0231aba5cd
This solves: systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) along with some other less critical issues. See the security announcement link: https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006149.html for more details. Here we rebase the patches, and fix the atrocious crime of "name of patch file doesn't match what git format-patch generates". We also squash down the meta patches which add the patches to the spec file as part of good housekeeping. Change-Id: I01a3fa329bbad541a063cb604d1756892139967f Closes-Bug: 1849200 Depends-On: https://review.opendev.org/#/c/695560 Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
53 lines
2.0 KiB
Diff
53 lines
2.0 KiB
Diff
From eece9585b5f9258c7180247b1664e92b5ef83efe Mon Sep 17 00:00:00 2001
|
|
Message-Id: <eece9585b5f9258c7180247b1664e92b5ef83efe.1574265913.git.Jim.Somerville@windriver.com>
|
|
In-Reply-To: <eeb3e979288cb8c14d8546d12a27da4c88fbb0e4.1574265913.git.Jim.Somerville@windriver.com>
|
|
References: <eeb3e979288cb8c14d8546d12a27da4c88fbb0e4.1574265913.git.Jim.Somerville@windriver.com>
|
|
From: Scott Little <scott.little@windriver.com>
|
|
Date: Mon, 2 Oct 2017 17:53:00 -0400
|
|
Subject: [PATCH 2/3] Protect sections of systemd post from running on patch
|
|
|
|
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
|
|
---
|
|
SPECS/systemd.spec | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
|
|
index 16262fb..4c83150 100644
|
|
--- a/SPECS/systemd.spec
|
|
+++ b/SPECS/systemd.spec
|
|
@@ -1297,6 +1297,7 @@ fi
|
|
rm -f /etc/sysconfig/i18n >/dev/null 2>&1 || :
|
|
rm -f /etc/sysconfig/keyboard >/dev/null 2>&1 || :
|
|
|
|
+if [ $1 -eq 1 ]; then
|
|
# Migrate HOSTNAME= from /etc/sysconfig/network
|
|
if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then
|
|
unset HOSTNAME
|
|
@@ -1304,6 +1305,7 @@ if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then
|
|
[ -n "$HOSTNAME" ] && echo $HOSTNAME > /etc/hostname 2>&1 || :
|
|
fi
|
|
sed -i '/^HOSTNAME=/d' /etc/sysconfig/network >/dev/null 2>&1 || :
|
|
+fi
|
|
|
|
# Migrate the old systemd-setup-keyboard X11 configuration fragment
|
|
if [ ! -e /etc/X11/xorg.conf.d/00-keyboard.conf ] ; then
|
|
@@ -1312,6 +1314,7 @@ else
|
|
rm -f /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf >/dev/null 2>&1 || :
|
|
fi
|
|
|
|
+if [ 1 -eq 0 ] ; then # TIS: Skip this. We don't want myhostname in nsswitch.conf
|
|
# sed-fu to add myhostname to the hosts line of /etc/nsswitch.conf
|
|
# Only do that when installing, not when updating.
|
|
if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then
|
|
@@ -1321,6 +1324,7 @@ if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then
|
|
s/[[:blank:]]*$/ myhostname/
|
|
' /etc/nsswitch.conf >/dev/null 2>&1 || :
|
|
fi
|
|
+fi
|
|
|
|
%posttrans
|
|
# Convert old /etc/sysconfig/desktop settings
|
|
--
|
|
1.8.3.1
|
|
|