From 0231aba5cdcb96b15106591acfff280159050366 Mon Sep 17 00:00:00 2001 From: Jim Somerville Date: Thu, 21 Nov 2019 15:54:15 -0500 Subject: [PATCH] Uprev systemd to version 219-67.el7 This solves: systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) along with some other less critical issues. See the security announcement link: https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006149.html for more details. Here we rebase the patches, and fix the atrocious crime of "name of patch file doesn't match what git format-patch generates". We also squash down the meta patches which add the patches to the spec file as part of good housekeeping. Change-Id: I01a3fa329bbad541a063cb604d1756892139967f Closes-Bug: 1849200 Depends-On: https://review.opendev.org/#/c/695560 Signed-off-by: Jim Somerville --- base/systemd/centos/build_srpm.data | 2 +- .../centos/meta_patches/Add-STX-patches.patch | 32 +++++++++++++++++++ base/systemd/centos/meta_patches/PATCH_ORDER | 6 ++-- ...-of-systemd-post-from-running-on-pat.patch | 21 ++++++------ .../fix-build-error-for-CentOS76.patch | 25 --------------- .../fix-build-error-for-unused-variable.patch | 25 --------------- .../spec-millisec-in-syslog-date.patch | 26 --------------- ...> update-package-versioning-for-STX.patch} | 16 ++++++---- ... 801-inject-millisec-in-syslog-date.patch} | 10 +++--- ...fix-build-error-for-unused-variable.patch} | 16 ++++++---- ...ile-failure-due-to-deprecated-value.patch} | 19 +++++++---- base/systemd/centos/srpm_path | 2 +- 12 files changed, 85 insertions(+), 115 deletions(-) create mode 100644 base/systemd/centos/meta_patches/Add-STX-patches.patch delete mode 100644 base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch delete mode 100644 base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch delete mode 100644 base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch rename base/systemd/centos/meta_patches/{update-package-versioning-for-TIS-format.patch => update-package-versioning-for-STX.patch} (57%) rename base/systemd/centos/patches/{0701-inject-millisec-in-syslog-date.patch => 801-inject-millisec-in-syslog-date.patch} (89%) rename base/systemd/centos/patches/{0702-fix-build-error-for-unused-variable.patch => 802-fix-build-error-for-unused-variable.patch} (58%) rename base/systemd/centos/patches/{0703-fix-build-error-for-CentOS7.6.patch => 803-Fix-compile-failure-due-to-deprecated-value.patch} (83%) diff --git a/base/systemd/centos/build_srpm.data b/base/systemd/centos/build_srpm.data index 73018cc23..e13aab400 100644 --- a/base/systemd/centos/build_srpm.data +++ b/base/systemd/centos/build_srpm.data @@ -1,2 +1,2 @@ -TIS_PATCH_VER=11 +TIS_PATCH_VER=1 BUILD_IS_SLOW=7 diff --git a/base/systemd/centos/meta_patches/Add-STX-patches.patch b/base/systemd/centos/meta_patches/Add-STX-patches.patch new file mode 100644 index 000000000..a33a95edf --- /dev/null +++ b/base/systemd/centos/meta_patches/Add-STX-patches.patch @@ -0,0 +1,32 @@ +From 3c0e59a677c921f60f27002a27eb5f4776475e44 Mon Sep 17 00:00:00 2001 +Message-Id: <3c0e59a677c921f60f27002a27eb5f4776475e44.1574265913.git.Jim.Somerville@windriver.com> +In-Reply-To: +References: +From: Jim Somerville +Date: Wed, 20 Nov 2019 10:59:45 -0500 +Subject: [PATCH 3/3] Add STX patches + +Signed-off-by: Jim Somerville +--- + SPECS/systemd.spec | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec +index 4c83150..e1e98bb 100644 +--- a/SPECS/systemd.spec ++++ b/SPECS/systemd.spec +@@ -786,6 +786,11 @@ Patch0744: 0744-selinux-don-t-log-SELINUX_INFO-and-SELINUX_WARNING-m.patch + Patch0745: 0745-fix-mis-merge.patch + Patch0746: 0746-fs-util-chase_symlinks-prevent-double-free.patch + ++# STX Patches ++Patch0801: 801-inject-millisec-in-syslog-date.patch ++Patch0802: 802-fix-build-error-for-unused-variable.patch ++Patch0803: 803-Fix-compile-failure-due-to-deprecated-value.patch ++ + Patch9999: 9999-Update-kernel-install-script-by-backporting-fedora-p.patch + + %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} +-- +1.8.3.1 + diff --git a/base/systemd/centos/meta_patches/PATCH_ORDER b/base/systemd/centos/meta_patches/PATCH_ORDER index 5ac36678b..bf2db2190 100644 --- a/base/systemd/centos/meta_patches/PATCH_ORDER +++ b/base/systemd/centos/meta_patches/PATCH_ORDER @@ -1,5 +1,3 @@ -update-package-versioning-for-TIS-format.patch +update-package-versioning-for-STX.patch Protect-sections-of-systemd-post-from-running-on-pat.patch -spec-millisec-in-syslog-date.patch -fix-build-error-for-unused-variable.patch -fix-build-error-for-CentOS76.patch +Add-STX-patches.patch diff --git a/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch b/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch index 408f53a0e..1e2efa43c 100644 --- a/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch +++ b/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch @@ -1,18 +1,21 @@ -From e54be64fa16349c94826b17a4dc206a7513f0d9c Mon Sep 17 00:00:00 2001 +From eece9585b5f9258c7180247b1664e92b5ef83efe Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: From: Scott Little Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH] WRS: - 0004-Protect-sections-of-systemd-post-from-running-on-pat.patch +Subject: [PATCH 2/3] Protect sections of systemd post from running on patch +Signed-off-by: Jim Somerville --- SPECS/systemd.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 6e1d7e1..6a04c16 100644 +index 16262fb..4c83150 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec -@@ -1221,6 +1221,7 @@ fi +@@ -1297,6 +1297,7 @@ fi rm -f /etc/sysconfig/i18n >/dev/null 2>&1 || : rm -f /etc/sysconfig/keyboard >/dev/null 2>&1 || : @@ -20,7 +23,7 @@ index 6e1d7e1..6a04c16 100644 # Migrate HOSTNAME= from /etc/sysconfig/network if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then unset HOSTNAME -@@ -1228,6 +1229,7 @@ if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then +@@ -1304,6 +1305,7 @@ if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then [ -n "$HOSTNAME" ] && echo $HOSTNAME > /etc/hostname 2>&1 || : fi sed -i '/^HOSTNAME=/d' /etc/sysconfig/network >/dev/null 2>&1 || : @@ -28,7 +31,7 @@ index 6e1d7e1..6a04c16 100644 # Migrate the old systemd-setup-keyboard X11 configuration fragment if [ ! -e /etc/X11/xorg.conf.d/00-keyboard.conf ] ; then -@@ -1236,6 +1238,7 @@ else +@@ -1312,6 +1314,7 @@ else rm -f /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf >/dev/null 2>&1 || : fi @@ -36,7 +39,7 @@ index 6e1d7e1..6a04c16 100644 # sed-fu to add myhostname to the hosts line of /etc/nsswitch.conf # Only do that when installing, not when updating. if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then -@@ -1245,6 +1248,7 @@ if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then +@@ -1321,6 +1324,7 @@ if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then s/[[:blank:]]*$/ myhostname/ ' /etc/nsswitch.conf >/dev/null 2>&1 || : fi @@ -45,5 +48,5 @@ index 6e1d7e1..6a04c16 100644 %posttrans # Convert old /etc/sysconfig/desktop settings -- -2.7.4 +1.8.3.1 diff --git a/base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch b/base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch deleted file mode 100644 index f41e42cd8..000000000 --- a/base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0816ac70222fec2609ed893c30d55f8c37fba632 Mon Sep 17 00:00:00 2001 -From: Shuicheng Lin -Date: Tue, 8 Jan 2019 21:06:06 +0800 -Subject: [PATCH] Add patch to fix build failure in CentOS 7.6 - -Signed-off-by: Shuicheng Lin ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index f794c3b..8e3715b 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -715,6 +715,7 @@ Patch0672: 0672-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch - #WRS Patches - Patch0701: 0701-inject-millisec-in-syslog-date.patch - Patch0702: 0702-fix-build-error-for-unused-variable.patch -+Patch0703: 0703-fix-build-error-for-CentOS7.6.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch b/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch deleted file mode 100644 index 2eea31c5c..000000000 --- a/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 6aead74fb56ae75cc16be507165d3fc75c38fac0 Mon Sep 17 00:00:00 2001 -From: slin14 -Date: Thu, 9 Aug 2018 18:40:36 +0800 -Subject: [PATCH] Add 0702-fix-build-error-for-unused-variable.patch - -Signed-off-by: slin14 ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index ffd0770..3f7cc10 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -714,6 +714,7 @@ Patch0672: 0672-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch - - #WRS Patches - Patch0701: 0701-inject-millisec-in-syslog-date.patch -+Patch0702: 0702-fix-build-error-for-unused-variable.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch b/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch deleted file mode 100644 index 2dc5cb714..000000000 --- a/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 6f9a8e792bad1f4bb8d9dad4f2430d89a1058d0c Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH] WRS: 0005-spec-millisec-in-syslog-date.patch - ---- - SPECS/systemd.spec | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 6a04c16..845d1dd 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -712,6 +712,9 @@ Patch0670: 0670-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch - Patch0671: 0671-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch - Patch0672: 0672-sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch - -+#WRS Patches -+Patch0701: 0701-inject-millisec-in-syslog-date.patch -+ - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - - BuildRequires: libcap-devel --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch b/base/systemd/centos/meta_patches/update-package-versioning-for-STX.patch similarity index 57% rename from base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch rename to base/systemd/centos/meta_patches/update-package-versioning-for-STX.patch index fcb7b6c37..5fbc01d07 100644 --- a/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch +++ b/base/systemd/centos/meta_patches/update-package-versioning-for-STX.patch @@ -1,25 +1,27 @@ -From e1b3591beb36a45f7cc4bf9340dd640b359955b7 Mon Sep 17 00:00:00 2001 +From eeb3e979288cb8c14d8546d12a27da4c88fbb0e4 Mon Sep 17 00:00:00 2001 +Message-Id: From: Scott Little Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH] WRS: 0001-update-package-versioning-for-TIS-format.patch +Subject: [PATCH 1/3] update package versioning for STX +Signed-off-by: Jim Somerville --- SPECS/systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 6bdbb74..3b2aa7f 100644 +index b1ffe88..16262fb 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -7,7 +7,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 219 --Release: 62%{?dist}.5 -+Release: 62.el7_6.5%{?_tis_dist}.%{tis_patch_ver} +-Release: 67%{?dist} ++Release: 67.el7%{?_tis_dist}.%{tis_patch_ver} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager --- -2.7.4 +-- +1.8.3.1 diff --git a/base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch b/base/systemd/centos/patches/801-inject-millisec-in-syslog-date.patch similarity index 89% rename from base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch rename to base/systemd/centos/patches/801-inject-millisec-in-syslog-date.patch index 5eee0f141..9a0074e57 100644 --- a/base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch +++ b/base/systemd/centos/patches/801-inject-millisec-in-syslog-date.patch @@ -1,14 +1,16 @@ -From 08353c7cc596d2d09fd7f22a9bfde4d83bd9ebda Mon Sep 17 00:00:00 2001 +From 8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7 Mon Sep 17 00:00:00 2001 +Message-Id: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com> From: systemd team Date: Tue, 8 Nov 2016 17:06:01 -0500 -Subject: [PATCH 1/1] inject millisec in syslog date +Subject: [PATCH 1/3] inject millisec in syslog date +Signed-off-by: Jim Somerville --- src/journal/journald-syslog.c | 48 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c -index 4e118aa..85cdeb9 100644 +index 1a9db59..36288cb 100644 --- a/src/journal/journald-syslog.c +++ b/src/journal/journald-syslog.c @@ -35,6 +35,44 @@ @@ -75,5 +77,5 @@ index 4e118aa..85cdeb9 100644 /* Third: identifier and PID */ -- -1.9.1 +1.8.3.1 diff --git a/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch b/base/systemd/centos/patches/802-fix-build-error-for-unused-variable.patch similarity index 58% rename from base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch rename to base/systemd/centos/patches/802-fix-build-error-for-unused-variable.patch index 8d31d8946..7de125485 100644 --- a/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch +++ b/base/systemd/centos/patches/802-fix-build-error-for-unused-variable.patch @@ -1,15 +1,19 @@ -From 193fcf879dbee168238227e2123d63f5bf8a135d Mon Sep 17 00:00:00 2001 +From 7cc3363381f83bb060e8e686eb64b5425f2d4409 Mon Sep 17 00:00:00 2001 +Message-Id: <7cc3363381f83bb060e8e686eb64b5425f2d4409.1574264572.git.Jim.Somerville@windriver.com> +In-Reply-To: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com> +References: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com> From: slin14 Date: Thu, 9 Aug 2018 18:38:18 +0800 -Subject: [PATCH] fix build error for unused variable +Subject: [PATCH 2/3] fix build error for unused variable Signed-off-by: slin14 +Signed-off-by: Jim Somerville --- src/journal/journald-syslog.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c -index 33062ea..fd4e070 100644 +index 36288cb..2e49b4c 100644 --- a/src/journal/journald-syslog.c +++ b/src/journal/journald-syslog.c @@ -167,8 +167,6 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons @@ -19,8 +23,8 @@ index 33062ea..fd4e070 100644 - time_t t; - struct tm *tm; char *ident_buf = NULL; - + assert(s); --- -2.7.4 +-- +1.8.3.1 diff --git a/base/systemd/centos/patches/0703-fix-build-error-for-CentOS7.6.patch b/base/systemd/centos/patches/803-Fix-compile-failure-due-to-deprecated-value.patch similarity index 83% rename from base/systemd/centos/patches/0703-fix-build-error-for-CentOS7.6.patch rename to base/systemd/centos/patches/803-Fix-compile-failure-due-to-deprecated-value.patch index 3d9470fe7..11bad1bfd 100644 --- a/base/systemd/centos/patches/0703-fix-build-error-for-CentOS7.6.patch +++ b/base/systemd/centos/patches/803-Fix-compile-failure-due-to-deprecated-value.patch @@ -1,7 +1,10 @@ -From bcfe2b0e50fed2a445f4e0dd43f33aee45d9ac5f Mon Sep 17 00:00:00 2001 +From 339ea8b005c037eaad217dfd3cc10b2b110bdd28 Mon Sep 17 00:00:00 2001 +Message-Id: <339ea8b005c037eaad217dfd3cc10b2b110bdd28.1574264572.git.Jim.Somerville@windriver.com> +In-Reply-To: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com> +References: <8b63ddb68a39d48ebb621d76a2b1f07f5ff67ac7.1574264572.git.Jim.Somerville@windriver.com> From: Shuicheng Lin Date: Tue, 2 Apr 2019 16:43:03 +0000 -Subject: [PATCH] Fix compile failure due to deprecated value +Subject: [PATCH 3/3] Fix compile failure due to deprecated value Issue occur after upgrade build tool chain. Fix it per tool chain's suggestion. @@ -15,10 +18,11 @@ use MHD_HTTP_NOT_ACCEPTABLE [-Werror] Signed-off-by: Shuicheng Lin Signed-off-by: Mawrer Ramirez +Signed-off-by: Jim Somerville --- src/journal-remote/journal-gatewayd.c | 4 ++-- - src/journal-remote/journal-remote.c | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) + src/journal-remote/journal-remote.c | 6 +++--- + 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c index d1f0ce3..8364044 100644 @@ -43,7 +47,7 @@ index d1f0ce3..8364044 100644 diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c -index e65daf6..9780ecb 100644 +index 431e283..476c826 100644 --- a/src/journal-remote/journal-remote.c +++ b/src/journal-remote/journal-remote.c @@ -526,13 +526,13 @@ static int process_http_upload( @@ -54,14 +58,14 @@ index e65daf6..9780ecb 100644 + MHD_HTTP_PAYLOAD_TOO_LARGE, "Entry is too large, maximum is %u bytes.\n", DATA_SIZE_MAX); - + else if (r == -E2BIG) return mhd_respondf(connection, - MHD_HTTP_REQUEST_ENTITY_TOO_LARGE, + MHD_HTTP_PAYLOAD_TOO_LARGE, "Entry with more fields than the maximum of %u\n", ENTRY_FIELD_COUNT_MAX); - + @@ -586,7 +586,7 @@ static int request_handler( *connection_cls); @@ -73,3 +77,4 @@ index e65daf6..9780ecb 100644 if (!streq(url, "/upload")) -- 1.8.3.1 + diff --git a/base/systemd/centos/srpm_path b/base/systemd/centos/srpm_path index bb7c557b3..6cf114d90 100644 --- a/base/systemd/centos/srpm_path +++ b/base/systemd/centos/srpm_path @@ -1 +1 @@ -mirror:Source/systemd-219-62.el7_6.5.src.rpm +mirror:Source/systemd-219-67.el7.src.rpm