From 06a6844c275977ef85ed21b4370bcaf5504130f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 18 Jul 2018 10:53:19 +0200
Subject: [PATCH 1/4] Ignore return value from systemd-binfmt in scriptlet

---
 systemd.spec     | 5 ++++-
 triggers.systemd | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/systemd.spec b/systemd.spec
index 9a371c0..f90315c 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        238
-Release:        8%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        9%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -701,6 +701,9 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Wed Jul 18 2018 Terje Rosten <terje.rosten@ntnu.no> - 238-9.git0e0aa59
+- Ignore return value from systemd-binfmt in scriptlet (#1565425)
+
 * Fri May 11 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-8.git0e0aa59
 - Backport a number of patches (documentation, hwdb updates)
 - Fixes for tmpfiles 'e' entries
diff --git a/triggers.systemd b/triggers.systemd
index 04abfd1..90906e3 100644
--- a/triggers.systemd
+++ b/triggers.systemd
@@ -105,5 +105,7 @@ fi
 # This script will automatically apply binfmt rules if files have been
 # installed or updated in /usr/lib/binfmt.d.
 if test -d /run/systemd/system; then
-  /usr/lib/systemd/systemd-binfmt
+  # systemd-binfmt might fail if binfmt_misc kernel module is not loaded
+  # during install
+  /usr/lib/systemd/systemd-binfmt || :
 fi

From 02a0a77072c3a94510576eb010bd16b8a9ff89a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 29 Oct 2018 13:31:18 +0100
Subject: [PATCH 2/4] Backport a bunch of patches including three CVE issues

---
 sources      |  2 +-
 systemd.spec | 19 +++++++++++++++++--
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index 4db35be..c84048b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (systemd-0e0aa59.tar.gz) = e904aaf5e5427413894816614cc60f453bd43335654f39356c55345bdc8fd0876d0a234a1e4658632747db5a2fbe395bf145bf9dbef3354a55f339f66e821027
+SHA512 (systemd-438ac26.tar.gz) = fd65754716f1d29f8f363747275b398df072ba5166ab2cb516809139af4194fa5f09afcc7d3e64797c8b47aef45505c73674b8d898b015c1d7dab66049d9ca01
diff --git a/systemd.spec b/systemd.spec
index f90315c..a91695f 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -1,4 +1,4 @@
-%global gitcommit 0e0aa590a8ba759679efbd72e92c0ba4811aa1ec
+%global gitcommit 438ac26c9dee2abd8658f1f5c6627d2543558ffb
 %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})}
 
 # We ship a .pc file but don't want to have a dep on pkg-config. We
@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        238
-Release:        9%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        10%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -701,6 +701,21 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-10.git438ac26
+- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367)
+- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372)
+- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1643362)
+- Downgrade logging of various messages and add loging in other places
+- Many many fixes in error handling and minor memory leaks and such
+- Fix typos and omissions in documentation
+- Various smaller improvements to unit ordering and dependencies
+- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
+- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where
+  the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
+- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user
+  threads are used by bpfilter.
+- Catalog entries for the journal are improved (#1639482)
+
 * Wed Jul 18 2018 Terje Rosten <terje.rosten@ntnu.no> - 238-9.git0e0aa59
 - Ignore return value from systemd-binfmt in scriptlet (#1565425)
 

From 820d7d1051b37bb14630dd9c29dcd34de73cd161 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 11 Jan 2019 14:40:50 +0100
Subject: [PATCH 3/4] Patches for the journal CVEs

---
 sources      |  2 +-
 systemd.spec | 11 +++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index c84048b..947c1d0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (systemd-438ac26.tar.gz) = fd65754716f1d29f8f363747275b398df072ba5166ab2cb516809139af4194fa5f09afcc7d3e64797c8b47aef45505c73674b8d898b015c1d7dab66049d9ca01
+SHA512 (systemd-a76ee90.tar.gz) = ec7706e1b7477a1e8d33acb92011cf8377582df44c67df1e193c612ed915e4be08039b68b5f347a9ff56e957f6314e0eed19318d3c74a5a0240d31fdcd8da1f1
diff --git a/systemd.spec b/systemd.spec
index a91695f..f432572 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -1,4 +1,4 @@
-%global gitcommit 438ac26c9dee2abd8658f1f5c6627d2543558ffb
+%global gitcommit a76ee907b7e3199c21bf586bd3b27114ac746554
 %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})}
 
 # We ship a .pc file but don't want to have a dep on pkg-config. We
@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        238
-Release:        10%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        11%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -701,6 +701,13 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-11.gita76ee90
+- systemd-journald and systemd-journal-remote reject entries which
+  contain too many fields (CVE-2018-16865, #1664973) and set limits on the
+  process' command line length (CVE-2018-16864, #1664972)
+- Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald
+  (CVE-2018-16866, #1664975)
+
 * Mon Oct 29 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-10.git438ac26
 - Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1643367)
 - Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1643372)

From 2f8aae2204e513d5d43d7df5ce83e6b65a401324 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 20 Feb 2019 17:55:44 +0100
Subject: [PATCH 4/4] Patches for CVE-2019-6454

---
 sources      | 2 +-
 systemd.spec | 9 +++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index 947c1d0..fb9f39b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (systemd-a76ee90.tar.gz) = ec7706e1b7477a1e8d33acb92011cf8377582df44c67df1e193c612ed915e4be08039b68b5f347a9ff56e957f6314e0eed19318d3c74a5a0240d31fdcd8da1f1
+SHA512 (systemd-07f8cd5.tar.gz) = 784bf49da7e79008c67e9496ec2143a5c4672c49296194f75106447b8f9c0893d17a56ff3b2c32cf1074d564cec4453161dafcc8d57029b921a79de858bf57c8
diff --git a/systemd.spec b/systemd.spec
index f432572..67c6faa 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -1,4 +1,4 @@
-%global gitcommit a76ee907b7e3199c21bf586bd3b27114ac746554
+%global gitcommit 07f8cd571e22e892d68932fe9e7fcf92c7ca7d5c
 %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})}
 
 # We ship a .pc file but don't want to have a dep on pkg-config. We
@@ -13,7 +13,7 @@
 Name:           systemd
 Url:            http://www.freedesktop.org/wiki/Software/systemd
 Version:        238
-Release:        11%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        12%{?gitcommit:.git%{gitcommitshort}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@@ -701,6 +701,11 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-12.git07f8cd5
+- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454)
+- systemd-networkd fixes: keep bond slave up if already attached, keep existing
+  ip addresses and routes
+
 * Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 238-11.gita76ee90
 - systemd-journald and systemd-journal-remote reject entries which
   contain too many fields (CVE-2018-16865, #1664973) and set limits on the