commit: 9bfce2326016d4d99f2345a4c6f7627cc561230e Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Jan 11 07:37:06 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Jan 11 07:49:43 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9bfce232
sys-apps/systemd-utils: backport tmpfiles UB fix Signed-off-by: Sam James <sam <AT> gentoo.org> sys-apps/systemd-utils/files/251-tmpfiles-ub.patch | 71 +++ .../systemd-utils/systemd-utils-251.10-r1.ebuild | 525 +++++++++++++++++++++ 2 files changed, 596 insertions(+) diff --git a/sys-apps/systemd-utils/files/251-tmpfiles-ub.patch b/sys-apps/systemd-utils/files/251-tmpfiles-ub.patch new file mode 100644 index 000000000000..df190d500e34 --- /dev/null +++ b/sys-apps/systemd-utils/files/251-tmpfiles-ub.patch @@ -0,0 +1,71 @@ +https://github.com/systemd/systemd/pull/25957 +https://github.com/systemd/systemd/pull/25959 +https://github.com/systemd/systemd/commit/9f804ab04d566ff745849e1c4ced680a0447cf76 +https://github.com/systemd/systemd/commit/34680637e838415204850f77c93ca6ca219abaf1 + +From 9f804ab04d566ff745849e1c4ced680a0447cf76 Mon Sep 17 00:00:00 2001 +From: Sam James <s...@gentoo.org> +Date: Fri, 6 Jan 2023 10:58:32 +0000 +Subject: [PATCH] tmpfiles: avoid null free() for acl attributes + +When built with ACL support, we might be processing a tmpfiles +entry where there's no cause for us to call parse_acls_from_arg, +then we get to the end of parse_line without having ever populated +i.{acl_access, acl_default}. + +Then we pass a null pointer into acl_free(). + +From UBSAN w/ GCC 13.0.0_pre20230101: +``` +$ systemd-tmpfiles --clean +/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer + #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 + #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 + #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 + #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 + #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 + #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 + #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 + #7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) + #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) + #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) +``` +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -2852,8 +2852,11 @@ static void item_free_contents(Item *i) { + strv_free(i->xattrs); + + #if HAVE_ACL +- acl_free(i->acl_access); +- acl_free(i->acl_default); ++ if (i->acl_access) ++ acl_free(i->acl_access); ++ ++ if (i->acl_default) ++ acl_free(i->acl_default); + #endif + } + + +From 34680637e838415204850f77c93ca6ca219abaf1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lenn...@poettering.net> +Date: Fri, 6 Jan 2023 12:30:36 +0100 +Subject: [PATCH] nspawn: guard acl_free() with a NULL check + +Inspired by #25957 there's one other place where we don't guard +acl_free() calls with a NULL check. + +Fix that. +--- a/src/nspawn/nspawn-patch-uid.c ++++ b/src/nspawn/nspawn-patch-uid.c +@@ -181,7 +181,9 @@ static int patch_acls(int fd, const char *name, const struct stat *st, uid_t shi + + if (S_ISDIR(st->st_mode)) { + acl_free(acl); +- acl_free(shifted); ++ ++ if (shifted) ++ acl_free(shifted); + + acl = shifted = NULL; + diff --git a/sys-apps/systemd-utils/systemd-utils-251.10-r1.ebuild b/sys-apps/systemd-utils/systemd-utils-251.10-r1.ebuild new file mode 100644 index 000000000000..bab8984fc18e --- /dev/null +++ b/sys-apps/systemd-utils/systemd-utils-251.10-r1.ebuild @@ -0,0 +1,525 @@ +# Copyright 2022-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +PYTHON_COMPAT=( python3_{8..11} ) + +QA_PKGCONFIG_VERSION=$(ver_cut 1) + +inherit bash-completion-r1 flag-o-matic meson-multilib python-any-r1 toolchain-funcs udev usr-ldscript + +DESCRIPTION="Utilities split out from systemd for OpenRC users" +HOMEPAGE="https://systemd.io/"; + +if [[ ${PV} == *.* ]]; then + MY_P="systemd-stable-${PV}" + S="${WORKDIR}/${MY_P}" + SRC_URI="https://github.com/systemd/systemd-stable/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz" +else + MY_P="systemd-${PV}" + S="${WORKDIR}/${MY_P}" + SRC_URI="https://github.com/systemd/systemd/archive/refs/tags/v${PV}.tar.gz -> ${MY_P}.tar.gz" +fi + +MUSL_PATCHSET="systemd-musl-patches-251.2" +SRC_URI+=" elibc_musl? ( https://dev.gentoo.org/~floppym/dist/${MUSL_PATCHSET}.tar.gz )" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="+acl boot +kmod selinux split-usr sysusers +tmpfiles test +udev" +REQUIRED_USE="|| ( boot tmpfiles sysusers udev )" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + elibc_musl? ( >=sys-libs/musl-1.2.3 ) + selinux? ( sys-libs/libselinux:0= ) + tmpfiles? ( + acl? ( sys-apps/acl:0= ) + ) + udev? ( + >=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + virtual/libcrypt:=[${MULTILIB_USEDEP}] + acl? ( sys-apps/acl:0= ) + kmod? ( >=sys-apps/kmod-15:0= ) + ) + !udev? ( + >=sys-apps/util-linux-2.30:0= + sys-libs/libcap:0= + virtual/libcrypt:= + ) +" +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-3.11 + boot? ( >=sys-boot/gnu-efi-3.0.2 ) +" +RDEPEND="${COMMON_DEPEND} + boot? ( !<sys-boot/systemd-boot-250 ) + tmpfiles? ( !<sys-apps/systemd-tmpfiles-250 ) + udev? ( + acct-group/audio + acct-group/cdrom + acct-group/dialout + acct-group/disk + acct-group/input + acct-group/kmem + acct-group/kvm + acct-group/lp + acct-group/render + acct-group/sgx + acct-group/tape + acct-group/tty + acct-group/video + !sys-apps/gentoo-systemd-integration + !sys-apps/hwids[udev] + !<sys-fs/udev-250 + !sys-fs/eudev + ) + !sys-apps/systemd +" +PDEPEND=" + udev? ( >=sys-fs/udev-init-scripts-34 ) +" +BDEPEND=" + $(python_gen_any_dep 'dev-python/jinja[${PYTHON_USEDEP}]') + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt + dev-util/gperf + >=sys-apps/coreutils-8.16 + sys-devel/gettext + virtual/pkgconfig +" + +TMPFILES_OPTIONAL=1 +UDEV_OPTIONAL=1 + +python_check_deps() { + python_has_version "dev-python/jinja[${PYTHON_USEDEP}]" +} + +QA_EXECSTACK="usr/lib/systemd/boot/efi/*" +QA_FLAGS_IGNORED="usr/lib/systemd/boot/efi/.*" + +src_prepare() { + local PATCHES=( + "${FILESDIR}/251-gpt-auto-no-cryptsetup.patch" + "${FILESDIR}/251-tmpfiles-ub.patch" + ) + + if use elibc_musl; then + PATCHES+=( "${WORKDIR}/${MUSL_PATCHSET}" ) + # Applied upstream in 251.3 + rm "${WORKDIR}/${MUSL_PATCHSET}/0001-Add-sys-file.h-for-LOCK_.patch" || die + fi + default + + # Remove install_rpath; we link statically + local rpath_pattern="install_rpath : rootlibexecdir," + grep -q -e "${rpath_pattern}" meson.build || die + sed -i -e "/${rpath_pattern}/d" meson.build || die +} + +src_configure() { + # Broken with FORTIFY_SOURCE=3: bug #841770. + # + # Our toolchain sets F_S=2 by default w/ >= -O2, so we need + # to unset F_S first, then explicitly set 2, to negate any default + # and anything set by the user if they're choosing 3 (or if they've + # modified GCC to set 3). + # + if is-flagq '-O[23]' || is-flagq '-Ofast' ; then + # We can't unconditionally do this b/c we fortify needs + # some level of optimisation. + filter-flags -D_FORTIFY_SOURCE=3 + append-cppflags -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 + fi + + multilib-minimal_src_configure +} + +multilib_src_configure() { + local emesonargs=( + $(meson_use split-usr) + $(meson_use split-usr split-bin) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Drootlibdir="${EPREFIX}/usr/$(get_libdir)" + -Dsysvinit-path= + $(meson_native_use_bool boot efi) + $(meson_native_use_bool boot gnu-efi) + $(meson_native_use_bool boot kernel-install) + $(meson_native_use_bool selinux) + $(meson_native_use_bool sysusers) + $(meson_use test tests) + $(meson_native_use_bool tmpfiles) + $(meson_use udev hwdb) + + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + + # Link staticly with libsystemd-shared + -Dlink-boot-shared=false + -Dlink-udev-shared=false + + # systemd-tmpfiles has a separate "systemd-tmpfiles.standalone" target + -Dstandalone-binaries=true + + # Disable all optional features + -Dadm-group=false + -Danalyze=false + -Dapparmor=false + -Daudit=false + -Dbacklight=false + -Dbinfmt=false + -Dbpf-framework=false + -Dbzip2=false + -Dcoredump=false + -Ddbus=false + -Delfutils=false + -Denvironment-d=false + -Dfdisk=false + -Dgcrypt=false + -Dglib=false + -Dgshadow=false + -Dgnutls=false + -Dhibernate=false + -Dhostnamed=false + -Didn=false + -Dima=false + -Dinitrd=false + -Dfirstboot=false + -Dldconfig=false + -Dlibcryptsetup=false + -Dlibcurl=false + -Dlibfido2=false + -Dlibidn=false + -Dlibidn2=false + -Dlibiptc=false + -Dlocaled=false + -Dlogind=false + -Dlz4=false + -Dmachined=false + -Dmicrohttpd=false + -Dnetworkd=false + -Dnscd=false + -Dnss-myhostname=false + -Dnss-resolve=false + -Dnss-systemd=false + -Doomd=false + -Dopenssl=false + -Dp11kit=false + -Dpam=false + -Dpcre2=false + -Dpolkit=false + -Dportabled=false + -Dpstore=false + -Dpwquality=false + -Drandomseed=false + -Dresolve=false + -Drfkill=false + -Dseccomp=false + -Dsmack=false + -Dsysext=false + -Dtimedated=false + -Dtimesyncd=false + -Dtpm=false + -Dqrencode=false + -Dquotacheck=false + -Duserdb=false + -Dutmp=false + -Dvconsole=false + -Dwheel-group=false + -Dxdg-autostart=false + -Dxkbcommon=false + -Dxz=false + -Dzlib=false + -Dzstd=false + ) + + if use tmpfiles || use udev; then + emesonargs+=( $(meson_native_use_bool acl) ) + else + emesonargs+=( -Dacl=false ) + fi + + if use udev; then + emesonargs+=( $(meson_native_use_bool kmod) ) + else + emesonargs+=( -Dkmod=false ) + fi + + if use elibc_musl; then + # Avoid redefinition of struct ethhdr. + append-cppflags -D__UAPI_DEF_ETHHDR=0 + fi + + if multilib_is_native_abi || use udev; then + meson_src_configure + fi +} + +efi_arch() { + case "$(tc-arch)" in + amd64) echo x64 ;; + arm) echo arm ;; + arm64) echo aa64 ;; + x86) echo x86 ;; + esac +} + +multilib_src_compile() { + local targets=() + if multilib_is_native_abi; then + if use boot; then + targets+=( + bootctl + kernel-install + man/bootctl.1 + man/kernel-install.8 + src/boot/efi/linux$(efi_arch).{efi,elf}.stub + src/boot/efi/systemd-boot$(efi_arch).efi + ) + fi + if use sysusers; then + targets+=( + systemd-sysusers.standalone + man/sysusers.d.5 + man/systemd-sysusers.8 + ) + if use test; then + targets+=( + systemd-runtest.env + ) + fi + fi + if use tmpfiles; then + targets+=( + systemd-tmpfiles.standalone + man/tmpfiles.d.5 + man/systemd-tmpfiles.8 + ) + if use test; then + targets+=( test-tmpfiles ) + fi + fi + if use udev; then + targets+=( + udevadm + systemd-hwdb + src/udev/ata_id + src/udev/cdrom_id + src/udev/fido_id + src/udev/mtd_probe + src/udev/scsi_id + src/udev/udev.pc + src/udev/v4l_id + man/udev.conf.5 + man/systemd.link.5 + man/hwdb.7 + man/udev.7 + man/systemd-hwdb.8 + man/systemd-udevd.service.8 + man/udevadm.8 + hwdb.d/60-autosuspend-chromiumos.hwdb + rules.d/50-udev-default.rules + rules.d/64-btrfs.rules + ) + if use test; then + targets+=( + # Used by udev-test.pl + systemd-detect-virt + test/sys + test-udev + + test-fido-id-desc + test-udev-builtin + test-udev-event + test-udev-netlink + test-udev-node + test-udev-util + ) + fi + fi + fi + if use udev; then + targets+=( + udev:shared_library + src/libudev/libudev.pc + ) + if use test; then + targets+=( + test-libudev + test-libudev-sym + test-udev-device-thread + ) + fi + fi + if multilib_is_native_abi || use udev; then + meson_src_compile "${targets[@]}" + fi +} + +multilib_src_test() { + local tests=() + if multilib_is_native_abi; then + if use sysusers; then + tests+=( + test-sysusers.standalone + ) + fi + if use tmpfiles; then + tests+=( + test-systemd-tmpfiles.standalone + test-tmpfiles + ) + fi + if use udev; then + tests+=( + rule-syntax-check + test-fido-id-desc + test-udev-builtin + test-udev-event + test-udev-netlink + test-udev-node + test-udev-util + ) + if [[ -w /dev ]]; then + tests+=( udev-test ) + else + ewarn "Skipping udev-test (needs write access to /dev)" + fi + fi + fi + if use udev; then + tests+=( + test-libudev + test-libudev-sym + test-udev-device-thread + ) + fi + if [[ ${#tests[@]} -ne 0 ]]; then + meson_src_test "${tests[@]}" + fi +} + +src_install() { + local rootprefix="$(usex split-usr '' /usr)" + meson-multilib_src_install +} + +multilib_src_install() { + if multilib_is_native_abi; then + if use boot; then + into /usr + dobin bootctl kernel-install + doman man/{bootctl.1,kernel-install.8} + insinto usr/lib/systemd/boot/efi + doins src/boot/efi/{linux$(efi_arch).{efi,elf}.stub,systemd-boot$(efi_arch).efi} + fi + if use sysusers; then + into "${rootprefix:-/}" + newbin systemd-sysusers{.standalone,} + doman man/{systemd-sysusers.8,sysusers.d.5} + fi + if use tmpfiles; then + into "${rootprefix:-/}" + newbin systemd-tmpfiles{.standalone,} + doman man/{systemd-tmpfiles.8,tmpfiles.d.5} + fi + if use udev; then + into "${rootprefix:-/}" + dobin udevadm systemd-hwdb + dosym ../../bin/udevadm "${rootprefix}"/lib/systemd/systemd-udevd + + exeinto "${rootprefix}"/lib/udev + doexe src/udev/{ata_id,cdrom_id,fido_id,mtd_probe,scsi_id,v4l_id} + + insinto "${rootprefix}"/lib/udev/rules.d + doins rules.d/*.rules + + insinto "${rootprefix}"/lib/udev/hwdb.d + doins hwdb.d/*.hwdb + + insinto /usr/share/pkgconfig + doins src/udev/udev.pc + + doman man/{udev.conf.5,systemd.link.5,hwdb.7,systemd-hwdb.8,udev.7,udevadm.8} + newman man/systemd-udevd.service.8 systemd-udevd.8 + fi + fi + if use udev; then + meson_install --no-rebuild --tags libudev + gen_usr_ldscript -a udev + insinto "/usr/$(get_libdir)/pkgconfig" + doins src/libudev/libudev.pc + fi +} + +multilib_src_install_all() { + einstalldocs + if use boot; then + into /usr + exeinto usr/lib/kernel/install.d + doexe src/kernel-install/*.install + dobashcomp shell-completion/bash/bootctl + insinto /usr/share/zsh/site-functions + doins shell-completion/zsh/{_bootctl,_kernel-install} + fi + if use tmpfiles; then + doinitd "${FILESDIR}"/systemd-tmpfiles-setup + doinitd "${FILESDIR}"/systemd-tmpfiles-setup-dev + exeinto /etc/cron.daily + doexe "${FILESDIR}"/systemd-tmpfiles-clean + insinto /usr/share/zsh/site-functions + doins shell-completion/zsh/_systemd-tmpfiles + fi + if use udev; then + doheader src/libudev/libudev.h + + insinto /etc/udev + doins src/udev/udev.conf + keepdir /etc/udev/{hwdb.d,rules.d} + + insinto "${rootprefix}"/lib/systemd/network + doins network/99-default.link + + # Remove to avoid conflict with elogind + # https://bugs.gentoo.org/856433 + rm rules.d/70-power-switch.rules || die + insinto "${rootprefix}"/lib/udev/rules.d + doins rules.d/*.rules + doins "${FILESDIR}"/40-gentoo.rules + + insinto "${rootprefix}"/lib/udev/hwdb.d + doins hwdb.d/*.hwdb + + dobashcomp shell-completion/bash/udevadm + + insinto /usr/share/zsh/site-functions + doins shell-completion/zsh/_udevadm + fi +} + +add_service() { + local initd=$1 + local runlevel=$2 + + ebegin "Adding '${initd}' service to the '${runlevel}' runlevel" + mkdir -p "${EROOT}/etc/runlevels/${runlevel}" && + ln -snf "${EPREFIX}/etc/init.d/${initd}" "${EROOT}/etc/runlevels/${runlevel}/${initd}" + eend $? +} + +pkg_postinst() { + if [[ -z ${REPLACING_VERSIONS} ]]; then + add_service systemd-tmpfiles-setup-dev sysinit + add_service systemd-tmpfiles-setup boot + fi + if use udev; then + ebegin "Updating hwdb" + systemd-hwdb --root="${ROOT}" update + eend $? + udev_reload + fi +}
