diff options
| author | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-09-28 22:04:51 +0300 |
|---|---|---|
| committer | Jason M. Bills <jason.m.bills@linux.intel.com> | 2021-09-28 23:07:19 +0300 |
| commit | ffe6d597d9e3d4407cf8062b5d6505a80ce08f41 (patch) | |
| tree | 8019999b0ca042482e5193d6cabc06220c71d776 /meta-openbmc-mods/meta-common/recipes-core/systemd | |
| parent | d73e39703a0260c8911cb439b579e1c2bada4b20 (diff) | |
| download | openbmc-ffe6d597d9e3d4407cf8062b5d6505a80ce08f41.tar.xz | |
Update to internal 0.75
Signed-off-by: Jason M. Bills <jason.m.bills@linux.intel.com>
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-core/systemd')
4 files changed, 17 insertions, 82 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend index 3d4e594a4..adbdb0e6e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/obmc-targets.bbappend @@ -1,10 +1,10 @@ # Remove these files since they are provided by obmc-intel-targets -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-start@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-stop@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-shutdown@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-reboot@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-host-startmin@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-poweron@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-poweroff@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-hard-poweroff@.target" -SYSTEMD_SERVICE_${PN}_remove += " obmc-chassis-powerreset@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-start@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-stop@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-shutdown@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-reboot@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-host-startmin@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-poweron@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-poweroff@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-hard-poweroff@.target" +SYSTEMD_SERVICE:${PN}:remove += " obmc-chassis-powerreset@.target" diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend index b3c318e15..b7bd6796c 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd-conf_%.bbappend @@ -1,11 +1,11 @@ -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += "file://journald.conf \ file://systemd-timesyncd-save-time.conf \ " -FILES_${PN} += " ${systemd_system_unitdir}/systemd-timesyncd.service.d/systemd-timesyncd-save-time.conf" +FILES:${PN} += " ${systemd_system_unitdir}/systemd-timesyncd.service.d/systemd-timesyncd-save-time.conf" -do_install_append() { +do_install:append() { install -m 644 -D ${WORKDIR}/systemd-timesyncd-save-time.conf ${D}${systemd_system_unitdir}/systemd-timesyncd.service.d/systemd-timesyncd-save-time.conf } diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch deleted file mode 100644 index a240d63d4..000000000 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd/0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 4a1c5f34bd3e1daed4490e9d97918e504d19733b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) -(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce) ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 85dcba6cb7..46b24f2d9e 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; diff --git a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend index 3fe5ff5ac..50f82d21e 100644 --- a/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend +++ b/meta-openbmc-mods/meta-common/recipes-core/systemd/systemd_%.bbappend @@ -2,20 +2,19 @@ LICENSE = "GPL-2.0" -FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" +FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:" SRC_URI += "file://0001-Modfiy-system.conf-DefaultTimeoutStopSec.patch \ file://systemd-time-wait-sync.service \ file://0002-Add-event-log-for-system-time-synchronization.patch \ - file://0003-CVE-2021-33910-basic-unit-name-do-not-use-strdupa-on-a-path.patch \ " -USERADD_PACKAGES_remove = "${PN}-journal-gateway ${PN}-journal-upload ${PN}-journal-remote" +USERADD_PACKAGES:remove = "${PN}-journal-gateway ${PN}-journal-upload ${PN}-journal-remote" -do_install_append(){ +do_install:append(){ rm -rf ${D}/lib/udev/rules.d/80-drivers.rules cp -f ${WORKDIR}/systemd-time-wait-sync.service ${D}/lib/systemd/system/ } -PACKAGECONFIG_remove = " kmod" -PACKAGECONFIG_append = " logind" +PACKAGECONFIG:remove = " kmod" +PACKAGECONFIG:append = " logind" |