systemd security, bug fix, and enhancement update

[219-67.0.1]

• do not create utmp update symlinks for reboot and poweroff [Orabug: 27854896]
• OL7 udev rule for virtio net standby interface [Orabug: 28826743]
• fix _netdev is missing for iscsi entry in /etc/fstab [Orabug: 25897792] ([email protected])
• set ‘RemoveIPC=no’ in logind.conf as default for OL7.2 [22224874]
• allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
• add hv dynamic memory support (Jerry Snitselaar) [Orabug: 18621475]
  [219-67]
• fix mis-merge (#1714503)
• fs-util: chase_symlinks(): prevent double fre (#1714782)
  [219-66]
• sd-bus: unify three code-paths which free struct bus_container (#1643394)
• hashmap: dont use mempool (#1609349)
• man: be more explicit about thread safety of sd_journal (#1609349)
• selinux: dont log SELINUX_INFO and SELINUX_WARNING messages to audit (#1240730)
  [219-65]
• backport fd_is_fs_type (#1663143)
• backport chase_symlinks (#1663143)
• fs-util: add new CHASE_SAFE flag to chase_symlinks() (#1663143)
• fs-util: add new chase_symlinks() flag CHASE_OPEN (#1663143)
• sd-dameon: also sent ucred when our UID differs from EUID (#1663143)
• notify: add new --uid= command (#1663143)
• core: be stricter when handling PID files and MAINPID sd_notify() messages (#1663143)
• journald: respect KeepFree= as well as MaxUse= values (#1361893)
• shutdown: in_container was used before its definition (#1693716)
• core: Fix edge case when processing /proc/self/mountinfo (#1691511)
• sd-bus: deal with cookie overruns (#1693559)
• Refuse dbus message paths longer than BUS_PATH_SIZE_MAX limit. (#1667871)
• Allocate temporary strings to hold dbus paths on the heap (#1667871)
• sd-bus: if we receive an invalid dbus message, ignore and proceeed (#1667871)
• udev: check if the spawned PID didnt exit after reaping unexpected PID (#1697909)
• udev: call poll() again after killing the spawned process (#1697909)
• udev: check age against both timeouts to prevent integer wraparound (#1697909)
• avoid possible hang if our child process hangs (#1697909)
• missing: when adding syscall replacements, use different names (#1694605)
• include sys/sysmacros.h in more places (#1694605)
  [219-64]
• detect-virt: do not try to read all of /proc/cpuinfo (#1631531)
• core: disable the effect of Restart= if theres a stop job pending for a service (#6581) (#1626382)
• networkd: respect DHCP UseRoutes option (#1663365)
• networkd: fix dhcp4 link without routes not being considered ready (#8728) (#1663365)
• networkd: dont crash when mtu changes (#6594) (#1663365)
• tmpfiles: ‘e’ takes globs (#1641764)
• tmpfiles: ‘e’ is supposed to operate on directory only (#1641764)
• tmpfiles: ‘e’ is supposed to accept shell-style globs (#1641764)
• bus-message: do not crash on message with a string of zero length (#1643396)
• Revert ‘bus: when dumping string property values escape the chars we use as end-of-line and end-of-item marks’ (#1643172)
• set automount state to waiting when the mount is stopped (#1651257)
• core: when deserializing state always use read_line(, LONG_LINE_MAX, ) (CVE-2018-15686)
• shorten hostname before checking for trailing dot (#1631625)
• journald: fixed assertion failure when system journal rotation fails (#9893) (#1619543)
• local-addresses: handle gracefully if routes lack an RTA_OIF attribute (#1627750)
• rules: fix memory hotplug rule so systemd-detect-virt does not run too often (#1666612)
• 6647 - use path_startswith(‘/dev’) in cryptsetup (#6732) (#1664695)
• core: mount-setup: handle non-existing mountpoints gracefully (#1585411)
• units/rescue.service.in: fix announcement message (#1660422)
• systemctl: Allow ‘edit’ and ‘cat’ on unloaded units (#1649518)
• main: improve RLIMIT_NOFILE handling (#5795) (#1585913)
• shared/sleep-config: exclude zram devices from hibernation candidates (#1609816)
• journalctl: allow --file/–directory with --boot or --list-boots (#1463678)
• journalct: allow --boot=0 to DTRT with --file/–directory (#1463678)
• journal-remote: show error message if output file name does not end with .journal (bz#1267552)
• artificially serialize building of .policy files (#1272485)
• cryptsetup: add support for sector-size= option (#9936) (#1571801)
• cryptsetup: do not define arg_sector_size if libgcrypt is v1.x (#9990) (#1571801)
• journal: fix syslog_parse_identifier() (#1657794)
• journal: do not remove multiple spaces after identifier in syslog message (#1657794)
• tmpfiles: change ownership of symlinks too (#1620110)
• tmpfiles: fix check for figuring out whether to call chmod() (#1620110)
• shared/install: allow ‘enable’ on linked unit files (#1628575)
  [219-63]
• dhcp6: make sure we have enough space for the DHCP6 option header (CVE-2018-15688)
• journald: do not store the iovec entry for process commandline on stack (#1657788)
• journald: set a limit on the number of fields (1k) (#1657792)
• journal-remote: set a limit on the number of fields in a message (#1657792)
• journald: free cmdline buffers owned by iovec (#1666646)