openembedded-core.git/meta/recipes-core/systemd, branch morty Mirror of openembedded-core systemd: CVE-2016-7795 2016-11-16T10:33:33+00:00 Chen Qi Qi.Chen@windriver.com 2016-10-26T06:09:47+00:00 df3f4785fc69d3ddbd30ccd954aad3d3618c5916 The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. The patch is a backport from the latest git repo. Please see the link below for more information. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795 (From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The manager_invoke_notify_message function in systemd 231 and earlier allows
local users to cause a denial of service (assertion failure and PID 1 hang)
via a zero-length message received over a notify socket.

The patch is a backport from the latest git repo.

Please see the link below for more information.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795

(From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: install udev.pc 2016-09-23T17:06:10+00:00 Robert Yang liezhi.yang@windriver.com 2016-07-21T03:35:53+00:00 a32dac24808bf8621fdbbecb654eff784acee47e It provides udev, but doesn't install udev.pc, which causes other recipes failed to figure out udevdir. Fixed when systemd in DISTRO_FEATURES: $ bitbake pcmciautils (or btrfs-tools): Package udev was not found in the pkg-config search path. Perhaps you should add the directory containing `udev.pc' to the PKG_CONFIG_PATH environment variable No package 'udev' found Their udev rules file may not be installed according to each pkg's implementation. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
It provides udev, but doesn't install udev.pc, which causes other
recipes failed to figure out udevdir.

Fixed when systemd in DISTRO_FEATURES:
$ bitbake pcmciautils (or btrfs-tools):

Package udev was not found in the pkg-config search path.
Perhaps you should add the directory containing `udev.pc'
to the PKG_CONFIG_PATH environment variable
No package 'udev' found

Their udev rules file may not be installed according to each pkg's
implementation.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
systemd: fix indentation 2016-09-22T10:08:22+00:00 Maciej Borzecki maciej.borzecki@rndity.com 2016-09-21T08:19:58+00:00 170157602932aa454e721ea849fbf1679b573618 Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
systemd: drop unused gtkdoc-related variable 2016-09-09T11:12:14+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2016-07-15T14:25:05+00:00 3fa84900b0a008993dfbf0d5af12416f4bc3980f Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
systemd_230.bb: Set journal RuntimeMaxSize to 64M as default 2016-09-07T23:31:37+00:00 Aníbal Limón anibal.limon@linux.intel.com 2016-09-05T21:59:12+00:00 808952bf6d2b7549b456293ead4728b4dbf0d89b At this time systemd journald uses the /run tmpfs to store logs by default systemd uses 15% of available space [1] of the /run partition, when the space runs out journald starts to vaccum/store the logs into /var/log [1]. It causes two problems one of them is timeout dev-ttySN.device's when enable debug and use journal as systemd.log_target [2] the other is related to don't find syslog entries into the journal log [3]. This problems are now more evident because i recently enabled the systemd debug option in testimage [4]. One area of improvement will be add support in systemd journald to read these parameters from the kernel cmdline like systemd.log_target, if the support exists we could add that parameter at level of testimage. [1] https://www.freedesktop.org/software/systemd/man/journald.conf.html#SystemMaxUse= [2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=8142#c19 [3] https://bugzilla.yoctoproject.org/show_bug.cgi?id=10128#c4 [4] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=a86a1b2703372c12e7fca18918695d093ea6ee53 [YOCTO #10128] Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
At this time systemd journald uses the /run tmpfs to store logs
by default systemd uses 15% of available space [1] of the /run
partition, when the space runs out journald starts to vaccum/store
the logs into /var/log [1].

It causes two problems one of them is timeout dev-ttySN.device's
when enable debug and use journal as systemd.log_target [2] the other
is related to don't find syslog entries into the journal log [3].

This problems are now more evident because i recently enabled the
systemd debug option in testimage [4].

One area of improvement will be add support in systemd journald to
read these parameters from the kernel cmdline like systemd.log_target,
if the support exists we could add that parameter at level of testimage.

[1] https://www.freedesktop.org/software/systemd/man/journald.conf.html#SystemMaxUse=
[2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=8142#c19
[3] https://bugzilla.yoctoproject.org/show_bug.cgi?id=10128#c4
[4] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=a86a1b2703372c12e7fca18918695d093ea6ee53

[YOCTO #10128]

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
systemd: split systemd-container 2016-08-25T22:02:42+00:00 Chen Qi Qi.Chen@windriver.com 2016-08-19T02:24:11+00:00 2a4bf6e4c96a8104733add315166210f04c02caf Split container/vm related units into a new package, systemd-container. The split mainly references Fedora 24, with a few differences. Apart from the bash and zsh completion files, the differences include adding systemd-spawn@.service into the systemd-container package. [YOCTO #9835] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Split container/vm related units into a new package, systemd-container.

The split mainly references Fedora 24, with a few differences.
Apart from the bash and zsh completion files, the differences include
adding systemd-spawn@.service into the systemd-container package.

[YOCTO #9835]

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
systemd-compat-units: do not inherit allarch 2016-08-25T21:59:17+00:00 Joe Slater jslater@windriver.com 2016-08-22T22:12:31+00:00 ef5be3c8256419d5abec566ce266718fe317417e Even though we are just a script, we do depend on systemd being on the target and need an RDEPENDS which means we cannot also be allarch. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Even though we are just a script, we do depend on
systemd being on the target and need an RDEPENDS
which means we cannot also be allarch.

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
systemd-compat-units: Only enable for systemd in DISTRO_FEATURES 2016-08-18T15:52:02+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-08-18T13:43:57+00:00 5dca6cc2fcdb2799c19b1697f0647a16ce296290 This recipe only makes sense when systemd is enabled and otherwise causes world build failures. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This recipe only makes sense when systemd is enabled and otherwise causes
world build failures.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd-compat-units: pkg_postinst() does not work 2016-08-18T15:52:01+00:00 Joe Slater jslater@windriver.com 2016-08-15T23:04:53+00:00 8183309080aee45746daaff46b0506b09b5bd269 The test for various files is wrong and will always be true, even if init.d does not exist. Exit if init.d does not exist, and correctly test for file existence otherwise. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The test for various files is wrong and will always be
true, even if init.d does not exist.

Exit if init.d does not exist, and correctly test for
file existence otherwise.

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
systemd: fix typo in avoid-using-system-auth.patch 2016-08-17T09:31:15+00:00 Dmitry Rozhkov dmitry.rozhkov@linux.intel.com 2016-08-10T09:47:56+00:00 ecff74ab68ffca27ed856be6117124b8bc1ef2d6 The patch 0015-systemd-user-avoid-using-system-auth.patch makes PAM session for systemd-user include common-account file which doesn't contain any session related lines and that breaks launching "systemd --user" with the error: Jul 29 13:03:24 intel-corei7-64 systemd[691]: user@0.service: Failed at step PAM spawning /lib/systemd/systemd: Operation not permitted This change fixes the patch by including common-session file instead. Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The patch 0015-systemd-user-avoid-using-system-auth.patch
makes PAM session for systemd-user include common-account file
which doesn't contain any session related lines and that breaks
launching "systemd --user" with the error:

Jul 29 13:03:24 intel-corei7-64 systemd[691]: user@0.service: Failed
at step PAM spawning /lib/systemd/systemd: Operation not permitted

This change fixes the patch by including common-session file
instead.

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>