* Fix an issue where IPv6 routes that specified PreferredSource
would not be added - upstream bug #5882. (LP: #1812760)
- debian/patches/networkd-don-t-remove-ip-address.patch,
debian/patches/networkd-don-t-remove-route.patch: don't clear out all
IP addresses and routes when starting, only ones not in the config.
Required for the remaining patches to fully cover the field.
- debian/patches/Move-link_check_ready-to-later-in-the-file.patch,
debian/patches/Install-routes-after-addresses-are-ready.patch: wait
until addresses are ready (not tentative) before installing routes,
allowing routes with IPv6 source addresses to work.
New changelog entries:
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
entry for process commandline on the stack
- CVE-2018-16864
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
number of fields in a message
- CVE-2018-16865
* SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
- CVE-2018-16866
* Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
- add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
- update debian/patches/series
* Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
- add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
- update debian/patches/series
New changelog entries:
* SECURITY UPDATE: reexec state injection
- debian/patches/CVE-2018-15686.patch: when deserializing state always use
read_line(…, LONG_LINE_MAX, …) rather than fgets()
- CVE-2018-15686
* SECURITY UPDATE: chown_one() can dereference symlinks
- debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
- CVE-2018-15687
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
recursively through directory trees
- CVE-2018-6954
New changelog entries:
* SECURITY UPDATE: buffer overflow in dhcp6 client
- debian/patches/CVE-2018-15688.patch: make sure we have enough space
for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
- CVE-2018-15688
New changelog entries:
* debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin
to the kernel (we previously only set it in modprobe.d) LP: #1779815
New changelog entries:
* logind: backport v238/v239 fixes for handling DRM devices.
These changes introduce all the fixes that correct handling of open fd's
related to the DRM devices, as used by for example NVIDIA GPUs. This backport
includes some refactoring, corrections, and comment updates. This to insure
that correct history is preserved, code comments match reality, and to ease
backporting logind fixes in the future SRUs. (LP: #1777099)
* Disable dh_installinit generation of tmpfiles for the systemd package.
Replace with a manual safe call to systemd-tmpfiles which will process any
updates to the tmpfiles shipped by systemd package, taking into account any
overrides shipped by other packages, sysadmin, or specified in the runtime
directories. (LP: #1748147)
New changelog entries:
[ Dimitri John Ledkov ]
* hwdb: Fix wlan/rfkill keycode on Dell systems. (LP: #1762385)
* Cherrypick upstream fix for corrected detection of Virtualbox & Xen.
(LP: #1768104)
* Further improve captive portal workarounds.
Retry any NXDOMAIN results with lower feature levels, instead of just those
with 'secure' in the domain name. (LP: #1766969)
[ Michael Biebl ]
* Add dependencies of libsystemd-shared to Pre-Depends.
This is necessary so systemctl is functional at all times during a
dist-upgrade. (Closes: #897986) (LP: #1771791)
[ Mario Limonciello ]
* Fix hibernate disk offsets.
Configure resume offset via sysfs, to enable resume from a swapfile.
(LP: #1760106)