project-lakitu: Upgrade systemd to v248.6
Upgrade systemd to v248.6 to get few critical fixes.
BUG=b/182613203
TEST=presubmit
RELEASE_NOTE=Upgrade systemd to v248.6
Change-Id: I683469b7c2352d7297db4c4b48d4fb644f293e59
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/20442
Reviewed-by: Roy Yang <royyang@google.com>
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
diff --git a/project-lakitu/sys-apps/systemd/Manifest b/project-lakitu/sys-apps/systemd/Manifest
index 149b452..d417c49 100644
--- a/project-lakitu/sys-apps/systemd/Manifest
+++ b/project-lakitu/sys-apps/systemd/Manifest
@@ -1 +1 @@
-DIST systemd-stable-248.tar.gz 10307470 BLAKE2B 2506354bc739dbf5706622f14656d9745f2e794e819846ebc57d0107eaa88461cd1c3049c260ebec2523e2f4da3343e161c81fc8f3c76dd98b5e6c0fb6a8212b SHA512 1aa3f30a387a3c3b54aacbe9c01f9de02d740e9d23dbd8d01c365a1047963169155480b4002fffa641baec8b0437e7ad2b04b132939b6169df4728a5ed7cca22
+DIST systemd-stable-248.6.tar.gz 10388927 BLAKE2B a102d0fd37a3422f673ced2bbd5bb88b6589195e1f436f43231fd91d79aaf9f548154a3ab2a62a9b409527b3f2e7a9ea735925364ece15c2e151d06c0e4f303f SHA512 35a9d4a9ae04423959c71ad0175d04a1792b9ab39897a497776b93cea166de58b8fb111207c104c0e747d3ffbd85480d8b0cab38e3dc0defbbf09b15211954ce
diff --git a/project-lakitu/sys-apps/systemd/files/248-change-order-of-pending-events.patch b/project-lakitu/sys-apps/systemd/files/248-change-order-of-pending-events.patch
deleted file mode 100644
index c796bd0..0000000
--- a/project-lakitu/sys-apps/systemd/files/248-change-order-of-pending-events.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-From 81107b8419c39f726fd2805517a5b9faab204e59 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Tue, 8 Jun 2021 00:07:51 -0700
-Subject: [PATCH] sd-event: change ordering of pending/ratelimited events
-
-Instead of ordering non-pending before pending we should order
-"non-pending OR ratelimited" before "pending AND not-ratelimited".
-This fixes a bug where ratelimited events were ordered at the end of the
-priority queue and could be stuck there for an indeterminate amount of
-time.
----
- src/libsystemd/sd-event/sd-event.c | 45 ++++++++++++++----------------
- 1 file changed, 21 insertions(+), 24 deletions(-)
-
-diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
-index 611af45293ac..489878a3e967 100644
---- a/src/libsystemd/sd-event/sd-event.c
-+++ b/src/libsystemd/sd-event/sd-event.c
-@@ -238,25 +238,6 @@ static usec_t time_event_source_next(const sd_event_source *s) {
- return USEC_INFINITY;
- }
-
--static int earliest_time_prioq_compare(const void *a, const void *b) {
-- const sd_event_source *x = a, *y = b;
--
-- /* Enabled ones first */
-- if (x->enabled != SD_EVENT_OFF && y->enabled == SD_EVENT_OFF)
-- return -1;
-- if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
-- return 1;
--
-- /* Move the pending ones to the end */
-- if (!x->pending && y->pending)
-- return -1;
-- if (x->pending && !y->pending)
-- return 1;
--
-- /* Order by time */
-- return CMP(time_event_source_next(x), time_event_source_next(y));
--}
--
- static usec_t time_event_source_latest(const sd_event_source *s) {
- assert(s);
-
-@@ -275,7 +256,15 @@ static usec_t time_event_source_latest(const sd_event_source *s) {
- return USEC_INFINITY;
- }
-
--static int latest_time_prioq_compare(const void *a, const void *b) {
-+static bool event_source_timer_candidate(const sd_event_source *s) {
-+ assert(s);
-+
-+ /* Returns true for event sources that either are not pending yet (i.e. where it's worth to mark them pending)
-+ * or which are currently ratelimited (i.e. where it's worth leaving the ratelimited state) */
-+ return !s->pending || s->ratelimited;
-+}
-+
-+static int time_prioq_compare(const void *a, const void *b, usec_t (*time_func)(const sd_event_source *s)) {
- const sd_event_source *x = a, *y = b;
-
- /* Enabled ones first */
-@@ -284,14 +273,22 @@ static int latest_time_prioq_compare(const void *a, const void *b) {
- if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF)
- return 1;
-
-- /* Move the pending ones to the end */
-- if (!x->pending && y->pending)
-+ /* Order "non-pending OR ratelimited" before "pending AND not-ratelimited" */
-+ if (event_source_timer_candidate(x) && !event_source_timer_candidate(y))
- return -1;
-- if (x->pending && !y->pending)
-+ if (!event_source_timer_candidate(x) && event_source_timer_candidate(y))
- return 1;
-
- /* Order by time */
-- return CMP(time_event_source_latest(x), time_event_source_latest(y));
-+ return CMP(time_func(x), time_func(y));
-+}
-+
-+static int earliest_time_prioq_compare(const void *a, const void *b) {
-+ return time_prioq_compare(a, b, time_event_source_next);
-+}
-+
-+static int latest_time_prioq_compare(const void *a, const void *b) {
-+ return time_prioq_compare(a, b, time_event_source_latest);
- }
-
- static int exit_prioq_compare(const void *a, const void *b) {
-@@ -778,14 +775,15 @@ static void event_source_time_prioq_reshuffle(sd_event_source *s) {
- assert(s);
-
- /* Called whenever the event source's timer ordering properties changed, i.e. time, accuracy,
-- * pending, enable state. Makes sure the two prioq's are ordered properly again. */
-+ * pending, enable state, and ratelimiting state. Makes sure the two prioq's are ordered
-+ * properly again. */
-
- if (s->ratelimited)
- d = &s->event->monotonic;
-- else {
-- assert(EVENT_SOURCE_IS_TIME(s->type));
-+ else if (EVENT_SOURCE_IS_TIME(s->type))
- assert_se(d = event_get_clock_data(s->event, s->type));
-- }
-+ else
-+ return; /* no-op for an event source which is neither a timer nor ratelimited. */
-
- prioq_reshuffle(d->earliest, s, &s->earliest_index);
- prioq_reshuffle(d->latest, s, &s->latest_index);
-@@ -2376,14 +2374,6 @@ static int event_source_offline(
- source_io_unregister(s);
- break;
-
-- case SOURCE_TIME_REALTIME:
-- case SOURCE_TIME_BOOTTIME:
-- case SOURCE_TIME_MONOTONIC:
-- case SOURCE_TIME_REALTIME_ALARM:
-- case SOURCE_TIME_BOOTTIME_ALARM:
-- event_source_time_prioq_reshuffle(s);
-- break;
--
- case SOURCE_SIGNAL:
- event_gc_signal_data(s->event, &s->priority, s->signal.sig);
- break;
-@@ -2404,6 +2394,11 @@ static int event_source_offline(
- prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
- break;
-
-+ case SOURCE_TIME_REALTIME:
-+ case SOURCE_TIME_BOOTTIME:
-+ case SOURCE_TIME_MONOTONIC:
-+ case SOURCE_TIME_REALTIME_ALARM:
-+ case SOURCE_TIME_BOOTTIME_ALARM:
- case SOURCE_DEFER:
- case SOURCE_POST:
- case SOURCE_INOTIFY:
-@@ -2413,6 +2408,9 @@ static int event_source_offline(
- assert_not_reached("Wut? I shouldn't exist.");
- }
-
-+ /* Always reshuffle time prioq, as the ratelimited flag may be changed. */
-+ event_source_time_prioq_reshuffle(s);
-+
- return 1;
- }
-
-@@ -2502,22 +2500,11 @@ static int event_source_online(
- s->ratelimited = ratelimited;
-
- /* Non-failing operations below */
-- switch (s->type) {
-- case SOURCE_TIME_REALTIME:
-- case SOURCE_TIME_BOOTTIME:
-- case SOURCE_TIME_MONOTONIC:
-- case SOURCE_TIME_REALTIME_ALARM:
-- case SOURCE_TIME_BOOTTIME_ALARM:
-- event_source_time_prioq_reshuffle(s);
-- break;
--
-- case SOURCE_EXIT:
-+ if (s->type == SOURCE_EXIT)
- prioq_reshuffle(s->event->exit, s, &s->exit.prioq_index);
-- break;
-
-- default:
-- break;
-- }
-+ /* Always reshuffle time prioq, as the ratelimited flag may be changed. */
-+ event_source_time_prioq_reshuffle(s);
-
- return 1;
- }
diff --git a/project-lakitu/sys-apps/systemd/files/249-basic-unit-name-do-not-use-strdupa-on-a-path.patch b/project-lakitu/sys-apps/systemd/files/249-basic-unit-name-do-not-use-strdupa-on-a-path.patch
deleted file mode 100644
index 70292ea..0000000
--- a/project-lakitu/sys-apps/systemd/files/249-basic-unit-name-do-not-use-strdupa-on-a-path.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 441e0115646d54f080e5c3bb0ba477c892861ab9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 23 Jun 2021 11:46:41 +0200
-Subject: [PATCH] basic/unit-name: do not use strdupa() on a path
-
-The path may have unbounded length, for example through a fuse mount.
-
-CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
-ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
-and each mountpoint is passed to mount_setup_unit(), which calls
-unit_name_path_escape() underneath. A local attacker who is able to mount a
-filesystem with a very long path can crash systemd and the whole system.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1970887
-
-The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
-can't easily check the length after simplification before doing the
-simplification, which in turns uses a copy of the string we can write to.
-So we can't reject paths that are too long before doing the duplication.
-Hence the most obvious solution is to switch back to strdup(), as before
-7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
----
- src/basic/unit-name.c | 13 +++++--------
- 1 file changed, 5 insertions(+), 8 deletions(-)
-
-diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
-index 284a773483..a22763443f 100644
---- a/src/basic/unit-name.c
-+++ b/src/basic/unit-name.c
-@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
- }
-
- int unit_name_path_escape(const char *f, char **ret) {
-- char *p, *s;
-+ _cleanup_free_ char *p = NULL;
-+ char *s;
-
- assert(f);
- assert(ret);
-
-- p = strdupa(f);
-+ p = strdup(f);
- if (!p)
- return -ENOMEM;
-
-@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
- if (!path_is_normalized(p))
- return -EINVAL;
-
-- /* Truncate trailing slashes */
-+ /* Truncate trailing slashes and skip leading slashes */
- delete_trailing_chars(p, "/");
--
-- /* Truncate leading slashes */
-- p = skip_leading_chars(p, "/");
--
-- s = unit_name_escape(p);
-+ s = unit_name_escape(skip_leading_chars(p, "/"));
- }
- if (!s)
- return -ENOMEM;
---
-2.32.0.402.g57bb445576-goog
-
diff --git a/project-lakitu/sys-apps/systemd/systemd-248-r1.ebuild b/project-lakitu/sys-apps/systemd/systemd-248-r1.ebuild
deleted file mode 120000
index 7eeacca..0000000
--- a/project-lakitu/sys-apps/systemd/systemd-248-r1.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-systemd-248.ebuild
\ No newline at end of file
diff --git a/project-lakitu/sys-apps/systemd/systemd-248.6-r1.ebuild b/project-lakitu/sys-apps/systemd/systemd-248.6-r1.ebuild
new file mode 120000
index 0000000..f35a381
--- /dev/null
+++ b/project-lakitu/sys-apps/systemd/systemd-248.6-r1.ebuild
@@ -0,0 +1 @@
+systemd-248.6.ebuild
\ No newline at end of file
diff --git a/project-lakitu/sys-apps/systemd/systemd-248.ebuild b/project-lakitu/sys-apps/systemd/systemd-248.6.ebuild
similarity index 97%
rename from project-lakitu/sys-apps/systemd/systemd-248.ebuild
rename to project-lakitu/sys-apps/systemd/systemd-248.6.ebuild
index c199da4..ad859ff 100644
--- a/project-lakitu/sys-apps/systemd/systemd-248.ebuild
+++ b/project-lakitu/sys-apps/systemd/systemd-248.6.ebuild
@@ -254,16 +254,8 @@
# Boot into multi-user.target instead of graphical.target.
"${FILESDIR}"/239-default-target.patch
"${FILESDIR}"/239-Use-chronyd-as-the-default-NTP-service.patch
- # Fixes b/194238992(CVE-2021-33910)
- "${FILESDIR}"/249-basic-unit-name-do-not-use-strdupa-on-a-path.patch
"${FILESDIR}"/248-add-multi-user-target.patch
"${FILESDIR}"/248-create-multi-user.patch
- # Once enters into ratelimit state, never comes out of it. The patch is combo
- # of the below three commits.
- # https://github.com/systemd/systemd/commit/b323a7d3e6f64fb88384df921f6bfafdc5b53ea4
- # https://github.com/systemd/systemd/commit/5c08c7ab23dbf02aaf4e4bbae8e08a195da230a4
- # https://github.com/systemd/systemd/commit/2115b9b6629eeba7bc9f42f757f38205febb1cb7
- "${FILESDIR}"/248-change-order-of-pending-events.patch
# https://github.com/systemd/systemd/commit/c4de31e
"${FILESDIR}"/248-udev-callouts-path.patch
"${FILESDIR}"/248-remove-kvm-group.patch
