Merge ~enr0n/ubuntu/+source/systemd:ubuntu-focal-sru into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-focal
- Git
- lp:~enr0n/ubuntu/+source/systemd
- ubuntu-focal-sru
- Merge into ubuntu-focal
Proposed by
Nick Rosbrook
Status: | Merged | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Merged at revision: | c01b87ac960331a1e79815b2a643753af074614e | ||||||||||||
Proposed branch: | ~enr0n/ubuntu/+source/systemd:ubuntu-focal-sru | ||||||||||||
Merge into: | ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-focal | ||||||||||||
Diff against target: |
508 lines (+444/-10) 5 files modified
debian/changelog (+18/-6) debian/patches/CVE-2022-3821.patch (+37/-0) debian/patches/CVE-2022-4415.patch (+386/-0) debian/patches/series (+2/-0) debian/tests/boot-and-services (+1/-4) |
||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lukas Märdian | Approve | ||
Review via email: mp+438988@code.launchpad.net |
Commit message
Description of the change
Re-upload these changes with a new version number due to the recent security update. Also address an SRU review comment to tweak the workaround for LP: #1991285.
To post a comment you must log in.
Revision history for this message
Lukas Märdian (slyon) wrote : | # |
I pushed the corresponding branch & tags to our git repo and sponsored the upload:
https:/
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 0edd425..9185ef8 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,4 +1,4 @@ |
6 | -systemd (245.4-4ubuntu3.20) focal; urgency=medium |
7 | +systemd (245.4-4ubuntu3.21) focal; urgency=medium |
8 | |
9 | * udev: avoid NIC renaming race with kernel (LP: #2002445) |
10 | Files: |
11 | @@ -7,16 +7,28 @@ systemd (245.4-4ubuntu3.20) focal; urgency=medium |
12 | - debian/patches/lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch |
13 | - debian/patches/lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch |
14 | - debian/patches/lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch |
15 | - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e34409f9d68a15220aa36cbae219d4f4987e5207 |
16 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=69ab4a02e828e20ea0ddbd75179324df7a8d1175 |
17 | * test-seccomp: accept ENOSYS from sysctl(2) too (LP: #1933090) |
18 | Thanks to Roxana Nicolescu |
19 | File: debian/patches/lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch |
20 | - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=706f2e0c787cade9609d0f2b37634d7eb4517beb |
21 | - * debian/test: ignore systemd-remount-fs.service failure on armhf (LP: #1991285) |
22 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=adaddd1441370ebcdb8bc33d7406b95d85b744f9 |
23 | + * debian/test: ignore systemd-remount-fs.service failure in containers (LP: #1991285) |
24 | File: debian/tests/boot-and-services |
25 | - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cddc66ef6ecfb555dfd38c5f5fe8572efb424114 |
26 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=264bdc86f1e4dcd10e8d914d095581c54c33199a |
27 | |
28 | - -- Nick Rosbrook <nick.rosbrook@canonical.com> Mon, 27 Feb 2023 10:11:13 -0500 |
29 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Wed, 15 Mar 2023 11:04:15 -0400 |
30 | + |
31 | +systemd (245.4-4ubuntu3.20) focal-security; urgency=medium |
32 | + |
33 | + * SECURITY UPDATE: buffer overrun vulnerability in format_timespan() |
34 | + - debian/patches/CVE-2022-3821.patch: time-util: fix buffer-over-run |
35 | + - CVE-2022-3821 |
36 | + * SECURITY UPDATE: information leak vulnerability in systemd-coredump |
37 | + - debian/patches/CVE-2022-4415.patch: do not allow user to access |
38 | + coredumps with changed uid/gid/capabilities |
39 | + - CVE-2022-4415 |
40 | + |
41 | + -- Nishit Majithia <nishit.majithia@canonical.com> Thu, 02 Mar 2023 18:28:02 +0530 |
42 | |
43 | systemd (245.4-4ubuntu3.19) focal; urgency=medium |
44 | |
45 | diff --git a/debian/patches/CVE-2022-3821.patch b/debian/patches/CVE-2022-3821.patch |
46 | new file mode 100644 |
47 | index 0000000..e7ee561 |
48 | --- /dev/null |
49 | +++ b/debian/patches/CVE-2022-3821.patch |
50 | @@ -0,0 +1,37 @@ |
51 | + Origin: bakcport, https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e |
52 | + |
53 | +From 9102c625a673a3246d7e73d8737f3494446bad4e Mon Sep 17 00:00:00 2001 |
54 | +From: Yu Watanabe <watanabe.yu+github@gmail.com> |
55 | +Date: Thu, 7 Jul 2022 18:27:02 +0900 |
56 | +Subject: [PATCH] time-util: fix buffer-over-run |
57 | + |
58 | +Fixes #23928. |
59 | +--- |
60 | + src/basic/time-util.c | 2 +- |
61 | + src/test/test-time-util.c | 5 +++++ |
62 | + 2 files changed, 6 insertions(+), 1 deletion(-) |
63 | + |
64 | +--- systemd-245.4.orig/src/basic/time-util.c |
65 | ++++ systemd-245.4/src/basic/time-util.c |
66 | +@@ -514,7 +514,7 @@ char *format_timespan(char *buf, size_t |
67 | + t = b; |
68 | + } |
69 | + |
70 | +- n = MIN((size_t) k, l); |
71 | ++ n = MIN((size_t) k, l-1); |
72 | + |
73 | + l -= n; |
74 | + p += n; |
75 | +--- systemd-245.4.orig/src/test/test-time-util.c |
76 | ++++ systemd-245.4/src/test/test-time-util.c |
77 | +@@ -520,5 +520,10 @@ int main(int argc, char *argv[]) { |
78 | + x++; |
79 | + assert((time_t) x < 0); |
80 | + |
81 | ++ /* See issue #23928. */ |
82 | ++ _cleanup_free_ char *buf; |
83 | ++ assert_se(buf = new(char, 5)); |
84 | ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); |
85 | ++ |
86 | + return 0; |
87 | + } |
88 | diff --git a/debian/patches/CVE-2022-4415.patch b/debian/patches/CVE-2022-4415.patch |
89 | new file mode 100644 |
90 | index 0000000..527b156 |
91 | --- /dev/null |
92 | +++ b/debian/patches/CVE-2022-4415.patch |
93 | @@ -0,0 +1,386 @@ |
94 | + Origin: backport, https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce |
95 | + |
96 | +From bb47600aeb38c68c857fbf0ee5f66c3144dd81ce Mon Sep 17 00:00:00 2001 |
97 | +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
98 | +Date: Mon, 28 Nov 2022 12:12:55 +0100 |
99 | +Subject: [PATCH] coredump: do not allow user to access coredumps with changed |
100 | + uid/gid/capabilities |
101 | + |
102 | +When the user starts a program which elevates its permissions via setuid, |
103 | +setgid, or capabilities set on the file, it may access additional information |
104 | +which would then be visible in the coredump. We shouldn't make the the coredump |
105 | +visible to the user in such cases. |
106 | + |
107 | +Reported-by: Matthias Gerstner <mgerstner@suse.de> |
108 | + |
109 | +This reads the /proc/<pid>/auxv file and attaches it to the process metadata as |
110 | +PROC_AUXV. Before the coredump is submitted, it is parsed and if either |
111 | +at_secure was set (which the kernel will do for processes that are setuid, |
112 | +setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file |
113 | +is not made accessible to the user. If we can't access this data, we assume the |
114 | +file should not be made accessible either. In principle we could also access |
115 | +the auxv data from a note in the core file, but that is much more complex and |
116 | +it seems better to use the stand-alone file that is provided by the kernel. |
117 | + |
118 | +Attaching auxv is both convient for this patch (because this way it's passed |
119 | +between the stages along with other fields), but I think it makes sense to save |
120 | +it in general. |
121 | + |
122 | +We use the information early in the core file to figure out if the program was |
123 | +32-bit or 64-bit and its endianness. This way we don't need heuristics to guess |
124 | +whether the format of the auxv structure. This test might reject some cases on |
125 | +fringe architecutes. But the impact would be limited: we just won't grant the |
126 | +user permissions to view the coredump file. If people report that we're missing |
127 | +some cases, we can always enhance this to support more architectures. |
128 | + |
129 | +I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and |
130 | +ppc64el, but not the whole coredump handling. |
131 | + |
132 | +(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03) |
133 | +(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c) |
134 | +(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57) |
135 | +(cherry picked from commit 1d5e0e9910500f3c3584485f77bfc35e601036e3) |
136 | +(cherry picked from commit 8215e1527d859e77dd1378fd7e42bbd32130edb3) |
137 | +(cherry picked from commit 786df410b1cb3a2294c9a5d118c958525e7439e6) |
138 | +--- |
139 | + src/basic/io-util.h | 9 ++ |
140 | + src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++--- |
141 | + 2 files changed, 192 insertions(+), 13 deletions(-) |
142 | + |
143 | +--- systemd-245.4.orig/src/basic/io-util.h |
144 | ++++ systemd-245.4/src/basic/io-util.h |
145 | +@@ -85,7 +85,16 @@ struct iovec_wrapper *iovw_new(void); |
146 | + struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw); |
147 | + struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw); |
148 | + void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors); |
149 | ++ |
150 | + int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len); |
151 | ++static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) { |
152 | ++ /* Move data into iovw or free on error */ |
153 | ++ int r = iovw_put(iovw, data, len); |
154 | ++ if (r < 0) |
155 | ++ free(data); |
156 | ++ return r; |
157 | ++} |
158 | ++ |
159 | + int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value); |
160 | + int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value); |
161 | + void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new); |
162 | +--- systemd-245.4.orig/src/coredump/coredump.c |
163 | ++++ systemd-245.4/src/coredump/coredump.c |
164 | +@@ -3,6 +3,7 @@ |
165 | + #include <errno.h> |
166 | + #include <stdio.h> |
167 | + #include <sys/prctl.h> |
168 | ++#include <sys/auxv.h> |
169 | + #include <sys/xattr.h> |
170 | + #include <unistd.h> |
171 | + |
172 | +@@ -95,6 +96,7 @@ enum { |
173 | + |
174 | + META_EXE = _META_MANDATORY_MAX, |
175 | + META_UNIT, |
176 | ++ META_PROC_AUXV, |
177 | + _META_MAX |
178 | + }; |
179 | + |
180 | +@@ -109,10 +111,12 @@ static const char * const meta_field_nam |
181 | + [META_COMM] = "COREDUMP_COMM=", |
182 | + [META_EXE] = "COREDUMP_EXE=", |
183 | + [META_UNIT] = "COREDUMP_UNIT=", |
184 | ++ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=", |
185 | + }; |
186 | + |
187 | + typedef struct Context { |
188 | + const char *meta[_META_MAX]; |
189 | ++ size_t meta_size[_META_MAX]; |
190 | + pid_t pid; |
191 | + bool is_pid1; |
192 | + bool is_journald; |
193 | +@@ -171,7 +175,9 @@ static uint64_t storage_size_max(void) { |
194 | + return 0; |
195 | + } |
196 | + |
197 | +-static int fix_acl(int fd, uid_t uid) { |
198 | ++static int fix_acl(int fd, uid_t uid, bool allow_user) { |
199 | ++ assert(fd >= 0); |
200 | ++ assert(uid_is_valid(uid)); |
201 | + |
202 | + #if HAVE_ACL |
203 | + _cleanup_(acl_freep) acl_t acl = NULL; |
204 | +@@ -179,7 +185,9 @@ static int fix_acl(int fd, uid_t uid) { |
205 | + acl_permset_t permset; |
206 | + int r; |
207 | + |
208 | +- assert(fd >= 0); |
209 | ++ /* We don't allow users to read coredumps if the uid or capabilities were changed. */ |
210 | ++ if (!allow_user) |
211 | ++ return 0; |
212 | + |
213 | + if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) |
214 | + return 0; |
215 | +@@ -258,7 +266,8 @@ static int fix_permissions( |
216 | + const char *filename, |
217 | + const char *target, |
218 | + const Context *context, |
219 | +- uid_t uid) { |
220 | ++ uid_t uid, |
221 | ++ bool allow_user) { |
222 | + |
223 | + int r; |
224 | + |
225 | +@@ -268,7 +277,7 @@ static int fix_permissions( |
226 | + |
227 | + /* Ignore errors on these */ |
228 | + (void) fchmod(fd, 0640); |
229 | +- (void) fix_acl(fd, uid); |
230 | ++ (void) fix_acl(fd, uid, allow_user); |
231 | + (void) fix_xattr(fd, context); |
232 | + |
233 | + if (fsync(fd) < 0) |
234 | +@@ -339,6 +348,153 @@ static int make_filename(const Context * |
235 | + return 0; |
236 | + } |
237 | + |
238 | ++static int parse_auxv64( |
239 | ++ const uint64_t *auxv, |
240 | ++ size_t size_bytes, |
241 | ++ int *at_secure, |
242 | ++ uid_t *uid, |
243 | ++ uid_t *euid, |
244 | ++ gid_t *gid, |
245 | ++ gid_t *egid) { |
246 | ++ |
247 | ++ assert(auxv || size_bytes == 0); |
248 | ++ |
249 | ++ if (size_bytes % (2 * sizeof(uint64_t)) != 0) |
250 | ++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); |
251 | ++ |
252 | ++ size_t words = size_bytes / sizeof(uint64_t); |
253 | ++ |
254 | ++ /* Note that we set output variables even on error. */ |
255 | ++ |
256 | ++ for (size_t i = 0; i + 1 < words; i += 2) |
257 | ++ switch (auxv[i]) { |
258 | ++ case AT_SECURE: |
259 | ++ *at_secure = auxv[i + 1] != 0; |
260 | ++ break; |
261 | ++ case AT_UID: |
262 | ++ *uid = auxv[i + 1]; |
263 | ++ break; |
264 | ++ case AT_EUID: |
265 | ++ *euid = auxv[i + 1]; |
266 | ++ break; |
267 | ++ case AT_GID: |
268 | ++ *gid = auxv[i + 1]; |
269 | ++ break; |
270 | ++ case AT_EGID: |
271 | ++ *egid = auxv[i + 1]; |
272 | ++ break; |
273 | ++ case AT_NULL: |
274 | ++ if (auxv[i + 1] != 0) |
275 | ++ goto error; |
276 | ++ return 0; |
277 | ++ } |
278 | ++ error: |
279 | ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), |
280 | ++ "AT_NULL terminator not found, cannot parse auxv structure."); |
281 | ++} |
282 | ++ |
283 | ++static int parse_auxv32( |
284 | ++ const uint32_t *auxv, |
285 | ++ size_t size_bytes, |
286 | ++ int *at_secure, |
287 | ++ uid_t *uid, |
288 | ++ uid_t *euid, |
289 | ++ gid_t *gid, |
290 | ++ gid_t *egid) { |
291 | ++ |
292 | ++ assert(auxv || size_bytes == 0); |
293 | ++ |
294 | ++ size_t words = size_bytes / sizeof(uint32_t); |
295 | ++ |
296 | ++ if (size_bytes % (2 * sizeof(uint32_t)) != 0) |
297 | ++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); |
298 | ++ |
299 | ++ /* Note that we set output variables even on error. */ |
300 | ++ |
301 | ++ for (size_t i = 0; i + 1 < words; i += 2) |
302 | ++ switch (auxv[i]) { |
303 | ++ case AT_SECURE: |
304 | ++ *at_secure = auxv[i + 1] != 0; |
305 | ++ break; |
306 | ++ case AT_UID: |
307 | ++ *uid = auxv[i + 1]; |
308 | ++ break; |
309 | ++ case AT_EUID: |
310 | ++ *euid = auxv[i + 1]; |
311 | ++ break; |
312 | ++ case AT_GID: |
313 | ++ *gid = auxv[i + 1]; |
314 | ++ break; |
315 | ++ case AT_EGID: |
316 | ++ *egid = auxv[i + 1]; |
317 | ++ break; |
318 | ++ case AT_NULL: |
319 | ++ if (auxv[i + 1] != 0) |
320 | ++ goto error; |
321 | ++ return 0; |
322 | ++ } |
323 | ++ error: |
324 | ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), |
325 | ++ "AT_NULL terminator not found, cannot parse auxv structure."); |
326 | ++} |
327 | ++ |
328 | ++static int grant_user_access(int core_fd, const Context *context) { |
329 | ++ int at_secure = -1; |
330 | ++ uid_t uid = UID_INVALID, euid = UID_INVALID; |
331 | ++ uid_t gid = GID_INVALID, egid = GID_INVALID; |
332 | ++ int r; |
333 | ++ |
334 | ++ assert(core_fd >= 0); |
335 | ++ assert(context); |
336 | ++ |
337 | ++ if (!context->meta[META_PROC_AUXV]) |
338 | ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions."); |
339 | ++ |
340 | ++ uint8_t elf[EI_NIDENT]; |
341 | ++ errno = 0; |
342 | ++ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf)) |
343 | ++ return log_warning_errno(errno_or_else(EIO), |
344 | ++ "Failed to pread from coredump fd: %s", errno != 0 ? strerror_safe(errno) : "Unexpected EOF"); |
345 | ++ |
346 | ++ if (elf[EI_MAG0] != ELFMAG0 || |
347 | ++ elf[EI_MAG1] != ELFMAG1 || |
348 | ++ elf[EI_MAG2] != ELFMAG2 || |
349 | ++ elf[EI_MAG3] != ELFMAG3 || |
350 | ++ elf[EI_VERSION] != EV_CURRENT) |
351 | ++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), |
352 | ++ "Core file does not have ELF header, not adjusting permissions."); |
353 | ++ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) || |
354 | ++ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB)) |
355 | ++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), |
356 | ++ "Core file has strange ELF class, not adjusting permissions."); |
357 | ++ |
358 | ++ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN)) |
359 | ++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), |
360 | ++ "Core file has non-native endianness, not adjusting permissions."); |
361 | ++ |
362 | ++ if (elf[EI_CLASS] == ELFCLASS64) |
363 | ++ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV], |
364 | ++ context->meta_size[META_PROC_AUXV], |
365 | ++ &at_secure, &uid, &euid, &gid, &egid); |
366 | ++ else |
367 | ++ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV], |
368 | ++ context->meta_size[META_PROC_AUXV], |
369 | ++ &at_secure, &uid, &euid, &gid, &egid); |
370 | ++ if (r < 0) |
371 | ++ return r; |
372 | ++ |
373 | ++ /* We allow access if we got all the data and at_secure is not set and |
374 | ++ * the uid/gid matches euid/egid. */ |
375 | ++ bool ret = |
376 | ++ at_secure == 0 && |
377 | ++ uid != UID_INVALID && euid != UID_INVALID && uid == euid && |
378 | ++ gid != GID_INVALID && egid != GID_INVALID && gid == egid; |
379 | ++ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)", |
380 | ++ ret ? "permit" : "restrict", |
381 | ++ uid, euid, gid, egid, yes_no(at_secure)); |
382 | ++ return ret; |
383 | ++} |
384 | ++ |
385 | + static int save_external_coredump( |
386 | + const Context *context, |
387 | + int input_fd, |
388 | +@@ -404,6 +560,8 @@ static int save_external_coredump( |
389 | + goto fail; |
390 | + } |
391 | + *ret_truncated = r == 1; |
392 | ++ bool allow_user = grant_user_access(fd, context) > 0; |
393 | ++ |
394 | + if (*ret_truncated) |
395 | + log_struct(LOG_INFO, |
396 | + LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size), |
397 | +@@ -445,7 +603,7 @@ static int save_external_coredump( |
398 | + goto fail_compressed; |
399 | + } |
400 | + |
401 | +- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); |
402 | ++ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user); |
403 | + if (r < 0) |
404 | + goto fail_compressed; |
405 | + |
406 | +@@ -468,7 +626,7 @@ static int save_external_coredump( |
407 | + uncompressed: |
408 | + #endif |
409 | + |
410 | +- r = fix_permissions(fd, tmp, fn, context, uid); |
411 | ++ r = fix_permissions(fd, tmp, fn, context, uid, allow_user); |
412 | + if (r < 0) |
413 | + goto fail; |
414 | + |
415 | +@@ -719,7 +877,7 @@ static int change_uid_gid(const Context |
416 | + } |
417 | + |
418 | + static int submit_coredump( |
419 | +- Context *context, |
420 | ++ const Context *context, |
421 | + struct iovec_wrapper *iovw, |
422 | + int input_fd) { |
423 | + |
424 | +@@ -841,16 +999,15 @@ static int save_context(Context *context |
425 | + struct iovec *iovec = iovw->iovec + n; |
426 | + |
427 | + for (i = 0; i < ELEMENTSOF(meta_field_names); i++) { |
428 | +- char *p; |
429 | +- |
430 | + /* Note that these strings are NUL terminated, because we made sure that a |
431 | + * trailing NUL byte is in the buffer, though not included in the iov_len |
432 | + * count (see process_socket() and gather_pid_metadata_*()) */ |
433 | + assert(((char*) iovec->iov_base)[iovec->iov_len] == 0); |
434 | + |
435 | +- p = startswith(iovec->iov_base, meta_field_names[i]); |
436 | ++ const char *p = startswith(iovec->iov_base, meta_field_names[i]); |
437 | + if (p) { |
438 | + context->meta[i] = p; |
439 | ++ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]); |
440 | + count++; |
441 | + break; |
442 | + } |
443 | +@@ -1098,6 +1255,7 @@ static int gather_pid_metadata(struct io |
444 | + uid_t owner_uid; |
445 | + pid_t pid; |
446 | + char *t; |
447 | ++ size_t size; |
448 | + const char *p; |
449 | + int r; |
450 | + |
451 | +@@ -1163,13 +1321,26 @@ static int gather_pid_metadata(struct io |
452 | + (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t); |
453 | + |
454 | + p = procfs_file_alloca(pid, "cgroup"); |
455 | +- if (read_full_file(p, &t, NULL) >=0) |
456 | ++ if (read_full_file(p, &t, NULL) >= 0) |
457 | + (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t); |
458 | + |
459 | + p = procfs_file_alloca(pid, "mountinfo"); |
460 | +- if (read_full_file(p, &t, NULL) >=0) |
461 | ++ if (read_full_file(p, &t, NULL) >= 0) |
462 | + (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t); |
463 | + |
464 | ++ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */ |
465 | ++ p = procfs_file_alloca(pid, "auxv"); |
466 | ++ if (read_full_virtual_file(p, &t, &size) >= 0) { |
467 | ++ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1); |
468 | ++ if (buf) { |
469 | ++ /* Add a dummy terminator to make save_context() happy. */ |
470 | ++ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0'; |
471 | ++ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV=")); |
472 | ++ } |
473 | ++ |
474 | ++ free(t); |
475 | ++ } |
476 | ++ |
477 | + if (get_process_cwd(pid, &t) >= 0) |
478 | + (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t); |
479 | + |
480 | diff --git a/debian/patches/series b/debian/patches/series |
481 | index bae1736..49f6f2e 100644 |
482 | --- a/debian/patches/series |
483 | +++ b/debian/patches/series |
484 | @@ -185,6 +185,8 @@ lp1945225/0001-udev-net_id-parse-_SUN-ACPI-index-as-a-signed-intege.patch |
485 | lp1945225/0002-udev-net_id-don-t-generate-slot-based-names-if-multi.patch |
486 | lp1945225/0003-net_id-fix-newly-added-naming-scheme-name.patch |
487 | lp1945225/0004-Add-remaining-supported-schemes-as-options-for-defau.patch |
488 | +CVE-2022-3821.patch |
489 | +CVE-2022-4415.patch |
490 | lp2002445-udev-net-allow-new-link-name-as-an-altname-before-renamin.patch |
491 | lp2002445-netlink-introduce-rtnl_get-delete_link_alternative_names.patch |
492 | lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch |
493 | diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services |
494 | index 6090569..6c832be 100755 |
495 | --- a/debian/tests/boot-and-services |
496 | +++ b/debian/tests/boot-and-services |
497 | @@ -59,10 +59,7 @@ class ServicesTest(unittest.TestCase): |
498 | # https://bugs.debian.org/926138 |
499 | if is_container: |
500 | failed = [f for f in failed if 'e2scrub_reap.service' not in f] |
501 | - # LP: #1991285 |
502 | - arch = subprocess.check_output(['dpkg', '--print-architecture']) |
503 | - arch = arch.decode('utf-8').strip() |
504 | - if arch == 'armhf': |
505 | + # LP: #1991285 |
506 | failed = [f for f in failed if 'systemd-remount-fs.service' not in f] |
507 | if failed: |
508 | for f in failed: |
Thanks. Security matches what we have in the archive (git-ubuntu).
The is_container check looks good to me after reading the SRU discussion.
Nice job of keeping a clean fast-forward git history, with using this squashed revert commit!