From cc262b7b578019183d334145c5afa186ff83a19a Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Thu, 14 Apr 2022 15:08:33 -0700 Subject: [PATCH] [main] [bug] Address Constant Journald crash on Mariner 2.0 (#2731) * manually backport fix commit for journald assertion bug * bootstrap package, toolchain manifests * swap out raw diff for the patch, including more information from upstream * add newline to patch * remove redundant comment in specs --- .../systemd/fix-journald-audit-logging.patch | 32 +++++++++++++++++++ SPECS/systemd/systemd-bootstrap.spec | 7 +++- SPECS/systemd/systemd.spec | 7 +++- .../manifests/package/toolchain_aarch64.txt | 8 ++--- .../manifests/package/toolchain_x86_64.txt | 8 ++--- 5 files changed, 52 insertions(+), 10 deletions(-) create mode 100644 SPECS/systemd/fix-journald-audit-logging.patch diff --git a/SPECS/systemd/fix-journald-audit-logging.patch b/SPECS/systemd/fix-journald-audit-logging.patch new file mode 100644 index 0000000000..b802ead2c6 --- /dev/null +++ b/SPECS/systemd/fix-journald-audit-logging.patch @@ -0,0 +1,32 @@ +From df4ec48f45f518b6926e02ef4d77c8ed1a8b4e2c Mon Sep 17 00:00:00 2001 +From: YmrDtnJu +Date: Fri, 21 Jan 2022 18:21:27 +0100 +Subject: [PATCH] Fix journald audit logging with fields > + N_IOVEC_AUDIT_FIELDS. + +ELEMENTSOF(iovec) is not the correct value for the newly introduced parameter m +to function map_all_fields because it is the maximum number of elements in the +iovec array, including those reserved for N_IOVEC_META_FIELDS. The correct +value is the current number of already used elements in the array plus the +maximum number to use for fields decoded from the kernel audit message. + +Upstream fix for journald-audit issue, +No longer needed when upgrading to v251+ +Signed-off-by: Cameron Baird +--- + src/journal/journald-audit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c +index a8e3b175ac49..ea535a27af7f 100644 +--- a/src/journal/journald-audit.c ++++ b/src/journal/journald-audit.c +@@ -399,7 +399,7 @@ void process_audit_string(Server *s, int type, const char *data, size_t size) { + + z = n; + +- map_all_fields(p, map_fields_kernel, "_AUDIT_FIELD_", true, iovec, &n, ELEMENTSOF(iovec)); ++ map_all_fields(p, map_fields_kernel, "_AUDIT_FIELD_", true, iovec, &n, n + N_IOVEC_AUDIT_FIELDS); + + server_dispatch_message(s, iovec, n, ELEMENTSOF(iovec), NULL, NULL, LOG_NOTICE, 0); + \ No newline at end of file diff --git a/SPECS/systemd/systemd-bootstrap.spec b/SPECS/systemd/systemd-bootstrap.spec index 2807b935ac..936ab2de49 100644 --- a/SPECS/systemd/systemd-bootstrap.spec +++ b/SPECS/systemd/systemd-bootstrap.spec @@ -1,7 +1,7 @@ Summary: Bootstrap version of systemd. Workaround for systemd circular dependency. Name: systemd-bootstrap Version: 250.3 -Release: 2%{?dist} +Release: 3%{?dist} License: LGPLv2+ AND GPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -11,6 +11,7 @@ Source0: https://github.com/systemd/systemd-stable/archive/v%{version}.ta Source1: 50-security-hardening.conf Source2: systemd.cfg Source3: 99-dhcp-en.network +Patch0: fix-journald-audit-logging.patch BuildRequires: docbook-dtd-xml BuildRequires: docbook-style-xsl BuildRequires: gettext @@ -227,6 +228,10 @@ systemctl preset-all %{_datadir}/pkgconfig/udev.pc %changelog +* Wed Apr 13 2022 Cameron Baird - 250.3-3 +- Bring in an upstream change as patch fix-journald-audit-logging.patch +- to prevent many-fielded audit messages from crashing systemd-journal + * Thu Mar 17 2022 Andrew Phelps - 250.3-2 - Disable zstd configuration to ensure lz4 compression is used for journal files and coredumps diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec index 96be7f06db..4905edbce7 100644 --- a/SPECS/systemd/systemd.spec +++ b/SPECS/systemd/systemd.spec @@ -1,7 +1,7 @@ Summary: Systemd-250 Name: systemd Version: 250.3 -Release: 3%{?dist} +Release: 4%{?dist} License: LGPLv2+ AND GPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -11,6 +11,7 @@ Source0: https://github.com/%{name}/%{name}-stable/archive/v%{version}.ta Source1: 50-security-hardening.conf Source2: systemd.cfg Source3: 99-dhcp-en.network +Patch0: fix-journald-audit-logging.patch BuildRequires: cryptsetup-devel BuildRequires: docbook-dtd-xml BuildRequires: docbook-style-xsl @@ -257,6 +258,10 @@ systemctl preset-all %files lang -f %{name}.lang %changelog +* Wed Apr 13 2022 Cameron Baird - 250.3-4 +- Bring in an upstream change as patch fix-journald-audit-logging.patch +- to prevent many-fielded audit messages from crashing systemd-journal + * Thu Mar 24 2022 Andrew Phelps - 250.3-3 - Add Requires(post) on audit-libs, pam and util-linux-devel diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 6e18d8674f..04195d4cff 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -543,10 +543,10 @@ sqlite-devel-3.36.0-2.cm2.aarch64.rpm sqlite-libs-3.36.0-2.cm2.aarch64.rpm swig-4.0.2-3.cm2.aarch64.rpm swig-debuginfo-4.0.2-3.cm2.aarch64.rpm -systemd-bootstrap-250.3-2.cm2.aarch64.rpm -systemd-bootstrap-debuginfo-250.3-2.cm2.aarch64.rpm -systemd-bootstrap-devel-250.3-2.cm2.aarch64.rpm -systemd-bootstrap-rpm-macros-250.3-2.cm2.noarch.rpm +systemd-bootstrap-250.3-3.cm2.aarch64.rpm +systemd-bootstrap-debuginfo-250.3-3.cm2.aarch64.rpm +systemd-bootstrap-devel-250.3-3.cm2.aarch64.rpm +systemd-bootstrap-rpm-macros-250.3-3.cm2.noarch.rpm tar-1.34-1.cm2.aarch64.rpm tar-debuginfo-1.34-1.cm2.aarch64.rpm tdnf-3.2.2-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index bbc84c037d..a5f6814775 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -543,10 +543,10 @@ sqlite-devel-3.36.0-2.cm2.x86_64.rpm sqlite-libs-3.36.0-2.cm2.x86_64.rpm swig-4.0.2-3.cm2.x86_64.rpm swig-debuginfo-4.0.2-3.cm2.x86_64.rpm -systemd-bootstrap-250.3-2.cm2.x86_64.rpm -systemd-bootstrap-debuginfo-250.3-2.cm2.x86_64.rpm -systemd-bootstrap-devel-250.3-2.cm2.x86_64.rpm -systemd-bootstrap-rpm-macros-250.3-2.cm2.noarch.rpm +systemd-bootstrap-250.3-3.cm2.x86_64.rpm +systemd-bootstrap-debuginfo-250.3-3.cm2.x86_64.rpm +systemd-bootstrap-devel-250.3-3.cm2.x86_64.rpm +systemd-bootstrap-rpm-macros-250.3-3.cm2.noarch.rpm tar-1.34-1.cm2.x86_64.rpm tar-debuginfo-1.34-1.cm2.x86_64.rpm tdnf-3.2.2-2.cm2.x86_64.rpm