New changelog entries:
* systemd-stable: cherrypick many bugfixes from the v240-stable branch.
Includes many documentation fixes, memory safety (use after free, read
overruns, etc), networkd wireguard fixes, POSIX ACL fix which is preventing adm
group from reading journals (LP: #1824342), journal dropping caches
improvement, fixes regressions in udevadm / machinectl command line parsing.
Files:
- debian/patches/Add-missing-dash-to-all-option-in-the-timedatectl-man-pag.patch
- debian/patches/Add-note-about-transactions-being-genereated-independentl.patch
- debian/patches/Change-job-mode-of-manager-triggered-restarts-to-JOB_REPL.patch
- debian/patches/Fix-omission-in-docs.patch
- debian/patches/Log-the-job-being-merged.patch
- debian/patches/NEWS-document-deprecation-of-PermissionsStartOnly-in-v240.patch
- debian/patches/NEWS-retroactively-describe-.include-deprecation.patch
- debian/patches/Update-systemd-system.conf.xml.patch
- debian/patches/basic-prioq-add-prioq_peek_item.patch
- debian/patches/core-Fix-EOPNOTSUPP-emergency-action-error-string.patch
- debian/patches/core-Fix-return-argument-check-for-parse_emergency_action.patch
- debian/patches/core-mount-do-not-add-Before-local-fs.target-or-remote-fs.patch
- debian/patches/core-mount-move-static-function-earlier-in-file.patch
- debian/patches/curl-util-fix-use-after-free.patch
- debian/patches/ethtool-Make-sure-advertise-is-actually-set-when-autonego.patch
- debian/patches/journal-avoid-buffer-overread-when-locale-name-is-too-lon.patch
- debian/patches/journal-limit-the-number-of-entries-in-the-cache-based-on.patch
- debian/patches/journald-periodically-drop-cache-for-all-dead-PIDs.patch
- debian/patches/machinectl-fix-argument-index-in-error-log.patch
- debian/patches/man-Fix-a-typo-in-systemd.exec.xml.patch
- debian/patches/man-fix-reference.patch
- debian/patches/man-fix-volume-num-of-journalctl.patch
- debian/patches/man-update-DefaultDependency-in-systemd.mount-5.patch
- debian/patches/netlink-set-maximum-size-of-WGDEVICE_A_IFNAME.patch
- debian/patches/network-make-Link-and-NetDev-always-have-the-valid-poiter.patch
- debian/patches/network-unset-Network-manager-when-loading-.network-file-.patch
- debian/patches/network-wireguard-rename-and-split-set_wireguard_interfac.patch
- debian/patches/networkd-wait-for-kernel-to-reply-ipv6-peer-address.patch
- debian/patches/nspawn-ignore-SIGPIPE-for-nspawn-itself.patch
- debian/patches/pager-improve-english-a-bit.patch
- debian/patches/pid1-fix-cleanup-of-stale-implicit-deps-based-on-proc-sel.patch
- debian/patches/procfs-util-expose-functionality-to-query-total-memory.patch
- debian/patches/pull-fix-invalid-error-check.patch
- debian/patches/shared-Revert-commit-49fe5c099-in-parts-for-function-pars.patch
- debian/patches/shared-dissect-image-make-sure-that-we-don-t-truncate-dev.patch
- debian/patches/test-execute-unset-HOME-before-testing.patch
- debian/patches/udev-do-logging-before-setting-variables-to-NULL.patch
- debian/patches/udev-val-may-be-NULL-use-strempty.patch
- debian/patches/udevadm-info-a-should-enumerate-sysfs-attributes-not-envs.patch
- debian/patches/udevd-use-worker_free-on-failure-in-worker_new.patch
- debian/patches/units-make-sure-initrd-cleanup.service-terminates-before-.patch
- debian/patches/wait-online-do-not-fail-if-we-receive-invalid-messages.patch https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2b3db732ba7e5418d45ca42884e8d075189f2724
* Only test that gdm3 comes up on amd64. Stalls on other arches.
File: debian/tests/control https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=97cb13685dfb353045c449ec5d6d1df60f661079
* tests/storage: make the test more resilient.
Skip if the scsi_debug module is not available (like on custom kernels). Do not
fail the tests if removing the module fail, at the end of the test run.
File: debian/tests/storage https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c08dcb1ffe372acd3a21496758a1984ff78dcdd4
New changelog entries:
* virt: detect WSL environment as a container (LP: #1816753)
* debian/control: Update Vcs-{Browser|Git} to Ubuntu's packaging repository
* debian/gbp.conf: Set tag format to ubuntu/*
9b1d7bb...
by
Ioanna Alifieraki <email address hidden>
Import patches-unapplied version 240-6ubuntu2 to ubuntu/disco-proposed
New changelog entries:
* High urgency as this fixes a vulnerability.
[ Felipe Sateler ]
* Reenable pristine-tar in gbp.conf.
The pristine-tar bug has been fixed, so we can use it again.
This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e.
* d/watch: add version mangle to transform -rc to ~rc.
Upstream has started releasing rcs, so let's account for that
* Fix comment about why we disable hwclock.service.
Systemd nowadays doesn't do it itself because the kernel does it on its
own when necessary, and when not, it is not safe to save the hwclock (eg,
there is no certainty the system clock
is correct)
* udev: Backport upstream preventing mass killings when not running under
systemd (Closes: #918764)
[ Dimitri John Ledkov ]
* debian/tests/storage: improve cleanups.
On fast ppc64el machines, cryptsetup start job may not complete by the
time tearDown is executed. In that case stop, causes to simply cancel the
start job without actually cleaning up the dmsetup node. This leads to
failing subsequent test as it no longer starts with a clean device. Thus
ensure the systemd-cryptsetup unit is started, before stopping it.
Also rmmod scsi_debug module at the end, to allow re-running the test in a
loop.
* debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
* debian/tests/control: add socat to upstream tests for pull #11591
* Blacklist TEST-10-ISSUE-2467 #11706
* debian/tests/storage: fix for LUKS2 and avoid interactive password
prompts.
[ Martin Pitt ]
* udevadm: Fix segfault with subsystem-match containing '/'
(Closes: #919206)
* sd-bus: if we receive an invalid dbus message, ignore and proceed
* sd-bus: enforce a size limit on D-Bus object paths.
This avoids accessing/modifying memory outside of the allocated stack
region by sending specially crafted D-Bus messages with very large object
paths.
Vulnerability discovered by Chris Coulson <email address hidden>,
patch provided by Riccardo Schirone <email address hidden>.
(CVE-2019-6454)
New changelog entries:
[ Benjamin Drung ]
* Fix shellcheck issues in initramfs-tools scripts
[ Michael Biebl ]
* Import patches from v240-stable branch (up to f02b5472c6)
- Fixes a problem in logind closing the controlling terminal when using
startx. (Closes: #918927)
- Fixes various journald vulnerabilities via attacker controlled alloca.
(CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
* sd-device-monitor: Fix ordering of setting buffer size.
Fixes an issue with uevents not being processed properly during coldplug
stage and some kernel modules not being loaded via "udevadm trigger".
(Closes: #917607)
* meson: Stop setting -fPIE globally.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
(Closes: #909396)
New changelog entries:
* udev.init: Trigger add events for subsystems.
Update the SysV init script and mimic the behaviour of the initramfs and
systemd-udev-trigger.service which first trigger subsystems and then
devices during the coldplug stage.
* udevadm: Refuse to run trigger, control, settle and monitor commands in
chroot (Closes: #917633)
* network: Set link state configuring before setting addresses.
Fixes a crash in systemd-networkd caused by an assertion failure.
(Closes: #918658)
* libudev-util: Make util_replace_whitespace() read only len characters.
Fixes a regression where /dev/disk/by-id/ names had additional
underscores.
* man: Update color of journal logs in DEBUG level (Closes: #917948)
* Remove old state directory of systemd-timesyncd on upgrades.
Otherwise timesyncd will fail to update the clock file if it was created
as /var/lib/private/systemd/timesync/clock.
This was the case when the service was using DynamicUser=yes which it no
longer does in v240. (Closes: #918190)