.
OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=700
This commit is contained in:
parent
1e3eb528eb
commit
5d469dc93d
@ -0,0 +1,26 @@
|
||||
Based on 1f97091d3cb0887c264176b47b0a86c269acf0b5 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Fri, 27 Jun 2014 18:34:37 +0200
|
||||
Subject: [PATCH] main: uid_to_name() might fail due to OOM, protect against
|
||||
that
|
||||
|
||||
---
|
||||
src/core/main.c | 7 ++++---
|
||||
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||
|
||||
--- src/core/main.c
|
||||
+++ src/core/main.c 2014-07-01 12:25:17.906235000 +0000
|
||||
@@ -1525,9 +1525,10 @@ int main(int argc, char *argv[]) {
|
||||
log_info("Running in initial RAM disk.");
|
||||
|
||||
} else {
|
||||
- _cleanup_free_ char *t = uid_to_name(getuid());
|
||||
- log_debug(PACKAGE_STRING " running in user mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")",
|
||||
- getuid(), t);
|
||||
+ _cleanup_free_ char *t;
|
||||
+
|
||||
+ t = uid_to_name(getuid());
|
||||
+ log_debug(PACKAGE_STRING " running in user mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")", getuid(), strna(t));
|
||||
}
|
||||
|
||||
if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) {
|
30
0002-journald-make-MaxFileSec-really-default-to-1month.patch
Normal file
30
0002-journald-make-MaxFileSec-really-default-to-1month.patch
Normal file
@ -0,0 +1,30 @@
|
||||
Based on e150e82097211f09b911c7784a89ef9efed713ca Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Micha=C5=82=20Bartoszkiewicz?= <mbartoszkiewicz@gmail.com>
|
||||
Date: Thu, 26 Jun 2014 22:11:35 +0200
|
||||
Subject: [PATCH] journald: make MaxFileSec really default to 1month
|
||||
|
||||
journald.conf(5) states that the default for MaxFileSec is one month,
|
||||
but the code didn't respect that.
|
||||
---
|
||||
src/journal/journald-server.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
--- src/journal/journald-server.c
|
||||
+++ src/journal/journald-server.c 2014-07-01 12:28:25.506735287 +0000
|
||||
@@ -68,6 +68,7 @@
|
||||
#define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
|
||||
#define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
|
||||
#define DEFAULT_RATE_LIMIT_BURST 1000
|
||||
+#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
|
||||
|
||||
#define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
|
||||
|
||||
@@ -1496,6 +1497,8 @@ int server_init(Server *s) {
|
||||
|
||||
s->forward_to_syslog = true;
|
||||
|
||||
+ s->max_file_usec = DEFAULT_MAX_FILE_USEC;
|
||||
+
|
||||
s->max_level_store = LOG_DEBUG;
|
||||
s->max_level_syslog = LOG_DEBUG;
|
||||
s->max_level_kmsg = LOG_NOTICE;
|
@ -0,0 +1,65 @@
|
||||
Based on 0fdeb6e011dfdb17636c81e2d7e0d632186359ce Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
|
||||
Date: Sat, 28 Jun 2014 00:06:30 -0400
|
||||
Subject: [PATCH] units: remove RefuseManualStart from units which are always
|
||||
around
|
||||
|
||||
In a normal running system, non-passive targets and units used during
|
||||
early bootup are always started. So refusing "manual start" for them
|
||||
doesn't make any difference, because a "start" command doesn't cause
|
||||
any action.
|
||||
|
||||
In early boot however, the administrator might want to start on
|
||||
of those targets or services by hand. We shouldn't interfere with that.
|
||||
|
||||
Note: in case of systemd-tmpfiles-setup.service, really running the
|
||||
unit after system is up would break the system. So e.g. restarting
|
||||
should not be allowed. The unit has "RefuseManualStop=yes", which
|
||||
prevents restart too.
|
||||
---
|
||||
units/basic.target | 1 -
|
||||
units/sysinit.target | 1 -
|
||||
units/systemd-tmpfiles-setup.service.in | 1 -
|
||||
units/user/basic.target | 1 -
|
||||
4 files changed, 4 deletions(-)
|
||||
|
||||
diff --git units/basic.target units/basic.target
|
||||
index d7c68f4..b890d48 100644
|
||||
--- units/basic.target
|
||||
+++ units/basic.target
|
||||
@@ -11,4 +11,3 @@ Documentation=man:systemd.special(7)
|
||||
Requires=sysinit.target
|
||||
Wants=sockets.target timers.target paths.target slices.target
|
||||
After=sysinit.target sockets.target timers.target paths.target slices.target
|
||||
-RefuseManualStart=yes
|
||||
diff --git units/sysinit.target units/sysinit.target
|
||||
index 8f4fb8f..ec33503 100644
|
||||
--- units/sysinit.target
|
||||
+++ units/sysinit.target
|
||||
@@ -11,4 +11,3 @@ Documentation=man:systemd.special(7)
|
||||
Conflicts=emergency.service emergency.target
|
||||
Wants=local-fs.target swap.target
|
||||
After=local-fs.target swap.target emergency.service emergency.target
|
||||
-RefuseManualStart=yes
|
||||
--- units/systemd-tmpfiles-setup.service.in
|
||||
+++ units/systemd-tmpfiles-setup.service.in 2014-07-01 12:17:48.154235348 +0000
|
||||
@@ -18,7 +18,6 @@ ConditionDirectoryNotEmpty=|/lib/tmpfile
|
||||
ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d
|
||||
ConditionDirectoryNotEmpty=|/etc/tmpfiles.d
|
||||
ConditionDirectoryNotEmpty=|/run/tmpfiles.d
|
||||
-RefuseManualStart=yes
|
||||
RefuseManualStop=yes
|
||||
|
||||
[Service]
|
||||
diff --git units/user/basic.target units/user/basic.target
|
||||
index b74d13c..afc6e93 100644
|
||||
--- units/user/basic.target
|
||||
+++ units/user/basic.target
|
||||
@@ -10,4 +10,3 @@ Description=Basic System
|
||||
Documentation=man:systemd.special(7)
|
||||
Wants=sockets.target timers.target paths.target
|
||||
After=sockets.target timers.target paths.target
|
||||
-RefuseManualStart=yes
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -0,0 +1,31 @@
|
||||
From 306a55c86360a7ae7b2509771d5ea6ab0d166d85 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Sun, 29 Jun 2014 22:15:33 +0200
|
||||
Subject: [PATCH] util: refuse considering UID 0xFFFF and 0xFFFFFFFF valid
|
||||
|
||||
---
|
||||
src/shared/util.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git src/shared/util.c src/shared/util.c
|
||||
index e7ff0f8..1709bb7 100644
|
||||
--- src/shared/util.c
|
||||
+++ src/shared/util.c
|
||||
@@ -280,6 +280,14 @@ int parse_uid(const char *s, uid_t* ret_uid) {
|
||||
if ((unsigned long) uid != ul)
|
||||
return -ERANGE;
|
||||
|
||||
+ /* Some libc APIs use (uid_t) -1 as special placeholder */
|
||||
+ if (uid == (uid_t) 0xFFFFFFFF)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
+ /* A long time ago UIDs where 16bit, hence explicitly avoid the 32bit -1 too */
|
||||
+ if (uid == (uid_t) 0xFFFF)
|
||||
+ return -EINVAL;
|
||||
+
|
||||
*ret_uid = uid;
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -0,0 +1,94 @@
|
||||
From 28650077f36466d9c5ee27ef2006fae3171a2430 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 30 Jun 2014 16:22:12 +0200
|
||||
Subject: [PATCH] nspawn: block open_by_handle_at() and others via seccomp
|
||||
|
||||
Let's protect ourselves against the recently reported docker security
|
||||
issue. Our man page makes clear that we do not make any security
|
||||
promises anyway, but well, this one is easy to mitigate, so let's do it.
|
||||
While we are at it block a couple of more syscalls that are no good in
|
||||
containers, too.
|
||||
---
|
||||
src/nspawn/nspawn.c | 47 +++++++++++++++++++++++++++++++++++------------
|
||||
1 file changed, 35 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git src/nspawn/nspawn.c src/nspawn/nspawn.c
|
||||
index fd61d07..656c1bf 100644
|
||||
--- src/nspawn/nspawn.c
|
||||
+++ src/nspawn/nspawn.c
|
||||
@@ -1864,22 +1864,25 @@ static int setup_macvlan(pid_t pid) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static int audit_still_doesnt_work_in_containers(void) {
|
||||
+static int setup_seccomp(void) {
|
||||
|
||||
#ifdef HAVE_SECCOMP
|
||||
+ static const int blacklist[] = {
|
||||
+ SCMP_SYS(kexec_load),
|
||||
+ SCMP_SYS(open_by_handle_at),
|
||||
+ SCMP_SYS(init_module),
|
||||
+ SCMP_SYS(finit_module),
|
||||
+ SCMP_SYS(delete_module),
|
||||
+ SCMP_SYS(iopl),
|
||||
+ SCMP_SYS(ioperm),
|
||||
+ SCMP_SYS(swapon),
|
||||
+ SCMP_SYS(swapoff),
|
||||
+ };
|
||||
+
|
||||
scmp_filter_ctx seccomp;
|
||||
+ unsigned i;
|
||||
int r;
|
||||
|
||||
- /*
|
||||
- Audit is broken in containers, much of the userspace audit
|
||||
- hookup will fail if running inside a container. We don't
|
||||
- care and just turn off creation of audit sockets.
|
||||
-
|
||||
- This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
|
||||
- with EAFNOSUPPORT which audit userspace uses as indication
|
||||
- that audit is disabled in the kernel.
|
||||
- */
|
||||
-
|
||||
seccomp = seccomp_init(SCMP_ACT_ALLOW);
|
||||
if (!seccomp)
|
||||
return log_oom();
|
||||
@@ -1890,6 +1893,26 @@ static int audit_still_doesnt_work_in_containers(void) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
+ for (i = 0; i < ELEMENTSOF(blacklist); i++) {
|
||||
+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i], 0);
|
||||
+ if (r == -EFAULT)
|
||||
+ continue; /* unknown syscall */
|
||||
+ if (r < 0) {
|
||||
+ log_error("Failed to block syscall: %s", strerror(-r));
|
||||
+ goto finish;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ Audit is broken in containers, much of the userspace audit
|
||||
+ hookup will fail if running inside a container. We don't
|
||||
+ care and just turn off creation of audit sockets.
|
||||
+
|
||||
+ This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
|
||||
+ with EAFNOSUPPORT which audit userspace uses as indication
|
||||
+ that audit is disabled in the kernel.
|
||||
+ */
|
||||
+
|
||||
r = seccomp_rule_add(
|
||||
seccomp,
|
||||
SCMP_ACT_ERRNO(EAFNOSUPPORT),
|
||||
@@ -3050,7 +3073,7 @@ int main(int argc, char *argv[]) {
|
||||
|
||||
dev_setup(arg_directory);
|
||||
|
||||
- if (audit_still_doesnt_work_in_containers() < 0)
|
||||
+ if (setup_seccomp() < 0)
|
||||
goto child_fail;
|
||||
|
||||
if (setup_dev_console(arg_directory, console) < 0)
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -0,0 +1,26 @@
|
||||
Based on 6fc27667950fe153033f0f49cb5b57e8954c3e54 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 30 Jun 2014 19:06:18 +0200
|
||||
Subject: [PATCH] tmpfiles: don't do automatic cleanup in $XDG_RUNTIME_DIR
|
||||
|
||||
Now that logind will clean up all IPC resources of a user we should
|
||||
really consider $XDG_RUNTIME_DIR as just another kind of IPC with the
|
||||
same life-cycle logic as the other IPC resources. This should be safe
|
||||
now to do since every user gets his own $XDG_RUNTIME_DIR tmpfs instance
|
||||
with a fixed size limit, so that flooding of it will more effectively be
|
||||
averted.
|
||||
---
|
||||
tmpfiles.d/systemd.conf | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- tmpfiles.d/systemd.conf
|
||||
+++ tmpfiles.d/systemd.conf 2014-07-01 12:31:01.858735866 +0000
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
|
||||
-d /run/user 0755 root root ~10d
|
||||
+d /run/user 0755 root root -
|
||||
F! /run/utmp 0664 root utmp -
|
||||
|
||||
f /var/log/wtmp 0664 root utmp -
|
26
0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
Normal file
26
0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
Normal file
@ -0,0 +1,26 @@
|
||||
From 8ebf02d6f382ce1ac7e0d44a713b8795a07b08cd Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 30 Jun 2014 21:44:05 +0200
|
||||
Subject: [PATCH] units: skip mounting /tmp if it is a symlink
|
||||
|
||||
We shouldn't get confused if people have symlinked /tmp somewhere, so
|
||||
let's simply skip the mount then.
|
||||
---
|
||||
units/tmp.mount | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git units/tmp.mount units/tmp.mount
|
||||
index 99a3ba3..00a0d28 100644
|
||||
--- units/tmp.mount
|
||||
+++ units/tmp.mount
|
||||
@@ -9,6 +9,7 @@
|
||||
Description=Temporary Directory
|
||||
Documentation=man:hier(7)
|
||||
Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
|
||||
+ConditionPathIsSymbolicLink=!/tmp
|
||||
DefaultDependencies=no
|
||||
Conflicts=umount.target
|
||||
Before=local-fs.target umount.target
|
||||
--
|
||||
1.7.9.2
|
||||
|
45
1044-rules-update-qemu-hid-rules.patch
Normal file
45
1044-rules-update-qemu-hid-rules.patch
Normal file
@ -0,0 +1,45 @@
|
||||
From cd31d1884f1ecf38e11bc6268f446d75dfafbc25 Mon Sep 17 00:00:00 2001
|
||||
From: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Date: Mon, 24 Mar 2014 12:07:41 +0100
|
||||
Subject: [PATCH] rules: update qemu hid rules
|
||||
|
||||
Update comment to be a bit more specific.
|
||||
|
||||
Change match to blacklist the serial number of the broken devices
|
||||
instead of whitelisting the serial number of the fixed devices.
|
||||
This allows to do something useful with the serial number in the
|
||||
future.
|
||||
---
|
||||
rules/42-usb-hid-pm.rules | 15 ++++++++-------
|
||||
1 file changed, 8 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git rules/42-usb-hid-pm.rules rules/42-usb-hid-pm.rules
|
||||
index 3fd6e8a..c675b5b 100644
|
||||
--- rules/42-usb-hid-pm.rules
|
||||
+++ rules/42-usb-hid-pm.rules
|
||||
@@ -2,14 +2,15 @@
|
||||
#
|
||||
# Enable autosuspend for qemu emulated usb hid devices
|
||||
|
||||
-# Note that there are buggy qemu versions which advertise remote
|
||||
-# wakeup support but don't actually implement it correctly. This
|
||||
-# is the reason why we need a match for the serial number here.
|
||||
-# The serial number "42" is used to tag the implementations where
|
||||
+# Note that there are buggy qemu versions (0.13 & older) which
|
||||
+# advertise remote wakeup support but don't actually implement
|
||||
+# it correctly. This is the reason why we need a match for the
|
||||
+# serial number here. Old, broken versions have serial "1".
|
||||
+# It has been changed to "42" after fixing the bug to indicate
|
||||
# remote wakeup is working.
|
||||
-ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
|
||||
-ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
|
||||
-ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
|
||||
+ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
|
||||
+ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
|
||||
+ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
|
||||
|
||||
# Catch-all for Avocent HID devices. Keyed off interface in order to only
|
||||
# trigger on HID class devices.
|
||||
--
|
||||
1.7.9.2
|
||||
|
29
1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
Normal file
29
1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
Normal file
@ -0,0 +1,29 @@
|
||||
Based on 52fb538361053f8c4abce0e40cd0bae3d28ceb16 Mon Sep 17 00:00:00 2001
|
||||
From: Tom Hirst <tom.hirst@ipe-systems.co.uk>
|
||||
Date: Wed, 25 Jun 2014 11:57:11 +0000
|
||||
Subject: [PATCH] rules: don't enable usb pm for Avocent devices
|
||||
|
||||
The Avocent KVM over IP devices doesn't work correctly with USB power
|
||||
management enabled.
|
||||
---
|
||||
rules/42-usb-hid-pm.rules | 4 ----
|
||||
1 file changed, 4 deletions(-)
|
||||
|
||||
diff --git rules/42-usb-hid-pm.rules rules/42-usb-hid-pm.rules
|
||||
index c675b5b..4c300da 100644
|
||||
--- rules/42-usb-hid-pm.rules
|
||||
+++ rules/42-usb-hid-pm.rules
|
||||
@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!=
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
|
||||
|
||||
-# Catch-all for Avocent HID devices. Keyed off interface in order to only
|
||||
-# trigger on HID class devices.
|
||||
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto"
|
||||
-
|
||||
# Dell DRAC 4
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto"
|
||||
|
||||
--
|
||||
1.7.9.2
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 1 12:19:27 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add upstream patches
|
||||
0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
|
||||
0002-journald-make-MaxFileSec-really-default-to-1month.patch
|
||||
0003-units-remove-RefuseManualStart-from-units-which-are-.patch
|
||||
0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
|
||||
0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
|
||||
0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
|
||||
0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 1 09:58:04 UTC 2014 - werner@suse.de
|
||||
|
||||
@ -9,6 +21,8 @@ Tue Jul 1 08:56:48 UTC 2014 - werner@suse.de
|
||||
- Add upstream patches
|
||||
1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
|
||||
1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
|
||||
1044-rules-update-qemu-hid-rules.patch
|
||||
1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 27 12:46:12 UTC 2014 - werner@suse.de
|
||||
|
@ -609,6 +609,19 @@ Patch297: 0001-core-use-correct-format-string-for-UIDs.patch
|
||||
Patch298: 0002-core-transaction-fix-cycle-break-attempts-outside-tr.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/06/26
|
||||
Patch299: 0003-fsck-consider-a-fsck-implementation-linked-to-bin-tr.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch300: 0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch301: 0002-journald-make-MaxFileSec-really-default-to-1month.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch302: 0003-units-remove-RefuseManualStart-from-units-which-are-.patch
|
||||
Patch303: 0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch304: 0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch305: 0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch306: 0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
|
||||
|
||||
# UDEV PATCHES
|
||||
# ============
|
||||
@ -702,6 +715,10 @@ Patch1041: 1041-libudev-fix-udev_queue_get_queue_is_empty-logic.patch
|
||||
Patch1042: 1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
|
||||
# PATCH-FIX-UPSTREAM 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
|
||||
Patch1043: 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
|
||||
# PATCH-FIX-UPSTREAM 1044-rules-update-qemu-hid-rules.patch
|
||||
Patch1044: 1044-rules-update-qemu-hid-rules.patch
|
||||
# PATCH-FIX-UPSTREAM 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
|
||||
Patch1045: 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
|
||||
|
||||
%description
|
||||
Systemd is a system and service manager, compatible with SysV and LSB
|
||||
@ -1159,6 +1176,13 @@ cp %{SOURCE7} m4/
|
||||
%patch297 -p0
|
||||
%patch298 -p0
|
||||
%patch299 -p0
|
||||
%patch300 -p0
|
||||
%patch301 -p0
|
||||
%patch302 -p0
|
||||
%patch303 -p0
|
||||
%patch304 -p0
|
||||
%patch305 -p0
|
||||
%patch306 -p0
|
||||
|
||||
# udev patches
|
||||
%patch1001 -p1
|
||||
@ -1211,6 +1235,8 @@ cp %{SOURCE7} m4/
|
||||
%patch1042 -p0
|
||||
%patch1043 -p0
|
||||
%endif
|
||||
%patch1044 -p0
|
||||
%patch1045 -p0
|
||||
|
||||
# ensure generate files are removed
|
||||
rm -f units/emergency.service
|
||||
|
@ -1,3 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 1 12:19:27 UTC 2014 - werner@suse.de
|
||||
|
||||
- Add upstream patches
|
||||
0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
|
||||
0002-journald-make-MaxFileSec-really-default-to-1month.patch
|
||||
0003-units-remove-RefuseManualStart-from-units-which-are-.patch
|
||||
0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
|
||||
0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
|
||||
0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
|
||||
0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 1 09:58:04 UTC 2014 - werner@suse.de
|
||||
|
||||
@ -9,6 +21,8 @@ Tue Jul 1 08:56:48 UTC 2014 - werner@suse.de
|
||||
- Add upstream patches
|
||||
1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
|
||||
1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
|
||||
1044-rules-update-qemu-hid-rules.patch
|
||||
1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 27 12:46:12 UTC 2014 - werner@suse.de
|
||||
|
26
systemd.spec
26
systemd.spec
@ -604,6 +604,19 @@ Patch297: 0001-core-use-correct-format-string-for-UIDs.patch
|
||||
Patch298: 0002-core-transaction-fix-cycle-break-attempts-outside-tr.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/06/26
|
||||
Patch299: 0003-fsck-consider-a-fsck-implementation-linked-to-bin-tr.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch300: 0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch301: 0002-journald-make-MaxFileSec-really-default-to-1month.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch302: 0003-units-remove-RefuseManualStart-from-units-which-are-.patch
|
||||
Patch303: 0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch304: 0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch305: 0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
|
||||
# PATCH-FIX-UPSTREAM added at 2014/07/01
|
||||
Patch306: 0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
|
||||
|
||||
# UDEV PATCHES
|
||||
# ============
|
||||
@ -697,6 +710,10 @@ Patch1041: 1041-libudev-fix-udev_queue_get_queue_is_empty-logic.patch
|
||||
Patch1042: 1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
|
||||
# PATCH-FIX-UPSTREAM 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
|
||||
Patch1043: 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
|
||||
# PATCH-FIX-UPSTREAM 1044-rules-update-qemu-hid-rules.patch
|
||||
Patch1044: 1044-rules-update-qemu-hid-rules.patch
|
||||
# PATCH-FIX-UPSTREAM 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
|
||||
Patch1045: 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
|
||||
|
||||
%description
|
||||
Systemd is a system and service manager, compatible with SysV and LSB
|
||||
@ -1154,6 +1171,13 @@ cp %{SOURCE7} m4/
|
||||
%patch297 -p0
|
||||
%patch298 -p0
|
||||
%patch299 -p0
|
||||
%patch300 -p0
|
||||
%patch301 -p0
|
||||
%patch302 -p0
|
||||
%patch303 -p0
|
||||
%patch304 -p0
|
||||
%patch305 -p0
|
||||
%patch306 -p0
|
||||
|
||||
# udev patches
|
||||
%patch1001 -p1
|
||||
@ -1206,6 +1230,8 @@ cp %{SOURCE7} m4/
|
||||
%patch1042 -p0
|
||||
%patch1043 -p0
|
||||
%endif
|
||||
%patch1044 -p0
|
||||
%patch1045 -p0
|
||||
|
||||
# ensure generate files are removed
|
||||
rm -f units/emergency.service
|
||||
|
Loading…
Reference in New Issue
Block a user