openembedded-core.git/meta/recipes-core/systemd, branch thud Mirror of openembedded-core systemd: fix CVE-2019-6454 2019-03-22T21:40:46+00:00 George McCollister george.mccollister@gmail.com 2019-02-22T16:54:50+00:00 81199a83c5e5c4a107a025403bc0a79157ba6630 Apply patches from systemd_239-7ubuntu10.8 to fix CVE-2019-6454. CVE-2019-6454 is an issue in which systemd (PID1) can be crashed with a specially formed D-Bus message. For information see: https://usn.ubuntu.com/3891-1/ https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb (From OE-Core rev: 9d2ec5970adfc906fcc4581528321a879953fd55) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Apply patches from systemd_239-7ubuntu10.8 to fix CVE-2019-6454.
CVE-2019-6454 is an issue in which systemd (PID1) can be crashed with a
specially formed D-Bus message.

For information see:
https://usn.ubuntu.com/3891-1/
https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb

(From OE-Core rev: 9d2ec5970adfc906fcc4581528321a879953fd55)

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Update recent CVE patches 2019-03-22T21:40:46+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2019-01-28T13:57:44+00:00 554a65619c45fec24f1790792de2db12a098bd80 * Added CVE tag, Upstream-Status tag and Sign-off-by tags. * Removed the verification of the entry length in the header * Squashed CVE-2018-16865 patches into one * CVE-2018-16866 patch now taken from systemd-stable and includes an additional heap buffer overflow fix. (From OE-Core rev: bc79395e2fcb886f224a4ad837fd93c779d2c53d) Signed-off-by: Marcus Cooper <marcusc@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
* Added CVE tag, Upstream-Status tag and Sign-off-by tags.
* Removed the verification of the entry length in the header
* Squashed CVE-2018-16865 patches into one
* CVE-2018-16866 patch now taken from systemd-stable and includes
  an additional heap buffer overflow fix.

(From OE-Core rev: bc79395e2fcb886f224a4ad837fd93c779d2c53d)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: RDEPENDS on util-linux-umount 2019-03-22T21:40:46+00:00 André Draszik andre.draszik@jci.com 2019-03-07T14:27:09+00:00 68056a9f88021ee81e6475d35f2dc67f7436b9a5 It looks like there is an implicit dependency on util-linux' umount - as otherwise when using busybox' umount we see a long delay on shutdown / reboot. [YOCTO #13058] (From OE-Core rev: 39a3d2c603429865af632fe41b2cf32c3dfdfb1d) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
It looks like there is an implicit dependency on util-linux'
umount - as otherwise when using busybox' umount we see a
long delay on shutdown / reboot.

[YOCTO #13058]

(From OE-Core rev: 39a3d2c603429865af632fe41b2cf32c3dfdfb1d)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Security fix CVE-2018-16866 2019-01-28T16:56:34+00:00 Marcus Cooper marcus.cooper@axis.com 2019-01-24T12:43:41+00:00 5e4d9fd5b13dd0603d9001b478b0c3170dd81004 Affects < v240 (From OE-Core rev: bdee9122fe67467d1ec17012902a441fecb0cb9b) Signed-off-by: Marcus Cooper <marcusc@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Affects < v240

(From OE-Core rev: bdee9122fe67467d1ec17012902a441fecb0cb9b)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Security fix CVE-2018-16865 2019-01-28T16:56:34+00:00 Marcus Cooper marcus.cooper@axis.com 2019-01-24T12:43:40+00:00 d5d2b821fc85b8cf39f683061ac2a45bddd2139f Affects < v240 (From OE-Core rev: 314887a475ae1ac638eb80d973ffee1bd2a31a35) Signed-off-by: Marcus Cooper <marcusc@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Affects < v240

(From OE-Core rev: 314887a475ae1ac638eb80d973ffee1bd2a31a35)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Security fix CVE-2018-16864 2019-01-28T16:56:34+00:00 Marcus Cooper marcus.cooper@axis.com 2019-01-24T12:43:39+00:00 403e74b07b6f3c4a2444e68c74a8434fb17aee49 Affects < v240 (From OE-Core rev: 6900b9cc2cd3e66469a9561bb478b87c0903b0ea) Signed-off-by: Marcus Cooper <marcusc@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
Affects < v240

(From OE-Core rev: 6900b9cc2cd3e66469a9561bb478b87c0903b0ea)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Correct a conditional add to SYSTEMD_PACKAGES 2019-01-28T16:56:33+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2019-01-15T00:49:06+00:00 86de2bff77054bb35b78aeaed8fcf95c6815779c The code conditionally adding ${PN}-journal-remote to SYSTEMD_PACKAGE checked PACKAGECONFIG for an empty string rather than 'microhttpd'... (From OE-Core rev: 42d52a279a75c94c4deba50b448dd3b6b2ac75df) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
The code conditionally adding ${PN}-journal-remote to SYSTEMD_PACKAGE
checked PACKAGECONFIG for an empty string rather than 'microhttpd'...

(From OE-Core rev: 42d52a279a75c94c4deba50b448dd3b6b2ac75df)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Correct and clean up user/group definitions 2019-01-28T16:56:33+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2019-01-15T00:49:05+00:00 419aaf698b2823ec9bb5a94d4605bdcfd8e90142 This makes sure that packages are only added to USERADD_PACKAGES if they will create users/groups. This avoids the following error: ERROR: systemd_239.bb: meta/recipes-core/systemd/systemd_239.bb inherits useradd but doesn't set USERADD_PARAM, GROUPADD_PARAM or GROUPMEMS_PARAM for package systemd-journal-gateway Normally this problem is not triggered even if the conditional code that expands in, e.g., USERADD_PARAM_${PN}-journal-gateway is empty because it is assigned with += and thus ends up as " ", which fools the check in useradd.bbclass. However, if USERADDEXTENSION += "useradd-staticids" and INHERIT += "extrausers" are used, they cause the problem to occur. The reason for this is because when useradd-staticids is used, it rewrites USERADD_PARAM_${PN}-journal-gateway, which strips unnecessary whitespace and thus USERADD_PARAM_${PN}-journal-gateway becomes empty. And extrausers is needed, because otherwise the test in useradd.bbclass is triggered before useradd-staticids has rewritten the variables... (From OE-Core rev: 63ae444b1dba65ccb1693648914becabd65ac30d) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
This makes sure that packages are only added to USERADD_PACKAGES if
they will create users/groups. This avoids the following error:

  ERROR: systemd_239.bb: meta/recipes-core/systemd/systemd_239.bb
  inherits useradd but doesn't set USERADD_PARAM, GROUPADD_PARAM or
  GROUPMEMS_PARAM for package systemd-journal-gateway

Normally this problem is not triggered even if the conditional code that
expands in, e.g., USERADD_PARAM_${PN}-journal-gateway is empty because
it is assigned with += and thus ends up as " ", which fools the check in
useradd.bbclass.

However, if USERADDEXTENSION += "useradd-staticids" and
INHERIT += "extrausers" are used, they cause the problem to occur. The
reason for this is because when useradd-staticids is used, it rewrites
USERADD_PARAM_${PN}-journal-gateway, which strips unnecessary whitespace
and thus USERADD_PARAM_${PN}-journal-gateway becomes empty. And
extrausers is needed, because otherwise the test in useradd.bbclass is
triggered before useradd-staticids has rewritten the variables...

(From OE-Core rev: 63ae444b1dba65ccb1693648914becabd65ac30d)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta: remove True option to getVar calls (again) 2019-01-28T16:56:33+00:00 André Draszik andre.draszik@jci.com 2019-01-13T11:16:01+00:00 2da88ecbbf118bb7440f48184d4b39c273ab57e9 A couple have still been missed in the past despite multiple attempts at doing so (or simply have re-appeared?). Search & replace made using the following command: sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \ -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \ | cut -d':' -f1 \ | sort -u) (From OE-Core rev: 9f551d588693328e4d99d33be94f26684eafcaba) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).

Search & replace made using the following command:
    sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
        -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
             | cut -d':' -f1 \
             | sort -u)

(From OE-Core rev: 9f551d588693328e4d99d33be94f26684eafcaba)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: Add PACKAGECONFIG for gnutls 2019-01-28T16:56:33+00:00 Alex Kiernan alex.kiernan@gmail.com 2019-01-10T09:03:18+00:00 1bd93c625fa64cdddc260fdd164cc0d2c5272ee0 (From OE-Core rev: da0c196cdc4eb74c7517089dc192d6a77227b6e2) Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> 
(From OE-Core rev: da0c196cdc4eb74c7517089dc192d6a77227b6e2)

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>