Fix CVE-2021-3997 in systemd.

chapter01/changelog.xml

@@ -39,6 +39,17 @@
     <listitem revision="sysv"> or <listitem revision="systemd"> as
     appropriate for the entry or if needed the entire day's listitem.
     -->
+    <listitem revision="systemd">
+      <para>2021-01-13</para>
+      <itemizedlist>
+        <listitem>
+          <para>[renodr] - Fixed CVE-2021-3997 in systemd, as well as fixing
+          an issue with the default hostname and idle units. Fixes
+          <ulink url="&lfs-ticket-root;4981">#4981</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
     <listitem revision="systemd">
       <para>2021-01-03</para>
       <itemizedlist>

chapter01/whatsnew.xml

@@ -293,6 +293,9 @@
     <listitem revision="sysv">
       <para>sysvinit-3.01-consolidated-1.patch</para>
     </listitem>
+    <listitem revision="systemd">
+      <para>systemd-250-upstream_fixes-1.patch</para>
+    </listitem>
     <!--
     <listitem revision="systemd">
       <para>MarkupSafe-&markupsafe-version;</para>

chapter03/patches.xml

@@ -127,7 +127,6 @@
       </listitem>
     </varlistentry>
 
-    <!--
     <varlistentry revision="systemd">
       <term>Systemd Upstream Fixes Patch - <token>&systemd-upstream-fixes-patch-size;</token>:</term>
       <listitem>
@@ -135,7 +134,6 @@
         <para>MD5 sum: <literal>&systemd-upstream-fixes-patch-md5;</literal></para>
       </listitem>
     </varlistentry>
-    -->
 
   </variablelist>
 

chapter08/systemd.xml

@@ -40,12 +40,10 @@
   <sect2 role="installation">
     <title>Installation of systemd</title>
 
-    <!--Fix CVE-2021-33910 -->
-    <!--
-    <para>First, apply a patch to fix a security vulnerability:</para>
+    <para>First, apply a patch to fix a security vulnerability and regressions
+    with hostnames and idle units:</para>
 
 <screen><userinput remap="pre">patch -Np1 -i ../systemd-&systemd-version;-upstream_fixes-1.patch</userinput></screen>
--->
 
     <para>Remove two unneeded groups,
     <systemitem class="groupname">render</systemitem> and
@@ -204,11 +202,6 @@ meson --prefix=/usr                 \
 
 <screen><userinput remap="adjust">systemctl disable systemd-time-wait-sync.service</userinput></screen>
 
-    <para>Fix a regression in a systemd unit that causes a delay when
-    switching TTYs:</para>
-
-<screen><userinput remap="adjust">sed -i 's/idle/simple/' /usr/lib/systemd/system/getty@.service</userinput></screen>
-
 <!-- dev: 50-pid-max.conf is not removed in BLFS, so I commented the following out.
           If it causes any trouble, we can add this back and also copy it into BLFS -->
 <!--

chapter10/kernel.xml

@@ -212,12 +212,6 @@ File systems  --->
     configuration menus and create the kernel configuration from
     scratch.</para>
 
-    <note revision="systemd">
-      <para revision="systemd">Ensure that CONFIG_DEFAULT_HOSTNAME is set to '(none)' or a hostname.
-      If it is left blank, systemd will fail to set the hostname to the
-      content of <filename>/etc/hostname</filename>.</para>
-    </note>
-
     <para>Compile the kernel image and modules:</para>
 
 <screen><userinput remap="make">make</userinput></screen>

patches.ent

@@ -82,8 +82,6 @@
 <!ENTITY sysvinit-consolidated-patch-md5 "4900322141d493e74020c9cf437b2cdc">
 <!ENTITY sysvinit-consolidated-patch-size "2.4 KB">
 
-<!--
 <!ENTITY systemd-upstream-fixes-patch "systemd-&systemd-version;-upstream_fixes-1.patch">
-<!ENTITY systemd-upstream-fixes-patch-md5 "a4449dedf514486b8995ee501d1bb8cc">
-<!ENTITY systemd-upstream-fixes-patch-size "4 KB">
--->
+<!ENTITY systemd-upstream-fixes-patch-md5 "80ea819e9bc4f61a47e8fcbeba9677c1">
+<!ENTITY systemd-upstream-fixes-patch-size "184 KB">