[ubuntu/bionic-proposed] systemd 235-3ubuntu1 (Accepted)

Dimitri John Ledkov xnox at ubuntu.com
Tue Nov 21 10:14:14 UTC 2017 

systemd (235-3ubuntu1) bionic; urgency=medium

  * Merge 235-3 from debian:
    - Drop UBUNTU-CVE-2017-15908 included in Debian.

  * Remaining delta from Debian:
    - ship dhclient enter hook for dhclient integration with resolved
    - ship resolvconf integration via stub-resolv.conf
    - ship s390x virtio interface names migration
    - do not disable systemd-resolved upon libnss-resolve removal
    - do not remote fs in containers, for non-degrated boot
    - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
    - Unlink invocation id key, upon chown failure in containers
    - Change default to UseDomains by default
    - Do not treat failure to set Nice= setting as error in containers
    - Add a condition to systemd-journald-audit.socet to not start in
      containers (fails)
    - Build without any built-in/fallback DNS server setting
    - Enable resolved by default
    - Update autopkgtests for reliability/raciness, and testing for typical
      defaults
    - Always upgrade udev, when running adt tests
    - Skip test-execute on armhf
    - Cherry-pick a few testsuite fixes

  * UBUNTU Do not use nested kvm during ADT tests.

systemd (235-3) unstable; urgency=medium

  [ Michael Biebl ]
  * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
    Package-Type is recognized as an official field name.
  * Install modprobe configuration file to /lib/modprobe.d.
    Otherwise it is not read by kmod. (Closes: #879191)

  [ Felipe Sateler ]
  * Backport upstream (partial) fix for combined DynamicUser= + User=
    UID was not allowed to be different to GID, which is normally the case in
    debian, due to the group users being allocated the GID 100 without an
    equivalent UID 100 being allocated.
  * Backport upstream patches to fully make DynamicUser=yes + static,
    pre-existing User= work.

  [ Martin Pitt ]
  * Add missing python3-minimal dependency to systemd-tests
  * Drop long-obsolete systemd-bus-proxy system user
    systemd-bus-proxy hasn't been shipped since before stretch and never
    created any files. Thus clean up the obsolete system user on upgrades.
    (Closes: #878182)
  * Drop static systemd-journal-gateway system user
    systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
    to create this statically any more. Don't remove the user on upgrades
    though, as there is likely still be a running process. (Closes: #878183)
  * Use DynamicUser= for systemd-journal-upload.service.
  * Add Recommends: libnss-systemd to systemd-sysv.
    This is useful to actually be able to resolve dynamically created system
    users with DynamicUser=true. This concept is going to be used much more
    in future versions and (hopefully) third-party .services, so pulling it
    into the default installation seems prudent now.
  * resolved: Fix loop on packets with pseudo dns types.
    (CVE-2017-15908, Closes: #880026, LP: #1725351)
  * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
    Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
  * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)

Date: Tue, 21 Nov 2017 09:34:14 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/systemd/235-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 21 Nov 2017 09:34:14 +0000
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 235-3ubuntu1
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Description:
 libnss-myhostname - nss module providing fallback resolution for the current hostname
 libnss-mymachines - nss module to resolve hostnames for local container instances
 libnss-resolve - nss module to resolve names via systemd-resolved
 libnss-systemd - nss module providing dynamic user and group name resolution
 libpam-systemd - system and service manager - PAM module
 libsystemd-dev - systemd utility library - development files
 libsystemd0 - systemd utility library
 libudev-dev - libudev development files
 libudev1   - libudev shared library
 libudev1-udeb - libudev shared library (udeb)
 systemd    - system and service manager
 systemd-container - systemd container/nspawn tools
 systemd-coredump - tools for storing and retrieving coredumps
 systemd-journal-remote - tools for sending and receiving remote journal logs
 systemd-sysv - system and service manager - SysV links
 systemd-tests - tests for systemd
 udev       - /dev/ and hotplug management daemon
 udev-udeb  - /dev/ and hotplug management daemon (udeb)
Closes: 878182 878183 878965 879191 880026
Launchpad-Bugs-Fixed: 1725348 1725351
Changes:
 systemd (235-3ubuntu1) bionic; urgency=medium
 .
   * Merge 235-3 from debian:
     - Drop UBUNTU-CVE-2017-15908 included in Debian.
 .
   * Remaining delta from Debian:
     - ship dhclient enter hook for dhclient integration with resolved
     - ship resolvconf integration via stub-resolv.conf
     - ship s390x virtio interface names migration
     - do not disable systemd-resolved upon libnss-resolve removal
     - do not remote fs in containers, for non-degrated boot
     - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
     - Unlink invocation id key, upon chown failure in containers
     - Change default to UseDomains by default
     - Do not treat failure to set Nice= setting as error in containers
     - Add a condition to systemd-journald-audit.socet to not start in
       containers (fails)
     - Build without any built-in/fallback DNS server setting
     - Enable resolved by default
     - Update autopkgtests for reliability/raciness, and testing for typical
       defaults
     - Always upgrade udev, when running adt tests
     - Skip test-execute on armhf
     - Cherry-pick a few testsuite fixes
 .
   * UBUNTU Do not use nested kvm during ADT tests.
 .
 systemd (235-3) unstable; urgency=medium
 .
   [ Michael Biebl ]
   * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
     Package-Type is recognized as an official field name.
   * Install modprobe configuration file to /lib/modprobe.d.
     Otherwise it is not read by kmod. (Closes: #879191)
 .
   [ Felipe Sateler ]
   * Backport upstream (partial) fix for combined DynamicUser= + User=
     UID was not allowed to be different to GID, which is normally the case in
     debian, due to the group users being allocated the GID 100 without an
     equivalent UID 100 being allocated.
   * Backport upstream patches to fully make DynamicUser=yes + static,
     pre-existing User= work.
 .
   [ Martin Pitt ]
   * Add missing python3-minimal dependency to systemd-tests
   * Drop long-obsolete systemd-bus-proxy system user
     systemd-bus-proxy hasn't been shipped since before stretch and never
     created any files. Thus clean up the obsolete system user on upgrades.
     (Closes: #878182)
   * Drop static systemd-journal-gateway system user
     systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
     to create this statically any more. Don't remove the user on upgrades
     though, as there is likely still be a running process. (Closes: #878183)
   * Use DynamicUser= for systemd-journal-upload.service.
   * Add Recommends: libnss-systemd to systemd-sysv.
     This is useful to actually be able to resolve dynamically created system
     users with DynamicUser=true. This concept is going to be used much more
     in future versions and (hopefully) third-party .services, so pulling it
     into the default installation seems prudent now.
   * resolved: Fix loop on packets with pseudo dns types.
     (CVE-2017-15908, Closes: #880026, LP: #1725351)
   * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
     Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
   * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
Checksums-Sha1:
 7312569821e0e4ad5f2f3627bf49947395ca0009 4116 systemd_235-3ubuntu1.dsc
 74fe011424ead36a12ec006e2e134d612804233e 151364 systemd_235-3ubuntu1.debian.tar.xz
Checksums-Sha256:
 e40b63a0f8e6884ea7435d0d405b83587a93ee4175144fc48bc9eb5f2bab7e33 4116 systemd_235-3ubuntu1.dsc
 ac53504ecb87f4b92f73cf44a27448f0a202db89f8f6e7838428ef1ef4873f66 151364 systemd_235-3ubuntu1.debian.tar.xz
Files:
 004a8a9500e31b0081a4e11adcdbeae0 4116 admin optional systemd_235-3ubuntu1.dsc
 051f687e7204478854af67fc9d39eb68 151364 admin optional systemd_235-3ubuntu1.debian.tar.xz
Original-Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJaE/N7AAoJEMrC2LnNLKX5I5gH/iFmM/bAsaEf5gksm2kgnTmm
Vyim19Kan6m+MdGDo9S0spACEWII0tt/tpFV/4hvX8krCSNJAfDeQ05F/xFC8N4Y
hVpyGNNoU3QDd7GYk/NCCQQF3LaJdsoIdGaYYy8uUVKrLueh0XDL7D+58v3MJ7AP
8cNzslsQjpwPkNwRSR7ZTnSyKBGBdnZPJPg5BCIPpQIPYKbLhEhRgMbH1+RdF7vB
CohX/7CqjC9m8IRc1n64D4TJTJHr/Fwj4zQrQcjlXmL9Hyk63s7FwWRpxOHCSpeT
EzmoBSZI57uWzVonnyHx7FqZ7bopU06v8rbyevJ2vELBZrsXwVtlrNAGPe+SHkw=
=BbIY
-----END PGP SIGNATURE-----

More information about the Bionic-changes mailing list