Bug#1011198: bullseye-pu: package needrestart/3.5-4+deb11u2

[Patrick Matthäi]

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: tho...@fiasko-nw.net

Hello,
we require a small update for stable of needrestart to fix #1005953
This update already includes the security update from yesterday (3.5-4+deb11u1),
to be on the safe side I attached the full debdiff (with the approved security 
update).

[ Reason ]
It is required, because the initial changes were introduced with a systemd
update

[ Impact ]
Detection of restarts does not work as excepted in every case

[ Tests ]
Manual tested by myself, patch already in unstable/testing

[ Risks ]
No risk

[ Checklist ]
  [x ] *all* changes are documented in the d/changelog
  [x ] I reviewed all changes and I approve them
  [x ] attach debdiff against the package in (old)stable
  [x ] the issue is verified as fixed in unstable

diff -Naur tags/3.5-4/debian/changelog branches/bullseye/debian/changelog
--- tags/3.5-4/debian/changelog 2021-04-12 10:08:42.636804816 +0200
+++ branches/bullseye/debian/changelog  2022-05-18 08:34:23.358456321 +0200
@@ -1,3 +1,17 @@
+needrestart (3.5-4+deb11u2) bullseye; urgency=medium
+
+  * Add upstream patch 09-cgroupv2 to fix broken detection with cgroupv2.
+    Closes: #1005953
+
+ -- Patrick Matthäi <pmatth...@debian.org>  Wed, 18 May 2022 08:32:47 +0200
+
+needrestart (3.5-4+deb11u1) bullseye-security; urgency=high
+
+  * Add patch 08-anchor-interp-re to fix not anchored regular expressions.
+    This fixes CVE-2022-30688.
+
+ -- Patrick Matthäi <pmatth...@debian.org>  Thu, 13 May 2022 10:50:07 +0200
+
 needrestart (3.5-4) unstable; urgency=medium
 
   * New source only upload.
diff -Naur tags/3.5-4/debian/patches/08-anchor-interp-re.diff 
branches/bullseye/debian/patches/08-anchor-interp-re.diff
--- tags/3.5-4/debian/patches/08-anchor-interp-re.diff  1970-01-01 
01:00:00.000000000 +0100
+++ branches/bullseye/debian/patches/08-anchor-interp-re.diff   2022-05-18 
08:31:50.143457667 +0200
@@ -0,0 +1,42 @@
+# Upstream patch to fix not anchored regular expressions.
+
+diff --git a/perl/lib/NeedRestart/Interp/Perl.pm 
b/perl/lib/NeedRestart/Interp/Perl.pm
+index 40aabb4..5031679 100644
+--- a/perl/lib/NeedRestart/Interp/Perl.pm
++++ b/perl/lib/NeedRestart/Interp/Perl.pm
+@@ -43,7 +43,7 @@ sub isa {
+     my $pid = shift;
+     my $bin = shift;
+ 
+-    return 1 if($bin =~ m@/usr/(local/)?bin/perl@);
++    return 1 if($bin =~ m@^/usr/(local/)?bin/perl(5[.\d]*)?$@);
+ 
+     return 0;
+ }
+diff --git a/perl/lib/NeedRestart/Interp/Python.pm 
b/perl/lib/NeedRestart/Interp/Python.pm
+index 559666c..a30121d 100644
+--- a/perl/lib/NeedRestart/Interp/Python.pm
++++ b/perl/lib/NeedRestart/Interp/Python.pm
+@@ -42,7 +42,7 @@ sub isa {
+     my $pid = shift;
+     my $bin = shift;
+ 
+-    return 1 if($bin =~ m@/usr/(local/)?bin/python@);
++    return 1 if($bin =~ m@^/usr/(local/)?bin/python([23][.\d]*)?$@);
+ 
+     return 0;
+ }
+diff --git a/perl/lib/NeedRestart/Interp/Ruby.pm 
b/perl/lib/NeedRestart/Interp/Ruby.pm
+index d02973d..72920f3 100644
+--- a/perl/lib/NeedRestart/Interp/Ruby.pm
++++ b/perl/lib/NeedRestart/Interp/Ruby.pm
+@@ -42,7 +42,7 @@ sub isa {
+     my $pid = shift;
+     my $bin = shift;
+ 
+-    return 1 if($bin =~ m@/usr/(local/)?bin/ruby@);
++    return 1 if($bin =~ m@^/usr/(local/)?bin/ruby$@);
+ 
+     return 0;
+ }
+
diff -Naur tags/3.5-4/debian/patches/09-cgroupv2.diff 
branches/bullseye/debian/patches/09-cgroupv2.diff
--- tags/3.5-4/debian/patches/09-cgroupv2.diff  1970-01-01 01:00:00.000000000 
+0100
+++ branches/bullseye/debian/patches/09-cgroupv2.diff   2022-05-18 
08:32:21.755251053 +0200
@@ -0,0 +1,24 @@
+From 29fcd57cd89a962bb94adbf116acd9a61036b6eb Mon Sep 17 00:00:00 2001
+From: Thomas Liske <tho...@fiasko-nw.net>
+Date: Mon, 16 May 2022 20:00:17 +0200
+Subject: [PATCH] [Core] Make cgroup detection for services and user sessions
+ cgroup v2 aware.
+
+closes #203, closes #213
+---
+ needrestart | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/needrestart b/needrestart
+index 6bf2e6b..bc690aa 100755
+--- a/needrestart
++++ b/needrestart
+@@ -648,7 +648,7 @@ if(defined($opt_l)) {
+                   my ($rc) = map {
+                       chomp;
+                       my ($id, $type, $value) = split(/:/);
+-                      if($type ne q(name=systemd)) {
++                      if($id != 0 && $type ne q(name=systemd)) {
+                           ();
+                       }
+                       else {
diff -Naur tags/3.5-4/debian/patches/series 
branches/bullseye/debian/patches/series
--- tags/3.5-4/debian/patches/series    2021-04-12 10:08:42.636804816 +0200
+++ branches/bullseye/debian/patches/series     2022-05-18 08:32:36.875152228 
+0200
@@ -5,3 +5,5 @@
 05-ignore-nvidia-memfd.diff
 06-dont-restart-bluetooth.diff
 07-runit.diff
+08-anchor-interp-re.diff
+09-cgroupv2.diff