[main] [bug] Address Constant Journald crash on Mariner 2.0 (#2731)

* manually backport fix commit for journald assertion bug

* bootstrap package, toolchain manifests

* swap out raw diff for the patch, including more information from upstream

* add newline to patch

* remove redundant comment in specs

SPECS/systemd/fix-journald-audit-logging.patch

@@ -0,0 +1,32 @@
+From df4ec48f45f518b6926e02ef4d77c8ed1a8b4e2c Mon Sep 17 00:00:00 2001
+From: YmrDtnJu <YmrDtnJu@users.noreply.github.com>
+Date: Fri, 21 Jan 2022 18:21:27 +0100
+Subject: [PATCH] Fix journald audit logging with fields >
+ N_IOVEC_AUDIT_FIELDS.
+
+ELEMENTSOF(iovec) is not the correct value for the newly introduced parameter m
+to function map_all_fields because it is the maximum number of elements in the
+iovec array, including those reserved for N_IOVEC_META_FIELDS. The correct
+value is the current number of already used elements in the array plus the
+maximum number to use for fields decoded from the kernel audit message.
+
+Upstream fix for journald-audit issue,
+No longer needed when upgrading to v251+ 
+Signed-off-by: Cameron Baird <cameronbaird@microsoft.com>
+---
+ src/journal/journald-audit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
+index a8e3b175ac49..ea535a27af7f 100644
+--- a/src/journal/journald-audit.c
++++ b/src/journal/journald-audit.c
+@@ -399,7 +399,7 @@ void process_audit_string(Server *s, int type, const char *data, size_t size) {
+ 
+         z = n;
+ 
+-        map_all_fields(p, map_fields_kernel, "_AUDIT_FIELD_", true, iovec, &n, ELEMENTSOF(iovec));
++        map_all_fields(p, map_fields_kernel, "_AUDIT_FIELD_", true, iovec, &n, n + N_IOVEC_AUDIT_FIELDS);
+ 
+         server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, LOG_NOTICE, 0);
+         

SPECS/systemd/systemd-bootstrap.spec

@@ -1,7 +1,7 @@
 Summary:        Bootstrap version of systemd. Workaround for systemd circular dependency.
 Name:           systemd-bootstrap
 Version:        250.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        LGPLv2+ AND GPLv2+ AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -11,6 +11,7 @@ Source0:        https://github.com/systemd/systemd-stable/archive/v%{version}.ta
 Source1:        50-security-hardening.conf
 Source2:        systemd.cfg
 Source3:        99-dhcp-en.network
+Patch0:         fix-journald-audit-logging.patch
 BuildRequires:  docbook-dtd-xml
 BuildRequires:  docbook-style-xsl
 BuildRequires:  gettext
@@ -227,6 +228,10 @@ systemctl preset-all
 %{_datadir}/pkgconfig/udev.pc
 
 %changelog
+* Wed Apr 13 2022 Cameron Baird <cameronbaird@microsoft.com> - 250.3-3
+- Bring in an upstream change as patch fix-journald-audit-logging.patch
+- to prevent many-fielded audit messages from crashing systemd-journal
+
 * Thu Mar 17 2022 Andrew Phelps <anphel@microsoft.com> - 250.3-2
 - Disable zstd configuration to ensure lz4 compression is used for journal files and coredumps
 

SPECS/systemd/systemd.spec

@@ -1,7 +1,7 @@
 Summary:        Systemd-250
 Name:           systemd
 Version:        250.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        LGPLv2+ AND GPLv2+ AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -11,6 +11,7 @@ Source0:        https://github.com/%{name}/%{name}-stable/archive/v%{version}.ta
 Source1:        50-security-hardening.conf
 Source2:        systemd.cfg
 Source3:        99-dhcp-en.network
+Patch0:         fix-journald-audit-logging.patch
 BuildRequires:  cryptsetup-devel
 BuildRequires:  docbook-dtd-xml
 BuildRequires:  docbook-style-xsl
@@ -257,6 +258,10 @@ systemctl preset-all
 %files lang -f %{name}.lang
 
 %changelog
+* Wed Apr 13 2022 Cameron Baird <cameronbaird@microsoft.com> - 250.3-4
+- Bring in an upstream change as patch fix-journald-audit-logging.patch
+- to prevent many-fielded audit messages from crashing systemd-journal
+
 * Thu Mar 24 2022 Andrew Phelps <anphel@microsoft.com> - 250.3-3
 - Add Requires(post) on audit-libs, pam and util-linux-devel
 

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -543,10 +543,10 @@ sqlite-devel-3.36.0-2.cm2.aarch64.rpm
 sqlite-libs-3.36.0-2.cm2.aarch64.rpm
 swig-4.0.2-3.cm2.aarch64.rpm
 swig-debuginfo-4.0.2-3.cm2.aarch64.rpm
-systemd-bootstrap-250.3-2.cm2.aarch64.rpm
-systemd-bootstrap-debuginfo-250.3-2.cm2.aarch64.rpm
-systemd-bootstrap-devel-250.3-2.cm2.aarch64.rpm
-systemd-bootstrap-rpm-macros-250.3-2.cm2.noarch.rpm
+systemd-bootstrap-250.3-3.cm2.aarch64.rpm
+systemd-bootstrap-debuginfo-250.3-3.cm2.aarch64.rpm
+systemd-bootstrap-devel-250.3-3.cm2.aarch64.rpm
+systemd-bootstrap-rpm-macros-250.3-3.cm2.noarch.rpm
 tar-1.34-1.cm2.aarch64.rpm
 tar-debuginfo-1.34-1.cm2.aarch64.rpm
 tdnf-3.2.2-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -543,10 +543,10 @@ sqlite-devel-3.36.0-2.cm2.x86_64.rpm
 sqlite-libs-3.36.0-2.cm2.x86_64.rpm
 swig-4.0.2-3.cm2.x86_64.rpm
 swig-debuginfo-4.0.2-3.cm2.x86_64.rpm
-systemd-bootstrap-250.3-2.cm2.x86_64.rpm
-systemd-bootstrap-debuginfo-250.3-2.cm2.x86_64.rpm
-systemd-bootstrap-devel-250.3-2.cm2.x86_64.rpm
-systemd-bootstrap-rpm-macros-250.3-2.cm2.noarch.rpm
+systemd-bootstrap-250.3-3.cm2.x86_64.rpm
+systemd-bootstrap-debuginfo-250.3-3.cm2.x86_64.rpm
+systemd-bootstrap-devel-250.3-3.cm2.x86_64.rpm
+systemd-bootstrap-rpm-macros-250.3-3.cm2.noarch.rpm
 tar-1.34-1.cm2.x86_64.rpm
 tar-debuginfo-1.34-1.cm2.x86_64.rpm
 tdnf-3.2.2-2.cm2.x86_64.rpm