diff --git a/0001-test-json-check-absolute-and-relative-difference-in-.patch b/0001-test-json-check-absolute-and-relative-difference-in-.patch
deleted file mode 100644
index a34b45a..0000000
--- a/0001-test-json-check-absolute-and-relative-difference-in-.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 847364f5123f108884f8c59fb05d7ff941693dfb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 21 Dec 2018 22:49:53 +0100
-Subject: [PATCH] test-json: check absolute and relative difference in floating
- point test
-
-The test fails under valgrind, so there was an exception for valgrind.
-Unfortunately that check only works when valgrind-devel headers are
-available during build. But it is possible to have just valgrind installed,
-or simply install it after the build, and then "valgrind test-json" would
-fail.
-
-It also seems that even without valgrind, this fails on some arm32 CPUs.
-Let's do the usual-style test for absolute and relative differences.
----
- src/test/test-json.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/src/test/test-json.c b/src/test/test-json.c
-index 5aa4d19dbe..cd6269f798 100644
---- a/src/test/test-json.c
-+++ b/src/test/test-json.c
-@@ -1,9 +1,6 @@
- /* SPDX-License-Identifier: LGPL-2.1+ */
-
- #include <math.h>
--#if HAVE_VALGRIND_VALGRIND_H
--#include <valgrind/valgrind.h>
--#endif
-
- #include "alloc-util.h"
- #include "fd-util.h"
-@@ -45,12 +42,13 @@ static void test_tokenizer(const char *data, ...) {
-
- d = va_arg(ap, long double);
-
--#if HAVE_VALGRIND_VALGRIND_H
-- if (!RUNNING_ON_VALGRIND)
--#endif
-- /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
-- * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits */
-- assert_se(fabsl(d - v.real) < 0.001L);
-+ /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
-+ * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits.
-+ * Some architectures might not support long double either.
-+ */
-+
-+ assert_se(fabsl(d - v.real) < 1e-10 ||
-+ fabsl((d - v.real) / v.real) < 1e-10);
-
- } else if (t == JSON_TOKEN_INTEGER) {
- intmax_t i;
---
-2.19.2
-
diff --git a/0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch b/0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch
deleted file mode 100644
index 47bd8dd..0000000
--- a/0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 1f17a35ef85e943965ffafe2ef6eebd98d6b917a Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 22 Dec 2018 19:39:51 +0900
-Subject: [PATCH 3/4] Revert "sd-device: ignore bind/unbind events for now"
-
-This reverts commit 56c886dc7ed5b2bb0882ba85136f4070545bfc1b.
----
- src/libsystemd/sd-device/device-private.c | 9 ---------
- 1 file changed, 9 deletions(-)
-
-diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c
-index 01a5aa3d3f..36beb3e7df 100644
---- a/src/libsystemd/sd-device/device-private.c
-+++ b/src/libsystemd/sd-device/device-private.c
-@@ -326,15 +326,6 @@ static int device_append(sd_device *device, char *key, const char **_major, cons
- action = device_action_from_string(value);
- if (action == _DEVICE_ACTION_INVALID)
- return -EINVAL;
-- /* FIXME: remove once we no longer flush previuos state for each action */
-- if (action == DEVICE_ACTION_BIND || action == DEVICE_ACTION_UNBIND) {
-- static bool warned;
-- if (!warned) {
-- log_device_debug(device, "sd-device: ignoring actions 'bind' and 'unbind'");
-- warned = true;
-- }
-- return -EINVAL;
-- }
- } else if (streq(key, "SEQNUM")) {
- r = safe_atou64(value, &seqnum);
- if (r < 0)
---
-2.19.2
-
diff --git a/0004-Revert-udevd-configure-a-child-process-name-for-work.patch b/0004-Revert-udevd-configure-a-child-process-name-for-work.patch
deleted file mode 100644
index 9c2417d..0000000
--- a/0004-Revert-udevd-configure-a-child-process-name-for-work.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 6d243cc3e79fa1b4de4388661c9318d17a3d9d1a Mon Sep 17 00:00:00 2001
-From: Yu Watanabe <watanabe.yu+github@gmail.com>
-Date: Sat, 22 Dec 2018 19:49:47 +0900
-Subject: [PATCH 4/4] Revert "udevd: configure a child process name for worker
- processes"
-
-This reverts commit 49f3ee7e74c714f55aab395c080b1099fc17f7fd.
----
- src/udev/udevd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/udev/udevd.c b/src/udev/udevd.c
-index fb8724ea87..ec77bd4a71 100644
---- a/src/udev/udevd.c
-+++ b/src/udev/udevd.c
-@@ -534,7 +534,7 @@ static int worker_spawn(Manager *manager, struct event *event) {
- if (r < 0)
- return log_error_errno(r, "Worker: Failed to enable receiving of device: %m");
-
-- r = safe_fork("(worker)", FORK_DEATHSIG, &pid);
-+ r = safe_fork(NULL, FORK_DEATHSIG, &pid);
- if (r < 0) {
- event->state = EVENT_QUEUED;
- return log_error_errno(r, "Failed to fork() worker: %m");
---
-2.19.2
-
diff --git a/sources b/sources
index 323ec5c..d7959bb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (systemd-240.tar.gz) = da7467781b16f65d868931ae88fd07554db61542aec7f11dbec9f7279b529f900301edfea2d3813ddb64eeb3fdcfb7be86e540c65212dd7cfdcdebbc80de2ff5
+SHA512 (systemd-f02b547.tar.gz) = a7d774ed00d572eb2d9313ff25a09c707112443020d173d4d350bdb9b269fcef519da8efc2d93b3b72f4ebdd3ff295716e2f640f8c1e679cb24b26e71fca56ee
diff --git a/systemd.spec b/systemd.spec
index a04ebfe..29bb228 100644
--- a/systemd.spec
+++ b/systemd.spec
@@ -1,7 +1,7 @@
-#global commit a188229ade906a1374efea4d1851b510d6216c38
+%global commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff
%{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}
-#global stable 1
+%global stable 1
# We ship a .pc file but don't want to have a dep on pkg-config. We
# strip the automatically generated dep here and instead co-own the
@@ -14,8 +14,8 @@
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
-Version: 240%{?commit:~0.git%{shortcommit}}
-Release: 2%{?dist}
+Version: 240
+Release: 3%{?commit:.git%{shortcommit}}%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@@ -50,10 +50,7 @@ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|
GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch
%endif
-Patch0001: 0001-test-json-check-absolute-and-relative-difference-in-.patch
Patch0002: 0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch
-Patch0003: 0003-Revert-sd-device-ignore-bind-unbind-events-for-now.patch
-Patch0004: 0004-Revert-udevd-configure-a-child-process-name-for-work.patch
Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
@@ -688,6 +685,13 @@ fi
%files tests -f .file-list-tests
%changelog
+* Fri Jan 11 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-3.gitf02b547
+- systemd-journald and systemd-journal-remote reject entries which
+ contain too many fields (CVE-2018-16865, #1664973) and set limits on the
+ process' command line length (CVE-2018-16864, #1664972)
+- $DBUS_SESSION_BUS_ADDRESS is again exported by pam_systemd (#1662857)
+- A fix for systemd-udevd crash (#1662303)
+
* Sat Dec 22 2018 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 240-2
- Add two more patches that revert recent udev changes