Version 250.9
- Latest bugfix release with a bunch of fixes (homed, networkd, manager, resolved, documentation): rhbz#2133792, rhbz#2135778, rhbz#2152685, and also #2031810, #2121106. - CVE-2022-4415: systemd: coredump not respecting fs.suid_dumpable kernel setting
This commit is contained in:
parent
e518927ce6
commit
8b7a753a0a
|
@ -0,0 +1,76 @@
|
|||
From c5d344ea8b2e8dc6951360a29c5e920199c81c65 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 13 Dec 2022 11:15:17 +0100
|
||||
Subject: [PATCH] coredump: cescape invalid json data before logging
|
||||
|
||||
In both cases, the json string is short, so we can print it, which is useful
|
||||
for diagnosing invalid data in packages. But we need escape non-printable
|
||||
characters.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2152685
|
||||
|
||||
I went over the rest of the codebase, and it seems that other calls to
|
||||
json_parse() don't have this problem.
|
||||
|
||||
(cherry picked from commit c5966ab5bf43b4fb45998760beaffa6c7f9e8a9e)
|
||||
(cherry picked from commit 57ab4e2d47dd7c03113b66b78175242a597bd0dc)
|
||||
(cherry picked from commit 6208326afb592e901d5fc8cf1b09fb764e1fdb6b)
|
||||
---
|
||||
src/coredump/coredumpctl.c | 8 +++++---
|
||||
src/shared/elf-util.c | 7 +++++--
|
||||
2 files changed, 10 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c
|
||||
index 2904de3728..efdca36f43 100644
|
||||
--- a/src/coredump/coredumpctl.c
|
||||
+++ b/src/coredump/coredumpctl.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include "bus-util.h"
|
||||
#include "compress.h"
|
||||
#include "def.h"
|
||||
+#include "escape.h"
|
||||
#include "fd-util.h"
|
||||
#include "format-table.h"
|
||||
#include "fs-util.h"
|
||||
@@ -733,9 +734,10 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) {
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
|
||||
r = json_parse(pkgmeta_json, 0, &v, NULL, NULL);
|
||||
- if (r < 0)
|
||||
- log_warning_errno(r, "json_parse on %s failed, ignoring: %m", pkgmeta_json);
|
||||
- else {
|
||||
+ if (r < 0) {
|
||||
+ _cleanup_free_ char *esc = cescape(pkgmeta_json);
|
||||
+ log_warning_errno(r, "json_parse on \"%s\" failed, ignoring: %m", strnull(esc));
|
||||
+ } else {
|
||||
const char *module_name;
|
||||
JsonVariant *module_json;
|
||||
|
||||
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
|
||||
index 644fbae9ce..f9d0e5bc60 100644
|
||||
--- a/src/shared/elf-util.c
|
||||
+++ b/src/shared/elf-util.c
|
||||
@@ -15,6 +15,7 @@
|
||||
#include "dlfcn-util.h"
|
||||
#include "elf-util.h"
|
||||
#include "errno-util.h"
|
||||
+#include "escape.h"
|
||||
#include "fileio.h"
|
||||
#include "fd-util.h"
|
||||
#include "format-util.h"
|
||||
@@ -328,8 +329,10 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e
|
||||
_cleanup_(json_variant_unrefp) JsonVariant *v = NULL, *w = NULL;
|
||||
|
||||
r = json_parse(payload, 0, &v, NULL, NULL);
|
||||
- if (r < 0)
|
||||
- return log_error_errno(r, "json_parse on %s failed: %m", payload);
|
||||
+ if (r < 0) {
|
||||
+ _cleanup_free_ char *esc = cescape(payload);
|
||||
+ return log_error_errno(r, "json_parse on \"%s\" failed: %m", strnull(esc));
|
||||
+ }
|
||||
|
||||
/* First pretty-print to the buffer, so that the metadata goes as
|
||||
* plaintext in the journal. */
|
||||
--
|
||||
2.38.1
|
||||
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (systemd-250.8.tar.gz) = 653f527f10779a31213da06f7587a3617bd4b823bd3e5a43d626c5a4a7301e4a0fb42cf1fd056d28af6d87e52f258da59d5f0d4a2d98076905f9d3fcda6d18fd
|
||||
SHA512 (systemd-250.9.tar.gz) = d3f044ec538b7e6b1ada39e21d239b376b468f0be40039be658aafcc7d9a0227381ab9541d1d994dd6e17530e3dcbf0aba722f68bbf609aa1953b9664cf6dd8e
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
Name: systemd
|
||||
Url: https://www.freedesktop.org/wiki/Software/systemd
|
||||
%if %{without inplace}
|
||||
Version: 250.8
|
||||
Version: 250.9
|
||||
Release: 1%{?dist}
|
||||
%else
|
||||
# determine the build information from local checkout
|
||||
|
@ -91,7 +91,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[
|
|||
# Any patches which are "in preparation" upstream should be listed here, rather
|
||||
# than in the next section. Packit CI will drop any patches in this range before
|
||||
# applying upstream pull requests.
|
||||
|
||||
Patch0001: 0001-coredump-cescape-invalid-json-data-before-logging.patch
|
||||
|
||||
# This is a downstream-only patch, but we don't want it in packit builds.
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1738828
|
||||
|
|
Loading…
Reference in New Issue