diff --git a/sources b/sources index 4db35be..fb9f39b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (systemd-0e0aa59.tar.gz) = e904aaf5e5427413894816614cc60f453bd43335654f39356c55345bdc8fd0876d0a234a1e4658632747db5a2fbe395bf145bf9dbef3354a55f339f66e821027 +SHA512 (systemd-07f8cd5.tar.gz) = 784bf49da7e79008c67e9496ec2143a5c4672c49296194f75106447b8f9c0893d17a56ff3b2c32cf1074d564cec4453161dafcc8d57029b921a79de858bf57c8 diff --git a/systemd.spec b/systemd.spec index 9a371c0..67c6faa 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,4 @@ -%global gitcommit 0e0aa590a8ba759679efbd72e92c0ba4811aa1ec +%global gitcommit 07f8cd571e22e892d68932fe9e7fcf92c7ca7d5c %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})} # We ship a .pc file but don't want to have a dep on pkg-config. We @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 238 -Release: 8%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Release: 12%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -701,6 +701,36 @@ fi %files tests -f .file-list-tests %changelog +* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek - 238-12.git07f8cd5 +- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454) +- systemd-networkd fixes: keep bond slave up if already attached, keep existing + ip addresses and routes + +* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek - 238-11.gita76ee90 +- systemd-journald and systemd-journal-remote reject entries which + contain too many fields (CVE-2018-16865, #1664973) and set limits on the + process' command line length (CVE-2018-16864, #1664972) +- Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald + (CVE-2018-16866, #1664975) + +* Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek - 238-10.git438ac26 +- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367) +- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372) +- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362) +- Downgrade logging of various messages and add loging in other places +- Many many fixes in error handling and minor memory leaks and such +- Fix typos and omissions in documentation +- Various smaller improvements to unit ordering and dependencies +- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues +- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where + the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents. +- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user + threads are used by bpfilter. +- Catalog entries for the journal are improved (#1639482) + +* Wed Jul 18 2018 Terje Rosten - 238-9.git0e0aa59 +- Ignore return value from systemd-binfmt in scriptlet (#1565425) + * Fri May 11 2018 Zbigniew Jędrzejewski-Szmek - 238-8.git0e0aa59 - Backport a number of patches (documentation, hwdb updates) - Fixes for tmpfiles 'e' entries diff --git a/triggers.systemd b/triggers.systemd index 04abfd1..90906e3 100644 --- a/triggers.systemd +++ b/triggers.systemd @@ -105,5 +105,7 @@ fi # This script will automatically apply binfmt rules if files have been # installed or updated in /usr/lib/binfmt.d. if test -d /run/systemd/system; then - /usr/lib/systemd/systemd-binfmt + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + /usr/lib/systemd/systemd-binfmt || : fi