Bug#849020: jessie-pu: package systemd/215-17+deb8u6

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + moreinfo

On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote:
> I'd like to make a stable upload for systemd with the following changes.
> All the changes are cherry-picks/backports from fixes which have already
> been applied to systemd in unstable.
> 
> The full debdiff is attached. For better readability I will provide an
> annotated debian/changelog which links to the invidual commits

I think this looks okay (although ordering changes always make me a
little paranoid), and while it doesn't look like any of the changes
should affect the udebs or d-i, I'd still appreciate a kibi-ack.

> systemd (215-17+deb8u6) stable; urgency=medium
> 
>   [ Michael Biebl ]
>   * Don't return any error in manager_dispatch_notify_fd().
>     If manager_dispatch_notify_fd() fails and returns an error then the
>     handling of service notifications will be disabled entirely leading to a
>     compromised system.
>     For example pid1 won't be able to receive the WATCHDOG messages anymore
>     and will kill all services supposed to send such messages. (CVE-2016-7796)
>     (Closes: #839607)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=084e2c59
> 
> That's probably the most important one, as it fixes a local DoS. The
> security team wanted to see this fixed as part of a stable upload.
> 
>   * core: Rework logic to determine when we decide to add automatic deps for
>     mounts.
>     This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
>     consider them managed by something else and do not add automatic ordering
>     against umount.target, local-fs.target, remote-fs.target.
>     Extrinsic mounts include API mounts such as everything below /proc, /sys,
>     /dev. This avoids a crash in LXC containers where /dev/urandom is a bind
>     mount from the host system and unmounting it leads to an assert in
>     systemd. (Closes: #818978)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=b125d602
> 
> This patch is somewhat largeish, but it seemed preferable to use an
> upstream fix then cooking up our own patch.
> 
>   * Various ordering fixes for ifupdown.
>     Run ifup after all kernel modules have been loaded and all sysctl settings
>     are applied. Update ifup@.service to add missing After= for the device
>     unit we bind to. This ensures that the device unit is active when systemd
>     tries to start the service. (Closes: #819314)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=0092dd05
> 
> Those fixes have been applied to the ifupdown package in stretch/sid,
> which has taken over the ifup@.service unit.
> 
>   * systemctl: Fix argument handling when invoked as shutdown.
>     (Closes: #776997)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4e8c40a4
> 
>   [ Simon McVittie ]
>   * localed: tolerate absence of /etc/default/keyboard.
>     The debian-specific patch to read Debian config files was not tolerating
>     the absence of /etc/default/keyboard. This causes systemd-localed to fail
>     to start on systems where that file isn't populated (like embedded systems
>     without keyboards). (Closes: #833849)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4b937b71
> 
>   [ Martin Pitt ]
>   * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
>     (Closes: #774153, LP: #1565617)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=f6024358
> 
> We want to avoid querying polkit as root, especially when being run from
> the maintainer scripts. During a (dist-)upgrade, the policykit-1 package
> can be in an unconfigured state and trying to talk to it can lead to a
> dead lock.

Regards,

Adam