[ubuntu/disco-proposed] systemd 240-4ubuntu1 (Accepted)
Dimitri John Ledkov
xnox at ubuntu.com
Mon Jan 21 18:37:13 UTC 2019
systemd (240-4ubuntu1) disco; urgency=medium
* Skip starting systemd-remount-fs.service in containers
even when /etc/fstab is present.
This allows entering fully running state even when /etc/fstab
lists / to be mounted from a device which is not present in the
container. (LP: #1576341)
Author: Balint Reczey
File: debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3bde262e129a9d2c60eeff37e63d3da7d58ce5dd
* Set UseDomains to true, by default, on Ubuntu.
On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries
to a preset 3rd party by default. In resolved, dnssec is also disabled by
default, as too much of the internet is broken and using Ubuntu users to debug
the internet is not very productive - most of the time the end-user cannot fix
or know how to notify the site owners about the dnssec mistakes. Inherintally
the DHCP acquired DNS servers are therefore trusted, and are free to spoof
records. Not trusting DNS search domains, in such scenario, provides limited
security or privacy benefits. From user point of view, this also appears to be
a regression from previous Ubuntu releases which do trust DHCP acquired search
domains by default.
Therefore we are enabling UseDomains by default on Ubuntu.
Users may override this setting in the .network files by specifying
[DHCP|IPv6AcceptRA] UseDomains=no|route options.
File: debian/patches/debian/Ubuntu-UseDomains-by-default.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1e5b00cdfd6b9317704e1383d26365a68c041c56
* Enable systemd-resolved by default
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=05adfa0902115f51c1196ad623165a75bb8b4313
* Create /etc/resolv.conf at postinst, pointing at the stub resolver.
The stub resolver file is dynamically managed by systemd-resolved. It points at
the stub resolver as the nameserver, however it also dynamically updates the
search stanza, thus non-nss dns tools work correctly with unqualified names and
correctly use the DHCP acquired search domains.
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ef4adf46bbbe2d22508b70b889d23da53b85039d
* libnss-resolve: do not disable and stop systemd-resolved
resolved is always used by default on ubuntu via stub resolver, therefore it
should continue to operate without libnss-resolve module installed.
File: debian/libnss-resolve.postrm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=95577d14e84e19b614b83b2e24985d89e8c2dac0
* Ignore failures to set Nice priority on services in containers.
File: debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5b8e457f8d883fc6f55d33d46b3474926a495d29
* units: set ConditionVirtualization=!private-users on journald audit socket.
It fails to start in unprivileged containers.
File: debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=03ed18a9940731bbf794ad320fabf337488835c6
* debian/tests: Switch to gdm, enforce udev upgrade.
Files:
- debian/tests/boot-and-services
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f350b43ccc1aa31c745b4ccebbb4084d5cea41ff
* Always setup /etc/resolv.conf on new installations.
On new installations, /etc/resolv.conf will always exist. Move it to /run
and replace it with the desired final symlink. (LP: #1712283)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=20bc8a37fa3c9620bed21a56a4eabd71db71d861
* Enable systemd-networkd by default.
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e5ff45174306b17077b907bc25cfd763ac6934f1
* boot-and-services: skip gdm3 tests when absent, as it is on s390x.
Files:
- debian/tests/boot-and-services
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cf05ba013979f53ad69fd2c548ec01c7a5339f64
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimicks the
systemd-udev-trigger.service. Without type specified only devices are
triggered, but triggering subsystems may also be required and should happen
before triggering the devices. This is the case for example on s390x with zdev
generated udev rules. (LP: #1713536)
File: debian/extra/initramfs-tools/scripts/init-top/udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4016ca5629b6c56b41a4f654e7a808c82e290cac
* Ubuntu/extra: ship dhclient-enter hook.
This allows isc-dhcp dhclient to set search domains and nameservers via
resolved.
Files:
- debian/extra/dhclient-enter-resolved-hook
- debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f3398a213f80b02bf3db0c1ce9e22d69f6d56764
* Disable systemd-networkd-wait-online by default.
Currently it is not fit for purpose, as it leads to long boot times when
networking is unplugged or not yet configured on boot. (LP: #1714301)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=694473d812b50d2fefd6494d494ca02b91bc8785
* networkd: change UseMTU default to true.
Cherry-pick upstream change. (LP: #1717471)
File: debian/patches/networkd-change-UseMTU-default-to-true.-6837.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=44aa315dd6d9054a5cabd413ec8657b6bfdfc029
* postinst: drop empty/stock /etc/rc.local (LP: #1716979)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e7d071a26a79558771303b0b87f007e650eaebbe
* Improve resolvconf integration.
Make the .path|.service unit that feed resolved data into resolvconf not
generate failures if resolvconf is not installed.
Add a check to make sure that resolved does not read /etc/resolv.conf when that
is symlinked to stub-resolv.conf. (LP: #1717995)
File: debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d9f0f89985a141c1588d67e4868ad68cff6956fb
* Ship systemd sysctl settings.
Patch systemd's default sysctl settings to drop things that are set elsewhere
already.
The promote secondary IP addresses is required for networkd to successfully
renew DHCP leases with a change of an IP address.
Set default package scheduler to Fair Queue CoDel. (LP: #1721223)
Files:
- debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch
- debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7cd041a6d0ef459e4b2a82d8ea5fa1ce05184dfb
* resolved.service: set DefaultDependencies=no (LP: #1734167)
File: debian/patches/resolved.service-set-DefaultDependencies-no.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a6ced6331ff7f99704213547a0b94dc06935d508
* systemd.postinst: enable persistent journal. (LP: #1618188)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f94f18d9dbc085b6a9ff33c141a6e542142f85b5
* Disable LLMNR and MulticastDNS by default LP: #1739672
Files:
- debian/changelog
- debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b4ec428e83696a5cd0405b677a35e97681867629
* Enable qemu tests on all architectures LP: #1749540
Files:
- debian/changelog
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b416d1bdfb4f5e33565178e01ba4c4e3939b6176
* Add "AssumedApparmorLabel=unconfined" to timedate1 dbus service file
(LP: #1749000)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5ad0879e10bbe3d641f940260b93c7eb2cf4624c
* debian/tests/systemd-fsckd: update assertions expectations for v237
fsck got rewritten to use "safe_fork" and whilst previously it would ignore the
error, when fsck is terminated by signal PIPE, it no longer does so. Thus one
should expect systemd-fsck-root.service to have failed in certain test cases.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d5becd9a416b55dcdb7b9a7aba60c4e3d304e6a6
* test/test-functions: launch qemu-system with -vga none.
Should resolve booting qemu-system-ppc64 without seabios.
File: debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=90af1fa893cce5ed49999d16da0b793da6523394
* tests/boot-smoke: ignore udevd connection timeouts resolving colord group.
File: debian/tests/boot-smoke
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e1477b764fa9ef23f5181ef3d31a1332191c3e0b
* tests/systemd-fsckd: ignore systemd_fsck_with_plymouth_failure.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c392e1ca3da67dbf8a7dfe0dcad470f7636f7405
* tests/control: ensure boot-smoke uses latest systemd & udev.
File: debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b7b66380641755bc21fd7dcbc307760b1d18b8af
* Drop systemd.prerm safety check.
On Ubuntu, systemd is the only choice, and is essential, via init ->
systemd-sysv -> systemd dependency chain, thus removing systemd is already
quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
File: debian/systemd.prerm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=0244c4d56556317f14eecc2f51871969ef02ba7b
* wait-online: do not wait, if no links are managed (neither configured, or failed).
(LP: #1728181)
File: debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=31f04c3fc769dacb3cf2a78240a1710a99a865b8
* journald.service: set Nice=-1 to dodge watchdog on soft lockups.
(LP: #1696970)
File: debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e0a9aeffac556492bf517ce2d23313ff7a277926
* Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001).
(LP: #1727237)
File: debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=87d3fe81b7281687ecf3c0b9a8356e90cc714d0b
* Recommend networkd-dispatcher (LP: #1762386)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1e3b2c7e4757119da0d550b0b3c0a6626a176dc
* networkd: if RA was implicit, do not await ndisc_configured.
If RA was iplicit, meaning not otherwise requested, and a kernel default was in
use. Do not prevent link entering configured state, whilst ndisc configuration
is pending. Implicit kernel RA, is expected to be asynchronous and
non-blocking. (LP: #1765173)
File: debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2f749ff528d1b788aa4ca778e954c16b213ee629
* udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i.
This ensures that all scans are completed, before installer reaches
partitioning stage. (LP: #1751813)
Files:
- debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf
- debian/udev-udeb.install
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=eb6d8a2b9504917abb7aa2c4035fdbb7b98227f7
* Disable dh_installinit generation of tmpfiles for the systemd package.
Replace with a manual safe call to systemd-tmpfiles which will process any
updates to the tmpfiles shipped by systemd package, taking into account any
overrides shipped by other packages, sysadmin, or specified in the runtime
directories. (LP: #1748147)
Files:
- debian/rules
- debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fd144cbe31cc7a9383cc76f21f4b84c22a9dd1b
* Enable EFI/bootctl on armhf.
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=043122f7d8a1487bfd357e815a6ece1ceea6e7d1
* boot-and-services: stderr is ok, for status command on the c1 container.
systemctl may print warnings on the stderr when checking the status of
completed units. This should not, overall fail the autopkgtest run.
File: debian/tests/boot-and-services
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=da14d34e7cc33c44ad67e64c9fd092f8cc1675f9
* Skip systemd-fsckd on arm64, because of broken/lack of clean shutdown.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bf5b501ac934497dbef5f64908ff37643dc7288e
* adt: boot-and-services: assert any kernel syslog messages.
It appears that on arm64 the syslog is truncated and is missing early kernel
messages. Print full one, and check for any kernel messages instead.
File: debian/tests/boot-and-services
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=29dc34f7a6e5dc505f6212c17c42e4420b47ed16
* debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin to the kernel (we previously only set it in modprobe.d) LP: #1779815
Files:
- debian/changelog
- debian/extra/start-udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6b72628f8de991e2c67ac4289fc74daf3abe7d14
* units: conditionalize more units to not start in containers.
Files:
- debian/changelog
- debian/patches/debian/UBUNTU-units-block-CAP_SYS_MODULE-units-in-containers-too.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3689afa1a782de8c19a757459b6360de1195ad55
* test-sleep: skip test_fiemap upon inapproriate ioctl for device.
On v4.4 kernels, on top of btrfs ephemeral lxd v3.0 containers generate this
other error code, instead of not supported. Skip the test for both error codes.
File: debian/patches/debian/UBUNTU-test-sleep-skip-test_fiemap-upon-inapproriate-ioctl-.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6ebb5b9f6b77760a5470e8a780d69875b1db76f7
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a5b5fca66c1127068e4ce0cc9ab497814211f4f7
* debian/control: strengthen dependencies.
Make systemd-sysv depend on matching version of systemd. Autopkgtests at times
upgrade systemd-sysv without upgrading systemd. However, upgrading systemd-sysv
alone makes little sense.
Make systemd conflict, rather than just break, systemd-shim. As there are
upgrade failures cause by systemd-shim presence whilst upgrading to new
systemd.
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1ecf0c372f5212129c85ae60fddf26b2271a1fe
* Improve autopkgtest success rate, by bumping up timeouts. (LP: #1789841)
Author: Christian Ehrhardt
File: debian/patches/debian/UBUNTU-bump-selftest-timeouts.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c05586d9da033bbfd6b6a74e10b87520843c7c48
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=64d2b4f1d0d057073fba585f19823332e2a6eed5
* Add conflicts with upstart and systemd-shim. (LP: #1793092)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=83ed7496afc7c27be026014d109855f7d0ad1176
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fd832930ef280c9a4a9dda2440d5a46a6fdb6232
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=51daab96ae79483b5e5fb62e1e0477c87ee11fd1
* Switch gbp.conf to disco.
File: debian/gbp.conf
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fea585b259e3e766d8d3dbc9690e879c054ddc87
* core: set /run size to 10%, like initramfs-tools does.
Currently there is a difference between initrd and initrd-less boots,
w.r.t. size= mount option of /run. This yields different runtime journald caps
(1% vs 10%), and on dense deployments of containers may result in OOM kills.
(LP: #1799251)
File: debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fac2568fe716dc1a41bada78293dc6327a6df0d
* Cherrypick proposed patch to fix LinkLocalAddressing post-unify-MTU settings.
File: debian/patches/networkd-honour-LinkLocalAddressing.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cd9ba0d0f47634c9e5d862b8208cdc3178f25496
systemd (240-4) unstable; urgency=medium
[ Benjamin Drung ]
* Fix shellcheck issues in initramfs-tools scripts
[ Michael Biebl ]
* Import patches from v240-stable branch (up to f02b5472c6)
- Fixes a problem in logind closing the controlling terminal when using
startx. (Closes: #918927)
- Fixes various journald vulnerabilities via attacker controlled alloca.
(CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
* sd-device-monitor: Fix ordering of setting buffer size.
Fixes an issue with uevents not being processed properly during coldplug
stage and some kernel modules not being loaded via "udevadm trigger".
(Closes: #917607)
* meson: Stop setting -fPIE globally.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
(Closes: #909396)
systemd (240-3) unstable; urgency=medium
* udev.init: Trigger add events for subsystems.
Update the SysV init script and mimic the behaviour of the initramfs and
systemd-udev-trigger.service which first trigger subsystems and then
devices during the coldplug stage.
* udevadm: Refuse to run trigger, control, settle and monitor commands in
chroot (Closes: #917633)
* network: Set link state configuring before setting addresses.
Fixes a crash in systemd-networkd caused by an assertion failure.
(Closes: #918658)
* libudev-util: Make util_replace_whitespace() read only len characters.
Fixes a regression where /dev/disk/by-id/ names had additional
underscores.
* man: Update color of journal logs in DEBUG level (Closes: #917948)
* Remove old state directory of systemd-timesyncd on upgrades.
Otherwise timesyncd will fail to update the clock file if it was created
as /var/lib/private/systemd/timesync/clock.
This was the case when the service was using DynamicUser=yes which it no
longer does in v240. (Closes: #918190)
systemd (240-2) unstable; urgency=medium
* Pass separate dev_t var to device_path_parse_major_minor.
Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
* test-json: Check absolute and relative difference in floating point test.
Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
(Closes: #917215)
* sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
Fixes a segfault in systemd-udevd when debug logging is enabled.
* udev-event: Do not read stdout or stderr if the pipefd is not created.
This fixes problems with device-mapper symlinks no longer being created
or certain devices not being marked as ready. (Closes: #917124)
* Don't bump fs.nr_open in PID 1.
In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.
(Closes: #917167)
systemd (240-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 240
- core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
(Closes: #903011)
- machined: Rework referencing of machine scopes from machined
(Closes: #903288)
- timesync: Fix serialization of IP address
(Closes: #916516)
- core: Don't track jobs-finishing-during-reload explicitly
(Closes: #916678)
* Rebase patches
* Install new systemd-id128 binary
* Update symbols file for libsystemd0
* Update nss build options
[ Martin Pitt ]
* tests: Disable some flaky upstream tests.
See https://github.com/systemd/systemd/issues/11195
* tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
See https://github.com/systemd/systemd/issues/11195
systemd (239-15) unstable; urgency=medium
[ Felipe Sateler ]
* Fix container check in udev init script.
Udev needs writable /sys, so the init script tried to check before
starting. Unfortunately, the check was inverted. Let's add the missing
'!' to negate the check.
(Closes: #915261)
* Add myself to uploaders
[ Michael Biebl ]
* Remove obsolete systemd-shim conffile on upgrades.
The D-Bus policy file was dropped from the systemd-shim package in
version 8-4, but apparently there are cases where users removed the
package before that cleanup happened. The D-Bus policy file that was
shipped by systemd-shim was much more restrictive and now prevents
calling GetDynamicUsers() and other recent APIs on systemd Manager.
(Closes: #914285)
systemd (239-14) unstable; urgency=medium
[ Michael Biebl ]
* autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
* resolved: Increase size of TCP stub replies (Closes: #915049)
* meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
Fixes a build failure with glibc 2.28.
* Drop procps dependency from systemd.
The systemd-exit.service user service no longer uses the "kill" binary.
* Simplify container check in udev SysV init script.
Instead of using "ps" to detect a container environment, simply test if
/sys is writable. This matches what's used in systemd-udevd.service via
ConditionPathIsReadWrite=/sys and follows
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
This means we no longer need procps, so drop that dependency from the
udev package. (Closes: #915095)
[ Mert Dirik ]
* 40-systemd: Honour __init_d_script_name.
Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
(if available) to figure out real script name. (Closes: #826214)
* 40-systemd: Improve heuristics for init-d-script.
Improve heuristics for scripts run via init-d-script so that the
redirection works even for older init-d-script versions without the
__init_d_script_name variable.
systemd (239-13) unstable; urgency=medium
* autopktest: Add e2fsprogs dependency to upstream test.
Some of the upstream tests require mkfs.ext4. (Closes: #887250)
* systemctl: Tell update-rc.d to skip creating any systemd symlinks.
When calling update-rc.d via systemd-sysv-install, tell it to skip
creating any systemd symlinks as we want to handle those directly in
systemctl. Older update-rc.d versions will ignore that request, but
that's ok. This means we don't need a versioned dependency against
init-system-helpers. (Closes: #743217)
* pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
(Closes: #825949)
* Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
The patch is no longer necessary as lxc.service now uses Delegate=yes.
* Remove obsolete Replaces from pre-jessie
systemd (239-12) unstable; urgency=high
[ Martin Pitt ]
* Enable QEMU on more architectures in "upstream" autopkgtest.
Taken from the Ubuntu package, so apparently QEMU works well enough on
these architectures now.
* autopkgtest: Avoid test bed reset for boot-smoke.
Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
that autopkgtest doesn't have to provide a new testbed.
* Fix wrong "nobody" group from sysusers.d.
Fix our make-sysusers-basic sysusers.d generator to special-case the
nobody group. "nobody" user and "nogroup" group both have the same ID
65534, which is the only special case for Debian's static users/groups.
So specify the gid explicitly, to avoid systemd-sysusers creating a
dynamic system group for "nobody".
Also clean up the group on upgrades.
Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
[ Michael Biebl ]
* autopkgtest: Use shutil.which() which is provided by Python 3
* Drop non-existing gnuefi=false build option.
This was mistakenly added when converting from autotools to meson.
* core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
Fixes a vulnerability in unit_deserialize which allows an attacker to
supply arbitrary state across systemd re-execution via NotifyAccess.
(CVE-2018-15686, Closes: #912005)
* meson: Use the host architecture compiler/linker for src/boot/efi.
Fixes cross build failure for arm64. (Closes: #905381)
* systemd: Do not pass .wants fragment path to manager_load_unit.
Fixes an issue with overridden units in /etc not being used due to a
.wants/ symlink pointing to /lib. (Closes: #907054)
* machined: When reading os-release file, join PID namespace too.
This ensures that we properly acquire the os-release file from containers.
(Closes: #911231)
systemd (239-11) unstable; urgency=high
[ Michael Biebl ]
* debian/tests/upstream: Clean up after each test run.
Otherwise the loopback images used by qemu are not properly released and
we might run out of disk space.
* dhcp6: Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
handling.
(CVE-2018-15688, LP: #1795921, Closes: #912008)
* chown-recursive: Rework the recursive logic to use O_PATH.
Fixes a race condition in chown_one() which allows an attacker to cause
systemd to set arbitrary permissions on arbitrary files.
(CVE-2018-15687, LP: #1796692, Closes: #912007)
[ Martin Pitt ]
* debian/tests/boot-and-services: Use gdm instead of lightdm.
This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
fails.
[ Manuel A. Fernandez Montecelo ]
* Run "meson test" instead of "ninja test"
Upstream developers of meson recommend to run it in this way, because
"ninja test" just calls "meson test", and by using meson directly and
using extra command line arguments it is possible to control aspects of
how the tests are run.
* Increase timeout for test in riscv64.
The buildds for the riscv64 arch used at the moment are slow, so increase
the timeouts for this arch by a factor of 10, for good measure.
(Closes: #906429)
systemd (239-10) unstable; urgency=medium
[ Michael Biebl ]
* meson: Rename -Ddebug to -Ddebug-extra.
Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.
(Closes: #909455)
* Add conflicts against consolekit.
Letting both ConsoleKit and logind manage dynamic device permissions
will only lead to inconsistent and unexpected results.
[ Felipe Sateler ]
* Link systemctl binary statically against libshared.
This reduces the Pre-Depends list considerably, and is more resilient
against borked installs.
systemd (239-9) unstable; urgency=medium
* autopkgtest: Remove needs-recommends runtime restriction.
This restriction has been deprecated and there are plans to remove it
altogether. The tests pass withouth needs-recommends, so it seems safe
to remove.
* test: Use installed catalogs when test-catalog is not located at build
dir.
This makes it possible to run test-catalog as installed test, so we no
longer need to mark it as EXFAIL in our root-unittests autopkgtest.
* test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
$SYSTEMD_CATALOG_DIR.
This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
the test binaries and should make the build reproducible.
(Closes: #908365)
systemd (239-8) unstable; urgency=medium
[ Michael Biebl ]
* Clean up dbus-org.freedesktop.timesync1.service Alias on purge
(Closes: #904290)
* user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
* core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
* Remove udev control socket on shutdown under sysvinit.
The udev control socket is no longer removed automatically when the
daemon is stopped. As this can confuse other software, update the SysV
init script to remove the control socket manually and make sure the init
script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
(Closes: #791944)
* Bump Standards-Version to 4.2.1
[ Martin Pitt ]
* timedated: Fix wrong PropertyChanged values and refcounting
Date: Mon, 21 Jan 2019 16:09:03 +0000
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/systemd/240-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 21 Jan 2019 16:09:03 +0000
Source: systemd
Binary: systemd systemd-sysv systemd-container systemd-journal-remote systemd-coredump systemd-tests libpam-systemd libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libsystemd0 libsystemd-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb
Architecture: source
Version: 240-4ubuntu1
Distribution: disco
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dimitri John Ledkov <xnox at ubuntu.com>
Description:
libnss-myhostname - nss module providing fallback resolution for the current hostname
libnss-mymachines - nss module to resolve hostnames for local container instances
libnss-resolve - nss module to resolve names via systemd-resolved
libnss-systemd - nss module providing dynamic user and group name resolution
libpam-systemd - system and service manager - PAM module
libsystemd-dev - systemd utility library - development files
libsystemd0 - systemd utility library
libudev-dev - libudev development files
libudev1 - libudev shared library
libudev1-udeb - libudev shared library (udeb)
systemd - system and service manager
systemd-container - systemd container/nspawn tools
systemd-coredump - tools for storing and retrieving coredumps
systemd-journal-remote - tools for sending and receiving remote journal logs
systemd-sysv - system and service manager - SysV links
systemd-tests - tests for systemd
udev - /dev/ and hotplug management daemon
udev-udeb - /dev/ and hotplug management daemon (udeb)
Closes: 743217 791944 825949 826214 887250 903011 903288 904290 904335 905381 906429 907054 908026 908365 909396 909455 911231 912005 912007 912008 912525 914285 915049 915095 915261 916516 916678 917124 917167 917195 917215 917607 917633 917948 918190 918658 918841 918848 918927
Launchpad-Bugs-Fixed: 1576341 1618188 1696970 1712283 1713536 1714301 1716979 1717471 1717995 1721223 1727237 1728181 1734167 1739672 1748147 1749000 1749540 1751813 1758438 1762386 1765173 1773148 1778936 1779815 1789841 1793092 1795921 1796692 1799251 1803391
Changes:
systemd (240-4ubuntu1) disco; urgency=medium
.
* Skip starting systemd-remount-fs.service in containers
even when /etc/fstab is present.
This allows entering fully running state even when /etc/fstab
lists / to be mounted from a device which is not present in the
container. (LP: #1576341)
Author: Balint Reczey
File: debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3bde262e129a9d2c60eeff37e63d3da7d58ce5dd
.
* Set UseDomains to true, by default, on Ubuntu.
On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries
to a preset 3rd party by default. In resolved, dnssec is also disabled by
default, as too much of the internet is broken and using Ubuntu users to debug
the internet is not very productive - most of the time the end-user cannot fix
or know how to notify the site owners about the dnssec mistakes. Inherintally
the DHCP acquired DNS servers are therefore trusted, and are free to spoof
records. Not trusting DNS search domains, in such scenario, provides limited
security or privacy benefits. From user point of view, this also appears to be
a regression from previous Ubuntu releases which do trust DHCP acquired search
domains by default.
Therefore we are enabling UseDomains by default on Ubuntu.
Users may override this setting in the .network files by specifying
[DHCP|IPv6AcceptRA] UseDomains=no|route options.
File: debian/patches/debian/Ubuntu-UseDomains-by-default.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1e5b00cdfd6b9317704e1383d26365a68c041c56
.
* Enable systemd-resolved by default
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=05adfa0902115f51c1196ad623165a75bb8b4313
.
* Create /etc/resolv.conf at postinst, pointing at the stub resolver.
The stub resolver file is dynamically managed by systemd-resolved. It points at
the stub resolver as the nameserver, however it also dynamically updates the
search stanza, thus non-nss dns tools work correctly with unqualified names and
correctly use the DHCP acquired search domains.
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ef4adf46bbbe2d22508b70b889d23da53b85039d
.
* libnss-resolve: do not disable and stop systemd-resolved
resolved is always used by default on ubuntu via stub resolver, therefore it
should continue to operate without libnss-resolve module installed.
File: debian/libnss-resolve.postrm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=95577d14e84e19b614b83b2e24985d89e8c2dac0
.
* Ignore failures to set Nice priority on services in containers.
File: debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5b8e457f8d883fc6f55d33d46b3474926a495d29
.
* units: set ConditionVirtualization=!private-users on journald audit socket.
It fails to start in unprivileged containers.
File: debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=03ed18a9940731bbf794ad320fabf337488835c6
.
* debian/tests: Switch to gdm, enforce udev upgrade.
Files:
- debian/tests/boot-and-services
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f350b43ccc1aa31c745b4ccebbb4084d5cea41ff
.
* Always setup /etc/resolv.conf on new installations.
On new installations, /etc/resolv.conf will always exist. Move it to /run
and replace it with the desired final symlink. (LP: #1712283)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=20bc8a37fa3c9620bed21a56a4eabd71db71d861
.
* Enable systemd-networkd by default.
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e5ff45174306b17077b907bc25cfd763ac6934f1
.
* boot-and-services: skip gdm3 tests when absent, as it is on s390x.
Files:
- debian/tests/boot-and-services
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cf05ba013979f53ad69fd2c548ec01c7a5339f64
.
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimicks the
systemd-udev-trigger.service. Without type specified only devices are
triggered, but triggering subsystems may also be required and should happen
before triggering the devices. This is the case for example on s390x with zdev
generated udev rules. (LP: #1713536)
File: debian/extra/initramfs-tools/scripts/init-top/udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4016ca5629b6c56b41a4f654e7a808c82e290cac
.
* Ubuntu/extra: ship dhclient-enter hook.
This allows isc-dhcp dhclient to set search domains and nameservers via
resolved.
Files:
- debian/extra/dhclient-enter-resolved-hook
- debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f3398a213f80b02bf3db0c1ce9e22d69f6d56764
.
* Disable systemd-networkd-wait-online by default.
Currently it is not fit for purpose, as it leads to long boot times when
networking is unplugged or not yet configured on boot. (LP: #1714301)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=694473d812b50d2fefd6494d494ca02b91bc8785
.
* networkd: change UseMTU default to true.
Cherry-pick upstream change. (LP: #1717471)
File: debian/patches/networkd-change-UseMTU-default-to-true.-6837.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=44aa315dd6d9054a5cabd413ec8657b6bfdfc029
.
* postinst: drop empty/stock /etc/rc.local (LP: #1716979)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e7d071a26a79558771303b0b87f007e650eaebbe
.
* Improve resolvconf integration.
Make the .path|.service unit that feed resolved data into resolvconf not
generate failures if resolvconf is not installed.
Add a check to make sure that resolved does not read /etc/resolv.conf when that
is symlinked to stub-resolv.conf. (LP: #1717995)
File: debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d9f0f89985a141c1588d67e4868ad68cff6956fb
.
* Ship systemd sysctl settings.
Patch systemd's default sysctl settings to drop things that are set elsewhere
already.
The promote secondary IP addresses is required for networkd to successfully
renew DHCP leases with a change of an IP address.
Set default package scheduler to Fair Queue CoDel. (LP: #1721223)
Files:
- debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch
- debian/rules
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7cd041a6d0ef459e4b2a82d8ea5fa1ce05184dfb
.
* resolved.service: set DefaultDependencies=no (LP: #1734167)
File: debian/patches/resolved.service-set-DefaultDependencies-no.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a6ced6331ff7f99704213547a0b94dc06935d508
.
* systemd.postinst: enable persistent journal. (LP: #1618188)
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f94f18d9dbc085b6a9ff33c141a6e542142f85b5
.
* Disable LLMNR and MulticastDNS by default LP: #1739672
Files:
- debian/changelog
- debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b4ec428e83696a5cd0405b677a35e97681867629
.
* Enable qemu tests on all architectures LP: #1749540
Files:
- debian/changelog
- debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b416d1bdfb4f5e33565178e01ba4c4e3939b6176
.
* Add "AssumedApparmorLabel=unconfined" to timedate1 dbus service file
(LP: #1749000)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5ad0879e10bbe3d641f940260b93c7eb2cf4624c
.
* debian/tests/systemd-fsckd: update assertions expectations for v237
fsck got rewritten to use "safe_fork" and whilst previously it would ignore the
error, when fsck is terminated by signal PIPE, it no longer does so. Thus one
should expect systemd-fsck-root.service to have failed in certain test cases.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d5becd9a416b55dcdb7b9a7aba60c4e3d304e6a6
.
* test/test-functions: launch qemu-system with -vga none.
Should resolve booting qemu-system-ppc64 without seabios.
File: debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=90af1fa893cce5ed49999d16da0b793da6523394
.
* tests/boot-smoke: ignore udevd connection timeouts resolving colord group.
File: debian/tests/boot-smoke
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e1477b764fa9ef23f5181ef3d31a1332191c3e0b
.
* tests/systemd-fsckd: ignore systemd_fsck_with_plymouth_failure.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c392e1ca3da67dbf8a7dfe0dcad470f7636f7405
.
* tests/control: ensure boot-smoke uses latest systemd & udev.
File: debian/tests/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b7b66380641755bc21fd7dcbc307760b1d18b8af
.
* Drop systemd.prerm safety check.
On Ubuntu, systemd is the only choice, and is essential, via init ->
systemd-sysv -> systemd dependency chain, thus removing systemd is already
quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
File: debian/systemd.prerm
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=0244c4d56556317f14eecc2f51871969ef02ba7b
.
* wait-online: do not wait, if no links are managed (neither configured, or failed).
(LP: #1728181)
File: debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=31f04c3fc769dacb3cf2a78240a1710a99a865b8
.
* journald.service: set Nice=-1 to dodge watchdog on soft lockups.
(LP: #1696970)
File: debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e0a9aeffac556492bf517ce2d23313ff7a277926
.
* Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001).
(LP: #1727237)
File: debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=87d3fe81b7281687ecf3c0b9a8356e90cc714d0b
.
* Recommend networkd-dispatcher (LP: #1762386)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1e3b2c7e4757119da0d550b0b3c0a6626a176dc
.
* networkd: if RA was implicit, do not await ndisc_configured.
If RA was iplicit, meaning not otherwise requested, and a kernel default was in
use. Do not prevent link entering configured state, whilst ndisc configuration
is pending. Implicit kernel RA, is expected to be asynchronous and
non-blocking. (LP: #1765173)
File: debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2f749ff528d1b788aa4ca778e954c16b213ee629
.
* udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i.
This ensures that all scans are completed, before installer reaches
partitioning stage. (LP: #1751813)
Files:
- debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf
- debian/udev-udeb.install
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=eb6d8a2b9504917abb7aa2c4035fdbb7b98227f7
.
* Disable dh_installinit generation of tmpfiles for the systemd package.
Replace with a manual safe call to systemd-tmpfiles which will process any
updates to the tmpfiles shipped by systemd package, taking into account any
overrides shipped by other packages, sysadmin, or specified in the runtime
directories. (LP: #1748147)
Files:
- debian/rules
- debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fd144cbe31cc7a9383cc76f21f4b84c22a9dd1b
.
* Enable EFI/bootctl on armhf.
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=043122f7d8a1487bfd357e815a6ece1ceea6e7d1
.
* boot-and-services: stderr is ok, for status command on the c1 container.
systemctl may print warnings on the stderr when checking the status of
completed units. This should not, overall fail the autopkgtest run.
File: debian/tests/boot-and-services
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=da14d34e7cc33c44ad67e64c9fd092f8cc1675f9
.
* Skip systemd-fsckd on arm64, because of broken/lack of clean shutdown.
File: debian/tests/systemd-fsckd
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bf5b501ac934497dbef5f64908ff37643dc7288e
.
* adt: boot-and-services: assert any kernel syslog messages.
It appears that on arm64 the syslog is truncated and is missing early kernel
messages. Print full one, and check for any kernel messages instead.
File: debian/tests/boot-and-services
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=29dc34f7a6e5dc505f6212c17c42e4420b47ed16
.
* debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin to the kernel (we previously only set it in modprobe.d) LP: #1779815
Files:
- debian/changelog
- debian/extra/start-udev
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6b72628f8de991e2c67ac4289fc74daf3abe7d14
.
* units: conditionalize more units to not start in containers.
Files:
- debian/changelog
- debian/patches/debian/UBUNTU-units-block-CAP_SYS_MODULE-units-in-containers-too.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3689afa1a782de8c19a757459b6360de1195ad55
.
* test-sleep: skip test_fiemap upon inapproriate ioctl for device.
On v4.4 kernels, on top of btrfs ephemeral lxd v3.0 containers generate this
other error code, instead of not supported. Skip the test for both error codes.
File: debian/patches/debian/UBUNTU-test-sleep-skip-test_fiemap-upon-inapproriate-ioctl-.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6ebb5b9f6b77760a5470e8a780d69875b1db76f7
.
* Re-add support for /etc/writable for core18. (LP: #1778936)
Author: Michael Vogt
File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a5b5fca66c1127068e4ce0cc9ab497814211f4f7
.
* debian/control: strengthen dependencies.
Make systemd-sysv depend on matching version of systemd. Autopkgtests at times
upgrade systemd-sysv without upgrading systemd. However, upgrading systemd-sysv
alone makes little sense.
Make systemd conflict, rather than just break, systemd-shim. As there are
upgrade failures cause by systemd-shim presence whilst upgrading to new
systemd.
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d1ecf0c372f5212129c85ae60fddf26b2271a1fe
.
* Improve autopkgtest success rate, by bumping up timeouts. (LP: #1789841)
Author: Christian Ehrhardt
File: debian/patches/debian/UBUNTU-bump-selftest-timeouts.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c05586d9da033bbfd6b6a74e10b87520843c7c48
.
* units: Disable journald Watchdog (LP: #1773148)
File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=64d2b4f1d0d057073fba585f19823332e2a6eed5
.
* Add conflicts with upstart and systemd-shim. (LP: #1793092)
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=83ed7496afc7c27be026014d109855f7d0ad1176
.
* Specify Ubuntu's Vcs-Git
File: debian/control
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fd832930ef280c9a4a9dda2440d5a46a6fdb6232
.
* debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
(LP: #1803391)
Author: Balint Reczey
File: debian/systemd.postinst
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=51daab96ae79483b5e5fb62e1e0477c87ee11fd1
.
* Switch gbp.conf to disco.
File: debian/gbp.conf
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fea585b259e3e766d8d3dbc9690e879c054ddc87
.
* core: set /run size to 10%, like initramfs-tools does.
Currently there is a difference between initrd and initrd-less boots,
w.r.t. size= mount option of /run. This yields different runtime journald caps
(1% vs 10%), and on dense deployments of containers may result in OOM kills.
(LP: #1799251)
File: debian/patches/debian/UBUNTU-core-set-run-size-to-10-like-initramfs-tools-does.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1fac2568fe716dc1a41bada78293dc6327a6df0d
.
* Cherrypick proposed patch to fix LinkLocalAddressing post-unify-MTU settings.
File: debian/patches/networkd-honour-LinkLocalAddressing.patch
https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cd9ba0d0f47634c9e5d862b8208cdc3178f25496
.
systemd (240-4) unstable; urgency=medium
.
[ Benjamin Drung ]
* Fix shellcheck issues in initramfs-tools scripts
.
[ Michael Biebl ]
* Import patches from v240-stable branch (up to f02b5472c6)
- Fixes a problem in logind closing the controlling terminal when using
startx. (Closes: #918927)
- Fixes various journald vulnerabilities via attacker controlled alloca.
(CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
* sd-device-monitor: Fix ordering of setting buffer size.
Fixes an issue with uevents not being processed properly during coldplug
stage and some kernel modules not being loaded via "udevadm trigger".
(Closes: #917607)
* meson: Stop setting -fPIE globally.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
(Closes: #909396)
.
systemd (240-3) unstable; urgency=medium
.
* udev.init: Trigger add events for subsystems.
Update the SysV init script and mimic the behaviour of the initramfs and
systemd-udev-trigger.service which first trigger subsystems and then
devices during the coldplug stage.
* udevadm: Refuse to run trigger, control, settle and monitor commands in
chroot (Closes: #917633)
* network: Set link state configuring before setting addresses.
Fixes a crash in systemd-networkd caused by an assertion failure.
(Closes: #918658)
* libudev-util: Make util_replace_whitespace() read only len characters.
Fixes a regression where /dev/disk/by-id/ names had additional
underscores.
* man: Update color of journal logs in DEBUG level (Closes: #917948)
* Remove old state directory of systemd-timesyncd on upgrades.
Otherwise timesyncd will fail to update the clock file if it was created
as /var/lib/private/systemd/timesync/clock.
This was the case when the service was using DynamicUser=yes which it no
longer does in v240. (Closes: #918190)
.
systemd (240-2) unstable; urgency=medium
.
* Pass separate dev_t var to device_path_parse_major_minor.
Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
* test-json: Check absolute and relative difference in floating point test.
Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
(Closes: #917215)
* sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
Fixes a segfault in systemd-udevd when debug logging is enabled.
* udev-event: Do not read stdout or stderr if the pipefd is not created.
This fixes problems with device-mapper symlinks no longer being created
or certain devices not being marked as ready. (Closes: #917124)
* Don't bump fs.nr_open in PID 1.
In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.
(Closes: #917167)
.
systemd (240-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 240
- core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
(Closes: #903011)
- machined: Rework referencing of machine scopes from machined
(Closes: #903288)
- timesync: Fix serialization of IP address
(Closes: #916516)
- core: Don't track jobs-finishing-during-reload explicitly
(Closes: #916678)
* Rebase patches
* Install new systemd-id128 binary
* Update symbols file for libsystemd0
* Update nss build options
.
[ Martin Pitt ]
* tests: Disable some flaky upstream tests.
See https://github.com/systemd/systemd/issues/11195
* tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
See https://github.com/systemd/systemd/issues/11195
.
systemd (239-15) unstable; urgency=medium
.
[ Felipe Sateler ]
* Fix container check in udev init script.
Udev needs writable /sys, so the init script tried to check before
starting. Unfortunately, the check was inverted. Let's add the missing
'!' to negate the check.
(Closes: #915261)
* Add myself to uploaders
.
[ Michael Biebl ]
* Remove obsolete systemd-shim conffile on upgrades.
The D-Bus policy file was dropped from the systemd-shim package in
version 8-4, but apparently there are cases where users removed the
package before that cleanup happened. The D-Bus policy file that was
shipped by systemd-shim was much more restrictive and now prevents
calling GetDynamicUsers() and other recent APIs on systemd Manager.
(Closes: #914285)
.
systemd (239-14) unstable; urgency=medium
.
[ Michael Biebl ]
* autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
* resolved: Increase size of TCP stub replies (Closes: #915049)
* meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
Fixes a build failure with glibc 2.28.
* Drop procps dependency from systemd.
The systemd-exit.service user service no longer uses the "kill" binary.
* Simplify container check in udev SysV init script.
Instead of using "ps" to detect a container environment, simply test if
/sys is writable. This matches what's used in systemd-udevd.service via
ConditionPathIsReadWrite=/sys and follows
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
This means we no longer need procps, so drop that dependency from the
udev package. (Closes: #915095)
.
[ Mert Dirik ]
* 40-systemd: Honour __init_d_script_name.
Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
(if available) to figure out real script name. (Closes: #826214)
* 40-systemd: Improve heuristics for init-d-script.
Improve heuristics for scripts run via init-d-script so that the
redirection works even for older init-d-script versions without the
__init_d_script_name variable.
.
systemd (239-13) unstable; urgency=medium
.
* autopktest: Add e2fsprogs dependency to upstream test.
Some of the upstream tests require mkfs.ext4. (Closes: #887250)
* systemctl: Tell update-rc.d to skip creating any systemd symlinks.
When calling update-rc.d via systemd-sysv-install, tell it to skip
creating any systemd symlinks as we want to handle those directly in
systemctl. Older update-rc.d versions will ignore that request, but
that's ok. This means we don't need a versioned dependency against
init-system-helpers. (Closes: #743217)
* pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
(Closes: #825949)
* Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
The patch is no longer necessary as lxc.service now uses Delegate=yes.
* Remove obsolete Replaces from pre-jessie
.
systemd (239-12) unstable; urgency=high
.
[ Martin Pitt ]
* Enable QEMU on more architectures in "upstream" autopkgtest.
Taken from the Ubuntu package, so apparently QEMU works well enough on
these architectures now.
* autopkgtest: Avoid test bed reset for boot-smoke.
Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
that autopkgtest doesn't have to provide a new testbed.
* Fix wrong "nobody" group from sysusers.d.
Fix our make-sysusers-basic sysusers.d generator to special-case the
nobody group. "nobody" user and "nogroup" group both have the same ID
65534, which is the only special case for Debian's static users/groups.
So specify the gid explicitly, to avoid systemd-sysusers creating a
dynamic system group for "nobody".
Also clean up the group on upgrades.
Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
.
[ Michael Biebl ]
* autopkgtest: Use shutil.which() which is provided by Python 3
* Drop non-existing gnuefi=false build option.
This was mistakenly added when converting from autotools to meson.
* core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
Fixes a vulnerability in unit_deserialize which allows an attacker to
supply arbitrary state across systemd re-execution via NotifyAccess.
(CVE-2018-15686, Closes: #912005)
* meson: Use the host architecture compiler/linker for src/boot/efi.
Fixes cross build failure for arm64. (Closes: #905381)
* systemd: Do not pass .wants fragment path to manager_load_unit.
Fixes an issue with overridden units in /etc not being used due to a
.wants/ symlink pointing to /lib. (Closes: #907054)
* machined: When reading os-release file, join PID namespace too.
This ensures that we properly acquire the os-release file from containers.
(Closes: #911231)
.
systemd (239-11) unstable; urgency=high
.
[ Michael Biebl ]
* debian/tests/upstream: Clean up after each test run.
Otherwise the loopback images used by qemu are not properly released and
we might run out of disk space.
* dhcp6: Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
handling.
(CVE-2018-15688, LP: #1795921, Closes: #912008)
* chown-recursive: Rework the recursive logic to use O_PATH.
Fixes a race condition in chown_one() which allows an attacker to cause
systemd to set arbitrary permissions on arbitrary files.
(CVE-2018-15687, LP: #1796692, Closes: #912007)
.
[ Martin Pitt ]
* debian/tests/boot-and-services: Use gdm instead of lightdm.
This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
fails.
.
[ Manuel A. Fernandez Montecelo ]
* Run "meson test" instead of "ninja test"
Upstream developers of meson recommend to run it in this way, because
"ninja test" just calls "meson test", and by using meson directly and
using extra command line arguments it is possible to control aspects of
how the tests are run.
* Increase timeout for test in riscv64.
The buildds for the riscv64 arch used at the moment are slow, so increase
the timeouts for this arch by a factor of 10, for good measure.
(Closes: #906429)
.
systemd (239-10) unstable; urgency=medium
.
[ Michael Biebl ]
* meson: Rename -Ddebug to -Ddebug-extra.
Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.
(Closes: #909455)
* Add conflicts against consolekit.
Letting both ConsoleKit and logind manage dynamic device permissions
will only lead to inconsistent and unexpected results.
.
[ Felipe Sateler ]
* Link systemctl binary statically against libshared.
This reduces the Pre-Depends list considerably, and is more resilient
against borked installs.
.
systemd (239-9) unstable; urgency=medium
.
* autopkgtest: Remove needs-recommends runtime restriction.
This restriction has been deprecated and there are plans to remove it
altogether. The tests pass withouth needs-recommends, so it seems safe
to remove.
* test: Use installed catalogs when test-catalog is not located at build
dir.
This makes it possible to run test-catalog as installed test, so we no
longer need to mark it as EXFAIL in our root-unittests autopkgtest.
* test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
$SYSTEMD_CATALOG_DIR.
This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
the test binaries and should make the build reproducible.
(Closes: #908365)
.
systemd (239-8) unstable; urgency=medium
.
[ Michael Biebl ]
* Clean up dbus-org.freedesktop.timesync1.service Alias on purge
(Closes: #904290)
* user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
* core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
* Remove udev control socket on shutdown under sysvinit.
The udev control socket is no longer removed automatically when the
daemon is stopped. As this can confuse other software, update the SysV
init script to remove the control socket manually and make sure the init
script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
(Closes: #791944)
* Bump Standards-Version to 4.2.1
.
[ Martin Pitt ]
* timedated: Fix wrong PropertyChanged values and refcounting
Checksums-Sha1:
993ce3ad27da8b5f018e239bb6febed10f62531a 4703 systemd_240-4ubuntu1.dsc
09014c22f8fd6b98b7fd6eca40e44194b0a49931 7582001 systemd_240.orig.tar.gz
bb4ff1426e06988595e036d8843eb256239e0fbc 184672 systemd_240-4ubuntu1.debian.tar.xz
c8c613ff39ce8ddc83cd28cbf1c1a42b1b1994ee 10701 systemd_240-4ubuntu1_source.buildinfo
Checksums-Sha256:
b6b6d09dd05980665ee43e9adaab2ecf554a807050d26db32b853458a8993922 4703 systemd_240-4ubuntu1.dsc
8f15aec1ac926e13a21a04d0ca3fe371f7004951448142a6f8952075c5b5f0b5 7582001 systemd_240.orig.tar.gz
b4ffd6cbbe68404e91385167b844599097b363ea2df056913025d491b96ce59a 184672 systemd_240-4ubuntu1.debian.tar.xz
455cb413d5ca36a0db14a0d736557661c390332c881ecc9bb1c1f16bfa966ccb 10701 systemd_240-4ubuntu1_source.buildinfo
Files:
4e71f45b08e132a83af38226ee42d8a8 4703 admin optional systemd_240-4ubuntu1.dsc
0e4f91b513d4b04e2c10a5173e5a87b2 7582001 admin optional systemd_240.orig.tar.gz
c76cd7ccf0f8252e215e7c34c8baa4a6 184672 admin optional systemd_240-4ubuntu1.debian.tar.xz
e63fcf30567944e94986affdd66daf7f 10701 admin optional systemd_240-4ubuntu1_source.buildinfo
Original-Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQFPBAEBCgA5FiEEdzyZ69ChEXIhenw/ysLYuc0spfkFAlxF7swbHGRpbWl0cmku
ai5sZWRrb3ZAaW50ZWwuY29tAAoJEMrC2LnNLKX5wOgH/0INOGs3f5z5RA4HEKqG
d17vDD1qZf+kvdcVCrSDMqMsQ1M+7r0gVMXqA+YEyXmBFkThdfrp1QMal+Lwmy6f
qZlrBdid/fWy0gHWUwSNNk8WzLVB/Pfaixid9d1WfWePCg92I9cBy7oKjBPjhswc
siYtGDN1eXvcAIHC+uquijxjqpGaOmGnhNYf0mWBqM9p2+q0b54W5nEJQ0+mB1ch
FFkVdRXNN5q5pcaWFHaP7yng6JjyL/dtbsPASlak7wnHFXHRI7P9K5rQiSF5khHh
VBXIpuYxVvJcyB/H/A2v9E2XDaPmp1oAoql8JRwKnOjnxPDOmOD0fbtaHAwP7lo1
j1I=
=ZfnH
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list