Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: tho...@fiasko-nw.net
Hello, we require a small update for stable of needrestart to fix #1005953 This update already includes the security update from yesterday (3.5-4+deb11u1), to be on the safe side I attached the full debdiff (with the approved security update). [ Reason ] It is required, because the initial changes were introduced with a systemd update [ Impact ] Detection of restarts does not work as excepted in every case [ Tests ] Manual tested by myself, patch already in unstable/testing [ Risks ] No risk [ Checklist ] [x ] *all* changes are documented in the d/changelog [x ] I reviewed all changes and I approve them [x ] attach debdiff against the package in (old)stable [x ] the issue is verified as fixed in unstable
diff -Naur tags/3.5-4/debian/changelog branches/bullseye/debian/changelog --- tags/3.5-4/debian/changelog 2021-04-12 10:08:42.636804816 +0200 +++ branches/bullseye/debian/changelog 2022-05-18 08:34:23.358456321 +0200 @@ -1,3 +1,17 @@ +needrestart (3.5-4+deb11u2) bullseye; urgency=medium + + * Add upstream patch 09-cgroupv2 to fix broken detection with cgroupv2. + Closes: #1005953 + + -- Patrick Matthäi <pmatth...@debian.org> Wed, 18 May 2022 08:32:47 +0200 + +needrestart (3.5-4+deb11u1) bullseye-security; urgency=high + + * Add patch 08-anchor-interp-re to fix not anchored regular expressions. + This fixes CVE-2022-30688. + + -- Patrick Matthäi <pmatth...@debian.org> Thu, 13 May 2022 10:50:07 +0200 + needrestart (3.5-4) unstable; urgency=medium * New source only upload. diff -Naur tags/3.5-4/debian/patches/08-anchor-interp-re.diff branches/bullseye/debian/patches/08-anchor-interp-re.diff --- tags/3.5-4/debian/patches/08-anchor-interp-re.diff 1970-01-01 01:00:00.000000000 +0100 +++ branches/bullseye/debian/patches/08-anchor-interp-re.diff 2022-05-18 08:31:50.143457667 +0200 @@ -0,0 +1,42 @@ +# Upstream patch to fix not anchored regular expressions. + +diff --git a/perl/lib/NeedRestart/Interp/Perl.pm b/perl/lib/NeedRestart/Interp/Perl.pm +index 40aabb4..5031679 100644 +--- a/perl/lib/NeedRestart/Interp/Perl.pm ++++ b/perl/lib/NeedRestart/Interp/Perl.pm +@@ -43,7 +43,7 @@ sub isa { + my $pid = shift; + my $bin = shift; + +- return 1 if($bin =~ m@/usr/(local/)?bin/perl@); ++ return 1 if($bin =~ m@^/usr/(local/)?bin/perl(5[.\d]*)?$@); + + return 0; + } +diff --git a/perl/lib/NeedRestart/Interp/Python.pm b/perl/lib/NeedRestart/Interp/Python.pm +index 559666c..a30121d 100644 +--- a/perl/lib/NeedRestart/Interp/Python.pm ++++ b/perl/lib/NeedRestart/Interp/Python.pm +@@ -42,7 +42,7 @@ sub isa { + my $pid = shift; + my $bin = shift; + +- return 1 if($bin =~ m@/usr/(local/)?bin/python@); ++ return 1 if($bin =~ m@^/usr/(local/)?bin/python([23][.\d]*)?$@); + + return 0; + } +diff --git a/perl/lib/NeedRestart/Interp/Ruby.pm b/perl/lib/NeedRestart/Interp/Ruby.pm +index d02973d..72920f3 100644 +--- a/perl/lib/NeedRestart/Interp/Ruby.pm ++++ b/perl/lib/NeedRestart/Interp/Ruby.pm +@@ -42,7 +42,7 @@ sub isa { + my $pid = shift; + my $bin = shift; + +- return 1 if($bin =~ m@/usr/(local/)?bin/ruby@); ++ return 1 if($bin =~ m@^/usr/(local/)?bin/ruby$@); + + return 0; + } + diff -Naur tags/3.5-4/debian/patches/09-cgroupv2.diff branches/bullseye/debian/patches/09-cgroupv2.diff --- tags/3.5-4/debian/patches/09-cgroupv2.diff 1970-01-01 01:00:00.000000000 +0100 +++ branches/bullseye/debian/patches/09-cgroupv2.diff 2022-05-18 08:32:21.755251053 +0200 @@ -0,0 +1,24 @@ +From 29fcd57cd89a962bb94adbf116acd9a61036b6eb Mon Sep 17 00:00:00 2001 +From: Thomas Liske <tho...@fiasko-nw.net> +Date: Mon, 16 May 2022 20:00:17 +0200 +Subject: [PATCH] [Core] Make cgroup detection for services and user sessions + cgroup v2 aware. + +closes #203, closes #213 +--- + needrestart | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/needrestart b/needrestart +index 6bf2e6b..bc690aa 100755 +--- a/needrestart ++++ b/needrestart +@@ -648,7 +648,7 @@ if(defined($opt_l)) { + my ($rc) = map { + chomp; + my ($id, $type, $value) = split(/:/); +- if($type ne q(name=systemd)) { ++ if($id != 0 && $type ne q(name=systemd)) { + (); + } + else { diff -Naur tags/3.5-4/debian/patches/series branches/bullseye/debian/patches/series --- tags/3.5-4/debian/patches/series 2021-04-12 10:08:42.636804816 +0200 +++ branches/bullseye/debian/patches/series 2022-05-18 08:32:36.875152228 +0200 @@ -5,3 +5,5 @@ 05-ignore-nvidia-memfd.diff 06-dont-restart-bluetooth.diff 07-runit.diff +08-anchor-interp-re.diff +09-cgroupv2.diff