Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Control: tags -1 + moreinfo
On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote:
> I'd like to make a stable upload for systemd with the following changes.
> All the changes are cherry-picks/backports from fixes which have already
> been applied to systemd in unstable.
>
> The full debdiff is attached. For better readability I will provide an
> annotated debian/changelog which links to the invidual commits
I think this looks okay (although ordering changes always make me a
little paranoid), and while it doesn't look like any of the changes
should affect the udebs or d-i, I'd still appreciate a kibi-ack.
> systemd (215-17+deb8u6) stable; urgency=medium
>
> [ Michael Biebl ]
> * Don't return any error in manager_dispatch_notify_fd().
> If manager_dispatch_notify_fd() fails and returns an error then the
> handling of service notifications will be disabled entirely leading to a
> compromised system.
> For example pid1 won't be able to receive the WATCHDOG messages anymore
> and will kill all services supposed to send such messages. (CVE-2016-7796)
> (Closes: #839607)
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=084e2c59
>
> That's probably the most important one, as it fixes a local DoS. The
> security team wanted to see this fixed as part of a stable upload.
>
> * core: Rework logic to determine when we decide to add automatic deps for
> mounts.
> This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
> consider them managed by something else and do not add automatic ordering
> against umount.target, local-fs.target, remote-fs.target.
> Extrinsic mounts include API mounts such as everything below /proc, /sys,
> /dev. This avoids a crash in LXC containers where /dev/urandom is a bind
> mount from the host system and unmounting it leads to an assert in
> systemd. (Closes: #818978)
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=b125d602
>
> This patch is somewhat largeish, but it seemed preferable to use an
> upstream fix then cooking up our own patch.
>
> * Various ordering fixes for ifupdown.
> Run ifup after all kernel modules have been loaded and all sysctl settings
> are applied. Update ifup@.service to add missing After= for the device
> unit we bind to. This ensures that the device unit is active when systemd
> tries to start the service. (Closes: #819314)
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=0092dd05
>
> Those fixes have been applied to the ifupdown package in stretch/sid,
> which has taken over the ifup@.service unit.
>
> * systemctl: Fix argument handling when invoked as shutdown.
> (Closes: #776997)
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4e8c40a4
>
> [ Simon McVittie ]
> * localed: tolerate absence of /etc/default/keyboard.
> The debian-specific patch to read Debian config files was not tolerating
> the absence of /etc/default/keyboard. This causes systemd-localed to fail
> to start on systems where that file isn't populated (like embedded systems
> without keyboards). (Closes: #833849)
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4b937b71
>
> [ Martin Pitt ]
> * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
> (Closes: #774153, LP: #1565617)
>
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=f6024358
>
> We want to avoid querying polkit as root, especially when being run from
> the maintainer scripts. During a (dist-)upgrade, the policykit-1 package
> can be in an unconfigured state and trying to talk to it can lead to a
> dead lock.
Regards,
Adam
Reply to: