Ubuntu
systemd package

Merge ~halves/ubuntu/+source/systemd:lp1876600-bionic into ubuntu/+source/systemd:ubuntu/bionic-devel

  1. Git
  2. lp:~halves/ubuntu/+source/systemd
  3. lp1876600-bionic
  4. Merge into ubuntu/bionic-devel
Proposed by Heitor Alves de Siqueira
Status: Needs review
Proposed branch: ~halves/ubuntu/+source/systemd:lp1876600-bionic
Merge into: ubuntu/+source/systemd:ubuntu/bionic-devel
Diff against target: 119 lines (+97/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/lp1876600-sd-bus-deal-with-cookie-overruns.patch (+89/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
git-ubuntu developers Pending
Review via email: mp+383417@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Heitor Alves de Siqueira (halves) wrote :

The "backport" portion essentially consisted of changing upstream's FLAGS_SET() macro for the manual operation, as the necessary patch [0] is not present in Bionic.

[0] https://github.com/systemd/systemd/commit/d94a24ca2ea7

Reply
Revision history for this message
Dan Streetman (ddstreet) wrote :

It certainly seems like it could be done better upstream! But it will work to fix the bug. Small more detailed comment below inline.

Thanks!

Reply

Unmerged commits

45d8d09... by Heitor Alves de Siqueira

Update debian/changelog

dce26b6... by Heitor Alves de Siqueira

LP: #1876600

193053c... by Dan Streetman

Import patches-unapplied version 237-3ubuntu10.40 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9d132111c1aac841261431c8d9f7fd5bda6438de

New changelog entries:
  * d/t/logind: skip if nonexistent /sys/power/state (LP: #1862657)
  * d/p/lp1839290-Change-job-mode-of-manager-triggered-restarts-to-JOB.patch:
    - when restarting service after failure, replace existing queued jobs
      (LP: #1839290)
  * d/p/lp1867421-70-mouse.hwdb-Set-DPI-for-MS-Classic-IntelliMouse.patch:
    - fix resolution of IntelliMouse (LP: #1867421)
  * d/p/lp1858412-journalctl-allow-running-vacuum-on-remote-journals-t.patch:
    - allow vacuuming journal 'root' dir (LP: #1858412)
  * d/p/lp1862232/0001-network-add-more-log-messages-in-configuring-DHCP4-c.patch,
    d/p/lp1862232/0002-network-add-more-log-messages-in-configuring-DHCP6-c.patch,
    d/p/lp1862232/0003-network-also-check-that-Hostname-is-a-valid-DNS-doma.patch,
    d/p/lp1862232/0004-network-use-free_and_replace.patch,
    d/p/lp1862232/0005-network-DHCP-ignore-error-in-setting-hostname-when-i.patch,
    d/p/lp1862232/0006-man-mention-that-Hostname-for-DHCP-must-be-a-valid-D.patch,
    d/p/lp1862232/0007-resolve-fix-error-handling-of-dns_name_is_valid.patch:
    - do not fail network setup if hostname is not valid (LP: #1862232)
  * d/t/systemd-fsckd: Skip test on arm64 (LP: #1870194)
  * d/p/lp1870589-seccomp-rework-how-the-S-UG-ID-filter-is-installed.patch:
    - fix test-seccomp failure (LP: #1870589)
  * d/rules: use meson --print-errorlogs instead of cat testlog
    - (LP: #1870811)
  * d/p/lp1776654-test-Synchronize-journal-before-reading-from-it.patch:
    - sync journal before reading from it (LP: #1776654)
  * d/p/lp1837914-journal-do-not-trigger-assertion-when-journal_file_c.patch:
    - do not crash if NULL passted to journal destructor (LP: #1837914)
  * d/e/initramfs-tools/hooks/udev:
    - Follow symlinks when finding link files to copy into initramfs
      (LP: #1868892)

9d13211... by Dan Streetman

Import patches-unapplied version 237-3ubuntu10.39 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 869f3912260152be11974c6824c43ced332cffce

New changelog entries:
  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch,
    d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch,
    d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)
  [ Ioanna Alifieraki ]
  * d/p/lp1860548/0001-Revert-Replace-use-of-snprintf-with-xsprintf.patch,
    d/p/lp1860548/0002-job-truncate-unit-description.patch:
    - use snprintf instead of xsprintf (LP: #1860548)
  [ Dan Streetman ]
  * d/p/lp1833193-network-update-address-when-static-address-was-alrea.patch:
    - Update lft when static addr was cfg by dhcp (LP: #1833193)
  * d/p/lp1849261/0001-core-when-we-can-t-enqueue-OnFailure-job-show-full-e.patch,
    d/p/lp1849261/0002-core-don-t-trigger-OnFailure-deps-when-a-unit-is-goi.patch:
    - Only trigger OnFailure= if Restart= is not in effect (LP: #1849261)
  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    - set ipv6 mtu at correct time (LP: #1671951)
  * d/p/lp1845909/0001-networkd-honour-LinkLocalAddressing.patch,
    d/p/lp1845909/0002-networkd-fix-link_up-12505.patch,
    d/p/lp1845909/0003-network-do-not-send-ipv6-token-to-kernel.patch,
    d/p/lp1845909/0004-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/lp1845909/0005-network-add-link-setting_genmode-flag.patch,
    d/p/lp1845909/0006-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
    d/p/lp1845909/0007-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch,
    d/p/lp1845909/0008-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch:
    - if LinkLocalAddressing=no prevent creation of ipv6ll (LP: #1845909)
  * d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch:
    - enable ipv6 when needed (LP: #1859862)
  * d/p/lp1836695-networkd-Add-back-static-routes-after-DHCPv4-lease-e.patch:
    - (re)add static routes after getting dhcp4 addr (LP: #1836695)
  * d/t/storage:
    - fix buggy test (LP: #1831459)
    - without scsi_debug, skip test (LP: #1847816)

869f391... by Marc Deslauriers

Import patches-unapplied version 237-3ubuntu10.38 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 785cac75569b3b5bb5c2b5064ac8b5691b863f85

New changelog entries:
  * SECURITY UPDATE: local privilege escalation via DynamicUser
    - debian/patches/CVE-2019-384x-1.patch: introduce
      seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
      in src/shared/seccomp-util.c, src/shared/seccomp-util.h.
    - debian/patches/CVE-2019-384x-2.patch: add test case for
      restrict_suid_sgid() in src/test/test-seccomp.c.
    - debian/patches/CVE-2019-384x-3.patch: expose SUID/SGID restriction as
      new unit setting RestrictSUIDSGID= in src/core/dbus-execute.c,
      src/core/execute.c, src/core/execute.h,
      src/core/load-fragment-gperf.gperf.m4, src/shared/bus-unit-util.c.
    - debian/patches/CVE-2019-384x-4.patch: document the new
      RestrictSUIDSGID= setting in man/systemd.exec.xml.
    - debian/patches/CVE-2019-384x-5.patch: turn on RestrictSUIDSGID= in
      most of our long-running daemons in units/systemd-*.service.in.
    - debian/patches/CVE-2019-384x-6.patch: imply NNP and SUID/SGID
      restriction for DynamicUser=yes service in man/systemd.exec.xml,
      src/core/unit.c.
    - debian/patches/CVE-2019-384x-7.patch: fix compilation on arm64 in
      src/test/test-seccomp.c.
    - CVE-2019-3843
    - CVE-2019-3844
  * SECURITY UPDATE: memory leak in button_open
    - debian/patches/CVE-2019-20386.patch: fix event in
      src/login/logind-button.c.
    - CVE-2019-20386
  * SECURITY UPDATE: heap use-after-free with async polkit queries
    - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
      re-validate action/details in src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
      incoming messages in src/libsystemd/libsystemd.sym,
      src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
    - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
      re-resolve callback/userdata instead of caching it in
      src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
      src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
      src/systemd/sd-bus.h, src/shared/bus-util.c.
    - debian/libsystemd0.symbols: added new symbols.
    - CVE-2020-1712
  * This package does _not_ contain the changes from 237-3ubuntu10.34 in
    bionic-proposed.

785cac7... by Dan Streetman

Import patches-unapplied version 237-3ubuntu10.33 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f151f14afc1eaa31d5a25114404201df8b51e3

New changelog entries:
  * d/p/lp1852754/0001-network-do-not-re-set-MTU-when-current-and-requested.patch,
    d/p/lp1852754/0002-network-call-link_acquire_conf-and-link_enter_join_n.patch,
    d/p/lp1852754/0003-network-prohibit-to-set-MTUBytes-and-UseMTU-simultan.patch:
    - Complete link setup after setting mtu (LP: #1852754)

c7f151f... by Dan Streetman

Import patches-unapplied version 237-3ubuntu10.32 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f16b6caea574baab7338c8e3d28bd8886caddb22

New changelog entries:
  [ Victor Tapia ]
  * d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch
    Fix regression introduced by
    resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch when
    DNSSEC=yes (LP: #1796501)
  [ Dan Streetman ]
  * d/p/fix-typo-lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch:
    - Fix typo in previous patch
  * d/p/lp1840640-shared-seccomp-add-sync_file_range2.patch:
    - allow sync_file_range2 in nspawn container
      (LP: #1840640)
  * d/p/lp1783994-dissect-Don-t-count-RPMB-and-boot-partitions-8609.patch:
    - avoid systemd-gpt-auto-generator failure if mmc dev present
      (LP: #1783994)
  * d/p/lp1832672-resolved-rework-parsing-of-etc-hosts.patch:
    - do not fail entire file on error when parsing /etc/hosts
    - parse # char anywhere in line as start of comment
      (LP: #1832672)
  * d/p/lp1843381-dell_passthrough_skip_rename_retry.patch,
    debian/extra/rules/73-usb-net-by-mac.rules:
    - fix rename delay for systems using "Dell MAC passthrough"
      (LP: #1843381)
  * d/p/lp1849733/0001-resolved-longlived-TCP-connections.patch,
    d/p/lp1849733/0002-resolved-line-split-dns_stream_new-function-signatur.patch,
    d/p/lp1849733/0003-resolved-add-some-assert-s.patch,
    d/p/lp1849733/0004-stream-track-type-of-DnsStream-object.patch,
    d/p/lp1849733/0005-llmnr-add-comment-why-we-install-no-complete-handler.patch,
    d/p/lp1849733/0006-resolved-restart-stream-timeout-whenever-we-managed-.patch,
    d/p/lp1849733/0007-resolved-only-call-complete-with-zero-argument-in-LL.patch,
    d/p/lp1849733/0008-resolved-add-comment-to-dns_stream_complete-about-it.patch,
    d/p/lp1849733/0009-resolved-keep-stub-stream-connections-up-for-as-long.patch,
    d/p/lp1849733/0010-resolved-if-we-can-t-append-EDNS-OPT-RR-then-indicat.patch,
    d/p/lp1849733/0011-resolved-don-t-let-EDNS0-OPT-dgram-size-affect-TCP.patch,
    d/p/lp1849733/0012-resolved-add-new-accessor-dns_stream_take_read_packe.patch,
    d/p/lp1849733/0013-resolve-do-not-complete-stream-transaction-when-it-i.patch:
    - add TCP pipelining to handle getaddrinfo() fallback to TCP
    - ignore EDNS0 payload limit when responding over TCP (LP: #1849733)
  * d/p/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch:
    - Fix bug in refcounting TCP stream types (LP: #1849658)
  * d/p/lp1850704/0001-networkd-Unify-set-MTU.patch,
    d/p/lp1850704/0002-network-drop-redundant-lines.patch:
    - Fix setting mtu if interface already up (LP: #1850704)
  * d/extra/dhclient-enter-resolved-hook:
    - only restart resolved if dhclient conf changed (LP: #1805183)

f16b6ca... by Balint Reczey

Import patches-unapplied version 237-3ubuntu10.31 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: e4f0da794ff9053156e6a42fd120e217352aa8f6

New changelog entries:
  [ Dimitri John Ledkov ]
  * Add conflicts with upstart and systemd-shim. (LP: #1773859)
  * d/p/debian/UBUNTU-units-disable-journald-watchdog.patch
    - units: Disable journald Watchdog (LP: #1773148)
  * d/p/cryptsetup-add-support-for-sector-size-option-8881.patch
    - cryptsetup: add support for sector-size= option (LP: #1776626)
  * d/p/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
    - systemctl: correctly proceed to immediate shutdown if scheduling fails
      (LP: #1670291)
  * d/p/networkd-add-support-to-configure-IPv6-MTU-8664.patch
    - networkd: add support to set IPv6MTUBytes (LP: #1671951)

e4f0da7... by Shih-Yuan Lee

Import patches-unapplied version 237-3ubuntu10.29 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 0808861c62596ac74666d811e83a539bdf4520c8

New changelog entries:
  * d/p/d/Revert-udev-network-device-renaming-immediately-give.patch:
    - udev: add Revert-udev-network-device-renaming-immediately-give.patch back
      Dropping this patch will cause the persistent network regression.
      (LP: #1842651)

0808861... by Chris Coulson

Import patches-unapplied version 237-3ubuntu10.28 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: e93edb076b77e6e28e9ea070687b97279737cc16

New changelog entries:
  * SECURITY UPDATE: Unprivileged users are granted access to privileged
    systemd-resolved D-Bus methods
    - d/p/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch:
      drop trusted annotation from bus_open_system_watch_bind()
    - CVE-2019-15718

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 607135d..6e4ebb2 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+systemd (237-3ubuntu10.41) bionic; urgency=medium
7+
8+ * d/p/lp1876600-sd-bus-deal-with-cookie-overruns.patch:
9+ - deal with dbus cookie overruns (LP: #1876600)
10+
11+ -- Heitor Alves de Siqueira <halves@canonical.com> Sun, 03 May 2020 11:30:25 +0000
12+
13 systemd (237-3ubuntu10.40) bionic; urgency=medium
14
15 * d/t/logind: skip if nonexistent /sys/power/state (LP: #1862657)
16diff --git a/debian/patches/lp1876600-sd-bus-deal-with-cookie-overruns.patch b/debian/patches/lp1876600-sd-bus-deal-with-cookie-overruns.patch
17new file mode 100644
18index 0000000..d3bbac0
19--- /dev/null
20+++ b/debian/patches/lp1876600-sd-bus-deal-with-cookie-overruns.patch
21@@ -0,0 +1,89 @@
22+From f44303b9cbdafd5b3c24bf58203430f6deb4de7e Mon Sep 17 00:00:00 2001
23+From: Lennart Poettering <lennart@poettering.net>
24+Date: Mon, 25 Feb 2019 11:02:46 +0100
25+Subject: [PATCH] sd-bus: deal with cookie overruns
26+
27+Apparently this happens IRL. Let's carefully deal with issues like this:
28+when we overrun, let's not go back to zero but instead leave the highest
29+cookie bit set. We use that as indication that we are in "overrun
30+territory", and then are particularly careful with checking cookies,
31+i.e. that they haven't been used for still outstanding replies yet. This
32+should retain the quick cookie generation behaviour we used to have, but
33+permits dealing with overruns.
34+
35+Replaces: #11804
36+Fixes: #11809
37+
38+Origin: backport, https://github.com/systemd/systemd/commit/1f82f5bb4237
39+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1876600
40+---
41+ src/libsystemd/sd-bus/sd-bus.c | 47 +++++++++++++++++++++++++++++++++-
42+ 1 file changed, 46 insertions(+), 1 deletion(-)
43+
44+diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
45+index 7e7ebb27a7..57c9aebfad 100644
46+--- a/src/libsystemd/sd-bus/sd-bus.c
47++++ b/src/libsystemd/sd-bus/sd-bus.c
48+@@ -1620,6 +1620,47 @@ _public_ int sd_bus_get_bus_id(sd_bus *bus, sd_id128_t *id) {
49+ return 0;
50+ }
51+
52++#define COOKIE_CYCLED (UINT32_C(1) << 31)
53++
54++static uint64_t cookie_inc(uint64_t cookie) {
55++
56++ /* Stay within the 32bit range, since classic D-Bus can't deal with more */
57++ if (cookie >= UINT32_MAX)
58++ return COOKIE_CYCLED; /* Don't go back to zero, but use the highest bit for checking
59++ * whether we are looping. */
60++
61++ return cookie + 1;
62++}
63++
64++static int next_cookie(sd_bus *b) {
65++ uint64_t new_cookie;
66++
67++ assert(b);
68++
69++ new_cookie = cookie_inc(b->cookie);
70++
71++ /* Small optimization: don't bother with checking for cookie reuse until we overran cookiespace at
72++ * least once, but then do it thorougly. */
73++ if ((new_cookie & COOKIE_CYCLED) == COOKIE_CYCLED) {
74++ uint32_t i;
75++
76++ /* Check if the cookie is currently in use. If so, pick the next one */
77++ for (i = 0; i < COOKIE_CYCLED; i++) {
78++ if (!ordered_hashmap_contains(b->reply_callbacks, &new_cookie))
79++ goto good;
80++
81++ new_cookie = cookie_inc(new_cookie);
82++ }
83++
84++ /* Can't fulfill request */
85++ return -EBUSY;
86++ }
87++
88++good:
89++ b->cookie = new_cookie;
90++ return 0;
91++}
92++
93+ static int bus_seal_message(sd_bus *b, sd_bus_message *m, usec_t timeout) {
94+ int r;
95+
96+@@ -1643,7 +1684,11 @@ static int bus_seal_message(sd_bus *b, sd_bus_message *m, usec_t timeout) {
97+ return r;
98+ }
99+
100+- return sd_bus_message_seal(m, ++b->cookie, timeout);
101++ r = next_cookie(b);
102++ if (r < 0)
103++ return r;
104++
105++ return sd_bus_message_seal(m, b->cookie, timeout);
106+ }
107+
108+ static int bus_remarshal_message(sd_bus *b, sd_bus_message **m) {
109+--
110+2.17.1
111diff --git a/debian/patches/series b/debian/patches/series
112index 9ba6bd3..b67f7a2 100644
113--- a/debian/patches/series
114+++ b/debian/patches/series
115@@ -202,3 +202,4 @@ lp1862232/0007-resolve-fix-error-handling-of-dns_name_is_valid.patch
116 lp1870589-seccomp-rework-how-the-S-UG-ID-filter-is-installed.patch
117 lp1776654-test-Synchronize-journal-before-reading-from-it.patch
118 lp1837914-journal-do-not-trigger-assertion-when-journal_file_c.patch
119+lp1876600-sd-bus-deal-with-cookie-overruns.patch

Subscribers

People subscribed via source and target branches