Change logs for systemd source package in Bionic

  • systemd (237-3ubuntu10.21) bionic; urgency=medium
    
      * d/p/networkd-fix-dhcp4-link-without-routes-not-being-con.patch:
        - fix dhcp4 link without routes not being considered ready
        - (LP: #1804478)
    
     -- Dan Streetman <email address hidden>  Mon, 15 Apr 2019 08:29:50 -0400
  • systemd (237-3ubuntu10.20) bionic; urgency=medium
    
      [ Ioanna Alifieraki ]
      * d/p/backport_network-fix-return-value-of-routing_policy_rule_get.patch,
        d/p/backport_network-remove-routing-policy-rule-from-foreign.patch,
        d/p/backport_network-do-not-remove-rule-when-requested-by-existing-links.patch:
        - Fix RoutingPolicyRule does not apply correctly (LP: #1818282)
    
      [ Dan Streetman ]
      * d/p/fix-test-22.patch
        - fix TEST-22 failures
      * d/p/networkd-Track-address-configuration.patch,
        d/p/networkd-Use-only-a-generic-CONFIGURING-state.patch,
        d/p/networkd-don-t-remove-route.patch,
        d/p/networkd-don-t-remove-ip-address.patch,
        d/p/Move-link_check_ready-to-later-in-the-file.patch,
        d/p/network-set-_configured-flags-to-false-before-reques.patch,
        d/p/Install-routes-after-addresses-are-ready.patch:
        - PreferredSource not working in *.network files (LP: #1812760)
    
      [ Dimitri John Ledkov ]
      * Specify Ubuntu's Vcs-Git
    
     -- Dan Streetman <email address hidden>  Thu, 04 Apr 2019 07:29:38 -0400
  • systemd (237-3ubuntu10.19) bionic-security; urgency=medium
    
      * SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to
        incorrect Policykit authorization
        - debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than
          getenv() in pam_systemd.c
        - CVE-2019-3842
    
     -- Chris Coulson <email address hidden>  Fri, 29 Mar 2019 16:40:26 +0000
  • systemd (237-3ubuntu10.17) bionic; urgency=medium
    
      [ Michael Vogt ]
      * d/p/Support-system-image-read-only-etc.patch:
        - re-add support for /etc/writable for core18 (LP: #1778936)
      * d/p/fix-race-daemon-reload-8803.patch:
        - backport systemd upstream PR#8803 and PR#11121 to fix race
          when doing systemctl and systemctl daemon-reload at the
          same time LP: #1819728
    
      [ Balint Reczey ]
       * d/p/virt-detect-WSL-environment-as-a-container.patch:
         - virt: detect WSL environment as a container (LP: #1816753)
    
     -- Michael Vogt <email address hidden>  Mon, 18 Mar 2019 08:40:44 +0100
  • systemd (237-3ubuntu10.16) bionic; urgency=medium
    
      * d/p/Support-system-image-read-only-etc.patch:
        - re-add support for /etc/writable for core18 (LP: #1778936)
      * d/p/fix-race-daemon-reload-8803.patch:
        - backport systemd upstream PR#8803 to fix race when doing
          systemctl and systemctl daemon-reload at the same time
          LP: #1819728
    
     -- Michael Vogt <email address hidden>  Wed, 13 Mar 2019 07:42:11 +0100
  • systemd (237-3ubuntu10.15) bionic; urgency=medium
    
      [ Victor Tapia ]
      * d/p/stop-mount-error-propagation.patch:
        keep mount errors local to the failing mount point instead of blocking
        the processing of all mounts (LP: #1755863)
    
     -- Dan Streetman <email address hidden>  Thu, 28 Feb 2019 16:03:40 -0500
  • systemd (237-3ubuntu10.14) bionic; urgency=medium
    
      [ Victor Tapia ]
      * d/p/stop-mount-error-propagation.patch:
        keep mount errors local to the failing mount point instead of blocking
        the processing of all mounts (LP: #1755863)
    
      [ Daniel Axtens ]
      * Fix an issue where IPv6 routes that specified PreferredSource
        would not be added - upstream bug #5882. (LP: #1812760)
        - debian/patches/networkd-don-t-remove-ip-address.patch,
          debian/patches/networkd-don-t-remove-route.patch: don't clear out all
          IP addresses and routes when starting, only ones not in the config.
          Required for the remaining patches to fully cover the field.
        - debian/patches/Move-link_check_ready-to-later-in-the-file.patch,
          debian/patches/Install-routes-after-addresses-are-ready.patch: wait
          until addresses are ready (not tentative) before installing routes,
          allowing routes with IPv6 source addresses to work.
    
     -- Dan Streetman <email address hidden>  Thu, 28 Feb 2019 16:03:40 -0500
  • systemd (237-3ubuntu10.13) bionic-security; urgency=medium
    
      * SECURITY UPDATE: denial of service via crafted dbus message
        - debian/patches/CVE-2019-6454.patch: sd-bus: enforce a size limit for
          dbus paths, and don't allocate them on the stack
        - debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch:
          sd-bus: if we receive an invalid dbus message, ignore and proceeed
        - CVE-2019-6454
    
      * Do not remove multiple spaces after identifier in syslog message
        - add debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch
    
     -- Chris Coulson <email address hidden>  Wed, 13 Feb 2019 21:32:34 +0000
  • systemd (237-3ubuntu10.12) bionic; urgency=medium
    
      * d/p/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch
        getaddrinfo() failures when fallback to dns tcp queries, so enable
        edns0 in resolv.conf (LP: #1811471)
    
      [ Victor Tapia ]
      * d/p/resolved-Increase-size-of-TCP-stub-replies.patch
        dns failures with edns0 disabled and truncated response (LP: #1804487)
    
     -- Dan Streetman <email address hidden>  Tue, 29 Jan 2019 14:26:48 -0500
  • systemd (237-3ubuntu10.11) bionic-security; urgency=medium
    
      * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
        - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
          entry for process commandline on the stack
        - CVE-2018-16864
      * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
        - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
          number of fields (1k)
        - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
          number of fields in a message
        - CVE-2018-16865
      * SECURITY UPDATE: out-of-bounds read in journald
        - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
        - CVE-2018-16866
    
      * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
        - add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
        - update debian/patches/series
      * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
        - add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
        - update debian/patches/series
    
     -- Chris Coulson <email address hidden>  Wed, 09 Jan 2019 15:11:53 +0000
  • systemd (237-3ubuntu10.10) bionic; urgency=medium
    
      * debian/extra/start-udev: ignore failure to set sync parameter.
        On old kernels (e.g. v4.4) the file is available but appears to be
        non-writable. Hide error messages and ignore failure to write out sync into the
        parameters file. This does not regress https://pad.lv/1779815 since older
        kernel did synchronous scan anyway. But it does resolve failure to start the
        installer on old kernels. (LP: #1784454)
        File: debian/extra/start-udev
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=98862745cf9cbbb74ea6b30ecd29e45a17feff95
    
      * Add conflicts with upstart and systemd-shim. (LP: #1773859)
        File: debian/control
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5ca89133e790fd0942e0ad81fa0c6998032d8882
    
      * units: Disable journald Watchdog (LP: #1773148)
        File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=779d89090e81ec832417146f4a858626febfb595
    
      * cryptsetup: add support for sector-size= option (LP: #1776626)
        File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2de081e8901f1780c3c1ffe586e40d2d8e8df1ed
    
      * Re-add support for /etc/writable for core18. (LP: #1778936)
        Author: Michael Vogt
        File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b2c03bbc5ae7d3e9bf3c9dde9aa6c247c3f6573b
    
      * systemctl: correctly proceed to immediate shutdown if scheduling fails
        (LP: #1670291)
        File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e69ab6c34b9bb7cd1b42a6ad7d24d7ce0ca103f5
    
      * core: export environment when running generators.
        Ensure that manager's environment (including e.g. PATH) is exported when
        running generators. Otherwise, one is at a mercy of running without PATH which
        can lead to buggy generator behaviour. (LP: #1771858)
        Files:
        - debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
        - debian/patches/core-execute-generators-with-manager-s-environmnet.patch
        - debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=76b0ec80fdff83b8a14596fe001e2e9fccd83bf2
    
      * networkd: add support to set IPv6MTUBytes (LP: #1671951)
        File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b700a36f3d272e740460619ad7a5f489dadd010f
    
      * Specify Ubuntu's Vcs-Git
        File: debian/control
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a69e9713d513fb1cdf547e1cc7f21d283cdd9a74
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 19 Nov 2018 17:48:47 +0000
  • systemd (237-3ubuntu10.9) bionic-security; urgency=medium
    
      [ Chris Coulson ]
      * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
        - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
          resolve this completely
        - CVE-2018-6954
    
      [ Balint Reczey ]
      * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
        - update debian/systemd.postinst
    
     -- Chris Coulson <email address hidden>  Thu, 15 Nov 2018 20:45:11 +0000
  • systemd (237-3ubuntu10.8) bionic; urgency=medium
    
      * debian/extra/start-udev: ignore failure to set sync parameter.
        On old kernels (e.g. v4.4) the file is available but appears to be
        non-writable. Hide error messages and ignore failure to write out sync into the
        parameters file. This does not regress https://pad.lv/1779815 since older
        kernel did synchronous scan anyway. But it does resolve failure to start the
        installer on old kernels. (LP: #1784454)
        File: debian/extra/start-udev
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083
    
      * Add conflicts with upstart and systemd-shim. (LP: #1773859)
        File: debian/control
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9
    
      * units: Disable journald Watchdog (LP: #1773148)
        File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6
    
      * cryptsetup: add support for sector-size= option (LP: #1776626)
        File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab
    
      * Re-add support for /etc/writable for core18. (LP: #1778936)
        Author: Michael Vogt
        File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639
    
      * systemctl: correctly proceed to immediate shutdown if scheduling fails
        (LP: #1670291)
        File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3
    
      * core: export environment when running generators.
        Ensure that manager's environment (including e.g. PATH) is exported when
        running generators. Otherwise, one is at a mercy of running without PATH which
        can lead to buggy generator behaviour. (LP: #1771858)
        Files:
        - debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
        - debian/patches/core-execute-generators-with-manager-s-environmnet.patch
        - debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35
    
      * networkd: add support to set IPv6MTUBytes (LP: #1671951)
        File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7
    
      * Specify Ubuntu's Vcs-Git
        File: debian/control
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a
    
    systemd (237-3ubuntu10.7) bionic-security; urgency=medium
    
      * debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
        (LP: #1803391)
        Author: Balint Reczey
        File: debian/systemd.postinst
        https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df
    
     -- Dimitri John Ledkov <email address hidden>  Thu, 15 Nov 2018 23:15:00 +0000
  • systemd (237-3ubuntu10.6) bionic-security; urgency=medium
    
      * SECURITY UPDATE: reexec state injection
        - debian/patches/CVE-2018-15686.patch: when deserializing state always use
          read_line(…, LONG_LINE_MAX, …) rather than fgets()
        - CVE-2018-15686
      * SECURITY UPDATE: chown_one() can dereference symlinks
        - debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
        - CVE-2018-15687
      * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
        - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
          recursively through directory trees
        - CVE-2018-6954
    
     -- Chris Coulson <email address hidden>  Tue, 06 Nov 2018 22:32:27 +0000
  • systemd (237-3ubuntu10.4) bionic-security; urgency=medium
    
      * SECURITY UPDATE: buffer overflow in dhcp6 client
        - debian/patches/CVE-2018-15688.patch:  make sure we have enough space
          for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
        - CVE-2018-15688
    
     -- Marc Deslauriers <email address hidden>  Wed, 31 Oct 2018 11:38:31 -0400
  • systemd (237-3ubuntu10.3) bionic; urgency=medium
    
      * debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin
        to the kernel (we previously only set it in modprobe.d) LP: #1779815
    
     -- Adam Conrad <email address hidden>  Fri, 20 Jul 2018 11:13:58 -0600
  • systemd (237-3ubuntu10.2) bionic; urgency=medium
    
      * logind: backport v238/v239 fixes for handling DRM devices.
        These changes introduce all the fixes that correct handling of open fd's
        related to the DRM devices, as used by for example NVIDIA GPUs. This backport
        includes some refactoring, corrections, and comment updates. This to insure
        that correct history is preserved, code comments match reality, and to ease
        backporting logind fixes in the future SRUs. (LP: #1777099)
      * Disable dh_installinit generation of tmpfiles for the systemd package.
        Replace with a manual safe call to systemd-tmpfiles which will process any
        updates to the tmpfiles shipped by systemd package, taking into account any
        overrides shipped by other packages, sysadmin, or specified in the runtime
        directories. (LP: #1748147)
    
    systemd (237-3ubuntu10.1) bionic; urgency=medium
    
      [ Dimitri John Ledkov ]
      * hwdb: Fix wlan/rfkill keycode on Dell systems. (LP: #1762385)
      * Cherrypick upstream fix for corrected detection of Virtualbox & Xen.
        (LP: #1768104)
      * Further improve captive portal workarounds.
        Retry any NXDOMAIN results with lower feature levels, instead of just those
        with 'secure' in the domain name. (LP: #1766969)
    
      [ Michael Biebl ]
      * Add dependencies of libsystemd-shared to Pre-Depends.
        This is necessary so systemctl is functional at all times during a
        dist-upgrade. (Closes: #897986) (LP: #1771791)
    
      [ Mario Limonciello ]
      * Fix hibernate disk offsets.
        Configure resume offset via sysfs, to enable resume from a swapfile.
        (LP: #1760106)
    
     -- Dimitri John Ledkov 🌈 <email address hidden>  Fri, 22 Jun 2018 13:55:09 +0100
  • systemd (237-3ubuntu10.1) bionic; urgency=medium
    
      [ Dimitri John Ledkov ]
      * hwdb: Fix wlan/rfkill keycode on Dell systems. (LP: #1762385)
      * Cherrypick upstream fix for corrected detection of Virtualbox & Xen.
        (LP: #1768104)
      * Further improve captive portal workarounds.
        Retry any NXDOMAIN results with lower feature levels, instead of just those
        with 'secure' in the domain name. (LP: #1766969)
    
      [ Michael Biebl ]
      * Add dependencies of libsystemd-shared to Pre-Depends.
        This is necessary so systemctl is functional at all times during a
        dist-upgrade. (Closes: #897986) (LP: #1771791)
    
      [ Mario Limonciello ]
      * Fix hibernate disk offsets.
        Configure resume offset via sysfs, to enable resume from a swapfile.
        (LP: #1760106)
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 21 May 2018 16:30:12 +0100
  • systemd (237-3ubuntu10) bionic; urgency=medium
    
      * Create tmpfiles for persistent journal in postinst only when running
        systemd (LP: #1748659)
    
     -- Balint Reczey <email address hidden>  Fri, 20 Apr 2018 18:55:56 +0200
  • systemd (237-3ubuntu9) bionic; urgency=medium
    
      * networkd: if RA was implicit, do not await ndisc_configured.
        If RA was iplicit, meaning not otherwise requested, and a kernel default was in
        use. Do not prevent link entering configured state, whilst ndisc configuration
        is pending. Implicit kernel RA, is expected to be asynchronous and
        non-blocking. (LP: #1765173)
      * udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i.
        This ensures that all scans are completed, before installer reaches
        partitioning stage. (LP: #1751813)
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 20 Apr 2018 04:35:33 +0100
  • systemd (237-3ubuntu8) bionic; urgency=medium
    
      * Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001).
        (LP: #1727237)
      * resolved: Listen on both TCP and UDP by default. (LP: #1731522)
      * Recommend networkd-dispatcher (LP: #1762386)
      * Refresh patches
    
     -- Dimitri John Ledkov <email address hidden>  Thu, 12 Apr 2018 12:12:24 +0100
  • systemd (237-3ubuntu7) bionic; urgency=medium
    
      * Introduce suspend then hibernate (LP: #1756006)
    
     -- Mario Limonciello <email address hidden>  Mon, 02 Apr 2018 14:25:04 -0500
  • systemd (237-3ubuntu6) bionic; urgency=medium
    
      * Adjust the new dropin test, for v237 systemd.
      * Refresh the keyring patch, to the one merged.
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 27 Mar 2018 13:40:09 +0100
  • systemd (237-3ubuntu5) bionic; urgency=medium
    
      * Drop old keyring/invocation_id patch, which made keyring setup be skipped in containers.
      * Use new patch, which sets up session keyring without relying on chown operation.
      * Drop systemd.prerm safety check.
        On Ubuntu, systemd is the only choice, and is essential, via init ->
        systemd-sysv -> systemd dependency chain, thus removing systemd is already
        quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
      * Detect Masked unit with drop-ins. (LP: #1752722)
      * wait-online: do not wait, if no links are managed (neither configured, or failed).
        (LP: #1728181)
      * journald.service: set Nice=-1 to dodge watchdog on soft lockups.
        (LP: #1696970)
      * Refresh all patches.
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 26 Mar 2018 15:55:25 +0100
  • systemd (237-3ubuntu4) bionic; urgency=medium
    
      * systemd-sysv-install: fix name initialisation.
        Only initialise NAME, after --root optional argument has been parsed, otherwise
        NAME is initialized to e.g. `enable', instead of to the `unit-name`, resulting
        in failures. (LP: #1752882)
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 05 Mar 2018 09:57:58 +0100
  • systemd (237-3ubuntu3) bionic; urgency=medium
    
      * tests/control: drop qemu-system-ppc.
        Whilst some tests pass, many regress / fail to boot. This is not a regression,
        as qemu-based tests were not run previously.
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 20 Feb 2018 17:40:02 +0000
  • systemd (237-3ubuntu2) bionic; urgency=medium
    
      * tests/boot-smoke: ignore udevd connection timeouts resolving colord group.
      * tests/systemd-fsckd: ignore systemd_fsck_with_plymouth_failure.
      * tests/control: ensure boot-smoke uses latest systemd & udev.
      * test/test-functions: on PPC64 use hvc0 console.
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 20 Feb 2018 12:03:14 +0000
  • systemd (237-3ubuntu1) bionic; urgency=medium
    
      [ Gunnar Hjalmarsson ]
      * Fix PO template creation.
        Cherry-pick upstream patches to build a correct systemd.pot including
        the polkit policy files even without policykit-1 being installed.
        (LP: #1707898)
    
      [ Dimitri John Ledkov ]
      * Blacklist TEST-16-EXTEND-TIMEOUT
      * test/test-functions: use vmlinux for ppc64 tests.
    
    systemd (237-3) unstable; urgency=medium
    
      [ Martin Pitt ]
      * debian/tests/boot-smoke: More robust journal checking.
        Also fail the test if calling journalctl fails, and avoid calling it
        twice. See https://github.com/systemd/systemd/pull/8032
      * Simplify PO template creation.
        Use the existing upstream build system instead of a manual call to
        `intltool-update` and `xgettext` to build systemd.pot. Remove the now
        obsolete intltool build dependency, but still explicitly keep gettext.
        (LP: #1707898)
      * Make systemd-sysv-install robust against existing $ROOT.
        Always initialize `$ROOT`, to avoid the script getting confused by an
        existing outside env variable. Also fix the `--root` option to actually
        work, the previous approach was conceptually broken due to how shell
        quoting works. Make the work with `set -u`. (Closes: #890436)
    
      [ Felipe Sateler ]
      * Backport upstream patch fixing a wrong assert() call (Closes: #890423)
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 19 Feb 2018 21:15:23 +0000
  • systemd (237-2ubuntu3) bionic; urgency=medium
    
      * test/test-fs-util: detect container, in addition to root.
        On armhf, during autopkgtests, whilst root is avilable, full capabilities in
        parent namespace are not, since the tests are run in an LXD container.
        This should resolve armhf autopkgtest failure.
      * test/test-functions: launch qemu-system with -vga none.
        Should resolve booting qemu-system-ppc64 without seabios.
      * tests/upstream: skip parts of extend time out tests, regressed.
        (LP: #1750364)
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 19 Feb 2018 13:32:07 +0000
  • systemd (237-2ubuntu2) bionic; urgency=medium
    
      * Fix cryptsetup tests by shipping 95-dm-notify udev rule. (LP: #1749432)
      * debian/tests/systemd-fsckd: update assertions expectations for v237
        fsck got rewritten to use "safe_fork" and whilst previously it would ignore the
        error, when fsck is terminated by signal PIPE, it no longer does so. Thus one
        should expect systemd-fsck-root.service to have failed in certain test cases.
    
     -- Dimitri John Ledkov <email address hidden>  Thu, 15 Feb 2018 00:32:54 +0000
  • systemd (237-2ubuntu1) bionic; urgency=medium
    
      [ Michael Vogt ]
      * Add "AssumedApparmorLabel=unconfined" to timedate1 dbus service file
        (LP: #1749000)
    
      [ Martin Pitt ]
      * debian/tests/boot-smoke: More robust journal checking.
        Also fail the test if calling journalctl fails, and avoid calling it
        twice. See https://github.com/systemd/systemd/pull/8032
    
      [ Gunnar Hjalmarsson ]
      * Fix creation of translation template
        - State the gettext package domain "systemd" explicitly, as with the
          move to meson it ended up as "untitled.pot"
        - Call xgettext to extract strings from polkit *.policy.in files, which
          intltool-update ignores. (LP: #1707898)
    
      [ Dimitri John Ledkov ]
      * Enable qemu tests on all architectures LP: #1749540
    
    systemd (237-2) unstable; urgency=medium
    
      * Drop debian/extra/rules/70-debian-uaccess.rules.
        Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays.
        (Closes: #889665)
      * service: relax PID file symlink chain checks a bit.
        Let's read the PID file after all if there's a potentially unsafe symlink
        chain in place. But if we do, then refuse taking the PID if its outside of
        the cgroup. (Closes: #889144)
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 14 Feb 2018 16:43:12 +0000
  • systemd (237-1ubuntu3) bionic; urgency=medium
    
      * Re-enable gnu-efi on arm64, binutils is fixed
      * Cherrpick PR8133 to resolve too strict PidFile handling, which breaks
        services starting with potentially insecure pidfiles e.g. munin
      * Disable LLMNR and MulticastDNS by default LP: #1739672
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 09 Feb 2018 15:49:01 +0000
  • systemd (237-1ubuntu2) bionic; urgency=medium
    
      * Disable gnu-efi on arm64, due to FTBFS. LP: #1746765
    
     -- Dimitri John Ledkov <email address hidden>  Fri, 02 Feb 2018 23:30:05 +0000
  • systemd (237-1ubuntu1) bionic; urgency=medium
    
      * Remaining delta from Debian:
        - ship dhclient enter hook for dhclient integration with resolved
        - Use stub-resolv.conf as the default provider of /etc/resolv.conf
        - ship s390x virtio interface names migration
        - do not disable systemd-resolved upon libnss-resolve removal
        - do not remount fs in containers, for non-degrated boot
        - Unlink invocation id key, upon chown failure in containers
        - Change default to UseDomains by default
        - Do not treat failure to set Nice= setting as error in containers
        - Add a condition to systemd-journald-audit.socet to not start in
          containers (fails)
        - Build without any built-in/fallback DNS server setting
        - Enable resolved by default
        - Update autopkgtests for reliability/raciness, and testing for typical
          defaults
        - Always upgrade udev, when running adt tests
        - Skip test-execute on armhf
        - Cherry-pick a few testsuite fixes
        - Do not use nested kvm during ADT tests
        - Fix ADT systemd-fsckd tests to work on s390x too
        - Enable persistent journal by default
    
    systemd (237-1) unstable; urgency=medium
    
      * New upstream version 237
      * Rebase patches
      * Update symbols file for libsystemd0
      * Update Vcs-* to point to https://salsa.debian.org
      * Bump Standards-Version to 4.1.3
      * Set Rules-Requires-Root to no
    
    systemd (236-4) unstable; urgency=medium
    
      [ Felipe Sateler ]
      * Allow systemd-timesyncd to start when libnss-systemd is not installed.
        Pick upstream patch requiring the existence of the systemd-timesync user
        only when running as root, which is not the case for the system unit.
        (Closes: #887343)
    
      [ Nicolas Braud-Santoni ]
      * debian/copyright: Refer to the CC0 license file (Closes: #882629)
    
      [ Michael Biebl ]
      * Add Build-Depends on python3-evdev <!nocheck>
        This is used by hwdb/parse_hwdb.py to perform additional validation on
        hwdb files.
    
    systemd (236-3) unstable; urgency=medium
    
      * Revert "core/execute: RuntimeDirectory= or friends requires mount
        namespace"
        This was making mounts from SSH sessions invisible to the system.
        (Closes: #885325)
    
    systemd (236-2) unstable; urgency=medium
    
      * Downgrade priority of libudev1 to optional.
        This makes it compliant with recent versions of debian-policy which
        recommends to use priority optional for library packages.
      * Clarify NEWS entry about removal of system users.
        Mention in the recent NEWS entry that the associated system groups
        should be removed as well. (Closes: #885061)
      * cryptsetup-generator: Don't mistake NULL input as OOM.
        Fixes systemd-cryptsetup-generator failing to run during boot.
        (Closes: #885201)
      * analyze: Use normal bus connection for "plot" verb.
        Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506)
      * Stop re-enabling systemd services on every upgrade.
        This was done so changes to the [Install] section would be applied on
        upgrades. Forcefully re-enabling a service might overwrite local
        modifications though and thus far, none of the affected services did
        actually change its [Install] section. So remove this code from the
        maintainer scripts as it was apparently doing more harm then good.
        (Closes: #869354)
    
    systemd (236-1) unstable; urgency=medium
    
      [ Martin Pitt ]
      * debian/tests/upstream: Only show ≥ warning in journal dumps.
        Showing the entire debug log is too hard to scan visually, and most of
        the time the warnings and errors are sufficient to explain a failure.
        Put the journal files into the artifacts though, in case the debug
        information is necessary.
    
      [ Michael Biebl ]
      * New upstream version 236
        - nspawn: Adjust path to static resolv.conf to support split usr.
          (Closes: #881310)
        - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel.
          (Closes: #881823)
        - core: Fix segfault in compile_bind_mounts() when BindPaths= or
          BindReadOnlyPaths= is set. (Closes: #883380)
        - meson: Link NSS modules with -z nodelete to fix memory leak in
          nss-systemd. (Closes: #883407)
        - logind: Make sure we don't acces m->action_what if it's not initialized.
          (Closes: #882270)
        - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245)
        - core: Be more defensive if we can't determine per-connection socket
          peer. (Closes: #879603)
        - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether
          cgroup/bpf is available. (Closes: #878965)
      * Rebase patches
      * Update symbols file for libsystemd0
      * Bump Standards-Version to 4.1.2
      * Clean up old /var/lib/systemd/clock on upgrade.
        The clock file used by systemd-timesyncd is now stored in
        StateDirectory=systemd/timesync. (Closes: #883605)
      * Stop creating systemd-timesync system user.
        DynamicUser=yes has been enabled for systemd-timesyncd.service so
        allocating a system user statically is no longer necessary.
      * Document removal of systemd-{timesync,journal-gateway,journal-upload} user.
        We no longer create those system users as the corresponding services now
        use DynamicUser=yes. Removing those system users automatically is tricky,
        as the relevant services might be running during upgrade. Add a NEWS
        entry instead which documents this change.
      * Revert "udev-rules: Permission changes for /dev/dri/renderD*"
        This would introduce a new system group "render". As the name is rather
        generic, this needs further discussion first, so revert this change for
        now.
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 30 Jan 2018 13:52:27 +0000
  • systemd (235-3ubuntu3) bionic; urgency=medium
    
      * netwokrd: add support for RequiredForOnline stanza. (LP: #1737570)
      * resolved.service: set DefaultDependencies=no (LP: #1734167)
      * systemd.postinst: enable persistent journal. (LP: #1618188)
      * core: add support for non-writable unified cgroup hierarchy for container support.
        (LP: #1734410)
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 12 Dec 2017 13:25:32 +0000
  • systemd (235-3ubuntu2) bionic; urgency=medium
    
      * systemd-fsckd: Fix ADT tests to work on s390x too.
    
    systemd (235-3ubuntu1) bionic; urgency=medium
    
      * Merge 235-3 from debian:
        - Drop UBUNTU-CVE-2017-15908 included in Debian.
    
      * Remaining delta from Debian:
        - ship dhclient enter hook for dhclient integration with resolved
        - ship resolvconf integration via stub-resolv.conf
        - ship s390x virtio interface names migration
        - do not disable systemd-resolved upon libnss-resolve removal
        - do not remote fs in containers, for non-degrated boot
        - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
        - Unlink invocation id key, upon chown failure in containers
        - Change default to UseDomains by default
        - Do not treat failure to set Nice= setting as error in containers
        - Add a condition to systemd-journald-audit.socet to not start in
          containers (fails)
        - Build without any built-in/fallback DNS server setting
        - Enable resolved by default
        - Update autopkgtests for reliability/raciness, and testing for typical
          defaults
        - Always upgrade udev, when running adt tests
        - Skip test-execute on armhf
        - Cherry-pick a few testsuite fixes
    
      * UBUNTU Do not use nested kvm during ADT tests.
    
    systemd (235-3) unstable; urgency=medium
    
      [ Michael Biebl ]
      * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
        Package-Type is recognized as an official field name.
      * Install modprobe configuration file to /lib/modprobe.d.
        Otherwise it is not read by kmod. (Closes: #879191)
    
      [ Felipe Sateler ]
      * Backport upstream (partial) fix for combined DynamicUser= + User=
        UID was not allowed to be different to GID, which is normally the case in
        debian, due to the group users being allocated the GID 100 without an
        equivalent UID 100 being allocated.
      * Backport upstream patches to fully make DynamicUser=yes + static,
        pre-existing User= work.
    
      [ Martin Pitt ]
      * Add missing python3-minimal dependency to systemd-tests
      * Drop long-obsolete systemd-bus-proxy system user
        systemd-bus-proxy hasn't been shipped since before stretch and never
        created any files. Thus clean up the obsolete system user on upgrades.
        (Closes: #878182)
      * Drop static systemd-journal-gateway system user
        systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
        to create this statically any more. Don't remove the user on upgrades
        though, as there is likely still be a running process. (Closes: #878183)
      * Use DynamicUser= for systemd-journal-upload.service.
      * Add Recommends: libnss-systemd to systemd-sysv.
        This is useful to actually be able to resolve dynamically created system
        users with DynamicUser=true. This concept is going to be used much more
        in future versions and (hopefully) third-party .services, so pulling it
        into the default installation seems prudent now.
      * resolved: Fix loop on packets with pseudo dns types.
        (CVE-2017-15908, Closes: #880026, LP: #1725351)
      * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
        Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
      * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 21 Nov 2017 16:41:15 +0000
  • systemd (235-3ubuntu1) bionic; urgency=medium
    
      * Merge 235-3 from debian:
        - Drop UBUNTU-CVE-2017-15908 included in Debian.
    
      * Remaining delta from Debian:
        - ship dhclient enter hook for dhclient integration with resolved
        - ship resolvconf integration via stub-resolv.conf
        - ship s390x virtio interface names migration
        - do not disable systemd-resolved upon libnss-resolve removal
        - do not remote fs in containers, for non-degrated boot
        - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
        - Unlink invocation id key, upon chown failure in containers
        - Change default to UseDomains by default
        - Do not treat failure to set Nice= setting as error in containers
        - Add a condition to systemd-journald-audit.socet to not start in
          containers (fails)
        - Build without any built-in/fallback DNS server setting
        - Enable resolved by default
        - Update autopkgtests for reliability/raciness, and testing for typical
          defaults
        - Always upgrade udev, when running adt tests
        - Skip test-execute on armhf
        - Cherry-pick a few testsuite fixes
    
      * UBUNTU Do not use nested kvm during ADT tests.
    
    systemd (235-3) unstable; urgency=medium
    
      [ Michael Biebl ]
      * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
        Package-Type is recognized as an official field name.
      * Install modprobe configuration file to /lib/modprobe.d.
        Otherwise it is not read by kmod. (Closes: #879191)
    
      [ Felipe Sateler ]
      * Backport upstream (partial) fix for combined DynamicUser= + User=
        UID was not allowed to be different to GID, which is normally the case in
        debian, due to the group users being allocated the GID 100 without an
        equivalent UID 100 being allocated.
      * Backport upstream patches to fully make DynamicUser=yes + static,
        pre-existing User= work.
    
      [ Martin Pitt ]
      * Add missing python3-minimal dependency to systemd-tests
      * Drop long-obsolete systemd-bus-proxy system user
        systemd-bus-proxy hasn't been shipped since before stretch and never
        created any files. Thus clean up the obsolete system user on upgrades.
        (Closes: #878182)
      * Drop static systemd-journal-gateway system user
        systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
        to create this statically any more. Don't remove the user on upgrades
        though, as there is likely still be a running process. (Closes: #878183)
      * Use DynamicUser= for systemd-journal-upload.service.
      * Add Recommends: libnss-systemd to systemd-sysv.
        This is useful to actually be able to resolve dynamically created system
        users with DynamicUser=true. This concept is going to be used much more
        in future versions and (hopefully) third-party .services, so pulling it
        into the default installation seems prudent now.
      * resolved: Fix loop on packets with pseudo dns types.
        (CVE-2017-15908, Closes: #880026, LP: #1725351)
      * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
        Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
      * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
    
     -- Dimitri John Ledkov <email address hidden>  Tue, 21 Nov 2017 09:34:14 +0000
  • systemd (235-2ubuntu3) bionic; urgency=medium
    
      * Revert "Skip test-bpf in autopkgtest, currently is failing."
        This reverts commit 75cf986e450e062a3d5780d1976e9efef41e6c4c.
      * Fix test-bpf test case on ubuntu.
      * Skip rename tests in containers, crude fix for now.
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 13 Nov 2017 00:06:42 +0000
  • systemd (235-2ubuntu2) bionic; urgency=medium
    
      * Fix test-functions failing with Ubuntu units.
      * tests: switch to using ext4 by default, instead of ext3.
      * Skip test-bpf in autopkgtest, currently is failing.
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 06 Nov 2017 18:33:39 +0000
  • systemd (235-2ubuntu1) bionic; urgency=medium
    
      [ Dimitri John Ledkov ]
      * Merge 235-2 from debian:
        - Drop all upstream cherry-picks
        - Drop test-copy dh_strip size override, fixed upstream
    
      * Remaining delta from Debian:
        - ship dhclient enter hook for dhclient integration with resolved
        - ship resolvconf integration via stub-resolv.conf
        - ship s390x virtio interface names migration
        - do not disable systemd-resolved upon libnss-resolve removal
        - do not remote fs in containers, for non-degrated boot
        - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
        - Unlink invocation id key, upon chown failure in containers
        - Change default to UseDomains by default
        - Do not treat failure to set Nice= setting as error in containers
        - Add a condition to systemd-journald-audit.socet to not start in
          containers (fails)
        - Build without any built-in/fallback DNS server setting
        - Enable resolved by default
        - Update autopkgtests for reliability/raciness, and testing for typical
          defaults
        - Always upgrade udev, when running adt tests
        - Skip test-execute on armhf
    
      * Fix up write_persistent_net_s390x for nullglob
    
      * Ship systemd sysctl settings.
        Patch systemd's default sysctl settings to drop things that are set
        elsewhere already. The promote secondary IP addresses is required for
        networkd to successfully renew DHCP leases with a change of an IP address.
        Set default package scheduler to Fair Queue CoDel. (LP: #1721223)
    
      [ Michael Biebl ]
      * Install modprobe configuration file to /lib/modprobe.d.
        Otherwise it is not read by kmod. (Closes: #879191)
    
    systemd (235-2) unstable; urgency=medium
    
      * Revert "tests: when running a manager object in a test, migrate to private
        cgroup subroot first"
        This was causing test suite failures when running inside a chroot.
    
    systemd (235-1) unstable; urgency=medium
    
      [ Michael Biebl ]
      * New upstream version 235
        - cryptsetup-generator: use remote-cryptsetup.target when _netdev is
          present (Closes: #852534)
        - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
        - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
          (Closes: #869995)
        - exec-util,conf-files: skip non-executable files in execute_directories()
          (Closes: #867902)
        - man: update udevadm -y/--sysname-match documentation (Closes: #865081)
        - tmpfiles: silently ignore any path that passes through autofs
          (Closes: #805553)
        - shared: end string with % if one was found at the end of a expandible
          string (Closes: #865450)
      * Refresh patches
      * Bump Build-Depends on libmount-dev to (>= 2.30)
      * Install new modprobe.d config file
      * Bump Standards-Version to 4.1.1
    
      [ Martin Pitt ]
      * Merge logind-kill-off autopkgtest into logind test.
        This was horribly inefficient as a separate test (from commit
        6bd0dab41e), as that cost two VM resets plus accompanying boots; and
        this does not change any state thus does not require this kind of
        isolation.
    
    systemd (234-3) unstable; urgency=medium
    
      [ Martin Pitt ]
      * Various fixes for the upstream autopkgtest.
    
      [ Felipe Sateler ]
      * Add fdisk to the dependencies of the upstream autopkgtest.
        The upstream autopkgtest uses sfdisk, which is now in the non-essential
        fdisk package. (Closes: #872119)
      * Disable nss-systemd on udeb builds
      * Correctly disable resolved on udeb builds
      * Help fix collisions in libsystemd-shared symbols by versioning them.
        Backport upstream patch to version the symbols provided in the private
        library, so that they cannot confuse unversioned pam modules or libraries
        linked into them. (Closes: #873708)
    
      [ Dimitri John Ledkov ]
      * Cherrypick upstream networkd-test.py assertion/check fixes.
        This resolves ADT test suite failures, when running tests under lxc/lxd
        providers.
      * Cherrypick arm* seccomp fixes.
        This should resolve ADT test failures, on arm64, when running as root.
      * Disable KillUserProcesses, yet again, with meson this time.
      * initramfs-tools: trigger udevadm add actions with subsystems first.
        This updates the initramfs-tools init-top udev script to trigger udevadm
        actions with type specified. This mimics the systemd-udev-trigger.service.
        Without type specified only devices are triggered, but triggering
        subsystems may also be required and should happen before triggering the
        devices. This is the case for example on s390x with zdev generated udev
        rules. (LP: #1713536)
    
      [ Michael Biebl ]
      * (Re)add --quiet flag to addgroup calls.
        This is now safe with adduser having been fixed to no longer suppress
        fatal error messages if --quiet is used. (Closes: #837871)
      * Switch back to default GCC (Closes: #873661)
      * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
        All major NTP implementations ship a native service file nowadays with a
        Conflicts=systemd-timesyncd.service so this drop-in is no longer
        necessary. (Closes: #873185)
    
    systemd (234-2.3) unstable; urgency=high
    
      * Non-maintainer upload.
      * Also switch to g++-6 temporarily (needed for some tests):
        - Add g++-6 to Build-Depends
        - Export CXX = g++-6
    
    systemd (234-2.2) unstable; urgency=high
    
      * Non-maintainer upload.
      * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
        apparently due to a gcc-7 bug (See: #871514):
        - Add gcc-6 to Build-Depends in debian/control
        - Export CC = gcc-6 in debian/rules
    
    systemd (234-2.1) unstable; urgency=high
    
      * Non-maintainer upload.
      * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
        version of the Debian Installer, as no key presses or mouse events get
        processed (Closes: #872598).
    
    systemd (234-2ubuntu12.1) artful-security; urgency=medium
    
      * SECURITY UPDATE: remote DoS in resolve (LP: #1725351)
        - debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
          dns types in src/resolve/resolved-dns-packet.c.
        - CVE-2017-15908
    
     -- Dimitri John Ledkov <email address hidden>  Mon, 30 Oct 2017 17:20:54 +0000
  • systemd (234-2ubuntu13) bionic; urgency=medium
    
      * SECURITY UPDATE: remote DoS in resolve (LP: #1725351)
        - debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo
          dns types in src/resolve/resolved-dns-packet.c.
        - CVE-2017-15908
    
     -- Marc Deslauriers <email address hidden>  Mon, 30 Oct 2017 07:49:56 -0400
  • systemd (234-2ubuntu12) artful; urgency=medium
    
      [ Dimitri John Ledkov ]
      * debian/rules: do not strip test-copy.
        This insures test-copy is large enough for test-copy tests to pass.
        (LP: #1721203)
    
      [ Michael Biebl ]
      * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
        All major NTP implementations ship a native service file nowadays with a
        Conflicts=systemd-timesyncd.service so this drop-in is no longer
        necessary. (Closes: #873185) (LP: #1721204)
    
     -- Dimitri John Ledkov <email address hidden>  Wed, 04 Oct 2017 13:28:34 +0100