d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Buildroot to 2019.02.3 (#415)

Browse Source 
* Update Buildroot to 2019-02.3

* Fix enter script

* Update ova_defconfig

* Fix network manager

* Remove runc patches

* Use same docker version

* Fix build

* Fix vmtools

* Fix depens

* Fix handling with tempfiles

* Fix permission handling

* Fix cp

* Cleanup

* Fix mounts
This commit is contained in:
Pascal Vizeli
2019-06-27 11:58:50 +02:00
committed by GitHub
parent bb201fb842
commit 41d3f59002
2416 changed files with 36288 additions and 21885 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
buildroot/package/systemd/0001-fix-getty-unit.patch
View File

@@ -30,7 +30,7 @@ index 3c553240a..fd5ad9456 100644
# option to preserve environment (-p), followed by '--' for safety, and then
# the entered username.
-ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear --keep-baud console 115200,38400,9600 $TERM
+ExecStart=-/sbin/getty -L %I 115200 vt100
+ExecStart=-/sbin/getty -L console 115200 vt100
Type=idle
Restart=always
UtmpIdentifier=cons

2
buildroot/package/systemd/0002-install-don-t-use-ln-relative.patch
View File

@@ -33,7 +33,7 @@ diff --git a/meson.build b/meson.build
index 04331dd41..359042c04 100644
--- a/meson.build
+++ b/meson.build
@@ -559,7 +559,7 @@ endforeach
@@ -628,7 +628,7 @@ endforeach
conf.set_quoted('TELINIT', get_option('telinit-path'))
if run_command('ln', '--relative', '--help').returncode() != 0

111
buildroot/package/systemd/0003-build-sys-Detect-whether-struct-statx-is-defined-in-.patch
View File

@@ -1,111 +0,0 @@
From ebe5606eadb1241796ba9747d8e357bd6b3e912e Mon Sep 17 00:00:00 2001
From: Filipe Brandenburger <filbranden@google.com>
Date: Sun, 15 Jul 2018 22:43:35 -0700
Subject: [PATCH] build-sys: Detect whether struct statx is defined in
sys/stat.h
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Starting with glibc 2.27.9000-36.fc29, include file sys/stat.h will have a
definition for struct statx, in which case include file linux/stat.h should be
avoided, in order to prevent a duplicate definition.
In file included from ../src/basic/missing.h:18,
from ../src/basic/util.h:28,
from ../src/basic/hashmap.h:10,
from ../src/shared/bus-util.h:12,
from ../src/libsystemd/sd-bus/bus-creds.c:11:
/usr/include/linux/stat.h:99:8: error: redefinition of struct statx
struct statx {
^~~~~
In file included from /usr/include/sys/stat.h:446,
from ../src/basic/util.h:19,
from ../src/basic/hashmap.h:10,
from ../src/shared/bus-util.h:12,
from ../src/libsystemd/sd-bus/bus-creds.c:11:
/usr/include/bits/statx.h:36:8: note: originally defined here
struct statx
^~~~~
Extend our meson.build to look for struct statx when only sys/stat.h is
included and, in that case, do not include linux/stat.h anymore.
Tested that systemd builds correctly when using a glibc version that includes a
definition for struct statx.
glibc Fedora RPM update:
https://src.fedoraproject.org/rpms/glibc/c/28cb5d31fc1e5887912283c889689c47076278ae
glibc upstream commit:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fd70af45528d59a00eb3190ef6706cb299488fcd
(cherry picked from commit 75720bff62a84896e9a0654afc7cf9408cf89a38)
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
meson.build | 5 +++++
src/basic/missing.h | 5 ++++-
src/basic/xattr-util.c | 1 -
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/meson.build b/meson.build
index 04331dd41..a0e724070 100644
--- a/meson.build
+++ b/meson.build
@@ -425,6 +425,7 @@ decl_headers = '''
#include <sys/stat.h>
'''
# FIXME: key_serial_t is only defined in keyutils.h, this is bound to fail
+# FIXME: these should use -D_GNU_SOURCE, since that is defined at build time
foreach decl : ['char16_t',
'char32_t',
@@ -439,6 +440,10 @@ foreach decl : ['char16_t',
conf.set10('HAVE_' + decl.underscorify().to_upper(), have)
endforeach
+conf.set10('HAVE_STRUCT_STATX_IN_SYS_STAT_H', cc.sizeof('struct statx', prefix : '''
+#include <sys/stat.h>
+''', args : '-D_GNU_SOURCE') > 0)
+
foreach decl : [['IFLA_INET6_ADDR_GEN_MODE', 'linux/if_link.h'],
['IN6_ADDR_GEN_MODE_STABLE_PRIVACY', 'linux/if_link.h'],
['IFLA_VRF_TABLE', 'linux/if_link.h'],
diff --git a/src/basic/missing.h b/src/basic/missing.h
index 71a07d057..14ad3d491 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -15,7 +15,6 @@
#include <linux/neighbour.h>
#include <linux/oom.h>
#include <linux/rtnetlink.h>
-#include <linux/stat.h>
#include <net/ethernet.h>
#include <stdlib.h>
#include <sys/resource.h>
@@ -25,6 +24,10 @@
#include <uchar.h>
#include <unistd.h>
+#if !HAVE_STRUCT_STATX_IN_SYS_STAT_H
+#include <linux/stat.h>
+#endif
+
#if HAVE_AUDIT
#include <libaudit.h>
#endif
diff --git a/src/basic/xattr-util.c b/src/basic/xattr-util.c
index c5c55ea84..0ee097983 100644
--- a/src/basic/xattr-util.c
+++ b/src/basic/xattr-util.c
@@ -2,7 +2,6 @@
#include <errno.h>
#include <fcntl.h>
-#include <linux/stat.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
--
2.14.4

60
buildroot/package/systemd/0003-meson-use-cross-compilation-compatible-c-check.patch Normal file
View File

@@ -0,0 +1,60 @@
From 180a940333c84495015bd5b24d41c1dbfff509f2 Mon Sep 17 00:00:00 2001
From: James Hilliard <james.hilliard1@gmail.com>
Date: Thu, 27 Dec 2018 09:16:20 +0800
Subject: [PATCH] meson: use cross compilation compatible c++ check
[james.hilliard1@gmail.com: backport from upstream commit
46e63a2a3ed46ce97430ce38e4cc0798c57900eb]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
meson.build | 4 +---
src/systemd/meson.build | 3 +--
src/test/meson.build | 2 +-
3 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/meson.build b/meson.build
index b338886..1964b1a 100644
--- a/meson.build
+++ b/meson.build
@@ -287,10 +287,8 @@ want_tests = get_option('tests')
slow_tests = want_tests != 'false' and get_option('slow-tests')
install_tests = get_option('install-tests')
-cxx = find_program('c++', required : fuzzer_build)
-if cxx.found()
+if add_languages('cpp', required : fuzzer_build)
# Used only for tests
- add_languages('cpp')
cxx_cmd = ' '.join(meson.get_compiler('cpp').cmd_array())
else
cxx_cmd = ''
diff --git a/src/systemd/meson.build b/src/systemd/meson.build
index e0c967e..75c48b0 100644
--- a/src/systemd/meson.build
+++ b/src/systemd/meson.build
@@ -52,8 +52,7 @@ if cc.has_argument('-std=iso9899:2017')
opts += [['c', '-std=iso9899:2017']]
endif
-cxx = find_program('c++', required : false)
-if cxx.found()
+if add_languages('cpp', required : false)
opts += [['c++'],
['c++', '-std=c++98'],
['c++', '-std=c++11']]
diff --git a/src/test/meson.build b/src/test/meson.build
index ea049a6..d9d87e0 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -957,7 +957,7 @@ tests += [
]
-if cxx.found()
+if cxx_cmd != ''
tests += [
[['src/libsystemd/sd-bus/test-bus-vtable-cc.cc'],
[],
--
2.7.4

61
buildroot/package/systemd/0004-capability-fix-build-without-PR_CAP_AMBIENT.patch Normal file
View File

@@ -0,0 +1,61 @@
From 822809d0afd0f984750a61b2391059411afa4333 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 11 Jan 2019 16:07:00 +0100
Subject: [PATCH] capability: fix build without PR_CAP_AMBIENT
systemd fails to build on kernel without PR_CAP_AMBIENT (< 4.3) since
https://github.com/systemd/systemd/commit/2a03bb3e65327c73008f1db485ffc75c432dc6b2
To fix this error, include missing_prctl.h in all files using
PR_CAP_AMBIENT
Fixes:
- http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/systemd/systemd/pull/11400]
---
src/basic/capability-util.c | 1 +
src/test/test-capability.c | 1 +
src/test/test-execute.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index a3f3ca9f5..b944ee6ea 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -13,6 +13,7 @@
#include "fileio.h"
#include "log.h"
#include "macro.h"
+#include "missing_prctl.h"
#include "parse-util.h"
#include "user-util.h"
#include "util.h"
diff --git a/src/test/test-capability.c b/src/test/test-capability.c
index dae85f2f9..3db05878a 100644
--- a/src/test/test-capability.c
+++ b/src/test/test-capability.c
@@ -13,6 +13,7 @@
#include "fd-util.h"
#include "fileio.h"
#include "macro.h"
+#include "missing_prctl.h"
#include "parse-util.h"
#include "tests.h"
#include "util.h"
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 2115061ad..cea68b8cf 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -13,6 +13,7 @@
#include "fs-util.h"
#include "macro.h"
#include "manager.h"
+#include "missing_prctl.h"
#include "mkdir.h"
#include "path-util.h"
#include "rm-rf.h"
--
2.14.1

77
buildroot/package/systemd/0004-meson-unify-linux-stat.h-check-with-other-checks-and.patch
View File

@@ -1,77 +0,0 @@
From 17bd864a04a0583cfb343c5621b591bdd76d79ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Jul 2018 17:26:17 +0200
Subject: [PATCH] meson: unify linux/stat.h check with other checks and use
_GNU_SOURCE
Using _GNU_SOURCE is better because that's how we include the headers in the
actual build, and some headers define different stuff when it is defined.
sys/stat.h for example defines 'struct statx' conditionally.
(cherry picked from commit 9c869d08d82c73f62ab3527567858ce4b0cf1257)
Signed-off-by: Romain Naour <romain.naour@gmail.com>
---
meson.build | 20 ++++++++++++++------
src/basic/missing.h | 2 +-
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/meson.build b/meson.build
index a0e724070..5dcabdc6c 100644
--- a/meson.build
+++ b/meson.build
@@ -421,11 +421,9 @@ decl_headers = '''
#include <uchar.h>
#include <linux/ethtool.h>
#include <linux/fib_rules.h>
-#include <linux/stat.h>
#include <sys/stat.h>
'''
# FIXME: key_serial_t is only defined in keyutils.h, this is bound to fail
-# FIXME: these should use -D_GNU_SOURCE, since that is defined at build time
foreach decl : ['char16_t',
'char32_t',
@@ -436,13 +434,23 @@ foreach decl : ['char16_t',
]
# We get -1 if the size cannot be determined
- have = cc.sizeof(decl, prefix : decl_headers) > 0
+ have = cc.sizeof(decl, prefix : decl_headers, args : '-D_GNU_SOURCE') > 0
+
+ if decl == 'struct statx'
+ if have
+ want_linux_stat_h = false
+ else
+ have = cc.sizeof(decl,
+ prefix : decl_headers + '#include <linux/stat.h>',
+ args : '-D_GNU_SOURCE') > 0
+ want_linux_stat_h = have
+ endif
+ endif
+
conf.set10('HAVE_' + decl.underscorify().to_upper(), have)
endforeach
-conf.set10('HAVE_STRUCT_STATX_IN_SYS_STAT_H', cc.sizeof('struct statx', prefix : '''
-#include <sys/stat.h>
-''', args : '-D_GNU_SOURCE') > 0)
+conf.set10('WANT_LINUX_STAT_H', want_linux_stat_h)
foreach decl : [['IFLA_INET6_ADDR_GEN_MODE', 'linux/if_link.h'],
['IN6_ADDR_GEN_MODE_STABLE_PRIVACY', 'linux/if_link.h'],
diff --git a/src/basic/missing.h b/src/basic/missing.h
index 14ad3d491..9044683b1 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -24,7 +24,7 @@
#include <uchar.h>
#include <unistd.h>
-#if !HAVE_STRUCT_STATX_IN_SYS_STAT_H
+#if WANT_LINUX_STAT_H
#include <linux/stat.h>
#endif
--
2.14.4

34
buildroot/package/systemd/0005-basic-tmpfile-util.c-fix-build-without-O_TMPFILE.patch Normal file
View File

@@ -0,0 +1,34 @@
From b1ca50178b97b3b827b0420ec7bdf9cb1d6fec56 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 11 Jan 2019 16:36:06 +0100
Subject: [PATCH] basic/tmpfile-util.c: fix build without O_TMPFILE
systemd fails to build on kernel without O_TMPFILE (< 3.11) since
https://github.com/systemd/systemd/commit/dea72eda9cdbfeedd24cbe8c734ad0639bf96cde
To fix this error, include missing_fcntl.h
Fixes:
- http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/systemd/systemd/pull/11400]
---
src/basic/tmpfile-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/tmpfile-util.c b/src/basic/tmpfile-util.c
index 669eb2666..bc92d6a6d 100644
--- a/src/basic/tmpfile-util.c
+++ b/src/basic/tmpfile-util.c
@@ -8,6 +8,7 @@
#include "hexdecoct.h"
#include "macro.h"
#include "memfd-util.h"
+#include "missing_fcntl.h"
#include "missing_syscall.h"
#include "path-util.h"
#include "process-util.h"
--
2.14.1

30
buildroot/package/systemd/0005-dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-o.patch
View File

@@ -1,30 +0,0 @@
From 49653743f69658aeeebdb14faf1ab158f1f2cb20 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 19 Oct 2018 12:12:33 +0200
Subject: [PATCH] dhcp6: make sure we have enough space for the DHCP6 option
header
Fixes CVE-2018-15688:
https://security-tracker.debian.org/tracker/CVE-2018-15688
Patch downloaded from upstream commit:
https://github.com/systemd/systemd/commit/49653743f69658aeeebdb14faf1ab158f1f2cb20
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
src/libsystemd-network/dhcp6-option.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c
index cbd4bc7a2a3..2806415100c 100644
--- a/src/libsystemd-network/dhcp6-option.c
+++ b/src/libsystemd-network/dhcp6-option.c
@@ -106,7 +106,7 @@ int dhcp6_option_append_ia(uint8_t **buf, size_t *buflen, const DHCP6IA *ia) {
return -EINVAL;
}
- if (*buflen < len)
+ if (*buflen < offsetof(DHCP6Option, data) + len)
return -ENOBUFS;
ia_hdr = *buf;

34
buildroot/package/systemd/0006-meson.build-fix-detection-of-Werror-shadow.patch
View File

@@ -1,34 +0,0 @@
From 7bd6e6db3dbb980c099b444c61d9aff7fcc636cf Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Thu, 29 Nov 2018 13:22:08 +0100
Subject: [PATCH] meson.build: fix detection of -Werror=shadow
Pass -Werror=shadow in args of cc.compiles otherwise test will always
succeed
This fix a build failure with gcc 4.7.3
Fixes:
- http://autobuild.buildroot.org/results/ffd71c473d3b29618c18cd2e04705370266696f2
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/systemd/systemd/pull/10993]
---
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 37ae27b4a..980150ac8 100644
--- a/meson.build
+++ b/meson.build
@@ -396,7 +396,7 @@ if cc.compiles('''
struct timespec now;
return 0;
}
-''', name : '-Werror=shadow with local shadowing')
+''', args: '-Werror=shadow', name : '-Werror=shadow with local shadowing')
add_project_arguments('-Werror=shadow', language : 'c')
endif
--
2.14.1

49
buildroot/package/systemd/0006-missing_if_link.h-add-IFLA_BOND_MODE.patch Normal file
View File

@@ -0,0 +1,49 @@
From 9ab48a9b3bfadca4fbe055ddb4f6fc677ee4ae85 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 11 Jan 2019 17:08:48 +0100
Subject: [PATCH] missing_if_link.h: add IFLA_BOND_MODE
systemd fails to build on kernel without IFLA_BOND_MODE (< 3.13) since
https://github.com/systemd/systemd/commit/9714c020fc4cda1823c2a77e3fd08aefa7d78b25
So put back IFLA_BOND_MODE definition
Fixes:
- http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/systemd/systemd/pull/11400]
---
meson.build | 1 +
src/basic/missing_if_link.h | 3 +++
2 files changed, 4 insertions(+)
diff --git a/meson.build b/meson.build
index 623c1ad6b..011e44980 100644
--- a/meson.build
+++ b/meson.build
@@ -476,6 +476,7 @@ foreach decl : [['ETHTOOL_LINK_MODE_10baseT_Half_BIT', 'linux/ethtool.h'],
['IFLA_TARGET_NETNSID', 'linux/if_link.h'],
['IFLA_NEW_IFINDEX', 'linux/if_link.h'],
['IFLA_MAX_MTU', 'linux/if_link.h'],
+ ['IFLA_BOND_MODE', 'linux/if_link.h'],
['IFLA_BOND_ACTIVE_SLAVE', 'linux/if_link.h'],
['IFLA_BOND_AD_INFO', 'linux/if_link.h'],
['IFLA_BOND_AD_ACTOR_SYSTEM', 'linux/if_link.h'],
diff --git a/src/basic/missing_if_link.h b/src/basic/missing_if_link.h
index 07675426b..761797f56 100644
--- a/src/basic/missing_if_link.h
+++ b/src/basic/missing_if_link.h
@@ -110,6 +110,9 @@ enum ipvlan_mode {
#define IFLA_MAX 51
#endif
+#if !HAVE_IFLA_BOND_MODE /* linux@90af231106c0b8d223c27d35464af95cb3d9cacf (3.13) */
+#define IFLA_BOND_MODE 1
+#endif
#if !HAVE_IFLA_BOND_ACTIVE_SLAVE /* linux@ec76aa49855f6d6fea5e01de179fb57dd47c619d (3.13) */
#define IFLA_BOND_ACTIVE_SLAVE 2
#endif
--
2.14.1

28
buildroot/package/systemd/0007-missing_syscall.h-include-errno.h.patch Normal file
View File

@@ -0,0 +1,28 @@
From 985d15d636b4d2c7086dbd305369c02756cdbe19 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 11 Jan 2019 17:24:21 +0100
Subject: [PATCH] missing_syscall.h: include errno.h
This include is needed for errno and ENOSYS
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/systemd/systemd/pull/11400]
---
src/basic/missing_syscall.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
index d5d4b26ac..d1aa32218 100644
--- a/src/basic/missing_syscall.h
+++ b/src/basic/missing_syscall.h
@@ -3,6 +3,7 @@
/* Missing glibc definitions to access certain kernel APIs */
+#include <errno.h>
#include <fcntl.h>
#include <sys/syscall.h>
#include <sys/types.h>
--
2.14.1

34
buildroot/package/systemd/0008-lockfile-util.c-fix-build-without-F_OFD_SETLK.patch Normal file
View File

@@ -0,0 +1,34 @@
From badb5dafa9efc89384d9d2bea5648f7b017204d7 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Fri, 11 Jan 2019 17:30:32 +0100
Subject: [PATCH] lockfile-util.c: fix build without F_OFD_SETLK
systemd fails to build on kernel without F_OFD_SETLK since
https://github.com/systemd/systemd/commit/9714c020fc4cda1823c2a77e3fd08aefa7d78b25
So put include missing_fcntl.h
Fixes:
- http://autobuild.buildroot.org/results/699c078aa078240c6741da4dbd0871450ceeca92
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Upstream status: https://github.com/systemd/systemd/pull/11400]
---
src/shared/lockfile-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/shared/lockfile-util.c b/src/shared/lockfile-util.c
index 4bae23b24..260c2088d 100644
--- a/src/shared/lockfile-util.c
+++ b/src/shared/lockfile-util.c
@@ -12,6 +12,7 @@
#include "fs-util.h"
#include "lockfile-util.h"
#include "macro.h"
+#include "missing_fcntl.h"
#include "path-util.h"
int make_lock_file(const char *p, int operation, LockFile *ret) {
--
2.14.1

205
buildroot/package/systemd/0009-journald-do-not-store-the-iovec-entry-for-process-co.patch Normal file
View File

@@ -0,0 +1,205 @@
From 084eeb865ca63887098e0945fb4e93c852b91b0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 5 Dec 2018 18:38:39 +0100
Subject: [PATCH] journald: do not store the iovec entry for process
commandline on stack
This fixes a crash where we would read the commandline, whose length is under
control of the sending program, and then crash when trying to create a stack
allocation for it.
CVE-2018-16864
https://bugzilla.redhat.com/show_bug.cgi?id=1653855
The message actually doesn't get written to disk, because
journal_file_append_entry() returns -E2BIG.
[james.hilliard1@gmail.com: backport from upstream commit
084eeb865ca63887098e0945fb4e93c852b91b0f]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
src/basic/io-util.c | 10 ++++++++++
src/basic/io-util.h | 2 ++
src/coredump/coredump.c | 31 +++++++++++--------------------
src/journal/journald-server.c | 25 +++++++++++++++----------
4 files changed, 38 insertions(+), 30 deletions(-)
diff --git a/src/basic/io-util.c b/src/basic/io-util.c
index 1f64cc9..575398f 100644
--- a/src/basic/io-util.c
+++ b/src/basic/io-util.c
@@ -8,6 +8,7 @@
#include <unistd.h>
#include "io-util.h"
+#include "string-util.h"
#include "time-util.h"
int flush_fd(int fd) {
@@ -252,3 +253,12 @@ ssize_t sparse_write(int fd, const void *p, size_t sz, size_t run_length) {
return q - (const uint8_t*) p;
}
+
+char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
+ char *x;
+
+ x = strappend(field, value);
+ if (x)
+ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
+ return x;
+}
diff --git a/src/basic/io-util.h b/src/basic/io-util.h
index ed189b5..792a64a 100644
--- a/src/basic/io-util.h
+++ b/src/basic/io-util.h
@@ -71,3 +71,5 @@ static inline bool FILE_SIZE_VALID_OR_INFINITY(uint64_t l) {
#define IOVEC_MAKE(base, len) (struct iovec) IOVEC_INIT(base, len)
#define IOVEC_INIT_STRING(string) IOVEC_INIT((char*) string, strlen(string))
#define IOVEC_MAKE_STRING(string) (struct iovec) IOVEC_INIT_STRING(string)
+
+char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value);
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 20c1fb0..db2cf64 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -1063,19 +1063,10 @@ static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd)
return 0;
}
-static char* set_iovec_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
- char *x;
-
- x = strappend(field, value);
- if (x)
- iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
- return x;
-}
-
static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const char *field, char *value) {
char *x;
- x = set_iovec_field(iovec, n_iovec, field, value);
+ x = set_iovec_string_field(iovec, n_iovec, field, value);
free(value);
return x;
}
@@ -1125,36 +1116,36 @@ static int gather_pid_metadata(
disable_coredumps();
}
- set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
+ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
}
if (cg_pid_get_user_unit(pid, &t) >= 0)
set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t);
/* The next few are mandatory */
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
return log_oom();
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
return log_oom();
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
return log_oom();
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
return log_oom();
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
return log_oom();
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
return log_oom();
- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
+ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
return log_oom();
if (context[CONTEXT_EXE] &&
- !set_iovec_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
+ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
return log_oom();
if (sd_pid_get_session(pid, &t) >= 0)
@@ -1222,7 +1213,7 @@ static int gather_pid_metadata(
iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t);
if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo))
- set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
+ set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
return 0; /* we successfully acquired all metadata */
}
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index f096725..2a960eb 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -905,6 +905,7 @@ static void dispatch_message_real(
pid_t object_pid) {
char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
+ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
uid_t journal_uid;
ClientContext *o;
@@ -921,20 +922,23 @@ static void dispatch_message_real(
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
- IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM");
- IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE");
- IOVEC_ADD_STRING_FIELD(iovec, n, c->cmdline, "_CMDLINE");
- IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
- IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
+ if (c->cmdline)
+ /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
+ * Let's use a heap allocation for this one. */
+ cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
+ IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
- IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
- IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
@@ -955,13 +959,14 @@ static void dispatch_message_real(
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
+ /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
- IOVEC_ADD_STRING_FIELD(iovec, n, o->cmdline, "OBJECT_CMDLINE");
- IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
+ if (o->cmdline)
+ cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
+ IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
-
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
--
2.7.4

57
buildroot/package/systemd/0010-journald-set-a-limit-on-the-number-of-fields-1k.patch Normal file
View File

@@ -0,0 +1,57 @@
From 052c57f132f04a3cf4148f87561618da1a6908b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 5 Dec 2018 22:45:02 +0100
Subject: [PATCH] journald: set a limit on the number of fields (1k)
We allocate a iovec entry for each field, so with many short entries,
our memory usage and processing time can be large, even with a relatively
small message size. Let's refuse overly long entries.
CVE-2018-16865
https://bugzilla.redhat.com/show_bug.cgi?id=1653861
What from I can see, the problem is not from an alloca, despite what the CVE
description says, but from the attack multiplication that comes from creating
many very small iovecs: (void* + size_t) for each three bytes of input message.
[james.hilliard1@gmail.com: backport from upstream commit
052c57f132f04a3cf4148f87561618da1a6908b4]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
src/journal/journald-native.c | 5 +++++
src/shared/journal-importer.h | 3 +++
2 files changed, 8 insertions(+)
diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index e86178e..d0fee2a 100644
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -141,6 +141,11 @@ static int server_process_entry(
}
/* A property follows */
+ if (n > ENTRY_FIELD_COUNT_MAX) {
+ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
+ r = 1;
+ goto finish;
+ }
/* n existing properties, 1 new, +1 for _TRANSPORT */
if (!GREEDY_REALLOC(iovec, m,
diff --git a/src/shared/journal-importer.h b/src/shared/journal-importer.h
index 53354b7..7914c0c 100644
--- a/src/shared/journal-importer.h
+++ b/src/shared/journal-importer.h
@@ -21,6 +21,9 @@
#endif
#define LINE_CHUNK 8*1024u
+/* The maximum number of fields in an entry */
+#define ENTRY_FIELD_COUNT_MAX 1024
+
struct iovec_wrapper {
struct iovec *iovec;
size_t size_bytes;
--
2.7.4

112
buildroot/package/systemd/0011-journal-remote-verify-entry-length-from-header.patch Normal file
View File

@@ -0,0 +1,112 @@
From 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Dec 2018 12:47:14 +0100
Subject: [PATCH] journal-remote: verify entry length from header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Calling mhd_respond(), which ulimately calls MHD_queue_response() is
ineffective at point, becuase MHD_queue_response() immediately returns
MHD_NO signifying an error, because the connection is in state
MHD_CONNECTION_CONTINUE_SENT.
As Christian Grothoff kindly explained:
> You are likely calling MHD_queue_repsonse() too late: once you are
> receiving upload_data, HTTP forces you to process it all. At this time,
> MHD has already sent "100 continue" and cannot take it back (hence you
> get MHD_NO!).
>
> In your request handler, the first time when you are called for a
> connection (and when hence *upload_data_size == 0 and upload_data ==
> NULL) you must check the content-length header and react (with
> MHD_queue_response) based on this (to prevent MHD from automatically
> generating 100 continue).
If we ever encounter this kind of error, print a warning and immediately
abort the connection. (The alternative would be to keep reading the data,
but ignore it, and return an error after we get to the end of data.
That is possible, but of course puts additional load on both the
sender and reciever, and doesn't seem important enough just to return
a good error message.)
Note that sending of the error does not work (the connection is always aborted
when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case)
with libµhttpd 0.59, but works with 0.61:
https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1
[james.hilliard1@gmail.com: backport from upstream commit
7fdb237f5473cb8fc2129e57e8a0039526dcb4fd]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
src/journal-remote/journal-remote-main.c | 34 ++++++++++++++++++++++----------
1 file changed, 24 insertions(+), 10 deletions(-)
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index e1748cb..8543dba 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -221,16 +221,14 @@ static int process_http_upload(
journal_remote_server_global->seal);
if (r == -EAGAIN)
break;
- else if (r < 0) {
- log_warning("Failed to process data for connection %p", connection);
+ if (r < 0) {
if (r == -E2BIG)
- return mhd_respondf(connection,
- r, MHD_HTTP_PAYLOAD_TOO_LARGE,
- "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes.");
+ log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
+ DATA_SIZE_MAX, connection);
else
- return mhd_respondf(connection,
- r, MHD_HTTP_UNPROCESSABLE_ENTITY,
- "Processing failed: %m.");
+ log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
+ connection);
+ return MHD_NO;
}
}
@@ -264,6 +262,7 @@ static int request_handler(
const char *header;
int r, code, fd;
_cleanup_free_ char *hostname = NULL;
+ size_t len;
assert(connection);
assert(connection_cls);
@@ -283,12 +282,27 @@ static int request_handler(
if (!streq(url, "/upload"))
return mhd_respond(connection, MHD_HTTP_NOT_FOUND, "Not found.");
- header = MHD_lookup_connection_value(connection,
- MHD_HEADER_KIND, "Content-Type");
+ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Type");
if (!header || !streq(header, "application/vnd.fdo.journal"))
return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
"Content-Type: application/vnd.fdo.journal is required.");
+ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Length");
+ if (!header)
+ return mhd_respond(connection, MHD_HTTP_LENGTH_REQUIRED,
+ "Content-Length header is required.");
+ r = safe_atozu(header, &len);
+ if (r < 0)
+ return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED,
+ "Content-Length: %s cannot be parsed: %m", header);
+
+ if (len > ENTRY_SIZE_MAX)
+ /* When serialized, an entry of maximum size might be slightly larger,
+ * so this does not correspond exactly to the limit in journald. Oh well.
+ */
+ return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
+ "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
+
{
const union MHD_ConnectionInfo *ci;
--
2.7.4

81
buildroot/package/systemd/0012-journal-remote-set-a-limit-on-the-number-of-fields-i.patch Normal file
View File

@@ -0,0 +1,81 @@
From ef4d6abe7c7fab6cbff975b32e76b09feee56074 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Dec 2018 10:48:10 +0100
Subject: [PATCH] journal-remote: set a limit on the number of fields in a
message
Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
reused for the new error condition (too many fields).
This matches the change done for systemd-journald, hence forming the second
part of the fix for CVE-2018-16865
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
[james.hilliard1@gmail.com: backport from upstream commit
ef4d6abe7c7fab6cbff975b32e76b09feee56074]
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
---
src/journal-remote/journal-remote-main.c | 7 +++++--
src/journal-remote/journal-remote.c | 3 +++
src/shared/journal-importer.c | 5 ++++-
3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
index 8543dba..802c3ea 100644
--- a/src/journal-remote/journal-remote-main.c
+++ b/src/journal-remote/journal-remote-main.c
@@ -222,9 +222,12 @@ static int process_http_upload(
if (r == -EAGAIN)
break;
if (r < 0) {
- if (r == -E2BIG)
- log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
+ if (r == -ENOBUFS)
+ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
DATA_SIZE_MAX, connection);
+ else if (r == -E2BIG)
+ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
+ ENTRY_FIELD_COUNT_MAX, connection);
else
log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
connection);
diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
index 3c0916c..1da32c5 100644
--- a/src/journal-remote/journal-remote.c
+++ b/src/journal-remote/journal-remote.c
@@ -407,6 +407,9 @@ int journal_remote_handle_raw_source(
log_debug("%zu active sources remaining", s->active);
return 0;
} else if (r == -E2BIG) {
+ log_notice("Entry with too many fields, skipped");
+ return 1;
+ } else if (r == -ENOBUFS) {
log_notice("Entry too big, skipped");
return 1;
} else if (r == -EAGAIN) {
diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
index b0e6192..8638cd3 100644
--- a/src/shared/journal-importer.c
+++ b/src/shared/journal-importer.c
@@ -23,6 +23,9 @@ enum {
};
static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
+ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
+ return -E2BIG;
+
if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
return log_oom();
@@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
imp->scanned = imp->filled;
if (imp->scanned >= DATA_SIZE_MAX)
- return log_error_errno(SYNTHETIC_ERRNO(E2BIG),
+ return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS),
"Entry is bigger than %u bytes.",
DATA_SIZE_MAX);
--
2.7.4

116
buildroot/package/systemd/0013-Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch Normal file
View File

@@ -0,0 +1,116 @@
From f5855697aa19fb92637e72ab02e4623abe77f288 Mon Sep 17 00:00:00 2001
From: YunQiang Su <syq@debian.org>
Date: Tue, 25 Dec 2018 19:01:17 +0800
Subject: [PATCH] Pass separate dev_t var to device_path_parse_major_minor
MIPS/O32's st_rdev member of struct stat is unsigned long, which
is 32bit, while dev_t is defined as 64bit, which make some problems
in device_path_parse_major_minor.
Don't pass st.st_rdev, st_mode to device_path_parse_major_minor,
while pass 2 seperate variables. The result of stat is alos copied
out into these 2 variables. Fixes: #11247
[Retrieved from:
https://github.com/systemd/systemd/commit/f5855697aa19fb92637e72ab02e4623abe77f288]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/core/cgroup.c | 35 ++++++++++++++++++++++-------------
1 file changed, 22 insertions(+), 13 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 7b817dc225e..ed2f331b33e 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -396,26 +396,31 @@ static void cgroup_xattr_apply(Unit *u) {
}
static int lookup_block_device(const char *p, dev_t *ret) {
- struct stat st = {};
+ dev_t rdev, dev = 0;
+ mode_t mode;
int r;
assert(p);
assert(ret);
- r = device_path_parse_major_minor(p, &st.st_mode, &st.st_rdev);
+ r = device_path_parse_major_minor(p, &mode, &rdev);
if (r == -ENODEV) { /* not a parsable device node, need to go to disk */
+ struct stat st;
if (stat(p, &st) < 0)
return log_warning_errno(errno, "Couldn't stat device '%s': %m", p);
+ rdev = (dev_t)st.st_rdev;
+ dev = (dev_t)st.st_dev;
+ mode = st.st_mode;
} else if (r < 0)
return log_warning_errno(r, "Failed to parse major/minor from path '%s': %m", p);
- if (S_ISCHR(st.st_mode)) {
+ if (S_ISCHR(mode)) {
log_warning("Device node '%s' is a character device, but block device needed.", p);
return -ENOTBLK;
- } else if (S_ISBLK(st.st_mode))
- *ret = st.st_rdev;
- else if (major(st.st_dev) != 0)
- *ret = st.st_dev; /* If this is not a device node then use the block device this file is stored on */
+ } else if (S_ISBLK(mode))
+ *ret = rdev;
+ else if (major(dev) != 0)
+ *ret = dev; /* If this is not a device node then use the block device this file is stored on */
else {
/* If this is btrfs, getting the backing block device is a bit harder */
r = btrfs_get_block_device(p, ret);
@@ -436,7 +441,8 @@ static int lookup_block_device(const char *p, dev_t *ret) {
}
static int whitelist_device(BPFProgram *prog, const char *path, const char *node, const char *acc) {
- struct stat st = {};
+ dev_t rdev;
+ mode_t mode;
int r;
assert(path);
@@ -445,11 +451,12 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
/* Some special handling for /dev/block/%u:%u, /dev/char/%u:%u, /run/systemd/inaccessible/chr and
* /run/systemd/inaccessible/blk paths. Instead of stat()ing these we parse out the major/minor directly. This
* means clients can use these path without the device node actually around */
- r = device_path_parse_major_minor(node, &st.st_mode, &st.st_rdev);
+ r = device_path_parse_major_minor(node, &mode, &rdev);
if (r < 0) {
if (r != -ENODEV)
return log_warning_errno(r, "Couldn't parse major/minor from device path '%s': %m", node);
+ struct stat st;
if (stat(node, &st) < 0)
return log_warning_errno(errno, "Couldn't stat device %s: %m", node);
@@ -457,22 +464,24 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
log_warning("%s is not a device.", node);
return -ENODEV;
}
+ rdev = (dev_t) st.st_rdev;
+ mode = st.st_mode;
}
if (cg_all_unified() > 0) {
if (!prog)
return 0;
- return cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
- major(st.st_rdev), minor(st.st_rdev), acc);
+ return cgroup_bpf_whitelist_device(prog, S_ISCHR(mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
+ major(rdev), minor(rdev), acc);
} else {
char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];
sprintf(buf,
"%c %u:%u %s",
- S_ISCHR(st.st_mode) ? 'c' : 'b',
- major(st.st_rdev), minor(st.st_rdev),
+ S_ISCHR(mode) ? 'c' : 'b',
+ major(rdev), minor(rdev),
acc);
/* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore EINVAL here. */

34
buildroot/package/systemd/0014-networkd-brvlan.c-fix-build-without-BRIDGE_VLAN_INFO.patch Normal file
View File

@@ -0,0 +1,34 @@
From 7bd188b1e628d11011cc6c98456e2e4ed72c645b Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 3 Feb 2019 17:32:46 +0100
Subject: [PATCH] networkd-brvlan.c: fix build without
BRIDGE_VLAN_INFO_RANGE_END
systemd fails to build on kernel without BRIDGE_VLAN_INFO_RANGE_END
since 9714c02
So put include missing_if_bridge.h
Fixes:
- http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/network/networkd-brvlan.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-brvlan.c b/src/network/networkd-brvlan.c
index 8f9103f14..8377623da 100644
--- a/src/network/networkd-brvlan.c
+++ b/src/network/networkd-brvlan.c
@@ -9,6 +9,7 @@
#include "alloc-util.h"
#include "conf-parser.h"
+#include "missing_if_bridge.h"
#include "netlink-util.h"
#include "networkd-brvlan.h"
#include "networkd-link.h"
--
2.14.1

33
buildroot/package/systemd/0015-networkd-ndisc.c-fix-build-without-IFA_F_NOPREFIXROU.patch Normal file
View File

@@ -0,0 +1,33 @@
From d909e4af6ac61f6777d429a0c84ab5b3d1907c6d Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 3 Feb 2019 18:28:16 +0100
Subject: [PATCH] networkd-ndisc.c: fix build without IFA_F_NOPREFIXROUTE
systemd fails to build on kernel without IFA_F_NOPREFIXROUTE
since 9714c02
So put include missing_network.h
Fixes:
- http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/network/networkd-ndisc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c
index 80bfd2cba..e5b8d1155 100644
--- a/src/network/networkd-ndisc.c
+++ b/src/network/networkd-ndisc.c
@@ -8,6 +8,7 @@
#include "sd-ndisc.h"
+#include "missing_network.h"
#include "networkd-ndisc.h"
#include "networkd-route.h"
#include "strv.h"
--
2.14.1

33
buildroot/package/systemd/0016-networkd-address.c-fix-build-without-IFA_F_NOPREFIXR.patch Normal file
View File

@@ -0,0 +1,33 @@
From 081aea25022a987d349394ada2d6a959bf3ce4cd Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 3 Feb 2019 18:33:39 +0100
Subject: [PATCH] networkd-address.c: fix build without IFA_F_NOPREFIXROUTE
systemd fails to build on kernel without IFA_F_NOPREFIXROUTE
since 9714c02
So put include missing_network.h
Fixes:
- http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/network/networkd-address.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index fa7f9b8d7..3cdbd9e37 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -5,6 +5,7 @@
#include "alloc-util.h"
#include "conf-parser.h"
#include "firewall-util.h"
+#include "missing_network.h"
#include "netlink-util.h"
#include "networkd-address.h"
#include "networkd-manager.h"
--
2.14.1

33
buildroot/package/systemd/0017-networkd-dhcp6.c-fix-build-without-IFA_F_NOPREFIXROU.patch Normal file
View File

@@ -0,0 +1,33 @@
From aeed8332afa88728ed914b2917ce758d9c2218a4 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 3 Feb 2019 18:38:10 +0100
Subject: [PATCH] networkd-dhcp6.c: fix build without IFA_F_NOPREFIXROUTE
systemd fails to build on kernel without IFA_F_NOPREFIXROUTE
since 9714c02
So put include missing_network.h
Fixes:
- http://autobuild.buildroot.org/results/970b09e1d49b53dff12a07ca4ad424ef9dd29a69
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
src/network/networkd-dhcp6.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/network/networkd-dhcp6.c b/src/network/networkd-dhcp6.c
index f9df26d75..c1fba03f9 100644
--- a/src/network/networkd-dhcp6.c
+++ b/src/network/networkd-dhcp6.c
@@ -11,6 +11,7 @@
#include "hashmap.h"
#include "hostname-util.h"
+#include "missing_network.h"
#include "network-internal.h"
#include "networkd-link.h"
#include "networkd-manager.h"
--
2.14.1

53
buildroot/package/systemd/0018-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch Normal file
View File

@@ -0,0 +1,53 @@
From febef5e18558c114f4fb7c94f6c8ed3520c50cdf Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <rschiron@redhat.com>
Date: Mon, 4 Feb 2019 14:29:09 +0100
Subject: [PATCH] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX
limit.
Even though the dbus specification does not enforce any length limit on the
path of a dbus message, having to analyze too long strings in PID1 may be
time-consuming and it may have security impacts.
In any case, the limit is set so high that real-life applications should not
have a problem with it.
(cherry picked from commit 61397a60d98e368a5720b37e83f3169e3eb511c4)
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 61397a60d98
src/libsystemd/sd-bus/bus-internal.c | 2 +-
src/libsystemd/sd-bus/bus-internal.h | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c
index 40acae213381..598b7f110c73 100644
--- a/src/libsystemd/sd-bus/bus-internal.c
+++ b/src/libsystemd/sd-bus/bus-internal.c
@@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) {
if (slash)
return false;
- return true;
+ return (q - p) <= BUS_PATH_SIZE_MAX;
}
char* object_path_startswith(const char *a, const char *b) {
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
index f208b294d8f1..a8d61bf72a4e 100644
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@@ -332,6 +332,10 @@ struct sd_bus {
#define BUS_MESSAGE_SIZE_MAX (128*1024*1024)
#define BUS_AUTH_SIZE_MAX (64*1024)
+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one
+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however,
+ * to not clash unnecessarily with real-life applications. */
+#define BUS_PATH_SIZE_MAX (64*1024)
#define BUS_CONTAINER_DEPTH 128
--
2.20.1

194
buildroot/package/systemd/0019-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch Normal file
View File

@@ -0,0 +1,194 @@
From 9e3f5a77226d5320270c92df001f6c79be735af3 Mon Sep 17 00:00:00 2001
From: Riccardo Schirone <rschiron@redhat.com>
Date: Mon, 4 Feb 2019 14:29:28 +0100
Subject: [PATCH] Allocate temporary strings to hold dbus paths on the heap
Paths are limited to BUS_PATH_SIZE_MAX but the maximum size is anyway too big
to be allocated on the stack, so let's switch to the heap where there is a
clear way to understand if the allocation fails.
(cherry picked from commit f519a19bcd5afe674a9b8fc462cd77d8bad403c1)
[baruch: backport to v240]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit f519a19bcd5
src/libsystemd/sd-bus/bus-objects.c | 68 +++++++++++++++++++++++------
1 file changed, 54 insertions(+), 14 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c
index d0538104ae25..54b977418e03 100644
--- a/src/libsystemd/sd-bus/bus-objects.c
+++ b/src/libsystemd/sd-bus/bus-objects.c
@@ -1133,7 +1133,8 @@ static int object_manager_serialize_path_and_fallbacks(
const char *path,
sd_bus_error *error) {
- char *prefix;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
int r;
assert(bus);
@@ -1149,7 +1150,12 @@ static int object_manager_serialize_path_and_fallbacks(
return 0;
/* Second, add fallback vtables registered for any of the prefixes */
- prefix = alloca(strlen(path) + 1);
+ pl = strlen(path);
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
+
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
if (r < 0)
@@ -1345,6 +1351,7 @@ static int object_find_and_run(
}
int bus_process_object(sd_bus *bus, sd_bus_message *m) {
+ _cleanup_free_ char *prefix = NULL;
int r;
size_t pl;
bool found_object = false;
@@ -1369,9 +1376,12 @@ int bus_process_object(sd_bus *bus, sd_bus_message *m) {
assert(m->member);
pl = strlen(m->path);
- do {
- char prefix[pl+1];
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
+ do {
bus->nodes_modified = false;
r = object_find_and_run(bus, m, m->path, false, &found_object);
@@ -1498,9 +1508,15 @@ static int bus_find_parent_object_manager(sd_bus *bus, struct node **out, const
n = hashmap_get(bus->nodes, path);
if (!n) {
- char *prefix;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
+
+ pl = strlen(path);
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
- prefix = alloca(strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
n = hashmap_get(bus->nodes, prefix);
if (n)
@@ -2083,8 +2099,9 @@ _public_ int sd_bus_emit_properties_changed_strv(
const char *interface,
char **names) {
+ _cleanup_free_ char *prefix = NULL;
bool found_interface = false;
- char *prefix;
+ size_t pl;
int r;
assert_return(bus, -EINVAL);
@@ -2105,6 +2122,12 @@ _public_ int sd_bus_emit_properties_changed_strv(
BUS_DONT_DESTROY(bus);
+ pl = strlen(path);
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
+
do {
bus->nodes_modified = false;
@@ -2114,7 +2137,6 @@ _public_ int sd_bus_emit_properties_changed_strv(
if (bus->nodes_modified)
continue;
- prefix = alloca(strlen(path) + 1);
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names);
if (r != 0)
@@ -2246,7 +2268,8 @@ static int object_added_append_all_prefix(
static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
_cleanup_set_free_ Set *s = NULL;
- char *prefix;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
int r;
assert(bus);
@@ -2291,7 +2314,12 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p
if (bus->nodes_modified)
return 0;
- prefix = alloca(strlen(path) + 1);
+ pl = strlen(path);
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
+
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = object_added_append_all_prefix(bus, m, s, prefix, path, true);
if (r < 0)
@@ -2430,7 +2458,8 @@ static int object_removed_append_all_prefix(
static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) {
_cleanup_set_free_ Set *s = NULL;
- char *prefix;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
int r;
assert(bus);
@@ -2462,7 +2491,12 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char
if (bus->nodes_modified)
return 0;
- prefix = alloca(strlen(path) + 1);
+ pl = strlen(path);
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
+
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = object_removed_append_all_prefix(bus, m, s, prefix, path, true);
if (r < 0)
@@ -2612,7 +2646,8 @@ static int interfaces_added_append_one(
const char *path,
const char *interface) {
- char *prefix;
+ _cleanup_free_ char *prefix = NULL;
+ size_t pl;
int r;
assert(bus);
@@ -2626,7 +2661,12 @@ static int interfaces_added_append_one(
if (bus->nodes_modified)
return 0;
- prefix = alloca(strlen(path) + 1);
+ pl = strlen(path);
+ assert(pl <= BUS_PATH_SIZE_MAX);
+ prefix = new(char, pl + 1);
+ if (!prefix)
+ return -ENOMEM;
+
OBJECT_PATH_FOREACH_PREFIX(prefix, path) {
r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true);
if (r != 0)
--
2.20.1

160
buildroot/package/systemd/0020-basic-process-util-limit-command-line-lengths-to-_SC.patch Normal file
View File

@@ -0,0 +1,160 @@
From 2d5d2e0cc5171c6795d2a485841474345d9e30ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 5 Dec 2018 18:48:23 +0100
Subject: [PATCH] basic/process-util: limit command line lengths to _SC_ARG_MAX
This affects systemd-journald and systemd-coredump.
Example entry:
$ journalctl -o export -n1 'MESSAGE=Something logged'
__CURSOR=s=976542d120c649f494471be317829ef9;i=34e;b=4871e4c474574ce4a462dfe3f1c37f06;m=c7d0c37dd2;t=57c4ac58f3b98;x=67598e942bd23dc0
__REALTIME_TIMESTAMP=1544035467475864
__MONOTONIC_TIMESTAMP=858200964562
_BOOT_ID=4871e4c474574ce4a462dfe3f1c37f06
PRIORITY=6
_UID=1000
_GID=1000
_CAP_EFFECTIVE=0
_SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
_AUDIT_SESSION=1
_AUDIT_LOGINUID=1000
_SYSTEMD_OWNER_UID=1000
_SYSTEMD_UNIT=user@1000.service
_SYSTEMD_SLICE=user-1000.slice
_SYSTEMD_USER_SLICE=-.slice
_SYSTEMD_INVOCATION_ID=1c4a469986d448719cb0f9141a10810e
_MACHINE_ID=08a5690a2eed47cf92ac0a5d2e3cf6b0
_HOSTNAME=krowka
_TRANSPORT=syslog
SYSLOG_FACILITY=17
SYSLOG_IDENTIFIER=syslog-caller
MESSAGE=Something logged
_COMM=poc
_EXE=/home/zbyszek/src/systemd-work3/poc
_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
_SYSTEMD_USER_UNIT=gnome-terminal-server.service
SYSLOG_PID=4108
SYSLOG_TIMESTAMP=Dec 5 19:44:27
_PID=4108
_CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
_SOURCE_REALTIME_TIMESTAMP=1544035467475848
$ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc
6 2053 2097410
2MB might be hard for some clients to use meaningfully, but OTOH, it is
important to log the full commandline sometimes. For example, when the program
is crashing, the exact argument list is useful.
Signed-off-by: Jonah Petri <jonah@petri.us>
---
src/basic/process-util.c | 73 +++++++++++++++++-------------------------------
1 file changed, 25 insertions(+), 48 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 448503409b..31fdbd9346 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -129,6 +129,13 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
+ if (max_length == 0) {
+ /* This is supposed to be a safety guard against runaway command lines. */
+ long l = sysconf(_SC_ARG_MAX);
+ assert(l > 0);
+ max_length = l;
+ }
+
if (max_length == 1) {
/* If there's only room for one byte, return the empty string */
@@ -139,32 +146,6 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
*line = ans;
return 0;
- } else if (max_length == 0) {
- size_t len = 0, allocated = 0;
-
- while ((c = getc(f)) != EOF) {
-
- if (!GREEDY_REALLOC(ans, allocated, len+3)) {
- free(ans);
- return -ENOMEM;
- }
-
- if (isprint(c)) {
- if (space) {
- ans[len++] = ' ';
- space = false;
- }
-
- ans[len++] = c;
- } else if (len > 0)
- space = true;
- }
-
- if (len > 0)
- ans[len] = '\0';
- else
- ans = mfree(ans);
-
} else {
bool dotdotdot = false;
size_t left;
@@ -236,34 +217,30 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
if (h < 0)
return h;
- if (max_length == 0)
- ans = strjoin("[", t, "]");
- else {
- size_t l;
+ size_t l = strlen(t);
- l = strlen(t);
-
- if (l + 3 <= max_length)
- ans = strjoin("[", t, "]");
- else if (max_length <= 6) {
+ if (l + 3 <= max_length) {
+ ans = strjoin("[", t, "]");
+ if (!ans)
+ return -ENOMEM;
- ans = new(char, max_length);
- if (!ans)
- return -ENOMEM;
+ } else if (max_length <= 6) {
+ ans = new(char, max_length);
+ if (!ans)
+ return -ENOMEM;
- memcpy(ans, "[...]", max_length-1);
- ans[max_length-1] = 0;
- } else {
- t[max_length - 6] = 0;
+ memcpy(ans, "[...]", max_length-1);
+ ans[max_length-1] = 0;
+ } else {
+ t[max_length - 6] = 0;
- /* Chop off final spaces */
- delete_trailing_chars(t, WHITESPACE);
+ /* Chop off final spaces */
+ delete_trailing_chars(t, WHITESPACE);
- ans = strjoin("[", t, "...]");
- }
+ ans = strjoin("[", t, "...]");
+ if (!ans)
+ return -ENOMEM;
}
- if (!ans)
- return -ENOMEM;
}
*line = ans;
--
2.14.3

71
buildroot/package/systemd/0021-process-util-don-t-use-overly-large-buffer-to-store-.patch Normal file
View File

@@ -0,0 +1,71 @@
From eb1ec489eef8a32918bbfc56a268c9d10464584d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Tue, 22 Jan 2019 14:29:50 +0100
Subject: [PATCH] process-util: don't use overly large buffer to store process command line
Allocate new string as a return value and free our "scratch pad"
buffer that is potentially much larger than needed (up to
_SC_ARG_MAX).
Fixes #11502
Signed-off-by: Jonah Petri <jonah@petri.us>
---
src/basic/process-util.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 31fdbd9346..78ce43b944 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -102,7 +102,8 @@ int get_process_comm(pid_t pid, char **ret) {
int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
_cleanup_fclose_ FILE *f = NULL;
bool space = false;
- char *k, *ans = NULL;
+ char *k;
+ _cleanup_free_ char *ans = NULL;
const char *p;
int c;
@@ -143,7 +144,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
if (!ans)
return -ENOMEM;
- *line = ans;
+ *line = TAKE_PTR(ans);
return 0;
} else {
@@ -208,7 +209,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
_cleanup_free_ char *t = NULL;
int h;
- free(ans);
+ ans = mfree(ans);
if (!comm_fallback)
return -ENOENT;
@@ -241,9 +242,18 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
if (!ans)
return -ENOMEM;
}
+
+ *line = TAKE_PTR(ans);
+ return 0;
}
- *line = ans;
+ k = realloc(ans, strlen(ans) + 1);
+ if (!k)
+ return -ENOMEM;
+
+ ans = NULL;
+ *line = k;
+
return 0;
}
--
2.14.3

1
buildroot/package/systemd/Config.in
View File

@@ -325,6 +325,7 @@ config BR2_PACKAGE_SYSTEMD_TMPFILES
config BR2_PACKAGE_SYSTEMD_VCONSOLE
bool "enable vconsole tool"
default y
help
systemd-vconsole-setup is an early boot service that
configures the virtual console font and console keymap.

4
buildroot/package/systemd/systemd.hash
View File

@@ -1,5 +1,5 @@
# sha256 locally computed
sha256 8a11b1b07d620f4c06a16e95bba4dd2a97e90efdf2a5ba47ed0a935085787a14 systemd-239.tar.gz
sha256 8f15aec1ac926e13a21a04d0ca3fe371f7004951448142a6f8952075c5b5f0b5 systemd-240.tar.gz
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 LICENSE.GPL2
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 LICENSE.LGPL2.1
sha256 37ab495827a3cdbbc35ceaba3066764d69b6490e514e0c8a1acdb3c2fdb9e921 README
sha256 a693f8f654fdf016e2aefe6b30aa6e1211728b8269ab325408a152c6c9b6ebe8 README

49
buildroot/package/systemd/systemd.mk
View File

@@ -4,12 +4,13 @@
#
################################################################################
SYSTEMD_VERSION = 239
SYSTEMD_VERSION = 240
SYSTEMD_SITE = $(call github,systemd,systemd,v$(SYSTEMD_VERSION))
SYSTEMD_LICENSE = LGPL-2.1+, GPL-2.0+ (udev), Public Domain (few source files, see README)
SYSTEMD_LICENSE_FILES = LICENSE.GPL2 LICENSE.LGPL2.1 README
SYSTEMD_INSTALL_STAGING = YES
SYSTEMD_DEPENDENCIES = \
$(if $(BR2_PACKAGE_BASH_COMPLETION),bash-completion) \
host-gperf \
host-intltool \
kmod \
@@ -23,7 +24,6 @@ SYSTEMD_CONF_OPTS += \
-Dblkid=true \
-Dman=false \
-Dima=false \
-Dlibcryptsetup=false \
-Defi=false \
-Dgnu-efi=false \
-Dldconfig=false \
@@ -34,7 +34,6 @@ SYSTEMD_CONF_OPTS += \
-Dsystem-uid-max=999 \
-Dsystem-gid-max=999 \
-Dtelinit-path=$(TARGET_DIR)/sbin/telinit \
-Dkill-path=/usr/bin/kill \
-Dkmod-path=/usr/bin/kmod \
-Dkexec-path=/usr/sbin/kexec \
-Dsulogin-path=/usr/sbin/sulogin \
@@ -58,6 +57,13 @@ else
SYSTEMD_CONF_OPTS += -Daudit=false
endif
ifeq ($(BR2_PACKAGE_CRYPTSETUP),y)
SYSTEMD_DEPENDENCIES += cryptsetup
SYSTEMD_CONF_OPTS += -Dlibcryptsetup=true
else
SYSTEMD_CONF_OPTS += -Dlibcryptsetup=false
endif
ifeq ($(BR2_PACKAGE_ELFUTILS),y)
SYSTEMD_DEPENDENCIES += elfutils
SYSTEMD_CONF_OPTS += -Delfutils=true
@@ -65,6 +71,13 @@ else
SYSTEMD_CONF_OPTS += -Delfutils=false
endif
ifeq ($(BR2_PACKAGE_IPTABLES),y)
SYSTEMD_DEPENDENCIES += iptables
SYSTEMD_CONF_OPTS += -Dlibiptc=true
else
SYSTEMD_CONF_OPTS += -Dlibiptc=false
endif
# Both options can't be selected at the same time so prefer libidn2
ifeq ($(BR2_PACKAGE_LIBIDN2),y)
SYSTEMD_DEPENDENCIES += libidn2
@@ -111,6 +124,13 @@ else
SYSTEMD_CONF_OPTS += -Dpam=false
endif
ifeq ($(BR2_PACKAGE_VALGRIND),y)
SYSTEMD_DEPENDENCIES += valgrind
SYSTEMD_CONF_OPTS += -Dvalgrind=true
else
SYSTEMD_CONF_OPTS += -Dvalgrind=false
endif
ifeq ($(BR2_PACKAGE_XZ),y)
SYSTEMD_DEPENDENCIES += xz
SYSTEMD_CONF_OPTS += -Dxz=true
@@ -251,9 +271,9 @@ SYSTEMD_CONF_OPTS += -Dhostnamed=false
endif
ifeq ($(BR2_PACKAGE_SYSTEMD_MYHOSTNAME),y)
SYSTEMD_CONF_OPTS += -Dmyhostname=true
SYSTEMD_CONF_OPTS += -Dnss-myhostname=true
else
SYSTEMD_CONF_OPTS += -Dmyhostname=false
SYSTEMD_CONF_OPTS += -Dnss-myhostname=false
endif
ifeq ($(BR2_PACKAGE_SYSTEMD_TIMEDATED),y)
@@ -377,19 +397,26 @@ endef
ifneq ($(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)),)
# systemd needs getty.service for VTs and serial-getty.service for serial ttys
# note that console-getty.service should be used on /dev/console as it should not have dependencies
# also patch the file to use the correct baud-rate, the default baudrate is 115200 so look for that
define SYSTEMD_INSTALL_SERVICE_TTY
if echo $(BR2_TARGET_GENERIC_GETTY_PORT) | egrep -q 'tty[0-9]*$$'; \
if [ $(BR2_TARGET_GENERIC_GETTY_PORT) = "console" ]; \
then \
SERVICE="getty"; \
TARGET="console-getty.service"; \
LINK_NAME="console-getty.service"; \
elif echo $(BR2_TARGET_GENERIC_GETTY_PORT) | egrep -q 'tty[0-9]*$$'; \
then \
TARGET="getty@.service"; \
LINK_NAME="getty@$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)).service"; \
else \
SERVICE="serial-getty"; \
TARGET="serial-getty@.service"; \
LINK_NAME="serial-getty@$(call qstrip,$(BR2_TARGET_GENERIC_GETTY_PORT)).service"; \
fi; \
ln -fs ../../../../lib/systemd/system/$${SERVICE}@.service \
$(TARGET_DIR)/etc/systemd/system/getty.target.wants/$${SERVICE}@$(BR2_TARGET_GENERIC_GETTY_PORT).service; \
ln -fs ../../../../lib/systemd/system/$${TARGET} \
$(TARGET_DIR)/etc/systemd/system/getty.target.wants/$${LINK_NAME}; \
if [ $(call qstrip,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE)) -gt 0 ] ; \
then \
$(SED) 's,115200,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE),' $(TARGET_DIR)/lib/systemd/system/$${SERVICE}@.service; \
$(SED) 's,115200,$(BR2_TARGET_GENERIC_GETTY_BAUDRATE),' $(TARGET_DIR)/lib/systemd/system/$${TARGET}; \
fi
endef
endif