Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: tho...@fiasko-nw.net
Hello,
we require a small update for stable of needrestart to fix #1005953
This update already includes the security update from yesterday (3.5-4+deb11u1),
to be on the safe side I attached the full debdiff (with the approved security
update).
[ Reason ]
It is required, because the initial changes were introduced with a systemd
update
[ Impact ]
Detection of restarts does not work as excepted in every case
[ Tests ]
Manual tested by myself, patch already in unstable/testing
[ Risks ]
No risk
[ Checklist ]
[x ] *all* changes are documented in the d/changelog
[x ] I reviewed all changes and I approve them
[x ] attach debdiff against the package in (old)stable
[x ] the issue is verified as fixed in unstable
diff -Naur tags/3.5-4/debian/changelog branches/bullseye/debian/changelog
--- tags/3.5-4/debian/changelog 2021-04-12 10:08:42.636804816 +0200
+++ branches/bullseye/debian/changelog 2022-05-18 08:34:23.358456321 +0200
@@ -1,3 +1,17 @@
+needrestart (3.5-4+deb11u2) bullseye; urgency=medium
+
+ * Add upstream patch 09-cgroupv2 to fix broken detection with cgroupv2.
+Closes: #1005953
+
+ -- Patrick Matthäi Wed, 18 May 2022 08:32:47 +0200
+
+needrestart (3.5-4+deb11u1) bullseye-security; urgency=high
+
+ * Add patch 08-anchor-interp-re to fix not anchored regular expressions.
+This fixes CVE-2022-30688.
+
+ -- Patrick Matthäi Thu, 13 May 2022 10:50:07 +0200
+
needrestart (3.5-4) unstable; urgency=medium
* New source only upload.
diff -Naur tags/3.5-4/debian/patches/08-anchor-interp-re.diff
branches/bullseye/debian/patches/08-anchor-interp-re.diff
--- tags/3.5-4/debian/patches/08-anchor-interp-re.diff 1970-01-01
01:00:00.0 +0100
+++ branches/bullseye/debian/patches/08-anchor-interp-re.diff 2022-05-18
08:31:50.143457667 +0200
@@ -0,0 +1,42 @@
+# Upstream patch to fix not anchored regular expressions.
+
+diff --git a/perl/lib/NeedRestart/Interp/Perl.pm
b/perl/lib/NeedRestart/Interp/Perl.pm
+index 40aabb4..5031679 100644
+--- a/perl/lib/NeedRestart/Interp/Perl.pm
b/perl/lib/NeedRestart/Interp/Perl.pm
+@@ -43,7 +43,7 @@ sub isa {
+ my $pid = shift;
+ my $bin = shift;
+
+-return 1 if($bin =~ m@/usr/(local/)?bin/perl@);
++return 1 if($bin =~ m@^/usr/(local/)?bin/perl(5[.\d]*)?$@);
+
+ return 0;
+ }
+diff --git a/perl/lib/NeedRestart/Interp/Python.pm
b/perl/lib/NeedRestart/Interp/Python.pm
+index 559666c..a30121d 100644
+--- a/perl/lib/NeedRestart/Interp/Python.pm
b/perl/lib/NeedRestart/Interp/Python.pm
+@@ -42,7 +42,7 @@ sub isa {
+ my $pid = shift;
+ my $bin = shift;
+
+-return 1 if($bin =~ m@/usr/(local/)?bin/python@);
++return 1 if($bin =~ m@^/usr/(local/)?bin/python([23][.\d]*)?$@);
+
+ return 0;
+ }
+diff --git a/perl/lib/NeedRestart/Interp/Ruby.pm
b/perl/lib/NeedRestart/Interp/Ruby.pm
+index d02973d..72920f3 100644
+--- a/perl/lib/NeedRestart/Interp/Ruby.pm
b/perl/lib/NeedRestart/Interp/Ruby.pm
+@@ -42,7 +42,7 @@ sub isa {
+ my $pid = shift;
+ my $bin = shift;
+
+-return 1 if($bin =~ m@/usr/(local/)?bin/ruby@);
++return 1 if($bin =~ m@^/usr/(local/)?bin/ruby$@);
+
+ return 0;
+ }
+
diff -Naur tags/3.5-4/debian/patches/09-cgroupv2.diff
branches/bullseye/debian/patches/09-cgroupv2.diff
--- tags/3.5-4/debian/patches/09-cgroupv2.diff 1970-01-01 01:00:00.0
+0100
+++ branches/bullseye/debian/patches/09-cgroupv2.diff 2022-05-18
08:32:21.755251053 +0200
@@ -0,0 +1,24 @@
+From 29fcd57cd89a962bb94adbf116acd9a61036b6eb Mon Sep 17 00:00:00 2001
+From: Thomas Liske
+Date: Mon, 16 May 2022 20:00:17 +0200
+Subject: [PATCH] [Core] Make cgroup detection for services and user sessions
+ cgroup v2 aware.
+
+closes #203, closes #213
+---
+ needrestart | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/needrestart b/needrestart
+index 6bf2e6b..bc690aa 100755
+--- a/needrestart
b/needrestart
+@@ -648,7 +648,7 @@ if(defined($opt_l)) {
+ my ($rc) = map {
+ chomp;
+ my ($id, $type, $value) = split(/:/);
+- if($type ne q(name=systemd)) {
++ if($id != 0 && $type ne q(name=systemd)) {
+ ();
+ }
+ else {
diff -Naur tags/3.5-4/debian/patches/series
branches/bullseye/debian/patches/series
--- tags/3.5-4/debian/patches/series2021-04-12 10:08:42.636804816 +0200
+++ branches/bullseye/debian/patches/series 2022-05-18 08:32:36.875152228
+0200
@@ -5,3 +5,5 @@
05-ignore-nvidia-memfd.diff
06-dont-restart-bluetooth.diff
07-runit.diff
+08-anchor-interp-re.diff
+09-cgroupv2.diff