-
systemd (240-6ubuntu5.8) disco; urgency=medium
[ Victor Tapia ]
* d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch
Fix regression introduced by
resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch when
DNSSEC=yes (LP: #1796501)
[ Dan Streetman ]
* d/p/lp1840640-shared-seccomp-add-sync_file_range2.patch:
allow sync_file_range2 in nspawn container (LP: #1840640)
* d/p/lp1847527-journal-remote-do-not-request-Content-Length-if-Tran.patch:
do not request Content-Length if Transfer-Encoding is chunked
(LP: #1847527)
* d/t/storage: fix flaky test
(LP: #1847815)
* d/p/lp1843381-dell_passthrough_skip_rename_retry.patch,
debian/extra/rules/73-usb-net-by-mac.rules:
fix rename delay for systems using "Dell MAC passthrough"
(LP: #1843381)
* d/p/lp1849733/0001-resolved-if-we-can-t-append-EDNS-OPT-RR-then-indicat.patch,
d/p/lp1849733/0002-resolved-don-t-let-EDNS0-OPT-dgram-size-affect-TCP.patch:
ignore EDNS0 payload limit when responding over TCP (LP: #1849733)
* d/p/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch:
- Fix bug in refcounting TCP stream types (LP: #1849658)
* d/extra/dhclient-enter-resolved-hook:
- only restart resolved if dhclient conf changed (LP: #1805183)
[ Balint Reczey ]
* d/p/test-execute-Filter-dev-.lxc-in-exec-dynamicuser-statedir.patch:
fix test breakage due to running in nested lxd container
(LP: #1845337)
-- Dan Streetman <email address hidden> Fri, 04 Oct 2019 09:06:58 -0400
-
systemd (240-6ubuntu5.7) disco; urgency=medium
* d/p/d/Revert-udev-network-device-renaming-immediately-give.patch:
- udev: add Revert-udev-network-device-renaming-immediately-give.patch back
Dropping this patch will cause the persistent network regression.
(LP: #1842651)
-- Shih-Yuan Lee (FourDollars) <email address hidden> Thu, 05 Sep 2019 19:01:29 +0800
-
systemd (240-6ubuntu5.6) disco-security; urgency=medium
* SECURITY UPDATE: Unprivileged users are granted access to privileged
systemd-resolved D-Bus methods
- d/p/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch:
drop trusted annotation from bus_open_system_watch_bind_with_description()
- CVE-2019-15718
-- Chris Coulson <email address hidden> Thu, 29 Aug 2019 23:29:13 +0100
-
systemd (240-6ubuntu5.4) disco; urgency=medium
[ You-Sheng Yang ]
* d/p/d/Revert-udev-network-device-renaming-immediately-give.patch:
- udev: drop Revert-udev-network-device-renaming-immediately-give.patch.
The removing patch was for the already deprecated
"75-persistent-net-generator.rules" based interface renaming mechanism,
and it's causing unnecessary problem when a system happends to NICs with
same MAC address, e.g. Dell's MAC address pass-thru. (LP: #1837700)
-- Shih-Yuan Lee (FourDollars) <email address hidden> Wed, 21 Aug 2019 16:15:23 +0800
-
systemd (240-6ubuntu5.3) disco; urgency=medium
[ Dan Streetman ]
* d/p/lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch:
- Set src address for dhcp 'classless' routes (LP: #1835581)
[ Jorge Niedbalski ]
* d/p/lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch:
Allows cache=no-negative option to be set, ignoring negative
answers to be cached (LP: #1668771).
-- Dan Streetman <email address hidden> Mon, 22 Jul 2019 12:45:02 -0400
-
systemd (240-6ubuntu5.2) disco; urgency=medium
[ Jeremy Soller ]
* random-util: eat up bad RDRAND values seen on AMD CPUs.
This fixes AMD Ryzen 3000 series failing to boot (LP: #1835809)
-- Balint Reczey <email address hidden> Tue, 09 Jul 2019 11:52:55 +0200
-
systemd (240-6ubuntu5.1) disco; urgency=medium
* d/p/ask-password-prevent-buffer-overrow-when-reading-fro.patch:
- prevent buffer overflow when reading keyring (LP: #1814373)
* d/p/network-wireguard-fixes-sending-wireguard-peer-setti.patch,
d/p/test-network-add-more-checks-in-NetworkdNetDevTests..patch,
d/p/sd-netlink-introduce-sd_netlink_message_append_socka.patch,
d/p/network-wireguard-use-sd_netlink_message_append_sock.patch:
- systemd doesn't set wireguard peer endpoint (LP: #1825378)
* d/t/boot-smoke:
- Fix false negative checking for running jobs after boot
(LP: #1825997)
-- Dan Streetman <email address hidden> Thu, 16 May 2019 06:07:49 -0400
-
systemd (240-6ubuntu5) disco; urgency=medium
* systemd-stable: cherrypick many bugfixes from the v240-stable branch.
Includes many documentation fixes, memory safety (use after free, read
overruns, etc), networkd wireguard fixes, POSIX ACL fix which is preventing adm
group from reading journals (LP: #1824342), journal dropping caches
improvement, fixes regressions in udevadm / machinectl command line parsing.
Files:
- debian/patches/Add-missing-dash-to-all-option-in-the-timedatectl-man-pag.patch
- debian/patches/Add-note-about-transactions-being-genereated-independentl.patch
- debian/patches/Change-job-mode-of-manager-triggered-restarts-to-JOB_REPL.patch
- debian/patches/Fix-omission-in-docs.patch
- debian/patches/Log-the-job-being-merged.patch
- debian/patches/NEWS-document-deprecation-of-PermissionsStartOnly-in-v240.patch
- debian/patches/NEWS-retroactively-describe-.include-deprecation.patch
- debian/patches/Update-systemd-system.conf.xml.patch
- debian/patches/basic-prioq-add-prioq_peek_item.patch
- debian/patches/core-Fix-EOPNOTSUPP-emergency-action-error-string.patch
- debian/patches/core-Fix-return-argument-check-for-parse_emergency_action.patch
- debian/patches/core-mount-do-not-add-Before-local-fs.target-or-remote-fs.patch
- debian/patches/core-mount-move-static-function-earlier-in-file.patch
- debian/patches/curl-util-fix-use-after-free.patch
- debian/patches/ethtool-Make-sure-advertise-is-actually-set-when-autonego.patch
- debian/patches/journal-avoid-buffer-overread-when-locale-name-is-too-lon.patch
- debian/patches/journal-limit-the-number-of-entries-in-the-cache-based-on.patch
- debian/patches/journald-periodically-drop-cache-for-all-dead-PIDs.patch
- debian/patches/machinectl-fix-argument-index-in-error-log.patch
- debian/patches/man-Fix-a-typo-in-systemd.exec.xml.patch
- debian/patches/man-fix-reference.patch
- debian/patches/man-fix-volume-num-of-journalctl.patch
- debian/patches/man-update-DefaultDependency-in-systemd.mount-5.patch
- debian/patches/netlink-set-maximum-size-of-WGDEVICE_A_IFNAME.patch
- debian/patches/network-make-Link-and-NetDev-always-have-the-valid-poiter.patch
- debian/patches/network-unset-Network-manager-when-loading-.network-file-.patch
- debian/patches/network-wireguard-rename-and-split-set_wireguard_interfac.patch
- debian/patches/networkd-wait-for-kernel-to-reply-ipv6-peer-address.patch
- debian/patches/nspawn-ignore-SIGPIPE-for-nspawn-itself.patch
- debian/patches/pager-improve-english-a-bit.patch
- debian/patches/pid1-fix-cleanup-of-stale-implicit-deps-based-on-proc-sel.patch
- debian/patches/procfs-util-expose-functionality-to-query-total-memory.patch
- debian/patches/pull-fix-invalid-error-check.patch
- debian/patches/shared-Revert-commit-49fe5c099-in-parts-for-function-pars.patch
- debian/patches/shared-dissect-image-make-sure-that-we-don-t-truncate-dev.patch
- debian/patches/test-execute-unset-HOME-before-testing.patch
- debian/patches/udev-do-logging-before-setting-variables-to-NULL.patch
- debian/patches/udev-val-may-be-NULL-use-strempty.patch
- debian/patches/udevadm-info-a-should-enumerate-sysfs-attributes-not-envs.patch
- debian/patches/udevd-use-worker_free-on-failure-in-worker_new.patch
- debian/patches/units-make-sure-initrd-cleanup.service-terminates-before-.patch
- debian/patches/wait-online-do-not-fail-if-we-receive-invalid-messages.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2b3db732ba7e5418d45ca42884e8d075189f2724
* Only test that gdm3 comes up on amd64. Stalls on other arches.
File: debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=97cb13685dfb353045c449ec5d6d1df60f661079
* tests/storage: make the test more resilient.
Skip if the scsi_debug module is not available (like on custom kernels). Do not
fail the tests if removing the module fail, at the end of the test run.
File: debian/tests/storage
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c08dcb1ffe372acd3a21496758a1984ff78dcdd4
-- Dimitri John Ledkov <email address hidden> Thu, 11 Apr 2019 14:44:08 +0100
-
systemd (240-6ubuntu4) disco; urgency=medium
* pam-systemd: use secure_getenv() rather than getenv()
CVE-2019-3842
File: debian/patches/pam-systemd-use-secure_getenv-rather-than-getenv.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f3291e9e8c3eafd0c8921cb26a0d5ee0fd563b3c
* core: queue jobs on uninstall to generate PropertiesChanged signal.
(LP: #1816812)
File: debian/patches/core-when-we-uninstall-a-job-add-unit-to-dbus-queue.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=241deca98fb9a0f1ba9a6ba781f738fb31a3bd80
-- Dimitri John Ledkov <email address hidden> Wed, 10 Apr 2019 01:06:03 +0100
-
systemd (240-6ubuntu3) disco; urgency=medium
* virt: detect WSL environment as a container (LP: #1816753)
* debian/control: Update Vcs-{Browser|Git} to Ubuntu's packaging repository
* debian/gbp.conf: Set tag format to ubuntu/*
-- Balint Reczey <email address hidden> Fri, 22 Mar 2019 18:39:48 +0100
-
systemd (240-6ubuntu2) disco; urgency=medium
* d/p/network-remove-routing-policy-rule-from-foreign-rule.patch
* d/p/network-do-not-remove-rule-when-it-is-requested-by-e.patch
- Fix RoutingPolicyRule does not apply correctly (LP: #1818282)
-- Ioanna Alifieraki <email address hidden> Mon, 04 Mar 2019 10:32:19 +0000
-
systemd (240-6ubuntu1) disco; urgency=medium
* Release to ubuntu.
systemd (240-6) unstable; urgency=high
* High urgency as this fixes a vulnerability.
[ Felipe Sateler ]
* Reenable pristine-tar in gbp.conf.
The pristine-tar bug has been fixed, so we can use it again.
This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e.
* d/watch: add version mangle to transform -rc to ~rc.
Upstream has started releasing rcs, so let's account for that
* Fix comment about why we disable hwclock.service.
Systemd nowadays doesn't do it itself because the kernel does it on its
own when necessary, and when not, it is not safe to save the hwclock (eg,
there is no certainty the system clock
is correct)
* udev: Backport upstream preventing mass killings when not running under
systemd (Closes: #918764)
[ Dimitri John Ledkov ]
* debian/tests/storage: improve cleanups.
On fast ppc64el machines, cryptsetup start job may not complete by the
time tearDown is executed. In that case stop, causes to simply cancel the
start job without actually cleaning up the dmsetup node. This leads to
failing subsequent test as it no longer starts with a clean device. Thus
ensure the systemd-cryptsetup unit is started, before stopping it.
Also rmmod scsi_debug module at the end, to allow re-running the test in a
loop.
* debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
* debian/tests/control: add socat to upstream tests for pull #11591
* Blacklist TEST-10-ISSUE-2467 #11706
* debian/tests/storage: fix for LUKS2 and avoid interactive password
prompts.
[ Martin Pitt ]
* udevadm: Fix segfault with subsystem-match containing '/'
(Closes: #919206)
* sd-bus: if we receive an invalid dbus message, ignore and proceed
* sd-bus: enforce a size limit on D-Bus object paths.
This avoids accessing/modifying memory outside of the allocated stack
region by sending specially crafted D-Bus messages with very large object
paths.
Vulnerability discovered by Chris Coulson <email address hidden>,
patch provided by Riccardo Schirone <email address hidden>.
(CVE-2019-6454)
-- Dimitri John Ledkov <email address hidden> Wed, 20 Feb 2019 21:41:03 +0100
-
systemd (240-5ubuntu4) disco; urgency=medium
* debian/tests/control: add socat to upstream tests for pull #11591
File: debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7dff5196e23f50d15c0e0c4cb6742a1cc1cc704a
* udevadm: Fix segfault with subsystem-match containing '/' (Closes: #919206)
Author: Martin Pitt
File: debian/patches/udevadm-fix-segfault.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=736973d38676301f276716f22a746aed2489baac
* Blacklist TEST-10-ISSUE-2467 #11706
File: debian/tests/upstream
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f93b9e46b54388370da7b0cd7f858031be3a2578
* Fix comment about why we disable hwclock.service.
Systemd nowadays doesn't do it itself because the kernel does it on its own when necessary,
and when not, it is not safe to save the hwclock (eg, there is no certainty the system clock
is correct)
Author: Felipe Sateler
File: debian/systemd.links
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8473f88fffdb9db1f5ba547bb692a911997f2569
* udev: Backport upstream preventing mass killings when not running under systemd
(Closes: #918764)
Author: Felipe Sateler
File: debian/patches/udev-check-whether-systemd-is-running-and-do-not-use-cg_k.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=617ee70c31c45ea5d5c6c7b30766d47f0b89446c
* debian/tests/storage: fix for LUKS2 and avoid interactive password prompts.
File: debian/tests/storage
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5594ebf325816e76a8c58043c56fc94f2d52b2a6
-- Dimitri John Ledkov <email address hidden> Thu, 14 Feb 2019 14:51:37 +0000
-
systemd (240-5ubuntu3) disco; urgency=medium
* debian/tests: blacklist upstream test-24-unit-tests on ppc64le.
Fails, not a regression as it's a new test case, which was never before
executed on ppc64le.
File: debian/tests/upstream
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8062b9a2712c390010d2948eaf764a1b52e68715
-- Dimitri John Ledkov <email address hidden> Sat, 02 Feb 2019 11:05:12 +0100
-
systemd (240-5ubuntu2) disco; urgency=medium
* core: Revert strict mount namespacing/sandboxing, until LXD allows the needed mounts.
(LP: #1813622)
File: debian/patches/Revert-namespace-be-more-careful-when-handling-namespacin.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=030919ba5e4931d6ee576d0259fae67fe4ed9770
* resolved: add support for pipelined requests. (LP: #1811471)
Files:
- debian/patches/llmnr-add-comment-why-we-install-no-complete-handler-on-s.patch
- debian/patches/resolved-add-comment-to-dns_stream_complete-about-its-err.patch
- debian/patches/resolved-keep-stub-stream-connections-up-for-as-long-as-c.patch
- debian/patches/resolved-only-call-complete-with-zero-argument-in-LLMNR-c.patch
- debian/patches/resolved-restart-stream-timeout-whenever-we-managed-to-re.patch
- debian/patches/stream-follow-coding-style-don-t-use-degrade-to-bool-for-.patch
- debian/patches/stream-track-type-of-DnsStream-object.patch
- debian/patches/transaction-simplify-handling-if-we-get-an-unexpected-DNS.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8ad1db08c2135af098a33957ce7cffbe21fb683f
* networkd: [Route] PreferredSource not working in *.network files.
(LP: #1812760)
Files:
- debian/patches/Install-routes-after-addresses-are-ready.patch
- debian/patches/Move-link_check_ready-to-later-in-the-file.patch
- debian/patches/tests-Add-test-for-IPv6-source-routing.patch
- debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b4e2ee0b2ac1be2ae78952890a56a2d5398df518
-- Dimitri John Ledkov <email address hidden> Wed, 30 Jan 2019 11:46:53 +0000
-
systemd (240-5ubuntu1) disco; urgency=medium
* Reenable pristine-tar in gbp.conf.
The pristine-tar bug has been fixed, so we can use it again.
This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e.
Author: Felipe Sateler
File: debian/gbp.conf
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=045998b2a974f9322535fef6018b3c5fff6da342
* debian/tests/storage: improve cleanups.
On fast ppc64el machines, cryptsetup start job may not complete by the time
tearDown is executed. In that case stop, causes to simply cancel the start job
without actually cleaning up the dmsetup node. This leads to failing subsequent
test as it no longer starts with a clean device. Thus ensure the
systemd-cryptsetup unit is started, before stopping it.
Also rmmod scsi_debug module at the end, to allow re-running the test in a
loop.
File: debian/tests/storage
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bfafb0924a59f2a93bcde00fc9eeea5c4d058977
* d/watch: add version mangle to transform -rc to ~rc.
Upstream has started releasing rcs, so let's account for that
Author: Felipe Sateler
File: debian/watch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=db2dbed693ac75c88ea6ed923537d18d30fc1cdf
* debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
File: debian/tests/upstream
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a106d9c60b7b9fc3e16e423ca6a4d376560927cc
systemd (240-5) unstable; urgency=medium
[ Felipe Sateler ]
* Revert interface renaming changes. (Closes: #919390)
[ Martin Pitt ]
* process-util: Fix memory leak (Closes: #920018)
-- Dimitri John Ledkov <email address hidden> Mon, 28 Jan 2019 13:52:58 +0000
-
systemd (240-4ubuntu2) disco; urgency=medium
* Import patches to support PPC64LE qemu based testing.
Files:
- debian/tests/control
- debian/patches/test-test-functions-on-PP64-use-vmlinux.patch
- debian/patches/test-test-functions-on-PPC64-use-hvc0-console.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=483a4daba07f809883883e8e8b9c365cfbf7256e
-- Dimitri John Ledkov <email address hidden> Thu, 24 Jan 2019 16:55:01 +0000
-
systemd (240-4ubuntu1) disco; urgency=medium
* Skip starting systemd-remount-fs.service in containers
even when /etc/fstab is present.
This allows entering fully running state even when /etc/fstab
lists / to be mounted from a device which is not present in the
container. (LP: #1576341)
Author: Balint Reczey
File: debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3bde262e129a9d2c60eeff37e63d3da7d58ce5dd
* Set UseDomains to true, by default, on Ubuntu.
On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries
to a preset 3rd party by default. In resolved, dnssec is also disabled by
default, as too much of the internet is broken and using Ubuntu users to debug
the internet is not very productive - most of the time the end-user cannot fix
or know how to notify the site owners about the dnssec mistakes. Inherintally
the DHCP acquired DNS servers are therefore trusted, and are free to spoof
records. Not trusting DNS search domains, in such scenario, provides limited
security or privacy benefits. From user point of view, this also appears to be
a regression from previous Ubuntu releases which do trust DHCP acquired search
domains by default.
Therefore we are enabling UseDomains by default on Ubuntu.
Users may override this setting in the .network files by specifying
[DHCP|IPv6AcceptRA] UseDomains=no|route options.
File: debian/patches/debian/Ubuntu-UseDomains-by-default.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1e5b00cdfd6b9317704e1383d26365a68c041c56
* Enable systemd-resolved by default
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=05adfa0902115f51c1196ad623165a75bb8b4313
* Create /etc/resolv.conf at postinst, pointing at the stub resolver.
The stub resolver file is dynamically managed by systemd-resolved. It points at
the stub resolver as the nameserver, however it also dynamically updates the
search stanza, thus non-nss dns tools work correctly with unqualified names and
correctly use the DHCP acquired search domains.
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ef4adf46bbbe2d22508b70b889d23da53b85039d
* libnss-resolve: do not disable and stop systemd-resolved
resolved is always used by default on ubuntu via stub resolver, therefore it
should continue to operate without libnss-resolve module installed.
File: debian/libnss-resolve.postrm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=95577d14e84e19b614b83b2e24985d89e8c2dac0
* Ignore failures to set Nice priority on services in containers.
File: debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5b8e457f8d883fc6f55d33d46b3474926a495d29
* units: set ConditionVirtualization=!private-users on journald audit socket.
It fails to start in unprivileged containers.
File: debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=03ed18a9940731bbf794ad320fabf337488835c6
* debian/tests: Switch to gdm, enforce udev upgrade.
Files:
- debian/tests/boot-and-services
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f350b43ccc1aa31c745b4ccebbb4084d5cea41ff
* Always setup /etc/resolv.conf on new installations.
On new installations, /etc/resolv.conf will always exist. Move it to /run
and replace it with the desired final symlink. (LP: #1712283)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=20bc8a37fa3c9620bed21a56a4eabd71db71d861
* Enable systemd-networkd by default.
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e5ff45174306b17077b907bc25cfd763ac6934f1
* boot-and-services: skip gdm3 tests when absent, as it is on s390x.
Files:
- debian/tests/boot-and-services
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cf05ba013979f53ad69fd2c548ec01c7a5339f64
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimicks the
systemd-udev-trigger.service. Without type specified only devices are
triggered, but triggering subsystems may also be required and should happen
before triggering the devices. This is the case for example on s390x with zdev
generated udev rules. (LP: #1713536)
File: debian/extra/initramfs-tools/scripts/init-top/udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4016ca5629b6c56b41a4f654e7a808c82e290cac
* Ubuntu/extra: ship dhclient-enter hook.
This allows isc-dhcp dhclient to set search domains and nameservers via
resolved.
Files:
- debian/extra/dhclient-enter-resolved-hook
- debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f3398a213f80b02bf3db0c1ce9e22d69f6d56764
* Disable systemd-networkd-wait-online by default.
Currently it is not fit for purpose, as it leads to long boot times when
networking is unplugged or not yet configured on boot. (LP: #1714301)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=694473d812b50d2fefd6494d494ca02b91bc8785
* networkd: change UseMTU default to true.
Cherry-pick upstream change. (LP: #1717471)
File: debian/patches/networkd-change-UseMTU-default-to-true.-6837.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=44aa315dd6d9054a5cabd413ec8657b6bfdfc029
* postinst: drop empty/stock /etc/rc.local (LP: #1716979)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e7d071a26a79558771303b0b87f007e650eaebbe
* Improve resolvconf integration.
Make the .path|.service unit that feed resolved data into resolvconf not
generate failures if resolvconf is not installed.
Add a check to make sure that resolved does not read /etc/resolv.conf when that
is symlinked to stub-resolv.conf. (LP: #1717995)
File: debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d9f0f89985a141c1588d67e4868ad68cff6956fb
* Ship systemd sysctl settings.
Patch systemd's default sysctl settings to drop things that are set elsewhere
already.
The promote secondary IP addresses is required for networkd to successfully
renew DHCP leases with a change of an IP address.
Set default package scheduler to Fair Queue CoDel. (LP: #1721223)
Files:
- debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch
- debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7cd041a6d0ef459e4b2a82d8ea5fa1ce05184dfb
* resolved.service: set DefaultDependencies=no (LP: #1734167)
File: debian/patches/resolved.service-set-DefaultDependencies-no.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a6ced6331ff7f99704213547a0b94dc06935d508
* systemd.postinst: enable persistent journal. (LP: #1618188)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f94f18d9dbc085b6a9ff33c141a6e542142f85b5
* Disable LLMNR and MulticastDNS by default LP: #1739672
Files:
- debian/changelog
- debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b4ec428e83696a5cd0405b677a35e97681867629
* Enable qemu tests on all architectures LP: #1749540
Files:
- debian/changelog
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b416d1bdfb4f5e33565178e01ba4c4e3939b6176
* Add "AssumedApparmorLabel=unconfined" to timedate1 dbus service file
(LP: #1749000)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5ad0879e10bbe3d641f940260b93c7eb2cf4624c
* debian/tests/systemd-fsckd: update assertions expectations for v237
fsck got rewritten to use "safe_fork" and whilst previously it would ignore the
error, when fsck is terminated by signal PIPE, it no longer does so. Thus one
should expect systemd-fsck-root.service to have failed in certain test cases.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d5becd9a416b55dcdb7b9a7aba60c4e3d304e6a6
* test/test-functions: launch qemu-system with -vga none.
Should resolve booting qemu-system-ppc64 without seabios.
File: debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=90af1fa893cce5ed49999d16da0b793da6523394
* tests/boot-smoke: ignore udevd connection timeouts resolving colord group.
File: debian/tests/boot-smoke
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e1477b764fa9ef23f5181ef3d31a1332191c3e0b
* tests/systemd-fsckd: ignore systemd_fsck_with_plymouth_failure.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c392e1ca3da67dbf8a7dfe0dcad470f7636f7405
* tests/control: ensure boot-smoke uses latest systemd & udev.
File: debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b7b66380641755bc21fd7dcbc307760b1d18b8af
* Drop systemd.prerm safety check.
On Ubuntu, systemd is the only choice, and is essential, via init ->
systemd-sysv -> systemd dependency chain, thus removing systemd is already
quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
File: debian/systemd.prerm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=0244c4d56556317f14eecc2f51871969ef02ba7b
* wait-online: do not wait, if no links are managed (neither configured, or failed).
(LP: #1728181)
File: debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=31f04c3fc769dacb3cf2a78240a1710a99a865b8
* journald.service: set Nice=-1 to dodge watchdog on soft lockups.
(LP: #1696970)
File: debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e0a9aeffac556492bf517ce2d23313ff7a277926
* Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001).
(LP: #1727237)
File: debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=87d3fe81b7281687ecf3c0b9a8356e90cc714d0b
* Recommend networkd-dispatcher (LP: #1762386)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1e3b2c7e4757119da0d550b0b3c0a6626a176dc
* networkd: if RA was implicit, do not await ndisc_configured.
If RA was iplicit, meaning not otherwise requested, and a kernel default was in
use. Do not prevent link entering configured state, whilst ndisc configuration
is pending. Implicit kernel RA, is expected to be asynchronous and
non-blocking. (LP: #1765173)
File: debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2f749ff528d1b788aa4ca778e954c16b213ee629
* udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i.
This ensures that all scans are completed, before installer reaches
partitioning stage. (LP: #1751813)
Files:
- debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf
- debian/udev-udeb.install
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=eb6d8a2b9504917abb7aa2c4035fdbb7b98227f7
* Disable dh_installinit generation of tmpfiles for the systemd package.
Replace with a manual safe call to systemd-tmpfiles which will process any
updates to the tmpfiles shipped by systemd package, taking into account any
overrides shipped by other packages, sysadmin, or specified in the runtime
directories. (LP: #1748147)
Files:
- debian/rules
- debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fd144cbe31cc7a9383cc76f21f4b84c22a9dd1b
* Enable EFI/bootctl on armhf.
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=043122f7d8a1487bfd357e815a6ece1ceea6e7d1
* boot-and-services: stderr is ok, for status command on the c1 container.
systemctl may print warnings on the stderr when checking the status of
completed units. This should not, overall fail the autopkgtest run.
File: debian/tests/boot-and-services
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=da14d34e7cc33c44ad67e64c9fd092f8cc1675f9
* Skip systemd-fsckd on arm64, because of broken/lack of clean shutdown.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bf5b501ac934497dbef5f64908ff37643dc7288e
* adt: boot-and-services: assert any kernel syslog messages.
It appears that on arm64 the syslog is truncated and is missing early kernel
messages. Print full one, and check for any kernel messages instead.
File: debian/tests/boot-and-services
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=29dc34f7a6e5dc505f6212c17c42e4420b47ed16
* debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin to the kernel (we previously only set it in modprobe.d) LP: #1779815
Files:
- debian/changelog
- debian/extra/start-udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6b72628f8de991e2c67ac4289fc74daf3abe7d14
* units: conditionalize more units to not start in containers.
Files:
- debian/changelog
- debian/patches/debian/UBUNTU-units-block-CAP_SYS_MODULE-units-in-containers-too.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3689afa1a782de8c19a757459b6360de1195ad55
* test-sleep: skip test_fiemap upon inapproriate ioctl for device.
On v4.4 kernels, on top of btrfs ephemeral lxd v3.0 containers generate this
other error code, instead of not supported. Skip the test for both error codes.
File: debian/patches/debian/UBUNTU-test-sleep-skip-test_fiemap-upon-inapproriate-ioctl-.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6ebb5b9f6b77760a5470e8a780d69875b1db76f7
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a5b5fca66c1127068e4ce0cc9ab497814211f4f7
* debian/control: strengthen dependencies.
Make systemd-sysv depend on matching version of systemd. Autopkgtests at times
upgrade systemd-sysv without upgrading systemd. However, upgrading systemd-sysv
alone makes little sense.
Make systemd conflict, rather than just break, systemd-shim. As there are
upgrade failures cause by systemd-shim presence whilst upgrading to new
systemd.
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1ecf0c372f5212129c85ae60fddf26b2271a1fe
* Improve autopkgtest success rate, by bumping up timeouts. (LP: #1789841)
Author: Christian Ehrhardt
File: debian/patches/debian/UBUNTU-bump-selftest-timeouts.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c05586d9da033bbfd6b6a74e10b87520843c7c48
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=64d2b4f1d0d057073fba585f19823332e2a6eed5
* Add conflicts with upstart and systemd-shim. (LP: #1793092)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=83ed7496afc7c27be026014d109855f7d0ad1176
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fd832930ef280c9a4a9dda2440d5a46a6fdb6232
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=51daab96ae79483b5e5fb62e1e0477c87ee11fd1
* Switch gbp.conf to disco.
File: debian/gbp.conf
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fea585b259e3e766d8d3dbc9690e879c054ddc87
* core: set /run size to 10%, like initramfs-tools does.
Currently there is a difference between initrd and initrd-less boots,
w.r.t. size= mount option of /run. This yields different runtime journald caps
(1% vs 10%), and on dense deployments of containers may result in OOM kills.
(LP: #1799251)
File: debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fac2568fe716dc1a41bada78293dc6327a6df0d
* Cherrypick proposed patch to fix LinkLocalAddressing post-unify-MTU settings.
File: debian/patches/networkd-honour-LinkLocalAddressing.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cd9ba0d0f47634c9e5d862b8208cdc3178f25496
systemd (240-4) unstable; urgency=medium
[ Benjamin Drung ]
* Fix shellcheck issues in initramfs-tools scripts
[ Michael Biebl ]
* Import patches from v240-stable branch (up to f02b5472c6)
- Fixes a problem in logind closing the controlling terminal when using
startx. (Closes: #918927)
- Fixes various journald vulnerabilities via attacker controlled alloca.
(CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
* sd-device-monitor: Fix ordering of setting buffer size.
Fixes an issue with uevents not being processed properly during coldplug
stage and some kernel modules not being loaded via "udevadm trigger".
(Closes: #917607)
* meson: Stop setting -fPIE globally.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
(Closes: #909396)
systemd (240-3) unstable; urgency=medium
* udev.init: Trigger add events for subsystems.
Update the SysV init script and mimic the behaviour of the initramfs and
systemd-udev-trigger.service which first trigger subsystems and then
devices during the coldplug stage.
* udevadm: Refuse to run trigger, control, settle and monitor commands in
chroot (Closes: #917633)
* network: Set link state configuring before setting addresses.
Fixes a crash in systemd-networkd caused by an assertion failure.
(Closes: #918658)
* libudev-util: Make util_replace_whitespace() read only len characters.
Fixes a regression where /dev/disk/by-id/ names had additional
underscores.
* man: Update color of journal logs in DEBUG level (Closes: #917948)
* Remove old state directory of systemd-timesyncd on upgrades.
Otherwise timesyncd will fail to update the clock file if it was created
as /var/lib/private/systemd/timesync/clock.
This was the case when the service was using DynamicUser=yes which it no
longer does in v240. (Closes: #918190)
systemd (240-2) unstable; urgency=medium
* Pass separate dev_t var to device_path_parse_major_minor.
Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
* test-json: Check absolute and relative difference in floating point test.
Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
(Closes: #917215)
* sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
Fixes a segfault in systemd-udevd when debug logging is enabled.
* udev-event: Do not read stdout or stderr if the pipefd is not created.
This fixes problems with device-mapper symlinks no longer being created
or certain devices not being marked as ready. (Closes: #917124)
* Don't bump fs.nr_open in PID 1.
In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.
(Closes: #917167)
systemd (240-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 240
- core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
(Closes: #903011)
- machined: Rework referencing of machine scopes from machined
(Closes: #903288)
- timesync: Fix serialization of IP address
(Closes: #916516)
- core: Don't track jobs-finishing-during-reload explicitly
(Closes: #916678)
* Rebase patches
* Install new systemd-id128 binary
* Update symbols file for libsystemd0
* Update nss build options
[ Martin Pitt ]
* tests: Disable some flaky upstream tests.
See https://github.com/systemd/systemd/issues/11195
* tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
See https://github.com/systemd/systemd/issues/11195
systemd (239-15) unstable; urgency=medium
[ Felipe Sateler ]
* Fix container check in udev init script.
Udev needs writable /sys, so the init script tried to check before
starting. Unfortunately, the check was inverted. Let's add the missing
'!' to negate the check.
(Closes: #915261)
* Add myself to uploaders
[ Michael Biebl ]
* Remove obsolete systemd-shim conffile on upgrades.
The D-Bus policy file was dropped from the systemd-shim package in
version 8-4, but apparently there are cases where users removed the
package before that cleanup happened. The D-Bus policy file that was
shipped by systemd-shim was much more restrictive and now prevents
calling GetDynamicUsers() and other recent APIs on systemd Manager.
(Closes: #914285)
systemd (239-14) unstable; urgency=medium
[ Michael Biebl ]
* autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
* resolved: Increase size of TCP stub replies (Closes: #915049)
* meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
Fixes a build failure with glibc 2.28.
* Drop procps dependency from systemd.
The systemd-exit.service user service no longer uses the "kill" binary.
* Simplify container check in udev SysV init script.
Instead of using "ps" to detect a container environment, simply test if
/sys is writable. This matches what's used in systemd-udevd.service via
ConditionPathIsReadWrite=/sys and follows
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
This means we no longer need procps, so drop that dependency from the
udev package. (Closes: #915095)
[ Mert Dirik ]
* 40-systemd: Honour __init_d_script_name.
Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
(if available) to figure out real script name. (Closes: #826214)
* 40-systemd: Improve heuristics for init-d-script.
Improve heuristics for scripts run via init-d-script so that the
redirection works even for older init-d-script versions without the
__init_d_script_name variable.
systemd (239-13) unstable; urgency=medium
* autopktest: Add e2fsprogs dependency to upstream test.
Some of the upstream tests require mkfs.ext4. (Closes: #887250)
* systemctl: Tell update-rc.d to skip creating any systemd symlinks.
When calling update-rc.d via systemd-sysv-install, tell it to skip
creating any systemd symlinks as we want to handle those directly in
systemctl. Older update-rc.d versions will ignore that request, but
that's ok. This means we don't need a versioned dependency against
init-system-helpers. (Closes: #743217)
* pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
(Closes: #825949)
* Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
The patch is no longer necessary as lxc.service now uses Delegate=yes.
* Remove obsolete Replaces from pre-jessie
systemd (239-12) unstable; urgency=high
[ Martin Pitt ]
* Enable QEMU on more architectures in "upstream" autopkgtest.
Taken from the Ubuntu package, so apparently QEMU works well enough on
these architectures now.
* autopkgtest: Avoid test bed reset for boot-smoke.
Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
that autopkgtest doesn't have to provide a new testbed.
* Fix wrong "nobody" group from sysusers.d.
Fix our make-sysusers-basic sysusers.d generator to special-case the
nobody group. "nobody" user and "nogroup" group both have the same ID
65534, which is the only special case for Debian's static users/groups.
So specify the gid explicitly, to avoid systemd-sysusers creating a
dynamic system group for "nobody".
Also clean up the group on upgrades.
Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
[ Michael Biebl ]
* autopkgtest: Use shutil.which() which is provided by Python 3
* Drop non-existing gnuefi=false build option.
This was mistakenly added when converting from autotools to meson.
* core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
Fixes a vulnerability in unit_deserialize which allows an attacker to
supply arbitrary state across systemd re-execution via NotifyAccess.
(CVE-2018-15686, Closes: #912005)
* meson: Use the host architecture compiler/linker for src/boot/efi.
Fixes cross build failure for arm64. (Closes: #905381)
* systemd: Do not pass .wants fragment path to manager_load_unit.
Fixes an issue with overridden units in /etc not being used due to a
.wants/ symlink pointing to /lib. (Closes: #907054)
* machined: When reading os-release file, join PID namespace too.
This ensures that we properly acquire the os-release file from containers.
(Closes: #911231)
systemd (239-11) unstable; urgency=high
[ Michael Biebl ]
* debian/tests/upstream: Clean up after each test run.
Otherwise the loopback images used by qemu are not properly released and
we might run out of disk space.
* dhcp6: Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
handling.
(CVE-2018-15688, LP: #1795921, Closes: #912008)
* chown-recursive: Rework the recursive logic to use O_PATH.
Fixes a race condition in chown_one() which allows an attacker to cause
systemd to set arbitrary permissions on arbitrary files.
(CVE-2018-15687, LP: #1796692, Closes: #912007)
[ Martin Pitt ]
* debian/tests/boot-and-services: Use gdm instead of lightdm.
This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
fails.
[ Manuel A. Fernandez Montecelo ]
* Run "meson test" instead of "ninja test"
Upstream developers of meson recommend to run it in this way, because
"ninja test" just calls "meson test", and by using meson directly and
using extra command line arguments it is possible to control aspects of
how the tests are run.
* Increase timeout for test in riscv64.
The buildds for the riscv64 arch used at the moment are slow, so increase
the timeouts for this arch by a factor of 10, for good measure.
(Closes: #906429)
systemd (239-10) unstable; urgency=medium
[ Michael Biebl ]
* meson: Rename -Ddebug to -Ddebug-extra.
Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.
(Closes: #909455)
* Add conflicts against consolekit.
Letting both ConsoleKit and logind manage dynamic device permissions
will only lead to inconsistent and unexpected results.
[ Felipe Sateler ]
* Link systemctl binary statically against libshared.
This reduces the Pre-Depends list considerably, and is more resilient
against borked installs.
systemd (239-9) unstable; urgency=medium
* autopkgtest: Remove needs-recommends runtime restriction.
This restriction has been deprecated and there are plans to remove it
altogether. The tests pass withouth needs-recommends, so it seems safe
to remove.
* test: Use installed catalogs when test-catalog is not located at build
dir.
This makes it possible to run test-catalog as installed test, so we no
longer need to mark it as EXFAIL in our root-unittests autopkgtest.
* test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
$SYSTEMD_CATALOG_DIR.
This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
the test binaries and should make the build reproducible.
(Closes: #908365)
systemd (239-8) unstable; urgency=medium
[ Michael Biebl ]
* Clean up dbus-org.freedesktop.timesync1.service Alias on purge
(Closes: #904290)
* user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
* core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
* Remove udev control socket on shutdown under sysvinit.
The udev control socket is no longer removed automatically when the
daemon is stopped. As this can confuse other software, update the SysV
init script to remove the control socket manually and make sure the init
script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
(Closes: #791944)
* Bump Standards-Version to 4.2.1
[ Martin Pitt ]
* timedated: Fix wrong PropertyChanged values and refcounting
-- Dimitri John Ledkov <email address hidden> Mon, 21 Jan 2019 16:09:03 +0000
-
systemd (239-7ubuntu15) disco; urgency=medium
* core: set /run size to 10%, like initramfs-tools does.
Currently there is a difference between initrd and initrd-less boots,
w.r.t. size= mount option of /run. This yields different runtime journald caps
(1% vs 10%), and on dense deployments of containers may result in OOM kills.
(LP: #1799251)
File: debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fac2568fe716dc1a41bada78293dc6327a6df0d
* resolved: Increase size of TCP stub replies.
DNS_PACKET_PAYLOAD_SIZE_MAX is limiting the size of the stub replies to
512 with EDNS off or 4096 with EDNS on, without checking the protocol
used. This makes TCP replies for clients without EDNS support to be
limited to 512, making the truncate flag useless if the query result is
bigger than 512 bytes.
This commit increases the size of TCP replies to DNS_PACKET_SIZE_MAX
Fixes: #10816
(cherry picked from commit e6eed9445956cfa496e1db933bfd3530db23bfce)
(LP: #1804487)
Author: Victor Tapia
File: debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=702a4566174c4d2bd84b70805107cfc1a7c128cc
-- Dimitri John Ledkov <email address hidden> Mon, 03 Dec 2018 13:49:24 +0000
-
systemd (239-7ubuntu14) disco; urgency=medium
* Fix compat with new meson.
File: debian/patches/meson-rename-Ddebug-to-Ddebug-extra.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3b764ec1b76768a8c40635019fa5a8acb81b223e
-- Dimitri John Ledkov <email address hidden> Thu, 29 Nov 2018 16:53:00 +0000
-
systemd (239-7ubuntu13) disco; urgency=medium
* Stop testing that gdm3 is up.
Ubuntu Desktop is only supported on amd64, and on real hardware. Testing that
gdm3 fails to start (yet continues to be running, with a half broken logind
session) is not useful on dummy xorg video cards in nested VMs.
(LP: #1805358)
File: debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3006fedda1d1ca3f04c5f593e8018bb6d1196025
-- Dimitri John Ledkov <email address hidden> Wed, 28 Nov 2018 16:02:25 +0000
-
systemd (239-7ubuntu12) disco; urgency=medium
* hwdb: Revert wlan keycode changes, rely on xkeyboard-config fixes instead.
(LP: #1799364)
Author: seb128
File: debian/patches/hwdb-revert-airplane-mode-keys-handling-on-Dell.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cabc076fdd67ced21fc789e44e0366a2f561a5bc
* test: Set executable bits on TEST-22-TMPFILES shell scripts. (LP: #1804864)
File: debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=0e5b6e44a962f299565949e1006a4ba86d171dc3
* Switch gbp.conf to disco.
File: debian/gbp.conf
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fea585b259e3e766d8d3dbc9690e879c054ddc87
-- Dimitri John Ledkov <email address hidden> Fri, 23 Nov 2018 18:38:43 +0000
-
systemd (239-7ubuntu11) disco; urgency=medium
* hwdb: Fix wlan keycode for all Dell Latitude and Precision systems
(LP: #1799364)
Author: Shih-Yuan Lee (FourDollars)
File: debian/patches/hwdb-Fix-wlan-keycode-for-all-Dell-Latitude-and-Precision.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d8ac9a5640be39ede9cebcd8c4cc44e8811e0e49
* hwdb: Update PNP IDs of Goldstar (now: LG Electronics) (LP: #1804584)
File: debian/patches/hwdb-Update-PNP-IDs-of-Goldstar-now-LG-Electronics-.-1005.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=10204fb5761c759be6ddf27dc43c851ef24c96cb
* btrfs-util: unbreak tmpfiles' subvol creation
File: debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4ab5b8275a0487e301553fb6de6a905abb7ea833
-- Dimitri John Ledkov <email address hidden> Thu, 22 Nov 2018 16:30:28 +0000
-
systemd (239-7ubuntu10.4) cosmic-security; urgency=medium
[ Chris Coulson ]
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
resolve this completely
- CVE-2018-6954
[ Balint Reczey ]
* Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
- update debian/systemd.postinst
-- Chris Coulson <email address hidden> Thu, 15 Nov 2018 20:42:32 +0000
-
systemd (239-7ubuntu10.3) cosmic-security; urgency=medium
* SECURITY UPDATE: reexec state injection
- debian/patches/CVE-2018-15686.patch: when deserializing state always use
read_line(…, LONG_LINE_MAX, …) rather than fgets()
- CVE-2018-15686
* SECURITY UPDATE: chown_one() can dereference symlinks
- debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
- CVE-2018-15687
-- Chris Coulson <email address hidden> Tue, 06 Nov 2018 20:52:41 +0000
-
systemd (239-7ubuntu10.1) cosmic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in dhcp6 client
- debian/patches/CVE-2018-15688.patch: make sure we have enough space
for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
- CVE-2018-15688
-- Marc Deslauriers <email address hidden> Wed, 31 Oct 2018 11:36:32 -0400
-
systemd (239-7ubuntu10) cosmic; urgency=medium
* units: Disable journald Watchdog (LP: #1773148)
* Add conflicts with upstart and systemd-shim. (LP: #1773859)
-- Dimitri John Ledkov <email address hidden> Thu, 04 Oct 2018 15:58:51 +0100
