New changelog entries:
* sleep: properly pass verb to sleep script
* core: factor root_directory application out of apply_working_directory.
Fixes RootDirectory not working when used in combination with User.
(Closes: #939408)
* shared/bus-util: drop trusted annotation from
bus_open_system_watch_bind_with_description().
This ensures that access controls on systemd-resolved's D-Bus interface
are enforced properly.
(CVE-2019-15718, Closes: #939353)
New changelog entries:
[ Dan Streetman ]
* d/t/control: upstream test requires qemu-system-ppc on ppc64el
* d/t/control: install seabios for upstream test.
Some archs (at least arm64) qemu implementation require the vga bios.
[ Michael Biebl ]
* Drop unused lintian override
* network: fix ListenPort= in [WireGuard] section (Closes: #936198)
* d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
(Closes: #934589)
* d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by
user-space
* Drop dbus activation stub service.
Since dbus 1.11.0, a dbus-daemon that is run with --systemd-activation
automatically assumes that o.fd.systemd1 is an activatable service.
As a result, with a new enough dbus version,
/usr/share/dbus-1/services/org.freedesktop.systemd1.service and
/usr/share/dbus-1/system-services/org.freedesktop.systemd1.service
become unnecessary and can be removed. (Closes: #914015)
* Revert "core: check start limit on condition checks too"
If a unit was referenced too often, it hit the restart limit and the
unit was marked as failed. Fixes a regression introduced in v242.
(Closes: #935829)
[ Michael Prokop ]
* README.Debian: document KillUserProcesses behavior in Debian
New changelog entries:
[ Dan Streetman ]
* d/rules: add CONFFGLAGS_UPSTREAM to dh_auto_configure -- params
[ Michael Biebl ]
* core: never propagate reload failure to service result.
Fixes a regression introduced in v239 where the main process of a
service unit gets killed on reload if ExecReload fails. (Closes: #936032)
* shared/seccomp: add sync_file_range2.
Some architectures need the arguments to be reordered because of alignment
issues. Otherwise, it's the same as sync_file_range.
Fixes sync_file_range failures in nspawn containers on arm, ppc.
(Closes: #935091)
* bash-completion: don't sort syslog priorities.
By default, the available completions are sorted alphabetically, which
is counterproductive in case of syslog priorities. Override the default
behavior using the `nosort` option. (Closes: #913222)
* test-bpf: skip test when run inside containers
New changelog entries:
[ Dan Streetman ]
* d/t/boot-and-services: fix test_failing()
* d/t/boot-and-services: check for any kernel message, not just first kernel
message (Closes: #929730)
* d/t/upstream: add TEST-30, TEST-34 to blacklist
* d/t/timedated: replace systemctl is-active with systemctl show
* d/t/control: root-unittests can break networking, add breaks-testbed
* d/t/control: mark udev test skippable
* d/t/upstream: always cleanup after (and before) each test
* d/t/control: upstream test requires dmeventd
* d/e/checkout-upstream: don't remove .git
* d/e/checkout-upstream: move change to debian/ files above other changes
* d/e/checkout-upstream: add UPSTREAM_KEEP_CHANGELOG param
* d/e/checkout-upstream: create git commits for each change
* d/e/checkout-upstream: switch from 'quilt' to 'native' format
* d/e/checkout-upstream: set user.name, user.email if unset
* d/t/storage: change plaintext_name to include testname
* d/t/storage: increase wait for plaintext_dev from 5 to 30 seconds
* d/t/storage: wait for service to start, only stop if active
* d/t/storage: don't search for 'scsi_debug' in ask_password
* d/t/storage: manage scsi_debug using add_hosts (Closes: #929728)
* d/t/storage: use short timeout waiting for scsi_debug block dev to appear
* d/t/storage: convert password agent into normal Thread
* d/t/storage: fail if socket info not in ask_password contents
* d/t/boot-smoke: pass failure reason to fail() to print instead of separate
echo
* d/t/boot-smoke: in fail() set +e so errors are ignored while gathering
data
* d/t/boot-smoke: gather still running jobs in fail()
* d/t/boot-smoke: wait for is-system-running
* d/t/boot-smoke: call fail if pidof polkitd fails
* d/t/boot-smoke: remove check for running jobs
[ Michael Biebl ]
* d/t/boot-smoke: check for NetworkManager instead of D-Bus activated
polkitd (Closes: #934992)
New changelog entries:
[ Michael Biebl ]
* Drop dependency on lsb-base.
It is only needed when booting with sysvinit and initscripts, but
initscripts already Depends on lsb-base (see #864999).
* Stop removing enablement symlinks in /etc/systemd/system.
With v242 this is no longer necessary as `ninja install` will no longer
create those symlinks.
* Replace manual removal of halt-local.service with upstream patch
[ Dimitri John Ledkov ]
* Build manpages in .deb variant.
Upstream snapshots are switching to building manpages off by default.
[ Luca Boccassi ]
* Enable portabled and install related files in systemd-container.
Keep disabled for the udeb profile. (Closes: #918606)
New changelog entries:
* New upstream version 242
- Change ownership/mode of the execution directories also for static users
(Closes: #919231)
- A new boolean sandboxing option RestrictSUIDSGID= has been added that is
built on seccomp. When turned on, creation of SUID/SGID files is
prohibited. The NoNewPrivileges= and the new RestrictSUIDSGID= options
are now implied if DynamicUser= is turned on for a service.
(Closes: #928102, CVE-2019-3843, CVE-2019-3844)
* Drop Revert-udev-network-device-renaming-immediately-give.patch.
This patch needs ongoing maintenance work to be adapted to new releases
and fails to apply with v242. Instead of investing more time into it we
are going to drop the patch as it was a hack anyway.
* Rebase patches
* Drop pre-stretch migration code
* Drop /sbin/udevadm compat symlink (Closes: #852580)
* socket-util: Make sure flush_accept() doesn't hang on unexpected
EOPNOTSUPP
* Enable regexp matching support in journalctl using pcre2 (Closes: #898892)
* Switch from libidn to libidn2 (Closes: #928615)