diff options
| author |   Chen Qi <Qi.Chen@windriver.com> | 2019-02-26 09:20:16 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-03-03 15:38:08 +0000 |
| commit | 816e08c18dbcf6e84dedc7a4bd96ddfbf2f86ebc (patch) | |
| tree | 65b0026bc5b7a975066dc6399479e85e5f246f3e /meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch | |
| parent | e082128d497e3e2efa96641989754c6c40347ba7 (diff) | |
| download | openembedded-core-contrib-816e08c18dbcf6e84dedc7a4bd96ddfbf2f86ebc.tar.gz | |
systemd: upgrade to 241
PATCH REBASED:
==============
0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch
0004-rules-whitelist-hd-devices.patch
0007-rules-watch-metadata-changes-in-ide-devices.patch
0001-Use-getenv-when-secure-versions-are-not-available.patch
0002-don-t-use-glibc-specific-qsort_r.patch
0004-add-fallback-parse_printf_format-implementation.patch
0006-src-basic-missing.h-check-for-missing-strndupa.patch
0007-Include-netinet-if_ether.h.patch
0008-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch
0009-add-missing-FTW_-macros-for-musl.patch
0012-fix-missing-of-__register_atfork-for-non-glibc-build.patch
0013-Use-uintmax_t-for-handling-rlim_t.patch
0014-fix-missing-ULONG_LONG_MAX-definition-in-case-of-mus.patch
0021-Hide-__start_BUS_ERROR_MAP-and-__stop_BUS_ERROR_MAP.patch
PATCH DROPPED:
==============
0005-Make-root-s-home-directory-configurable.patch
systemd has its hardcoded assumption about /home and /, and it also respects
$HOME environment var, so this patch is somehow useless. This patch was originally
added but in fact had no real runtime effect except messing up some hardcoded assumptions,
and it was accidently manipulated during systemd upgrade. We have in fact not
used the orignal patch for more than two releases and things were working out
well.
0006-remove-nobody-user-group-checking.patch
The issue has been fixed upstream by the following commit.
"check nobody user/group validity only when not cross compiling"
0008-Do-not-enable-nss-tests-if-nss-systemd-is-not-enable.patch
0009-nss-mymachines-Build-conditionally-when-ENABLE_MYHOS.patch
The issue has been fixed upstream by the following commit.
"meson: allow building resolved and machined without nss modules"
0001-login-use-parse_uid-when-unmounting-user-runtime-dir.patch
0001-sd-bus-make-BUS_DEFAULT_TIMEOUT-configurable.patch
Backport
0022-build-sys-Detect-whether-struct-statx-is-defined-in-.patch
Merged
0023-resolvconf-fixes-for-the-compatibility-interface.patch
0001-core-when-deserializing-state-always-use-read_line-L.patch
0001-chown-recursive-let-s-rework-the-recursive-logic-to-.patch
0001-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
0001-Revert-sysctl.d-request-ECN-on-both-in-and-outgoing-.patch
0001-timesync-changes-type-of-drift_freq-to-int64_t.patch
Backport
0001-sysctl-Don-t-pass-null-directive-argument-to-s.patch
0002-core-Fix-use-after-free-case-in-load_from_path.patch
Merged
0001-meson-rename-Ddebug-to-Ddebug-extra.patch
0024-journald-do-not-store-the-iovec-entry-for-process-co.patch
0025-journald-set-a-limit-on-the-number-of-fields.patch
0026-journal-fix-out-of-bounds-read-CVE-2018-16866.patch
CVE-2019-6454.patch
sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch
0005-basic-user-util-properly-protect-use-of-gshadow.patch
0022-Use-if-instead-of-ifdef-for-ENABLE_GSHADOW.patch
Backport
0001-Remove-fstack-protector-flags-to-workaround-musl-bui.patch
No build failure for qemux86/qemuppc + musl
PATCH ADDED:
============
0020-missing_type.h-add-__compar_d_fn_t-definition.patch
0021-avoid-redefinition-of-prctl_mm_map-structure.patch
0022-include-sys-wait.h-to-avoid-compile-failure.patch
0023-socket-util.h-include-string.h.patch
0024-test-json.c-define-M_PIl.patch
0001-do-not-disable-buffer-in-writing-files.patch
PATCH OTHERS:
=============
0003-comparison_fn_t-is-glibc-specific-use-raw-signature-.patch
0011-src-basic-missing.h-check-for-missing-__compar_fn_t-.patch
are combined into one patch:
0003-missing_type.h-add-__compare_fn_t-and-comparison_fn_.patch
Add two more PACKAGECONFIG, nss-mymachines and nss-resolve which are introduced
by the following commit.
meson: allow building resolved and machined without nss modules
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch')
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch | 139 |
1 files changed, 0 insertions, 139 deletions
diff --git a/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch b/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch deleted file mode 100644 index ae9ef5de56..0000000000 --- a/meta/recipes-core/systemd/systemd/0025-journald-set-a-limit-on-the-number-of-fields.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 7cad044b72406cbadf048da432c29afea74c3c10 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Wed, 5 Dec 2018 22:45:02 +0100 -Subject: [PATCH] journald: set a limit on the number of fields - -The fix for CVE-2018-16865 is plucked from two commits that have -been pushed to systemd master. - -journald: set a limit on the number of fields (1k) - -We allocate a iovec entry for each field, so with many short entries, -our memory usage and processing time can be large, even with a relatively -small message size. Let's refuse overly long entries. - -CVE-2018-16865 -https://bugzilla.redhat.com/show_bug.cgi?id=1653861 - -What from I can see, the problem is not from an alloca, despite what the CVE -description says, but from the attack multiplication that comes from creating -many very small iovecs: (void* + size_t) for each three bytes of input message. - -Patch backported from systemd master at -052c57f132f04a3cf4148f87561618da1a6908b4. - -journal-remote: set a limit on the number of fields in a message - -Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is -reused for the new error condition (too many fields). - -This matches the change done for systemd-journald, hence forming the second -part of the fix for CVE-2018-16865 -(https://bugzilla.redhat.com/show_bug.cgi?id=1653861). - -Patch backported from systemd master at -ef4d6abe7c7fab6cbff975b32e76b09feee56074. -with the changes applied by 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd -removed. - -CVE: CVE-2018-16865 -Upstream-Status: Backport -Signed-off-by: Marcus Cooper <marcusc@axis.com> ---- - src/basic/journal-importer.c | 5 ++++- - src/basic/journal-importer.h | 3 +++ - src/journal-remote/journal-remote-main.c | 7 ++++++- - src/journal-remote/journal-remote.c | 5 ++++- - src/journal/journald-native.c | 5 +++++ - 5 files changed, 22 insertions(+), 3 deletions(-) - -diff --git a/src/basic/journal-importer.c b/src/basic/journal-importer.c -index ca203bbbfc..3ac55a66d9 100644 ---- a/src/basic/journal-importer.c -+++ b/src/basic/journal-importer.c -@@ -23,6 +23,9 @@ enum { - }; - - static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) { -+ if (iovw->count >= ENTRY_FIELD_COUNT_MAX) -+ return -E2BIG; -+ - if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1)) - return log_oom(); - -@@ -98,7 +101,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) { - imp->scanned = imp->filled; - if (imp->scanned >= DATA_SIZE_MAX) { - log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX); -- return -E2BIG; -+ return -ENOBUFS; - } - - if (imp->passive_fd) -diff --git a/src/basic/journal-importer.h b/src/basic/journal-importer.h -index f49ce734a1..c4ae45d32d 100644 ---- a/src/basic/journal-importer.h -+++ b/src/basic/journal-importer.h -@@ -16,6 +16,9 @@ - #define DATA_SIZE_MAX (1024*1024*768u) - #define LINE_CHUNK 8*1024u - -+/* The maximum number of fields in an entry */ -+#define ENTRY_FIELD_COUNT_MAX 1024 -+ - struct iovec_wrapper { - struct iovec *iovec; - size_t size_bytes; -diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c -index 8fda9d1499..3a01fef646 100644 ---- a/src/journal-remote/journal-remote-main.c -+++ b/src/journal-remote/journal-remote-main.c -@@ -212,7 +212,12 @@ static int process_http_upload( - break; - else if (r < 0) { - log_warning("Failed to process data for connection %p", connection); -- if (r == -E2BIG) -+ if (r == -ENOBUFS) -+ return mhd_respondf(connection, -+ r, MHD_HTTP_PAYLOAD_TOO_LARGE, -+ "Entry is above the maximum of %u, aborting connection %p.", -+ DATA_SIZE_MAX, connection); -+ else if (r == -E2BIG) - return mhd_respondf(connection, - r, MHD_HTTP_PAYLOAD_TOO_LARGE, - "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes."); -diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c -index beb75a1cb4..67e3a70c06 100644 ---- a/src/journal-remote/journal-remote.c -+++ b/src/journal-remote/journal-remote.c -@@ -408,7 +408,10 @@ int journal_remote_handle_raw_source( - log_debug("%zu active sources remaining", s->active); - return 0; - } else if (r == -E2BIG) { -- log_notice_errno(E2BIG, "Entry too big, skipped"); -+ log_notice("Entry with too many fields, skipped"); -+ return 1; -+ } else if (r == -ENOBUFS) { -+ log_notice("Entry too big, skipped"); - return 1; - } else if (r == -EAGAIN) { - return 0; -diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c -index 5ff22a10af..951d092053 100644 ---- a/src/journal/journald-native.c -+++ b/src/journal/journald-native.c -@@ -140,6 +140,11 @@ static int server_process_entry( - } - - /* A property follows */ -+ if (n > ENTRY_FIELD_COUNT_MAX) { -+ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry."); -+ r = 1; -+ goto finish; -+ } - - /* n existing properties, 1 new, +1 for _TRANSPORT */ - if (!GREEDY_REALLOC(iovec, m, --- -2.11.0 - |