ubuntu/+source/systemd:ubuntu/yakkety-updates

Last commit made on 2017-06-27
Get this branch:
git clone -b ubuntu/yakkety-updates https://git.launchpad.net/ubuntu/+source/systemd
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/yakkety-updates
Repository:
lp:ubuntu/+source/systemd

Recent commits

ba0ff97... by Chris Coulson on 2017-06-21

Import patches-unapplied version 231-9ubuntu5 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: d4919833af7b85aeaf2d1ef770ba8d6e3b789af3

New changelog entries:
  * SECURITY UPDATE: Out-of-bounds write in systemd-resolved (LP: #1695546)
    - debian/patches/test-resolved-packet-add-a-simple-test-for-our-alloc.patch:
      Add a simple allocation test
    - debian/patches/resolved-simplify-alloc-size-calculation.patch: Simply
      allocation size calculation
    - CVE-2017-9445

d491983... by Steve Langasek on 2017-03-21

Import patches-unapplied version 231-9ubuntu4 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e1e97e9ef2cd9840601b79deb55e976be3ca463f

New changelog entries:
  * debian/extra/units/systemd-resolved.service.d/resolvconf.conf: if
    resolved is going to be started, make sure this blocks
    network-online.target. LP: #1673860.
  * debian/patches/resolved-follow-CNAMES-for-DNS-stub-replies.patch:
    Cherry-pick upstream fix for resolved failing to follow CNAMES for DNS
    stub replies. LP: #1647031.
  * debian/patches/logind-update-empty-and-infinity-handling-for-User-T.patch:
    Cherry-pick upstream fix to handle empty and "infinity" values for
    [User]TasksMax. Closes LP: #1651518.

e1e97e9... by Steve Langasek on 2017-01-13

Import patches-unapplied version 231-9ubuntu3 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 02ba9ea11b77c1244c1fc66406ada6d3b71c2cc6

New changelog entries:
  * d/p/0001-libudev-util-change-util_replace_whitespace-to-retur.patch,
    d/p/0002-udev-event-add-replace_whitespace-param-to-udev_even.patch,
    d/p/0003-udev-rules-perform-whitespace-replacement-for-symlin.patch:
    Cherry-pick upstream fixes from Dan Streetman <email address hidden> to
    fix by-id symlinks for devices whose IDs contain whitespace.
    LP: #1647485.

02ba9ea... by Martin Pitt on 2016-11-24

Import patches-unapplied version 231-9ubuntu2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: c5f8cd492da69896efce624acee88d5affcc49ff

New changelog entries:
  [ Dan Streetman ]
  * rules: introduce disk/by-id (model_serial) symlinks for NVMe drives
    (LP: #1642903)
  [ Martin Pitt ]
  * Drop systemd-networkd's "After=dbus.service" ordering, so that it can
    start during early boot (for cloud-init.service). It will auto-connect to
    D-Bus once it becomes available later, and transient (from DHCP) hostname
    and timezone setting do not work in 16.10 anyway. (LP: #1636912)

c5f8cd4... by Martin Pitt on 2016-10-26

Import patches-unapplied version 231-9ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 5b2e26b225a532ca1ca7bd72a8d1f60c2d6ae017

New changelog entries:
  * debian/gbp.conf: Switch to yakkety branch
  * unit: sent change signal before removing the unit if necessary
    (LP: #1632964)
  * networkd: Fix assertion crash on adding VTI with IPv6 addresses
    (LP: #1633274)

5b2e26b... by Martin Pitt on 2016-10-02

Import patches-unapplied version 231-9git1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 3f15bf597a7dadeb9f0bcd09595fe87dc517f64f

New changelog entries:
  * systemctl: Add --wait option to wait until started units terminate again.
    This is a prerequisite for using systemd for graphical sessions without
    ugly polling.
  * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
    This makes it possible to configure a fallback to "dns" without breaking
    DNSSEC, with "resolve [!UNAVAIL=return] dns".
  * libnss-resolve.postinst: Skip dns fallback if resolve is present.
    Only fall back to "dns" if nss-resolve is not installed (for the
    architecture of the calling program). Once it is, we never want to fall
    back to "dns" as that breaks enforcing DNSSEC verification and also
    pointlessly retries NXDOMAIN failures. (LP: #1624071)

3f15bf5... by Martin Pitt on 2016-09-29

Import patches-unapplied version 231-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4f22a0cdaa0661ec56d88d30483c13a0c910138f

New changelog entries:
  * pid1: process zero-length notification messages again.
    Just remove the assertion, the "n" value was not used anyway. This fixes
    a local DoS due to unprocessed/unclosed fds which got introduced by the
    previous fix. (Closes: #839171) (LP: #1628687)
  * pid1: Robustify manager_dispatch_notify_fd()
  * test/networkd-test.py: Add missing writeConfig() helper function.
  [ Martin Pitt ]
  * Replace remaining systemctl --failed with --state=failed
    "--failed" is deprecated in favor of --state.
  * debian/shlibs.local.in: More precisely define version of internal shared
    lib.
  * debian/tests/upstream: Drop blacklisting
    These tests now work fine without qemu.
  * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737)
  * upstream build system: Install libudev, libsystemd, and nss modules to
    ${rootlibdir}. Drop downstream workaround from debian/rules.
  * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release.
    Resolved's DNSSEC support is still not mature enough, and upstream
    recommends to disable it in stable distro releases still.
  * Fix abort/DoS on zero-length notify message triggers (LP: #1628687)
  * resolved: don't query domain-limited DNS servers for other domains
    (LP: #1588230)
  [ Antonio Ospite ]
  * Update systemd-user pam config to require pam_limits.so.
    (Closes: #838191)

4f22a0c... by Martin Pitt on 2016-09-20

Import patches-unapplied version 231-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0080abfdd58477886552b0ceca535989c9ee205f

New changelog entries:
  [ Michael Biebl ]
  * fsckd: Do not exit on idle timeout if there are still clients connected
    (Closes: #788050, LP: #1547844)
  [ Martin Pitt ]
  * 73-usb-net-by-mac.rules: Split kernel command line import line.
    Reportedly this makes the rule actually work on some platforms. Thanks Alp
    Toker! (LP: #1593379)
  * debian/tests/boot-smoke: Only run 5 iterations
  * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
    Drop corresponding libcap2-bin dependency.
  * debian/tests/systemd-fsckd: Robustify check for "unit was running"
    (LP: #1624406)
  * debian/extra/set-cpufreq: Use powersave with intel_pstate.
    This is what we did on xenial, and apparently powersave is still actually
    better than performance. Thanks to Doug Smythies for the measurements!
    (LP: #1579278)
  * Ubuntu: Move ondemand.service from static to runtime enablement.
    This makes it easier to keep performance, by disabling ondemand.service.
    Side issue in LP: #1579278
  * Revert "networkd: remove route if carrier is lost"
    This causes networkd to drop addresses from unmanaged interfaces in some
    cases. (Closes: #837759)
  * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service
  * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well.
    (LP: #1625584)

0080abf... by Martin Pitt on 2016-09-11

Import patches-unapplied version 231-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b0a5179809bea6ddbfa87746f23edf30084cdaaf

New changelog entries:
  [ Martin Pitt ]
  * Add alternative iptables-dev build dependencies
    libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases.
    Add it as a fallback build dependency for backports and upstream tests.
  * Detect if seccomp is enabled but seccomp filtering is disabled
    (Closes: #832713)
  * resolved: recognize DNS names with more than one trailing dot as invalid
    (LP: #1600000)
  * debian/tests/smoke: Store udev db dump artifact on failure
  * networkd: limit the number of routes to the kernel limit
  * systemctl: consider service running only when it is in active or reloading state
  * networkd: remove route if carrier is lost
  * Add Ref()/Unref() bus calls for units
  [ Felipe Sateler ]
  * git-cherry-pick: always recreate the patch-queue branch.
  [ Dimitri John Ledkov ]
  * Use idiomatic variables from dpkg include.

b0a5179... by Martin Pitt on 2016-08-26

Import patches-unapplied version 231-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1a19e49a147056692322dd5f1a4074ef26c176dc

New changelog entries:
  [ Iain Lane ]
  * Let graphical-session-pre.target be manually started (LP: #1615341)
  [ Felipe Sateler ]
  * Add basic version of git-cherry-pick
  * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream
    patch
  * sysv-generator: better error reporting. (Closes: #830257)
  [ Martin Pitt ]
  * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more
    efficiently. Stop calling readlink at all and just test if
    /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to
    disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e.
    empty file), and if the rule is customized we cannot really predict anyway
    if the user wants MAC-based USB net names or not. (LP: #1615021)
  * Ship kernel-install (Closes: #744301)
  * Add debian/extra/kernel-install.d/60-initrd.install.
    This kernel-install drop-in copies the initrd of the selected kernel to
    the EFI partition.
  * bootctl: Automatically detect ESP partition.
    This makes bootctl work with Debian's /boot/efi/ mountpoint without having
    to explicitly specify --path.
    Patches cherry-picked from upstream master.
  * systemd.NEWS: Point out that alternatively rcS scripts can be moved to
    rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion!
  [ Michael Biebl ]
  * Enable iptables support (Closes: #787480)
  * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
    The special 'key handling' inhibitors should always work regardless of
    any *IgnoreInhibited settings – otherwise they're nearly useless.
    Update man pages to clarify that *KeyIgnoreInhibited only apply to a
    subset of locks (Closes: #834148)