Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[update] Upgrade systemd to v225. Fixes MER#608
[security] Addresses CVE-2015-8842 New patches: 1) rpm/systemd-Define-__NR_kcmp-if-it-is-not-defined.patch Systemd can handle a stiuation when kcmp sytem call is not enabled in the kernel by checking for ENOSYS. But it needs to have syscall number anyway so define it for i386, x86_64 and arm platforms if it is not defined. 2) rpm/systemd-backport-Revert-usage-of-ln-relative.patch Revert usage of "ln --relative" in Makefile.am because our couretils' "ln" version doesn't support "--relative" option. Remove test for "ln --relative" support from configure.ac. 3) rpm/systemd-227-sd_pid_notify_with_fds-fix-computing-msg_controllen.patch Backport a5bd3c32abb00ad945282568fd1a97c180b68047 upstream commit. 4) rpm/systemd-backport-Revert-udev-remove-userspace-firmware-loading-suppor.patch rpm/systemd-backport-Revert-rules-remove-firmware-loading-rules.patch Backport udev-based firmware loading support until we implement proper kernel-based loading. 5) rpm/systemd-228-core-simplify-handling-of-u-U-s-and-h-unit-file-spec.patch Backport fix for %h substitution handling in unit-files. 6) rpm/systemd-228-tmpfiles-set-acls-on-system.journal-explicitly.patch Fix for CVE-2015-8842. 7) rpm/systemd-udev-lvm-workaround.patch Workaround patch for JB#36605. Should be removed after implementing proper UDEV events handling in initramfs. Deleted unneeded patches: 1) rpm/systemd-187-make-readahead-depend-on-sysinit.patch 2) rpm/systemd-208-configure-start-limit.patch 3) rpm/systemd-208-configure-timeout.patch 4) rpm/systemd-208-do-not-wait-accelerometer.patch (Dropped patch because systemd removed accelerometer helper.) 5) rpm/systemd-208-fix-restart.patch 6) rpm/systemd-208-support-additional-argument-in-reboot.patch 7) systemd-208-bootchart-svg-fix-checking-of-list-end.patch Modified patches: 1) rpm/systemd-208-video.patch: Following udev rules were removed in v209 from rules/50-udev-default.rules in upstream commit d1f0e886e1407ab50834127ce52710e1aff13938: SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640" SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640 (See also https://bugs.freedesktop.org/show_bug.cgi?id=70665, https://forums.gentoo.org/viewtopic-t-951834-start-0.html) 2) rpm/systemd-208-pkgconfigdir.patch: In Makefile.am sharepkgconfigdir was unified with pkgconfigdatadir in upstream commit 2f4d3bb91f246532b7c946bb75595a96ee843f29. All other patches were realigned to fix patch utility warnings. The spec-file was reordered and slightly changed to minimize difference with Fedora's. Packaging: 1) Removed libgudev1 and libgudev1-devel subpackages. 2) Added systemd-locale subpackage. 3) New files (in generated RPMs, except of units): /bin/systemd-escape /bin/systemd-firstboot /bin/systemd-hwdb /bin/systemd-sysusers /bin/networkctl /etc/dbus-1/system.d/org.freedesktop.network1.conf /etc/dbus-1/system.d/org.freedesktop.resolve1.conf /etc/systemd/resolved.conf /etc/systemd/timesyncd.conf /usr/bin/busctl /usr/bin/systemd-path /usr/lib/systemd/catalog/systemd.be.catalog /usr/lib/systemd/catalog/systemd.be@latin.catalog /usr/lib/systemd/catalog/systemd.fr.catalog /usr/lib/systemd/catalog/systemd.it.catalog /usr/lib/systemd/catalog/systemd.pl.catalog /usr/lib/systemd/catalog/systemd.pt_BR.catalog /usr/lib/systemd/catalog/systemd.ru.catalog /usr/lib/systemd/catalog/systemd.zh_TW.catalog /usr/lib/sysusers.d/basic.conf /usr/lib/sysusers.d/systemd.conf /usr/share/bash-completion/completions/bootctl /usr/share/bash-completion/completions/busctl /usr/share/bash-completion/completions/machinectl /usr/share/bash-completion/completions/systemd-cat /usr/share/bash-completion/completions/systemd-cgls /usr/share/bash-completion/completions/systemd-cgtop /usr/share/bash-completion/completions/systemd-delta /usr/share/bash-completion/completions/systemd-detect-virt /usr/share/bash-completion/completions/systemd-nspawn /usr/share/dbus-1/system-services/org.freedesktop.network1.service /usr/share/dbus-1/system-services/org.freedesktop.resolve1.service /usr/share/factory/etc/nsswitch.conf /usr/share/factory/etc/pam.d/other /usr/share/factory/etc/pam.d/system-auth /usr/share/polkit-1/actions/org.freedesktop.machine1.policy /usr/share/systemd/language-fallback-map /usr/lib/systemd/user-generators/systemd-dbus1-generator (symlink) 4) Removed files: /usr/share/dbus-1/interfaces/org.freedesktop.hostname1.xml /usr/share/dbus-1/interfaces/org.freedesktop.locale1.xml /usr/share/dbus-1/interfaces/org.freedesktop.timedate1.xml 5) Moved deprecated shared libraries to new systemd-compat-libs subpackage: /usr/lib/libgudev-1.0.so* /usr/lib/libsystemd-daemon.so* /usr/lib/libsystemd-login.so* /usr/lib/libsystemd-journal.so* /usr/lib/libsystemd-id128.so* 6) New shared libraries: /usr/lib/libnss_mymachines.so.2 /usr/lib/libnss_resolve.so.2 /usr/lib/libsystemd.so* 7) Removed header and pkgconfig files: /usr/include/gudev-1.0/gudev/*.h /usr/include/systemd/sd-shutdown.h /usr/lib/pkgconfig/gudev-1.0.pc 8) New header and pkgconfig files: /usr/include/systemd/_sd-common.h /usr/include/systemd/sd-bus.h /usr/include/systemd/sd-bus-protocol.h /usr/include/systemd/sd-bus-vtable.h /usr/include/systemd/sd-event.h /usr/lib/pkgconfig/libsystemd.pc 9) New build requirements: libmount-devel 10) Added 94 new tests to rpm/tests.xml. 11) Removed floppy group creation. 12) Added utmp, input, systemd-timesync, systemd-timesync, systemd-network, systemd-resolve, systemd-bus-proxy groups creation. 13) Added congfigs for tmp-files 14) Set ACLs for journal files. 15) New unit-files: /lib/systemd/system/busnames.target /lib/systemd/system/container-getty@.service /lib/systemd/system/ldconfig.service /lib/systemd/system/machines.target /lib/systemd/system/network-pre.target /lib/systemd/system/org.freedesktop.hostname1.busname /lib/systemd/system/org.freedesktop.locale1.busname /lib/systemd/system/org.freedesktop.login1.busname /lib/systemd/system/org.freedesktop.machine1.busname /lib/systemd/system/org.freedesktop.network1.busname /lib/systemd/system/org.freedesktop.resolve1.busname /lib/systemd/system/org.freedesktop.systemd1.busname /lib/systemd/system/org.freedesktop.timedate1.busname /lib/systemd/system/systemd-bootchart.service /lib/systemd/system/systemd-bus-proxyd.service /lib/systemd/system/systemd-bus-proxyd.socket /lib/systemd/system/systemd-firstboot.service /lib/systemd/system/systemd-hibernate-resume@.service /lib/systemd/system/systemd-hwdb-update.service /lib/systemd/system/systemd-journal-catalog-update.service /lib/systemd/system/systemd-journald-audit.socket /lib/systemd/system/systemd-journald-dev-log.socket /lib/systemd/system/systemd-machine-id-commit.service /lib/systemd/system/systemd-networkd-wait-online.service /lib/systemd/system/systemd-networkd.service /lib/systemd/system/systemd-networkd.socket /lib/systemd/system/systemd-resolved.service /lib/systemd/system/systemd-rfkill@.service /lib/systemd/system/systemd-sysusers.service /lib/systemd/system/systemd-timesyncd.service /lib/systemd/system/systemd-update-done.service /lib/systemd/system/var-lib-machines.mount /usr/lib/systemd/user/basic.target /usr/lib/systemd/user/systemd-bus-proxyd.service /usr/lib/systemd/user/systemd-bus-proxyd.socket 16) New unit-files' symlinks: /etc/systemd/system/systemd-networkd.service /etc/systemd/system/systemd-resolved.service /etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service /etc/systemd/system/sockets.target.wants/systemd-networkd.socket /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service /lib/systemd/system/busnames.target.wants/org.freedesktop.hostname1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.locale1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.login1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.machine1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.network1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.resolve1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.systemd1.busname /lib/systemd/system/busnames.target.wants/org.freedesktop.timedate1.busname /lib/systemd/system/graphical.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/local-fs.target.wants/var-lib-machines.mount /lib/systemd/system/multi-user.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/rescue.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket /lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket /lib/systemd/system/sysinit.target.wants/ldconfig.service /lib/systemd/system/sysinit.target.wants/systemd-firstboot.service /lib/systemd/system/sysinit.target.wants/systemd-hwdb-update.service /lib/systemd/system/sysinit.target.wants/systemd-journal-catalog-update.service /lib/systemd/system/sysinit.target.wants/systemd-machine-id-commit.service /lib/systemd/system/sysinit.target.wants/systemd-sysusers.service /lib/systemd/system/sysinit.target.wants/systemd-update-done.service /lib/systemd/system/dbus-org.freedesktop.network1.service /lib/systemd/system/dbus-org.freedesktop.resolve1.service /usr/lib/systemd/user/busnames.target 17) Removed unit-files: /lib/systemd/system/systemd-readahead-collect.service /lib/systemd/system/systemd-readahead-done.service /lib/systemd/system/systemd-readahead-done.timer /lib/systemd/system/systemd-readahead-drop.service /lib/systemd/system/systemd-readahead-replay.service /lib/systemd/system/systemd-shutdownd.service /lib/systemd/system/systemd-shutdownd.socket 18) Removed unit files' symlinks: /lib/systemd/system/local-fs.target.wants/systemd-fsck-root.service /lib/systemd/system/runlevel1.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel2.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel3.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel4.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/runlevel5.target.wants/systemd-update-utmp-runlevel.service /lib/systemd/system/sockets.target.wants/systemd-shutdownd.socket /lib/systemd/system/sysinit.target.wants/systemd-readahead-collect.service /lib/systemd/system/sysinit.target.wants/systemd-readahead-replay.service 19) Changed config files default option values: /etc/systemd/journald.conf: SplitMode=login -> SplitMode=uid ForwardToSyslog=yes -> ForwardToSyslog=no 20) New config files options with default values: /etc/systemd/bootchart.conf: ControlGroup=no PerCPU=no /etc/systemd/journald.conf: ForwardToWall=yes MaxLevelWall=emerg /etc/systemd/logind.conf: HandleLidSwitchDocked=ignore HoldoffTimeoutSec=30s RuntimeDirectorySize=10% RemoveIPC=yes /etc/systemd/system.conf: SystemCallArchitectures= DefaultTimerAccuracySec=1min DefaultCPUAccounting=no DefaultBlockIOAccounting=no DefaultMemoryAccounting=no /etc/systemd/user.conf: SystemCallArchitectures= TimerSlackNSec= DefaultTimerAccuracySec=1min DefaultEnvironment= DefaultLimitCPU= DefaultLimitFSIZE= DefaultLimitDATA= DefaultLimitSTACK= DefaultLimitCORE= DefaultLimitRSS= DefaultLimitNOFILE= DefaultLimitAS= DefaultLimitNPROC= DefaultLimitMEMLOCK= DefaultLimitLOCKS= DefaultLimitSIGPENDING= DefaultLimitMSGQUEUE= DefaultLimitNICE= DefaultLimitRTPRIO= DefaultLimitRTTIME= 21) New config files: /etc/dbus-1/system.d/org.freedesktop.network1.conf /etc/dbus-1/system.d/org.freedesktop.resolve1.conf /etc/systemd/resolved.conf /etc/systemd/timesyncd.conf /usr/lib/sysusers.d/basic.conf /usr/lib/sysusers.d/systemd.conf /usr/share/factory/etc/nsswitch.conf /usr/share/factory/etc/pam.d/other /usr/share/factory/etc/pam.d/system-auth /usr/share/polkit-1/actions/org.freedesktop.machine1.policy /usr/share/systemd/language-fallback-map 22) Added dependency on lvm2 as a workaround for JB#36605. Should be removed later. 23) Add dependency on systemd package for systemd-devel because macros.systemd is contained in systemd package but is needed to build RPM packages which typically use BuildRequires: systemd-devel, and do not depend on systemd itself. Signed-off-by: Igor Zhbanov <igor.zhbanov@jolla.com>
- Loading branch information