Fix one security issue and update keyboard hwdb

Parts of the package became inaccurate when stuff was moved to -container
subpackage.

0001-Revert-journald-periodically-drop-cache-for-all-dead.patch

@@ -0,0 +1,75 @@
+From 74995adf88239a196b2262a43a6d8018b6149d9f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 8 Feb 2019 09:00:55 +0100
+Subject: [PATCH] Revert "journald: periodically drop cache for all dead PIDs"
+
+This reverts commit baf1570cc25e6349ab436e85e492c406c6de701a.
+
+Problems with selinux...
+---
+ src/journal/journald-context.c | 28 ++--------------------------
+ src/journal/journald-server.h  |  2 --
+ 2 files changed, 2 insertions(+), 28 deletions(-)
+
+diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c
+index 51f79fd803..0f0dc1de4d 100644
+--- a/src/journal/journald-context.c
++++ b/src/journal/journald-context.c
+@@ -541,39 +541,15 @@ refresh:
+ }
+ 
+ static void client_context_try_shrink_to(Server *s, size_t limit) {
+-        ClientContext *c;
+-        usec_t t;
+-
+         assert(s);
+ 
+-        /* Flush any cache entries for PIDs that have already moved on. Don't do this
+-         * too often, since it's a slow process. */
+-        t = now(CLOCK_MONOTONIC);
+-        if (s->last_cache_pid_flush + MAX_USEC < t) {
+-                unsigned n = prioq_size(s->client_contexts_lru), idx = 0;
+-
+-                /* We do a number of iterations based on the initial size of the prioq.  When we remove an
+-                 * item, a new item is moved into its places, and items to the right might be reshuffled.
+-                 */
+-                for (unsigned i = 0; i < n; i++) {
+-                        c = prioq_peek_by_index(s->client_contexts_lru, idx);
+-
+-                        assert(c->n_ref == 0);
+-
+-                        if (!pid_is_unwaited(c->pid))
+-                                client_context_free(s, c);
+-                        else
+-                                idx ++;
+-                }
+-
+-                s->last_cache_pid_flush = t;
+-        }
+-
+         /* Bring the number of cache entries below the indicated limit, so that we can create a new entry without
+          * breaching the limit. Note that we only flush out entries that aren't pinned here. This means the number of
+          * cache entries may very well grow beyond the limit, if all entries stored remain pinned. */
+ 
+         while (hashmap_size(s->client_contexts) > limit) {
++                ClientContext *c;
++
+                 c = prioq_pop(s->client_contexts_lru);
+                 if (!c)
+                         break; /* All remaining entries are pinned, give up */
+diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h
+index c6c9b1fb1d..983be8bb89 100644
+--- a/src/journal/journald-server.h
++++ b/src/journal/journald-server.h
+@@ -163,8 +163,6 @@ struct Server {
+         Hashmap *client_contexts;
+         Prioq *client_contexts_lru;
+ 
+-        usec_t last_cache_pid_flush;
+-
+         ClientContext *my_context; /* the context of journald itself */
+         ClientContext *pid1_context; /* the context of PID 1 */
+ };
+-- 
+2.19.2
+

0001-build-sys-Detect-whether-struct-statx-is-defined-in-.patch

@@ -1,105 +0,0 @@
-From 75720bff62a84896e9a0654afc7cf9408cf89a38 Mon Sep 17 00:00:00 2001
-From: Filipe Brandenburger <filbranden@google.com>
-Date: Sun, 15 Jul 2018 22:43:35 -0700
-Subject: [PATCH] build-sys: Detect whether struct statx is defined in
- sys/stat.h
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Starting with glibc 2.27.9000-36.fc29, include file sys/stat.h will have a
-definition for struct statx, in which case include file linux/stat.h should be
-avoided, in order to prevent a duplicate definition.
-
-    In file included from ../src/basic/missing.h:18,
-		     from ../src/basic/util.h:28,
-		     from ../src/basic/hashmap.h:10,
-		     from ../src/shared/bus-util.h:12,
-		     from ../src/libsystemd/sd-bus/bus-creds.c:11:
-    /usr/include/linux/stat.h:99:8: error: redefinition of ‘struct statx’
-     struct statx {
-	    ^~~~~
-    In file included from /usr/include/sys/stat.h:446,
-		     from ../src/basic/util.h:19,
-		     from ../src/basic/hashmap.h:10,
-		     from ../src/shared/bus-util.h:12,
-		     from ../src/libsystemd/sd-bus/bus-creds.c:11:
-    /usr/include/bits/statx.h:36:8: note: originally defined here
-     struct statx
-	    ^~~~~
-
-Extend our meson.build to look for struct statx when only sys/stat.h is
-included and, in that case, do not include linux/stat.h anymore.
-
-Tested that systemd builds correctly when using a glibc version that includes a
-definition for struct statx.
-
-glibc Fedora RPM update:
-https://src.fedoraproject.org/rpms/glibc/c/28cb5d31fc1e5887912283c889689c47076278ae
-
-glibc upstream commit:
-https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=fd70af45528d59a00eb3190ef6706cb299488fcd
----
- meson.build            | 5 +++++
- src/basic/missing.h    | 5 ++++-
- src/basic/xattr-util.c | 1 -
- 3 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index dd904c7148..68423bdfa5 100644
---- a/meson.build
-+++ b/meson.build
-@@ -425,6 +425,7 @@ decl_headers = '''
- #include <sys/stat.h>
- '''
- # FIXME: key_serial_t is only defined in keyutils.h, this is bound to fail
-+# FIXME: these should use -D_GNU_SOURCE, since that is defined at build time
- 
- foreach decl : ['char16_t',
-                 'char32_t',
-@@ -439,6 +440,10 @@ foreach decl : ['char16_t',
-         conf.set10('HAVE_' + decl.underscorify().to_upper(), have)
- endforeach
- 
-+conf.set10('HAVE_STRUCT_STATX_IN_SYS_STAT_H', cc.sizeof('struct statx', prefix : '''
-+#include <sys/stat.h>
-+''', args : '-D_GNU_SOURCE') > 0)
-+
- foreach decl : [['IFLA_INET6_ADDR_GEN_MODE',         'linux/if_link.h'],
-                 ['IN6_ADDR_GEN_MODE_STABLE_PRIVACY', 'linux/if_link.h'],
-                 ['IFLA_VRF_TABLE',                   'linux/if_link.h'],
-diff --git a/src/basic/missing.h b/src/basic/missing.h
-index 71a07d0574..14ad3d4914 100644
---- a/src/basic/missing.h
-+++ b/src/basic/missing.h
-@@ -15,7 +15,6 @@
- #include <linux/neighbour.h>
- #include <linux/oom.h>
- #include <linux/rtnetlink.h>
--#include <linux/stat.h>
- #include <net/ethernet.h>
- #include <stdlib.h>
- #include <sys/resource.h>
-@@ -25,6 +24,10 @@
- #include <uchar.h>
- #include <unistd.h>
- 
-+#if !HAVE_STRUCT_STATX_IN_SYS_STAT_H
-+#include <linux/stat.h>
-+#endif
-+
- #if HAVE_AUDIT
- #include <libaudit.h>
- #endif
-diff --git a/src/basic/xattr-util.c b/src/basic/xattr-util.c
-index c5c55ea846..0ee0979837 100644
---- a/src/basic/xattr-util.c
-+++ b/src/basic/xattr-util.c
-@@ -2,7 +2,6 @@
- 
- #include <errno.h>
- #include <fcntl.h>
--#include <linux/stat.h>
- #include <stdint.h>
- #include <stdlib.h>
- #include <string.h>

sources

@@ -1 +1 @@
-SHA512 (systemd-239.tar.gz) = fd44590dfd148504c5ed1e67521efce50d84b627b7fc77015fa95dfa76d7a42297c56cc89eff40181809732024b16d48f2a87038cf435e0c63bc2b95ecd86b0f
+SHA512 (systemd-33ccd62.tar.gz) = 3f015ed56e8b6615872210fe18597051800c61ec732e3eb00b9ff710082008b05c0b5d8ab82c45d251c4a28dd4a5bd02084fa79193ca92bc12d15f870ff44985

systemd.spec

@@ -1,7 +1,7 @@
-#global gitcommit 4b650021751ccd404dcb329ef5e312c8a93f7ce2
-%{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})}
+%global commit 33ccd6236d5f9761d3f06a90ec3b63903033bc1a
+%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
 
-#global stable 1
+%global stable 1
 
 # We ship a .pc file but don't want to have a dep on pkg-config. We
 # strip the automatically generated dep here and instead co-own the
@@ -13,21 +13,21 @@
 %global user_unit_dir %{pkgdir}/user
 
 Name:           systemd
-Url:            http://www.freedesktop.org/wiki/Software/systemd
+Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        239
-Release:        3%{?gitcommit:.git%{gitcommitshort}}%{?dist}
+Release:        14%{?commit:.git%{shortcommit}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
 
 # download tarballs with "spectool -g systemd.spec"
-%if %{defined gitcommit}
-Source0:        https://github.com/systemd/systemd%{?stable:-stable}/archive/%{?gitcommit}.tar.gz#/%{name}-%{gitcommitshort}.tar.gz
+%if %{defined commit}
+Source0:        https://github.com/systemd/systemd%{?stable:-stable}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
 %else
-Source0:        https://github.com/systemd/systemd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz
 %endif
 # This file must be available before %%prep.
-# It is generated during systemd build and can be found in src/core/.
+# It is generated during systemd build and can be found in build/src/core/.
 Source1:        triggers.systemd
 Source2:        split-files.py
 Source3:        purge-nobody-user
@@ -44,13 +44,15 @@ Source10:       systemd-udev-trigger-no-reload.conf
 Source11:       20-grubby.install
 Source12:       systemd-user
 
+Source13:       https://raw.githubusercontent.com/systemd/systemd/v243/hwdb/60-keyboard.hwdb
+
 %if 0
 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v235..v235-stable
 i=1; for j in 00*patch; do printf "Patch%04d:      %s\n" $i $j; i=$((i+1));done|xclip
 GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
 %endif
 
-Patch0001:      0001-build-sys-Detect-whether-struct-statx-is-defined-in-.patch
+Patch0001:      0001-Revert-journald-periodically-drop-cache-for-all-dead.patch
 
 Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
 
@@ -107,6 +109,8 @@ Requires(post): coreutils
 Requires(post): sed
 Requires(post): acl
 Requires(post): grep
+# systemd-machine-id-setup requires libssl
+Requires(post): openssl-libs
 Requires(pre):  coreutils
 Requires(pre):  /usr/bin/getent
 Requires(pre):  /usr/sbin/groupadd
@@ -142,10 +146,10 @@ implements an elaborate transactional dependency-based service control
 logic. systemd supports SysV and LSB init scripts and works as a
 replacement for sysvinit. Other parts of this package are a logging daemon,
 utilities to control basic system configuration like the hostname,
-date, locale, maintain a list of logged-in users and running
-containers and virtual machines, system accounts, runtime directories
-and settings, and daemons to manage simple network configuration,
-network time synchronization, log forwarding, and name resolution.
+date, locale, maintain a list of logged-in users, system accounts,
+runtime directories and settings, and daemons to manage simple network
+configuration, network time synchronization, log forwarding, and name
+resolution.
 
 %package libs
 Summary:        systemd libraries
@@ -258,7 +262,9 @@ License:       LGPLv2+
 They can be useful to test systemd internals.
 
 %prep
-%autosetup %{?gitcommit:-n %{name}%{?stable:-stable}-%{gitcommit}} -p1 -Sgit
+%autosetup %{?commit:-n %{name}%{?stable:-stable}-%{commit}} -p1 -Sgit
+
+cp -v %{SOURCE13} hwdb/
 
 %build
 %define ntpvendor %(source /etc/os-release; echo ${ID})
@@ -482,9 +488,10 @@ systemctl daemon-reexec &>/dev/null || :
 journalctl --update-catalog &>/dev/null || :
 systemd-tmpfiles --create &>/dev/null || :
 
-if [ $1 -eq 1 ] ; then
-     # create /var/log/journal only on initial installation
-     mkdir -p %{_localstatedir}/log/journal
+# create /var/log/journal only on initial installation,
+# and only if it's writable (it won't be in rpm-ostree).
+if [ $1 -eq 1 ] && [ -w %{_localstatedir} ]; then
+    mkdir -p %{_localstatedir}/log/journal
 fi
 
 # Make sure new journal files will be owned by the "systemd-journal" group
@@ -690,6 +697,86 @@ fi
 %files tests -f .file-list-tests
 
 %changelog
+* Tue Sep  3 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-14.git33ccd62
+- Security issue: unprivileged users were allowed to change DNS
+  servers configured in systemd-resolved.
+- hwdb entries for keyboards are updated to the latest version (#1725717)
+
+* Sat Jul 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-13.gitf4afb95
+- Fix systemd-mount with CIFS (#1708996)
+- Minor build and documentation fixes
+- Fix udev rule for Parallels video adapter (#1712842)
+
+* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-12.git8bca462
+- Prevent buffer overread in systemd-udevd
+- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454)
+
+* Fri Feb  8 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-11.git4dc7dce
+- Revert one of the patches to reduce journald memory usage because of selinux troubles
+
+* Thu Feb  7 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-10.git4dc7dce
+- Fix large memory usage by systemd-journald (#1665931)
+- Some minor fixes to systemd-nspawn, udevadm, documentation and logging
+
+* Fri Jan 25 2019 Adam Williamson <awilliam@redhat.com> - 239-9.gite339eae
+- Requires(post) openssl-libs to fix live image build machine-id issue
+  See: https://pagure.io/dusty/failed-composes/issue/960
+
+* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-8.gite339eae
+- systemd-journald and systemd-journal-remote reject entries which
+  contain too many fields (CVE-2018-16865, #1664973) and set limits on the
+  process' command line length (CVE-2018-16864, #1664972)
+- Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald
+  (CVE-2018-16866, #1664975)
+- A signal is again used to stop user sessions instead of dbus (#1664491)
+
+* Mon Dec 17 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-7.git9f3aed1
+- Hibernation checks for resume= are rescinded (#1645870)
+- Various patches:
+  - memory issues in logind, networkd, journald (#1653068), sd-device, etc.
+  - Adaptations for newer meson, lz4, kernel
+  - Fixes for misleading bugs in documentation
+- net.ipv4.conf.all.rp_filter is changed from 1 to 2
+
+* Sun Oct 28 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 239-6.git9f3aed1
+- Fix a local vulnerability from a race condition in chown-recursive (CVE-2018-15687, #1639076)
+- Fix a local vulnerability from invalid handling of long lines in state deserialization (CVE-2018-15686, #1639071)
+- Fix a remote vulnerability in DHCPv6 in systemd-networkd (CVE-2018-15688, #1639067)
+- The DHCP server is started only when link is UP
+- DHCPv6 prefix delegation is improved
+- Downgrade logging of various messages and add loging in other places
+- Many many fixes in error handling and minor memory leaks and such
+- Fix typos and omissions in documentation
+- Typo in %%_environmnentdir rpm macro is fixed (with backwards compatiblity preserved)
+- Matching by MACAddress= in systemd-networkd is fixed
+- Creation of user runtime directories is improved, and the user
+  manager is only stopped after 10 s after the user logs out (#1642460 and other bugs)
+- systemd units systemd-timesyncd, systemd-resolved, systemd-networkd are switched back to use DynamicUser=0
+- Aliases are now resolved when loading modules from pid1. This is a (redundant) fix for a brief kernel regression.
+- "systemctl --wait start" exits immediately if no valid units are named
+- zram devices are not considered as candidates for hibernation
+- ECN is not requested for both in- and out-going connections (the sysctl overide for net.ipv4.tcp_ecn is removed)
+- Various smaller improvements to unit ordering and dependencies
+- generators are now called with the manager's environment
+- Handling of invalid (intentionally corrupt) dbus messages is improved, fixing potential local DOS avenues
+- The target of symlinks links in .wants/ and .requires/ is now ignored. This fixes an issue where
+  the unit file would sometimes be loaded from such a symlink, leading to non-deterministic unit contents.
+- Filtering of kernel threads is improved. This fixes an issues with newer kernels where hybrid kernel/user
+  threads are used by bpfilter.
+- "noresume" can be used on the kernel command line to force normal boot even if a hibernation images is present
+- Hibernation is not advertised if resume= is not present on the kernenl command line
+- Hibernation/Suspend/... modes can be disabled using AllowSuspend=,
+  AllowHibernation=, AllowSuspendThenHibernate=, AllowHybridSleep=
+- LOGO= and DOCUMENTATION_URL= are documented for the os-release file
+- The hashmap mempool is now only used internally in systemd, and is disabled for external users of the systemd libraries
+- Additional state is serialized/deserialized when logind is restarted, fixing the handling of user objects
+- Catalog entries for the journal are improved (#1639482)
+- If suspend fails, the post-suspend hooks are still called.
+- Various build issues on less-common architectures are fixed
+
+* Wed Oct  3 2018 Jan Synáček <jsynacek@redhat.com> - 239-5
+- Fix line_begins() to accept word matching full string (#1631840)
+
 * Wed Jul 18 2018 Terje Rosten <terje.rosten@ntnu.no> - 239-3
 - Ignore return value from systemd-binfmt in scriptlet (#1565425)