Ubuntu
systemd package

Merge ~enr0n/ubuntu/+source/systemd:ubuntu-focal into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-focal

  1. Git
  2. lp:~enr0n/ubuntu/+source/systemd
  3. ubuntu-focal
  4. Merge into ubuntu-focal
Proposed by Nick Rosbrook
Status: Merged
Merged at revision: aa7504b4668a7da4d57199add5050219d98394b0
Proposed branch: ~enr0n/ubuntu/+source/systemd:ubuntu-focal
Merge into: ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-focal
Diff against target: 64 lines (+42/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch (+33/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Lukas Märdian Approve
Review via email: mp+439761@code.launchpad.net

Description of the change

Quick follow on to the current upload in -propsed as per customer request.

This has built in my PPA: https://launchpad.net/~enr0n/+archive/ubuntu/systemd-245/+packages.

I will post the autopkgtest results when they have finished.

To post a comment you must log in.
Revision history for this message
Lukas Märdian (slyon) wrote :

Thanks, LGTM. Patch matches upstream fix and is included in Jammy (249.11) and above.

I'm fine sponsoring this as soon as we have the tests results.
Do you want it to be sponsored together with the currently pending Focal SRU in focal-proposed or uploaded separately afterward?

review: Approve
Revision history for this message
Nick Rosbrook (enr0n) wrote :

autopkgtest results:

systemd 245.4-4ubuntu3.22~ppa1 (amd64) -- Fail: https://autopkgtest.ubuntu.com/results/autopkgtest-focal-enr0n-systemd-245/focal/amd64/s/systemd/20230327_222555_b66c3@/log.gz
systemd 245.4-4ubuntu3.22~ppa1 (arm64) -- Pass: https://autopkgtest.ubuntu.com/results/autopkgtest-focal-enr0n-systemd-245/focal/arm64/s/systemd/20230327_231356_3bf23@/log.gz
systemd 245.4-4ubuntu3.22~ppa1 (armhf) -- Pass: https://autopkgtest.ubuntu.com/results/autopkgtest-focal-enr0n-systemd-245/focal/armhf/s/systemd/20230327_185052_a104f@/log.gz
systemd 245.4-4ubuntu3.22~ppa1 (ppc64el) -- Pass: https://autopkgtest.ubuntu.com/results/autopkgtest-focal-enr0n-systemd-245/focal/ppc64el/s/systemd/20230327_200800_38040@/log.gz
systemd 245.4-4ubuntu3.22~ppa1 (s390x) -- Fail: https://autopkgtest.ubuntu.com/results/autopkgtest-focal-enr0n-systemd-245/focal/s390x/s/systemd/20230327_224230_da29b@/log.gz

The two failures are test bed failures.

I was thinking it would make the most sense to upload now since SRU verification did not happen yet for the other bugs, and this is an urgent fix from the customer perspective.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 9185ef8..e8e0e5b 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+systemd (245.4-4ubuntu3.22) focal; urgency=medium
7+
8+ * resolve: fix potential memleak and use-after-free (LP: #2012943)
9+ File: debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch
10+ https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ed2729587663dbab3583d06492b715df2896874e
11+
12+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Mon, 27 Mar 2023 13:54:06 -0400
13+
14 systemd (245.4-4ubuntu3.21) focal; urgency=medium
15
16 * udev: avoid NIC renaming race with kernel (LP: #2002445)
17diff --git a/debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch b/debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch
18new file mode 100644
19index 0000000..532a601
20--- /dev/null
21+++ b/debian/patches/lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch
22@@ -0,0 +1,33 @@
23+From: Yu Watanabe <watanabe.yu+github@gmail.com>
24+Date: Sat, 5 Feb 2022 21:37:01 +0900
25+Subject: resolve: fix potential memleak and use-after-free
26+
27+Origin: upstream, https://github.com/systemd/systemd/commit/73bfd7be042cc63e7649242b377ad494bf74ea4b
28+Bug-Ubuntu: https://launchpad.net/bugs/2012943
29+
30+When stub stream is closed early, then queries associated to the stream
31+are freed. Previously, the timer event source for queries may not be
32+disabled, hence may be triggered with already freed query.
33+See also dns_stub_stream_complete().
34+
35+Note that we usually not set NULL or zero when freeing simple objects.
36+But, here DnsQuery is large and complicated object, and the element may
37+be referenced in subsequent freeing process in the future. Hence, for
38+safety, let's set NULL to the pointer.
39+---
40+ src/resolve/resolved-dns-query.c | 2 ++
41+ 1 file changed, 2 insertions(+)
42+
43+diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
44+index 614cc32..564bc3c 100644
45+--- a/src/resolve/resolved-dns-query.c
46++++ b/src/resolve/resolved-dns-query.c
47+@@ -363,6 +363,8 @@ DnsQuery *dns_query_free(DnsQuery *q) {
48+ if (!q)
49+ return NULL;
50+
51++ q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source);
52++
53+ while (q->auxiliary_queries)
54+ dns_query_free(q->auxiliary_queries);
55+
56diff --git a/debian/patches/series b/debian/patches/series
57index 49f6f2e..9fa4a07 100644
58--- a/debian/patches/series
59+++ b/debian/patches/series
60@@ -193,3 +193,4 @@ lp2002445-netlink-do-not-fail-when-new-interface-name-is-already-us.patch
61 lp2002445-sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch
62 lp2002445-udev-attempt-device-rename-even-if-interface-is-up.patch
63 lp1933090-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch
64+lp2012943-resolve-fix-potential-memleak-and-use-after-free.patch

Subscribers

People subscribed via source and target branches