systemd security, bug fix, and enhancement update

[239-29.0.1.el8]

• fix to enable systemd-pstore.service [Orabug: 30951066]
• journal: change support URL shown in the catalog entries [Orabug: 30853009]
• fix to generate systemd-pstore.service file [Orabug: 30230056]
• fix _netdev is missing for iscsi entry in /etc/fstab ([email protected]) [Orabug: 25897792]
• set ‘RemoveIPC=no’ in logind.conf as default for OL7.2 [Orabug: 22224874]
• allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
• add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
• Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
  [239-29]
• cryptsetup: Treat key file errors as a failed password attempt (#1763155)
  [239-28]
• pid1: fix DefaultTasksMax initialization (#1809037)
• cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940)
• test: introduce TEST-36-NUMAPOLICY (#1808940)
• test: replace tail -f with journal cursor which should be more reliable (#1808940)
• test: support MPOL_LOCAL matching in unpatched strace versions (#1808940)
• test: make sure the strace process is indeed dead (#1808940)
• test: skip the test on systems without NUMA support (#1808940)
• test: give strace some time to initialize (#1808940)
• test: add a simple sanity check for systems without NUMA support (#1808940)
• test: drop the missed || exit 1 expression (#1808940)
• test: replace cursor file with a plain cursor (#1808940)
  [239-27]
• cgroup: introduce support for cgroup v2 CPUSET controller (#1724617)
  [239-26]
• seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files (#1687512)
• test: add test case for restrict_suid_sgid() (#1687512)
• core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= (#1687512)
• analyze: check for RestrictSUIDSGID= in ‘systemd-analyze security’ (#1687512)
• man: document the new RestrictSUIDSGID= setting (#1687512)
• units: turn on RestrictSUIDSGID= in most of our long-running daemons (#1687512)
• core: imply NNP and SUID/SGID restriction for DynamicUser=yes service (#1687512)
  [239-25]
• sd-bus: use ‘queue’ message references for managing r/w message queues in connection objects (CVE-2020-1712)
• pid1: make sure to restore correct default values for some rlimits (#1789930)
• main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE (#1789930)
  [239-24]
• rules: reintroduce 60-alias-kmsg.rules (#1739353)
• sd-bus: make rqueue/wqueue sizes of type size_t (CVE-2020-1712)
• sd-bus: reorder bus ref and bus message ref handling (CVE-2020-1712)
• sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (CVE-2020-1712)
• sd-bus: drop two inappropriate empty lines (CVE-2020-1712)
• sd-bus: initialize mutex after we allocated the wqueue (CVE-2020-1712)
• sd-bus: always go through sd_bus_unref() to free messages (CVE-2020-1712)
• bus-message: introduce two kinds of references to bus messages (CVE-2020-1712)
• sd-bus: introduce API for re-enqueuing incoming messages (CVE-2020-1712)
• sd-event: add sd_event_source_disable_unref() helper (CVE-2020-1712)
• polkit: when authorizing via PK lets re-resolve callback/userdata instead of caching it (CVE-2020-1712)
• sysctl: lets by default increase the numeric PID range from 2^16 to 2^22 (#1744214)
• journal: do not trigger assertion when journal_file_close() get NULL (#1788085)
• journal: use cleanup attribute at one more place (#1788085)
  [239-23]
• catalog: fix name of variable (#1677768)
• cryptsetup: add keyfile-timeout to allow a keydev timeout and allow to fallback to a password if it fails. (#1763155)
• cryptsetup: add documentation for keyfile-timeout (#1763155)
• cryptsetup: use unabbrieviated variable names (#1763155)
• cryptsetup: dont assert on variable which is optional (#1763155)
• cryptsetup-generator: guess whether the keyfile argument is two items or one (#1763155)
• crypt-util: Translate libcryptsetup log level instead of using log_debug() (#1776408)
• cryptsetup: add some commenting about EAGAIN generation (#1776408)
• cryptsetup: downgrade a log message we ignore (#1776408)
• cryptsetup: rework how we log about activation failures (#1776408)
  [239-22]
• spec: dont ship /var/log/README
• spec: provide systemd-rpm-macros
  [239-21]
• test-cpu-set-util: fix comparison for allocation size (#1734787)
• test-cpu-set-util: fix allocation size check on i386 (#1734787)
  [239-20]
• journal: rely on cleanup_free to free a temporary string used in client_context_read_cgroup (#1764560)
• basic/user-util: allow dots in user names (#1717603)
• sd-bus: bump message queue size again (#1770189)
• tests: put fuzz_journald_processing_function in a .c file (#1764560)
• tests: add a fuzzer for dev_kmsg_record (#1764560)
• basic: remove an assertion from cunescape_one (#1764560)
• journal: fix an off-by-one error in dev_kmsg_record (#1764560)
• tests: add a reproducer for a memory leak fixed in 30eddcd51b8a472e05d3b8d1 in August (#1764560)
• tests: add a reproducer for a heap-buffer-overflow fixed in 937b1171378bc1000a (#1764560)
• test: initialize syslog_fd in fuzz-journald-kmsg too (#1764560)
• tests: add a fuzzer for process_audit_string (#1764560)
• journald: check whether sscanf has changed the value corresponding to %n (#1764560)
• tests: introduce dummy_server_init and use it in all journald fuzzers (#1764560)
• tests: add a fuzzer for journald streams (#1764560)
• tests: add a fuzzer for server_process_native_file (#1764560)
• fuzz-journal-stream: avoid assertion failure on samples which dont fit in pipe (#1764560)
• journald: take leading spaces into account in syslog_parse_identifier (#1764560)
• Add a warning about the difference in permissions between existing directories and unit settings. (#1778384)
• execute: remove one redundant comparison check (#1778384)
• core: change ownership/mode of the execution directories also for static users (#1778384)
• core/dbus-execute: remove unnecessary initialization (#1734787)
• shared/cpu-set-util: move the part to print cpu-set into a separate function (#1734787)
• shared/cpu-set-util: remove now-unused CPU_SIZE_TO_NUM() (#1734787)
• Rework cpu affinity parsing (#1734787)
• Move cpus_in_affinity_mask() to cpu-set-util.[ch] (#1734787)
• test-cpu-set-util: add simple test for cpus_in_affinity_mask() (#1734787)
• test-cpu-set-util: add a smoke test for test_parse_cpu_set_extend() (#1734787)
• pid1: parse CPUAffinity= in incremental fashion (#1734787)
• pid1: dont reset setting from /proc/cmdline upon restart (#1734787)
• pid1: when reloading configuration, forget old settings (#1734787)
• test-execute: use CPUSet too (#1734787)
• shared/cpu-set-util: drop now-unused cleanup function (#1734787)
• shared/cpu-set-util: make transfer of cpu_set_t over bus endian safe (#1734787)
• test-cpu-set-util: add test for dbus conversions (#1734787)
• shared/cpu-set-util: introduce cpu_set_to_range() (#1734787)
• systemctl: present CPUAffinity mask as a list of CPU index ranges (#1734787)
• shared/cpu-set-util: only force range printing one time (#1734787)
• execute: dump CPUAffinity as a range string instead of a list of CPUs (#1734787)
• cpu-set-util: use %d-%d format in cpu_set_to_range_string() only for actual ranges (#1734787)
• core: introduce NUMAPolicy and NUMAMask options (#1734787)
• core: disable CPUAccounting by default (#1734787)
• set kptr_restrict=1 (#1689346)
• cryptsetup: reduce the chance that we will be OOM killed (#1696602)
• core, job: fix breakage of ordering dependencies by systemctl reload command (#1766417)
• debug-generator: enable custom systemd.debug_shell tty (#1723722)
  [239-19]
• core: never propagate reload failure to service result (#1735787)
• man: document systemd-analyze security (#1750343)
• man: reorder and add examples to systemd-analyze(1) (#1750343)
• travis: move to CentOS 8 docker images (#1761519)
• travis: drop SCL remains (#1761519)
• syslog: fix segfault in syslog_parse_priority() (#1761519)
• sd-bus: make strict asan shut up (#1761519)
• travis: dont run slow tests under ASan/UBSan (#1761519)
• kernel-install: do not require non-empty kernel cmdline (#1701454)
• ask-password: prevent buffer overrow when reading from keyring (#1752050)
• core: try to reopen /dev/kmsg again right after mounting /dev (#1749212)
• buildsys: dont garbage collect sections while linking (#1748258)
• udev: introduce CONST key name (#1762679)
• Call getgroups() to know size of supplementary groups array to allocate (#1743230256 KB
• Consider smb3 as remote filesystem (#1757257)
• process-util: introduce pid_is_my_child() helper (#1744972)
• core: reduce the number of stalled PIDs from the watched processes list when possible (#1744972)
• core: only watch processes when its really necessary (#1744972)
• core: implement per unit journal rate limiting (#1719577)
• path: stop watching path specs once we triggered the target unit (#1763161)
• journald: fixed assertion failure when system journal rotation fails (#9893) (#1763619)
• test: use PBKDF2 instead of Argon2 in cryptsetup… (#1761519)
• test: mask several unnecessary services (#1761519)
• test: bump the second partitions size to 50M (#1761519)
• shared/sleep-config: exclude zram devices from hibernation candidates (#1763617)
• selinux: dont log SELINUX_INFO and SELINUX_WARNING messages to audit (#1763612)
• sd-device: introduce log_device_*() macros (#1753369)
• udev: Add id program and rule for FIDO security tokens (#1753369)
• shared/but-util: drop trusted annotation from bus_open_system_watch_bind_with_description() (#1746857)
• sd-bus: adjust indentation of comments (#1746857)
• resolved: do not run loop twice (#1746857)
• resolved: allow access to Set*Link and Revert methods through polkit (#1746857)
• resolved: query polkit only after parsing the data (#1746857)