New changelog entries:
* SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to
incorrect Policykit authorization
- debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than
getenv() in pam_systemd.c
- CVE-2019-3842
New changelog entries:
[ Michael Vogt ]
* d/p/fix-race-daemon-reload-11121.patch:
- backport systemd upstream PR#8803 and PR#11121 to fix race
when doing systemctl and systemctl daemon-reload at the
same time LP: #1819728
[ Balint Reczey ]
* d/p/virt-detect-WSL-environment-as-a-container.patch:
- virt: detect WSL environment as a container (LP: #1816753)
New changelog entries:
* d/p/fix-race-daemon-reload-8803.patch:
- backport systemd upstream PR#8803 to fix race when doing
systemctl and systemctl daemon-reload at the same time
LP: #1819728
New changelog entries:
[ Victor Tapia ]
* d/p/stop-mount-error-propagation.patch:
keep mount errors local to the failing mount point instead of blocking
the processing of all mounts (LP: #1755863)
[ Eric Desrochers ]
* d/p/fix-egde-case-when-processing-proc-self-mountinfo.patch:
Mounting any file system to a mount point in a directory
that is bind mounted to itself will create an inactive
mount unit. (LP: #1795764)
New changelog entries:
* SECURITY UPDATE: denial of service via crafted dbus message
- debian/patches/CVE-2019-6454.patch: sd-bus: enforce a size limit for
dbus paths, and don't allocate them on the stack
- debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch:
sd-bus: if we receive an invalid dbus message, ignore and proceeed
- CVE-2019-6454
* Do not remove multiple spaces after identifier in syslog message
- add debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch
New changelog entries:
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
entry for process commandline on the stack
- CVE-2018-16864
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
number of fields in a message
- CVE-2018-16865
* SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
- CVE-2018-16866
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
recursively through directory trees
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
resolve this completely
- CVE-2018-6954
* Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
- add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
- update debian/patches/series
* Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
- add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
- update debian/patches/series
New changelog entries:
[ Chris Coulson ]
* Revert the fixes for CVE-2018-6954 for causing a regression when running
in a container on old kernels (LP: #1804847)
- update debian/patches/series
[ Balint Reczey ]
* Fix LP: #1803391 - Don't always trigger systemctl stop of udev service
and sockets
- update debian/udev.postinst
New changelog entries:
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
resolve this completely
- CVE-2018-6954
New changelog entries:
* SECURITY UPDATE: reexec state injection
- debian/patches/CVE-2018-15686.patch: when deserializing state always use
read_line(…, LONG_LINE_MAX, …) rather than fgets()
- CVE-2018-15686
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
recursively through directory trees
- CVE-2018-6954
New changelog entries:
* SECURITY UPDATE: buffer overflow in dhcp6 client
- debian/patches/CVE-2018-15688.patch: make sure we have enough space
for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
- CVE-2018-15688