| Age | Commit message (Collapse) | Author |
|---|
|
Apply patches from systemd_237-3ubuntu10.13 to fix CVE-2019-6454.
CVE-2019-6454 is an issue in which systemd (PID1) can be crashed
with a specially formed D-Bus message.
For information see:
https://usn.ubuntu.com/3891-1/
https://git.launchpad.net/ubuntu/+source/systemd/commit/?h=applied/ubuntu/bionic-updates&id=d7584b894afcaa8a4a1abb69db2a9c81a6276e80
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Apply patches to fix CVE-2018-6954
NVD description from https://nvd.nist.gov/vuln/detail/CVE-2018-6954
systemd-tmpfiles in systemd through 237 mishandles symlinks present in
non-terminal path components, which allows local users to obtain
ownership of arbitrary files via vectors involving creation of a
directory and a file under that directory, and later replacing that
directory with a symlink. This occurs even if the fs.protected_symlinks
sysctl is turned on.
Patches from systemd_237-3ubuntu10.13.debian.
These patches shouldn't be required on newer OE releases since they use
systemd v239 or higher.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Affects < v240
Signed-off-by: Marcus Cooper <marcusc@axis.com>
>From v2 patch on openembedded-core@lists.openembedded.org
Incresed file name number from 0026 to 0027.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Affects < v240
Based on thud commit d5d2b821fc85b8cf39f683061ac2a45bddd2139f
The second patch in the thud commit doesn't apply against 237. Use the
version of the second patch CVE-2018-16865_2.patch from
systemd_237-3ubuntu10.13.debian.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Affects < v240
Based on thud commit 403e74b07b6f3c4a2444e68c74a8434fb17aee49
The patch in the thud commit doesn't compile against 237. Use the
version of this patch, CVE-2018-16864.patch from
systemd_237-3ubuntu10.13.debian.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Backport patch to fix the following CVE.
CVE: CVE-2018-15688
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry-picked from thud 13591d7224393dc0ae529a03cdf74aceb3540ce9
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Backport patch to fix the following CVE.
CVE: CVE-2018-15687
Based on thud commit eeb621aa19f690971caf862290a172a115578ba1
The patch in the thud commit doesn't compile against 237. Use the
version of this patch, CVE-2018-15687.patch from
systemd_237-3ubuntu10.13.debian.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Backport patch to fix the following CVE.
CVE: CVE-2018-15686
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry-picked from thud 0ef70603bc983315eb0e8a97958d995a31198c35
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
This regression has been introduced while upgrading to version 237
(commit 906230a73b3ccfa4afd2a19a6b0aa18cd1d5fa08)
and seems to only affect sumo version.
Signed-off-by: Matthieu Rogez <matthieu.rogez@fivesgroup.com>
|
|
The upstream commit 61f32bff6130a44d077886d38cff89ad161bf177 included in
the release v229 removed the use of the group:
commit 61f32bff6130a44d077886d38cff89ad161bf177
Author: Martin Pitt <martin.pitt@ubuntu.com>
Date: Mon Feb 1 12:09:34 2016 +0100
tmpfiles: drop /run/lock/lockdev
Hardly any software uses that any more, and better locking mechanisms like
flock() have been available for many years.
Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as
nothing else is using this.
[...]
diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in
index 823d6cb20..b2dc5ebd4 100644
--- a/sysusers.d/basic.conf.in
+++ b/sysusers.d/basic.conf.in
@@ -19,7 +19,6 @@ g wheel - - -
# Access to certain kernel and userspace facilities
g kmem - - -
-g lock - - -
g tty @TTY_GID@ - -
g utmp - - -
[...]
The upstream documentation doc/UIDS-GIDS.md says that basic.conf.in is "the
precise list of the currently defined groups":
## Special `systemd` GIDs
`systemd` defines no special UIDs beyond what Linux already defines (see
above). However, it does define some special group/GID assignments, which are
primarily used for `systemd-udevd`'s device management. The precise list of the
currently defined groups is found in this `sysusers.d` snippet:
[basic.conf](https://raw.githubusercontent.com/systemd/systemd/master/sysusers.d/basic.conf.in)
It's strongly recommended that downstream distributions include these groups in
their default group databases.
Removing the creation of the group also avoids the need to define a GID
for it when using static ids.
(From OE-Core rev: da3659155cd1825a4a8d3d7c5288b4273714de15)
Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 167098cdd875a02221ff6d15f443c02c1bcdc33f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 6a3805f06cd7832d70d5b652ec1be612f5f027e6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 12b4fc15f6919d7573bea5d913fb805993e8640a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When gcrypt support is present in PACKAGECONFIG, build fails due to the bug
reported in [1]. Since this is already solved upstream, this commit backports
the corresponding patch.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893602
(From OE-Core rev: 4f68722e37d28b5fdd30409570405bf65445eef2)
Signed-off-by: Andrea Galbusera <gizero@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix typo in sulogin-path setting. It should be ${base_sbindir} instead of
just {base_sbindir}.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This was the default behavior with autotools, but is not with meson.
Otherwise, udev package will pull in the rest of systemd even
that is not desired.
[YOCTO #12618]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When systemd was upgraded from 234 to 237, the PACKAGECONFIG item
'resolved' is changed to 'resolve', this is because meson_options.txt
uses the word 'resolve' instead of 'resolved'.
However, this causes trouble for users. Backward compatibility is obviously
more important, because we might have bbappend files in other layers
using this PACKAGECONFIG item.
So change the name back to 'resolved'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a fix that is needed for systemd to build with latest glibc
and kernel being old.
see
https://github.com/systemd/systemd/issues/8099
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade systemd-boot to 237.
As systemd has dropped autotools support, fix configure and compile
failures related to meson.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Remove the 'fstack-protector' and 'fstack-protector-strong' flags
as a workaround to fix the following error when building for qemux86
and qemuppc with musl.
undefined reference to `__stack_chk_fail_local'
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Upgrade systemd to 237.
Note that this version has dropped autotools support.
The following patches are rebased:
0004-Use-getenv-when-secure-versions-are-not-available.patch
0005-binfmt-Don-t-install-dependency-links-at-install-tim.patch
0007-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch
0015-Revert-udev-remove-userspace-firmware-loading-suppor.patch
0018-check-for-uchar.h-in-configure.patch
0019-socket-util-don-t-fail-if-libc-doesn-t-support-IDN.patch
0001-add-fallback-parse_printf_format-implementation.patch
0002-src-basic-missing.h-check-for-missing-strndupa.patch
0007-check-for-missing-canonicalize_file_name.patch
0008-Do-not-enable-nss-tests.patch
0010-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
0011-nss-mymachines-Build-conditionally-when-HAVE_MYHOSTN.patch
The following backported patches are dropped:
0001-core-evaluate-presets-after-generators-have-run-6526.patch
0001-main-skip-many-initialization-steps-when-running-in-.patch
0001-meson-update-header-file-to-detect-memfd_create.patch
0003-fileio-include-sys-mman.h.patch
The following patch is dropped as autotools support is dropped:
0002-configure.ac-Check-if-memfd_create-is-already-define.patch
The following patches are newly added to fix problems:
0027-remove-nobody-user-group-checking.patch
0028-add-missing-FTW_-macros-for-musl.patch
0030-fix-missing-of-__register_atfork-for-non-glibc-build.patch
0031-fix-missing-ULONG_LONG_MAX-definition-in-case-of-mus.patch
Other changes are mostly autotools/meson related.
This new version has dropped ptest support, as there's no easy
way to do this in the framework of meson.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
__stop_BUS_ERROR_MAP
These symbols appear in dynsyms of libsystemd.so and musl loader
doesnt like it
Error relocating /mnt/a/oe/build/tmp/work/i586-bec-linux-musl/avahi/0.7-r0/recipe-sysroot//lib/libsystemd.so.0: __start_BUS_ERROR_MAP: symbol not found
Error relocating /mnt/a/oe/build/tmp/work/i586-bec-linux-musl/avahi/0.7-r0/recipe-sysroot//lib/libsystemd.so.0: __stop_BUS_ERROR_MAP: symbol not found
[YOCTO #12577]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If the EFI_PROVIDER is systemd-boot, install as boot(x64|ia32) as per
convention. If its not the EFI_PROVIDER, install as
systemd-boot(x64|ia32), as to not collide with other possible
bootloaders.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reuses our systemd-boot-cfg bbclass to generate systemd-boot
configuration files.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Use distro_features_check so that we can have a uniform controller.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd-boot shouldn't be built for x32. Make sure that this is the
case when TCLIBC is set to something other than glibc.
Fixes [YOCTO #12122]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, if "systemd --test" is not allowed to complete
sending output, it will segfault.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Formatting IDE storage does not trigger "change" uevents. As a result
clients using udev API don't get any updates afterwards and get outdated
information about the device.
...
root@qemux86-64:~# mkfs.ext4 -F /dev/hda1
Creating filesystem with 262144 4k blocks and 65536 inodes
Filesystem UUID: 98791eb2-2bf3-47ad-b4d8-4cf7e914eee2
root@qemux86-64:~# ls /dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2
ls: cannot access '/dev/disk/by-uuid/98791eb2-2bf3-47ad-b4d8-4cf7e914eee2': No such file or directory
...
Include hd* in a match for watch option assignment.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix historical duplication that appears to have been caused by
merging two independent fixes for the same issue:
http://git.openembedded.org/openembedded-core/commit/?id=294adc0907a359d9c0ad260823188145aab294ad
http://git.openembedded.org/openembedded-core/commit/?id=b30d7b1b97ffd1d44083d93ed0e572d80fcebc54
Also minor reformatting of EXTRA_OECONF values.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Make the polkit fixup etc at the end of do_install() more consistent
with the rest of the function. Also indent do_install_ptest() with
tabs instead of spaces to make do_install_ptest() consistent with
do_install().
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Also fix some minor formatting inconsistencies (extra spaces or
commas etc). No functional changes.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Consistently use PACKAGECONFIG_remove_libc-musl to disable options
which are not compatible with musl.
Also sort the default PACKAGECONFIG list.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The ldconfig PACKAGECONFIG option is controlled by the ldconfig
distro feature - which is now disabled by default when building for
musl.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add needed patches for portability across glibc/musl
enable systemd on musl too
Disable utmp,ldconfig,nss,resolved,localed for musl
which is not supported on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The regex for acceptable systemd WantedBy/RequiredBy targets does not include
target.wants, so a line like this:
WantedBy=multi-user.target.wants
gets silently ignored, even though it works fine on a real system.
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Looking back the history, we had problem with systemd on qemumips64
which is also related to compilation flags. We solved that by using
tweaking FULL_OPTIMIZATION for mips64 to have "-fno-tree-switch-conversion
-fno-tree-tail-merge".
Now systemd has been upgraded to 234, and we don't have the above problem
any more, thus removing these flags.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch is uclibc specific and reference to it was removed from the
systemd recipe in:
http://git.openembedded.org/openembedded-core/commit/?id=653704e9cf325cb494eb23facca19e9f05132ffd
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch is clearly uclibc specific and appears to have been
inadvertently left behind during the recent purging of uclibc
specific patches from oe-core:
http://git.openembedded.org/openembedded-core/commit/?id=e01e7c543a559c8926d72159b5cd55db0c661434
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If SERIAL_CONSOLES is set to empty for some reason, we would have rootfs
failure like below.
- nothing provides systemd-serialgetty needed by systemd-1:234-r0.core2_64
This is because systemd-serialgetty package is not generated when
SERIAL_CONSOLES is empty.
Set ALLOW_EMPTY to "1" for this recipe to allow for generation of empty
systemd-serialgetty package to avoid the above error.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since systemd-boot is a bootloader, it needs to be built for
the native IA instruction set size and x32 is not valid.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The file belongs to systemd-container package , not to systemd package.
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By setting systemd-serialgetty to rdepend on systemd, we are making
configuration files have runtime dependency on the main utility that
uses those configuration files. Applied with the same logic, we should
make any package that provides service files under /etc/init.d/ to have
runtime dependency on sysvinit. And this is not right.
So we should remove systemd from RDEPENDS of systemd-serialgetty.
Besides, as we have changed systemd to have systemd-serialgetty in its
RDEPENDS by default, we should avoid circular dependency issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Set NO_RECOMMENDATIONS to "1", build and start a systemd image, and we
could not get serial getty spawned, thus causing the user not able to
login via serial port.
E.g.
MACHINE=qemux86-64 bitbake core-image-minimal
runqemu qemux86-64 nographic
And we cannot login onto the system.
Move util-linux-agetty and systemd-serialgetty (determined by PACKAGECONFIG)
from RRECOMMENDS to RDEPENDS to fix the above problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed:
WARNING: systemd-machine-units-1.0-r19 do_populate_lic: ${COREBASE}/LICENSE is not a valid license file, please use '${COMMON_LICENSE_DIR}/MIT' for a MIT License file in LIC_FILES_CHKSUM. This will become an error in the future
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
George McCollister
Marcus Cooper
Chen Qi
ROGEZ Matthieu
Hannu Lounento
Khem Raj
Ross Burton
Andrea Galbusera
Alexander Kanavin
California Sullivan
Robert Yang
Anuj Mittal
Andre McCurdy
Joe Slater
Hongxu Jia
Martin Kelly
andreas.kling@peiker-cee.de
Saul Wold
Fathi Boudra
Huang Qiyu