+++ /dev/null
-From 156a5fd297b61bce31630d7a52c15614bf784843 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 31 May 2020 18:21:09 +0200
-Subject: [PATCH 1/1] basic/user-util: always use base 10 for user/group
- numbers
-
-We would parse numbers with base prefixes as user identifiers. For example,
-"0x2b3bfa0" would be interpreted as UID==45334432 and "01750" would be
-interpreted as UID==1000. This parsing was used also in cases where either a
-user/group name or number may be specified. This means that names like
-0x2b3bfa0 would be ambiguous: they are a valid user name according to our
-documented relaxed rules, but they would also be parsed as numeric uids.
-
-This behaviour is definitely not expected by users, since tools generally only
-accept decimal numbers (e.g. id, getent passwd), while other tools only accept
-user names and thus will interpret such strings as user names without even
-attempting to convert them to numbers (su, ssh). So let's follow suit and only
-accept numbers in decimal notation. Effectively this means that we will reject
-such strings as a username/uid/groupname/gid where strict mode is used, and try
-to look up a user/group with such a name in relaxed mode.
-
-Since the function changed is fairly low-level and fairly widely used, this
-affects multiple tools: loginctl show-user/enable-linger/disable-linger foo',
-the third argument in sysusers.d, fourth and fifth arguments in tmpfiles.d,
-etc.
-
-Fixes #15985.
----
- src/basic/user-util.c | 2 +-
- src/test/test-user-util.c | 10 ++++++++++
- 2 files changed, 11 insertions(+), 1 deletion(-)
-
---- end of commit 156a5fd297b61bce31630d7a52c15614bf784843 ---
-
-
-Add definition of safe_atou32_full() from commit b934ac3d6e7dcad114776ef30ee9098693e7ab7e
-
-CVE: CVE-2020-13776
-
-Upstream-Status: Backport [https://github.com/systemd/systemd.git]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
-
-
---- git.orig/src/basic/user-util.c
-+++ git/src/basic/user-util.c
-@@ -49,7 +49,7 @@ int parse_uid(const char *s, uid_t *ret)
- assert(s);
-
- assert_cc(sizeof(uid_t) == sizeof(uint32_t));
-- r = safe_atou32(s, &uid);
-+ r = safe_atou32_full(s, 10, &uid);
- if (r < 0)
- return r;
-
---- git.orig/src/test/test-user-util.c
-+++ git/src/test/test-user-util.c
-@@ -48,9 +48,19 @@ static void test_parse_uid(void) {
-
- r = parse_uid("65535", &uid);
- assert_se(r == -ENXIO);
-+ assert_se(uid == 100);
-+
-+ r = parse_uid("0x1234", &uid);
-+ assert_se(r == -EINVAL);
-+ assert_se(uid == 100);
-+
-+ r = parse_uid("01234", &uid);
-+ assert_se(r == 0);
-+ assert_se(uid == 1234);
-
- r = parse_uid("asdsdas", &uid);
- assert_se(r == -EINVAL);
-+ assert_se(uid == 1234);
- }
-
- static void test_uid_ptr(void) {
---- git.orig/src/basic/parse-util.h
-+++ git/src/basic/parse-util.h
-@@ -45,9 +45,13 @@ static inline int safe_atoux16(const cha
-
- int safe_atoi16(const char *s, int16_t *ret);
-
--static inline int safe_atou32(const char *s, uint32_t *ret_u) {
-+static inline int safe_atou32_full(const char *s, unsigned base, uint32_t *ret_u) {
- assert_cc(sizeof(uint32_t) == sizeof(unsigned));
-- return safe_atou(s, (unsigned*) ret_u);
-+ return safe_atou_full(s, base, (unsigned*) ret_u);
-+}
-+
-+static inline int safe_atou32(const char *s, uint32_t *ret_u) {
-+ return safe_atou32_full(s, 0, (unsigned*) ret_u);
- }
-
- static inline int safe_atoi32(const char *s, int32_t *ret_i) {
+++ /dev/null
-From 0335d110afc08baf47d76b7011ce02510dfdd524 Mon Sep 17 00:00:00 2001
-From: Valery0xff <valery.chernous@gmail.com>
-Date: Wed, 11 Mar 2020 02:20:36 +0200
-Subject: [PATCH] udev: fix SECLABEL{selinux} issue (#15064)
-
-Add SECLABEL{selinux}="some value" cause udevadm crash
-systemd-udevd[x]: Worker [x] terminated by signal 11 (SEGV)
-
-It happens since 25de7aa7b90 (Yu Watanabe 2019-04-25 01:21:11 +0200)
-when udev rules processing changed to token model. Yu forgot store
-attr to SECLABEL token so fix it.
----
- src/udev/udev-rules.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Upstream-Status: Backport [https://github.com/systemd/systemd/commit/0335d110afc08baf47d76b7011ce02510dfdd524.patch]
----
-diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
-index b9b350d1ef..b990f68e93 100644
---- a/src/udev/udev-rules.c
-+++ b/src/udev/udev-rules.c
-@@ -921,7 +921,7 @@ static int parse_token(UdevRules *rules, const char *key, char *attr, UdevRuleOp
- op = OP_ASSIGN;
- }
-
-- r = rule_line_add_token(rule_line, TK_A_SECLABEL, op, value, NULL);
-+ r = rule_line_add_token(rule_line, TK_A_SECLABEL, op, value, attr);
- } else if (streq(key, "RUN")) {
- if (is_match || op == OP_REMOVE)
- return log_token_invalid_op(rules, key);
