!861 Fix CVE-2023-7008

From: @zhang-yao-2022 
Reviewed-by: @xujing99 
Signed-off-by: @xujing99

Systemd-Add-sw64-architecture.patch

@@ -132,6 +132,15 @@ index 402fdd0..9680923 100644
  #  elif defined(__arc__) || defined(__tilegx__)
  #    define systemd_NR_getrandom 278
  #  elif defined(__arm__)
+@@ -258,6 +258,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range);
+ #    define systemd_NR_fchmodat2 452
+ #  elif defined(__alpha__)
+ #    define systemd_NR_fchmodat2 562
++#  elif defined(__sw_64__)
++#    define systemd_NR_fchmodat2 191
+ #  elif defined(__arc__) || defined(__tilegx__)
+ #    define systemd_NR_fchmodat2 452
+ #  elif defined(__arm__)
 @@ -319,6 +328,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom);
  #    define systemd_NR_memfd_create 279
  #  elif defined(__alpha__)
@@ -146,7 +155,7 @@ index 402fdd0..9680923 100644
  #  elif defined(__alpha__)
  #    define systemd_NR_mount_setattr 552
 +#  elif defined(__sw_64__)
-+#    define systemd_NR_mount_setattr 552
++#    define systemd_NR_mount_setattr 181
  #  elif defined(__arc__) || defined(__tilegx__)
  #    define systemd_NR_mount_setattr 442
  #  elif defined(__arm__)

backport-CVE-2023-7008.patch

@@ -0,0 +1,39 @@
+From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Wed, 20 Dec 2023 16:44:14 +0100
+Subject: [PATCH] resolved: actually check authenticated flag of SOA
+ transaction
+
+Fixes #25676
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
+---
+ src/resolve/resolved-dns-transaction.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
+index 696fce532a..fe88e502e7 100644
+--- a/src/resolve/resolved-dns-transaction.c
++++ b/src/resolve/resolved-dns-transaction.c
+@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+                         if (r == 0)
+                                 continue;
+ 
+-                        return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
++                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+                 }
+ 
+                 return true;
+@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
+                         /* We found the transaction that was supposed to find the SOA RR for us. It was
+                          * successful, but found no RR for us. This means we are not at a zone cut. In this
+                          * case, we require authentication if the SOA lookup was authenticated too. */
+-                        return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
++                        return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+                 }
+ 
+                 return true;
+-- 
+2.33.0
+

backport-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch

@@ -0,0 +1,44 @@
+From 71efbe69b6b7a0d6a663b8dbe6fe4d8f5655848a Mon Sep 17 00:00:00 2001
+From: Luca Boccassi <luca.boccassi@gmail.com>
+Date: Mon, 6 Jan 2025 18:16:29 +0000
+Subject: [PATCH] core: fix assert when AddDependencyUnitFiles is called with
+ invalid parameter
+
+unit_file_add_dependency() asserts, so check before calling it that the
+type is expected, or return EINVAL to the caller.
+
+root@localhost:~# busctl call org.freedesktop.systemd1 /org/freedesktop/systemd1 org.freedesktop.systemd1.Manager AddDependencyUnitFiles "asssbb" 0 uwhatm8 After 1 1
+
+Broadcast message from systemd-journald@localhost (Mon 2025-01-06 18:12:14 UTC):
+
+systemd[1]: Caught <ABRT>, from our own process.
+
+Fixes https://github.com/systemd/systemd/issues/35882
+
+(cherry picked from commit d87dc74e8f1a30d72a0f202e411400bab34ab55a)
+(cherry picked from commit b6792202f31c4e83d23a944b845e1f17fc14f619)
+(cherry picked from commit c65056e1318fe20cf9b62771ffa589abe2c21a76)
+(cherry picked from commit 4d47117b05f2bd836c465c3efdee69c5a573e8d6)
+
+Conflict:context adaptation
+Reference:https://github.com/systemd/systemd-stable/commit/71efbe69b6b7a0d6a663b8dbe6fe4d8f5655848a
+---
+ src/core/dbus-manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 856dd3b5dc..dea69bb6e2 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -2820,7 +2820,7 @@ static int method_add_dependency_unit_files(sd_bus_message *message, void *userd
+         flags = unit_file_bools_to_flags(runtime, force);
+ 
+         dep = unit_dependency_from_string(type);
+-        if (dep < 0)
++        if (dep < 0 || !IN_SET(dep, UNIT_WANTS, UNIT_REQUIRES))
+                 return -EINVAL;
+ 
+         r = unit_file_add_dependency(m->runtime_scope, flags, NULL, l, target, dep, &changes, &n_changes);
+-- 
+2.33.0
+

backport-execute-free-syscall_log-hashmap-when-done.patch

@@ -0,0 +1,32 @@
+From 742f3232bcddbbb47bfad3ad22e2de15c49f0325 Mon Sep 17 00:00:00 2001
+From: David Tardon <dtardon@redhat.com>
+Date: Thu, 28 Nov 2024 13:33:55 +0100
+Subject: [PATCH] execute: free syscall_log hashmap when done
+
+Fixes #35394
+
+(cherry picked from commit c3dc460b6c3f062af540e4233c65ac12c01077fa)
+(cherry picked from commit f15fd96efd5ebdfb18746acb0cbb35a4331b4d8b)
+(cherry picked from commit a9c650b207369d047ac9c0f21d6d70590173df45)
+
+Conflict:context adaptation
+Reference:https://github.com/systemd/systemd-stable/commit/742f3232bcddbbb47bfad3ad22e2de15c49f0325
+---
+ src/core/execute.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index e6fcb115b7..7b7b97ae9c 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -6225,6 +6225,7 @@ void exec_context_done(ExecContext *c) {
+ 
+         c->syscall_filter = hashmap_free(c->syscall_filter);
+         c->syscall_archs = set_free(c->syscall_archs);
++        c->syscall_log = hashmap_free(c->syscall_log);
+         c->address_families = set_free(c->address_families);
+ 
+         FOREACH_ARRAY(d, c->directories, _EXEC_DIRECTORY_TYPE_MAX)
+-- 
+2.33.0
+

backport-logind-let-system-wide-idle-begin-at-the-time-logind.patch

@@ -0,0 +1,76 @@
+From dcb86edde5ef3b70f68abb7ed8bb0be63f28485b Mon Sep 17 00:00:00 2001
+From: Florian Schmaus <flo@geekplace.eu>
+Date: Sat, 16 Nov 2024 10:29:35 +0100
+Subject: [PATCH] logind: let system-wide idle begin at the time logind was
+ initialized
+
+Initialize the start of the system-wide idle time with the time logind was
+initialized and not with the start of the Unix epoch. This means that systemd
+will not repport a unreasonable long idle time (around 54 years at the time of
+writing this), especially at in the early boot, while no login manager session,
+e.g,. gdm, had a chance to provide a more accurate start of the idle period.
+
+Fixes #35163
+
+(cherry picked from commit 718b31138b9a93f262259f297ad6b521454decc6)
+(cherry picked from commit 9d36809256c6d92c6d8358769479ad2c2b695664)
+(cherry picked from commit 77b963c31712ef81786fcc6623fe1b10a46b62e0)
+(cherry picked from commit cd6f07effafdcb9e1c903589a8cf398cd46b8acd)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd-stable/commit/dcb86edde5ef3b70f68abb7ed8bb0be63f28485b
+---
+ src/login/logind-core.c | 6 +++++-
+ src/login/logind.c      | 2 ++
+ src/login/logind.h      | 2 ++
+ 3 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/login/logind-core.c b/src/login/logind-core.c
+index c47f7f0d8b..ac91a68682 100644
+--- a/src/login/logind-core.c
++++ b/src/login/logind-core.c
+@@ -399,10 +399,14 @@ int manager_get_user_by_pid(Manager *m, pid_t pid, User **ret) {
+ int manager_get_idle_hint(Manager *m, dual_timestamp *t) {
+         Session *s;
+         bool idle_hint;
+-        dual_timestamp ts = DUAL_TIMESTAMP_NULL;
++        dual_timestamp ts;
+ 
+         assert(m);
+ 
++        /* Initialize the baseline timestamp with the time the manager got initialized to avoid reporting
++         * unreasonable large idle periods starting with the Unix epoch. */
++        ts = m->init_ts;
++
+         idle_hint = !manager_is_inhibited(m, INHIBIT_IDLE, INHIBIT_BLOCK, t, false, false, 0, NULL);
+ 
+         HASHMAP_FOREACH(s, m->sessions) {
+diff --git a/src/login/logind.c b/src/login/logind.c
+index 88e05bb769..23c906f144 100644
+--- a/src/login/logind.c
++++ b/src/login/logind.c
+@@ -102,6 +102,8 @@ static int manager_new(Manager **ret) {
+ 
+         (void) sd_event_set_watchdog(m->event, true);
+ 
++        dual_timestamp_now(&m->init_ts);
++
+         manager_reset_config(m);
+ 
+         *ret = TAKE_PTR(m);
+diff --git a/src/login/logind.h b/src/login/logind.h
+index 7532d379c0..51a510ed78 100644
+--- a/src/login/logind.h
++++ b/src/login/logind.h
+@@ -139,6 +139,8 @@ struct Manager {
+ 
+         char *efi_loader_entry_one_shot;
+         struct stat efi_loader_entry_one_shot_stat;
++
++        dual_timestamp init_ts;
+ };
+ 
+ void manager_reset_config(Manager *m);
+-- 
+2.33.0
+

backport-shutdown-close-DM-block-device-before-issuing-DM_DEV.patch

@@ -0,0 +1,53 @@
+From c7689286f631b1dc6b4d7a56c9f056eb1d2eead1 Mon Sep 17 00:00:00 2001
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 23 Nov 2024 05:47:40 +0900
+Subject: [PATCH] shutdown: close DM block device before issuing DM_DEV_REMOVE
+ ioctl
+
+Otherwise, the ioctl() may fail with EBUSY.
+
+Follow-up for b4b66b26620bfaf5818c95d5cffafd85207694e7.
+Hopefully fixes #35243.
+
+(cherry picked from commit b76730f3fe0e824db001b38c8ea848302be786ee)
+(cherry picked from commit b30364a0378881c6f0d0ff3124f56f4da989d91c)
+(cherry picked from commit bb1823d3ffcf432b5175ef24049b65e7b348705b)
+
+Conflict:NA
+Reference:https://github.com/systemd/systemd-stable/commit/c7689286f631b1dc6b4d7a56c9f056eb1d2eead1
+---
+ src/shutdown/detach-dm.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/shutdown/detach-dm.c b/src/shutdown/detach-dm.c
+index 0d1b0fc451..d6bc78df41 100644
+--- a/src/shutdown/detach-dm.c
++++ b/src/shutdown/detach-dm.c
+@@ -98,15 +98,17 @@ static int delete_dm(DeviceMapper *m) {
+         assert(major(m->devnum) != 0);
+         assert(m->path);
+ 
+-        fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
++        fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
+         if (fd < 0)
+-                return -errno;
+-
+-        _cleanup_close_ int block_fd = open(m->path, O_RDONLY|O_CLOEXEC|O_NONBLOCK);
+-        if (block_fd < 0)
+                 log_debug_errno(errno, "Failed to open DM block device %s for syncing, ignoring: %m", m->path);
+-        else
+-                (void) sync_with_progress(block_fd);
++        else {
++                (void) sync_with_progress(fd);
++                fd = safe_close(fd);
++        }
++
++        fd = open("/dev/mapper/control", O_RDWR|O_CLOEXEC);
++        if (fd < 0)
++                return log_debug_errno(errno, "Failed to open /dev/mapper/control: %m");
+ 
+         return RET_NERRNO(ioctl(fd, DM_DEV_REMOVE, &(struct dm_ioctl) {
+                 .version = {
+-- 
+2.33.0
+

delete-Assertion-o-object.type-OBJECT_ENTRY_ARRAY.patch

@@ -0,0 +1,27 @@
+From e69a0842d76e0c4f2d14a9a82a3397a20fbaf999 Mon Sep 17 00:00:00 2001
+From: huyubiao <huyubiao@huawei.com>
+Date: Fri, 27 Dec 2024 15:27:31 +0800
+Subject: [PATCH] delete Assertion 'o->object.type == OBJECT_ENTRY_ARRAY'
+
+---
+ src/libsystemd/sd-journal/journal-file.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c
+index 090d506..38d2a85 100644
+--- a/src/libsystemd/sd-journal/journal-file.c
++++ b/src/libsystemd/sd-journal/journal-file.c
+@@ -2724,7 +2724,9 @@ static int bump_entry_array(
+ 
+         if (direction == DIRECTION_DOWN) {
+                 assert(o);
+-                assert(o->object.type == OBJECT_ENTRY_ARRAY);
++                if (o->object.type != OBJECT_ENTRY_ARRAY) {
++                    return -EBADMSG;
++                }
+ 
+                 *ret = le64toh(o->entry_array.next_entry_array_offset);
+         } else {
+-- 
+2.33.0
+

systemd.spec

@@ -25,7 +25,7 @@
 Name:           systemd
 Url:            https://systemd.io/
 Version:        255
-Release:        36
+Release:        41
 License:        MIT and LGPLv2+ and GPLv2+
 Summary:        System and Service Manager
 
@@ -96,6 +96,13 @@ Patch6042:      backport-journalctl-erase-verify-key-before-free.patch
 Patch6043:      backport-core-service-use-log_unit_-where-appropriate.patch
 Patch6044:      backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
 Patch6045:      backport-core-Log-in-more-scenarios-about-which-process-initi.patch
+Patch6046:      backport-repart-fix-memory-leak.patch
+Patch6047:      backport-fix-memory-leak-in-cryptsetup-generator.patch
+Patch6648:      backport-shutdown-close-DM-block-device-before-issuing-DM_DEV.patch
+Patch6649:      backport-execute-free-syscall_log-hashmap-when-done.patch
+Patch6650:      backport-logind-let-system-wide-idle-begin-at-the-time-logind.patch
+Patch6651:      backport-core-fix-assert-when-AddDependencyUnitFiles-is-calle.patch
+Patch6652:      backport-CVE-2023-7008.patch
 
 Patch9008:      update-rtc-with-system-clock-when-shutdown.patch
 Patch9009:      udev-add-actions-while-rename-netif-failed.patch
@@ -150,10 +157,9 @@ Patch9057:      add-a-new-switch-to-control-whether-udev-complies-wi.patch
 Patch9058:      journal-don-t-enable-systemd-journald-audit.socket.patch
 Patch9059:      systemd-fstab-generator-print-logs-only-to-kmsg.patch
 Patch9060:      systemd-logind-add-log-to-display-devices.patch
+Patch9061:      delete-Assertion-o-object.type-OBJECT_ENTRY_ARRAY.patch
 
 Patch9801:      Systemd-Add-sw64-architecture.patch
-Patch9802:      backport-repart-fix-memory-leak.patch
-Patch9803:      backport-fix-memory-leak-in-cryptsetup-generator.patch
 
 BuildRequires:  gcc, gcc-c++
 BuildRequires:  libcap-devel, libmount-devel, pam-devel, libselinux-devel
@@ -347,14 +353,7 @@ systemd-cryptsetup is used to set up (with attach) and tear down (with detach) a
 %package_help
 
 %prep
-%autosetup -n %{name}-%{version} -p1 -Sgit -N
-# DO NOT USE "%patch -R" TO REVERT A PATCH. If your patch is only used in
-# specific scenarios or architectures, please put it after Patch9800 and
-# use "%ifarch" to patch it after applying all other patches.
-%autopatch -M 9800
-%ifarch sw_64
-%autopatch 9801
-%endif
+%autosetup -n %{name}-%{version} -p1 -Sgit
 
 %build
 
@@ -1690,6 +1689,21 @@ fi
 %{_unitdir}/veritysetup.target
 
 %changelog
+* Mon Apr 28 2025 zhangyao <zhangyao108@huawei.com> - 255-41
+- actually check authenticated flag of SOA transaction in resolved
+
+* Fri Apr 18 2025 wangyuhang <wangyuhang27@huawei.com> - 255-40
+- sync patch from systemd community
+
+* Sat Mar 29 2025 Han Jinpeng <hanjinpeng@kylinos.cn> - 255-39
+- Fix patch number position and changelog date error
+
+* Mon Mar 10 2025 mahailiang <mahailiang@uniontech.com> - 255-38
+- update sw_64 patch
+
+* Thu Jan 9 2025 huyubiao <huyubiao@huawei.com> - 255-37
+- delete Assertion o->object.type == OBJECT_ENTRY_ARRAY from the bump_entry_array
+
 * Tue Dec 31 2024 fuanan <fuanan3@h-partners.com> - 255-36
 - systemd-logind button_dispatch add log to display devices that triggered the button
 
@@ -2022,7 +2036,7 @@ fi
 * Wed Dec 8 2021 yangmingtai <yangmingtai@huawei.com> - 249-1
 - systemd update to v249
 
-* Tue Dec 28 2021 licunlong <licunlong1@huawei.com> - 248-15
+* Wed Dec 8 2021 licunlong <licunlong1@huawei.com> - 248-15
 - fix typo: disable not denable.
 
 * Wed Dec 01 2021 licunlong <licunlong1@huawei.com> - 248-14