bb b/meta/recipes-core/systemd/systemd-systemctl-native_257.6.bb index 041a040a26..041a040a26 100644 --- a/meta/recipes-core/systemd/systemd-systemctl-native_257.5.bb +++ b/meta/recipes-core/systemd/systemd-systemctl-native_257.6.bb | |||
diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 243053a8c7..5ed84757f3 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc | |||
| @@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later" | |||
| 15 | LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ | 15 | LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ |
| 16 | file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" | 16 | file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" |
| 17 | 17 | ||
| 18 | SRCREV = "1c93ed4c72a4513d9cefcd1f89d11a9dc828d06c" | 18 | SRCREV = "00a12c234e2506f5cab683460199575f13c454db" |
| 19 | SRCBRANCH = "v257-stable" | 19 | SRCBRANCH = "v257-stable" |
| 20 | SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV}" | 20 | SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV}" |
| 21 | 21 | ||
diff --git a/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch index f9a45bb40b..47b8583e7a 100644 --- a/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch +++ b/meta/recipes-core/systemd/systemd/0004-add-fallback-parse_printf_format-implementation.patch | |||
| @@ -25,7 +25,7 @@ diff --git a/meson.build b/meson.build | |||
| 25 | index bffda86845..4146f4beef 100644 | 25 | index bffda86845..4146f4beef 100644 |
| 26 | --- a/meson.build | 26 | --- a/meson.build |
| 27 | +++ b/meson.build | 27 | +++ b/meson.build |
| 28 | @@ -773,6 +773,7 @@ foreach header : ['crypt.h', | 28 | @@ -770,6 +770,7 @@ foreach header : ['crypt.h', |
| 29 | 'linux/ioprio.h', | 29 | 'linux/ioprio.h', |
| 30 | 'linux/memfd.h', | 30 | 'linux/memfd.h', |
| 31 | 'linux/time_types.h', | 31 | 'linux/time_types.h', |
diff --git a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch index 00b4b777f4..0bbc6bbac7 100644 --- a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch +++ b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch | |||
| @@ -71,7 +71,7 @@ diff --git a/src/basic/namespace-util.c b/src/basic/namespace-util.c | |||
| 71 | index 332e8cdfd5..804498127d 100644 | 71 | index 332e8cdfd5..804498127d 100644 |
| 72 | --- a/src/basic/namespace-util.c | 72 | --- a/src/basic/namespace-util.c |
| 73 | +++ b/src/basic/namespace-util.c | 73 | +++ b/src/basic/namespace-util.c |
| 74 | @@ -354,12 +354,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) { | 74 | @@ -359,12 +359,12 @@ int userns_acquire(const char *uid_map, const char *gid_map) { |
| 75 | freeze(); | 75 | freeze(); |
| 76 | 76 | ||
| 77 | xsprintf(path, "/proc/" PID_FMT "/uid_map", pid); | 77 | xsprintf(path, "/proc/" PID_FMT "/uid_map", pid); |
| @@ -154,7 +154,7 @@ diff --git a/src/core/cgroup.c b/src/core/cgroup.c | |||
| 154 | index 6933aae54d..ab6fccc0e4 100644 | 154 | index 6933aae54d..ab6fccc0e4 100644 |
| 155 | --- a/src/core/cgroup.c | 155 | --- a/src/core/cgroup.c |
| 156 | +++ b/src/core/cgroup.c | 156 | +++ b/src/core/cgroup.c |
| 157 | @@ -5167,7 +5167,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { | 157 | @@ -5175,7 +5175,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { |
| 158 | if (r < 0) | 158 | if (r < 0) |
| 159 | return r; | 159 | return r; |
| 160 | 160 | ||
| @@ -180,7 +180,7 @@ diff --git a/src/core/main.c b/src/core/main.c | |||
| 180 | index 172742c769..e68ce2a6d8 100644 | 180 | index 172742c769..e68ce2a6d8 100644 |
| 181 | --- a/src/core/main.c | 181 | --- a/src/core/main.c |
| 182 | +++ b/src/core/main.c | 182 | +++ b/src/core/main.c |
| 183 | @@ -1812,7 +1812,7 @@ static void initialize_core_pattern(bool skip_setup) { | 183 | @@ -1826,7 +1826,7 @@ static void initialize_core_pattern(bool skip_setup) { |
| 184 | if (getpid_cached() != 1) | 184 | if (getpid_cached() != 1) |
| 185 | return; | 185 | return; |
| 186 | 186 | ||
| @@ -231,7 +231,7 @@ diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd- | |||
| 231 | index 01fa90b1ff..83ab655bf4 100644 | 231 | index 01fa90b1ff..83ab655bf4 100644 |
| 232 | --- a/src/libsystemd/sd-device/sd-device.c | 232 | --- a/src/libsystemd/sd-device/sd-device.c |
| 233 | +++ b/src/libsystemd/sd-device/sd-device.c | 233 | +++ b/src/libsystemd/sd-device/sd-device.c |
| 234 | @@ -2563,7 +2563,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, | 234 | @@ -2564,7 +2564,7 @@ _public_ int sd_device_set_sysattr_value(sd_device *device, const char *sysattr, |
| 235 | if (!value) | 235 | if (!value) |
| 236 | return -ENOMEM; | 236 | return -ENOMEM; |
| 237 | 237 | ||
| @@ -359,7 +359,7 @@ diff --git a/src/shared/coredump-util.c b/src/shared/coredump-util.c | |||
| 359 | index 805503f366..3234a1d76e 100644 | 359 | index 805503f366..3234a1d76e 100644 |
| 360 | --- a/src/shared/coredump-util.c | 360 | --- a/src/shared/coredump-util.c |
| 361 | +++ b/src/shared/coredump-util.c | 361 | +++ b/src/shared/coredump-util.c |
| 362 | @@ -173,7 +173,7 @@ void disable_coredumps(void) { | 362 | @@ -180,7 +180,7 @@ void disable_coredumps(void) { |
| 363 | if (detect_container() > 0) | 363 | if (detect_container() > 0) |
| 364 | return; | 364 | return; |
| 365 | 365 | ||
| @@ -372,7 +372,7 @@ diff --git a/src/shared/hibernate-util.c b/src/shared/hibernate-util.c | |||
| 372 | index 1213fdc2c7..4c26e6a4ee 100644 | 372 | index 1213fdc2c7..4c26e6a4ee 100644 |
| 373 | --- a/src/shared/hibernate-util.c | 373 | --- a/src/shared/hibernate-util.c |
| 374 | +++ b/src/shared/hibernate-util.c | 374 | +++ b/src/shared/hibernate-util.c |
| 375 | @@ -495,7 +495,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) { | 375 | @@ -498,7 +498,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) { |
| 376 | 376 | ||
| 377 | /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so | 377 | /* We write the offset first since it's safer. Note that this file is only available in 4.17+, so |
| 378 | * fail gracefully if it doesn't exist and we're only overwriting it with 0. */ | 378 | * fail gracefully if it doesn't exist and we're only overwriting it with 0. */ |
| @@ -381,7 +381,7 @@ index 1213fdc2c7..4c26e6a4ee 100644 | |||
| 381 | if (r == -ENOENT) { | 381 | if (r == -ENOENT) { |
| 382 | if (offset != 0) | 382 | if (offset != 0) |
| 383 | return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), | 383 | return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), |
| 384 | @@ -511,7 +511,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) { | 384 | @@ -514,7 +514,7 @@ int write_resume_config(dev_t devno, uint64_t offset, const char *device) { |
| 385 | log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.", | 385 | log_debug("Wrote resume_offset=%s for device '%s' to /sys/power/resume_offset.", |
| 386 | offset_str, device); | 386 | offset_str, device); |
| 387 | 387 | ||
diff --git a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch index 08d4e384ff..0aabae6d82 100644 --- a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch +++ b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch | |||
| @@ -140,7 +140,7 @@ diff --git a/src/shared/userdb.c b/src/shared/userdb.c | |||
| 140 | index ff83d4bf90..54d36cc706 100644 | 140 | index ff83d4bf90..54d36cc706 100644 |
| 141 | --- a/src/shared/userdb.c | 141 | --- a/src/shared/userdb.c |
| 142 | +++ b/src/shared/userdb.c | 142 | +++ b/src/shared/userdb.c |
| 143 | @@ -1041,13 +1041,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { | 143 | @@ -1042,13 +1042,15 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { |
| 144 | if (gr) { | 144 | if (gr) { |
| 145 | _cleanup_free_ char *buffer = NULL; | 145 | _cleanup_free_ char *buffer = NULL; |
| 146 | bool incomplete = false; | 146 | bool incomplete = false; |
| @@ -157,7 +157,7 @@ index ff83d4bf90..54d36cc706 100644 | |||
| 157 | if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { | 157 | if (!FLAGS_SET(iterator->flags, USERDB_SUPPRESS_SHADOW)) { |
| 158 | r = nss_sgrp_for_group(gr, &sgrp, &buffer); | 158 | r = nss_sgrp_for_group(gr, &sgrp, &buffer); |
| 159 | if (r < 0) { | 159 | if (r < 0) { |
| 160 | @@ -1060,6 +1062,9 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { | 160 | @@ -1061,6 +1063,9 @@ int groupdb_iterator_get(UserDBIterator *iterator, GroupRecord **ret) { |
| 161 | } | 161 | } |
| 162 | 162 | ||
| 163 | r = nss_group_to_group_record(gr, r >= 0 ? &sgrp : NULL, ret); | 163 | r = nss_group_to_group_record(gr, r >= 0 ? &sgrp : NULL, ret); |
diff --git a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch index 791079a19f..56083cc7b3 100644 --- a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch +++ b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch | |||
| @@ -11,8 +11,8 @@ Upstream-Status: Inappropriate [musl specific] | |||
| 11 | 11 | ||
| 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | 12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 13 | --- | 13 | --- |
| 14 | src/basic/errno-util.h | 12 ++++++++++-- | 14 | src/basic/errno-util.h | 10 +++++++++- |
| 15 | 1 file changed, 10 insertions(+), 2 deletions(-) | 15 | 1 file changed, 9 insertions(+), 1 deletion(-) |
| 16 | 16 | ||
| 17 | diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h | 17 | diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h |
| 18 | index 48b76e4bf7..6e7653e2d9 100644 | 18 | index 48b76e4bf7..6e7653e2d9 100644 |
| @@ -23,9 +23,8 @@ index 48b76e4bf7..6e7653e2d9 100644 | |||
| 23 | * | 23 | * |
| 24 | * Note that we use the GNU variant of strerror_r() here. */ | 24 | * Note that we use the GNU variant of strerror_r() here. */ |
| 25 | -#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) | 25 | -#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) |
| 26 | - | ||
| 27 | +static inline const char * STRERROR(int errnum); | 26 | +static inline const char * STRERROR(int errnum); |
| 28 | + | 27 | |
| 29 | +static inline const char * STRERROR(int errnum) { | 28 | +static inline const char * STRERROR(int errnum) { |
| 30 | +#ifdef __GLIBC__ | 29 | +#ifdef __GLIBC__ |
| 31 | + return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN); | 30 | + return strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN); |
diff --git a/meta/recipes-core/systemd/systemd_257.5.bb b/meta/recipes-core/systemd/systemd_257.6.bb index 995b55580e..995b55580e 100644 --- a/meta/recipes-core/systemd/systemd_257.5.bb +++ b/meta/recipes-core/systemd/systemd_257.6.bb | |||