[ubuntu/bionic-proposed] systemd 235-2ubuntu1 (Accepted)
Dimitri John Ledkov
xnox at ubuntu.com
Tue Oct 31 01:09:15 UTC 2017
systemd (235-2ubuntu1) bionic; urgency=medium
[ Dimitri John Ledkov ]
* Merge 235-2 from debian:
- Drop all upstream cherry-picks
- Drop test-copy dh_strip size override, fixed upstream
* Remaining delta from Debian:
- ship dhclient enter hook for dhclient integration with resolved
- ship resolvconf integration via stub-resolv.conf
- ship s390x virtio interface names migration
- do not disable systemd-resolved upon libnss-resolve removal
- do not remote fs in containers, for non-degrated boot
- CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
- Unlink invocation id key, upon chown failure in containers
- Change default to UseDomains by default
- Do not treat failure to set Nice= setting as error in containers
- Add a condition to systemd-journald-audit.socet to not start in
containers (fails)
- Build without any built-in/fallback DNS server setting
- Enable resolved by default
- Update autopkgtests for reliability/raciness, and testing for typical
defaults
- Always upgrade udev, when running adt tests
- Skip test-execute on armhf
* Fix up write_persistent_net_s390x for nullglob
* Ship systemd sysctl settings.
Patch systemd's default sysctl settings to drop things that are set
elsewhere already. The promote secondary IP addresses is required for
networkd to successfully renew DHCP leases with a change of an IP address.
Set default package scheduler to Fair Queue CoDel. (LP: #1721223)
[ Michael Biebl ]
* Install modprobe configuration file to /lib/modprobe.d.
Otherwise it is not read by kmod. (Closes: #879191)
systemd (235-2) unstable; urgency=medium
* Revert "tests: when running a manager object in a test, migrate to private
cgroup subroot first"
This was causing test suite failures when running inside a chroot.
systemd (235-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 235
- cryptsetup-generator: use remote-cryptsetup.target when _netdev is
present (Closes: #852534)
- tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
- networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
(Closes: #869995)
- exec-util,conf-files: skip non-executable files in execute_directories()
(Closes: #867902)
- man: update udevadm -y/--sysname-match documentation (Closes: #865081)
- tmpfiles: silently ignore any path that passes through autofs
(Closes: #805553)
- shared: end string with % if one was found at the end of a expandible
string (Closes: #865450)
* Refresh patches
* Bump Build-Depends on libmount-dev to (>= 2.30)
* Install new modprobe.d config file
* Bump Standards-Version to 4.1.1
[ Martin Pitt ]
* Merge logind-kill-off autopkgtest into logind test.
This was horribly inefficient as a separate test (from commit
6bd0dab41e), as that cost two VM resets plus accompanying boots; and
this does not change any state thus does not require this kind of
isolation.
systemd (234-3) unstable; urgency=medium
[ Martin Pitt ]
* Various fixes for the upstream autopkgtest.
[ Felipe Sateler ]
* Add fdisk to the dependencies of the upstream autopkgtest.
The upstream autopkgtest uses sfdisk, which is now in the non-essential
fdisk package. (Closes: #872119)
* Disable nss-systemd on udeb builds
* Correctly disable resolved on udeb builds
* Help fix collisions in libsystemd-shared symbols by versioning them.
Backport upstream patch to version the symbols provided in the private
library, so that they cannot confuse unversioned pam modules or libraries
linked into them. (Closes: #873708)
[ Dimitri John Ledkov ]
* Cherrypick upstream networkd-test.py assertion/check fixes.
This resolves ADT test suite failures, when running tests under lxc/lxd
providers.
* Cherrypick arm* seccomp fixes.
This should resolve ADT test failures, on arm64, when running as root.
* Disable KillUserProcesses, yet again, with meson this time.
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimics the systemd-udev-trigger.service.
Without type specified only devices are triggered, but triggering
subsystems may also be required and should happen before triggering the
devices. This is the case for example on s390x with zdev generated udev
rules. (LP: #1713536)
[ Michael Biebl ]
* (Re)add --quiet flag to addgroup calls.
This is now safe with adduser having been fixed to no longer suppress
fatal error messages if --quiet is used. (Closes: #837871)
* Switch back to default GCC (Closes: #873661)
* Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
All major NTP implementations ship a native service file nowadays with a
Conflicts=systemd-timesyncd.service so this drop-in is no longer
necessary. (Closes: #873185)
systemd (234-2.3) unstable; urgency=high
* Non-maintainer upload.
* Also switch to g++-6 temporarily (needed for some tests):
- Add g++-6 to Build-Depends
- Export CXX = g++-6
systemd (234-2.2) unstable; urgency=high
* Non-maintainer upload.
* Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
apparently due to a gcc-7 bug (See: #871514):
- Add gcc-6 to Build-Depends in debian/control
- Export CC = gcc-6 in debian/rules
systemd (234-2.1) unstable; urgency=high
* Non-maintainer upload.
* Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
version of the Debian Installer, as no key presses or mouse events get
processed (Closes: #872598).
systemd (234-2ubuntu12.1) artful-security; urgency=medium
* SECURITY UPDATE: remote DoS in resolve (LP: #1725351)
- debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
dns types in src/resolve/resolved-dns-packet.c.
- CVE-2017-15908
Date: Mon, 30 Oct 2017 17:20:54 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/systemd/235-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 Oct 2017 17:20:54 +0000
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 235-2ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Description:
libnss-myhostname - nss module providing fallback resolution for the current hostname
libnss-mymachines - nss module to resolve hostnames for local container instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
systemd-tests - tests for systemd
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 805553 837871 852534 865081 865450 867902 869995 870638 872119 872598 873185 873661 873708 879191
Launchpad-Bugs-Fixed: 1713536 1721223 1725351
Changes:
systemd (235-2ubuntu1) bionic; urgency=medium
.
[ Dimitri John Ledkov ]
* Merge 235-2 from debian:
- Drop all upstream cherry-picks
- Drop test-copy dh_strip size override, fixed upstream
.
* Remaining delta from Debian:
- ship dhclient enter hook for dhclient integration with resolved
- ship resolvconf integration via stub-resolv.conf
- ship s390x virtio interface names migration
- do not disable systemd-resolved upon libnss-resolve removal
- do not remote fs in containers, for non-degrated boot
- CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
- Unlink invocation id key, upon chown failure in containers
- Change default to UseDomains by default
- Do not treat failure to set Nice= setting as error in containers
- Add a condition to systemd-journald-audit.socet to not start in
containers (fails)
- Build without any built-in/fallback DNS server setting
- Enable resolved by default
- Update autopkgtests for reliability/raciness, and testing for typical
defaults
- Always upgrade udev, when running adt tests
- Skip test-execute on armhf
.
* Fix up write_persistent_net_s390x for nullglob
.
* Ship systemd sysctl settings.
Patch systemd's default sysctl settings to drop things that are set
elsewhere already. The promote secondary IP addresses is required for
networkd to successfully renew DHCP leases with a change of an IP address.
Set default package scheduler to Fair Queue CoDel. (LP: #1721223)
.
[ Michael Biebl ]
* Install modprobe configuration file to /lib/modprobe.d.
Otherwise it is not read by kmod. (Closes: #879191)
.
systemd (235-2) unstable; urgency=medium
.
* Revert "tests: when running a manager object in a test, migrate to private
cgroup subroot first"
This was causing test suite failures when running inside a chroot.
.
systemd (235-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 235
- cryptsetup-generator: use remote-cryptsetup.target when _netdev is
present (Closes: #852534)
- tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
- networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
(Closes: #869995)
- exec-util,conf-files: skip non-executable files in execute_directories()
(Closes: #867902)
- man: update udevadm -y/--sysname-match documentation (Closes: #865081)
- tmpfiles: silently ignore any path that passes through autofs
(Closes: #805553)
- shared: end string with % if one was found at the end of a expandible
string (Closes: #865450)
* Refresh patches
* Bump Build-Depends on libmount-dev to (>= 2.30)
* Install new modprobe.d config file
* Bump Standards-Version to 4.1.1
.
[ Martin Pitt ]
* Merge logind-kill-off autopkgtest into logind test.
This was horribly inefficient as a separate test (from commit
6bd0dab41e), as that cost two VM resets plus accompanying boots; and
this does not change any state thus does not require this kind of
isolation.
.
systemd (234-3) unstable; urgency=medium
.
[ Martin Pitt ]
* Various fixes for the upstream autopkgtest.
.
[ Felipe Sateler ]
* Add fdisk to the dependencies of the upstream autopkgtest.
The upstream autopkgtest uses sfdisk, which is now in the non-essential
fdisk package. (Closes: #872119)
* Disable nss-systemd on udeb builds
* Correctly disable resolved on udeb builds
* Help fix collisions in libsystemd-shared symbols by versioning them.
Backport upstream patch to version the symbols provided in the private
library, so that they cannot confuse unversioned pam modules or libraries
linked into them. (Closes: #873708)
.
[ Dimitri John Ledkov ]
* Cherrypick upstream networkd-test.py assertion/check fixes.
This resolves ADT test suite failures, when running tests under lxc/lxd
providers.
* Cherrypick arm* seccomp fixes.
This should resolve ADT test failures, on arm64, when running as root.
* Disable KillUserProcesses, yet again, with meson this time.
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimics the systemd-udev-trigger.service.
Without type specified only devices are triggered, but triggering
subsystems may also be required and should happen before triggering the
devices. This is the case for example on s390x with zdev generated udev
rules. (LP: #1713536)
.
[ Michael Biebl ]
* (Re)add --quiet flag to addgroup calls.
This is now safe with adduser having been fixed to no longer suppress
fatal error messages if --quiet is used. (Closes: #837871)
* Switch back to default GCC (Closes: #873661)
* Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
All major NTP implementations ship a native service file nowadays with a
Conflicts=systemd-timesyncd.service so this drop-in is no longer
necessary. (Closes: #873185)
.
systemd (234-2.3) unstable; urgency=high
.
* Non-maintainer upload.
* Also switch to g++-6 temporarily (needed for some tests):
- Add g++-6 to Build-Depends
- Export CXX = g++-6
.
systemd (234-2.2) unstable; urgency=high
.
* Non-maintainer upload.
* Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
apparently due to a gcc-7 bug (See: #871514):
- Add gcc-6 to Build-Depends in debian/control
- Export CC = gcc-6 in debian/rules
.
systemd (234-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
version of the Debian Installer, as no key presses or mouse events get
processed (Closes: #872598).
.
systemd (234-2ubuntu12.1) artful-security; urgency=medium
.
* SECURITY UPDATE: remote DoS in resolve (LP: #1725351)
- debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
dns types in src/resolve/resolved-dns-packet.c.
- CVE-2017-15908
Checksums-Sha1:
5d66600dfa53990169b6b70a00d820e7f53025f6 4116 systemd_235-2ubuntu1.dsc
bda1bd1cb09bba798c3e125fb902f6c9e75308c4 6586406 systemd_235.orig.tar.gz
d607451d1c209cd6dd82c7925c10f520bdd029ea 142824 systemd_235-2ubuntu1.debian.tar.xz
Checksums-Sha256:
9675fd27775ca5fdbef52212714971962550724fb526e4716fbfe11400a3fb25 4116 systemd_235-2ubuntu1.dsc
25811f96f5a027bf2a4c9383495cf5b623e385d84da31e473cf375932b3e9c52 6586406 systemd_235.orig.tar.gz
769afe8b001acb8d56c3a2482a8d0ce26ccc7b1c80b886c8150245c7469bcaac 142824 systemd_235-2ubuntu1.debian.tar.xz
Files:
a232dad9276c15bdf975b07af0fc2198 4116 admin optional systemd_235-2ubuntu1.dsc
d53a925f1ca5b2e124de0a8aa65d0db2 6586406 admin optional systemd_235.orig.tar.gz
c0954043405eebef24e8b6e382ca4d77 142824 admin optional systemd_235-2ubuntu1.debian.tar.xz
Original-Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJZ980UAAoJEMrC2LnNLKX5RKAH+wXv1RR7yQVfUODbRyGqbXsK
4QdvdnalLJJ7Sn5EQ6Gl5TEZ6RCvQqWK9w5dbXejdevDwrKIcVj2ttHBlWyENUs0
Jh0+TzqobtHI63cCoQqrW8v63ExtBhfMUPNyQwBxjkVDXVOGf3SfmiHljkJ0KeOV
HRU54zNw/SNsC9MoHPqq2BK+v0iQ+jpTZioi74TKxrgaDhb5KxUwXYygxL/Q1k6/
wgOUSSUImlX3+bC7jqU/IncaHbLPUds0M1gn03dVPzGrM3yvn0LAN3yPwES5WGfw
MT12gcnw0Lky9mFoYy/Zn2eV9CW9XckJssoqg80ly+4/77wrJ2gO2Ekm4M+N3Ro=
=uVKc
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list