SUSE-SU-2017:2031-1

This update for systemd provides several fixes and enhancements.

Security issues fixed:

• CVE-2017-9217: Null pointer dereferencing that could lead to resolved aborting. (bsc#1040614)
• CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server. (bsc#1045290)

The update also fixed several non-security bugs:

• core/mount: Use the '-c' flag to not canonicalize paths when calling /bin/umount
• automount: Handle expire_tokens when the mount unit changes its state (bsc#1040942)
• automount: Rework propagation between automount and mount units
• build: Make sure tmpfiles.d/systemd-remote.conf get installed when necessary
• build: Fix systemd-journal-upload installation
• basic: Detect XEN Dom0 as no virtualization (bsc#1036873)
• virt: Make sure some errors are not ignored
• fstab-generator: Do not skip Before= ordering for noauto mountpoints
• fstab-gen: Do not convert device timeout into seconds when initializing JobTimeoutSec
• core/device: Use JobRunningTimeoutSec= for device units (bsc#1004995)
• fstab-generator: Apply the _netdev option also to device units (bsc#1004995)
• job: Add JobRunningTimeoutSec for JOB_RUNNING state (bsc#1004995)
• job: Ensure JobRunningTimeoutSec= survives serialization (bsc#1004995)
• rules: Export NVMe WWID udev attribute (bsc#1038865)
• rules: Introduce disk/by-id (model_serial) symbolic links for NVMe drives
• rules: Add rules for NVMe devices
• sysusers: Make group shadow support configurable (bsc#1029516)
• core: When deserializing a unit, fully restore its cgroup state (bsc#1029102)
• core: Introduce cgmaskfromstring()/cgmasktostring()
• core:execute: Fix handling failures of calling fork() in exec_spawn() (bsc#1040258)
• Fix systemd-sysv-convert when a package starts shipping service units (bsc#982303) The database might be missing when upgrading a package which was shipping no sysv init scripts nor unit files (at the time --save was called) but the new version start shipping unit files.
• Disable group shadow support (bsc#1029516)
• Only check signature job error if signature job exists (bsc#1043758)
• Automounter issue in combination with NFS volumes (bsc#1040968)
• Missing symbolic link for SAS device in /dev/disk/by-path (bsc#1040153)
• Add minimal support for boot.d/* scripts in systemd-sysv-convert (bsc#1046750)