From 0111855d2c5029c93844e08fcd48592137bfb68a Mon Sep 17 00:00:00 2001 From: Otavio Salvador Date: Mon, 18 Mar 2019 17:04:10 -0300 Subject: systemd: Update to systemd-stable v241-stable release This changes the repository to use the systemd-stable, and update to the latest release from v241-stable branch. Following changes are included: c1f8ff8d0d login: mark nomodeset fb devices as master-of-seat 59f2213e45 login: HyperV requires master-of-seat to be set a09c170122 Allocate temporary strings to hold dbus paths on the heap 4f54afd5a1 Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. b22a96ef2f NEWS: add entry about 'udevadm trigger --wait-daemon' bada94eb3e NEWS: fix release date e9f930b2f5 udev-event: make subst_format_var() always provide null-terminated string on success 66320aec80 sd-device: also store properties read from udev database to sd_device::properties_db dffc22c833 udev-rules: update log messages about OWNER= or GROUP= settings on --resolve=names=never Signed-off-by: Otavio Salvador Signed-off-by: Richard Purdie --- meta/recipes-core/systemd/systemd.inc | 8 +- .../systemd/systemd/CVE-2019-6454.patch | 216 --------------------- meta/recipes-core/systemd/systemd_241.bb | 1 - 3 files changed, 5 insertions(+), 220 deletions(-) delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2019-6454.patch (limited to 'meta') diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 8ca3ece441..5bd88ed6ed 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -14,8 +14,10 @@ LICENSE = "GPLv2 & LGPLv2.1" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "e62a7fea757f259eb330da5b6d3ab4ede46400a2" - -SRC_URI = "git://github.com/systemd/systemd.git;protocol=git" +SRCREV = "c1f8ff8d0de7e303b8004b02a0a47d4cc103a7f8" +SRCBRANCH = "v241-stable" +SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=git;branch=${SRCBRANCH}" S = "${WORKDIR}/git" + +PV_append = "+${SRCPV}" diff --git a/meta/recipes-core/systemd/systemd/CVE-2019-6454.patch b/meta/recipes-core/systemd/systemd/CVE-2019-6454.patch deleted file mode 100644 index b84809ef17..0000000000 --- a/meta/recipes-core/systemd/systemd/CVE-2019-6454.patch +++ /dev/null @@ -1,216 +0,0 @@ -Description: sd-bus: enforce a size limit for dbus paths, and don't allocate - them on the stacka -Forwarded: no - -Patch from: systemd_239-7ubuntu10.8 - -For information see: -https://usn.ubuntu.com/3891-1/ -https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb - -CVE: CVE-2019-6454 -Upstream-Status: Backport - -Signed-off-by: George McCollister - -diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c -index 40acae2133..598b7f110c 100644 ---- a/src/libsystemd/sd-bus/bus-internal.c -+++ b/src/libsystemd/sd-bus/bus-internal.c -@@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) { - if (slash) - return false; - -- return true; -+ return (q - p) <= BUS_PATH_SIZE_MAX; - } - - char* object_path_startswith(const char *a, const char *b) { -diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h -index f208b294d8..a8d61bf72a 100644 ---- a/src/libsystemd/sd-bus/bus-internal.h -+++ b/src/libsystemd/sd-bus/bus-internal.h -@@ -332,6 +332,10 @@ struct sd_bus { - - #define BUS_MESSAGE_SIZE_MAX (128*1024*1024) - #define BUS_AUTH_SIZE_MAX (64*1024) -+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one -+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, -+ * to not clash unnecessarily with real-life applications. */ -+#define BUS_PATH_SIZE_MAX (64*1024) - - #define BUS_CONTAINER_DEPTH 128 - -diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c -index 58329f3fe7..54b977418e 100644 ---- a/src/libsystemd/sd-bus/bus-objects.c -+++ b/src/libsystemd/sd-bus/bus-objects.c -@@ -1133,7 +1133,8 @@ static int object_manager_serialize_path_and_fallbacks( - const char *path, - sd_bus_error *error) { - -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -1149,7 +1150,12 @@ static int object_manager_serialize_path_and_fallbacks( - return 0; - - /* Second, add fallback vtables registered for any of the prefixes */ -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = object_manager_serialize_path(bus, reply, prefix, path, true, error); - if (r < 0) -@@ -1345,6 +1351,7 @@ static int object_find_and_run( - } - - int bus_process_object(sd_bus *bus, sd_bus_message *m) { -+ _cleanup_free_ char *prefix = NULL; - int r; - size_t pl; - bool found_object = false; -@@ -1369,9 +1376,12 @@ int bus_process_object(sd_bus *bus, sd_bus_message *m) { - assert(m->member); - - pl = strlen(m->path); -- do { -- char prefix[pl+1]; -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; - -+ do { - bus->nodes_modified = false; - - r = object_find_and_run(bus, m, m->path, false, &found_object); -@@ -1498,9 +1508,15 @@ static int bus_find_parent_object_manager(sd_bus *bus, struct node **out, const - - n = hashmap_get(bus->nodes, path); - if (!n) { -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; -+ -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; - -- prefix = newa(char, strlen(path) + 1); - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - n = hashmap_get(bus->nodes, prefix); - if (n) -@@ -2083,8 +2099,9 @@ _public_ int sd_bus_emit_properties_changed_strv( - const char *interface, - char **names) { - -+ _cleanup_free_ char *prefix = NULL; - bool found_interface = false; -- char *prefix; -+ size_t pl; - int r; - - assert_return(bus, -EINVAL); -@@ -2105,6 +2122,12 @@ _public_ int sd_bus_emit_properties_changed_strv( - - BUS_DONT_DESTROY(bus); - -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - do { - bus->nodes_modified = false; - -@@ -2114,7 +2137,6 @@ _public_ int sd_bus_emit_properties_changed_strv( - if (bus->nodes_modified) - continue; - -- prefix = newa(char, strlen(path) + 1); - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names); - if (r != 0) -@@ -2246,7 +2268,8 @@ static int object_added_append_all_prefix( - - static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { - _cleanup_set_free_ Set *s = NULL; -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -2291,7 +2314,12 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p - if (bus->nodes_modified) - return 0; - -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = object_added_append_all_prefix(bus, m, s, prefix, path, true); - if (r < 0) -@@ -2430,7 +2458,8 @@ static int object_removed_append_all_prefix( - - static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { - _cleanup_set_free_ Set *s = NULL; -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -2462,7 +2491,12 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char - if (bus->nodes_modified) - return 0; - -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); - if (r < 0) -@@ -2612,7 +2646,8 @@ static int interfaces_added_append_one( - const char *path, - const char *interface) { - -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -2626,7 +2661,12 @@ static int interfaces_added_append_one( - if (bus->nodes_modified) - return 0; - -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); - if (r != 0) diff --git a/meta/recipes-core/systemd/systemd_241.bb b/meta/recipes-core/systemd/systemd_241.bb index 5d09e5d5fb..6532a58cf8 100644 --- a/meta/recipes-core/systemd/systemd_241.bb +++ b/meta/recipes-core/systemd/systemd_241.bb @@ -24,7 +24,6 @@ SRC_URI += "file://touchscreen.rules \ file://0005-rules-watch-metadata-changes-in-ide-devices.patch \ file://0001-meson-declare-version.h-as-dep-for-various-targets-t.patch \ file://0001-meson-declare-version.h-as-dependency-for-systemd.patch \ - file://CVE-2019-6454.patch \ " # patches needed by musl -- cgit 1.2.3-korg