Backport fixes
Resolves: #1283971 Resolves: #1279156 Resolves: #1278475 Resolves: #1266776 Resolves: #1266775 Resolves: #1255619 Resolves: #1238285 Resolves: #1182661 Resolves: #1287592
This commit is contained in:
parent
c9f6df1cdc
commit
60ed166b54
@ -0,0 +1,56 @@
|
|||||||
|
From fa5147fc7c5fcc26d742f87f63a6216bd88ea091 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Fri, 4 Dec 2015 21:33:42 +0100
|
||||||
|
Subject: [PATCH 01/12] user-sessions: make sure /run/nologin has correct
|
||||||
|
SELinux label
|
||||||
|
|
||||||
|
(cherry picked from commit ea4e6292af593b3b631560ac5139ad1f7442d881)
|
||||||
|
|
||||||
|
Resolves: #1287592
|
||||||
|
---
|
||||||
|
src/user-sessions/user-sessions.c | 8 +++++++-
|
||||||
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c
|
||||||
|
index 1c31769..dc27723 100644
|
||||||
|
--- a/src/user-sessions/user-sessions.c
|
||||||
|
+++ b/src/user-sessions/user-sessions.c
|
||||||
|
@@ -22,7 +22,9 @@
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <errno.h>
|
||||||
|
|
||||||
|
+#include "fileio-label.h"
|
||||||
|
#include "log.h"
|
||||||
|
+#include "selinux-util.h"
|
||||||
|
#include "util.h"
|
||||||
|
#include "fileio.h"
|
||||||
|
|
||||||
|
@@ -39,6 +41,8 @@ int main(int argc, char*argv[]) {
|
||||||
|
|
||||||
|
umask(0022);
|
||||||
|
|
||||||
|
+ mac_selinux_init(NULL);
|
||||||
|
+
|
||||||
|
if (streq(argv[1], "start")) {
|
||||||
|
int r = 0;
|
||||||
|
|
||||||
|
@@ -65,7 +69,7 @@ int main(int argc, char*argv[]) {
|
||||||
|
} else if (streq(argv[1], "stop")) {
|
||||||
|
int r;
|
||||||
|
|
||||||
|
- r = write_string_file_atomic("/run/nologin", "System is going down.");
|
||||||
|
+ r = write_string_file_atomic_label("/run/nologin", "System is going down.");
|
||||||
|
if (r < 0) {
|
||||||
|
log_error_errno(r, "Failed to create /run/nologin: %m");
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
@@ -76,5 +80,7 @@ int main(int argc, char*argv[]) {
|
||||||
|
return EXIT_FAILURE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ mac_selinux_finish();
|
||||||
|
+
|
||||||
|
return EXIT_SUCCESS;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
@ -0,0 +1,28 @@
|
|||||||
|
From f8e8050017326f83fc2be3a8e7a344e795b1430d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Fri, 4 Dec 2015 22:29:38 +0100
|
||||||
|
Subject: [PATCH 02/12] login: make sure /run/nologin has correct SELinux label
|
||||||
|
|
||||||
|
(cherry picked from commit 716cff4b459017028ddb4460cdfdcd09acb36dff)
|
||||||
|
|
||||||
|
Resolves: #1287592
|
||||||
|
---
|
||||||
|
src/login/logind-dbus.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
|
||||||
|
index 291f307..1c1011c 100644
|
||||||
|
--- a/src/login/logind-dbus.c
|
||||||
|
+++ b/src/login/logind-dbus.c
|
||||||
|
@@ -1774,7 +1774,7 @@ static int nologin_timeout_handler(
|
||||||
|
|
||||||
|
log_info("Creating /run/nologin, blocking further logins...");
|
||||||
|
|
||||||
|
- r = write_string_file_atomic("/run/nologin", "System is going down.");
|
||||||
|
+ r = write_string_file_atomic_label("/run/nologin", "System is going down.");
|
||||||
|
if (r < 0)
|
||||||
|
log_error_errno(r, "Failed to create /run/nologin: %m");
|
||||||
|
else
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
@ -0,0 +1,44 @@
|
|||||||
|
From 87c3c33f022344d007d181e62267671a09605f84 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Synacek <jsynacek@redhat.com>
|
||||||
|
Date: Tue, 10 Nov 2015 13:05:48 +0100
|
||||||
|
Subject: [PATCH 03/12] man/journalctl: mention systemd.time(7) where
|
||||||
|
appropriate
|
||||||
|
|
||||||
|
Original bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1182661
|
||||||
|
|
||||||
|
(cherry picked from commit 20b2aec031f79018d290b8f42ab6c3e1116f2d89)
|
||||||
|
|
||||||
|
Resolves: #1182661
|
||||||
|
---
|
||||||
|
man/journalctl.xml | 8 ++++++--
|
||||||
|
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/journalctl.xml b/man/journalctl.xml
|
||||||
|
index ca93364..a49c87d 100644
|
||||||
|
--- a/man/journalctl.xml
|
||||||
|
+++ b/man/journalctl.xml
|
||||||
|
@@ -554,7 +554,10 @@
|
||||||
|
respectively. <literal>now</literal> refers to the current
|
||||||
|
time. Finally, relative times may be specified, prefixed with
|
||||||
|
<literal>-</literal> or <literal>+</literal>, referring to
|
||||||
|
- times before or after the current time, respectively.</para>
|
||||||
|
+ times before or after the current time, respectively. For complete
|
||||||
|
+ time and date specification, see
|
||||||
|
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||||||
|
+ </para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
|
@@ -836,7 +839,8 @@
|
||||||
|
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||||
|
<citerefentry><refentrytitle>coredumpctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||||||
|
<citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||||||
|
- <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||||
|
+ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||||
|
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||||||
|
</para>
|
||||||
|
</refsect1>
|
||||||
|
</refentry>
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
57
0060-sd-device-never-return-NULL-0.patch
Normal file
57
0060-sd-device-never-return-NULL-0.patch
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
From f88ff4551822931baf9f6b03f59e49d69c950885 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Herrmann <dh.herrmann@gmail.com>
|
||||||
|
Date: Wed, 15 Jul 2015 12:30:08 +0200
|
||||||
|
Subject: [PATCH 04/12] sd-device: never return NULL+0
|
||||||
|
|
||||||
|
It is highly confusing if a getter function returns 0, but the value is
|
||||||
|
set to NULL. This, right now, triggers assertions as code relies on the
|
||||||
|
returned values to be non-NULL.
|
||||||
|
|
||||||
|
Like with sd-bus-creds and friends, return 0 only if a value is actually
|
||||||
|
available.
|
||||||
|
|
||||||
|
Discussed with Tom, and actually fixes real bugs as in #512.
|
||||||
|
|
||||||
|
(cherry picked from commit bf4c113e179650c07a8f95a14d71f365dbfe66e4)
|
||||||
|
|
||||||
|
Resolves: #1238285
|
||||||
|
---
|
||||||
|
src/libsystemd/sd-device/sd-device.c | 8 ++++++++
|
||||||
|
1 file changed, 8 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
|
||||||
|
index b274f71..7cea5a0 100644
|
||||||
|
--- a/src/libsystemd/sd-device/sd-device.c
|
||||||
|
+++ b/src/libsystemd/sd-device/sd-device.c
|
||||||
|
@@ -791,6 +791,9 @@ _public_ int sd_device_get_subsystem(sd_device *device, const char **ret) {
|
||||||
|
device->subsystem_set = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!device->subsystem)
|
||||||
|
+ return -ENOENT;
|
||||||
|
+
|
||||||
|
*ret = device->subsystem;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -908,6 +911,9 @@ _public_ int sd_device_get_driver(sd_device *device, const char **ret) {
|
||||||
|
return log_debug_errno(r, "sd-device: could not set driver for %s: %m", device->devpath);
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (!device->driver)
|
||||||
|
+ return -ENOENT;
|
||||||
|
+
|
||||||
|
*ret = device->driver;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
@@ -1002,6 +1008,8 @@ _public_ int sd_device_get_sysname(sd_device *device, const char **ret) {
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ assert_return(device->sysname, -ENOENT);
|
||||||
|
+
|
||||||
|
*ret = device->sysname;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
33
0061-journalctl-properly-detect-empty-journal-files.patch
Normal file
33
0061-journalctl-properly-detect-empty-journal-files.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From c6ab40306733c31e5f2f2d56b3fb199e6b4bfda2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Fri, 24 Jul 2015 02:10:32 +0200
|
||||||
|
Subject: [PATCH 05/12] journalctl: properly detect empty journal files
|
||||||
|
|
||||||
|
When we encounter a journal file with exactly zero entries, print a nice
|
||||||
|
message and exit, and don't print a weird error message.
|
||||||
|
|
||||||
|
(cherry picked from commit 02ab86c732576a71179ce12e97d44c289833236d)
|
||||||
|
|
||||||
|
Resolves: #1255619
|
||||||
|
---
|
||||||
|
src/journal/journalctl.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
|
||||||
|
index 2d6ecfb..073cc77 100644
|
||||||
|
--- a/src/journal/journalctl.c
|
||||||
|
+++ b/src/journal/journalctl.c
|
||||||
|
@@ -2066,6 +2066,10 @@ int main(int argc, char *argv[]) {
|
||||||
|
log_error_errno(r, "Failed to iterate through journal: %m");
|
||||||
|
goto finish;
|
||||||
|
}
|
||||||
|
+ if (r == 0) {
|
||||||
|
+ printf("-- No entries --\n");
|
||||||
|
+ goto finish;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!arg_follow)
|
||||||
|
pager_open_if_enabled();
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
95
0062-import-hash-URL-in-paths-if-they-are-too-long.patch
Normal file
95
0062-import-hash-URL-in-paths-if-they-are-too-long.patch
Normal file
@ -0,0 +1,95 @@
|
|||||||
|
From a814fa3f3a2067a17a6698d2fcb6230774d0f981 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Synacek <jsynacek@redhat.com>
|
||||||
|
Date: Fri, 2 Oct 2015 11:00:19 +0200
|
||||||
|
Subject: [PATCH 06/12] import: hash URL in paths if they are too long
|
||||||
|
|
||||||
|
https://bugzilla.redhat.com/show_bug.cgi?id=1266775
|
||||||
|
(cherry picked from commit 9818005de6cc6f525be8aa62a2b8593a7c72e798)
|
||||||
|
|
||||||
|
Resolves: #1266775
|
||||||
|
---
|
||||||
|
src/import/pull-common.c | 44 ++++++++++++++++++++++++++++++++++++++------
|
||||||
|
1 file changed, 38 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/import/pull-common.c b/src/import/pull-common.c
|
||||||
|
index 652277e..84611cb 100644
|
||||||
|
--- a/src/import/pull-common.c
|
||||||
|
+++ b/src/import/pull-common.c
|
||||||
|
@@ -31,8 +31,10 @@
|
||||||
|
#include "pull-common.h"
|
||||||
|
#include "process-util.h"
|
||||||
|
#include "signal-util.h"
|
||||||
|
+#include "siphash24.h"
|
||||||
|
|
||||||
|
#define FILENAME_ESCAPE "/.#\"\'"
|
||||||
|
+#define HASH_URL_THRESHOLD_LENGTH (_POSIX_PATH_MAX - 16)
|
||||||
|
|
||||||
|
int pull_find_old_etags(const char *url, const char *image_root, int dt, const char *prefix, const char *suffix, char ***etags) {
|
||||||
|
_cleanup_free_ char *escaped_url = NULL;
|
||||||
|
@@ -142,8 +144,21 @@ int pull_make_local_copy(const char *final, const char *image_root, const char *
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static int hash_url(const char *url, char **ret) {
|
||||||
|
+ uint64_t h;
|
||||||
|
+ static const sd_id128_t k = SD_ID128_ARRAY(df,89,16,87,01,cc,42,30,98,ab,4a,19,a6,a5,63,4f);
|
||||||
|
+
|
||||||
|
+ assert(url);
|
||||||
|
+
|
||||||
|
+ siphash24((uint8_t *) &h, url, strlen(url), k.bytes);
|
||||||
|
+ if (asprintf(ret, "%"PRIx64, h) < 0)
|
||||||
|
+ return -ENOMEM;
|
||||||
|
+
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int pull_make_path(const char *url, const char *etag, const char *image_root, const char *prefix, const char *suffix, char **ret) {
|
||||||
|
- _cleanup_free_ char *escaped_url = NULL;
|
||||||
|
+ _cleanup_free_ char *escaped_url = NULL, *escaped_etag = NULL;
|
||||||
|
char *path;
|
||||||
|
|
||||||
|
assert(url);
|
||||||
|
@@ -157,18 +172,35 @@ int pull_make_path(const char *url, const char *etag, const char *image_root, co
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
if (etag) {
|
||||||
|
- _cleanup_free_ char *escaped_etag = NULL;
|
||||||
|
-
|
||||||
|
escaped_etag = xescape(etag, FILENAME_ESCAPE);
|
||||||
|
if (!escaped_etag)
|
||||||
|
return -ENOMEM;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- path = strjoin(image_root, "/", strempty(prefix), escaped_url, ".", escaped_etag, strempty(suffix), NULL);
|
||||||
|
- } else
|
||||||
|
- path = strjoin(image_root, "/", strempty(prefix), escaped_url, strempty(suffix), NULL);
|
||||||
|
+ path = strjoin(image_root, "/", strempty(prefix), escaped_url, escaped_etag ? "." : "",
|
||||||
|
+ strempty(escaped_etag), strempty(suffix), NULL);
|
||||||
|
if (!path)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
+ /* URLs might make the path longer than the maximum allowed length for a file name.
|
||||||
|
+ * When that happens, a URL hash is used instead. Paths returned by this function
|
||||||
|
+ * can be later used with tempfn_random() which adds 16 bytes to the resulting name. */
|
||||||
|
+ if (strlen(path) >= HASH_URL_THRESHOLD_LENGTH) {
|
||||||
|
+ _cleanup_free_ char *hash = NULL;
|
||||||
|
+ int r;
|
||||||
|
+
|
||||||
|
+ free(path);
|
||||||
|
+
|
||||||
|
+ r = hash_url(url, &hash);
|
||||||
|
+ if (r < 0)
|
||||||
|
+ return r;
|
||||||
|
+
|
||||||
|
+ path = strjoin(image_root, "/", strempty(prefix), hash, escaped_etag ? "." : "",
|
||||||
|
+ strempty(escaped_etag), strempty(suffix), NULL);
|
||||||
|
+ if (!path)
|
||||||
|
+ return -ENOMEM;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
*ret = path;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
35
0063-nspawn-fix-image-when-nspawn-is-run-as-service.patch
Normal file
35
0063-nspawn-fix-image-when-nspawn-is-run-as-service.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From 2c4f4e407fad772552e82129399173adef1e8e53 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Sat, 3 Oct 2015 11:23:52 +0200
|
||||||
|
Subject: [PATCH 07/12] nspawn: fix --image= when nspawn is run as service
|
||||||
|
|
||||||
|
nspawn needs access to /dev/loop to implement --image=, hence grant that
|
||||||
|
in the service file.
|
||||||
|
|
||||||
|
Fixes #1446.
|
||||||
|
|
||||||
|
(cherry picked from commit 988a47964283b6a72f5ce117f287ebeb12e26d2d)
|
||||||
|
|
||||||
|
Resolves: #1266776
|
||||||
|
---
|
||||||
|
units/systemd-nspawn@.service.in | 5 +++++
|
||||||
|
1 file changed, 5 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
|
||||||
|
index 074b916..110f1a6 100644
|
||||||
|
--- a/units/systemd-nspawn@.service.in
|
||||||
|
+++ b/units/systemd-nspawn@.service.in
|
||||||
|
@@ -35,5 +35,10 @@ DeviceAllow=/dev/net/tun rwm
|
||||||
|
DeviceAllow=/dev/pts/ptmx rw
|
||||||
|
DeviceAllow=char-pts rw
|
||||||
|
|
||||||
|
+# nspawn itself needs access to /dev/loop-control and /dev/loop, to
|
||||||
|
+# implement the --image= option. Add these here, too.
|
||||||
|
+DeviceAllow=/dev/loop-control rw
|
||||||
|
+DeviceAllow=block-loop rw
|
||||||
|
+
|
||||||
|
[Install]
|
||||||
|
WantedBy=machines.target
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From c99a4a60f5ef8a46d8d0841c2e3b72d73611c602 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Thu, 22 Oct 2015 00:39:57 +0200
|
||||||
|
Subject: [PATCH 08/12] units: also whitelist "blkext" block devices for nspawn
|
||||||
|
service
|
||||||
|
|
||||||
|
/dev/loop*p* block devices are of the "blkext" subsystem, not of loop,
|
||||||
|
hence whitelist this too.
|
||||||
|
|
||||||
|
Fixes #1446
|
||||||
|
|
||||||
|
(cherry picked from commit a2c90f05f11c01a9f9faf3efb3ec0e05acebd75f)
|
||||||
|
|
||||||
|
Resolves: #1266776
|
||||||
|
---
|
||||||
|
units/systemd-nspawn@.service.in | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/units/systemd-nspawn@.service.in b/units/systemd-nspawn@.service.in
|
||||||
|
index 110f1a6..60f0014 100644
|
||||||
|
--- a/units/systemd-nspawn@.service.in
|
||||||
|
+++ b/units/systemd-nspawn@.service.in
|
||||||
|
@@ -39,6 +39,7 @@ DeviceAllow=char-pts rw
|
||||||
|
# implement the --image= option. Add these here, too.
|
||||||
|
DeviceAllow=/dev/loop-control rw
|
||||||
|
DeviceAllow=block-loop rw
|
||||||
|
+DeviceAllow=block-blkext rw
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=machines.target
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
@ -0,0 +1,67 @@
|
|||||||
|
From 3fd5f2d43442105cd5208c46e3e91e33553ae80d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Maw <richard.maw@codethink.co.uk>
|
||||||
|
Date: Fri, 24 Jul 2015 09:29:46 +0000
|
||||||
|
Subject: [PATCH 09/12] unquote_first_word: parse ` '' ` as an empty argument
|
||||||
|
instead of no argument
|
||||||
|
|
||||||
|
(cherry picked from commit 14e685c29d5b317b815e3e9f056648027852b07e)
|
||||||
|
|
||||||
|
Resolves: #1278475
|
||||||
|
---
|
||||||
|
src/basic/util.c | 14 ++++++++++----
|
||||||
|
src/test/test-util.c | 11 +++++++++++
|
||||||
|
2 files changed, 21 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/basic/util.c b/src/basic/util.c
|
||||||
|
index dffb4a2..d6ab781 100644
|
||||||
|
--- a/src/basic/util.c
|
||||||
|
+++ b/src/basic/util.c
|
||||||
|
@@ -5193,13 +5193,19 @@ int unquote_first_word(const char **p, char **ret, UnquoteFlags flags) {
|
||||||
|
case VALUE:
|
||||||
|
if (c == 0)
|
||||||
|
goto finish;
|
||||||
|
- else if (c == '\'')
|
||||||
|
+ else if (c == '\'') {
|
||||||
|
+ if (!GREEDY_REALLOC(s, allocated, sz+1))
|
||||||
|
+ return -ENOMEM;
|
||||||
|
+
|
||||||
|
state = SINGLE_QUOTE;
|
||||||
|
- else if (c == '\\')
|
||||||
|
+ } else if (c == '\\')
|
||||||
|
state = VALUE_ESCAPE;
|
||||||
|
- else if (c == '\"')
|
||||||
|
+ else if (c == '\"') {
|
||||||
|
+ if (!GREEDY_REALLOC(s, allocated, sz+1))
|
||||||
|
+ return -ENOMEM;
|
||||||
|
+
|
||||||
|
state = DOUBLE_QUOTE;
|
||||||
|
- else if (strchr(WHITESPACE, c))
|
||||||
|
+ } else if (strchr(WHITESPACE, c))
|
||||||
|
state = SPACE;
|
||||||
|
else {
|
||||||
|
if (!GREEDY_REALLOC(s, allocated, sz+2))
|
||||||
|
diff --git a/src/test/test-util.c b/src/test/test-util.c
|
||||||
|
index ad9ea3b..41eaa49 100644
|
||||||
|
--- a/src/test/test-util.c
|
||||||
|
+++ b/src/test/test-util.c
|
||||||
|
@@ -1398,6 +1398,17 @@ static void test_unquote_first_word(void) {
|
||||||
|
assert_se(streq(t, "\\w+\b"));
|
||||||
|
free(t);
|
||||||
|
assert_se(p == original + 5);
|
||||||
|
+
|
||||||
|
+ p = original = "-N ''";
|
||||||
|
+ assert_se(unquote_first_word(&p, &t, UNQUOTE_CUNESCAPE) > 0);
|
||||||
|
+ assert_se(streq(t, "-N"));
|
||||||
|
+ free(t);
|
||||||
|
+ assert_se(p == original + 3);
|
||||||
|
+
|
||||||
|
+ assert_se(unquote_first_word(&p, &t, UNQUOTE_CUNESCAPE) > 0);
|
||||||
|
+ assert_se(streq(t, ""));
|
||||||
|
+ free(t);
|
||||||
|
+ assert_se(p == original + 5);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void test_unquote_first_word_and_warn(void) {
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
55
0066-login-fix-NULL-deref-on-wall_message.patch
Normal file
55
0066-login-fix-NULL-deref-on-wall_message.patch
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
From d3d5865931637112cd80fe5c95bcbf894b283a45 Mon Sep 17 00:00:00 2001
|
||||||
|
From: David Herrmann <dh.herrmann@gmail.com>
|
||||||
|
Date: Sat, 5 Sep 2015 12:56:04 +0200
|
||||||
|
Subject: [PATCH 10/12] login: fix NULL-deref on wall_message
|
||||||
|
|
||||||
|
We treat an empty wall-message equal to a NULL wall-message since:
|
||||||
|
|
||||||
|
commit 5744f59a3ee883ef3a78214bd5236157acdc35ba
|
||||||
|
Author: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Fri Sep 4 10:34:47 2015 +0200
|
||||||
|
|
||||||
|
logind: treat an empty wall message like a NULL one
|
||||||
|
|
||||||
|
Fix the shutdown scheduler to not deref a NULL pointer, but properly
|
||||||
|
check for an empty wall-message.
|
||||||
|
|
||||||
|
Fixes: #1120
|
||||||
|
(cherry picked from commit 3d1c455f9a898e7427b642800644ae7142dc7557)
|
||||||
|
|
||||||
|
Resolves: #1279156
|
||||||
|
---
|
||||||
|
src/login/logind-dbus.c | 10 ++++++----
|
||||||
|
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
|
||||||
|
index 1c1011c..c180ce1 100644
|
||||||
|
--- a/src/login/logind-dbus.c
|
||||||
|
+++ b/src/login/logind-dbus.c
|
||||||
|
@@ -1795,9 +1795,11 @@ static int update_schedule_file(Manager *m) {
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Failed to create shutdown subdirectory: %m");
|
||||||
|
|
||||||
|
- t = cescape(m->wall_message);
|
||||||
|
- if (!t)
|
||||||
|
- return log_oom();
|
||||||
|
+ if (!isempty(m->wall_message)) {
|
||||||
|
+ t = cescape(m->wall_message);
|
||||||
|
+ if (!t)
|
||||||
|
+ return log_oom();
|
||||||
|
+ }
|
||||||
|
|
||||||
|
r = fopen_temporary("/run/systemd/shutdown/scheduled", &f, &temp_path);
|
||||||
|
if (r < 0)
|
||||||
|
@@ -1813,7 +1815,7 @@ static int update_schedule_file(Manager *m) {
|
||||||
|
m->enable_wall_messages,
|
||||||
|
m->scheduled_shutdown_type);
|
||||||
|
|
||||||
|
- if (!isempty(m->wall_message))
|
||||||
|
+ if (t)
|
||||||
|
fprintf(f, "WALL_MESSAGE=%s\n", t);
|
||||||
|
|
||||||
|
(void) fflush_and_check(f);
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
@ -0,0 +1,37 @@
|
|||||||
|
From 8e32c9b7b26ff6f33e7bcec5f7a036e4133da6b8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||||
|
Date: Mon, 7 Dec 2015 00:09:12 -0500
|
||||||
|
Subject: [PATCH 11/12] libudev: simplify udev_device_ensure_usec_initialized a
|
||||||
|
bit
|
||||||
|
|
||||||
|
(cherry picked from commit 90b33a2746ef9a409e5b70ea6ef363941c671c1d)
|
||||||
|
|
||||||
|
Resolves: #1283971
|
||||||
|
---
|
||||||
|
src/libudev/libudev-device-private.c | 8 ++------
|
||||||
|
1 file changed, 2 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/libudev/libudev-device-private.c b/src/libudev/libudev-device-private.c
|
||||||
|
index 4b9c053..fa9bd9e 100644
|
||||||
|
--- a/src/libudev/libudev-device-private.c
|
||||||
|
+++ b/src/libudev/libudev-device-private.c
|
||||||
|
@@ -137,14 +137,10 @@ gid_t udev_device_get_devnode_gid(struct udev_device *udev_device) {
|
||||||
|
}
|
||||||
|
|
||||||
|
void udev_device_ensure_usec_initialized(struct udev_device *udev_device, struct udev_device *udev_device_old) {
|
||||||
|
- sd_device *device_old = NULL;
|
||||||
|
-
|
||||||
|
assert(udev_device);
|
||||||
|
|
||||||
|
- if (udev_device_old)
|
||||||
|
- device_old = udev_device_old->device;
|
||||||
|
-
|
||||||
|
- device_ensure_usec_initialized(udev_device->device, device_old);
|
||||||
|
+ device_ensure_usec_initialized(udev_device->device,
|
||||||
|
+ udev_device_old ? udev_device_old->device : NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
char **udev_device_get_properties_envp(struct udev_device *udev_device) {
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
30
systemd.spec
30
systemd.spec
@ -13,7 +13,7 @@
|
|||||||
Name: systemd
|
Name: systemd
|
||||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||||
Version: 222
|
Version: 222
|
||||||
Release: 8%{?gitcommit:.git%{gitcommit}}%{?dist}
|
Release: 9%{?gitcommit:.git%{gitcommit}}%{?dist}
|
||||||
# For a breakdown of the licensing, see README
|
# For a breakdown of the licensing, see README
|
||||||
License: LGPLv2+ and MIT and GPLv2+
|
License: LGPLv2+ and MIT and GPLv2+
|
||||||
Summary: A System and Service Manager
|
Summary: A System and Service Manager
|
||||||
@ -89,8 +89,18 @@ Patch0053: 0050-logind-rename-pos-to-position.patch
|
|||||||
Patch0054: 0051-logind-bring-bus-policy-up-to-date.patch
|
Patch0054: 0051-logind-bring-bus-policy-up-to-date.patch
|
||||||
Patch0055: 0052-logind-some-firmware-implementations-remove-OsIndica.patch
|
Patch0055: 0052-logind-some-firmware-implementations-remove-OsIndica.patch
|
||||||
Patch0056: 0053-logind-prefer-new-sessions-over-older-ones-on-VT-swi.patch
|
Patch0056: 0053-logind-prefer-new-sessions-over-older-ones-on-VT-swi.patch
|
||||||
Patch0057: 0054-logind-never-select-closing-sessions-for-a-VT.patch
|
Patch0057: 0057-user-sessions-make-sure-run-nologin-has-correct-SELi.patch
|
||||||
Patch0059: 0055-logind-release-VT-positions-when-closing-sessions.patch
|
Patch0058: 0058-login-make-sure-run-nologin-has-correct-SELinux-labe.patch
|
||||||
|
Patch0059: 0059-man-journalctl-mention-systemd.time-7-where-appropri.patch
|
||||||
|
Patch0060: 0060-sd-device-never-return-NULL-0.patch
|
||||||
|
Patch0061: 0061-journalctl-properly-detect-empty-journal-files.patch
|
||||||
|
Patch0062: 0062-import-hash-URL-in-paths-if-they-are-too-long.patch
|
||||||
|
Patch0063: 0063-nspawn-fix-image-when-nspawn-is-run-as-service.patch
|
||||||
|
Patch0064: 0064-units-also-whitelist-blkext-block-devices-for-nspawn.patch
|
||||||
|
Patch0065: 0065-unquote_first_word-parse-as-an-empty-argument-instea.patch
|
||||||
|
Patch0066: 0066-login-fix-NULL-deref-on-wall_message.patch
|
||||||
|
Patch0067: 0067-libudev-simplify-udev_device_ensure_usec_initialized.patch
|
||||||
|
Patch0068: 0068-udev-fix-NULL-deref-when-executing-rules.patch
|
||||||
|
|
||||||
Patch997: 0001-Re-apply-walters-unit-patch-for-F23-systemd-v222.patch
|
Patch997: 0001-Re-apply-walters-unit-patch-for-F23-systemd-v222.patch
|
||||||
Patch998: 0001-Revert-core-mount-add-dependencies-to-dynamically-mo-v222.patch
|
Patch998: 0001-Revert-core-mount-add-dependencies-to-dynamically-mo-v222.patch
|
||||||
@ -829,6 +839,20 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
|||||||
/usr/lib/firewalld/services/*
|
/usr/lib/firewalld/services/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 14 2015 Jan Synáček <jsynacek@redhat.com> - 222-9
|
||||||
|
- udev: fix NULL deref when executing rules (#1283971)
|
||||||
|
- libudev: simplify udev_device_ensure_usec_initialized a (#1283971)
|
||||||
|
- login: fix NULL-deref on wall_message (#1279156)
|
||||||
|
- unquote_first_word: parse ` '' ` as an empty argument (#1278475)
|
||||||
|
- units: also whitelist "blkext" block devices for nspawn (#1266776)
|
||||||
|
- nspawn: fix --image= when nspawn is run as service (#1266776)
|
||||||
|
- import: hash URL in paths if they are too long (#1266775)
|
||||||
|
- journalctl: properly detect empty journal files (#1255619)
|
||||||
|
- sd-device: never return NULL+0 (#1238285)
|
||||||
|
- man/journalctl: mention systemd.time(7) where (#1182661)
|
||||||
|
- login: make sure /run/nologin has correct SELinux label (#1287592)
|
||||||
|
- user-sessions: make sure /run/nologin has correct (#1287592)
|
||||||
|
|
||||||
* Mon Oct 19 2015 Jan Synáček <jsynacek@redhat.com> - 222-8
|
* Mon Oct 19 2015 Jan Synáček <jsynacek@redhat.com> - 222-8
|
||||||
- remove the fix for Corsair K70 Keyboard introduced in 222-3 (#1267225)
|
- remove the fix for Corsair K70 Keyboard introduced in 222-3 (#1267225)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user