[AUTOPATCHER-CORE] systemd add patch to address CVE-2022-45873 - (#4451)
* systemd: add patch to address CVE-2022-45873 * Add prereq patch, also update bootstrap * Add additional prereq patch Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
This commit is contained in:
Родитель
8cd9b00d73
Коммит
52cb0f9c6f
|
@ -0,0 +1,252 @@
|
|||
From 7922ead507e0d83e4ec72a8cbd2b67194766e58c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 18 Oct 2022 18:09:06 +0200
|
||||
Subject: [PATCH] shared/json: allow json_variant_dump() to return an error
|
||||
|
||||
---
|
||||
src/shared/json.c | 7 ++++---
|
||||
src/shared/json.h | 2 +-
|
||||
2 files changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/shared/json.c b/src/shared/json.c
|
||||
index 950be9485d58..baa468c6974e 100644
|
||||
--- a/src/shared/json.c
|
||||
+++ b/src/shared/json.c
|
||||
@@ -1785,9 +1785,9 @@ int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret) {
|
||||
return (int) sz - 1;
|
||||
}
|
||||
|
||||
-void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
|
||||
+int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix) {
|
||||
if (!v)
|
||||
- return;
|
||||
+ return 0;
|
||||
|
||||
if (!f)
|
||||
f = stdout;
|
||||
@@ -1813,7 +1813,8 @@ void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const cha
|
||||
fputc('\n', f); /* In case of SSE add a second newline */
|
||||
|
||||
if (flags & JSON_FORMAT_FLUSH)
|
||||
- fflush(f);
|
||||
+ return fflush_and_check(f);
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
int json_variant_filter(JsonVariant **v, char **to_remove) {
|
||||
diff --git a/src/shared/json.h b/src/shared/json.h
|
||||
index 1992170ed7c2..5993e05299c6 100644
|
||||
--- a/src/shared/json.h
|
||||
+++ b/src/shared/json.h
|
||||
@@ -197,7 +197,7 @@ typedef enum JsonFormatFlags {
|
||||
} JsonFormatFlags;
|
||||
|
||||
int json_variant_format(JsonVariant *v, JsonFormatFlags flags, char **ret);
|
||||
-void json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
|
||||
+int json_variant_dump(JsonVariant *v, JsonFormatFlags flags, FILE *f, const char *prefix);
|
||||
|
||||
int json_variant_filter(JsonVariant **v, char **to_remove);
|
||||
|
||||
From 87a16eb8b54002a49f12944fc09ce45d0cbadf45 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Wed, 19 Oct 2022 08:41:13 +0200
|
||||
Subject: [PATCH] shared/json: use different return code for empty input
|
||||
|
||||
It is useful to distinguish if json_parse_file() got no input or invalid input.
|
||||
Use different return codes for the two cases.
|
||||
---
|
||||
src/shared/elf-util.c | 2 +-
|
||||
src/shared/json.c | 6 ++++--
|
||||
src/test/test-json.c | 18 ++++++++++++++++++
|
||||
3 files changed, 23 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
|
||||
index c0f540abc50a..83721ff787ea 100644
|
||||
--- a/src/shared/elf-util.c
|
||||
+++ b/src/shared/elf-util.c
|
||||
@@ -859,7 +859,7 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
|
||||
return -errno;
|
||||
|
||||
r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL);
|
||||
- if (r < 0 && r != -EINVAL) /* EINVAL: json was empty, so we got nothing, but that's ok */
|
||||
+ if (r < 0 && r != -ENODATA) /* ENODATA: json was empty, so we got nothing, but that's ok */
|
||||
return r;
|
||||
}
|
||||
|
||||
diff --git a/src/shared/json.c b/src/shared/json.c
|
||||
index baa468c6974e..eda7bb19563e 100644
|
||||
--- a/src/shared/json.c
|
||||
+++ b/src/shared/json.c
|
||||
@@ -3187,7 +3187,6 @@ int json_parse_continue(const char **p, JsonParseFlags flags, JsonVariant **ret,
|
||||
int json_parse_file_at(FILE *f, int dir_fd, const char *path, JsonParseFlags flags, JsonVariant **ret, unsigned *ret_line, unsigned *ret_column) {
|
||||
_cleanup_(json_source_unrefp) JsonSource *source = NULL;
|
||||
_cleanup_free_ char *text = NULL;
|
||||
- const char *p;
|
||||
int r;
|
||||
|
||||
if (f)
|
||||
@@ -3199,13 +3198,16 @@ int json_parse_file_at(FILE *f, int dir_fd, const char *path, JsonParseFlags fla
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
+ if (isempty(text))
|
||||
+ return -ENODATA;
|
||||
+
|
||||
if (path) {
|
||||
source = json_source_new(path);
|
||||
if (!source)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
- p = text;
|
||||
+ const char *p = text;
|
||||
return json_parse_internal(&p, source, flags, ret, ret_line, ret_column, false);
|
||||
}
|
||||
|
||||
diff --git a/src/test/test-json.c b/src/test/test-json.c
|
||||
index 3563d004c8fa..946c827ccf00 100644
|
||||
--- a/src/test/test-json.c
|
||||
+++ b/src/test/test-json.c
|
||||
@@ -344,6 +344,24 @@ TEST(build) {
|
||||
assert_se(json_variant_equal(a, b));
|
||||
}
|
||||
|
||||
+TEST(json_parse_file_empty) {
|
||||
+ _cleanup_fclose_ FILE *f = NULL;
|
||||
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
+
|
||||
+ assert_se(fopen_unlocked("/dev/null", "re", &f) >= 0);
|
||||
+ assert_se(json_parse_file(f, "waldo", 0, &v, NULL, NULL) == -ENODATA);
|
||||
+ assert_se(v == NULL);
|
||||
+}
|
||||
+
|
||||
+TEST(json_parse_file_invalid) {
|
||||
+ _cleanup_fclose_ FILE *f = NULL;
|
||||
+ _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
|
||||
+
|
||||
+ assert_se(f = fmemopen_unlocked((void*) "kookoo", 6, "r"));
|
||||
+ assert_se(json_parse_file(f, "waldo", 0, &v, NULL, NULL) == -EINVAL);
|
||||
+ assert_se(v == NULL);
|
||||
+}
|
||||
+
|
||||
TEST(source) {
|
||||
static const char data[] =
|
||||
"\n"
|
||||
|
||||
From 076b807be472630692c5348c60d0c2b7b28ad437 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Tue, 18 Oct 2022 18:23:53 +0200
|
||||
Subject: [PATCH] coredump: avoid deadlock when passing processed backtrace
|
||||
data
|
||||
|
||||
We would deadlock when passing the data back from the forked-off process that
|
||||
was doing backtrace generation back to the coredump parent. This is because we
|
||||
fork the child and wait for it to exit. The child tries to write too much data
|
||||
to the output pipe, and and after the first 64k blocks on the parent because
|
||||
the pipe is full. The bug surfaced in Fedora because of a combination of four
|
||||
factors:
|
||||
- 87707784c70dc9894ec613df0a6e75e732a362a3 was backported to v251.5, which
|
||||
allowed coredump processing to be successful.
|
||||
- 1a0281a3ebf4f8c16d40aa9e63103f16cd23bb2a was NOT backported, so the output
|
||||
was very verbose.
|
||||
- Fedora has the ELF package metadata available, so a lot of output can be
|
||||
generated. Most other distros just don't have the information.
|
||||
- gnome-calendar crashes and has a bazillion modules and 69596 bytes of output
|
||||
are generated for it.
|
||||
|
||||
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2135778.
|
||||
|
||||
The code is changed to try to write data opportunistically. If we get partial
|
||||
information, that is still logged. In is generally better to log partial
|
||||
backtrace information than nothing at all.
|
||||
---
|
||||
src/shared/elf-util.c | 37 +++++++++++++++++++++++++++++++------
|
||||
1 file changed, 31 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/shared/elf-util.c b/src/shared/elf-util.c
|
||||
index 83721ff787ea..181735409d42 100644
|
||||
--- a/src/shared/elf-util.c
|
||||
+++ b/src/shared/elf-util.c
|
||||
@@ -30,6 +30,9 @@
|
||||
#define THREADS_MAX 64
|
||||
#define ELF_PACKAGE_METADATA_ID 0xcafe1a7e
|
||||
|
||||
+/* The amount of data we're willing to write to each of the output pipes. */
|
||||
+#define COREDUMP_PIPE_MAX (1024*1024U)
|
||||
+
|
||||
static void *dw_dl = NULL;
|
||||
static void *elf_dl = NULL;
|
||||
|
||||
@@ -759,13 +762,13 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
|
||||
return r;
|
||||
|
||||
if (ret) {
|
||||
- r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC));
|
||||
+ r = RET_NERRNO(pipe2(return_pipe, O_CLOEXEC|O_NONBLOCK));
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
if (ret_package_metadata) {
|
||||
- r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC));
|
||||
+ r = RET_NERRNO(pipe2(json_pipe, O_CLOEXEC|O_NONBLOCK));
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
@@ -809,8 +812,24 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
|
||||
goto child_fail;
|
||||
|
||||
if (buf) {
|
||||
- r = loop_write(return_pipe[1], buf, strlen(buf), false);
|
||||
- if (r < 0)
|
||||
+ size_t len = strlen(buf);
|
||||
+
|
||||
+ if (len > COREDUMP_PIPE_MAX) {
|
||||
+ /* This is iffy. A backtrace can be a few hundred kilobytes, but too much is
|
||||
+ * too much. Let's log a warning and ignore the rest. */
|
||||
+ log_warning("Generated backtrace is %zu bytes (more than the limit of %u bytes), backtrace will be truncated.",
|
||||
+ len, COREDUMP_PIPE_MAX);
|
||||
+ len = COREDUMP_PIPE_MAX;
|
||||
+ }
|
||||
+
|
||||
+ /* Bump the space for the returned string.
|
||||
+ * Failure is ignored, because partial output is still useful. */
|
||||
+ (void) fcntl(return_pipe[1], F_SETPIPE_SZ, len);
|
||||
+
|
||||
+ r = loop_write(return_pipe[1], buf, len, false);
|
||||
+ if (r == -EAGAIN)
|
||||
+ log_warning("Write failed, backtrace will be truncated.");
|
||||
+ else if (r < 0)
|
||||
goto child_fail;
|
||||
|
||||
return_pipe[1] = safe_close(return_pipe[1]);
|
||||
@@ -819,13 +838,19 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
|
||||
if (package_metadata) {
|
||||
_cleanup_fclose_ FILE *json_out = NULL;
|
||||
|
||||
+ /* Bump the space for the returned string. We don't know how much space we'll need in
|
||||
+ * advance, so we'll just try to write as much as possible and maybe fail later. */
|
||||
+ (void) fcntl(json_pipe[1], F_SETPIPE_SZ, COREDUMP_PIPE_MAX);
|
||||
+
|
||||
json_out = take_fdopen(&json_pipe[1], "w");
|
||||
if (!json_out) {
|
||||
r = -errno;
|
||||
goto child_fail;
|
||||
}
|
||||
|
||||
- json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
|
||||
+ r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
|
||||
+ if (r < 0)
|
||||
+ log_warning_errno(r, "Failed to write JSON package metadata, ignoring: %m");
|
||||
}
|
||||
|
||||
_exit(EXIT_SUCCESS);
|
||||
@@ -860,7 +885,7 @@ int parse_elf_object(int fd, const char *executable, bool fork_disable_dump, cha
|
||||
|
||||
r = json_parse_file(json_in, NULL, 0, &package_metadata, NULL, NULL);
|
||||
if (r < 0 && r != -ENODATA) /* ENODATA: json was empty, so we got nothing, but that's ok */
|
||||
- return r;
|
||||
+ log_warning_errno(r, "Failed to read or parse json metadata, ignoring: %m");
|
||||
}
|
||||
|
||||
if (ret)
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Bootstrap version of systemd. Workaround for systemd circular dependency.
|
||||
Name: systemd-bootstrap
|
||||
Version: 250.3
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: LGPLv2+ AND GPLv2+ AND MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -20,6 +20,8 @@ Patch1: add-fsync-sysusers-passwd.patch
|
|||
Patch2: gpt-auto-devno-not-determined.patch
|
||||
# Patch3 can be removed once we update to major version 251 or higher:
|
||||
Patch3: CVE-2022-3821.patch
|
||||
# Patch4 can be removed once we update to version 252
|
||||
Patch4: CVE-2022-45873.patch
|
||||
BuildRequires: docbook-dtd-xml
|
||||
BuildRequires: docbook-style-xsl
|
||||
BuildRequires: gettext
|
||||
|
@ -239,6 +241,9 @@ fi
|
|||
%{_datadir}/pkgconfig/udev.pc
|
||||
|
||||
%changelog
|
||||
* Wed Dec 14 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 250.3-10
|
||||
- Add patch for CVE-2022-45873
|
||||
|
||||
* Wed Nov 29 2022 Daniel McIlvaney <damcilva@microsoft.com> - 250.3-9
|
||||
- Conditionally run systemctl preset-all only when first installing systemd, not on upgrades
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Systemd-250
|
||||
Name: systemd
|
||||
Version: 250.3
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
License: LGPLv2+ AND GPLv2+ AND MIT
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
@ -20,6 +20,8 @@ Patch1: add-fsync-sysusers-passwd.patch
|
|||
Patch2: gpt-auto-devno-not-determined.patch
|
||||
# Patch3 can be removed once we update to major version 251 or higher:
|
||||
Patch3: CVE-2022-3821.patch
|
||||
# Patch4 can be removed once we update to version 252
|
||||
Patch4: CVE-2022-45873.patch
|
||||
BuildRequires: cryptsetup-devel
|
||||
BuildRequires: docbook-dtd-xml
|
||||
BuildRequires: docbook-style-xsl
|
||||
|
@ -269,6 +271,9 @@ fi
|
|||
%files lang -f %{name}.lang
|
||||
|
||||
%changelog
|
||||
* Wed Dec 14 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 250.3-12
|
||||
- Add patch for CVE-2022-45873
|
||||
|
||||
* Wed Nov 29 2022 Daniel McIlvaney <damcilva@microsoft.com> - 250.3-11
|
||||
- Conditionally run systemctl preset-all only when first installing systemd, not on upgrades
|
||||
|
||||
|
|
|
@ -548,10 +548,10 @@ sqlite-devel-3.39.2-2.cm2.aarch64.rpm
|
|||
sqlite-libs-3.39.2-2.cm2.aarch64.rpm
|
||||
swig-4.0.2-3.cm2.aarch64.rpm
|
||||
swig-debuginfo-4.0.2-3.cm2.aarch64.rpm
|
||||
systemd-bootstrap-250.3-9.cm2.aarch64.rpm
|
||||
systemd-bootstrap-debuginfo-250.3-9.cm2.aarch64.rpm
|
||||
systemd-bootstrap-devel-250.3-9.cm2.aarch64.rpm
|
||||
systemd-bootstrap-rpm-macros-250.3-9.cm2.noarch.rpm
|
||||
systemd-bootstrap-250.3-10.cm2.aarch64.rpm
|
||||
systemd-bootstrap-debuginfo-250.3-10.cm2.aarch64.rpm
|
||||
systemd-bootstrap-devel-250.3-10.cm2.aarch64.rpm
|
||||
systemd-bootstrap-rpm-macros-250.3-10.cm2.noarch.rpm
|
||||
tar-1.34-1.cm2.aarch64.rpm
|
||||
tar-debuginfo-1.34-1.cm2.aarch64.rpm
|
||||
tdnf-3.2.2-4.cm2.aarch64.rpm
|
||||
|
|
|
@ -548,10 +548,10 @@ sqlite-devel-3.39.2-2.cm2.x86_64.rpm
|
|||
sqlite-libs-3.39.2-2.cm2.x86_64.rpm
|
||||
swig-4.0.2-3.cm2.x86_64.rpm
|
||||
swig-debuginfo-4.0.2-3.cm2.x86_64.rpm
|
||||
systemd-bootstrap-250.3-9.cm2.x86_64.rpm
|
||||
systemd-bootstrap-debuginfo-250.3-9.cm2.x86_64.rpm
|
||||
systemd-bootstrap-devel-250.3-9.cm2.x86_64.rpm
|
||||
systemd-bootstrap-rpm-macros-250.3-9.cm2.noarch.rpm
|
||||
systemd-bootstrap-250.3-10.cm2.x86_64.rpm
|
||||
systemd-bootstrap-debuginfo-250.3-10.cm2.x86_64.rpm
|
||||
systemd-bootstrap-devel-250.3-10.cm2.x86_64.rpm
|
||||
systemd-bootstrap-rpm-macros-250.3-10.cm2.noarch.rpm
|
||||
tar-1.34-1.cm2.x86_64.rpm
|
||||
tar-debuginfo-1.34-1.cm2.x86_64.rpm
|
||||
tdnf-3.2.2-4.cm2.x86_64.rpm
|
||||
|
|
Загрузка…
Ссылка в новой задаче