New changelog entries:
[ Michael Vogt ]
* d/p/Support-system-image-read-only-etc.patch:
- re-add support for /etc/writable for core18 (LP: #1778936)
* d/p/fix-race-daemon-reload-8803.patch:
- backport systemd upstream PR#8803 and PR#11121 to fix race
when doing systemctl and systemctl daemon-reload at the
same time LP: #1819728
[ Balint Reczey ]
* d/p/virt-detect-WSL-environment-as-a-container.patch:
- virt: detect WSL environment as a container (LP: #1816753)
New changelog entries:
* d/p/Support-system-image-read-only-etc.patch:
- re-add support for /etc/writable for core18 (LP: #1778936)
* d/p/fix-race-daemon-reload-8803.patch:
- backport systemd upstream PR#8803 to fix race when doing
systemctl and systemctl daemon-reload at the same time
LP: #1819728
New changelog entries:
[ Victor Tapia ]
* d/p/stop-mount-error-propagation.patch:
keep mount errors local to the failing mount point instead of blocking
the processing of all mounts (LP: #1755863)
New changelog entries:
* SECURITY UPDATE: denial of service via crafted dbus message
- debian/patches/CVE-2019-6454.patch: sd-bus: enforce a size limit for
dbus paths, and don't allocate them on the stack
- debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch:
sd-bus: if we receive an invalid dbus message, ignore and proceeed
- CVE-2019-6454
* Do not remove multiple spaces after identifier in syslog message
- add debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch
New changelog entries:
* d/p/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch
getaddrinfo() failures when fallback to dns tcp queries, so enable
edns0 in resolv.conf (LP: #1811471)
[ Victor Tapia ]
* d/p/resolved-Increase-size-of-TCP-stub-replies.patch
dns failures with edns0 disabled and truncated response (LP: #1804487)
New changelog entries:
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
entry for process commandline on the stack
- CVE-2018-16864
* SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
- debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
number of fields (1k)
- debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
number of fields in a message
- CVE-2018-16865
* SECURITY UPDATE: out-of-bounds read in journald
- debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
- CVE-2018-16866
* Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
- add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
- update debian/patches/series
* Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
- add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
- update debian/patches/series
New changelog entries:
* SECURITY UPDATE: reexec state injection
- debian/patches/CVE-2018-15686.patch: when deserializing state always use
read_line(…, LONG_LINE_MAX, …) rather than fgets()
- CVE-2018-15686
* SECURITY UPDATE: chown_one() can dereference symlinks
- debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
- CVE-2018-15687
* SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
- debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
recursively through directory trees
- CVE-2018-6954
