summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog9
-rw-r--r--debian/patches/0001-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch39
-rw-r--r--debian/patches/0002-PATCH-Always-free-deserialized_subscribed-on-reload.patch27
-rw-r--r--debian/patches/series3
-rw-r--r--debian/patches/time-util-fix-buffer-over-run.patch55
5 files changed, 133 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index cbf4114..5f5734a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+systemd (241-7~deb10u10) buster-security; urgency=medium
+
+ * Non-maintainer upload by the LTS Security Team.
+ * CVE-2022-3821: Buffer overrun in format_timespan().
+ * logind: Fix getting property OnExternalPower via D-Bus.
+ * Fix memory leak on daemon-reload.
+
+ -- Adrian Bunk <bunk@debian.org> Thu, 29 Jun 2023 16:57:02 +0300
+
systemd (241-7~deb10u9progress5u1) engywuck-security; urgency=medium
* Uploading to engywuck-security, remaining changes:
diff --git a/debian/patches/0001-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch b/debian/patches/0001-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch
new file mode 100644
index 0000000..4f63163
--- /dev/null
+++ b/debian/patches/0001-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch
@@ -0,0 +1,39 @@
+From 7ce48d65772fc3c8eeaa85ce95406de717f574c2 Mon Sep 17 00:00:00 2001
+From: Michael Biebl <biebl@debian.org>
+Date: Wed, 12 Oct 2022 11:07:57 +0200
+Subject: logind: fix getting property OnExternalPower via D-Bus
+
+The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
+argument, so we need to call manager_is_on_external_power(). Otherwise
+the function pointer is interpreted as a boolean and always returns
+true:
+
+```
+$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
+b true
+$ /lib/systemd/systemd-ac-power --verbose
+no
+```
+
+Thanks: Helmut Grohne <helmut@subdivi.de>
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
+---
+ src/login/logind-dbus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
+index 8ab498fdc2..3f7759973a 100644
+--- a/src/login/logind-dbus.c
++++ b/src/login/logind-dbus.c
+@@ -278,7 +278,7 @@ static int property_get_scheduled_shutdown(
+ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction);
+ static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays);
+ static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed);
+-static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power);
++static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power());
+ static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX);
+ static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size);
+
+--
+2.30.2
+
diff --git a/debian/patches/0002-PATCH-Always-free-deserialized_subscribed-on-reload.patch b/debian/patches/0002-PATCH-Always-free-deserialized_subscribed-on-reload.patch
new file mode 100644
index 0000000..4efd307
--- /dev/null
+++ b/debian/patches/0002-PATCH-Always-free-deserialized_subscribed-on-reload.patch
@@ -0,0 +1,27 @@
+From 550108c5692296b55be7c919a174fc6540e83355 Mon Sep 17 00:00:00 2001
+From: Ali Abdallah <ali.abdallah@suse.com>
+Date: Thu, 21 Jan 2021 07:37:21 +0100
+Subject: PATCH] Always free deserialized_subscribed on reload
+
+Otherwise, it will keep consuming memory on systemctl daemon-reload.
+---
+ src/core/manager.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 6086531bab..5cd7167954 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3543,6 +3543,9 @@ int manager_reload(Manager *m) {
+ /* Clean up runtime objects no longer referenced */
+ manager_vacuum(m);
+
++ /* Clean up deserialized tracked clients */
++ m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
++
+ /* Consider the reload process complete now. */
+ assert(m->n_reloading > 0);
+ m->n_reloading--;
+--
+2.30.2
+
diff --git a/debian/patches/series b/debian/patches/series
index 28ca998..4ca798f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -81,6 +81,9 @@ debian/Drop-seccomp-system-call-filter-for-udev.patch
0002-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch
0003-pager-Fix-deadlock-when-using-built-in-pager.patch
0004-pager-make-pager-secure-when-under-euid-is-changed-o.patch
+time-util-fix-buffer-over-run.patch
+0001-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch
+0002-PATCH-Always-free-deserialized_subscribed-on-reload.patch
progress-linux/0001-agetty-nohostname.patch
progress-linux/0002-proc-hidepid.patch
progress-linux/0003-logind-noautovts.patch
diff --git a/debian/patches/time-util-fix-buffer-over-run.patch b/debian/patches/time-util-fix-buffer-over-run.patch
new file mode 100644
index 0000000..65a6ed0
--- /dev/null
+++ b/debian/patches/time-util-fix-buffer-over-run.patch
@@ -0,0 +1,55 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 7 Jul 2022 18:27:02 +0900
+Subject: time-util: fix buffer-over-run
+
+Fixes #23928.
+
+(cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e)
+(cherry picked from commit 72d4c15a946d20143cd4c6783c802124bc894dc7)
+(cherry picked from commit c32530f5bdd11c74e8f5a86eecd7c36b3bae739f)
+(cherry picked from commit b2a25b5e64345bd0bb7697a956d33afd6980286a)
+(cherry picked from commit 858dc1ad609290cc4ca288acf87046ee295c3d51)
+---
+ src/basic/time-util.c | 2 +-
+ src/test/test-time-util.c | 8 ++++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 5318d63..1909710 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -574,7 +574,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) {
+ t = b;
+ }
+
+- n = MIN((size_t) k, l);
++ n = MIN((size_t) k, l-1);
+
+ l -= n;
+ p += n;
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index cc391e8..877b24c 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -243,6 +243,13 @@ static void test_format_timespan(usec_t accuracy) {
+ test_format_timespan_one(USEC_INFINITY, accuracy);
+ }
+
++static void test_format_timespan2(void) {
++ /* See issue #23928. */
++ _cleanup_free_ char *buf;
++ assert_se(buf = new(char, 5));
++ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
++}
++
+ static void test_timezone_is_valid(void) {
+ log_info("/* %s */", __func__);
+
+@@ -533,6 +540,7 @@ int main(int argc, char *argv[]) {
+ test_format_timespan(1);
+ test_format_timespan(USEC_PER_MSEC);
+ test_format_timespan(USEC_PER_SEC);
++ test_format_timespan2();
+ test_timezone_is_valid();
+ test_get_timezones();
+ test_usec_add();