diff --git a/0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch b/0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch new file mode 100644 index 00000000..df04192f --- /dev/null +++ b/0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch @@ -0,0 +1,26 @@ +Based on 1f97091d3cb0887c264176b47b0a86c269acf0b5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 27 Jun 2014 18:34:37 +0200 +Subject: [PATCH] main: uid_to_name() might fail due to OOM, protect against + that + +--- + src/core/main.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- src/core/main.c ++++ src/core/main.c 2014-07-01 12:25:17.906235000 +0000 +@@ -1525,9 +1525,10 @@ int main(int argc, char *argv[]) { + log_info("Running in initial RAM disk."); + + } else { +- _cleanup_free_ char *t = uid_to_name(getuid()); +- log_debug(PACKAGE_STRING " running in user mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")", +- getuid(), t); ++ _cleanup_free_ char *t; ++ ++ t = uid_to_name(getuid()); ++ log_debug(PACKAGE_STRING " running in user mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")", getuid(), strna(t)); + } + + if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) { diff --git a/0002-journald-make-MaxFileSec-really-default-to-1month.patch b/0002-journald-make-MaxFileSec-really-default-to-1month.patch new file mode 100644 index 00000000..9b48fcae --- /dev/null +++ b/0002-journald-make-MaxFileSec-really-default-to-1month.patch @@ -0,0 +1,30 @@ +Based on e150e82097211f09b911c7784a89ef9efed713ca Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20Bartoszkiewicz?= +Date: Thu, 26 Jun 2014 22:11:35 +0200 +Subject: [PATCH] journald: make MaxFileSec really default to 1month + +journald.conf(5) states that the default for MaxFileSec is one month, +but the code didn't respect that. +--- + src/journal/journald-server.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- src/journal/journald-server.c ++++ src/journal/journald-server.c 2014-07-01 12:28:25.506735287 +0000 +@@ -68,6 +68,7 @@ + #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE) + #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC) + #define DEFAULT_RATE_LIMIT_BURST 1000 ++#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH + + #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC) + +@@ -1496,6 +1497,8 @@ int server_init(Server *s) { + + s->forward_to_syslog = true; + ++ s->max_file_usec = DEFAULT_MAX_FILE_USEC; ++ + s->max_level_store = LOG_DEBUG; + s->max_level_syslog = LOG_DEBUG; + s->max_level_kmsg = LOG_NOTICE; diff --git a/0003-units-remove-RefuseManualStart-from-units-which-are-.patch b/0003-units-remove-RefuseManualStart-from-units-which-are-.patch new file mode 100644 index 00000000..d9ffedbf --- /dev/null +++ b/0003-units-remove-RefuseManualStart-from-units-which-are-.patch @@ -0,0 +1,65 @@ +Based on 0fdeb6e011dfdb17636c81e2d7e0d632186359ce Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sat, 28 Jun 2014 00:06:30 -0400 +Subject: [PATCH] units: remove RefuseManualStart from units which are always + around + +In a normal running system, non-passive targets and units used during +early bootup are always started. So refusing "manual start" for them +doesn't make any difference, because a "start" command doesn't cause +any action. + +In early boot however, the administrator might want to start on +of those targets or services by hand. We shouldn't interfere with that. + +Note: in case of systemd-tmpfiles-setup.service, really running the +unit after system is up would break the system. So e.g. restarting +should not be allowed. The unit has "RefuseManualStop=yes", which +prevents restart too. +--- + units/basic.target | 1 - + units/sysinit.target | 1 - + units/systemd-tmpfiles-setup.service.in | 1 - + units/user/basic.target | 1 - + 4 files changed, 4 deletions(-) + +diff --git units/basic.target units/basic.target +index d7c68f4..b890d48 100644 +--- units/basic.target ++++ units/basic.target +@@ -11,4 +11,3 @@ Documentation=man:systemd.special(7) + Requires=sysinit.target + Wants=sockets.target timers.target paths.target slices.target + After=sysinit.target sockets.target timers.target paths.target slices.target +-RefuseManualStart=yes +diff --git units/sysinit.target units/sysinit.target +index 8f4fb8f..ec33503 100644 +--- units/sysinit.target ++++ units/sysinit.target +@@ -11,4 +11,3 @@ Documentation=man:systemd.special(7) + Conflicts=emergency.service emergency.target + Wants=local-fs.target swap.target + After=local-fs.target swap.target emergency.service emergency.target +-RefuseManualStart=yes +--- units/systemd-tmpfiles-setup.service.in ++++ units/systemd-tmpfiles-setup.service.in 2014-07-01 12:17:48.154235348 +0000 +@@ -18,7 +18,6 @@ ConditionDirectoryNotEmpty=|/lib/tmpfile + ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d + ConditionDirectoryNotEmpty=|/etc/tmpfiles.d + ConditionDirectoryNotEmpty=|/run/tmpfiles.d +-RefuseManualStart=yes + RefuseManualStop=yes + + [Service] +diff --git units/user/basic.target units/user/basic.target +index b74d13c..afc6e93 100644 +--- units/user/basic.target ++++ units/user/basic.target +@@ -10,4 +10,3 @@ Description=Basic System + Documentation=man:systemd.special(7) + Wants=sockets.target timers.target paths.target + After=sockets.target timers.target paths.target +-RefuseManualStart=yes +-- +1.7.9.2 + diff --git a/0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch b/0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch new file mode 100644 index 00000000..f50e568d --- /dev/null +++ b/0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch @@ -0,0 +1,31 @@ +From 306a55c86360a7ae7b2509771d5ea6ab0d166d85 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sun, 29 Jun 2014 22:15:33 +0200 +Subject: [PATCH] util: refuse considering UID 0xFFFF and 0xFFFFFFFF valid + +--- + src/shared/util.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git src/shared/util.c src/shared/util.c +index e7ff0f8..1709bb7 100644 +--- src/shared/util.c ++++ src/shared/util.c +@@ -280,6 +280,14 @@ int parse_uid(const char *s, uid_t* ret_uid) { + if ((unsigned long) uid != ul) + return -ERANGE; + ++ /* Some libc APIs use (uid_t) -1 as special placeholder */ ++ if (uid == (uid_t) 0xFFFFFFFF) ++ return -EINVAL; ++ ++ /* A long time ago UIDs where 16bit, hence explicitly avoid the 32bit -1 too */ ++ if (uid == (uid_t) 0xFFFF) ++ return -EINVAL; ++ + *ret_uid = uid; + return 0; + } +-- +1.7.9.2 + diff --git a/0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch b/0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch new file mode 100644 index 00000000..e5b6706d --- /dev/null +++ b/0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch @@ -0,0 +1,94 @@ +From 28650077f36466d9c5ee27ef2006fae3171a2430 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 30 Jun 2014 16:22:12 +0200 +Subject: [PATCH] nspawn: block open_by_handle_at() and others via seccomp + +Let's protect ourselves against the recently reported docker security +issue. Our man page makes clear that we do not make any security +promises anyway, but well, this one is easy to mitigate, so let's do it. +While we are at it block a couple of more syscalls that are no good in +containers, too. +--- + src/nspawn/nspawn.c | 47 +++++++++++++++++++++++++++++++++++------------ + 1 file changed, 35 insertions(+), 12 deletions(-) + +diff --git src/nspawn/nspawn.c src/nspawn/nspawn.c +index fd61d07..656c1bf 100644 +--- src/nspawn/nspawn.c ++++ src/nspawn/nspawn.c +@@ -1864,22 +1864,25 @@ static int setup_macvlan(pid_t pid) { + return 0; + } + +-static int audit_still_doesnt_work_in_containers(void) { ++static int setup_seccomp(void) { + + #ifdef HAVE_SECCOMP ++ static const int blacklist[] = { ++ SCMP_SYS(kexec_load), ++ SCMP_SYS(open_by_handle_at), ++ SCMP_SYS(init_module), ++ SCMP_SYS(finit_module), ++ SCMP_SYS(delete_module), ++ SCMP_SYS(iopl), ++ SCMP_SYS(ioperm), ++ SCMP_SYS(swapon), ++ SCMP_SYS(swapoff), ++ }; ++ + scmp_filter_ctx seccomp; ++ unsigned i; + int r; + +- /* +- Audit is broken in containers, much of the userspace audit +- hookup will fail if running inside a container. We don't +- care and just turn off creation of audit sockets. +- +- This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail +- with EAFNOSUPPORT which audit userspace uses as indication +- that audit is disabled in the kernel. +- */ +- + seccomp = seccomp_init(SCMP_ACT_ALLOW); + if (!seccomp) + return log_oom(); +@@ -1890,6 +1893,26 @@ static int audit_still_doesnt_work_in_containers(void) { + goto finish; + } + ++ for (i = 0; i < ELEMENTSOF(blacklist); i++) { ++ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i], 0); ++ if (r == -EFAULT) ++ continue; /* unknown syscall */ ++ if (r < 0) { ++ log_error("Failed to block syscall: %s", strerror(-r)); ++ goto finish; ++ } ++ } ++ ++ /* ++ Audit is broken in containers, much of the userspace audit ++ hookup will fail if running inside a container. We don't ++ care and just turn off creation of audit sockets. ++ ++ This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail ++ with EAFNOSUPPORT which audit userspace uses as indication ++ that audit is disabled in the kernel. ++ */ ++ + r = seccomp_rule_add( + seccomp, + SCMP_ACT_ERRNO(EAFNOSUPPORT), +@@ -3050,7 +3073,7 @@ int main(int argc, char *argv[]) { + + dev_setup(arg_directory); + +- if (audit_still_doesnt_work_in_containers() < 0) ++ if (setup_seccomp() < 0) + goto child_fail; + + if (setup_dev_console(arg_directory, console) < 0) +-- +1.7.9.2 + diff --git a/0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch b/0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch new file mode 100644 index 00000000..8647f1e1 --- /dev/null +++ b/0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch @@ -0,0 +1,26 @@ +Based on 6fc27667950fe153033f0f49cb5b57e8954c3e54 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 30 Jun 2014 19:06:18 +0200 +Subject: [PATCH] tmpfiles: don't do automatic cleanup in $XDG_RUNTIME_DIR + +Now that logind will clean up all IPC resources of a user we should +really consider $XDG_RUNTIME_DIR as just another kind of IPC with the +same life-cycle logic as the other IPC resources. This should be safe +now to do since every user gets his own $XDG_RUNTIME_DIR tmpfs instance +with a fixed size limit, so that flooding of it will more effectively be +averted. +--- + tmpfiles.d/systemd.conf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- tmpfiles.d/systemd.conf ++++ tmpfiles.d/systemd.conf 2014-07-01 12:31:01.858735866 +0000 +@@ -7,7 +7,7 @@ + + # See tmpfiles.d(5) for details + +-d /run/user 0755 root root ~10d ++d /run/user 0755 root root - + F! /run/utmp 0664 root utmp - + + f /var/log/wtmp 0664 root utmp - diff --git a/0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch b/0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch new file mode 100644 index 00000000..a1046c39 --- /dev/null +++ b/0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch @@ -0,0 +1,26 @@ +From 8ebf02d6f382ce1ac7e0d44a713b8795a07b08cd Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 30 Jun 2014 21:44:05 +0200 +Subject: [PATCH] units: skip mounting /tmp if it is a symlink + +We shouldn't get confused if people have symlinked /tmp somewhere, so +let's simply skip the mount then. +--- + units/tmp.mount | 1 + + 1 file changed, 1 insertion(+) + +diff --git units/tmp.mount units/tmp.mount +index 99a3ba3..00a0d28 100644 +--- units/tmp.mount ++++ units/tmp.mount +@@ -9,6 +9,7 @@ + Description=Temporary Directory + Documentation=man:hier(7) + Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems ++ConditionPathIsSymbolicLink=!/tmp + DefaultDependencies=no + Conflicts=umount.target + Before=local-fs.target umount.target +-- +1.7.9.2 + diff --git a/1044-rules-update-qemu-hid-rules.patch b/1044-rules-update-qemu-hid-rules.patch new file mode 100644 index 00000000..52741afe --- /dev/null +++ b/1044-rules-update-qemu-hid-rules.patch @@ -0,0 +1,45 @@ +From cd31d1884f1ecf38e11bc6268f446d75dfafbc25 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Mon, 24 Mar 2014 12:07:41 +0100 +Subject: [PATCH] rules: update qemu hid rules + +Update comment to be a bit more specific. + +Change match to blacklist the serial number of the broken devices +instead of whitelisting the serial number of the fixed devices. +This allows to do something useful with the serial number in the +future. +--- + rules/42-usb-hid-pm.rules | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git rules/42-usb-hid-pm.rules rules/42-usb-hid-pm.rules +index 3fd6e8a..c675b5b 100644 +--- rules/42-usb-hid-pm.rules ++++ rules/42-usb-hid-pm.rules +@@ -2,14 +2,15 @@ + # + # Enable autosuspend for qemu emulated usb hid devices + +-# Note that there are buggy qemu versions which advertise remote +-# wakeup support but don't actually implement it correctly. This +-# is the reason why we need a match for the serial number here. +-# The serial number "42" is used to tag the implementations where ++# Note that there are buggy qemu versions (0.13 & older) which ++# advertise remote wakeup support but don't actually implement ++# it correctly. This is the reason why we need a match for the ++# serial number here. Old, broken versions have serial "1". ++# It has been changed to "42" after fixing the bug to indicate + # remote wakeup is working. +-ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto" +-ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto" +-ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto" ++ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" ++ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" ++ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + + # Catch-all for Avocent HID devices. Keyed off interface in order to only + # trigger on HID class devices. +-- +1.7.9.2 + diff --git a/1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch b/1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch new file mode 100644 index 00000000..cd1f72c7 --- /dev/null +++ b/1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch @@ -0,0 +1,29 @@ +Based on 52fb538361053f8c4abce0e40cd0bae3d28ceb16 Mon Sep 17 00:00:00 2001 +From: Tom Hirst +Date: Wed, 25 Jun 2014 11:57:11 +0000 +Subject: [PATCH] rules: don't enable usb pm for Avocent devices + +The Avocent KVM over IP devices doesn't work correctly with USB power +management enabled. +--- + rules/42-usb-hid-pm.rules | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git rules/42-usb-hid-pm.rules rules/42-usb-hid-pm.rules +index c675b5b..4c300da 100644 +--- rules/42-usb-hid-pm.rules ++++ rules/42-usb-hid-pm.rules +@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!= + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto" + +-# Catch-all for Avocent HID devices. Keyed off interface in order to only +-# trigger on HID class devices. +-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto" +- + # Dell DRAC 4 + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto" + +-- +1.7.9.2 + diff --git a/systemd-mini.changes b/systemd-mini.changes index 0ac93793..72a94b11 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Jul 1 12:19:27 UTC 2014 - werner@suse.de + +- Add upstream patches + 0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch + 0002-journald-make-MaxFileSec-really-default-to-1month.patch + 0003-units-remove-RefuseManualStart-from-units-which-are-.patch + 0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch + 0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch + 0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch + 0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch + ------------------------------------------------------------------- Tue Jul 1 09:58:04 UTC 2014 - werner@suse.de @@ -9,6 +21,8 @@ Tue Jul 1 08:56:48 UTC 2014 - werner@suse.de - Add upstream patches 1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch + 1044-rules-update-qemu-hid-rules.patch + 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch ------------------------------------------------------------------- Fri Jun 27 12:46:12 UTC 2014 - werner@suse.de diff --git a/systemd-mini.spec b/systemd-mini.spec index db05c2af..04ba9367 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -609,6 +609,19 @@ Patch297: 0001-core-use-correct-format-string-for-UIDs.patch Patch298: 0002-core-transaction-fix-cycle-break-attempts-outside-tr.patch # PATCH-FIX-UPSTREAM added at 2014/06/26 Patch299: 0003-fsck-consider-a-fsck-implementation-linked-to-bin-tr.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch300: 0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch301: 0002-journald-make-MaxFileSec-really-default-to-1month.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch302: 0003-units-remove-RefuseManualStart-from-units-which-are-.patch +Patch303: 0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch304: 0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch305: 0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch306: 0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch # UDEV PATCHES # ============ @@ -702,6 +715,10 @@ Patch1041: 1041-libudev-fix-udev_queue_get_queue_is_empty-logic.patch Patch1042: 1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch # PATCH-FIX-UPSTREAM 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch Patch1043: 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch +# PATCH-FIX-UPSTREAM 1044-rules-update-qemu-hid-rules.patch +Patch1044: 1044-rules-update-qemu-hid-rules.patch +# PATCH-FIX-UPSTREAM 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch +Patch1045: 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -1159,6 +1176,13 @@ cp %{SOURCE7} m4/ %patch297 -p0 %patch298 -p0 %patch299 -p0 +%patch300 -p0 +%patch301 -p0 +%patch302 -p0 +%patch303 -p0 +%patch304 -p0 +%patch305 -p0 +%patch306 -p0 # udev patches %patch1001 -p1 @@ -1211,6 +1235,8 @@ cp %{SOURCE7} m4/ %patch1042 -p0 %patch1043 -p0 %endif +%patch1044 -p0 +%patch1045 -p0 # ensure generate files are removed rm -f units/emergency.service diff --git a/systemd.changes b/systemd.changes index 0ac93793..72a94b11 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Jul 1 12:19:27 UTC 2014 - werner@suse.de + +- Add upstream patches + 0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch + 0002-journald-make-MaxFileSec-really-default-to-1month.patch + 0003-units-remove-RefuseManualStart-from-units-which-are-.patch + 0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch + 0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch + 0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch + 0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch + ------------------------------------------------------------------- Tue Jul 1 09:58:04 UTC 2014 - werner@suse.de @@ -9,6 +21,8 @@ Tue Jul 1 08:56:48 UTC 2014 - werner@suse.de - Add upstream patches 1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch + 1044-rules-update-qemu-hid-rules.patch + 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch ------------------------------------------------------------------- Fri Jun 27 12:46:12 UTC 2014 - werner@suse.de diff --git a/systemd.spec b/systemd.spec index 711d0f1b..6584e032 100644 --- a/systemd.spec +++ b/systemd.spec @@ -604,6 +604,19 @@ Patch297: 0001-core-use-correct-format-string-for-UIDs.patch Patch298: 0002-core-transaction-fix-cycle-break-attempts-outside-tr.patch # PATCH-FIX-UPSTREAM added at 2014/06/26 Patch299: 0003-fsck-consider-a-fsck-implementation-linked-to-bin-tr.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch300: 0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch301: 0002-journald-make-MaxFileSec-really-default-to-1month.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch302: 0003-units-remove-RefuseManualStart-from-units-which-are-.patch +Patch303: 0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch304: 0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch305: 0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch +# PATCH-FIX-UPSTREAM added at 2014/07/01 +Patch306: 0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch # UDEV PATCHES # ============ @@ -697,6 +710,10 @@ Patch1041: 1041-libudev-fix-udev_queue_get_queue_is_empty-logic.patch Patch1042: 1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch # PATCH-FIX-UPSTREAM 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch Patch1043: 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch +# PATCH-FIX-UPSTREAM 1044-rules-update-qemu-hid-rules.patch +Patch1044: 1044-rules-update-qemu-hid-rules.patch +# PATCH-FIX-UPSTREAM 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch +Patch1045: 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -1154,6 +1171,13 @@ cp %{SOURCE7} m4/ %patch297 -p0 %patch298 -p0 %patch299 -p0 +%patch300 -p0 +%patch301 -p0 +%patch302 -p0 +%patch303 -p0 +%patch304 -p0 +%patch305 -p0 +%patch306 -p0 # udev patches %patch1001 -p1 @@ -1206,6 +1230,8 @@ cp %{SOURCE7} m4/ %patch1042 -p0 %patch1043 -p0 %endif +%patch1044 -p0 +%patch1045 -p0 # ensure generate files are removed rm -f units/emergency.service