* [Buildroot] [PATCH] package/systemd: security bump to version v250.8
@ 2022-11-20 16:26 Peter Korsgaard
2022-11-20 16:45 ` Yann E. MORIN
2022-11-23 9:52 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-11-20 16:26 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Yann E. MORIN, Sen Hastings
Fixes the following security issue:
- CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in
format_timespan() function of time-util.c. An attacker could supply
specific values for time and accuracy that leads to buffer overrun in
format_timespan(), leading to a Denial of Service.
https://github.com/systemd/systemd/issues/23928
Drop now upstream 0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
./support/testing/run-tests -k -o output-systemd tests.init.test_systemd
15:35:09 TestInitSystemSystemdRwNetworkd Starting
15:35:09 TestInitSystemSystemdRwNetworkd Building
15:43:20 TestInitSystemSystemdRwNetworkd Building done
Downloading to /var/lib/downloads/tmpw7by1nt7
Renaming from /var/lib/downloads/tmpw7by1nt7 to /var/lib/downloads/kernel-vexpress-5.10.7
Downloading to /var/lib/downloads/tmpxhcetjfv
Renaming from /var/lib/downloads/tmpxhcetjfv to /var/lib/downloads/vexpress-v2p-ca9-5.10.7.dtb
15:43:43 TestInitSystemSystemdRwNetworkd Cleaning up
.15:43:43 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Starting
15:43:43 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Building
15:52:10 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Building done
15:52:34 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Cleaning up
.15:52:34 TestInitSystemSystemdRwIfupdownDbusbroker Starting
15:52:35 TestInitSystemSystemdRwIfupdownDbusbroker Building
16:00:40 TestInitSystemSystemdRwIfupdownDbusbroker Building done
16:01:04 TestInitSystemSystemdRwIfupdownDbusbroker Cleaning up
.16:01:04 TestInitSystemSystemdRwIfupdown Starting
16:01:05 TestInitSystemSystemdRwIfupdown Building
16:09:19 TestInitSystemSystemdRwIfupdown Building done
16:09:43 TestInitSystemSystemdRwIfupdown Cleaning up
.16:09:43 TestInitSystemSystemdRwFull Starting
16:09:43 TestInitSystemSystemdRwFull Building
16:21:53 TestInitSystemSystemdRwFull Building done
16:22:21 TestInitSystemSystemdRwFull Cleaning up
.16:22:21 TestInitSystemSystemdRoNetworkd Starting
16:22:22 TestInitSystemSystemdRoNetworkd Building
16:30:55 TestInitSystemSystemdRoNetworkd Building done
16:31:18 TestInitSystemSystemdRoNetworkd Cleaning up
.16:31:18 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Starting
16:31:19 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Building
16:39:50 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Building done
16:40:13 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Cleaning up
.16:40:13 TestInitSystemSystemdRoIfupdownDbusbroker Starting
16:40:14 TestInitSystemSystemdRoIfupdownDbusbroker Building
16:48:58 TestInitSystemSystemdRoIfupdownDbusbroker Building done
16:49:22 TestInitSystemSystemdRoIfupdownDbusbroker Cleaning up
.16:49:22 TestInitSystemSystemdRoIfupdown Starting
16:49:23 TestInitSystemSystemdRoIfupdown Building
16:58:00 TestInitSystemSystemdRoIfupdown Building done
16:58:24 TestInitSystemSystemdRoIfupdown Cleaning up
.16:58:24 TestInitSystemSystemdRoFull Starting
16:58:25 TestInitSystemSystemdRoFull Building
17:13:14 TestInitSystemSystemdRoFull Building done
17:13:40 TestInitSystemSystemdRoFull Cleaning up
.
----------------------------------------------------------------------
Ran 10 tests in 5911.589s
OK
...define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch | 33 -------------------
package/systemd/systemd.hash | 2 +-
package/systemd/systemd.mk | 2 +-
3 files changed, 2 insertions(+), 35 deletions(-)
delete mode 100644 package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
diff --git a/package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch b/package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
deleted file mode 100644
index 0934886acb..0000000000
--- a/package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 16c132a6a0389e0eaea70c4ad95dbfd1637ec5ba Mon Sep 17 00:00:00 2001
-From: Romain Naour <romain.naour@smile.fr>
-Date: Fri, 7 Jan 2022 22:25:23 +0100
-Subject: [PATCH] missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing
-
-MOVE_MOUNT_T_EMPTY_PATH has been added to systemd 250 by [1]
-but it's defined in kernel headers since version 5.2.
-
-[1] c7bf079bbc19e3b409acc0c7acc3e14749211fe2
-
-Signed-off-by: Romain Naour <romain.naour@smile.fr>
----
- src/basic/missing_syscall.h | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
-index 8267b1a90c..793d111c55 100644
---- a/src/basic/missing_syscall.h
-+++ b/src/basic/missing_syscall.h
-@@ -569,6 +569,10 @@ static inline int missing_open_tree(
- #define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */
- #endif
-
-+#ifndef MOVE_MOUNT_T_EMPTY_PATH
-+#define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 /* Empty to path permitted */
-+#endif
-+
- static inline int missing_move_mount(
- int from_dfd,
- const char *from_pathname,
---
-2.31.1
-
diff --git a/package/systemd/systemd.hash b/package/systemd/systemd.hash
index 3572b25965..3b98566f32 100644
--- a/package/systemd/systemd.hash
+++ b/package/systemd/systemd.hash
@@ -1,5 +1,5 @@
# sha256 locally computed
-sha256 d2bda9d225da11dc9ff48b48e59fc36798d3e66902ed400a9f78fa370c596864 systemd-250.4.tar.gz
+sha256 638a2fc78828765fc97bc73f428205b6dc1d359149b6c6bfe4d2a649cba2cca8 systemd-250.8.tar.gz
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 LICENSE.GPL2
sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 LICENSE.LGPL2.1
sha256 e5a8645ad94aab24e312dd0c6be2aa54236eb9374480b1b14ea5c61598874fd5 LICENSES/BSD-2-Clause.txt
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index b42f6a502b..30a75b7a40 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -19,7 +19,7 @@
# - Diff sysusers.d with the previous version
# - Diff factory/etc/nsswitch.conf with the previous version
# (details are often sprinkled around in README and manpages)
-SYSTEMD_VERSION = 250.4
+SYSTEMD_VERSION = 250.8
SYSTEMD_SITE = $(call github,systemd,systemd-stable,v$(SYSTEMD_VERSION))
SYSTEMD_LICENSE = \
LGPL-2.1+, \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/systemd: security bump to version v250.8
2022-11-20 16:26 [Buildroot] [PATCH] package/systemd: security bump to version v250.8 Peter Korsgaard
@ 2022-11-20 16:45 ` Yann E. MORIN
2022-11-23 9:52 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2022-11-20 16:45 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: Norbert Lange, Sen Hastings, buildroot
Peter, All,
On 2022-11-20 17:26 +0100, Peter Korsgaard spake thusly:
> Fixes the following security issue:
>
> - CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in
> format_timespan() function of time-util.c. An attacker could supply
> specific values for time and accuracy that leads to buffer overrun in
> format_timespan(), leading to a Denial of Service.
> https://github.com/systemd/systemd/issues/23928
>
> Drop now upstream 0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> ./support/testing/run-tests -k -o output-systemd tests.init.test_systemd
> 15:35:09 TestInitSystemSystemdRwNetworkd Starting
> 15:35:09 TestInitSystemSystemdRwNetworkd Building
> 15:43:20 TestInitSystemSystemdRwNetworkd Building done
> Downloading to /var/lib/downloads/tmpw7by1nt7
> Renaming from /var/lib/downloads/tmpw7by1nt7 to /var/lib/downloads/kernel-vexpress-5.10.7
> Downloading to /var/lib/downloads/tmpxhcetjfv
> Renaming from /var/lib/downloads/tmpxhcetjfv to /var/lib/downloads/vexpress-v2p-ca9-5.10.7.dtb
> 15:43:43 TestInitSystemSystemdRwNetworkd Cleaning up
> .15:43:43 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Starting
> 15:43:43 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Building
> 15:52:10 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Building done
> 15:52:34 TestInitSystemSystemdRwIfupdownDbusbrokerDbus Cleaning up
> .15:52:34 TestInitSystemSystemdRwIfupdownDbusbroker Starting
> 15:52:35 TestInitSystemSystemdRwIfupdownDbusbroker Building
> 16:00:40 TestInitSystemSystemdRwIfupdownDbusbroker Building done
> 16:01:04 TestInitSystemSystemdRwIfupdownDbusbroker Cleaning up
> .16:01:04 TestInitSystemSystemdRwIfupdown Starting
> 16:01:05 TestInitSystemSystemdRwIfupdown Building
> 16:09:19 TestInitSystemSystemdRwIfupdown Building done
> 16:09:43 TestInitSystemSystemdRwIfupdown Cleaning up
> .16:09:43 TestInitSystemSystemdRwFull Starting
> 16:09:43 TestInitSystemSystemdRwFull Building
> 16:21:53 TestInitSystemSystemdRwFull Building done
> 16:22:21 TestInitSystemSystemdRwFull Cleaning up
> .16:22:21 TestInitSystemSystemdRoNetworkd Starting
> 16:22:22 TestInitSystemSystemdRoNetworkd Building
> 16:30:55 TestInitSystemSystemdRoNetworkd Building done
> 16:31:18 TestInitSystemSystemdRoNetworkd Cleaning up
> .16:31:18 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Starting
> 16:31:19 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Building
> 16:39:50 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Building done
> 16:40:13 TestInitSystemSystemdRoIfupdownDbusbrokerDbus Cleaning up
> .16:40:13 TestInitSystemSystemdRoIfupdownDbusbroker Starting
> 16:40:14 TestInitSystemSystemdRoIfupdownDbusbroker Building
> 16:48:58 TestInitSystemSystemdRoIfupdownDbusbroker Building done
> 16:49:22 TestInitSystemSystemdRoIfupdownDbusbroker Cleaning up
> .16:49:22 TestInitSystemSystemdRoIfupdown Starting
> 16:49:23 TestInitSystemSystemdRoIfupdown Building
> 16:58:00 TestInitSystemSystemdRoIfupdown Building done
> 16:58:24 TestInitSystemSystemdRoIfupdown Cleaning up
> .16:58:24 TestInitSystemSystemdRoFull Starting
> 16:58:25 TestInitSystemSystemdRoFull Building
> 17:13:14 TestInitSystemSystemdRoFull Building done
> 17:13:40 TestInitSystemSystemdRoFull Cleaning up
> .
> ----------------------------------------------------------------------
> Ran 10 tests in 5911.589s
>
> OK
>
> ...define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch | 33 -------------------
> package/systemd/systemd.hash | 2 +-
> package/systemd/systemd.mk | 2 +-
> 3 files changed, 2 insertions(+), 35 deletions(-)
> delete mode 100644 package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
>
> diff --git a/package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch b/package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
> deleted file mode 100644
> index 0934886acb..0000000000
> --- a/package/systemd/0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
> +++ /dev/null
> @@ -1,33 +0,0 @@
> -From 16c132a6a0389e0eaea70c4ad95dbfd1637ec5ba Mon Sep 17 00:00:00 2001
> -From: Romain Naour <romain.naour@smile.fr>
> -Date: Fri, 7 Jan 2022 22:25:23 +0100
> -Subject: [PATCH] missing-syscall: define MOVE_MOUNT_T_EMPTY_PATH if missing
> -
> -MOVE_MOUNT_T_EMPTY_PATH has been added to systemd 250 by [1]
> -but it's defined in kernel headers since version 5.2.
> -
> -[1] c7bf079bbc19e3b409acc0c7acc3e14749211fe2
> -
> -Signed-off-by: Romain Naour <romain.naour@smile.fr>
> ----
> - src/basic/missing_syscall.h | 4 ++++
> - 1 file changed, 4 insertions(+)
> -
> -diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h
> -index 8267b1a90c..793d111c55 100644
> ---- a/src/basic/missing_syscall.h
> -+++ b/src/basic/missing_syscall.h
> -@@ -569,6 +569,10 @@ static inline int missing_open_tree(
> - #define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */
> - #endif
> -
> -+#ifndef MOVE_MOUNT_T_EMPTY_PATH
> -+#define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 /* Empty to path permitted */
> -+#endif
> -+
> - static inline int missing_move_mount(
> - int from_dfd,
> - const char *from_pathname,
> ---
> -2.31.1
> -
> diff --git a/package/systemd/systemd.hash b/package/systemd/systemd.hash
> index 3572b25965..3b98566f32 100644
> --- a/package/systemd/systemd.hash
> +++ b/package/systemd/systemd.hash
> @@ -1,5 +1,5 @@
> # sha256 locally computed
> -sha256 d2bda9d225da11dc9ff48b48e59fc36798d3e66902ed400a9f78fa370c596864 systemd-250.4.tar.gz
> +sha256 638a2fc78828765fc97bc73f428205b6dc1d359149b6c6bfe4d2a649cba2cca8 systemd-250.8.tar.gz
> sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 LICENSE.GPL2
> sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 LICENSE.LGPL2.1
> sha256 e5a8645ad94aab24e312dd0c6be2aa54236eb9374480b1b14ea5c61598874fd5 LICENSES/BSD-2-Clause.txt
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index b42f6a502b..30a75b7a40 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -19,7 +19,7 @@
> # - Diff sysusers.d with the previous version
> # - Diff factory/etc/nsswitch.conf with the previous version
> # (details are often sprinkled around in README and manpages)
> -SYSTEMD_VERSION = 250.4
> +SYSTEMD_VERSION = 250.8
> SYSTEMD_SITE = $(call github,systemd,systemd-stable,v$(SYSTEMD_VERSION))
> SYSTEMD_LICENSE = \
> LGPL-2.1+, \
> --
> 2.30.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/systemd: security bump to version v250.8
2022-11-20 16:26 [Buildroot] [PATCH] package/systemd: security bump to version v250.8 Peter Korsgaard
2022-11-20 16:45 ` Yann E. MORIN
@ 2022-11-23 9:52 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-11-23 9:52 UTC (permalink / raw)
To: buildroot; +Cc: Norbert Lange, Yann E. MORIN, Sen Hastings
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issue:
> - CVE-2022-3821: An off-by-one Error issue was discovered in Systemd in
> format_timespan() function of time-util.c. An attacker could supply
> specific values for time and accuracy that leads to buffer overrun in
> format_timespan(), leading to a Denial of Service.
> https://github.com/systemd/systemd/issues/23928
> Drop now upstream 0001-missing-syscall-define-MOVE_MOUNT_T_EMPTY_PATH-if-mi.patch
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-11-23 9:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-20 16:26 [Buildroot] [PATCH] package/systemd: security bump to version v250.8 Peter Korsgaard
2022-11-20 16:45 ` Yann E. MORIN
2022-11-23 9:52 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox