[ubuntu/bionic-security] systemd 237-3ubuntu10.49 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 20 15:34:36 UTC 2021
systemd (237-3ubuntu10.49) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via DHCP FORCERENEW
- debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW
command in src/libsystemd-network/sd-dhcp-client.c.
- CVE-2020-13529
* SECURITY UPDATE: denial of service via stack exhaustion
- debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path
in src/basic/unit-name.c.
- CVE-2021-33910
systemd (237-3ubuntu10.48) bionic; urgency=medium
* d/p/lp1925216-seccomp-rework-functions-for-parsing-system-call-fil.patch:
Downgrade syscall group parsing failure logs to debug (LP: #1925216)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8c0181e24f7c0128a48c706d1f4b28ec0f225fd7
* d/p/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch:
Move link mac and master config out of link_up() (LP: #1929560)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d808ea22366ca7ba4b5bb32815ab0ca2eea8a49f
* d/p/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch,
d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch,
d/p/lp1880258-log-nxdomain-as-debug.patch,
d/p/lp1785383-resolved-address-DVE-2018-0001.patch:
- Use upstream patch for DVE-2018-0001 handling (LP: #1785383)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b6258fda64c84c34b0f8026e6e29bcfffa8dc4f1
systemd (237-3ubuntu10.47) bionic; urgency=medium
* d/p/network_always_drop_configs_when_interface_is_renamed.patch:
Fix networkd renaming race condition (LP: #1923115)
systemd (237-3ubuntu10.46) bionic; urgency=medium
* d/p/lp1916485-Newer-Glibc-use-faccessat2-to-implement-faccessat.patch:
Add support for faccessat2 (LP: #1916485)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b5f11a9baecf0cefb503632e938d473234172128
* d/p/lp1918696-shared-seccomp-util-address-family-filtering-is-brok.patch:
Stop attempting to restrict address families on ppc archs
(LP: #1918696)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4569a047ece8b1b300ef63e49b5aea8aba35c500
* d/p/lp1891810-seccomp-util-add-new-syscalls-from-kernel-5.6-to-sys.patch:
Add openat2() syscall to seccomp filter list
(LP: #1891810)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2ddfbfa79af4f22b7adf946c4299433fd74a4f17
systemd (237-3ubuntu10.45) bionic; urgency=medium
[ Ioanna Alifieraki ]
* d/p/lp1911187-systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch:
Do not shutdown immediately when scheduled shutdown fails (LP: #1911187)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=257135a59455f4e4063e78cdd3f5cfeca2597b5b
[ Dimitri John Ledkov ]
* d/p/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch:
meson: initialize time-epoch to reproducible builds compatible value
(LP: #1878969)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6f5a0c94ff4a486ee0b72af926672b24d16ff5a8
[ Dan Streetman ]
* d/p/lp1913189-test-accept-that-char-device-0-0-can-now-be-created-.patch:
- Fix failing test case under 5.8 kernel (LP: #1913189)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=15143ec6cd584a18866390a042348a543e5aa22d
* d/p/lp1913423-hashmap-make-sure-to-initialize-shared-hash-key-atom.patch:
Thread-safe init of hashmap shared key (LP: #1913423)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=95c189adb9c3e22576b26b084c7edf001cbc8307
* d/p/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch:
Add EliteBook to use micmute hotkey (LP: #1890448)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=19b48bdac5129aa772fbcd2dbf8d1bb5c30c1510
* d/p/debian/patches/lp1902553-test-disable-QEMU-based-testing-for-TEST-16-EXTEND-T.patch:
Disable TEST-03 run under qemu (LP: #1902553)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4e37d20ec379d169cfd53088d0c3b4d7bb65d25b
* d/p/debian/patches/lp1883447-seccomp-add-all-time64-syscalls.patch:
Add *time64 syscalls (LP: #1883447)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a459492c67c5c5855b03daca4b44141705495376
* d/p/lp1685754-pid1-by-default-make-user-units-inherit-their-umask-.patch:
Inherit umask for --user processes (LP: #1685754)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=00df8d0e76975594adb765182c587ef495262fe1
* d/p/debian/patches/lp1880258-log-nxdomain-as-debug.patch:
Change NXDOMAIN 'errors' to log level debug (LP: #1880258)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9684abed02669bfcf696763b887518cf54cd3f69
* d/p/lp1913763-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch:
Create symlink for hyperv-provided ptp device (LP: #1913763)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff2a9ed2ece6bbd86a3d57f42b26cb1a6ca2845a
systemd (237-3ubuntu10.44) bionic; urgency=medium
* d/extra/dhclient-enter-resolved-hook:
suppress output of cmp command in dhclient hook (LP: #1878955)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c5a2db69aafc7a3ab4e71bae44fd7ad9dd955c97
* d/p/lp1905044/0001-capability-add-a-way-to-get-a-uint64_t-with-all-caps.patch,
d/p/lp1905044/0002-test-use-cap_last_cap-for-max-supported-cap-number-n.patch:
test: use cap_last_cap() instead of capability_list_length()
(LP: #1905044)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=34ebc6e28e63881d40c91c5839597acc2fdab546
* d/p/lp1905245/0001-basic-cap-list-parse-print-numerical-capabilities.patch:
print number of unknown capabilities instead of failing
(LP: #1905245)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5ab225b7f731c6cf6b4655cb27c3a842150c4c1a
* d/p/lp1907306/0001-sd-dhcp-client-don-t-log-timeouts-if-already-expired.patch,
d/p/lp1907306/0002-sd-dhcp-client-track-dhcp4-t1-t2-expire-times.patch,
d/p/lp1907306/0003-sd-dhcp-client-add-RFC2131-retransmission-details.patch,
d/p/lp1907306/0004-sd-dhcp-client-simplify-dhcp4-t1-t2-parsing.patch,
d/p/lp1907306/0005-sd-dhcp-client-correct-dhcpv4-renew-rebind-retransmi.patch,
d/p/lp1907306/0008-sd-dhcp-client-fix-renew-rebind-timeout-calculation-.patch:
Send correct number of dhcpv4 renew and rebind requests
(LP: #1907306)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=036230cac8232bf4f970e565c355ee1a82fc2ee6
* d/t/root-unittests:
Remove any corrupt journal files (LP: #1881947)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b284b93e40b6cb834bb40dd3db94850853ab5bb8
systemd (237-3ubuntu10.43) bionic; urgency=medium
[ Guilherme G. Piccoli ]
* d/p/lp1830746-bump-mlock-ulimit-to-64Mb.patch:
- Bump the memlock limit to match Focal and newer releases (LP: #1830746)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=61adb797642f3dd2e5c14f7914c2949c665cefe8
[ Victor Manuel Tapia King ]
* d/p/lp1896614-core-Avoid-race-when-starting-dbus-services.patch:
- Fix race when starting dbus services (LP: #1896614)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=373cb6ccd6978a7112bbfd7e5cf4f703a9f8448e
[ Dan Streetman ]
* d/t/*,
d/p/lp1892358/0001-test-increase-qemu-timeout-for-TEST-08-and-TEST-09.patch,
d/p/lp1892358/0002-test-increase-timeout-for-TEST-17-UDEV-WANTS.patch,
d/p/lp1892358/0003-test-increase-qemu-timeout-for-TEST-18-and-TEST-19.patch:
- Increase QEMU_TIMEOUT on 'upstream' autopkgtest tests
- Pull latest tests from newer releases to fix false negatives
- Blacklist flaky 'upstream' TEST-03
(LP: #1892358)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9fd8391c2499e163515b629a8ca5790898fc599d
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1756b3e1c3e625ed7162cff4909e7a29c315051
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=37f8d73516a84e85e4057d6a92204b4a174af718
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=229ed2076eb773efc548035262b8b8009bf89207
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f2d7b1f952667316cc07a4b3c5010e66ace07a90
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=659befe61bbfeb7afc9efa24458c9745412d7c6d
systemd (237-3ubuntu10.42) bionic; urgency=medium
[ Dan Streetman ]
* d/p/lp1860926/0001-networkd-Allow-to-retain-configs-even-if-carrier-is-.patch,
d/p/lp1860926/0002-network-Change-IgnoreCarrierLoss-default-to-value-of.patch,
d/p/lp1860926/0003-network-always-drop-configs-when-corresponding-netwo.patch:
- Add IgnoreCarrierLoss and default to value of ConfigureWithoutCarrier
(LP: #1860926)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9a12a31a62f1a50cd3a67a164ee34c546809815e
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3cc3870fde47982a4dda53f820e18065e5488e7e
* d/e/rules-ubuntu/40-vm-hotadd.rules:
- Hotadd only offline memory and CPUs
(LP: #1876018)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ba305d7ad00e80bc1a03f93e6986eef7cbbb18fc
* d/p/lp1881972-network-strdup-iif-and-oif-when-creating-RoutingPoli.patch:
- Avoid double-free by strdup'ing iif/oif strings for new policy rules
(LP: #1881972)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=874056f0d429aaa2cc872c3b35ec33cd3b740483
* d/p/lp1886197-seccomp-more-comprehensive-protection-against-libsec.patch
- Fix FTBFS on arm64 due to libseccomp changes (LP: #1886197)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c284a72ca2e3d87bfe1c20afb2fcfb379cda544f
* d/p/lp1832754/0001-umount-Try-unmounting-even-if-remounting-read-only-f.patch,
d/p/lp1832754/0002-umount-Don-t-bother-remounting-api-and-ro-filesystem.patch:
- Try unmounting even if ro-remount fails, and don't bother remounting api/ro fs
(LP: #1832754)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a518baa673aeaaf42000a3a01b7e03347652b216
[ Alex Murray, Jamie Strandboge ]
* d/p/lp1886115-pid1-fix-free-of-uninitialized-pointer-in-unit_fail_.patch:
- Fix free of uninitialized pointer (LP: #1886115)
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=491c76fd0f2fba0007a9b54d63a50f21add643c8
systemd (237-3ubuntu10.41) bionic; urgency=medium
[ Dan Streetman ]
* d/p/lp1867375/0001-network-Allow-to-configure-GW-even-UseRoutes-false.patch,
d/p/lp1867375/0002-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch,
d/p/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch:
- Move gateway ignoring from UseRoutes= to UseGateway= (LP: #1867375)
* d/p/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch:
- Avoid segfault during serialization (LP: #1873607)
* d/p/lp1529152/0001-bash-completion-systemctl-use-systemctl-no-pager.patch,
d/p/lp1529152/0002-bash-completion-systemctl-pass-current-partial-unit-.patch,
d/p/lp1529152/0003-shell-completion-systemctl-pass-current-word-to-all-.patch,
d/p/lp1529152/0004-bash-completion-systemctl-re-implement-__filter_unit.patch,
d/p/lp1529152/0005-strip-value-from-property-names.patch:
- fix slow systemctl tab completion (LP: #1529152)
* d/p/lp1877159-networkd-fix-attribute-length-for-wireguard-10380.patch:
- avoid kernel err msg setting wireguard param (LP: #1877159)
[ Heitor Alves de Siqueira ]
* d/p/lp1876600-sd-bus-deal-with-cookie-overruns.patch:
- deal with dbus cookie overruns (LP: #1876600)
systemd (237-3ubuntu10.40) bionic; urgency=medium
* d/t/logind: skip if nonexistent /sys/power/state (LP: #1862657)
* d/p/lp1839290-Change-job-mode-of-manager-triggered-restarts-to-JOB.patch:
- when restarting service after failure, replace existing queued jobs
(LP: #1839290)
* d/p/lp1867421-70-mouse.hwdb-Set-DPI-for-MS-Classic-IntelliMouse.patch:
- fix resolution of IntelliMouse (LP: #1867421)
* d/p/lp1858412-journalctl-allow-running-vacuum-on-remote-journals-t.patch:
- allow vacuuming journal 'root' dir (LP: #1858412)
* d/p/lp1862232/0001-network-add-more-log-messages-in-configuring-DHCP4-c.patch,
d/p/lp1862232/0002-network-add-more-log-messages-in-configuring-DHCP6-c.patch,
d/p/lp1862232/0003-network-also-check-that-Hostname-is-a-valid-DNS-doma.patch,
d/p/lp1862232/0004-network-use-free_and_replace.patch,
d/p/lp1862232/0005-network-DHCP-ignore-error-in-setting-hostname-when-i.patch,
d/p/lp1862232/0006-man-mention-that-Hostname-for-DHCP-must-be-a-valid-D.patch,
d/p/lp1862232/0007-resolve-fix-error-handling-of-dns_name_is_valid.patch:
- do not fail network setup if hostname is not valid (LP: #1862232)
* d/t/systemd-fsckd: Skip test on arm64 (LP: #1870194)
* d/p/lp1870589-seccomp-rework-how-the-S-UG-ID-filter-is-installed.patch:
- fix test-seccomp failure (LP: #1870589)
* d/rules: use meson --print-errorlogs instead of cat testlog
- (LP: #1870811)
* d/p/lp1776654-test-Synchronize-journal-before-reading-from-it.patch:
- sync journal before reading from it (LP: #1776654)
* d/p/lp1837914-journal-do-not-trigger-assertion-when-journal_file_c.patch:
- do not crash if NULL passted to journal destructor (LP: #1837914)
* d/e/initramfs-tools/hooks/udev:
- Follow symlinks when finding link files to copy into initramfs
(LP: #1868892)
systemd (237-3ubuntu10.39) bionic; urgency=medium
[ Dariusz Gadomski ]
* d/p/lp1762391/0001-Call-getgroups-to-know-size-of-supplementary-groups-.patch,
d/p/lp1762391/0002-user-util-tweak-to-in_gid.patch,
d/p/lp1762391/0003-user-util-Add-helper-functions-for-gid-lists-operati.patch,
d/p/lp1762391/0004-execute-Restore-call-to-pam_setcred.patch,
d/p/lp1762391/0005-execute-Detect-groups-added-by-PAM-and-merge-them-wi.patch,
d/p/lp1762391/0006-test-Add-tests-for-gid-list-ops.patch,
d/p/lp1762391/0007-execute-add-const-to-array-parameters-where-possible.patch,
d/p/lp1762391/0008-execute-allow-pam_setcred-to-fail-ignore-errors.patch:
- Restore call to pam_setcred (LP: #1762391)
[ Ioanna Alifieraki ]
* d/p/lp1860548/0001-Revert-Replace-use-of-snprintf-with-xsprintf.patch,
d/p/lp1860548/0002-job-truncate-unit-description.patch:
- use snprintf instead of xsprintf (LP: #1860548)
[ Dan Streetman ]
* d/p/lp1833193-network-update-address-when-static-address-was-alrea.patch:
- Update lft when static addr was cfg by dhcp (LP: #1833193)
* d/p/lp1849261/0001-core-when-we-can-t-enqueue-OnFailure-job-show-full-e.patch,
d/p/lp1849261/0002-core-don-t-trigger-OnFailure-deps-when-a-unit-is-goi.patch:
- Only trigger OnFailure= if Restart= is not in effect (LP: #1849261)
* d/p/lp1671951-network-set-ipv6-mtu-after-link-up-or-device-mtu-cha.patch:
- set ipv6 mtu at correct time (LP: #1671951)
* d/p/lp1845909/0001-networkd-honour-LinkLocalAddressing.patch,
d/p/lp1845909/0002-networkd-fix-link_up-12505.patch,
d/p/lp1845909/0003-network-do-not-send-ipv6-token-to-kernel.patch,
d/p/lp1845909/0004-network-rename-linux_configure_after_setting_mtu-to-linux.patch,
d/p/lp1845909/0005-network-add-link-setting_genmode-flag.patch,
d/p/lp1845909/0006-network-if-ipv6ll-is-disabled-enumerate-tentative-ipv6-ad.patch,
d/p/lp1845909/0007-network-drop-foreign-config-after-addr_gen_mode-has-been-.patch,
d/p/lp1845909/0008-network-drop-IPv6LL-address-when-LinkLocalAddressing.patch:
- if LinkLocalAddressing=no prevent creation of ipv6ll (LP: #1845909)
* d/p/lp1859862-network-Do-not-disable-IPv6-by-writing-to-sysctl.patch:
- enable ipv6 when needed (LP: #1859862)
* d/p/lp1836695-networkd-Add-back-static-routes-after-DHCPv4-lease-e.patch:
- (re)add static routes after getting dhcp4 addr (LP: #1836695)
* d/t/storage:
- fix buggy test (LP: #1831459)
- without scsi_debug, skip test (LP: #1847816)
Date: 2021-07-09 19:06:09.222498+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.49
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list