diff --git a/backport-uuidd-fix-open-lock-state-issue.patch b/backport-uuidd-fix-open-lock-state-issue.patch new file mode 100644 index 0000000000000000000000000000000000000000..023bd9c7b08514be90c70cbad89be995d21e0c75 --- /dev/null +++ b/backport-uuidd-fix-open-lock-state-issue.patch @@ -0,0 +1,70 @@ +From 15decf38896b0a56e2cf92d18848ba5479d37135 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Mon, 25 Mar 2024 15:00:24 +0800 +Subject: [PATCH] uuidd: fix open/lock state issue + +* warn on open/lock state issue + +* enable access to /var/lib/libuuid/, because ProtectSystem=strict make it read-only + + openat(AT_FDCWD, "/var/lib/libuuid/clock.txt", + O_RDWR|O_CREAT|O_CLOEXEC, 0660) = -1 EROFS (Read-only file system) + +Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2040366 +Upstream: http://github.com/util-linux/util-linux/commit/f27876f9c1056bf41fd940d5c4990b4277e0024f +Upstream: http://github.com/util-linux/util-linux/commit/417982d0236a12756923d88e627f5e4facf8951c +Signed-off-by: Karel Zak +--- + misc-utils/uuidd.c | 9 ++++++--- + misc-utils/uuidd.service.in | 1 + + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c +index af24efc..715a75b 100644 +--- a/misc-utils/uuidd.c ++++ b/misc-utils/uuidd.c +@@ -461,7 +461,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, + break; + case UUIDD_OP_TIME_UUID: + num = 1; +- __uuid_generate_time(uu, &num); ++ if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet) ++ warnx(_("failed to open/lock clock counter")); + if (uuidd_cxt->debug) { + uuid_unparse(uu, str); + fprintf(stderr, _("Generated time UUID: %s\n"), str); +@@ -471,7 +472,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, + break; + case UUIDD_OP_RANDOM_UUID: + num = 1; +- __uuid_generate_random(uu, &num); ++ if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet) ++ warnx(_("failed to open/lock clock counter")); + if (uuidd_cxt->debug) { + uuid_unparse(uu, str); + fprintf(stderr, _("Generated random UUID: %s\n"), str); +@@ -480,7 +482,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path, + reply_len = sizeof(uu); + break; + case UUIDD_OP_BULK_TIME_UUID: +- __uuid_generate_time(uu, &num); ++ if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet) ++ warnx(_("failed to open/lock clock counter")); + if (uuidd_cxt->debug) { + uuid_unparse(uu, str); + fprintf(stderr, P_("Generated time UUID %s " +diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in +index b4c9c46..e64ca59 100644 +--- a/misc-utils/uuidd.service.in ++++ b/misc-utils/uuidd.service.in +@@ -18,6 +18,7 @@ ProtectKernelModules=yes + ProtectControlGroups=yes + RestrictAddressFamilies=AF_UNIX + MemoryDenyWriteExecute=yes ++ReadWritePaths=/var/lib/libuuid/ + SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io + + [Install] +-- +2.27.0 + diff --git a/util-linux.spec b/util-linux.spec index ba705310bc844b3ba31600bb46a530a43d0eb633..3f0ad1c36bcc8c79f2c0febd11d9eb2853f5cc45 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Name: util-linux Version: 2.35.2 -Release: 13 +Release: 14 Summary: A random collection of Linux utilities License: GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain URL: https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git @@ -72,6 +72,7 @@ Patch6010: backport-CVE-2024-28085.patch Patch9000: Add-check-to-resolve-uname26-version-test-failed.patch Patch9001: openEuler-add-lscpu-get-vendor-for-Phytium.patch +Patch9002: backport-uuidd-fix-open-lock-state-issue.patch %description @@ -420,6 +421,13 @@ fi %{_mandir}/man8/{swapoff.8*,swapon.8*,switch_root.8*,umount.8*,wdctl.8.gz,wipefs.8*,zramctl.8*} %changelog +* Fri Mar 29 2024 cenhuilin - 2.35.2-14 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:sync community patches + backport-uuidd-fix-open-lock-state-issue.patch + * Fri Mar 29 2024 zhangyao - 2.35.2-13 - Type:CVE - CVE:CVE-2024-28085