* SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to
incorrect Policykit authorization
- debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than
getenv() in pam_systemd.c
- CVE-2019-3842
[ Victor Tapia ]
* d/p/stop-mount-error-propagation.patch:
keep mount errors local to the failing mount point instead of
blocking the processing of all mounts (LP: #1755863)
[ Victor Tapia ]
* d/p/stop-mount-error-propagation.patch:
keep mount errors local to the failing mount point instead of
blocking the processing of all mounts (LP: #1755863)
[ Daniel Axtens ]
* Fix a bug where IPv6 routes that specified PreferredSource
would not be added - upstream bug #5882. (LP: #1812760)
- debian/patches/networkd-don-t-remove-ip-address.patch,
debian/patches/networkd-don-t-remove-route.patch: don't clear out all
IP addresses and routes when starting, only ones not in the config.
Required for the remaining patches to fully cover the field.
- debian/patches/Move-link_check_ready-to-later-in-the-file.patch,
debian/patches/Install-routes-after-addresses-are-ready.patch: wait
until addresses are ready (not tentative) before installing routes,
allowing routes with IPv6 source addresses to work.
core: set /run size to 10%, like initramfs-tools does.
Currently there is a difference between initrd and initrd-less boots,
w.r.t. size= mount option of /run. This yields different runtime journald caps
(1% vs 10%), and on dense deployments of containers may result in OOM kills.