.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=700
2014-07-01 12:43:04 +00:00 · 2014-07-01 12:43:04 +00:00 · ac8a15a57d
commit ac8a15a57d
parent 0cd2f82139
13 changed files with 452 additions and 0 deletions
--- a/0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
+++ b/0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
@ -0,0 +1,26 @@
 Based on 1f97091d3cb0887c264176b47b0a86c269acf0b5 Mon Sep 17 00:00:00 2001
 From: Lennart Poettering <lennart@poettering.net>
 Date: Fri, 27 Jun 2014 18:34:37 +0200
 Subject: [PATCH] main: uid_to_name() might fail due to OOM, protect against
 that
 ---
 src/core/main.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 --- src/core/main.c
 +++ src/core/main.c	2014-07-01 12:25:17.906235000 +0000
@@ -1525,9 +1525,10 @@ int main(int argc, char *argv[]) {
                         log_info("Running in initial RAM disk.");
         } else {
 -                _cleanup_free_ char *t = uid_to_name(getuid());
 -                log_debug(PACKAGE_STRING " running in user mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")",
 -                          getuid(), t);
 +                _cleanup_free_ char *t;
 +		    
 +                t = uid_to_name(getuid());
 +                log_debug(PACKAGE_STRING " running in user mode for user "UID_FMT"/%s. (" SYSTEMD_FEATURES ")", getuid(), strna(t));
         }
         if (arg_running_as == SYSTEMD_SYSTEM && !skip_setup) {
--- a/0002-journald-make-MaxFileSec-really-default-to-1month.patch
+++ b/0002-journald-make-MaxFileSec-really-default-to-1month.patch
@ -0,0 +1,30 @@
 Based on e150e82097211f09b911c7784a89ef9efed713ca Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Micha=C5=82=20Bartoszkiewicz?= <mbartoszkiewicz@gmail.com>
 Date: Thu, 26 Jun 2014 22:11:35 +0200
 Subject: [PATCH] journald: make MaxFileSec really default to 1month
 journald.conf(5) states that the default for MaxFileSec is one month,
 but the code didn't respect that.
 ---
 src/journal/journald-server.c |    3 +++
 1 file changed, 3 insertions(+)
 --- src/journal/journald-server.c
 +++ src/journal/journald-server.c	2014-07-01 12:28:25.506735287 +0000
@@ -68,6 +68,7 @@
 #define DEFAULT_SYNC_INTERVAL_USEC (5*USEC_PER_MINUTE)
 #define DEFAULT_RATE_LIMIT_INTERVAL (30*USEC_PER_SEC)
 #define DEFAULT_RATE_LIMIT_BURST 1000
 +#define DEFAULT_MAX_FILE_USEC USEC_PER_MONTH
 #define RECHECK_AVAILABLE_SPACE_USEC (30*USEC_PER_SEC)
@@ -1496,6 +1497,8 @@ int server_init(Server *s) {
         s->forward_to_syslog = true;
 +        s->max_file_usec = DEFAULT_MAX_FILE_USEC;
 +
         s->max_level_store = LOG_DEBUG;
         s->max_level_syslog = LOG_DEBUG;
         s->max_level_kmsg = LOG_NOTICE;
--- a/0003-units-remove-RefuseManualStart-from-units-which-are-.patch
+++ b/0003-units-remove-RefuseManualStart-from-units-which-are-.patch
@ -0,0 +1,65 @@
 Based on 0fdeb6e011dfdb17636c81e2d7e0d632186359ce Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Sat, 28 Jun 2014 00:06:30 -0400
 Subject: [PATCH] units: remove RefuseManualStart from units which are always
 around
 In a normal running system, non-passive targets and units used during
 early bootup are always started. So refusing "manual start" for them
 doesn't make any difference, because a "start" command doesn't cause
 any action.
 In early boot however, the administrator might want to start on
 of those targets or services by hand. We shouldn't interfere with that.
 Note: in case of systemd-tmpfiles-setup.service, really running the
 unit after system is up would break the system. So e.g. restarting
 should not be allowed. The unit has "RefuseManualStop=yes", which
 prevents restart too.
 ---
 units/basic.target                      |    1 -
 units/sysinit.target                    |    1 -
 units/systemd-tmpfiles-setup.service.in |    1 -
 units/user/basic.target                 |    1 -
 4 files changed, 4 deletions(-)
 diff --git units/basic.target units/basic.target
 index d7c68f4..b890d48 100644
 --- units/basic.target
 +++ units/basic.target
@@ -11,4 +11,3 @@ Documentation=man:systemd.special(7)
 Requires=sysinit.target
 Wants=sockets.target timers.target paths.target slices.target
 After=sysinit.target sockets.target timers.target paths.target slices.target
 -RefuseManualStart=yes
 diff --git units/sysinit.target units/sysinit.target
 index 8f4fb8f..ec33503 100644
 --- units/sysinit.target
 +++ units/sysinit.target
@@ -11,4 +11,3 @@ Documentation=man:systemd.special(7)
 Conflicts=emergency.service emergency.target
 Wants=local-fs.target swap.target
 After=local-fs.target swap.target emergency.service emergency.target
 -RefuseManualStart=yes
 --- units/systemd-tmpfiles-setup.service.in
 +++ units/systemd-tmpfiles-setup.service.in	2014-07-01 12:17:48.154235348 +0000
@@ -18,7 +18,6 @@ ConditionDirectoryNotEmpty=|/lib/tmpfile
 ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d
 ConditionDirectoryNotEmpty=|/etc/tmpfiles.d
 ConditionDirectoryNotEmpty=|/run/tmpfiles.d
 -RefuseManualStart=yes
 RefuseManualStop=yes
 [Service]
 diff --git units/user/basic.target units/user/basic.target
 index b74d13c..afc6e93 100644
 --- units/user/basic.target
 +++ units/user/basic.target
@@ -10,4 +10,3 @@ Description=Basic System
 Documentation=man:systemd.special(7)
 Wants=sockets.target timers.target paths.target
 After=sockets.target timers.target paths.target
 -RefuseManualStart=yes
 -- 
 1.7.9.2
--- a/0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
+++ b/0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
@ -0,0 +1,31 @@
 From 306a55c86360a7ae7b2509771d5ea6ab0d166d85 Mon Sep 17 00:00:00 2001
 From: Lennart Poettering <lennart@poettering.net>
 Date: Sun, 29 Jun 2014 22:15:33 +0200
 Subject: [PATCH] util: refuse considering UID 0xFFFF and 0xFFFFFFFF valid
 ---
 src/shared/util.c |    8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git src/shared/util.c src/shared/util.c
 index e7ff0f8..1709bb7 100644
 --- src/shared/util.c
 +++ src/shared/util.c
@@ -280,6 +280,14 @@ int parse_uid(const char *s, uid_t* ret_uid) {
         if ((unsigned long) uid != ul)
                 return -ERANGE;
 +        /* Some libc APIs use (uid_t) -1 as special placeholder */
 +        if (uid == (uid_t) 0xFFFFFFFF)
 +                return -EINVAL;
 +
 +        /* A long time ago UIDs where 16bit, hence explicitly avoid the 32bit -1 too */
 +        if (uid == (uid_t) 0xFFFF)
 +                return -EINVAL;
 +
         *ret_uid = uid;
         return 0;
 }
 -- 
 1.7.9.2
--- a/0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
+++ b/0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
@ -0,0 +1,94 @@
 From 28650077f36466d9c5ee27ef2006fae3171a2430 Mon Sep 17 00:00:00 2001
 From: Lennart Poettering <lennart@poettering.net>
 Date: Mon, 30 Jun 2014 16:22:12 +0200
 Subject: [PATCH] nspawn: block open_by_handle_at() and others via seccomp
 Let's protect ourselves against the recently reported docker security
 issue. Our man page makes clear that we do not make any security
 promises anyway, but well, this one is easy to mitigate, so let's do it.
 While we are at it block a couple of more syscalls that are no good in
 containers, too.
 ---
 src/nspawn/nspawn.c |   47 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 35 insertions(+), 12 deletions(-)
 diff --git src/nspawn/nspawn.c src/nspawn/nspawn.c
 index fd61d07..656c1bf 100644
 --- src/nspawn/nspawn.c
 +++ src/nspawn/nspawn.c
@@ -1864,22 +1864,25 @@ static int setup_macvlan(pid_t pid) {
         return 0;
 }
 -static int audit_still_doesnt_work_in_containers(void) {
 +static int setup_seccomp(void) {
 #ifdef HAVE_SECCOMP
 +        static const int blacklist[] = {
 +                SCMP_SYS(kexec_load),
 +                SCMP_SYS(open_by_handle_at),
 +                SCMP_SYS(init_module),
 +                SCMP_SYS(finit_module),
 +                SCMP_SYS(delete_module),
 +                SCMP_SYS(iopl),
 +                SCMP_SYS(ioperm),
 +                SCMP_SYS(swapon),
 +                SCMP_SYS(swapoff),
 +        };
 +
         scmp_filter_ctx seccomp;
 +        unsigned i;
         int r;
 -        /*
 -           Audit is broken in containers, much of the userspace audit
 -           hookup will fail if running inside a container. We don't
 -           care and just turn off creation of audit sockets.
 -
 -           This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
 -           with EAFNOSUPPORT which audit userspace uses as indication
 -           that audit is disabled in the kernel.
 -         */
 -
         seccomp = seccomp_init(SCMP_ACT_ALLOW);
         if (!seccomp)
                 return log_oom();
@@ -1890,6 +1893,26 @@ static int audit_still_doesnt_work_in_containers(void) {
                 goto finish;
         }
 +        for (i = 0; i < ELEMENTSOF(blacklist); i++) {
 +                r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), blacklist[i], 0);
 +                if (r == -EFAULT)
 +                        continue; /* unknown syscall */
 +                if (r < 0) {
 +                        log_error("Failed to block syscall: %s", strerror(-r));
 +                        goto finish;
 +                }
 +        }
 +
 +        /*
 +           Audit is broken in containers, much of the userspace audit
 +           hookup will fail if running inside a container. We don't
 +           care and just turn off creation of audit sockets.
 +
 +           This will make socket(AF_NETLINK, *, NETLINK_AUDIT) fail
 +           with EAFNOSUPPORT which audit userspace uses as indication
 +           that audit is disabled in the kernel.
 +         */
 +
         r = seccomp_rule_add(
                         seccomp,
                         SCMP_ACT_ERRNO(EAFNOSUPPORT),
@@ -3050,7 +3073,7 @@ int main(int argc, char *argv[]) {
                         dev_setup(arg_directory);
 -                        if (audit_still_doesnt_work_in_containers() < 0)
 +                        if (setup_seccomp() < 0)
                                 goto child_fail;
                         if (setup_dev_console(arg_directory, console) < 0)
 -- 
 1.7.9.2
--- a/0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
+++ b/0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
@ -0,0 +1,26 @@
 Based on 6fc27667950fe153033f0f49cb5b57e8954c3e54 Mon Sep 17 00:00:00 2001
 From: Lennart Poettering <lennart@poettering.net>
 Date: Mon, 30 Jun 2014 19:06:18 +0200
 Subject: [PATCH] tmpfiles: don't do automatic cleanup in $XDG_RUNTIME_DIR
 Now that logind will clean up all IPC resources of a user we should
 really consider $XDG_RUNTIME_DIR as just another kind of IPC with the
 same life-cycle logic as the other IPC resources. This should be safe
 now to do since every user gets his own $XDG_RUNTIME_DIR tmpfs instance
 with a fixed size limit, so that flooding of it will more effectively be
 averted.
 ---
 tmpfiles.d/systemd.conf |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 --- tmpfiles.d/systemd.conf
 +++ tmpfiles.d/systemd.conf	2014-07-01 12:31:01.858735866 +0000
@@ -7,7 +7,7 @@
 # See tmpfiles.d(5) for details
 -d /run/user 0755 root root ~10d
 +d /run/user 0755 root root -
 F! /run/utmp 0664 root utmp -
 f /var/log/wtmp 0664 root utmp -
--- a/0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
+++ b/0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
@ -0,0 +1,26 @@
 From 8ebf02d6f382ce1ac7e0d44a713b8795a07b08cd Mon Sep 17 00:00:00 2001
 From: Lennart Poettering <lennart@poettering.net>
 Date: Mon, 30 Jun 2014 21:44:05 +0200
 Subject: [PATCH] units: skip mounting /tmp if it is a symlink
 We shouldn't get confused if people have symlinked /tmp somewhere, so
 let's simply skip the mount then.
 ---
 units/tmp.mount |    1 +
 1 file changed, 1 insertion(+)
 diff --git units/tmp.mount units/tmp.mount
 index 99a3ba3..00a0d28 100644
 --- units/tmp.mount
 +++ units/tmp.mount
@@ -9,6 +9,7 @@
 Description=Temporary Directory
 Documentation=man:hier(7)
 Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
 +ConditionPathIsSymbolicLink=!/tmp
 DefaultDependencies=no
 Conflicts=umount.target
 Before=local-fs.target umount.target
 -- 
 1.7.9.2
--- a/1044-rules-update-qemu-hid-rules.patch
+++ b/1044-rules-update-qemu-hid-rules.patch
@ -0,0 +1,45 @@
 From cd31d1884f1ecf38e11bc6268f446d75dfafbc25 Mon Sep 17 00:00:00 2001
 From: Gerd Hoffmann <kraxel@redhat.com>
 Date: Mon, 24 Mar 2014 12:07:41 +0100
 Subject: [PATCH] rules: update qemu hid rules
 Update comment to be a bit more specific.
 Change match to blacklist the serial number of the broken devices
 instead of whitelisting the serial number of the fixed devices.
 This allows to do something useful with the serial number in the
 future.
 ---
 rules/42-usb-hid-pm.rules |   15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
 diff --git rules/42-usb-hid-pm.rules rules/42-usb-hid-pm.rules
 index 3fd6e8a..c675b5b 100644
 --- rules/42-usb-hid-pm.rules
 +++ rules/42-usb-hid-pm.rules
@@ -2,14 +2,15 @@
 #
 # Enable autosuspend for qemu emulated usb hid devices
 -# Note that there are buggy qemu versions which advertise remote
 -# wakeup support but don't actually implement it correctly.  This
 -# is the reason why we need a match for the serial number here.
 -# The serial number "42" is used to tag the implementations where
 +# Note that there are buggy qemu versions (0.13 & older) which
 +# advertise remote wakeup support but don't actually implement
 +# it correctly.  This is the reason why we need a match for the
 +# serial number here.  Old, broken versions have serial "1".
 +# It has been changed to "42" after fixing the bug to indicate
 # remote wakeup is working.
 -ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
 -ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
 -ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}=="42", TEST=="power/control", ATTR{power/control}="auto"
 +ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
 +ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
 +ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
 # Catch-all for Avocent HID devices. Keyed off interface in order to only
 # trigger on HID class devices.
 -- 
 1.7.9.2
--- a/1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
+++ b/1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
@ -0,0 +1,29 @@
 Based on 52fb538361053f8c4abce0e40cd0bae3d28ceb16 Mon Sep 17 00:00:00 2001
 From: Tom Hirst <tom.hirst@ipe-systems.co.uk>
 Date: Wed, 25 Jun 2014 11:57:11 +0000
 Subject: [PATCH] rules: don't enable usb pm for Avocent devices
 The Avocent KVM over IP devices doesn't work correctly with USB power
 management enabled.
 ---
 rules/42-usb-hid-pm.rules |    4 ----
 1 file changed, 4 deletions(-)
 diff --git rules/42-usb-hid-pm.rules rules/42-usb-hid-pm.rules
 index c675b5b..4c300da 100644
 --- rules/42-usb-hid-pm.rules
 +++ rules/42-usb-hid-pm.rules
@@ -12,10 +12,6 @@ ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Mouse", ATTR{serial}!=
 ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Tablet", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
 ACTION=="add", SUBSYSTEM=="usb", ATTR{product}=="QEMU USB Keyboard", ATTR{serial}!="1", TEST=="power/control", ATTR{power/control}="auto"
 -# Catch-all for Avocent HID devices. Keyed off interface in order to only
 -# trigger on HID class devices.
 -ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0624", ATTR{bInterfaceClass}=="03", TEST=="../power/control", ATTR{../power/control}="auto"
 -
 # Dell DRAC 4
 ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="413c", ATTR{idProduct}=="2500", TEST=="power/control", ATTR{power/control}="auto"
 -- 
 1.7.9.2
--- a/systemd-mini.changes
+++ b/systemd-mini.changes
@ -1,3 +1,15 @@
 -------------------------------------------------------------------
 Tue Jul  1 12:19:27 UTC 2014 - werner@suse.de
 - Add upstream patches
  0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
  0002-journald-make-MaxFileSec-really-default-to-1month.patch
  0003-units-remove-RefuseManualStart-from-units-which-are-.patch
  0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
  0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
  0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
  0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
 -------------------------------------------------------------------
 Tue Jul  1 09:58:04 UTC 2014 - werner@suse.de
@ -9,6 +21,8 @@ Tue Jul  1 08:56:48 UTC 2014 - werner@suse.de
 - Add upstream patches
  1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
  1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
  1044-rules-update-qemu-hid-rules.patch
  1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
 -------------------------------------------------------------------
 Fri Jun 27 12:46:12 UTC 2014 - werner@suse.de
--- a/systemd-mini.spec
+++ b/systemd-mini.spec
@ -609,6 +609,19 @@ Patch297:       0001-core-use-correct-format-string-for-UIDs.patch
 Patch298:       0002-core-transaction-fix-cycle-break-attempts-outside-tr.patch
 # PATCH-FIX-UPSTREAM added at 2014/06/26
 Patch299:       0003-fsck-consider-a-fsck-implementation-linked-to-bin-tr.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch300:       0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch301:       0002-journald-make-MaxFileSec-really-default-to-1month.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch302:       0003-units-remove-RefuseManualStart-from-units-which-are-.patch
 Patch303:       0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch304:       0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch305:       0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch306:       0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
 # UDEV PATCHES
 # ============
@ -702,6 +715,10 @@ Patch1041:      1041-libudev-fix-udev_queue_get_queue_is_empty-logic.patch
 Patch1042:      1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
 # PATCH-FIX-UPSTREAM 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
 Patch1043:      1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
 # PATCH-FIX-UPSTREAM 1044-rules-update-qemu-hid-rules.patch
 Patch1044:      1044-rules-update-qemu-hid-rules.patch
 # PATCH-FIX-UPSTREAM 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
 Patch1045:      1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
 %description
 Systemd is a system and service manager, compatible with SysV and LSB
@ -1159,6 +1176,13 @@ cp %{SOURCE7} m4/
 %patch297 -p0
 %patch298 -p0
 %patch299 -p0
 %patch300 -p0
 %patch301 -p0
 %patch302 -p0
 %patch303 -p0
 %patch304 -p0
 %patch305 -p0
 %patch306 -p0
 # udev patches
 %patch1001 -p1
@ -1211,6 +1235,8 @@ cp %{SOURCE7} m4/
 %patch1042 -p0
 %patch1043 -p0
 %endif
 %patch1044 -p0
 %patch1045 -p0
 # ensure generate files are removed
 rm -f units/emergency.service
--- a/systemd.changes
+++ b/systemd.changes
@ -1,3 +1,15 @@
 -------------------------------------------------------------------
 Tue Jul  1 12:19:27 UTC 2014 - werner@suse.de
 - Add upstream patches
  0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
  0002-journald-make-MaxFileSec-really-default-to-1month.patch
  0003-units-remove-RefuseManualStart-from-units-which-are-.patch
  0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
  0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
  0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
  0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
 -------------------------------------------------------------------
 Tue Jul  1 09:58:04 UTC 2014 - werner@suse.de
@ -9,6 +21,8 @@ Tue Jul  1 08:56:48 UTC 2014 - werner@suse.de
 - Add upstream patches
  1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
  1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
  1044-rules-update-qemu-hid-rules.patch
  1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
 -------------------------------------------------------------------
 Fri Jun 27 12:46:12 UTC 2014 - werner@suse.de
--- a/systemd.spec
+++ b/systemd.spec
@ -604,6 +604,19 @@ Patch297:       0001-core-use-correct-format-string-for-UIDs.patch
 Patch298:       0002-core-transaction-fix-cycle-break-attempts-outside-tr.patch
 # PATCH-FIX-UPSTREAM added at 2014/06/26
 Patch299:       0003-fsck-consider-a-fsck-implementation-linked-to-bin-tr.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch300:       0001-main-uid_to_name-might-fail-due-to-OOM-protect-again.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch301:       0002-journald-make-MaxFileSec-really-default-to-1month.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch302:       0003-units-remove-RefuseManualStart-from-units-which-are-.patch
 Patch303:       0004-util-refuse-considering-UID-0xFFFF-and-0xFFFFFFFF-va.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch304:       0005-nspawn-block-open_by_handle_at-and-others-via-seccom.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch305:       0006-tmpfiles-don-t-do-automatic-cleanup-in-XDG_RUNTIME_D.patch
 # PATCH-FIX-UPSTREAM added at 2014/07/01
 Patch306:       0007-units-skip-mounting-tmp-if-it-is-a-symlink.patch
 # UDEV PATCHES
 # ============
@ -697,6 +710,10 @@ Patch1041:      1041-libudev-fix-udev_queue_get_queue_is_empty-logic.patch
 Patch1042:      1042-libudev-queue-provide-file-descriptor-to-watch-busy-.patch
 # PATCH-FIX-UPSTREAM 1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
 Patch1043:      1043-libudev-queue-watch-entire-directory-to-allow-the-re.patch
 # PATCH-FIX-UPSTREAM 1044-rules-update-qemu-hid-rules.patch
 Patch1044:      1044-rules-update-qemu-hid-rules.patch
 # PATCH-FIX-UPSTREAM 1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
 Patch1045:      1045-rules-don-t-enable-usb-pm-for-Avocent-devices.patch
 %description
 Systemd is a system and service manager, compatible with SysV and LSB
@ -1154,6 +1171,13 @@ cp %{SOURCE7} m4/
 %patch297 -p0
 %patch298 -p0
 %patch299 -p0
 %patch300 -p0
 %patch301 -p0
 %patch302 -p0
 %patch303 -p0
 %patch304 -p0
 %patch305 -p0
 %patch306 -p0
 # udev patches
 %patch1001 -p1
@ -1206,6 +1230,8 @@ cp %{SOURCE7} m4/
 %patch1042 -p0
 %patch1043 -p0
 %endif
 %patch1044 -p0
 %patch1045 -p0
 # ensure generate files are removed
 rm -f units/emergency.service