Changeset c8df034

Timestamp:

01/13/2022 09:16:37 PM (2 years ago)

Author:

Douglas R. Reno <renodr@…>

Branches:

11.1, 11.1-rc1, 11.2, 11.2-rc1, 11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, arm, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, s6-init, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/lfs-next, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc

Children:

194e133

Parents:

d21ec2f

Message:

Fix CVE-2021-3997 in systemd.

Files:

• chapter01/changelog.xml (modified) (1 diff)
• chapter01/whatsnew.xml (modified) (1 diff)
• chapter03/patches.xml (modified) (2 diffs)
• chapter08/systemd.xml (modified) (2 diffs)
• chapter10/kernel.xml (modified) (1 diff)
• patches.ent (modified) (1 diff)

chapter01/changelog.xml

@@ -41 +41 @@
     -->
     <listitem revision="systemd">
+      <para>2021-01-13</para>
+      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Fixed CVE-2021-3997 in systemd, as well as fixing
+          an issue with the default hostname and idle units. Fixes
+          <ulink url="&lfs-ticket-root;4981">#4981</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem revision="systemd">
       <para>2021-01-03</para>
       <itemizedlist>

chapter01/whatsnew.xml

@@ -294 +294 @@
       <para>sysvinit-3.01-consolidated-1.patch</para>
     </listitem>
+    <listitem revision="systemd">
+      <para>systemd-250-upstream_fixes-1.patch</para>
+    </listitem>
     <!--
     <listitem revision="systemd">

chapter03/patches.xml

@@ -128 +128 @@
     </varlistentry>
 
-    <!--
     <varlistentry revision="systemd">
       <term>Systemd Upstream Fixes Patch - <token>&systemd-upstream-fixes-patch-size;</token>:</term>
@@ -136 +135 @@
       </listitem>
     </varlistentry>
-    -->
 
   </variablelist>

chapter08/systemd.xml

@@ -41 +41 @@
     <title>Installation of systemd</title>
 
-    <!--Fix CVE-2021-33910 -->
-    <!--
-    <para>First, apply a patch to fix a security vulnerability:</para>
+    <para>First, apply a patch to fix a security vulnerability and regressions
+    with hostnames and idle units:</para>
 
 <screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-upstream_fixes-1.patch</userinput></screen>
--->
 
     <para>Remove two unneeded groups,
@@ -204 +202 @@
 
 <screen><userinput remap="adjust">systemctl disable systemd-time-wait-sync.service</userinput></screen>
-
-    <para>Fix a regression in a systemd unit that causes a delay when
-    switching TTYs:</para>
-
-<screen><userinput remap="adjust">sed -i 's/idle/simple/' /usr/lib/systemd/system/getty@.service</userinput></screen>
 
 <!-- dev: 50-pid-max.conf is not removed in BLFS, so I commented the following out.

chapter10/kernel.xml

@@ -213 +213 @@
     scratch.</para>
 
-    <note revision="systemd">
-      <para revision="systemd">Ensure that CONFIG_DEFAULT_HOSTNAME is set to '(none)' or a hostname.
-      If it is left blank, systemd will fail to set the hostname to the
-      content of <filename>/etc/hostname</filename>.</para>
-    </note>
-
     <para>Compile the kernel image and modules:</para>
 

patches.ent

@@ -83 +83 @@
 <!ENTITY sysvinit-consolidated-patch-size "2.4 KB">
 
-<!--
 <!ENTITY systemd-upstream-fixes-patch "systemd-&systemd-version;-upstream_fixes-1.patch">
-<!ENTITY systemd-upstream-fixes-patch-md5 "a4449dedf514486b8995ee501d1bb8cc">
-<!ENTITY systemd-upstream-fixes-patch-size "4 KB">
--->
+<!ENTITY systemd-upstream-fixes-patch-md5 "80ea819e9bc4f61a47e8fcbeba9677c1">
+<!ENTITY systemd-upstream-fixes-patch-size "184 KB">