~ddstreet/ubuntu/+source/systemd:lp1838329-b

Last commit made on 2020-04-16
Get this branch:
git clone -b lp1838329-b https://git.launchpad.net/~ddstreet/ubuntu/+source/systemd
Only Dan Streetman can upload to this branch. If you are Dan Streetman please log in for upload directions.

Branch merges

Branch information

Name:
lp1838329-b
Repository:
lp:~ddstreet/ubuntu/+source/systemd

Recent commits

486d19d... by Dan Streetman on 2020-04-16

update changelog

cb443f9... by Dan Streetman on 2020-04-16

LP: #1838329

9d13211... by Dan Streetman on 2020-02-06

Import patches-unapplied version 237-3ubuntu10.39 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 869f3912260152be11974c6824c43ced332cffce

New changelog entries:
  [ Dariusz Gadomski ]
  * d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch,
    d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch,
    d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch,
    d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch,
    d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
    d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch,
    d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch,
    d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
    - Restore call to pam_setcred (LP: #1762391)
  [ Ioanna Alifieraki ]
  * d/p/lp1860548/0001-Revert-Replace-use-of-snprintf-with-xsprintf.patch,
    d/p/lp1860548/0002-job-truncate-unit-description.patch:
    - use snprintf instead of xsprintf (LP: #1860548)
  [ Dan Streetman ]
  * d/p/lp1833193-network-update-address-when-static-address-was-alrea.patch:
    - Update lft when static addr was cfg by dhcp (LP: #1833193)
  * d/p/lp1849261/0001-core-when-we-can-t-enqueue-OnFailure-job-show-full-e.patch,
    d/p/lp1849261/0002-core-don-t-trigger-OnFailure-deps-when-a-unit-is-goi.patch:
    - Only trigger OnFailure= if Restart= is not in effect (LP: #1849261)
  * d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
    - set ipv6 mtu at correct time (LP: #1671951)
  * d/p/lp1845909/0001-networkd-honour-LinkLocalAddressing.patch,
    d/p/lp1845909/0002-networkd-fix-link_up-12505.patch,
    d/p/lp1845909/0003-network-do-not-send-ipv6-token-to-kernel.patch,
    d/p/lp1845909/0004-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
    d/p/lp1845909/0005-network-add-link-setting_genmode-flag.patch,
    d/p/lp1845909/0006-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
    d/p/lp1845909/0007-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch,
    d/p/lp1845909/0008-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch:
    - if LinkLocalAddressing=no prevent creation of ipv6ll (LP: #1845909)
  * d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch:
    - enable ipv6 when needed (LP: #1859862)
  * d/p/lp1836695-networkd-Add-back-static-routes-after-DHCPv4-lease-e.patch:
    - (re)add static routes after getting dhcp4 addr (LP: #1836695)
  * d/t/storage:
    - fix buggy test (LP: #1831459)
    - without scsi_debug, skip test (LP: #1847816)

869f391... by Marc Deslauriers on 2020-02-04

Import patches-unapplied version 237-3ubuntu10.38 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 785cac75569b3b5bb5c2b5064ac8b5691b863f85

New changelog entries:
  * SECURITY UPDATE: local privilege escalation via DynamicUser
    - debian/patches/CVE-2019-384x-1.patch: introduce
      seccomp_restrict_suid_sgid() for blocking chmod() for suid/sgid files
      in src/shared/seccomp-util.c, src/shared/seccomp-util.h.
    - debian/patches/CVE-2019-384x-2.patch: add test case for
      restrict_suid_sgid() in src/test/test-seccomp.c.
    - debian/patches/CVE-2019-384x-3.patch: expose SUID/SGID restriction as
      new unit setting RestrictSUIDSGID= in src/core/dbus-execute.c,
      src/core/execute.c, src/core/execute.h,
      src/core/load-fragment-gperf.gperf.m4, src/shared/bus-unit-util.c.
    - debian/patches/CVE-2019-384x-4.patch: document the new
      RestrictSUIDSGID= setting in man/systemd.exec.xml.
    - debian/patches/CVE-2019-384x-5.patch: turn on RestrictSUIDSGID= in
      most of our long-running daemons in units/systemd-*.service.in.
    - debian/patches/CVE-2019-384x-6.patch: imply NNP and SUID/SGID
      restriction for DynamicUser=yes service in man/systemd.exec.xml,
      src/core/unit.c.
    - debian/patches/CVE-2019-384x-7.patch: fix compilation on arm64 in
      src/test/test-seccomp.c.
    - CVE-2019-3843
    - CVE-2019-3844
  * SECURITY UPDATE: memory leak in button_open
    - debian/patches/CVE-2019-20386.patch: fix event in
      src/login/logind-button.c.
    - CVE-2019-20386
  * SECURITY UPDATE: heap use-after-free with async polkit queries
    - debian/patches/CVE-2020-1712-1.patch: on async pk requests,
      re-validate action/details in src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-2.patch: introduce API for re-enqueuing
      incoming messages in src/libsystemd/libsystemd.sym,
      src/libsystemd/sd-bus/sd-bus.c, src/systemd/sd-bus.h.
    - debian/patches/CVE-2020-1712-3.patch: when authorizing via PK
      re-resolve callback/userdata instead of caching it in
      src/shared/bus-util.c.
    - debian/patches/CVE-2020-1712-4.patch: fix typo in function name in
      src/libsystemd/libsystemd.sym, src/libsystemd/sd-bus/sd-bus.c,
      src/systemd/sd-bus.h, src/shared/bus-util.c.
    - debian/libsystemd0.symbols: added new symbols.
    - CVE-2020-1712
  * This package does _not_ contain the changes from 237-3ubuntu10.34 in
    bionic-proposed.

785cac7... by Dan Streetman on 2019-11-15

Import patches-unapplied version 237-3ubuntu10.33 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c7f151f14afc1eaa31d5a25114404201df8b51e3

New changelog entries:
  * d/p/lp1852754/0001-network-do-not-re-set-MTU-when-current-and-requested.patch,
    d/p/lp1852754/0002-network-call-link_acquire_conf-and-link_enter_join_n.patch,
    d/p/lp1852754/0003-network-prohibit-to-set-MTUBytes-and-UseMTU-simultan.patch:
    - Complete link setup after setting mtu (LP: #1852754)

c7f151f... by Dan Streetman on 2019-10-04

Import patches-unapplied version 237-3ubuntu10.32 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: f16b6caea574baab7338c8e3d28bd8886caddb22

New changelog entries:
  [ Victor Tapia ]
  * d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch
    Fix regression introduced by
    resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch when
    DNSSEC=yes (LP: #1796501)
  [ Dan Streetman ]
  * d/p/fix-typo-lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch:
    - Fix typo in previous patch
  * d/p/lp1840640-shared-seccomp-add-sync_file_range2.patch:
    - allow sync_file_range2 in nspawn container
      (LP: #1840640)
  * d/p/lp1783994-dissect-Don-t-count-RPMB-and-boot-partitions-8609.patch:
    - avoid systemd-gpt-auto-generator failure if mmc dev present
      (LP: #1783994)
  * d/p/lp1832672-resolved-rework-parsing-of-etc-hosts.patch:
    - do not fail entire file on error when parsing /etc/hosts
    - parse # char anywhere in line as start of comment
      (LP: #1832672)
  * d/p/lp1843381-dell_passthrough_skip_rename_retry.patch,
    debian/extra/rules/73-usb-net-by-mac.rules:
    - fix rename delay for systems using "Dell MAC passthrough"
      (LP: #1843381)
  * d/p/lp1849733/0001-resolved-longlived-TCP-connections.patch,
    d/p/lp1849733/0002-resolved-line-split-dns_stream_new-function-signatur.patch,
    d/p/lp1849733/0003-resolved-add-some-assert-s.patch,
    d/p/lp1849733/0004-stream-track-type-of-DnsStream-object.patch,
    d/p/lp1849733/0005-llmnr-add-comment-why-we-install-no-complete-handler.patch,
    d/p/lp1849733/0006-resolved-restart-stream-timeout-whenever-we-managed-.patch,
    d/p/lp1849733/0007-resolved-only-call-complete-with-zero-argument-in-LL.patch,
    d/p/lp1849733/0008-resolved-add-comment-to-dns_stream_complete-about-it.patch,
    d/p/lp1849733/0009-resolved-keep-stub-stream-connections-up-for-as-long.patch,
    d/p/lp1849733/0010-resolved-if-we-can-t-append-EDNS-OPT-RR-then-indicat.patch,
    d/p/lp1849733/0011-resolved-don-t-let-EDNS0-OPT-dgram-size-affect-TCP.patch,
    d/p/lp1849733/0012-resolved-add-new-accessor-dns_stream_take_read_packe.patch,
    d/p/lp1849733/0013-resolve-do-not-complete-stream-transaction-when-it-i.patch:
    - add TCP pipelining to handle getaddrinfo() fallback to TCP
    - ignore EDNS0 payload limit when responding over TCP (LP: #1849733)
  * d/p/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch:
    - Fix bug in refcounting TCP stream types (LP: #1849658)
  * d/p/lp1850704/0001-networkd-Unify-set-MTU.patch,
    d/p/lp1850704/0002-network-drop-redundant-lines.patch:
    - Fix setting mtu if interface already up (LP: #1850704)
  * d/extra/dhclient-enter-resolved-hook:
    - only restart resolved if dhclient conf changed (LP: #1805183)

f16b6ca... by Balint Reczey on 2019-09-30

Import patches-unapplied version 237-3ubuntu10.31 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: e4f0da794ff9053156e6a42fd120e217352aa8f6

New changelog entries:
  [ Dimitri John Ledkov ]
  * Add conflicts with upstart and systemd-shim. (LP: #1773859)
  * d/p/debian/UBUNTU-units-disable-journald-watchdog.patch
    - units: Disable journald Watchdog (LP: #1773148)
  * d/p/cryptsetup-add-support-for-sector-size-option-8881.patch
    - cryptsetup: add support for sector-size= option (LP: #1776626)
  * d/p/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
    - systemctl: correctly proceed to immediate shutdown if scheduling fails
      (LP: #1670291)
  * d/p/networkd-add-support-to-configure-IPv6-MTU-8664.patch
    - networkd: add support to set IPv6MTUBytes (LP: #1671951)

e4f0da7... by Shih-Yuan Lee on 2019-09-05

Import patches-unapplied version 237-3ubuntu10.29 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 0808861c62596ac74666d811e83a539bdf4520c8

New changelog entries:
  * d/p/d/Revert-udev-network-device-renaming-immediately-give.patch:
    - udev: add Revert-udev-network-device-renaming-immediately-give.patch back
      Dropping this patch will cause the persistent network regression.
      (LP: #1842651)

0808861... by Chris Coulson on 2019-08-29

Import patches-unapplied version 237-3ubuntu10.28 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: e93edb076b77e6e28e9ea070687b97279737cc16

New changelog entries:
  * SECURITY UPDATE: Unprivileged users are granted access to privileged
    systemd-resolved D-Bus methods
    - d/p/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch:
      drop trusted annotation from bus_open_system_watch_bind()
    - CVE-2019-15718

e93edb0... by Shih-Yuan Lee on 2019-08-07

Import patches-unapplied version 237-3ubuntu10.26 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: c0789391be44e7307eb4b14d5c50b7fbdf7e4b33

New changelog entries:
  [ You-Sheng Yang ]
  * d/p/d/Revert-udev-network-device-renaming-immediately-give.patch:
    - udev: drop Revert-udev-network-device-renaming-immediately-give.patch
      The removing patch was for the already deprecated
      "75-persistent-net-generator.rules" based interface renaming mechanism,
      and it's causing unnecessary problem when a system happends to NICs with
      same MAC address, e.g. Dell's MAC address pass-thru. (LP: #1837700)
  [ Shih-Yuan Lee (FourDollars) ]
  * d/p/hwdb-revert-airplane-mode-keys-handling-on-Dell.patch:
    - hwdb: revert airplane mode keys handling on Dell
      That reverts some commits those created double key events issues on some
      Dell laptops. (LP: #1740894)