Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi release team,
I'd like to make a stable upload for systemd with the following changes.
All the changes are cherry-picks/backports from fixes which have already
been applied to systemd in unstable.
The full debdiff is attached. For better readability I will provide an
annotated debian/changelog which links to the invidual commits
systemd (215-17+deb8u6) stable; urgency=medium
  [ Michael Biebl ]
  * Don't return any error in manager_dispatch_notify_fd().
    If manager_dispatch_notify_fd() fails and returns an error then the
    handling of service notifications will be disabled entirely leading to a
    compromised system.
    For example pid1 won't be able to receive the WATCHDOG messages anymore
    and will kill all services supposed to send such messages. (CVE-2016-7796)
    (Closes: #839607)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=084e2c59
That's probably the most important one, as it fixes a local DoS. The
security team wanted to see this fixed as part of a stable upload.
  * core: Rework logic to determine when we decide to add automatic deps for
    mounts.
    This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
    consider them managed by something else and do not add automatic ordering
    against umount.target, local-fs.target, remote-fs.target.
    Extrinsic mounts include API mounts such as everything below /proc, /sys,
    /dev. This avoids a crash in LXC containers where /dev/urandom is a bind
    mount from the host system and unmounting it leads to an assert in
    systemd. (Closes: #818978)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=b125d602
This patch is somewhat largeish, but it seemed preferable to use an
upstream fix then cooking up our own patch.
  * Various ordering fixes for ifupdown.
    Run ifup after all kernel modules have been loaded and all sysctl settings
    are applied. Update ifup@.service to add missing After= for the device
    unit we bind to. This ensures that the device unit is active when systemd
    tries to start the service. (Closes: #819314)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=0092dd05
Those fixes have been applied to the ifupdown package in stretch/sid,
which has taken over the ifup@.service unit.
  * systemctl: Fix argument handling when invoked as shutdown.
    (Closes: #776997)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4e8c40a4
  [ Simon McVittie ]
  * localed: tolerate absence of /etc/default/keyboard.
    The debian-specific patch to read Debian config files was not tolerating
    the absence of /etc/default/keyboard. This causes systemd-localed to fail
    to start on systems where that file isn't populated (like embedded systems
    without keyboards). (Closes: #833849)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4b937b71
  [ Martin Pitt ]
  * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
    (Closes: #774153, LP: #1565617)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=f6024358
We want to avoid querying polkit as root, especially when being run from
the maintainer scripts. During a (dist-)upgrade, the policykit-1 package
can be in an unconfigured state and trying to talk to it can lead to a
dead lock.
 -- Michael Biebl <biebl@debian.org>  Wed, 21 Dec 2016 21:33:51 +0100
Please let me know when I can proceed with the upload. It would be great
if those fixes can make it into 8.7.
Regards,
Michael
-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 3bee4fe..ffceb7d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,43 @@
+systemd (215-17+deb8u6) stable; urgency=medium
+
+  [ Michael Biebl ]
+  * Don't return any error in manager_dispatch_notify_fd().
+    If manager_dispatch_notify_fd() fails and returns an error then the
+    handling of service notifications will be disabled entirely leading to a
+    compromised system.
+    For example pid1 won't be able to receive the WATCHDOG messages anymore
+    and will kill all services supposed to send such messages. (CVE-2016-7796)
+    (Closes: #839607)
+  * core: Rework logic to determine when we decide to add automatic deps for
+    mounts.
+    This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
+    consider them managed by something else and do not add automatic ordering
+    against umount.target, local-fs.target, remote-fs.target.
+    Extrinsic mounts include API mounts such as everything below /proc, /sys,
+    /dev. This avoids a crash in LXC containers where /dev/urandom is a bind
+    mount from the host system and unmounting it leads to an assert in
+    systemd. (Closes: #818978)
+  * Various ordering fixes for ifupdown.
+    Run ifup after all kernel modules have been loaded and all sysctl settings
+    are applied. Update ifup@.service to add missing After= for the device
+    unit we bind to. This ensures that the device unit is active when systemd
+    tries to start the service. (Closes: #819314)
+  * systemctl: Fix argument handling when invoked as shutdown.
+    (Closes: #776997)
+
+  [ Simon McVittie ]
+  * localed: tolerate absence of /etc/default/keyboard.
+    The debian-specific patch to read Debian config files was not tolerating
+    the absence of /etc/default/keyboard. This causes systemd-localed to fail
+    to start on systems where that file isn't populated (like embedded systems
+    without keyboards). (Closes: #833849)
+
+  [ Martin Pitt ]
+  * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
+    (Closes: #774153, LP: #1565617)
+
+ -- Michael Biebl <biebl@debian.org>  Wed, 21 Dec 2016 21:33:51 +0100
+
 systemd (215-17+deb8u5) stable; urgency=medium
 
   * Use the right timeout for stop processes we fork. This ensures that
diff --git a/debian/extra/network-pre.conf b/debian/extra/network-pre.conf
index 4e9b7d4..76e3e31 100644
--- a/debian/extra/network-pre.conf
+++ b/debian/extra/network-pre.conf
@@ -1,2 +1,2 @@
 [Unit]
-After=network-pre.target
+After=network-pre.target systemd-sysctl.service systemd-modules-load.service
diff --git a/debian/ifup@.service b/debian/ifup@.service
index bad5364..800f41d 100644
--- a/debian/ifup@.service
+++ b/debian/ifup@.service
@@ -1,8 +1,9 @@
 [Unit]
 Description=ifup for %I
-After=local-fs.target network-pre.target networking.service
+After=local-fs.target network-pre.target networking.service systemd-sysctl.service
 Before=network.target
 BindsTo=sys-subsystem-net-devices-%i.device
+After=sys-subsystem-net-devices-%i.device
 ConditionPathIsDirectory=/run/network
 DefaultDependencies=no
 
diff --git a/debian/patches/Update-localed-to-use-the-Debian-config-files.patch b/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
index 72d41f9..fb7db64 100644
--- a/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
+++ b/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
@@ -8,11 +8,11 @@ configuration and use /etc/default/keyboard instead of
 
 Path courtesy of Steve Langasek.
 ---
- src/locale/localed.c | 214 +++++++++++++++++++++++++++------------------------
- 1 file changed, 113 insertions(+), 101 deletions(-)
+ src/locale/localed.c | 212 +++++++++++++++++++++++++++------------------------
+ 1 file changed, 114 insertions(+), 98 deletions(-)
 
 diff --git a/src/locale/localed.c b/src/locale/localed.c
-index 23da149..4db8bef 100644
+index 23da149..0e09ad9 100644
 --- a/src/locale/localed.c
 +++ b/src/locale/localed.c
 @@ -170,6 +170,24 @@ static int locale_read_data(Context *c) {
@@ -40,7 +40,7 @@ index 23da149..4db8bef 100644
          if (r == -ENOENT) {
                  int p;
  
-@@ -206,72 +224,17 @@ static int vconsole_read_data(Context *c) {
+@@ -206,70 +224,19 @@ static int vconsole_read_data(Context *c) {
  }
  
  static int x11_read_data(Context *c) {
@@ -107,21 +107,20 @@ index 23da149..4db8bef 100644
 -                } else if (in_section && first_word(l, "EndSection"))
 -                        in_section = false;
 -        }
--
--        fclose(f);
--
--        return 0;
 +        r = parse_env_file("/etc/default/keyboard", NEWLINE,
 +                           "XKBMODEL",          &c->x11_model,
 +                           "XKBLAYOUT",         &c->x11_layout,
 +                           "XKBVARIANT",        &c->x11_variant,
 +                           "XKBOPTIONS",        &c->x11_options,
 +                           NULL);
-+        return r;
- }
  
- static int context_read_data(Context *c) {
-@@ -287,8 +250,13 @@ static int context_read_data(Context *c) {
+-        fclose(f);
++        if (r < 0 && r != -ENOENT)
++                return r;
+ 
+         return 0;
+ }
+@@ -287,8 +254,13 @@ static int context_read_data(Context *c) {
  static int locale_write_data(Context *c) {
          int r, p;
          char **l = NULL;
@@ -136,7 +135,7 @@ index 23da149..4db8bef 100644
          if (r < 0 && r != -ENOENT)
                  return r;
  
-@@ -320,13 +288,13 @@ static int locale_write_data(Context *c) {
+@@ -320,13 +292,13 @@ static int locale_write_data(Context *c) {
          if (strv_isempty(l)) {
                  strv_free(l);
  
@@ -152,7 +151,7 @@ index 23da149..4db8bef 100644
          strv_free(l);
  
          return r;
-@@ -447,57 +415,101 @@ static int vconsole_write_data(Context *c) {
+@@ -447,57 +419,101 @@ static int vconsole_write_data(Context *c) {
  }
  
  static int write_data_x11(Context *c) {
@@ -219,26 +218,28 @@ index 23da149..4db8bef 100644
 +                        strv_free(l);
 +                        return -ENOMEM;
 +                }
-+
-+                u = strv_env_set(l, t);
-+                free(t);
-+                strv_free(l);
  
 -        r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
 -        if (r < 0)
 -                return r;
-+                if (!u)
-+                        return -ENOMEM;
++                u = strv_env_set(l, t);
++                free(t);
++                strv_free(l);
  
 -        fchmod(fileno(f), 0644);
-+                l = u;
-+        }
++                if (!u)
++                        return -ENOMEM;
  
 -        fputs("# Read and parsed by systemd-localed. It's probably wise not to edit this file\n"
 -              "# manually too freely.\n"
 -              "Section \"InputClass\"\n"
 -              "        Identifier \"system-keyboard\"\n"
 -              "        MatchIsKeyboard \"on\"\n", f);
++                l = u;
++        }
+ 
+-        if (!isempty(c->x11_layout))
+-                fprintf(f, "        Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
 +        if (isempty(c->x11_options)) {
 +                l = strv_env_unset(l, "XKBOPTIONS");
 +        } else {
@@ -247,24 +248,22 @@ index 23da149..4db8bef 100644
 +                        return -ENOMEM;
 +                }
  
--        if (!isempty(c->x11_layout))
--                fprintf(f, "        Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
+-        if (!isempty(c->x11_model))
+-                fprintf(f, "        Option \"XkbModel\" \"%s\"\n", c->x11_model);
 +                u = strv_env_set(l, t);
 +                free(t);
 +                strv_free(l);
  
--        if (!isempty(c->x11_model))
--                fprintf(f, "        Option \"XkbModel\" \"%s\"\n", c->x11_model);
-+                if (!u)
-+                        return -ENOMEM;
- 
 -        if (!isempty(c->x11_variant))
 -                fprintf(f, "        Option \"XkbVariant\" \"%s\"\n", c->x11_variant);
-+                l = u;
-+        }
++                if (!u)
++                        return -ENOMEM;
  
 -        if (!isempty(c->x11_options))
 -                fprintf(f, "        Option \"XkbOptions\" \"%s\"\n", c->x11_options);
++                l = u;
++        }
++
 +        if (strv_isempty(l)) {
 +                strv_free(l);
  
diff --git a/debian/patches/core-rework-logic-to-determine-when-we-decide-to-add-auto.patch b/debian/patches/core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
new file mode 100644
index 0000000..b5c432b
--- /dev/null
+++ b/debian/patches/core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
@@ -0,0 +1,188 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 29 Nov 2016 22:50:21 +0100
+Subject: core: rework logic to determine when we decide to add automatic deps
+ for mounts
+
+This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider
+them managed by something else and do not add automatic ordering against
+umount.target, local-fs.target, remote-fs.target.
+
+Extrinsic mounts are considered:
+
+- All mounts if we are running in --user mode
+
+- API mounts such as everything below /proc, /sys, /dev, which exist from
+  earliest boot to latest shutdown.
+
+- All mounts marked as initrd mounts, if we run on the host
+
+- The initrd's private directory /run/initrams that should survive until last
+  reboot.
+
+This primarily merges a couple of different exclusion lists into a single
+concept.
+
+(cherry picked from commit ad2706db7cceba69203f3ac2b6ef65d7490c5f29)
+---
+ src/core/mount.c       | 62 +++++++++++++++++++++++++++++++-------------------
+ src/shared/path-util.h | 25 ++++++++++++++++++++
+ 2 files changed, 64 insertions(+), 23 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 102bbef91..44f79ba8a 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -350,19 +350,35 @@ static int mount_add_quota_links(Mount *m) {
+         return 0;
+ }
+ 
+-static bool should_umount(Mount *m) {
++static bool mount_is_extrinsic(Mount *m) {
+         MountParameters *p;
++        assert(m);
+ 
+-        if (path_equal(m->where, "/") ||
+-            path_equal(m->where, "/usr"))
+-                return false;
++        /* Returns true for all units that are "magic" and should be excluded from the usual start-up and shutdown
++         * dependencies. We call them "extrinsic" here, as they are generally mounted outside of the systemd dependency
++         * logic. We shouldn't attempt to manage them ourselves but it's fine if the user operates on them with us. */
++
++        if (UNIT(m)->manager->running_as != SYSTEMD_SYSTEM) /* We only automatically manage mounts if we are in system mode */
++                return true;
+ 
++        if (PATH_IN_SET(m->where,  /* Don't bother with the OS data itself */
++                        "/",
++                        "/usr"))
++                return true;
++
++        if (PATH_STARTSWITH_SET(m->where,
++                                "/run/initramfs",    /* This should stay around from before we boot until after we shutdown */
++                                "/proc",             /* All of this is API VFS */
++                                "/sys",              /* … dito … */
++                                "/dev"))             /* … dito … */
++                return true;
++
++        /* If this is an initrd mount, and we are not in the initrd, then leave this around forever, too. */
+         p = get_mount_parameters(m);
+-        if (p && mount_test_option(p->options, "x-initrd.mount") &&
+-            !in_initrd())
+-                return false;
++        if (p && mount_test_option(p->options, "x-initrd.mount") && !in_initrd())
++                return true;
+ 
+-        return true;
++        return false;
+ }
+ 
+ static int mount_add_default_dependencies(Mount *m) {
+@@ -375,14 +391,17 @@ static int mount_add_default_dependencies(Mount *m) {
+         if (UNIT(m)->manager->running_as != SYSTEMD_SYSTEM)
+                 return 0;
+ 
++        /* We do not add any default dependencies to /, /usr or /run/initramfs/, since they are guaranteed to stay
++         * mounted the whole time, since our system is on it.  Also, don't bother with anything mounted below virtual
++         * file systems, it's also going to be virtual, and hence not worth the effort. */
++        if (mount_is_extrinsic(m))
++                return 0;
++
+         p = get_mount_parameters(m);
+ 
+         if (!p)
+                 return 0;
+ 
+-        if (path_equal(m->where, "/"))
+-                return 0;
+-
+         if (mount_is_network(p)) {
+                 after = SPECIAL_REMOTE_FS_PRE_TARGET;
+                 after2 = SPECIAL_NETWORK_TARGET;
+@@ -409,11 +428,9 @@ static int mount_add_default_dependencies(Mount *m) {
+                         return r;
+         }
+ 
+-        if (should_umount(m)) {
+-                r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
+-                if (r < 0)
+-                        return r;
+-        }
++        r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
++        if (r < 0)
++                return r;
+ 
+         return 0;
+ }
+@@ -667,6 +684,7 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) {
+                 "%sOptions: %s\n"
+                 "%sFrom /proc/self/mountinfo: %s\n"
+                 "%sFrom fragment: %s\n"
++                "%sExtrinsic: %s\n"
+                 "%sDirectoryMode: %04o\n",
+                 prefix, mount_state_to_string(m->state),
+                 prefix, mount_result_to_string(m->result),
+@@ -676,6 +694,7 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) {
+                 prefix, p ? strna(p->options) : "n/a",
+                 prefix, yes_no(m->from_proc_self_mountinfo),
+                 prefix, yes_no(m->from_fragment),
++                prefix, yes_no(mount_is_extrinsic(m)),
+                 prefix, m->directory_mode);
+ 
+         if (m->control_pid > 0)
+@@ -1374,8 +1393,7 @@ static int mount_add_one(
+                         goto fail;
+                 }
+ 
+-
+-                if (m->running_as == SYSTEMD_SYSTEM) {
++                if (!mount_is_extrinsic(MOUNT(u))) {
+                         const char* target;
+ 
+                         target = fstype_is_network(fstype) ? SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
+@@ -1384,11 +1402,9 @@ static int mount_add_one(
+                         if (r < 0)
+                                 goto fail;
+ 
+-                        if (should_umount(MOUNT(u))) {
+-                                r = unit_add_dependency_by_name(u, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
+-                                if (r < 0)
+-                                        goto fail;
+-                        }
++                        r = unit_add_dependency_by_name(u, UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
++                        if (r < 0)
++                                goto fail;
+                 }
+ 
+                 unit_add_to_load_queue(u);
+diff --git a/src/shared/path-util.h b/src/shared/path-util.h
+index 54f00a8a8..6ac8eb9e2 100644
+--- a/src/shared/path-util.h
++++ b/src/shared/path-util.h
+@@ -70,3 +70,28 @@ int fsck_exists(const char *fstype);
+ /* Same as PATH_FOREACH_PREFIX but also includes the specified path itself */
+ #define PATH_FOREACH_PREFIX_MORE(prefix, path) \
+         for (char *_slash = ({ path_kill_slashes(strcpy(prefix, path)); if (streq(prefix, "/")) prefix[0] = 0; strrchr(prefix, 0); }); _slash && !(*_slash = 0); _slash = strrchr((prefix), '/'))
++
++/* Note: the search terminates on the first NULL item. */
++#define PATH_IN_SET(p, ...)                                     \
++        ({                                                      \
++                char **s;                                       \
++                bool _found = false;                            \
++                STRV_FOREACH(s, STRV_MAKE(__VA_ARGS__))         \
++                        if (path_equal(p, *s)) {                \
++                               _found = true;                   \
++                               break;                           \
++                        }                                       \
++                _found;                                         \
++        })
++
++#define PATH_STARTSWITH_SET(p, ...)                             \
++        ({                                                      \
++                char **s;                                       \
++                bool _found = false;                            \
++                STRV_FOREACH(s, STRV_MAKE(__VA_ARGS__))         \
++                        if (path_startswith(p, *s)) {           \
++                               _found = true;                   \
++                               break;                           \
++                        }                                       \
++                _found;                                         \
++        })
diff --git a/debian/patches/pid1-don-t-return-any-error-in-manager_dispatch_noti.patch b/debian/patches/pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
new file mode 100644
index 0000000..e0e0c8f
--- /dev/null
+++ b/debian/patches/pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
@@ -0,0 +1,45 @@
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 29 Sep 2016 19:44:34 +0200
+Subject: pid1: don't return any error in manager_dispatch_notify_fd() (#4240)
+
+If manager_dispatch_notify_fd() fails and returns an error then the handling of
+service notifications will be disabled entirely leading to a compromised system.
+
+For example pid1 won't be able to receive the WATCHDOG messages anymore and
+will kill all services supposed to send such messages.
+
+Fixes: CVE-2016-7796
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839607
+
+(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
+---
+ src/core/manager.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index e6a0736..a8c40d4 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1493,14 +1493,14 @@ static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t
+                 Unit *u;
+ 
+                 n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT);
+-                if (n <= 0) {
+-                        if (n == 0)
+-                                return -EIO;
+-
+-                        if (errno == EAGAIN || errno == EINTR)
+-                                break;
+-
+-                        return -errno;
++                if (n < 0) {
++                        if (!IN_SET(errno, EAGAIN, EINTR))
++                                log_error("Failed to receive notification message: %m");
++                        break;
++                }
++                if (n == 0) {
++                        log_debug("Got zero-length notification message. Ignoring.");
++                        break;
+                 }
+ 
+                 if (msghdr.msg_controllen < CMSG_LEN(sizeof(struct ucred)) ||
diff --git a/debian/patches/polkit-don-t-start-polkit-agent-when-running-as-root.patch b/debian/patches/polkit-don-t-start-polkit-agent-when-running-as-root.patch
new file mode 100644
index 0000000..3046998
--- /dev/null
+++ b/debian/patches/polkit-don-t-start-polkit-agent-when-running-as-root.patch
@@ -0,0 +1,31 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Tue, 5 Apr 2016 10:30:45 +0200
+Subject: polkit: don't start polkit agent when running as root
+
+On the server side we already bypass the polkit checks if the caller is root
+(see the sd_bus_query_sender_privilege() call in bus_verify_polkit_async()). So
+there is no reason to invoke polkit when running
+systemctl/machinectl/loginctl/timedatectl as root.
+
+Fixes #2748
+
+(cherry picked from commit 89d034822075dfa8d18af8182019028cc428a1b5)
+---
+ src/shared/spawn-polkit-agent.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c
+index fccf1e9..829b275 100644
+--- a/src/shared/spawn-polkit-agent.c
++++ b/src/shared/spawn-polkit-agent.c
+@@ -44,6 +44,10 @@ int polkit_agent_open(void) {
+         if (agent_pid > 0)
+                 return 0;
+ 
++        /* Clients that run as root don't need to activate/query polkit */
++        if (geteuid() == 0)
++                return 0;
++
+         /* We check STDIN here, not STDOUT, since this is about input,
+          * not output */
+         if (!isatty(STDIN_FILENO))
diff --git a/debian/patches/series b/debian/patches/series
index f8534a4..a883d86 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -165,6 +165,11 @@ man-update-links-to-kernel.org-cgroup-documentation.patch
 console-getty.service-don-t-start-when-dev-console-is-mis.patch
 units-explicitly-order-systemd-user-sessions.service-afte.patch
 units-order-systemd-user-sessions.service-after-network.t.patch
+pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
+polkit-don-t-start-polkit-agent-when-running-as-root.patch
+core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
+systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
+systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
 
 ## Debian specific patches:
 Add-back-support-for-Debian-specific-config-files.patch
diff --git a/debian/patches/systemctl-fix-argument-handling-when-invoked-as-shutdown.patch b/debian/patches/systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
new file mode 100644
index 0000000..e9b2969
--- /dev/null
+++ b/debian/patches/systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
@@ -0,0 +1,31 @@
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Mon, 15 Dec 2014 10:39:00 +0100
+Subject: systemctl: fix argument handling when invoked as "shutdown"
+
+(cherry picked from commit 75836b9d2071aab978ee78d7d797126a18a32052)
+---
+ src/systemctl/systemctl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 942acbc..f4fbab5 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -6219,7 +6219,7 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
+         assert(argc >= 0);
+         assert(argv);
+ 
+-        while ((c = getopt_long(argc, argv, "HPrhkt:afFc", options, NULL)) >= 0) {
++        while ((c = getopt_long(argc, argv, "HPrhkKt:afFc", options, NULL)) >= 0) {
+                 switch (c) {
+ 
+                 case ARG_HELP:
+@@ -6259,6 +6259,8 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
+ 
+                 case 't':
+                 case 'a':
++                case 'f':
++                case 'F':
+                         /* Compatibility nops */
+                         break;
+ 
diff --git a/debian/patches/systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch b/debian/patches/systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
new file mode 100644
index 0000000..f3e85ea
--- /dev/null
+++ b/debian/patches/systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
@@ -0,0 +1,26 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 29 Sep 2015 22:40:05 +0200
+Subject: systemctl: when reading legacy -t argument for shutdown,
+ don't drop following parameter
+
+We currently completely ignore the following parameter, but we really
+should not, as that is actually the time to shut down on.
+
+(cherry picked from commit a4420f7b8ed73b05ef6f31622101e7804daef69f)
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index f4fbab5..9adef05 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -6219,7 +6219,7 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
+         assert(argc >= 0);
+         assert(argv);
+ 
+-        while ((c = getopt_long(argc, argv, "HPrhkKt:afFc", options, NULL)) >= 0) {
++        while ((c = getopt_long(argc, argv, "HPrhkKtafFc", options, NULL)) >= 0) {
+                 switch (c) {
+ 
+                 case ARG_HELP:
Reply to: