-
systemd (231-9ubuntu5) yakkety-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds write in systemd-resolved (LP: #1695546)
- debian/patches/test-resolved-packet-add-a-simple-test-for-our-alloc.patch:
Add a simple allocation test
- debian/patches/resolved-simplify-alloc-size-calculation.patch: Simply
allocation size calculation
- CVE-2017-9445
-- Chris Coulson <email address hidden> Wed, 21 Jun 2017 16:35:26 +0100
-
systemd (231-9ubuntu4) yakkety; urgency=medium
* debian/extra/units/systemd-resolved.service.d/resolvconf.conf: if
resolved is going to be started, make sure this blocks
network-online.target. LP: #1673860.
* debian/patches/resolved-follow-CNAMES-for-DNS-stub-replies.patch:
Cherry-pick upstream fix for resolved failing to follow CNAMES for DNS
stub replies. LP: #1647031.
* debian/patches/logind-update-empty-and-infinity-handling-for-User-T.patch:
Cherry-pick upstream fix to handle empty and "infinity" values for
[User]TasksMax. Closes LP: #1651518.
-- Steve Langasek <email address hidden> Mon, 20 Mar 2017 22:14:14 -0700
-
systemd (231-9ubuntu3) yakkety; urgency=medium
* d/p/0001-libudev-util-change-util_replace_whitespace-to-retur.patch,
d/p/0002-udev-event-add-replace_whitespace-param-to-udev_even.patch,
d/p/0003-udev-rules-perform-whitespace-replacement-for-symlin.patch:
Cherry-pick upstream fixes from Dan Streetman <email address hidden> to
fix by-id symlinks for devices whose IDs contain whitespace.
LP: #1647485.
-- Steve Langasek <email address hidden> Fri, 13 Jan 2017 16:22:48 +0200
-
systemd (231-9ubuntu2) yakkety; urgency=medium
[ Dan Streetman ]
* rules: introduce disk/by-id (model_serial) symlinks for NVMe drives
(LP: #1642903)
[ Martin Pitt ]
* Drop systemd-networkd's "After=dbus.service" ordering, so that it can
start during early boot (for cloud-init.service). It will auto-connect to
D-Bus once it becomes available later, and transient (from DHCP) hostname
and timezone setting do not work in 16.10 anyway. (LP: #1636912)
-- Martin Pitt <email address hidden> Thu, 24 Nov 2016 13:21:05 +0100
-
systemd (231-9ubuntu1) yakkety; urgency=medium
* debian/gbp.conf: Switch to yakkety branch
* unit: sent change signal before removing the unit if necessary
(LP: #1632964)
* networkd: Fix assertion crash on adding VTI with IPv6 addresses
(LP: #1633274)
-- Martin Pitt <email address hidden> Wed, 26 Oct 2016 13:11:33 +0200
-
systemd (231-9git1) yakkety; urgency=medium
* systemctl: Add --wait option to wait until started units terminate again.
This is a prerequisite for using systemd for graphical sessions without
ugly polling.
* nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
This makes it possible to configure a fallback to "dns" without breaking
DNSSEC, with "resolve [!UNAVAIL=return] dns".
* libnss-resolve.postinst: Skip dns fallback if resolve is present.
Only fall back to "dns" if nss-resolve is not installed (for the
architecture of the calling program). Once it is, we never want to fall
back to "dns" as that breaks enforcing DNSSEC verification and also
pointlessly retries NXDOMAIN failures. (LP: #1624071)
-- Martin Pitt <email address hidden> Sun, 02 Oct 2016 10:33:11 +0200
-
systemd (231-9) unstable; urgency=medium
* pid1: process zero-length notification messages again.
Just remove the assertion, the "n" value was not used anyway. This fixes
a local DoS due to unprocessed/unclosed fds which got introduced by the
previous fix. (Closes: #839171) (LP: #1628687)
* pid1: Robustify manager_dispatch_notify_fd()
* test/networkd-test.py: Add missing writeConfig() helper function.
-- Martin Pitt <email address hidden> Thu, 29 Sep 2016 23:39:24 +0200
-
systemd (231-8) unstable; urgency=medium
[ Martin Pitt ]
* Replace remaining systemctl --failed with --state=failed
"--failed" is deprecated in favor of --state.
* debian/shlibs.local.in: More precisely define version of internal shared
lib.
* debian/tests/upstream: Drop blacklisting
These tests now work fine without qemu.
* debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737)
* upstream build system: Install libudev, libsystemd, and nss modules to
${rootlibdir}. Drop downstream workaround from debian/rules.
* Ubuntu: Disable resolved's DNSSEC for the final 16.10 release.
Resolved's DNSSEC support is still not mature enough, and upstream
recommends to disable it in stable distro releases still.
* Fix abort/DoS on zero-length notify message triggers (LP: #1628687)
* resolved: don't query domain-limited DNS servers for other domains
(LP: #1588230)
[ Antonio Ospite ]
* Update systemd-user pam config to require pam_limits.so.
(Closes: #838191)
-- Martin Pitt <email address hidden> Thu, 29 Sep 2016 13:40:21 +0200
-
systemd (231-7ubuntu1) yakkety; urgency=medium
* SECURITY UPDATE: zero-length notify message triggers abort/denial of
service
- systemd-dont_assert_on_zero_length_message-lp1628687.patch: change
assert to simple return + log (LP: #1628687)
- Thanks to Jorge Niedbalski <email address hidden> for
the patch.
-- Steve Beattie <email address hidden> Wed, 28 Sep 2016 18:34:08 -0700
-
systemd (231-7) unstable; urgency=medium
[ Michael Biebl ]
* fsckd: Do not exit on idle timeout if there are still clients connected
(Closes: #788050, LP: #1547844)
[ Martin Pitt ]
* 73-usb-net-by-mac.rules: Split kernel command line import line.
Reportedly this makes the rule actually work on some platforms. Thanks Alp
Toker! (LP: #1593379)
* debian/tests/boot-smoke: Only run 5 iterations
* systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
Drop corresponding libcap2-bin dependency.
* debian/tests/systemd-fsckd: Robustify check for "unit was running"
(LP: #1624406)
* debian/extra/set-cpufreq: Use powersave with intel_pstate.
This is what we did on xenial, and apparently powersave is still actually
better than performance. Thanks to Doug Smythies for the measurements!
(LP: #1579278)
* Ubuntu: Move ondemand.service from static to runtime enablement.
This makes it easier to keep performance, by disabling ondemand.service.
Side issue in LP: #1579278
* Revert "networkd: remove route if carrier is lost"
This causes networkd to drop addresses from unmanaged interfaces in some
cases. (Closes: #837759)
* debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service
* libnss-*.prerm: Remove possible [key=value] options from NSS modules as well.
(LP: #1625584)
-- Martin Pitt <email address hidden> Tue, 20 Sep 2016 15:03:06 +0200
-
systemd (231-6git1) yakkety; urgency=medium
Upload current Debian packaging git.
[ Michael Biebl ]
* fsckd: Do not exit on idle timeout if there are still clients connected
systemd-fsckd's event loop terminates if nothing happens for 30 seconds.
Exiting prematurely while fsck is still running but simply too slow to
send us progress updates would close the socket and fsck would receive
SIGPIPE when it writes to the socket. If this happens, the fsck process
is aborted and the file system check is not completed. (Closes: #788050)
(LP: #1547844)
[ Martin Pitt ]
* 73-usb-net-by-mac.rules: Split kernel command line import line.
Reportedly this makes the rule actually work on some platforms. Thanks Alp
Toker! (LP: #1593379)
* debian/tests/boot-smoke: Only run 5 iterations
* systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
Drop corresponding libcap2-bin dependency.
* debian/tests/systemd-fsckd: Robustify check for "unit was running"
(LP: #1624406)
* debian/extra/set-cpufreq: Use powersave with intel_pstate.
This is what we did on xenial, and apparently powersave is still actually
better than performance. Thanks to Doug Smythies for the measurements!
(LP: #1579278)
* Ubuntu: Move ondemand.service from static to runtime enablement.
This makes it easier to keep performance, by disabling ondemand.service.
Side issue in LP: #1579278
-- Martin Pitt <email address hidden> Mon, 19 Sep 2016 22:37:51 +0200
-
systemd (231-6) unstable; urgency=medium
[ Martin Pitt ]
* Add alternative iptables-dev build dependencies
libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases.
Add it as a fallback build dependency for backports and upstream tests.
* Detect if seccomp is enabled but seccomp filtering is disabled
(Closes: #832713)
* resolved: recognize DNS names with more than one trailing dot as invalid
(LP: #1600000)
* debian/tests/smoke: Store udev db dump artifact on failure
* networkd: limit the number of routes to the kernel limit
* systemctl: consider service running only when it is in active or reloading state
* networkd: remove route if carrier is lost
* Add Ref()/Unref() bus calls for units
[ Felipe Sateler ]
* git-cherry-pick: always recreate the patch-queue branch.
[ Dimitri John Ledkov ]
* Use idiomatic variables from dpkg include.
-- Martin Pitt <email address hidden> Sun, 11 Sep 2016 15:00:55 +0200
-
systemd (231-5) unstable; urgency=medium
[ Iain Lane ]
* Let graphical-session-pre.target be manually started (LP: #1615341)
[ Felipe Sateler ]
* Add basic version of git-cherry-pick
* Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream
patch
* sysv-generator: better error reporting. (Closes: #830257)
[ Martin Pitt ]
* 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more
efficiently. Stop calling readlink at all and just test if
/etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to
disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e.
empty file), and if the rule is customized we cannot really predict anyway
if the user wants MAC-based USB net names or not. (LP: #1615021)
* Ship kernel-install (Closes: #744301)
* Add debian/extra/kernel-install.d/60-initrd.install.
This kernel-install drop-in copies the initrd of the selected kernel to
the EFI partition.
* bootctl: Automatically detect ESP partition.
This makes bootctl work with Debian's /boot/efi/ mountpoint without having
to explicitly specify --path.
Patches cherry-picked from upstream master.
* systemd.NEWS: Point out that alternatively rcS scripts can be moved to
rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion!
[ Michael Biebl ]
* Enable iptables support (Closes: #787480)
* Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
The special 'key handling' inhibitors should always work regardless of
any *IgnoreInhibited settings – otherwise they're nearly useless.
Update man pages to clarify that *KeyIgnoreInhibited only apply to a
subset of locks (Closes: #834148)
-- Martin Pitt <email address hidden> Fri, 26 Aug 2016 10:58:07 +0200
-
systemd (231-4ubuntu1) yakkety; urgency=medium
* debian/patches/units-graphical-session-pre-dont-refusemanualstart.patch:
Add a new patch to let graphical-session-pre.target be manually started
for now (LP: #1615341)
-- Iain Lane <email address hidden> Sun, 21 Aug 2016 13:46:28 +0100
-
systemd (231-4) unstable; urgency=medium
* Revert "pid1: reconnect to the console before being re-executed"
This unbreaks consoles after "daemon-reexec". (Closes: #834367)
-- Martin Pitt <email address hidden> Thu, 18 Aug 2016 07:03:13 +0200
-
systemd (231-3) unstable; urgency=medium
* resolved resolvconf integration: Run resolvconf without privilege restrictions.
On some architectures (at least ppc64el), running resolvconf does not work with
MemoryDenyWriteExecute=yes. (LP: #1609740)
* Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented
through seccomp as well. (Closes: #832713)
-- Martin Pitt <email address hidden> Mon, 15 Aug 2016 09:58:09 +0200
-
systemd (231-2) unstable; urgency=medium
[ Martin Pitt ]
* debian/rules: Fix UPSTREAM_VERSION for upstream master builds
* Limit "link against /usr" check to some critical binaries only and add generators
* debian/rules: Put back cleanup of *.busname (Closes: #833487)
* debian/tests/localed-x11-keymap: Robustify cleanup
* debian/tests/localed-x11-keymap: Check that localed works without /etc/default/keyboard.
This reproduces #833849.
* Revert "units: add a basic SystemCallFilter (#3471)"
This causes fatal failures on kernels that don't have seccomp enabled. This can
be reactivated once https://github.com/systemd/systemd/issues/3882 is fixed.
(Closes: #832713, #832893)
[ Simon McVittie ]
* localed: tolerate absence of /etc/default/keyboard.
The debian-specific patch to read Debian config files was not tolerating
the absence of /etc/default/keyboard. This causes systemd-localed to
fail to start on systems where that file isn't populated (like embedded
systems without keyboards). (Closes: #833849)
-- Martin Pitt <email address hidden> Sun, 14 Aug 2016 10:54:57 +0200
-
systemd (231-1) unstable; urgency=low
[ Martin Pitt ]
* New upstream release 231:
- Fix "Failed to create directory /str/sys/fs/selinux: Read-only file
system" warning. (Closes: #830693)
* systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal
leftover. (Closes: #830778)
* Drop support for rcS.d SysV init scripts.
These are prone to cause dependency loops, and almost all packages with
rcS scripts now ship a native systemd service.
* networkd: Handle router advertisements in userspace again.
Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch.
Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793
are unreproducible and need more reporter feedback.
* debian/gbp.conf: Enable dch options "full" and "multimaint-merge"
* systemd-sysv: Add Conflicts: systemd-shim.
To avoid shim trying to claim the D-Bus interfaces.
* Add graphical-session.target user unit.
* Add graphical-session-pre.target user unit
* Add debian/extra/units-ubuntu/user@.service.d/timeout.conf.
This avoids long hangs during shutdown if user services fail/hang due to
X.org going away too early. This is mostly a workaround, so only install
for Ubuntu for now.
* Dynamically add upstream version to debian/shlibs.local
* Set Debian/Ubuntu downstream support URL in journal catalogs
(Closes: #769187)
[ Michael Biebl ]
* Restrict Conflicts: openrc to << 0.20.4-2.1.
Newer versions of openrc no longer ship conflicting implementations of
update-rc.d/invoke-rc.d.
* Add Depends: dbus to systemd-container.
This is required for systemd-machined and systemd-nspawn to work
properly. (Closes: #830575)
* Drop insserv.conf generator.
We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and
augment services with that dependency information via runtime drop-in
files. Services which want to provide certain system facilities need to
pull in the corresponding targets themselves. Either directly in the
native service unit or by shipping a drop-in snippet for SysV init
scripts. (Closes: #825858)
* getty-static.service: Only start if we have a working VC subsystem.
Use ConditionPathExists=/dev/tty0, the same check as in getty@.service,
to determine whether we have a functional VC subsystem and we should
start any gettys. (Closes: #824779)
* Stop mentioning snapshot and restore in the package description.
Support for the .snapshot unit type has been removed upstream.
* Drop sigpwr-container-shutdown.service.
This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3
to shut down systemd based LXC containers.
https://github.com/lxc/lxc/pull/1086
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
[ Felipe Sateler ]
* Add versioned breaks for packages shipping rcS init scripts
-- Martin Pitt <email address hidden> Tue, 26 Jul 2016 12:17:14 +0200
-
systemd (230-7) unstable; urgency=medium
* Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise
dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a
shlibs file for it.
* Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols.
This ensures proper dependencies when a package has a Build-Depends on a
higher version of libudev-dev or libsystemd-dev then what it gets from the
used symbols.
-- Michael Biebl <email address hidden> Fri, 08 Jul 2016 13:04:33 +0200
-
systemd (230-6) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/boot-smoke: Stop running in containers again, too unreliable
on Ubuntu s390x right now.
[ Michael Biebl ]
* Bump Build-Depends on debhelper to (>= 9.20160114), required for
--dbgsym-migration support.
* Install test-udev binary into $libdir/udev/ not $libdir. Only libraries
should be installed directly into $libdir.
* Exclude libsystemd-shared from dh_makeshlibs.
[ Felipe Sateler ]
* Do not install libsystemd-shared.so symlink
* {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144)
[ Michael Prokop ]
* debian/tests/logind: Ensure correct version of logind is running.
-- Michael Biebl <email address hidden> Thu, 07 Jul 2016 15:22:16 +0200
-
systemd (230-5) unstable; urgency=medium
[ Martin Pitt ]
* Sync test/networkd-test.py with current upstream master, and remove our
debian/tests/networkd copy. Directly run test/networkd-test.py in
autopkgtest.
* debian/extra/rules/73-usb-net-by-mac.rules: Disable when
/etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be
consistent with the documented way to disable ifnames. (Closes: #824491,
LP: #1593379)
* debian/rules: Ignore libcap-ng.so in the "does anything link against /usr"
check, to work around libaudit1 recently gaining a new dependency against
that library (#828991). We have no influence on that ourselves. This fixes
the FTBFS in the meantime.
[ Felipe Sateler ]
* Convert common code into a private shared library. This saves about 9 MB
of installed size in the systemd package, and some more in systemd-*.
-- Martin Pitt <email address hidden> Fri, 01 Jul 2016 09:15:12 +0200
-
systemd (230-4) unstable; urgency=medium
[ Martin Pitt ]
* tmp.mount: Add nosuid and nodev mount options. This restores compatibility
with the original SysV int RAMTMP defaults. (Closes: #826377)
* debian/tests/upstream: Some tests fail on platforms without QEMU at the
moment due to upstream PR#3587; blacklist these for now if QEMU is not
available.
* debian/rules: Don't run the "anything links against /usr" check for
upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have
libidn moved to /lib.
* debian/tests/upstream: Clean up old journals before running a test, to
avoid printing a wrong one on failure.
* debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on
i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the
only place where these actually run.
* resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to
disable local caching.
* resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489)
* resolved: Update resolv.conf when calling SetLinkDNS().
* debian/tests/storage: Sync and settle udev after luksFormat, to reduce the
chance of seeing some half-written signatures.
* debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression
seems to have been fixed now.
* resolved: respond to local resolver requests on 127.0.0.53:53. This
provides compatibility with clients that don't use NSS but do DNS queries
directly, such as Chrome.
* resolved: Don't add route-only domains to /etc/resolv.conf.
* systemd-resolve: Add --flush-caches and --status commands.
* Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell
resolvconf about resolved's builtin DNS server on 127.0.0.53. With that,
DNS servers picked up via networkd are respected when using resolvconf,
and software like Chrome that does not do NSS (libnss-resolve) still gets
proper DNS resolution. Drop the brittle and ugly
systemd-networkd-resolvconf-update.{path,service} hack instead.
* debian/tests/boot-smoke: Run in containers as well.
[ Laurent Bigonville ]
* Build with IDN support. (Closes: #814528)
-- Martin Pitt <email address hidden> Wed, 29 Jun 2016 15:23:32 +0200
-
systemd (230-3git1) yakkety; urgency=medium
Upload current Debian packaging git to fix tests.
[ Martin Pitt ]
* tmp.mount: Add nosuid and nodev mount options. This restores compatibility
with the original SysV int RAMTMP defaults. (Closes: #826377)
* debian/tests/upstream: Some tests fail on platforms without QEMU at the
moment due to upstream PR#3587; blacklist these for now if QEMU is not
available.
* debian/rules: Don't run the "anything links against /usr" check for
upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have
libidn moved to /lib.
* debian/tests/upstream: Clean up old journals before running a test, to
avoid printing a wrong one on failure.
* debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on
i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the
only place where these actually run.
[ Laurent Bigonville ]
* Build with IDN support. (Closes: #814528)
-- Martin Pitt <email address hidden> Thu, 23 Jun 2016 10:51:14 +0200
-
systemd (230-3) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed
systemctl exit code for "unit not found" in upstream commit ca473d57.
* debian/tests/boot-and-services, test_no_failed(): Show journal of failed
units.
* debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl
show behaviour in 231: now this fails for nonexisting units instead of
succeeding with "not-found". Make the code compatible to both for now.
* Fix networkd integration with resolvconf for domain-limited DNS servers,
so that these don't appear as global nameservers in resolv.conf. Thanks
Andy Whitcroft for the initial fix! Add corresponding test case to
debian/tests/networkd. (LP: #1587762)
* resolved: Fix comments in resolve.conf for search domain overflows.
(LP: #1588229)
* On Ubuntu, provide an "ondemand.service" that replaces
/etc/init.d/ondemand. The latter does not exist any more when
"initscripts" falls out of the default installation. (LP: #1584124) This
now does not do a fixed one-minute wait but uses "Type=idle" instead. This
also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old),
as on these the ondemand/powersave schedulers are actually detrimental.
(LP: #1579278)
* debian/systemd-container.install: Drop *.busname installation, they are
going away upstream.
* debian/extra/init-functions.d/40-systemd: Do not call systemctl
daemon-reload if the script is called as user (like reportbug does). Also
make sure that daemon-reload will not invoke polkit.
* Install test-udeb from .libs, to avoid installing the automake shell
wrapper.
* Fix transaction restarting in resolved to avoid async processing of
free'd transactions.
(Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740)
* Add "upstream" autopkgtest that runs the test/TEST* upstream integration
tests in QEMU and nspawn.
* Build systemd-sysusers binary, for using in rkt. Do not ship the
corresponding unit and sysusers.d/ files yet, as these need some
Debianization and an autopkgtest. (Closes: #823322)
* debian/tests/systemd-fsckd: Adjust was_running() to also work for version
230.
[ Michael Biebl ]
* Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState
of a service is "not-found". This will run systemd-sysv-generator, so SysV
init scripts that aren't installed by the package manager should be picked
up automatically. (Closes: #825913)
* automount: handle expire_tokens when the mount unit changes its state.
(Closes: #826512)
* debian/systemd.preinst: Correctly determine whether a service is enabled.
Testing for the return code alone is not sufficient as we need to
differentiate between "generated" and "enabled" services.
(Closes: #825981)
[ Felipe Sateler ]
* Drop configure option --disable-compat-libs. It no longer exists.
* Add policykit-1 to Suggests. It is used to allow unprivileged users to
execute certain commands. (Closes: #827756)
-- Martin Pitt <email address hidden> Tue, 21 Jun 2016 23:51:07 +0200
-
systemd (230-2git1) yakkety; urgency=medium
[ Martin Pitt ]
* debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed
systemctl exit code for "unit not found" in upstream commit ca473d57.
* debian/tests/boot-and-services, test_no_failed(): Show journal of failed
units.
* debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl
show behaviour in 231: now this fails for nonexisting units instead of
succeeding with "not-found". Make the code compatible to both for now.
* resolved: Disable DNSSEC by default again, until the various crashes get
fixed. (LP: #1587727, #1587740, #1587762, #1587740)
* Fix networkd integration with resolvconf for domain-limited DNS servers,
so that these don't appear as global nameservers in resolv.conf. Thanks
Andy Whitcroft for the initial fix! Add corresponding test case to
debian/tests/networkd. (LP: #1587762)
[ Michael Biebl ]
* Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState
of a service is "not-found". This will run systemd-sysv-generator, so SysV
init scripts that aren't installed by the package manager should be picked
up automatically. (Closes: #825913)
-- Martin Pitt <email address hidden> Thu, 02 Jun 2016 11:18:32 +0200
-
systemd (230-2) unstable; urgency=medium
[ Martin Pitt ]
* Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there
it does not use hotplug.functions and is a lower version.
* boot-and-services autopkgtest: Add missing xserver-xorg and
lightdm-greeter test dependencies, so that lightdm can start.
(See LP #1581106)
* Re-disable logind's KillUserProcesses option by default. (Closes: #825394)
[ Michael Biebl ]
* Drop --disable-silent-rules from debian/rules. This is now handled by dh
directly depending on whether the DH_QUIET environment variable is set.
-- Martin Pitt <email address hidden> Tue, 31 May 2016 12:02:14 +0200
-
systemd (230-1git1) yakkety; urgency=medium
* Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there
it does not use hotplug.functions and is a lower version.
* boot-and-services autopkgtest: Add missing xserver-xorg and
lightdm-greeter test dependencies, so that lightdm can start.
(See LP #1581106)
-- Martin Pitt <email address hidden> Wed, 25 May 2016 09:37:41 +0200
-
systemd (230-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release 230.
- Fix rare assertion failure in hashmaps. (Closes: #816612)
- Fix leaking scope units. (Closes: #805477)
- Fix wrong socket ownership after daemon-reload. (LP: #1577001)
- udev: Fix touch screen detection. (LP: #1530384)
* Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu
16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu
now.
* udev: Drop hotplug.functions, now that the last remaining user of this got
fixed. Add appropriate versioned Breaks:.
* debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices
from different vendors. Thanks Atoyama Tokanawa.
* Remove "bootchart" autopkgtest, this upstream version does not ship
bootchart any more. It will be packaged separately.
[ Michael Biebl ]
* Drop obsolete --disable-bootchart configure switch from udeb build.
* Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades.
-- Martin Pitt <email address hidden> Mon, 23 May 2016 09:42:51 +0200
-
systemd (229-6ubuntu1) yakkety; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- Hack to support system-image read-only /etc, and modify files in
/etc/writable/ instead.
systemd (229-6) unstable; urgency=medium
* systemd-container: Prefer renamed "btrfs-progs" package name over
"btrfs-tools". (Closes: #822629)
* systemd-container: Recommend libnss-mymachines. (Closes: #822615)
* Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages.
* Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't
need $x-display-manager any more as most/all DMs ship native services, and
$mail-transport-agent is not widely used (not even by our default MTA
exim4).
* Unify our two patches for Debian specific configuration files.
* Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in
its own slave mount name space again. laptop-mode-tools 1.68 fixed the
original bug (#762018), thus add a Breaks: to earlier versions.
* Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/;
remove the conffile on upgrades.
* Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got
committed upstream.
* Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch
that got committed upstream.
* debian/udev.README.Debian: Adjust documentation of MAC based naming for
USB network cards to the udev rule, where this was moved to in 229-5.
* debian/extra/init-functions.d/40-systemd: Invoke status command with
--no-pager, to avoid blocking scripts that call an init.d script with
"status" with an unexpected pager process. (Closes: #765175, LP: #1576409)
* Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
accessible to the user session. This avoids having to install libu2f-host0
(which isn't discoverable at all) to make those devices work.
(LP: #1387908)
* libnss-resolve: Enable systemd-resolved.service on package installation,
as this package makes little sense without resolved.
* Add a DHCP exit hook for pushing received NTP servers into timesyncd.
(LP: #1578663)
* debian/udev.postinst: Fix migration check from the old persistent-net
generator to not apply to chroots. (Closes: #813141)
* Revert "enable TasksMax= for all services by default, and set it to 512".
Introducing a default limit on number of threads broke a lot of software
which regularly needs more, such as MySQL and RabbitMQ, or services that
spawn off an indefinite number of subtasks that are not in a scope, like
LXC or cron. 512 is way too much for most "simple" services, and it's way
too little for the ones mentioned above. Effective (and much stricter)
limits should instead be put into units individually.
(Closes: #823530, LP: #1578080)
* Split out udev rule to name USB network interfaces by MAC address into
73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025)
* 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the
kernel command line, to be consistent with disabling the *.link files.
* 73-special-net-names.rule: Name the IBM integrated management module
virtual USB network card "ibmimm". Thanks Marco d'Itri!
-- Martin Pitt <email address hidden> Thu, 12 May 2016 10:30:59 +0200
-
systemd (229-5ubuntu1) yakkety; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- Hack to support system-image read-only /etc, and modify files in
/etc/writable/ instead.
systemd (229-5) unstable; urgency=medium
* debian/tests/unit-config: Call "daemon-reload" to clean up generated units
in between tests.
* debian/tests/unit-config: Check that enable/disable commands are
idempotent.
* debian/tests/unit-config: Detect if system units are in /usr/, so that the
test works on systems with merged /usr.
* debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d
directly, so that the test works under Fedora too.
* debian/tests/unit-config: Check disabling of a "systemctl link"ed unit,
and check "systemctl enable" on a unit with full path which is not in the
standard directories.
* Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as
it is going to get rules for other devices. Also install it into the
initramfs.
* debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based
naming schema for ibmveth devices. (LP: #1561096)
* Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper
devices with "change" events, as this causes spurious unmounting with
multipath devices. (LP: #1565969)
* Fix bogus "No [Install] section" warning when enabling a unit with full
path. (LP: #1563590)
* debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages
from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog
by default any more.
* Bump Standards-Version to 3.9.8 (no changes necessary).
* debian/tests/boot-smoke: Add some extra debugging if there are pending
jobs after 10s, to figure out why lightdm is sometimes "restarting".
(for LP #1571673)
* debian/tests/boot-smoke: Configure dummy X.org driver (like in the
boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673)
* Move Debian specific patches into debian/patches/debian (which translates
to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian
patches separated without the comments in debian/patches/series (which
always get removed by "pq export").
* Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't
supported in Debian. (Closes: #822198)
* udev: Mark nbd as inactive until connected. (Closes: #812485)
* On shutdown, unmount /tmp before disabling swap. (Closes: #788303)
* debian/systemd-coredump.postinst: Do daemon-reload before starting
systemd-coredump, as the unit file may have changed on upgrades.
(Closes: #820325)
* Set MAC based name for USB network interfaces only for universally
administered (i. e. stable) MACs, not for locally administered (i. e.
randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link
(as link files don't currently support globs for MACAddress=) and replace
with an udev rule in /lib/udev/rules.d/73-special-net-names.rules.
(Closes: #812575, LP: #1574483)
-- Martin Pitt <email address hidden> Mon, 25 Apr 2016 13:18:04 +0200
-
systemd (229-4ubuntu4) xenial; urgency=medium
* 73-special-net-names.rules: Further refine ibmveth naming.
-- Martin Pitt <email address hidden> Tue, 12 Apr 2016 12:06:30 +0200
