-
Fri May 29 2020 Eric DeVolder <eric.devolder@oracle.com> - 219-30.0.3.el8_2
- backport upstream pstore tmpfiles patch [Orabug: 31420486]
-
Wed May 06 2020 Eric DeVolder <eric.devolder@oracle.com> - 239-30.0.2.el8_2
- udev rules: fix memory hot add and remove [Orabug: 31310273]
-
Tue May 05 2020 EL Errata <el-errata_ww@oracle.com> - 239-30.0.1.el8_2
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- fix to generate systemd-pstore.service file [Orabug: 30230056]
- fix _netdev is missing for iscsi entry in /etc/fstab (tony.l.lam@oracle.com) [Orabug: 25897792]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
-
Wed Apr 15 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-30
- pid1: fix the names of AllowedCPUs= and AllowedMemoryNodes= (#1824129)
- core: fix re-realization of cgroup siblings (#1824129)
- basic: use comma as separator in cpuset cgroup cpu ranges (#1824129)
-
Mon Mar 23 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-29
- cryptsetup: Treat key file errors as a failed password attempt (#1763155)
-
Wed Mar 11 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-28
- pid1: fix DefaultTasksMax initialization (#1809037)
- cgroup: make sure that cpuset is supported on cgroup v2 and disabled with v1 (#1808940)
- test: introduce TEST-36-NUMAPOLICY (#1808940)
- test: replace `tail -f` with journal cursor which should be more reliable (#1808940)
- test: support MPOL_LOCAL matching in unpatched strace versions (#1808940)
- test: make sure the strace process is indeed dead (#1808940)
- test: skip the test on systems without NUMA support (#1808940)
- test: give strace some time to initialize (#1808940)
- test: add a simple sanity check for systems without NUMA support (#1808940)
- test: drop the missed || exit 1 expression (#1808940)
- test: replace cursor file with a plain cursor (#1808940)
-
Fri Feb 21 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-27
- cgroup: introduce support for cgroup v2 CPUSET controller (#1724617)
-
Wed Feb 19 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-26
- seccomp: introduce seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files (#1687512)
- test: add test case for restrict_suid_sgid() (#1687512)
- core: expose SUID/SGID restriction as new unit setting RestrictSUIDSGID= (#1687512)
- analyze: check for RestrictSUIDSGID= in "systemd-analyze security" (#1687512)
- man: document the new RestrictSUIDSGID= setting (#1687512)
- units: turn on RestrictSUIDSGID= in most of our long-running daemons (#1687512)
- core: imply NNP and SUID/SGID restriction for DynamicUser=yes service (#1687512)
-
Mon Feb 17 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-25
- sd-bus: use "queue" message references for managing r/w message queues in connection objects (CVE-2020-1712)
- pid1: make sure to restore correct default values for some rlimits (#1789930)
- main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE (#1789930)
-
Thu Feb 13 2020 systemd maintenance team <systemd-maint@redhat.com> - 239-24
- rules: reintroduce 60-alias-kmsg.rules (#1739353)
- sd-bus: make rqueue/wqueue sizes of type size_t (CVE-2020-1712)
- sd-bus: reorder bus ref and bus message ref handling (CVE-2020-1712)
- sd-bus: make sure dispatch_rqueue() initializes return parameter on all types of success (CVE-2020-1712)
- sd-bus: drop two inappropriate empty lines (CVE-2020-1712)
- sd-bus: initialize mutex after we allocated the wqueue (CVE-2020-1712)
- sd-bus: always go through sd_bus_unref() to free messages (CVE-2020-1712)
- bus-message: introduce two kinds of references to bus messages (CVE-2020-1712)
- sd-bus: introduce API for re-enqueuing incoming messages (CVE-2020-1712)
- sd-event: add sd_event_source_disable_unref() helper (CVE-2020-1712)
- polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (CVE-2020-1712)
- sysctl: let's by default increase the numeric PID range from 2^16 to 2^22 (#1744214)
- journal: do not trigger assertion when journal_file_close() get NULL (#1788085)
- journal: use cleanup attribute at one more place (#1788085)