Hello community, here is the log from the commit of package systemd for openSUSE:Factory checked in at 2019-04-15 13:59:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/systemd (Old) and /work/SRC/openSUSE:Factory/.systemd.new.17052 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd" Mon Apr 15 13:59:21 2019 rev:294 rq:693792 version:241 Changes: -------- --- /work/SRC/openSUSE:Factory/systemd/systemd-mini.changes 2019-03-13 09:08:34.923427909 +0100 +++ /work/SRC/openSUSE:Factory/.systemd.new.17052/systemd-mini.changes 2019-04-15 13:59:23.612706779 +0200 @@ -1,0 +2,16 @@ +Fri Apr 12 14:13:54 UTC 2019 - Franck Bui <[email protected]> + +- Import commit 4e6e66ea94cf5125f9044f0869939a86801ed2d8 + + 430877e794 pam-systemd: use secure_getenv() rather than getenv() (bsc#1132348 CVE-2019-3842) + 3cff2e6514 man: document that if the main process exits after SIGTERM we go directly to SIGKILL + 26c4f7191c bus: fix memleak on invalid message + +------------------------------------------------------------------- +Tue Mar 19 16:11:44 UTC 2019 - Franck Bui <[email protected]> + +- systemd-coredump: generate a stack trace of all core dumps (bsc#1128832) + + This stack trace is logged to the journal. + +------------------------------------------------------------------- systemd.changes: same change Old: ---- systemd-v241+suse.42.g15a1b4d58.tar.xz New: ---- systemd-v241+suse.46.g4e6e66ea9.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ --- /var/tmp/diff_new_pack.2qfo5M/_old 2019-04-15 13:59:24.696707133 +0200 +++ /var/tmp/diff_new_pack.2qfo5M/_new 2019-04-15 13:59:24.700707135 +0200 @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.42.g15a1b4d58 +%define suse_version +suse.46.g4e6e66ea9 %bcond_with gnuefi %if 0%{?bootstrap} @@ -70,6 +70,7 @@ BuildRequires: python3 BuildRequires: python3-lxml BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0 +BuildRequires: pkgconfig(libdw) BuildRequires: pkgconfig(liblz4) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpcre2-8) @@ -454,6 +455,7 @@ -Dapparmor=auto \ -Dsmack=false \ -Dima=false \ + -Delfutils=auto \ %if 0%{?bootstrap} -Dman=false \ -Dhtml=false \ ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.2qfo5M/_old 2019-04-15 13:59:24.728707144 +0200 +++ /var/tmp/diff_new_pack.2qfo5M/_new 2019-04-15 13:59:24.732707145 +0200 @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.42.g15a1b4d58 +%define suse_version +suse.46.g4e6e66ea9 %bcond_with gnuefi %if 0%{?bootstrap} @@ -68,6 +68,7 @@ BuildRequires: python3 BuildRequires: python3-lxml BuildRequires: pkgconfig(libcryptsetup) >= 1.6.0 +BuildRequires: pkgconfig(libdw) BuildRequires: pkgconfig(liblz4) BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpcre2-8) @@ -452,6 +453,7 @@ -Dapparmor=auto \ -Dsmack=false \ -Dima=false \ + -Delfutils=auto \ %if 0%{?bootstrap} -Dman=false \ -Dhtml=false \ ++++++ systemd-v241+suse.42.g15a1b4d58.tar.xz -> systemd-v241+suse.46.g4e6e66ea9.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v241+suse.42.g15a1b4d58/man/systemd.kill.xml new/systemd-v241+suse.46.g4e6e66ea9/man/systemd.kill.xml --- old/systemd-v241+suse.42.g15a1b4d58/man/systemd.kill.xml 2019-03-05 14:30:13.000000000 +0100 +++ new/systemd-v241+suse.46.g4e6e66ea9/man/systemd.kill.xml 2019-04-12 16:12:51.000000000 +0200 @@ -87,22 +87,17 @@ group and the control group continues to exist after stop unless it is empty.</para> - <para>Processes will first be terminated via - <constant>SIGTERM</constant> (unless the signal to send is - changed via <varname>KillSignal=</varname>). Optionally, this - is immediately followed by a <constant>SIGHUP</constant> (if - enabled with <varname>SendSIGHUP=</varname>). If then, after a - delay (configured via the <varname>TimeoutStopSec=</varname> - option), processes still remain, the termination request is - repeated with the <constant>SIGKILL</constant> signal or the - signal specified via <varname>FinalKillSignal=</varname> (unless - this is disabled via the <varname>SendSIGKILL=</varname> - option). See - <citerefentry><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry> - for more information.</para> + <para>Processes will first be terminated via <constant>SIGTERM</constant> (unless the signal to send + is changed via <varname>KillSignal=</varname>). Optionally, this is immediately followed by a + <constant>SIGHUP</constant> (if enabled with <varname>SendSIGHUP=</varname>). If processes still + remain after the main process of a unit has exited or the delay configured via the + <varname>TimeoutStopSec=</varname> has passed, the termination request is repeated with the + <constant>SIGKILL</constant> signal or the signal specified via <varname>FinalKillSignal=</varname> + (unless this is disabled via the <varname>SendSIGKILL=</varname> option). See + <citerefentry><refentrytitle>kill</refentrytitle><manvolnum>2</manvolnum></citerefentry> for more + information.</para> - <para>Defaults to - <option>control-group</option>.</para></listitem> + <para>Defaults to <option>control-group</option>.</para></listitem> </varlistentry> <varlistentry> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v241+suse.42.g15a1b4d58/src/libsystemd/sd-bus/bus-socket.c new/systemd-v241+suse.46.g4e6e66ea9/src/libsystemd/sd-bus/bus-socket.c --- old/systemd-v241+suse.42.g15a1b4d58/src/libsystemd/sd-bus/bus-socket.c 2019-03-05 14:30:13.000000000 +0100 +++ new/systemd-v241+suse.46.g4e6e66ea9/src/libsystemd/sd-bus/bus-socket.c 2019-04-12 16:12:51.000000000 +0200 @@ -1097,13 +1097,15 @@ bus->fds, bus->n_fds, NULL, &t); - if (r == -EBADMSG) + if (r == -EBADMSG) { log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description)); - else if (r < 0) { + free(bus->rbuffer); /* We want to drop current rbuffer and proceed with whatever remains in b */ + } else if (r < 0) { free(b); return r; } + /* rbuffer ownership was either transferred to t, or we got EBADMSG and dropped it. */ bus->rbuffer = b; bus->rbuffer_size -= size; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v241+suse.42.g15a1b4d58/src/login/pam_systemd.c new/systemd-v241+suse.46.g4e6e66ea9/src/login/pam_systemd.c --- old/systemd-v241+suse.42.g15a1b4d58/src/login/pam_systemd.c 2019-03-05 14:30:13.000000000 +0100 +++ new/systemd-v241+suse.46.g4e6e66ea9/src/login/pam_systemd.c 2019-04-12 16:12:51.000000000 +0200 @@ -316,14 +316,21 @@ assert(handle); assert(key); - /* Looks for an environment variable, preferrably in the environment block associated with the specified PAM - * handle, falling back to the process' block instead. */ + /* Looks for an environment variable, preferrably in the environment block associated with the + * specified PAM handle, falling back to the process' block instead. Why check both? Because we want + * to permit configuration of session properties from unit files that invoke PAM services, so that + * PAM services don't have to be reworked to set systemd-specific properties, but these properties + * can still be set from the unit file Environment= block. */ v = pam_getenv(handle, key); if (!isempty(v)) return v; - v = getenv(key); + /* We use secure_getenv() here, since we might get loaded into su/sudo, which are SUID. Ideally + * they'd clean up the environment before invoking foreign code (such as PAM modules), but alas they + * currently don't (to be precise, they clean up the environment they pass to their children, but + * not their own environ[]). */ + v = secure_getenv(key); if (!isempty(v)) return v;
