Backport one "security" patch
The patch order is messed up, because I committed the patches to systemd-stable in the wrong order. Sorry.
This commit is contained in:
parent
841dd54e44
commit
ae8ac59076
|
@ -0,0 +1,27 @@
|
|||
From c89e4c375b197202434821c09a4ac7088b3dded4 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Wed, 24 May 2017 08:56:48 +0300
|
||||
Subject: [PATCH] resolved: bugfix of null pointer p->question dereferencing
|
||||
(#6020)
|
||||
|
||||
See https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1621396
|
||||
|
||||
(cherry picked from commit a924f43f30f9c4acaf70618dd2a055f8b0f166be)
|
||||
---
|
||||
src/resolve/resolved-dns-packet.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c
|
||||
index c940dd8929..e57f157e00 100644
|
||||
--- a/src/resolve/resolved-dns-packet.c
|
||||
+++ b/src/resolve/resolved-dns-packet.c
|
||||
@@ -2259,6 +2259,9 @@ int dns_packet_is_reply_for(DnsPacket *p, const DnsResourceKey *key) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
+ if (!p->question)
|
||||
+ return 0;
|
||||
+
|
||||
if (p->question->n_keys != 1)
|
||||
return 0;
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From a28a4f85b63f7d6aa531ee01b01c9dabb01de6e9 Mon Sep 17 00:00:00 2001
|
||||
From 2a97bf0e94be18d20d0ef671f50db1cc2d65c5e0 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Vereshchagin <evvers@ya.ru>
|
||||
Date: Tue, 7 Jun 2016 20:47:41 +0300
|
||||
Subject: [PATCH] hwdb: selinuxify a bit (#3460)
|
||||
|
@ -9,12 +9,13 @@ Subject: [PATCH] hwdb: selinuxify a bit (#3460)
|
|||
system_u:object_r:systemd_hwdb_etc_t:s0 /etc/udev/hwdb.bin
|
||||
|
||||
Fixes: #3458
|
||||
(cherry picked from commit ea683512f9b82f2257770f0ed56d819eea230fc2)
|
||||
---
|
||||
src/hwdb/hwdb.c | 8 ++++++--
|
||||
1 file changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c
|
||||
index 1160dac..e12cd93 100644
|
||||
index 1160dacdf1..e12cd93d1c 100644
|
||||
--- a/src/hwdb/hwdb.c
|
||||
+++ b/src/hwdb/hwdb.c
|
||||
@@ -29,7 +29,9 @@
|
||||
|
@ -51,6 +52,3 @@ index 1160dac..e12cd93 100644
|
|||
r = hwdb_main(argc, argv);
|
||||
|
||||
finish:
|
||||
--
|
||||
2.9.3
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
From 0c780236462b3e1b43de9af2339c21377b51b782 Mon Sep 17 00:00:00 2001
|
||||
From 1826d028938f0d4042a9704c74c1d6477043eb11 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekletar@users.noreply.github.com>
|
||||
Date: Fri, 8 Jul 2016 17:43:05 +0200
|
||||
Subject: [PATCH] udevadm: explicitly relabel /etc/udev/hwdb.bin after rename
|
||||
|
@ -7,13 +7,12 @@ Subject: [PATCH] udevadm: explicitly relabel /etc/udev/hwdb.bin after rename
|
|||
This is basically the same change as ea68351.
|
||||
|
||||
(cherry picked from commit 905c37e60ef653557d0354c2afa94546c31efe50)
|
||||
Resolves: #1395211
|
||||
---
|
||||
src/udev/udevadm-hwdb.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/udevadm-hwdb.c b/src/udev/udevadm-hwdb.c
|
||||
index 948ad0f..1bffe8e 100644
|
||||
index 948ad0f5a5..1bffe8e8ab 100644
|
||||
--- a/src/udev/udevadm-hwdb.c
|
||||
+++ b/src/udev/udevadm-hwdb.c
|
||||
@@ -28,6 +28,8 @@
|
||||
|
@ -43,6 +42,3 @@ index 948ad0f..1bffe8e 100644
|
|||
}
|
||||
|
||||
if (test) {
|
||||
--
|
||||
2.9.3
|
||||
|
|
@ -1,29 +1,27 @@
|
|||
From 053ae195f08ca09e1f37d8368d02fbdb8344d27d Mon Sep 17 00:00:00 2001
|
||||
From: Jan Synacek <jsynacek@redhat.com>
|
||||
Date: Mon, 16 Jan 2017 13:00:03 +0100
|
||||
From 8785055303abd087f9d55bfdaee01ee197f9ed0c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 23 Nov 2016 10:18:30 -0500
|
||||
Subject: [PATCH] build-sys: check for lz4 in the old and new numbering scheme
|
||||
(#4717)
|
||||
|
||||
lz4 upstream decided to switch to an incompatible numbering scheme
|
||||
(1.7.3 follows 131, to match the so version). PKG_CHECK_MODULES does
|
||||
not allow two version matches for the same package, so e.g. lz4 < 10 ||
|
||||
lz4 >= 125 cannot be used. Check twice, once for "new" numbers (anything
|
||||
below 10 is assume to be new), once for the "old" numbers (anything
|
||||
above >= 125). This assumes that the "new" versioning will not get to 10
|
||||
to quickly. I think that's a safe assumption, lz4 is a mature project.
|
||||
(1.7.3 follows 131, to match the so version).
|
||||
PKG_CHECK_MODULES does not allow two version matches for the same package,
|
||||
so e.g. lz4 < 10 || lz4 >= 125 cannot be used. Check twice, once for
|
||||
"new" numbers (anything below 10 is assume to be new), once for the "old"
|
||||
numbers (anything above >= 125). This assumes that the "new" versioning
|
||||
will not get to 10 to quickly. I think that's a safe assumption, lz4 is a
|
||||
mature project.
|
||||
|
||||
Fixed #4690.
|
||||
|
||||
Cherry-picked from
|
||||
https://github.com/systemd/systemd/commit/3d4cf7de48a74726694abbaa09f9804b845ff3ba
|
||||
|
||||
Resolves: #1404406
|
||||
(cherry picked from commit 3d4cf7de48a74726694abbaa09f9804b845ff3ba)
|
||||
---
|
||||
configure.ac | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 5fd73c5..1f95f9f 100644
|
||||
index 5fd73c59f1..1f95f9f5c9 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -571,10 +571,13 @@ AM_CONDITIONAL(HAVE_BZIP2, [test "$have_bzip2" = "yes"])
|
||||
|
@ -43,6 +41,3 @@ index 5fd73c5..1f95f9f 100644
|
|||
AS_IF([test "x$have_lz4" = xno -a "x$enable_lz4" = xyes],
|
||||
[AC_MSG_ERROR([*** LZ4 support requested but libraries not found])])
|
||||
])
|
||||
--
|
||||
2.9.3
|
||||
|
11
systemd.spec
11
systemd.spec
|
@ -12,7 +12,7 @@
|
|||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 229
|
||||
Release: 19%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
Release: 20%{?gitcommit:.git%{gitcommitshort}}%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: A System and Service Manager
|
||||
|
@ -85,9 +85,10 @@ Patch0049: 0049-pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
|
|||
Patch0050: 0050-pid1-process-zero-length-notification-messages-again.patch
|
||||
Patch0051: 0051-logind-fix-crash-when-shutdown-is-not-issued-from-a-.patch
|
||||
Patch0052: 0052-hwdb-add-axis-ranges-for-the-MacBook-4-1-4030.patch
|
||||
Patch0053: 0053-hwdb-selinuxify-a-bit-3460.patch
|
||||
Patch0054: 0054-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch
|
||||
Patch0055: 0055-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
|
||||
Patch0053: 0053-resolved-bugfix-of-null-pointer-p-question-dereferen.patch
|
||||
Patch0054: 0054-hwdb-selinuxify-a-bit-3460.patch
|
||||
Patch0055: 0055-udevadm-explicitly-relabel-etc-udev-hwdb.bin-after-r.patch
|
||||
Patch0056: 0056-build-sys-check-for-lz4-in-the-old-and-new-numbering.patch
|
||||
|
||||
Patch0999: 0999-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
|
||||
|
||||
|
@ -978,6 +979,8 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd
|
|||
/usr/lib/firewalld/services/*
|
||||
|
||||
%changelog
|
||||
* Thu May 25 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 229-20
|
||||
- Fix systemd-resolved crash on crafted DNS packet (CVE-2017-9217, #1455493)
|
||||
|
||||
* Tue Feb 07 2017 Susant Sahani <susant@redhat.com> - 229-19
|
||||
- Make sure we have our compressions libs ready (#1404406)
|
||||
|
|
Loading…
Reference in New Issue