• Igor Zhbanov's avatar
    [update] Upgrade systemd to v225. Fixes MER#608 · d2e16ee4
    Igor Zhbanov authored
    [security] Addresses CVE-2015-8842
    
    New patches:
    
    1) rpm/systemd-Define-__NR_kcmp-if-it-is-not-defined.patch
       Systemd can handle a stiuation when kcmp sytem call is not enabled in
       the kernel by checking for ENOSYS. But it needs to have syscall number
       anyway so define it for i386, x86_64 and arm platforms if it is not
       defined.
    
    2) rpm/systemd-backport-Revert-usage-of-ln-relative.patch
       Revert usage of "ln --relative" in Makefile.am because our couretils'
       "ln" version doesn't support "--relative" option.
       Remove test for "ln --relative" support from configure.ac.
    
    3) rpm/systemd-227-sd_pid_notify_with_fds-fix-computing-msg_controllen.patch
       Backport a5bd3c32abb00ad945282568fd1a97c180b68047 upstream commit.
    
    4) rpm/systemd-backport-Revert-udev-remove-userspace-firmware-loading-suppor.patch
       rpm/systemd-backport-Revert-rules-remove-firmware-loading-rules.patch
       Backport udev-based firmware loading support until we implement proper
       kernel-based loading.
    
    5) rpm/systemd-228-core-simplify-handling-of-u-U-s-and-h-unit-file-spec.patch
       Backport fix for %h substitution handling in unit-files.
    
    6) rpm/systemd-228-tmpfiles-set-acls-on-system.journal-explicitly.patch
       Fix for CVE-2015-8842.
    
    7) rpm/systemd-udev-lvm-workaround.patch
       Workaround patch for JB#36605. Should be removed after implementing
       proper UDEV events handling in initramfs.
    
    Deleted unneeded patches:
    
    1) rpm/systemd-187-make-readahead-depend-on-sysinit.patch
    2) rpm/systemd-208-configure-start-limit.patch
    3) rpm/systemd-208-configure-timeout.patch
    4) rpm/systemd-208-do-not-wait-accelerometer.patch
       (Dropped patch because systemd removed accelerometer helper.)
    5) rpm/systemd-208-fix-restart.patch
    6) rpm/systemd-208-support-additional-argument-in-reboot.patch
    7) systemd-208-bootchart-svg-fix-checking-of-list-end.patch
    
    Modified patches:
    
    1) rpm/systemd-208-video.patch:
       Following udev rules were removed in v209 from
       rules/50-udev-default.rules in upstream
       commit d1f0e886e1407ab50834127ce52710e1aff13938:
       SUBSYSTEM=="input", KERNEL=="mouse*|mice|event*", MODE="0640"
       SUBSYSTEM=="input", KERNEL=="ts[0-9]*|uinput", MODE="0640
    
       (See also https://bugs.freedesktop.org/show_bug.cgi?id=70665,
       https://forums.gentoo.org/viewtopic-t-951834-start-0.html)
    
    2) rpm/systemd-208-pkgconfigdir.patch:
       In Makefile.am sharepkgconfigdir was unified with pkgconfigdatadir
       in upstream commit 2f4d3bb91f246532b7c946bb75595a96ee843f29.
    
    All other patches were realigned to fix patch utility warnings.
    The spec-file was reordered and slightly changed to minimize difference
    with Fedora's.
    
    Packaging:
    
    1) Removed libgudev1 and libgudev1-devel subpackages.
    
    2) Added systemd-locale subpackage.
    
    3) New files (in generated RPMs, except of units):
       /bin/systemd-escape
       /bin/systemd-firstboot
       /bin/systemd-hwdb
       /bin/systemd-sysusers
       /bin/networkctl
       /etc/dbus-1/system.d/org.freedesktop.network1.conf
       /etc/dbus-1/system.d/org.freedesktop.resolve1.conf
       /etc/systemd/resolved.conf
       /etc/systemd/timesyncd.conf
       /usr/bin/busctl
       /usr/bin/systemd-path
       /usr/lib/systemd/catalog/systemd.be.catalog
       /usr/lib/systemd/catalog/systemd.be@latin.catalog
       /usr/lib/systemd/catalog/systemd.fr.catalog
       /usr/lib/systemd/catalog/systemd.it.catalog
       /usr/lib/systemd/catalog/systemd.pl.catalog
       /usr/lib/systemd/catalog/systemd.pt_BR.catalog
       /usr/lib/systemd/catalog/systemd.ru.catalog
       /usr/lib/systemd/catalog/systemd.zh_TW.catalog
       /usr/lib/sysusers.d/basic.conf
       /usr/lib/sysusers.d/systemd.conf
       /usr/share/bash-completion/completions/bootctl
       /usr/share/bash-completion/completions/busctl
       /usr/share/bash-completion/completions/machinectl
       /usr/share/bash-completion/completions/systemd-cat
       /usr/share/bash-completion/completions/systemd-cgls
       /usr/share/bash-completion/completions/systemd-cgtop
       /usr/share/bash-completion/completions/systemd-delta
       /usr/share/bash-completion/completions/systemd-detect-virt
       /usr/share/bash-completion/completions/systemd-nspawn
       /usr/share/dbus-1/system-services/org.freedesktop.network1.service
       /usr/share/dbus-1/system-services/org.freedesktop.resolve1.service
       /usr/share/factory/etc/nsswitch.conf
       /usr/share/factory/etc/pam.d/other
       /usr/share/factory/etc/pam.d/system-auth
       /usr/share/polkit-1/actions/org.freedesktop.machine1.policy
       /usr/share/systemd/language-fallback-map
       /usr/lib/systemd/user-generators/systemd-dbus1-generator (symlink)
    
    4) Removed files:
       /usr/share/dbus-1/interfaces/org.freedesktop.hostname1.xml
       /usr/share/dbus-1/interfaces/org.freedesktop.locale1.xml
       /usr/share/dbus-1/interfaces/org.freedesktop.timedate1.xml
    
    5) Moved deprecated shared libraries to new systemd-compat-libs subpackage:
       /usr/lib/libgudev-1.0.so*
       /usr/lib/libsystemd-daemon.so*
       /usr/lib/libsystemd-login.so*
       /usr/lib/libsystemd-journal.so*
       /usr/lib/libsystemd-id128.so*
    
    6) New shared libraries:
       /usr/lib/libnss_mymachines.so.2
       /usr/lib/libnss_resolve.so.2
       /usr/lib/libsystemd.so*
    
    7) Removed header and pkgconfig files:
       /usr/include/gudev-1.0/gudev/*.h
       /usr/include/systemd/sd-shutdown.h
       /usr/lib/pkgconfig/gudev-1.0.pc
    
    8) New header and pkgconfig files:
       /usr/include/systemd/_sd-common.h
       /usr/include/systemd/sd-bus.h
       /usr/include/systemd/sd-bus-protocol.h
       /usr/include/systemd/sd-bus-vtable.h
       /usr/include/systemd/sd-event.h
       /usr/lib/pkgconfig/libsystemd.pc
    
    9) New build requirements:
       libmount-devel
    
    10) Added 94 new tests to rpm/tests.xml.
    
    11) Removed floppy group creation.
    
    12) Added utmp, input, systemd-timesync, systemd-timesync, systemd-network,
        systemd-resolve, systemd-bus-proxy groups creation.
    
    13) Added congfigs for tmp-files
    
    14) Set ACLs for journal files.
    
    15) New unit-files:
        /lib/systemd/system/busnames.target
        /lib/systemd/system/container-getty@.service
        /lib/systemd/system/ldconfig.service
        /lib/systemd/system/machines.target
        /lib/systemd/system/network-pre.target
        /lib/systemd/system/org.freedesktop.hostname1.busname
        /lib/systemd/system/org.freedesktop.locale1.busname
        /lib/systemd/system/org.freedesktop.login1.busname
        /lib/systemd/system/org.freedesktop.machine1.busname
        /lib/systemd/system/org.freedesktop.network1.busname
        /lib/systemd/system/org.freedesktop.resolve1.busname
        /lib/systemd/system/org.freedesktop.systemd1.busname
        /lib/systemd/system/org.freedesktop.timedate1.busname
        /lib/systemd/system/systemd-bootchart.service
        /lib/systemd/system/systemd-bus-proxyd.service
        /lib/systemd/system/systemd-bus-proxyd.socket
        /lib/systemd/system/systemd-firstboot.service
        /lib/systemd/system/systemd-hibernate-resume@.service
        /lib/systemd/system/systemd-hwdb-update.service
        /lib/systemd/system/systemd-journal-catalog-update.service
        /lib/systemd/system/systemd-journald-audit.socket
        /lib/systemd/system/systemd-journald-dev-log.socket
        /lib/systemd/system/systemd-machine-id-commit.service
        /lib/systemd/system/systemd-networkd-wait-online.service
        /lib/systemd/system/systemd-networkd.service
        /lib/systemd/system/systemd-networkd.socket
        /lib/systemd/system/systemd-resolved.service
        /lib/systemd/system/systemd-rfkill@.service
        /lib/systemd/system/systemd-sysusers.service
        /lib/systemd/system/systemd-timesyncd.service
        /lib/systemd/system/systemd-update-done.service
        /lib/systemd/system/var-lib-machines.mount
        /usr/lib/systemd/user/basic.target
        /usr/lib/systemd/user/systemd-bus-proxyd.service
        /usr/lib/systemd/user/systemd-bus-proxyd.socket
    
    16) New unit-files' symlinks:
        /etc/systemd/system/systemd-networkd.service
        /etc/systemd/system/systemd-resolved.service
        /etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
        /etc/systemd/system/sockets.target.wants/systemd-networkd.socket
        /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
        /lib/systemd/system/busnames.target.wants/org.freedesktop.hostname1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.locale1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.login1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.machine1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.network1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.resolve1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.systemd1.busname
        /lib/systemd/system/busnames.target.wants/org.freedesktop.timedate1.busname
        /lib/systemd/system/graphical.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/local-fs.target.wants/var-lib-machines.mount
        /lib/systemd/system/multi-user.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/rescue.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/sockets.target.wants/systemd-journald-audit.socket
        /lib/systemd/system/sockets.target.wants/systemd-journald-dev-log.socket
        /lib/systemd/system/sysinit.target.wants/ldconfig.service
        /lib/systemd/system/sysinit.target.wants/systemd-firstboot.service
        /lib/systemd/system/sysinit.target.wants/systemd-hwdb-update.service
        /lib/systemd/system/sysinit.target.wants/systemd-journal-catalog-update.service
        /lib/systemd/system/sysinit.target.wants/systemd-machine-id-commit.service
        /lib/systemd/system/sysinit.target.wants/systemd-sysusers.service
        /lib/systemd/system/sysinit.target.wants/systemd-update-done.service
        /lib/systemd/system/dbus-org.freedesktop.network1.service
        /lib/systemd/system/dbus-org.freedesktop.resolve1.service
        /usr/lib/systemd/user/busnames.target
    
    17) Removed unit-files:
        /lib/systemd/system/systemd-readahead-collect.service
        /lib/systemd/system/systemd-readahead-done.service
        /lib/systemd/system/systemd-readahead-done.timer
        /lib/systemd/system/systemd-readahead-drop.service
        /lib/systemd/system/systemd-readahead-replay.service
        /lib/systemd/system/systemd-shutdownd.service
        /lib/systemd/system/systemd-shutdownd.socket
    
    18) Removed unit files' symlinks:
        /lib/systemd/system/local-fs.target.wants/systemd-fsck-root.service
        /lib/systemd/system/runlevel1.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/runlevel2.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/runlevel3.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/runlevel4.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/runlevel5.target.wants/systemd-update-utmp-runlevel.service
        /lib/systemd/system/sockets.target.wants/systemd-shutdownd.socket
        /lib/systemd/system/sysinit.target.wants/systemd-readahead-collect.service
        /lib/systemd/system/sysinit.target.wants/systemd-readahead-replay.service
    
    19) Changed config files default option values:
        /etc/systemd/journald.conf:
            SplitMode=login     -> SplitMode=uid
    	ForwardToSyslog=yes -> ForwardToSyslog=no
    
    20) New config files options with default values:
        /etc/systemd/bootchart.conf:
            ControlGroup=no
            PerCPU=no
    
        /etc/systemd/journald.conf:
            ForwardToWall=yes
    	MaxLevelWall=emerg
    
        /etc/systemd/logind.conf:
            HandleLidSwitchDocked=ignore
    	HoldoffTimeoutSec=30s
    	RuntimeDirectorySize=10%
    	RemoveIPC=yes
    
        /etc/systemd/system.conf:
            SystemCallArchitectures=
    	DefaultTimerAccuracySec=1min
    	DefaultCPUAccounting=no
    	DefaultBlockIOAccounting=no
    	DefaultMemoryAccounting=no
    
        /etc/systemd/user.conf:
            SystemCallArchitectures=
            TimerSlackNSec=
            DefaultTimerAccuracySec=1min
            DefaultEnvironment=
            DefaultLimitCPU=
            DefaultLimitFSIZE=
            DefaultLimitDATA=
            DefaultLimitSTACK=
            DefaultLimitCORE=
            DefaultLimitRSS=
            DefaultLimitNOFILE=
            DefaultLimitAS=
            DefaultLimitNPROC=
            DefaultLimitMEMLOCK=
            DefaultLimitLOCKS=
            DefaultLimitSIGPENDING=
            DefaultLimitMSGQUEUE=
            DefaultLimitNICE=
            DefaultLimitRTPRIO=
            DefaultLimitRTTIME=
    
    21) New config files:
        /etc/dbus-1/system.d/org.freedesktop.network1.conf
        /etc/dbus-1/system.d/org.freedesktop.resolve1.conf
        /etc/systemd/resolved.conf
        /etc/systemd/timesyncd.conf
        /usr/lib/sysusers.d/basic.conf
        /usr/lib/sysusers.d/systemd.conf
        /usr/share/factory/etc/nsswitch.conf
        /usr/share/factory/etc/pam.d/other
        /usr/share/factory/etc/pam.d/system-auth
        /usr/share/polkit-1/actions/org.freedesktop.machine1.policy
        /usr/share/systemd/language-fallback-map
    
    22) Added dependency on lvm2 as a workaround for JB#36605.
        Should be removed later.
    
    23) Add dependency on systemd package for systemd-devel because
        macros.systemd is contained in systemd package but is needed to build
        RPM packages which typically use BuildRequires: systemd-devel, and
        do not depend on systemd itself.
    Signed-off-by: default avatarIgor Zhbanov <igor.zhbanov@jolla.com>
    d2e16ee4