ELSA-2021-1611
- ULN >
- Oracle Linux Errata repository >
- ELSA-2021-1611
ELSA-2021-1611 - systemd security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2021-05-25 |
Description
[239-45.0.1]
- backport upstream pstore tmpfiles patch [Orabug: 31420486]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- fix to generate systemd-pstore.service file [Orabug: 30230056]
- fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792]
- set 'RemoveIPC=no' in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
[239-45]
- Revert 'test: add test cases for empty string match' and 'test: add test case for multi matches when use ||' (#1931947)
- test/sys-script.py: add missing DEVNAME entries to uevents (#1931947)
- sd-event: split out helper functions for reshuffling prioqs (#1819868)
- sd-event: split out enable and disable codepaths from sd_event_source_set_enabled() (#1819868)
- sd-event: mention that two debug logged events are ignored (#1819868)
- sd-event: split clock data allocation out of sd_event_add_time() (#1819868)
- sd-event: split out code to add/remove timer event sources to earliest/latest prioq (#1819868)
- sd-event: fix delays assert brain-o (#17790) (#1819868)
- sd-event: lets suffix last_run/last_log with '_usec' (#1819868)
- sd-event: refuse running default event loops in any other thread than the one they are default for (#1819868)
- sd-event: ref event loop while in sd_event_prepare() ot sd_event_run() (#1819868)
- sd-event: follow coding style with naming return parameter (#1819868)
- sd-event: remove earliest_index/latest_index into common part of event source objects (#1819868)
- sd-event: update state at the end in event_source_enable (#1819868)
- sd-event: increase n_enabled_child_sources just once (#1819868)
- sd-event: add ability to ratelimit event sources (#1819868)
- test: add ratelimiting test (#1819868)
- core: prevent excessive /proc/self/mountinfo parsing (#1819868)
- udev: run link_update() with increased retry count in second invocation (#1931947)
- pam-systemd: use secure_getenv() rather than getenv() (#1687514)
[239-44]
- ci: PowerTools repo was renamed to powertools in RHEL 8.3 (#1871827)
- ci: use quay.io instead of Docker Hub to avoid rate limits (#1871827)
- ci: move jobs from Travis CI to GH Actions (#1871827)
- unit: make UNIT() cast function deal with NULL pointers (#1871827)
- use link to RHEL-8 docs (#1623116)
- cgroup: Also set blkio.bfq.weight (#1657810)
- units: make sure initrd-cleanup.service terminates before switching to rootfs (#1657810)
- core: reload SELinux label cache on daemon-reload (#1888912)
- selinux: introduce mac_selinux_create_file_prepare_at() (#1888912)
- selinux: add trigger for policy reload to refresh internal selabel cache (#1888912)
- udev/net_id: give RHEL-8.4 naming scheme a name (#1827462)
- basic/stat-util: make mtime check stricter and use entire timestamp (#1642728)
- udev: make algorithm that selects highest priority devlink less susceptible to race conditions (#1642728)
- test: create /dev/null in test-udev.pl (#1642728)
- test: missing 'die' (#1642728)
- udev-test: remove a check for whether the test is run in a container (#1642728)
- udev-test: skip the test only if it cant setup its environment (#1642728)
- udev-test: fix test skip condition (#1642728)
- udev-test: fix missing directory test/run (#1642728)
- udev-test: check if permitted to create block device nodes (#1642728)
- test-udev: add a testcase of too long line (#1642728)
- test-udev: use proper semantics for too long line with continuation (#1642728)
- test-udev: add more tests for line continuations and comments (#1642728)
- test-udev: add more tests for line continuation (#1642728)
- test-udev: fix alignment and drop unnecessary white spaces (#1642728)
- test/udev-test.pl: cleanup if skipping test (#1642728)
- test: add test cases for empty string match (#1642728)
- test: add test case for multi matches when use '||' (#1642728)
- udev-test: do not rely on 'mail' group being defined (#1642728)
- test/udev-test.pl: allow multiple devices per test (#1642728)
- test/udev-test.pl: create rules only once (#1642728)
- test/udev-test.pl: allow concurrent additions and removals (#1642728)
- test/udev-test.pl: use computed devnode name (#1642728)
- test/udev-test.pl: test correctness of symlink targets (#1642728)
- test/udev-test.pl: allow checking multiple symlinks (#1642728)
- test/udev-test.pl: fix wrong test descriptions (#1642728)
- test/udev-test.pl: last_rule is unsupported (#1642728)
- test/udev-test.pl: Make some tests a little harder (#1642728)
- test/udev-test.pl: remove bogus rules from magic subsys test (#1642728)
- test/udev-test.pl: merge 'space and var with space' tests (#1642728)
- test/udev-test.pl: merge import parent tests into one (#1642728)
- test/udev-test.pl: count 'good' results (#1642728)
- tests/udev-test.pl: add multiple device test (#1642728)
- test/udev-test.pl: add repeat count (#1642728)
- test/udev-test.pl: generator for large list of block devices (#1642728)
- test/udev-test.pl: suppress umount error message at startup (#1642728)
- test/udev_test.pl: add 'expected good' count (#1642728)
- test/udev-test: gracefully exit when imports fail (#1642728)
[239-43]
- man: mention System Administrators Guide in systemctl manpage (#1623116)
- udev: introduce udev net_id 'naming schemes' (#1827462)
- meson: make net.naming-scheme= default configurable (#1827462)
- man: describe naming schemes in a new man page (#1827462)
- udev/net_id: parse _SUN ACPI index as a signed integer (#1827462)
- udev/net_id: dont generate slot based names if multiple devices might claim the same slot (#1827462)
- fix typo in ProtectSystem= option (#1871139)
- remove references of non-existent man pages (#1876807)
- log: Prefer logging to CLI unless JOURNAL_STREAM is set (#1865840)
- locale-util: add new helper locale_is_installed() (#1755287)
- test: add test case for locale_is_installed() (#1755287)
- tree-wide: port various bits over to locale_is_installed() (#1755287)
- install: allow instantiated units to be enabled via presets (#1812972)
- install: small refactor to combine two function calls into one function (#1812972)
- test: fix a memleak (#1812972)
- docs: Add syntax for templated units to systemd.preset man page (#1812972)
- shared/install: fix preset operations for non-service instantiated units (#1812972)
- introduce setsockopt_int() helper (#1887181)
- socket-util: add generic socket_pass_pktinfo() helper (#1887181)
- core: add new PassPacketInfo= socket unit property (#1887181)
- resolved: tweak cmsg calculation (#1887181)
[239-42]
- logind: dont print warning when user@.service template is masked (#1880270)
- build: use simple project version in pkgconfig files (#1862714)
- basic/virt: try the /proc/1/sched hack also for PID1 (#1868877)
- seccomp: rework how the S[UG]ID filter is installed (#1860374)
- vconsole-setup: downgrade log message when setting font fails on dummy console (#1889996)
- units: fix systemd.special man page reference in system-update-cleanup.service (#1871827)
- units: drop reference to sushell man page (#1871827)
- sd-bus: break the loop in bus_ensure_running() if the bus is not connecting (#1885553)
- core: add new API for enqueing a job with returning the transaction data (#846319)
- systemctl: replace switch statement by table of structures (#846319)
- systemctl: reindent table (#846319)
- systemctl: Only wait when theres something to wait for. (#846319)
- systemctl: clean up start_unit_one() error handling (#846319)
- systemctl: split out extra args generation into helper function of its own (#846319)
- systemctl: add new --show-transaction switch (#846319)
- test: add some basic testing that 'systemctl start -T' does something (#846319)
- man: document the new systemctl --show-transaction option (#846319)
- socket: New option 'FlushPending' (boolean) to flush socket before entering listening state (#1870638)
- core: remove support for API bus 'started outside our own logic' (#1764282)
- mount-setup: fix segfault in mount_cgroup_controllers when using gcc9 compiler (#1868877)
- dbus-execute: make transfer of CPUAffinity endian safe (#12711) (#1740657)
- core: add support for setting CPUAffinity= to special 'numa' value (#1740657)
- basic/user-util: always use base 10 for user/group numbers (#1848373)
- parse-util: sometimes it is useful to check if a string is a valid integer, but not actually parse it (#1848373)
- basic/parse-util: add safe_atoux64() (#1848373)
- parse-util: allow tweaking how to parse integers (#1848373)
- parse-util: allow '-0' as alternative to '0' and '+0' (#1848373)
- parse-util: make return parameter optional in safe_atou16_full() (#1848373)
- parse-util: rewrite parse_mode() on top of safe_atou_full() (#1848373)
- user-util: be stricter in parse_uid() (#1848373)
- strv: add new macro STARTSWITH_SET() (#1848373)
- parse-util: also parse integers prefixed with 0b and 0o (#1848373)
- tests: beef up integer parsing tests (#1848373)
- shared/user-util: add compat forms of user name checking functions (#1848373)
- shared/user-util: emit a warning on names with dots (#1848373)
- user-util: Allow names starting with a digit (#1848373)
- shared/user-util: allow usernames with dots in specific fields (#1848373)
- user-util: switch order of checks in valid_user_group_name_or_id_full() (#1848373)
- user-util: rework how we validate user names (#1848373)
Related CVEs
| CVE-2019-3842 |
| CVE-2020-13776 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | systemd-239-45.0.1.el8.src.rpm | eb894422903ee1f4752a6432e05e287b | - |
| systemd-239-45.0.1.el8.aarch64.rpm | 0f36bf52ef5996b97d0b9b31a414ce0d | - | |
| systemd-container-239-45.0.1.el8.aarch64.rpm | bf2040cbacfbbeea48a9c06fc0d73224 | - | |
| systemd-devel-239-45.0.1.el8.aarch64.rpm | 0892343254c9b84e6287d3785c416965 | - | |
| systemd-journal-remote-239-45.0.1.el8.aarch64.rpm | 3297baee3be4c3d29fb0a712588199e2 | - | |
| systemd-libs-239-45.0.1.el8.aarch64.rpm | f5fa8fe497ca19a943747bd2f953a6c3 | - | |
| systemd-pam-239-45.0.1.el8.aarch64.rpm | ea25dd5fd490c93c77addfb67dc6eaed | - | |
| systemd-tests-239-45.0.1.el8.aarch64.rpm | 64dbb0279a672e329261d9697b2b5f0b | - | |
| systemd-udev-239-45.0.1.el8.aarch64.rpm | f20889a20f23f205e938a9909b2b4ca1 | - | |
| Oracle Linux 8 (x86_64) | systemd-239-45.0.1.el8.src.rpm | eb894422903ee1f4752a6432e05e287b | - |
| systemd-239-45.0.1.el8.i686.rpm | 9b39c6bd2c56b19e3dd1d7b5ad107c25 | - | |
| systemd-239-45.0.1.el8.x86_64.rpm | 0c65031b33ce18079213d9a4be450229 | - | |
| systemd-container-239-45.0.1.el8.i686.rpm | af3c0546023132a67673be650e43648e | - | |
| systemd-container-239-45.0.1.el8.x86_64.rpm | 5734c0bb272a5172b57d2052648f9a22 | - | |
| systemd-devel-239-45.0.1.el8.i686.rpm | 961a854b54e22534c199de0ed1a38ac5 | - | |
| systemd-devel-239-45.0.1.el8.x86_64.rpm | 997de34c3430c6f1274828ead00705e5 | - | |
| systemd-journal-remote-239-45.0.1.el8.x86_64.rpm | fdde491b9a2d12389e320fe555a90bf5 | - | |
| systemd-libs-239-45.0.1.el8.i686.rpm | fcc3220dd7e6d8376f12905616111a7e | - | |
| systemd-libs-239-45.0.1.el8.x86_64.rpm | 35d61278b3657c13c6b82008aff95341 | - | |
| systemd-pam-239-45.0.1.el8.x86_64.rpm | e99dca22feb75b2f37c59b507d513fd1 | - | |
| systemd-tests-239-45.0.1.el8.x86_64.rpm | d681e81ea1f8ec95aed1d26a3bb4b458 | - | |
| systemd-udev-239-45.0.1.el8.x86_64.rpm | c962e7b8707bb32bc5d42a29e26a6c88 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
