pool/systemd
SHA256
2
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 109922 from Base:System

Browse Source 
- Add 0001-util-never-follow-symlinks-in-rm_rf_children.patch: fix
  CVE-2012-1174 (bnc#752281).

- Update to version 43:
  + Support optional initialization of the machine ID from the KVM
    or container configured UUID.
  + Support immediate reboots with "systemctl reboot -ff"
  + Show /etc/os-release data in systemd-analyze output
  + Many bugfixes for the journal, including endianess fixes and
    ensuring that disk space enforcement works
  + non-UTF8 strings are refused if used in configuration and unit
    files.
  + Register Mimo USB Screens as suitable for automatic seat
    configuration
  + Reorder configuration file lookup order. /etc now always
    overrides /run.
  + manpages for journal utilities.
- Drop fix-c++-compat.patch, no-tmpfs-fsck.patch,
  systemd-journald-fix-endianess-bug.patch.
- Requires util-linux >= 2.21 (needed to fix fsck on tmpfs).


old: openSUSE:Factory/systemd
new: Base:System/systemd rev NoneIndex: systemd-gtk.changes
===================================================================
--- systemd-gtk.changes (revision 92)
+++ systemd-gtk.changes (revision 260)
@@ -1,4 +1,31 @@
 -------------------------------------------------------------------
+Mon Mar 19 10:11:23 UTC 2012 - fcrozat@suse.com
+
+- Add 0001-util-never-follow-symlinks-in-rm_rf_children.patch: fix
+  CVE-2012-1174 (bnc#752281).
+
+-------------------------------------------------------------------
+Fri Mar 16 09:21:54 UTC 2012 - fcrozat@suse.com
+
+- Update to version 43:
+  + Support optional initialization of the machine ID from the KVM
+    or container configured UUID.
+  + Support immediate reboots with "systemctl reboot -ff"
+  + Show /etc/os-release data in systemd-analyze output
+  + Many bugfixes for the journal, including endianess fixes and
+    ensuring that disk space enforcement works
+  + non-UTF8 strings are refused if used in configuration and unit
+    files.
+  + Register Mimo USB Screens as suitable for automatic seat
+    configuration
+  + Reorder configuration file lookup order. /etc now always
+    overrides /run.
+  + manpages for journal utilities.
+- Drop fix-c++-compat.patch, no-tmpfs-fsck.patch,
+  systemd-journald-fix-endianess-bug.patch.
+- Requires util-linux >= 2.21 (needed to fix fsck on tmpfs).
+
+-------------------------------------------------------------------
 Mon Mar 12 08:50:36 UTC 2012 - fcrozat@suse.com
 
 - Add fix-c++-compat.patch: fix C++ compatibility error in header.
Index: systemd-gtk.spec
===================================================================
--- systemd-gtk.spec (revision 92)
+++ systemd-gtk.spec (revision 260)
@@ -18,7 +18,7 @@
 
 Name:           systemd-gtk
 Url:            http://www.freedesktop.org/wiki/Software/systemd
-Version:        43
+Version:        44
 Release:        0
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  audit-devel
Index: systemd.changes
===================================================================
--- systemd.changes (revision 92)
+++ systemd.changes (revision 260)
@@ -1,4 +1,31 @@
 -------------------------------------------------------------------
+Mon Mar 19 10:11:23 UTC 2012 - fcrozat@suse.com
+
+- Add 0001-util-never-follow-symlinks-in-rm_rf_children.patch: fix
+  CVE-2012-1174 (bnc#752281).
+
+-------------------------------------------------------------------
+Fri Mar 16 09:21:54 UTC 2012 - fcrozat@suse.com
+
+- Update to version 43:
+  + Support optional initialization of the machine ID from the KVM
+    or container configured UUID.
+  + Support immediate reboots with "systemctl reboot -ff"
+  + Show /etc/os-release data in systemd-analyze output
+  + Many bugfixes for the journal, including endianess fixes and
+    ensuring that disk space enforcement works
+  + non-UTF8 strings are refused if used in configuration and unit
+    files.
+  + Register Mimo USB Screens as suitable for automatic seat
+    configuration
+  + Reorder configuration file lookup order. /etc now always
+    overrides /run.
+  + manpages for journal utilities.
+- Drop fix-c++-compat.patch, no-tmpfs-fsck.patch,
+  systemd-journald-fix-endianess-bug.patch.
+- Requires util-linux >= 2.21 (needed to fix fsck on tmpfs).
+
+-------------------------------------------------------------------
 Mon Mar 12 08:50:36 UTC 2012 - fcrozat@suse.com
 
 - Add fix-c++-compat.patch: fix C++ compatibility error in header.
Index: systemd.spec
===================================================================
--- systemd.spec (revision 92)
+++ systemd.spec (revision 260)
@@ -20,7 +20,7 @@
 
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
-Version:        43
+Version:        44
 Release:        0
 Summary:        A System and Session Manager
 License:        GPL-2.0+
@@ -52,7 +52,7 @@
 Requires:       pam-config >= 0.79-5
 Requires:       systemd-presets-branding
 Requires:       udev >= 172
-Requires:       util-linux >= 2.19
+Requires:       util-linux >= 2.21
 Recommends:     dbus-1-python
 Conflicts:      filesystem < 11.5
 Conflicts:      mkinitrd < 2.7.0
@@ -86,9 +86,7 @@
 # Never add any patches to this package without the upstream commit id
 # in the patch. Any patches added here without a very good reason to make
 # an exception will be silently removed with the next version update.
-Patch21:        no-tmpfs-fsck.patch
-Patch40:        systemd-journald-fix-endianess-bug.patch
-Patch41:        fix-c++-compat.patch
+Patch40:        0001-util-never-follow-symlinks-in-rm_rf_children.patch
 
 %description
 Systemd is a system and service manager, compatible with SysV and LSB
@@ -139,7 +137,6 @@
 %patch15 -p1
 %patch16 -p1
 %patch19 -p1
-%patch21 -p1
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
@@ -149,7 +146,6 @@
 %patch38 -p1
 %patch39 -p1
 %patch40 -p1
-%patch41 -p1
 
 %build
 autoreconf -fiv
Index: 0001-util-never-follow-symlinks-in-rm_rf_children.patch
===================================================================
--- 0001-util-never-follow-symlinks-in-rm_rf_children.patch (added)
+++ 0001-util-never-follow-symlinks-in-rm_rf_children.patch (revision 260)
@@ -0,0 +1,32 @@
+From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001
+From: Michal Schmidt <mschmidt@redhat.com>
+Date: Fri, 2 Mar 2012 10:39:10 +0100
+Subject: [PATCH] util: never follow symlinks in rm_rf_children()
+
+The function checks if the entry is a directory before recursing, but
+there is a window between the check and the open, during which the
+directory could be replaced with a symlink.
+
+CVE-2012-1174
+https://bugzilla.redhat.com/show_bug.cgi?id=803358
+---
+ src/util.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/src/util.c b/src/util.c
+index 20cbc2b..dfc1dc6 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) {
+                 if (is_dir) {
+                         int subdir_fd;
+ 
+-                        if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {
++                        subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
++                        if (subdir_fd < 0) {
+                                 if (ret == 0 && errno != ENOENT)
+                                         ret = -errno;
+                                 continue;
+-- 
+1.7.7
+
Index: systemd-44.tar.xz
===================================================================
Binary files systemd-44.tar.xz (revision 260) added
Index: fix-c++-compat.patch
===================================================================
--- fix-c++-compat.patch (revision 92)
+++ fix-c++-compat.patch (deleted)
@@ -1,25 +0,0 @@
-From e09a9a35a1fdb4e849e63bdaf47d936c272b5e82 Mon Sep 17 00:00:00 2001
-From: Lennart Poettering <lennart@poettering.net>
-Date: Mon, 5 Mar 2012 15:16:10 +0100
-Subject: [PATCH] sd-login: c++ compatibility
-
----
- src/systemd/sd-login.h |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/src/systemd/sd-login.h b/src/systemd/sd-login.h
-index 2f3c90c..6e99cfc 100644
---- a/src/systemd/sd-login.h
-+++ b/src/systemd/sd-login.h
-@@ -94,7 +94,7 @@ int sd_session_get_service(const char *session, char **service);
- int sd_session_get_type(const char *session, char **type);
- 
- /* Determine the class of this session, i.e. one of "user", "greeter" or "lock-screen". */
--int sd_session_get_class(const char *session, char **class);
-+int sd_session_get_class(const char *session, char **clazz);
- 
- /* Determine the X11 display of this session. */
- int sd_session_get_display(const char *session, char **display);
--- 
-1.7.7
-
Index: no-tmpfs-fsck.patch
===================================================================
--- no-tmpfs-fsck.patch (revision 92)
+++ no-tmpfs-fsck.patch (deleted)
@@ -1,22 +0,0 @@
-From cca125c2758b48ba8f1afdc4b5751b104f0bd809 Mon Sep 17 00:00:00 2001
-From: Frederic Crozat <fcrozat@suse.com>
-Date: Thu, 27 Oct 2011 15:36:57 +0200
-Subject: [PATCH] mount: do not try to fsck tmpfs mountpoint with non-null
- passno.
-
----
- src/mount.c |    1 +
- 1 files changed, 1 insertions(+), 0 deletions(-)
-
-Index: systemd-39/src/mount.c
-===================================================================
---- systemd-39.orig/src/mount.c
-+++ systemd-39/src/mount.c
-@@ -428,6 +428,7 @@ static int mount_add_device_links(Mount
- 
-         if (p->passno > 0 &&
-             !mount_is_bind(p) &&
-+            !streq(p->fstype,"tmpfs") &&
-             UNIT(m)->manager->running_as == MANAGER_SYSTEM &&
-             !path_equal(m->where, "/")) {
-                 char *name;
Index: systemd-43.tar.xz
===================================================================
Binary files systemd-43.tar.xz (revision 92) deleted
Index: systemd-journald-fix-endianess-bug.patch
===================================================================
--- systemd-journald-fix-endianess-bug.patch (revision 92)
+++ systemd-journald-fix-endianess-bug.patch (deleted)
@@ -1,25 +0,0 @@
-From 8dc6b88fd2dad113d7dab776d623d7b301e4b754 Mon Sep 17 00:00:00 2001
-From: Dirk Eibach <eibach@gdsys.de>
-Date: Wed, 29 Feb 2012 12:45:46 +0100
-Subject: [PATCH] systemd-journald: fix endianess bug
-
----
- src/journal/journal-file.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
-index 20ca3f6..275caea 100644
---- a/src/journal/journal-file.c
-+++ b/src/journal/journal-file.c
-@@ -238,7 +238,7 @@ static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size)
-         if (fstat(f->fd, &f->last_stat) < 0)
-                 return -errno;
- 
--        f->header->arena_size = new_size - htole64(f->header->arena_offset);
-+        f->header->arena_size = htole64(new_size - le64toh(f->header->arena_offset));
- 
-         return 0;
- }
--- 
-1.7.7
-

OBS-URL: https://build.opensuse.org/request/show/109922
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=93
This commit is contained in:
Stephan Kulow 2012-03-20 11:04:45 +00:00 committed by Git OBS Bridge
parent 1a31b163ba
commit 2222e2f7b5
10 changed files with 93 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
0001-util-never-follow-symlinks-in-rm_rf_children.patch Normal file
View File

@ -0,0 +1,32 @@
From 5ebff5337594d690b322078c512eb222d34aaa82 Mon Sep 17 00:00:00 2001
From: Michal Schmidt <mschmidt@redhat.com>
Date: Fri, 2 Mar 2012 10:39:10 +0100
Subject: [PATCH] util: never follow symlinks in rm_rf_children()
The function checks if the entry is a directory before recursing, but
there is a window between the check and the open, during which the
directory could be replaced with a symlink.
CVE-2012-1174
https://bugzilla.redhat.com/show_bug.cgi?id=803358
---
src/util.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/util.c b/src/util.c
index 20cbc2b..dfc1dc6 100644
--- a/src/util.c
+++ b/src/util.c
@@ -3593,7 +3593,8 @@ static int rm_rf_children(int fd, bool only_dirs, bool honour_sticky) {
if (is_dir) {
int subdir_fd;
- if ((subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)) < 0) {
+ subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW);
+ if (subdir_fd < 0) {
if (ret == 0 && errno != ENOENT)
ret = -errno;
continue;
--
1.7.7

25
fix-c++-compat.patch
View File

@ -1,25 +0,0 @@
From e09a9a35a1fdb4e849e63bdaf47d936c272b5e82 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 5 Mar 2012 15:16:10 +0100
Subject: [PATCH] sd-login: c++ compatibility
---
src/systemd/sd-login.h | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/systemd/sd-login.h b/src/systemd/sd-login.h
index 2f3c90c..6e99cfc 100644
--- a/src/systemd/sd-login.h
+++ b/src/systemd/sd-login.h
@@ -94,7 +94,7 @@ int sd_session_get_service(const char *session, char **service);
int sd_session_get_type(const char *session, char **type);
/* Determine the class of this session, i.e. one of "user", "greeter" or "lock-screen". */
-int sd_session_get_class(const char *session, char **class);
+int sd_session_get_class(const char *session, char **clazz);
/* Determine the X11 display of this session. */
int sd_session_get_display(const char *session, char **display);
--
1.7.7

22
no-tmpfs-fsck.patch
View File

@ -1,22 +0,0 @@
From cca125c2758b48ba8f1afdc4b5751b104f0bd809 Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Thu, 27 Oct 2011 15:36:57 +0200
Subject: [PATCH] mount: do not try to fsck tmpfs mountpoint with non-null
passno.
---
src/mount.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
Index: systemd-39/src/mount.c
===================================================================
--- systemd-39.orig/src/mount.c
+++ systemd-39/src/mount.c
@@ -428,6 +428,7 @@ static int mount_add_device_links(Mount
if (p->passno > 0 &&
!mount_is_bind(p) &&
+ !streq(p->fstype,"tmpfs") &&
UNIT(m)->manager->running_as == MANAGER_SYSTEM &&
!path_equal(m->where, "/")) {
char *name;

3
systemd-43.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3070e48e43bc0811fa8da5ba4832a11dac73b1625db94d42d4c15dc279335dd7
size 852432

3
systemd-44.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7a5aac4b4b8b3a82bf59292f10e43d8f2c2d7039f34e95714f81d8edcb42233c
size 885636

27
systemd-gtk.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Mon Mar 19 10:11:23 UTC 2012 - fcrozat@suse.com
- Add 0001-util-never-follow-symlinks-in-rm_rf_children.patch: fix
CVE-2012-1174 (bnc#752281).
-------------------------------------------------------------------
Fri Mar 16 09:21:54 UTC 2012 - fcrozat@suse.com
- Update to version 43:
+ Support optional initialization of the machine ID from the KVM
or container configured UUID.
+ Support immediate reboots with "systemctl reboot -ff"
+ Show /etc/os-release data in systemd-analyze output
+ Many bugfixes for the journal, including endianess fixes and
ensuring that disk space enforcement works
+ non-UTF8 strings are refused if used in configuration and unit
files.
+ Register Mimo USB Screens as suitable for automatic seat
configuration
+ Reorder configuration file lookup order. /etc now always
overrides /run.
+ manpages for journal utilities.
- Drop fix-c++-compat.patch, no-tmpfs-fsck.patch,
systemd-journald-fix-endianess-bug.patch.
- Requires util-linux >= 2.21 (needed to fix fsck on tmpfs).
-------------------------------------------------------------------
Mon Mar 12 08:50:36 UTC 2012 - fcrozat@suse.com

2
systemd-gtk.spec
View File

@ -18,7 +18,7 @@
Name: systemd-gtk
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 43
Version: 44
Release: 0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: audit-devel

25
systemd-journald-fix-endianess-bug.patch
View File

@ -1,25 +0,0 @@
From 8dc6b88fd2dad113d7dab776d623d7b301e4b754 Mon Sep 17 00:00:00 2001
From: Dirk Eibach <eibach@gdsys.de>
Date: Wed, 29 Feb 2012 12:45:46 +0100
Subject: [PATCH] systemd-journald: fix endianess bug
---
src/journal/journal-file.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 20ca3f6..275caea 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -238,7 +238,7 @@ static int journal_file_allocate(JournalFile *f, uint64_t offset, uint64_t size)
if (fstat(f->fd, &f->last_stat) < 0)
return -errno;
- f->header->arena_size = new_size - htole64(f->header->arena_offset);
+ f->header->arena_size = htole64(new_size - le64toh(f->header->arena_offset));
return 0;
}
--
1.7.7

27
systemd.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Mon Mar 19 10:11:23 UTC 2012 - fcrozat@suse.com
- Add 0001-util-never-follow-symlinks-in-rm_rf_children.patch: fix
CVE-2012-1174 (bnc#752281).
-------------------------------------------------------------------
Fri Mar 16 09:21:54 UTC 2012 - fcrozat@suse.com
- Update to version 43:
+ Support optional initialization of the machine ID from the KVM
or container configured UUID.
+ Support immediate reboots with "systemctl reboot -ff"
+ Show /etc/os-release data in systemd-analyze output
+ Many bugfixes for the journal, including endianess fixes and
ensuring that disk space enforcement works
+ non-UTF8 strings are refused if used in configuration and unit
files.
+ Register Mimo USB Screens as suitable for automatic seat
configuration
+ Reorder configuration file lookup order. /etc now always
overrides /run.
+ manpages for journal utilities.
- Drop fix-c++-compat.patch, no-tmpfs-fsck.patch,
systemd-journald-fix-endianess-bug.patch.
- Requires util-linux >= 2.21 (needed to fix fsck on tmpfs).
-------------------------------------------------------------------
Mon Mar 12 08:50:36 UTC 2012 - fcrozat@suse.com

10
systemd.spec
View File

@ -20,7 +20,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 43
Version: 44
Release: 0
Summary: A System and Session Manager
License: GPL-2.0+
@ -52,7 +52,7 @@ Requires: kbd
Requires: pam-config >= 0.79-5
Requires: systemd-presets-branding
Requires: udev >= 172
Requires: util-linux >= 2.19
Requires: util-linux >= 2.21
Recommends: dbus-1-python
Conflicts: filesystem < 11.5
Conflicts: mkinitrd < 2.7.0
@ -86,9 +86,7 @@ Patch39: correct_plymouth_paths_and_conflicts.patch
# Never add any patches to this package without the upstream commit id
# in the patch. Any patches added here without a very good reason to make
# an exception will be silently removed with the next version update.
Patch21: no-tmpfs-fsck.patch
Patch40: systemd-journald-fix-endianess-bug.patch
Patch41: fix-c++-compat.patch
Patch40: 0001-util-never-follow-symlinks-in-rm_rf_children.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
@ -139,7 +137,6 @@ Plymouth integration for systemd
%patch15 -p1
%patch16 -p1
%patch19 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
@ -149,7 +146,6 @@ Plymouth integration for systemd
%patch38 -p1
%patch39 -p1
%patch40 -p1
%patch41 -p1
%build
autoreconf -fiv