Ubuntu
systemd package

Merge ~fourdollars/ubuntu/+source/systemd:ubuntu-bionic into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-bionic

  1. Git
  2. lp:~fourdollars/ubuntu/+source/systemd
  3. ubuntu-bionic
  4. Merge into ubuntu-bionic
Proposed by Shih-Yuan Lee
Status: Merged
Merge reported by: Robert Ancell
Merged at revision: c05e4dba3a3a2c48465bd63abc89f1c132f6ddf0
Proposed branch: ~fourdollars/ubuntu/+source/systemd:ubuntu-bionic
Merge into: ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-bionic
Diff against target: 162 lines (+127/-0)
4 files modified
debian/changelog (+19/-0)
debian/patches/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch (+31/-0)
debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch (+75/-0)
debian/patches/series (+2/-0)
Reviewer Review Type Date Requested Status
Robert Ancell Approve
Review via email: mp+372318@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Robert Ancell (robert-ancell) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index eaf374a..0900cd2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,22 @@
1systemd (237-3ubuntu10.29) bionic; urgency=medium
2
3 * d/p/d/Revert-udev-network-device-renaming-immediately-give.patch:
4 - udev: add Revert-udev-network-device-renaming-immediately-give.patch back
5 Dropping this patch will cause the persistent network regression.
6 (LP: #1842651)
7
8 -- Shih-Yuan Lee (FourDollars) <sylee@canonical.com> Thu, 05 Sep 2019 11:59:51 +0800
9
10systemd (237-3ubuntu10.28) bionic-security; urgency=medium
11
12 * SECURITY UPDATE: Unprivileged users are granted access to privileged
13 systemd-resolved D-Bus methods
14 - d/p/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch:
15 drop trusted annotation from bus_open_system_watch_bind()
16 - CVE-2019-15718
17
18 -- Chris Coulson <chris.coulson@canonical.com> Thu, 29 Aug 2019 23:30:33 +0100
19
1systemd (237-3ubuntu10.26) bionic; urgency=medium20systemd (237-3ubuntu10.26) bionic; urgency=medium
221
3 [ You-Sheng Yang ]22 [ You-Sheng Yang ]
diff --git a/debian/patches/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch b/debian/patches/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch
4new file mode 10064423new file mode 100644
index 0000000..8186f70
--- /dev/null
+++ b/debian/patches/0001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch
@@ -0,0 +1,31 @@
1From 35e528018f315798d3bffcb592b32a0d8f5162bd Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
3Date: Tue, 27 Aug 2019 19:00:34 +0200
4Subject: [PATCH] shared/but-util: drop trusted annotation from
5 bus_open_system_watch_bind_with_description()
6
7https://bugzilla.redhat.com/show_bug.cgi?id=1746057
8
9This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
10is also used in timesyncd, but it has no methods, only read-only properties, and
11in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
12polkit checks.
13---
14 src/shared/bus-util.c | 4 ----
15 1 file changed, 4 deletions(-)
16
17diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
18index 6af115e7aa..821339d4ae 100644
19--- a/src/shared/bus-util.c
20+++ b/src/shared/bus-util.c
21@@ -1705,10 +1705,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
22 if (r < 0)
23 return r;
24
25- r = sd_bus_set_trusted(bus, true);
26- if (r < 0)
27- return r;
28-
29 r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS);
30 if (r < 0)
31 return r;
diff --git a/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
0new file mode 10064432new file mode 100644
index 0000000..121c7c4
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
@@ -0,0 +1,75 @@
1From: Michael Biebl <biebl@debian.org>
2Date: Thu, 18 Jul 2013 01:04:07 +0200
3Subject: Revert "udev: network device renaming - immediately give up if the
4 target name isn't available"
5
6This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.
7
8We need to keep supporting systems with 75-persistent-net-generator.rules
9generated names for a while after switching to net.ifnames. Re-apply this old
10hack to make the renaming less likely to fail.
11---
12 src/udev/udev-event.c | 41 ++++++++++++++++++++++++++++++++++++++---
13 1 file changed, 38 insertions(+), 3 deletions(-)
14
15diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
16index d0befba..c3ed2da 100644
17--- a/src/udev/udev-event.c
18+++ b/src/udev/udev-event.c
19@@ -832,18 +832,53 @@ static int rename_netif(struct udev_event *event) {
20 char name[IFNAMSIZ];
21 const char *oldname;
22 int r;
23+ int loop;
24
25 oldname = udev_device_get_sysname(dev);
26
27 strscpy(name, IFNAMSIZ, event->name);
28
29+ r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
30+ if (r >= 0) {
31+ log_debug("renamed network interface %s to %s\n", oldname, name);
32+ goto out;
33+ }
34+
35+ /* keep trying if the destination interface name already exists */
36+ if (r != -EEXIST)
37+ goto out;
38+
39+ /* free our own name, another process may wait for us */
40+ snprintf(name, IFNAMSIZ, "rename%u", udev_device_get_ifindex(dev));
41 r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
42 if (r < 0)
43- return log_error_errno(r, "Error changing net interface name '%s' to '%s': %m", oldname, name);
44+ goto out;
45
46- log_debug("renamed network interface '%s' to '%s'", oldname, name);
47+ /* log temporary name */
48+ log_debug("renamed network interface %s to %s\n", oldname, name);
49
50- return 0;
51+ /* wait a maximum of 90 seconds for our target to become available */
52+ strscpy(name, IFNAMSIZ, event->name);
53+ loop = 90 * 20;
54+ while (loop--) {
55+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 };
56+
57+ nanosleep(&duration, NULL);
58+
59+ r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
60+ if (r >= 0) {
61+ log_debug("renamed network interface %s to %s\n", oldname, name);
62+ break;
63+ }
64+ if (r != -EEXIST)
65+ break;
66+ }
67+
68+out:
69+ if (r < 0)
70+ log_error("error changing net interface name '%s' to '%s': %s",
71+ oldname, name, strerror(-r));
72+ return r;
73 }
74
75 void udev_event_execute_rules(struct udev_event *event,
diff --git a/debian/patches/series b/debian/patches/series
index afe70cd..1ebfb43 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -42,6 +42,7 @@ debian/Add-run-initctl-support-to-SysV-compat-tools.patch
42debian/Add-note-to-udev.conf-that-changes-to-that-file-requ.patch42debian/Add-note-to-udev.conf-that-changes-to-that-file-requ.patch
43debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch43debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
44debian/Make-run-lock-tmpfs-an-API-fs.patch44debian/Make-run-lock-tmpfs-an-API-fs.patch
45debian/Revert-udev-network-device-renaming-immediately-give.patch
45debian/Add-support-for-TuxOnIce-hibernation.patch46debian/Add-support-for-TuxOnIce-hibernation.patch
46debian/Include-additional-directories-in-ProtectSystem.patch47debian/Include-additional-directories-in-ProtectSystem.patch
47debian/Re-enable-journal-forwarding-to-syslog.patch48debian/Re-enable-journal-forwarding-to-syslog.patch
@@ -122,3 +123,4 @@ lp1835581-src-network-networkd-dhcp4.c-set-prefsrc-for-classle.patch
122lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch123lp1668771-resolved-switch-cache-option-to-a-tri-state-option-s.patch
123lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch124lp1833671-networkd-keep-bond-slave-up-if-already-attached.patch
124hwdb-revert-airplane-mode-keys-handling-on-Dell.patch125hwdb-revert-airplane-mode-keys-handling-on-Dell.patch
1260001-shared-but-util-drop-trusted-annotation-from-bus_ope.patch

Subscribers

People subscribed via source and target branches