Snapd ships snapd-env-generator, but systemd does not not support
environment generators. Hard-coding /snap/bin is less risky than
backporting environment generator support and since snaps are considered
to be first class packages on Ubuntu /snap/bin can safely added to
the default PATH.
* SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to
incorrect Policykit authorization
- debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than
getenv() in pam_systemd.c
- CVE-2019-3842
[ Michael Vogt ]
* d/p/fix-race-daemon-reload-11121.patch:
- backport systemd upstream PR#8803 and PR#11121 to fix race
when doing systemctl and systemctl daemon-reload at the
same time LP: #1819728
[ Balint Reczey ]
* d/p/virt-detect-WSL-environment-as-a-container.patch:
- virt: detect WSL environment as a container (LP: #1816753)
* d/p/fix-race-daemon-reload-8803.patch:
- backport systemd upstream PR#8803 to fix race when doing
systemctl and systemctl daemon-reload at the same time
LP: #1819728
[ Victor Tapia ]
* d/p/stop-mount-error-propagation.patch:
keep mount errors local to the failing mount point instead of blocking
the processing of all mounts (LP: #1755863)
[ Eric Desrochers ]
* d/p/fix-egde-case-when-processing-proc-self-mountinfo.patch:
Mounting any file system to a mount point in a directory
that is bind mounted to itself will create an inactive
mount unit. (LP: #1795764)
* SECURITY UPDATE: denial of service via crafted dbus message
- debian/patches/CVE-2019-6454.patch: sd-bus: enforce a size limit for
dbus paths, and don't allocate them on the stack
- debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch:
sd-bus: if we receive an invalid dbus message, ignore and proceeed
- CVE-2019-6454
* Do not remove multiple spaces after identifier in syslog message
- add debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch