-
Notifications
You must be signed in to change notification settings - Fork 587
[Medium] Patch systemd for CVE-2025-4598 #14009
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
[Medium] Patch systemd for CVE-2025-4598 #14009
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we please take a look at the tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Retriggered Buddy Build: link
I'm updating the patch by adding %F specifier to address the bug, following the latest triage comment from Astrolabe. The backport is required. systemd is building with updated patch, but there's one additional ptest failing. I am working on resolving this issue. |
97bd0c8
to
739b20b
Compare
@@ -290,6 +292,9 @@ fi | |||
%files lang -f %{name}.lang | |||
|
|||
%changelog | |||
* Mon Jul 03 2025 Akhila Guruju <v-guakhila@microsoft.com> - 250.3-23 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test Build Triggered.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test build has failed. Can we please take a look.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
The failing tests are not a regression.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./LICENSES-AND-NOTICES/SPECS/data/licenses.json
,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
Patch systemd for CVE-2025-4598
test/units/testsuite-74.coredump.sh
for %d specifier patch as this file is not present in source tarball. Except this, every change in the files matches with the upstream patch.Change Log
Does this affect the toolchain?
NO
Associated issues
Links to CVEs
Test Methodology