diff -Nru systemd-239/debian/changelog systemd-239/debian/changelog --- systemd-239/debian/changelog 2019-02-12 00:41:18.000000000 +0000 +++ systemd-239/debian/changelog 2019-04-03 10:52:48.000000000 +0000 @@ -1,3 +1,28 @@ +systemd (239-7ubuntu10.12) cosmic-security; urgency=medium + + * SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to + incorrect Policykit authorization + - debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than + getenv() in pam_systemd.c + - CVE-2019-3842 + + -- Chris Coulson Wed, 03 Apr 2019 11:52:48 +0100 + +systemd (239-7ubuntu10.11) cosmic; urgency=medium + + * virt: detect WSL environment as a container (LP: #1816753) + + -- Balint Reczey Mon, 25 Mar 2019 11:30:22 +0100 + +systemd (239-7ubuntu10.10) cosmic; urgency=medium + + [ Victor Tapia ] + * d/p/stop-mount-error-propagation.patch: + keep mount errors local to the failing mount point instead of + blocking the processing of all mounts (LP: #1755863) + + -- Dan Streetman Thu, 28 Feb 2019 14:29:48 -0500 + systemd (239-7ubuntu10.8) cosmic-security; urgency=medium * SECURITY UPDATE: denial of service via crafted dbus message diff -Nru systemd-239/debian/patches/CVE-2019-3842.patch systemd-239/debian/patches/CVE-2019-3842.patch --- systemd-239/debian/patches/CVE-2019-3842.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-239/debian/patches/CVE-2019-3842.patch 2019-04-03 10:52:45.000000000 +0000 @@ -0,0 +1,35 @@ +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -354,27 +354,27 @@ + + seat = pam_getenv(handle, "XDG_SEAT"); + if (isempty(seat)) +- seat = getenv("XDG_SEAT"); ++ seat = secure_getenv("XDG_SEAT"); + + cvtnr = pam_getenv(handle, "XDG_VTNR"); + if (isempty(cvtnr)) +- cvtnr = getenv("XDG_VTNR"); ++ cvtnr = secure_getenv("XDG_VTNR"); + + type = pam_getenv(handle, "XDG_SESSION_TYPE"); + if (isempty(type)) +- type = getenv("XDG_SESSION_TYPE"); ++ type = secure_getenv("XDG_SESSION_TYPE"); + if (isempty(type)) + type = type_pam; + + class = pam_getenv(handle, "XDG_SESSION_CLASS"); + if (isempty(class)) +- class = getenv("XDG_SESSION_CLASS"); ++ class = secure_getenv("XDG_SESSION_CLASS"); + if (isempty(class)) + class = class_pam; + + desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP"); + if (isempty(desktop)) +- desktop = getenv("XDG_SESSION_DESKTOP"); ++ desktop = secure_getenv("XDG_SESSION_DESKTOP"); + + tty = strempty(tty); + diff -Nru systemd-239/debian/patches/series systemd-239/debian/patches/series --- systemd-239/debian/patches/series 2019-02-12 00:41:18.000000000 +0000 +++ systemd-239/debian/patches/series 2019-04-03 10:52:48.000000000 +0000 @@ -102,3 +102,6 @@ CVE-2019-6454.patch sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch journal-do-not-remove-multiple-spaces-after-identifi.patch +stop-mount-error-propagation.patch +virt-detect-WSL-environment-as-a-container-id-wsl.patch +CVE-2019-3842.patch diff -Nru systemd-239/debian/patches/stop-mount-error-propagation.patch systemd-239/debian/patches/stop-mount-error-propagation.patch --- systemd-239/debian/patches/stop-mount-error-propagation.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-239/debian/patches/stop-mount-error-propagation.patch 2019-03-25 10:30:22.000000000 +0000 @@ -0,0 +1,48 @@ +Author: Lennart Poettering +Date: Wed Nov 28 12:41:44 2018 +0100 +Subject: mount: don't propagate errors from mount_setup_unit() further up + + If we can't process a specific line in /proc/self/mountinfo we should + log about it (which we do), but this should not affect other lines, nor + further processing of mount units. Let's keep these failures local. + + Fixes: #10874 + +Origin: upstream, https://github.com/systemd/systemd/commit/ba0d56f55f2073164799be714b5bd1aad94d059a +Bug: https://github.com/systemd/systemd/issues/10874 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1755863 + +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1589,7 +1589,7 @@ + static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { + _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL; + _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL; +- int r = 0; ++ int r; + + assert(m); + +@@ -1602,7 +1602,6 @@ + if (r < 0) + return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m"); + +- r = 0; + for (;;) { + struct libmnt_fs *fs; + const char *device, *path, *options, *fstype; +@@ -1631,12 +1630,10 @@ + + device_found_node(m, d, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT); + +- k = mount_setup_unit(m, d, p, options, fstype, set_flags); +- if (r == 0 && k < 0) +- r = k; ++ (void) mount_setup_unit(m, d, p, options, fstype, set_flags); + } + +- return r; ++ return 0; + } + + static void mount_shutdown(Manager *m) { diff -Nru systemd-239/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch systemd-239/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch --- systemd-239/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-239/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch 2019-03-25 10:30:22.000000000 +0000 @@ -0,0 +1,116 @@ +From: Balint Reczey +Date: Wed, 6 Mar 2019 18:46:04 +0100 +Subject: virt: detect WSL environment as a container (id: wsl) + +--- + man/systemd-detect-virt.xml | 13 ++++++++++++- + man/systemd.unit.xml | 3 ++- + src/basic/virt.c | 12 ++++++++++++ + src/basic/virt.h | 1 + + 4 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index c4763fd..9e37fd1 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -126,7 +126,7 @@ + + + +- Container ++ Container + openvz + OpenVZ/Virtuozzo + +@@ -155,6 +155,11 @@ + rkt + rkt app container runtime + ++ ++ ++ wsl ++ Windows Subsystem for Linux ++ + + + +@@ -164,6 +169,12 @@ + machine and container virtualization are used in + conjunction, only the latter will be identified (unless + is passed). ++ Windows Subsystem for Linux is not a Linux container, ++ but an environment for running Linux userspace applications on ++ top of the Windows kernel using a Linux-compatible interface. ++ WSL is categorized as a container for practical purposes. ++ Multiple WSL environments share the same kernel and services ++ should generally behave like when being run in a container. + + + +diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml +index 7605c43..6c2ee31 100644 +--- a/man/systemd.unit.xml ++++ b/man/systemd.unit.xml +@@ -1066,7 +1066,8 @@ + lxc-libvirt, + systemd-nspawn, + docker, +- rkt to test ++ rkt, ++ wsl to test + against a specific implementation, or + private-users to check whether we are running in a user namespace. See + systemd-detect-virt1 +diff --git a/src/basic/virt.c b/src/basic/virt.c +index d347732..235e9f7 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -419,10 +419,12 @@ int detect_container(void) { + { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN }, + { "docker", VIRTUALIZATION_DOCKER }, + { "rkt", VIRTUALIZATION_RKT }, ++ { "wsl", VIRTUALIZATION_WSL }, + }; + + static thread_local int cached_found = _VIRTUALIZATION_INVALID; + _cleanup_free_ char *m = NULL; ++ _cleanup_free_ char *o = NULL; + const char *e = NULL; + unsigned j; + int r; +@@ -437,6 +439,15 @@ int detect_container(void) { + goto finish; + } + ++ /* "Official" way of detecting WSL https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364 */ ++ r = read_one_line_file("/proc/sys/kernel/osrelease", &o); ++ if (r >= 0) { ++ if (strstr(o, "Microsoft") || strstr(o, "WSL")) { ++ r = VIRTUALIZATION_WSL; ++ goto finish; ++ } ++ } ++ + if (getpid_cached() == 1) { + /* If we are PID 1 we can just check our own environment variable, and that's authoritative. */ + +@@ -619,6 +630,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_OPENVZ] = "openvz", + [VIRTUALIZATION_DOCKER] = "docker", + [VIRTUALIZATION_RKT] = "rkt", ++ [VIRTUALIZATION_WSL] = "wsl", + [VIRTUALIZATION_CONTAINER_OTHER] = "container-other", + }; + +diff --git a/src/basic/virt.h b/src/basic/virt.h +index c4cf4bf..a603fd4 100644 +--- a/src/basic/virt.h ++++ b/src/basic/virt.h +@@ -31,6 +31,7 @@ enum { + VIRTUALIZATION_OPENVZ, + VIRTUALIZATION_DOCKER, + VIRTUALIZATION_RKT, ++ VIRTUALIZATION_WSL, + VIRTUALIZATION_CONTAINER_OTHER, + VIRTUALIZATION_CONTAINER_LAST = VIRTUALIZATION_CONTAINER_OTHER, +