Control: tags -1 + moreinfo On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote: > I'd like to make a stable upload for systemd with the following changes. > All the changes are cherry-picks/backports from fixes which have already > been applied to systemd in unstable. > > The full debdiff is attached. For better readability I will provide an > annotated debian/changelog which links to the invidual commits
I think this looks okay (although ordering changes always make me a little paranoid), and while it doesn't look like any of the changes should affect the udebs or d-i, I'd still appreciate a kibi-ack. > systemd (215-17+deb8u6) stable; urgency=medium > > [ Michael Biebl ] > * Don't return any error in manager_dispatch_notify_fd(). > If manager_dispatch_notify_fd() fails and returns an error then the > handling of service notifications will be disabled entirely leading to a > compromised system. > For example pid1 won't be able to receive the WATCHDOG messages anymore > and will kill all services supposed to send such messages. (CVE-2016-7796) > (Closes: #839607) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=084e2c59 > > That's probably the most important one, as it fixes a local DoS. The > security team wanted to see this fixed as part of a stable upload. > > * core: Rework logic to determine when we decide to add automatic deps for > mounts. > This adds a concept of "extrinsic" mounts. If mounts are extrinsic we > consider them managed by something else and do not add automatic ordering > against umount.target, local-fs.target, remote-fs.target. > Extrinsic mounts include API mounts such as everything below /proc, /sys, > /dev. This avoids a crash in LXC containers where /dev/urandom is a bind > mount from the host system and unmounting it leads to an assert in > systemd. (Closes: #818978) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=b125d602 > > This patch is somewhat largeish, but it seemed preferable to use an > upstream fix then cooking up our own patch. > > * Various ordering fixes for ifupdown. > Run ifup after all kernel modules have been loaded and all sysctl settings > are applied. Update ifup@.service to add missing After= for the device > unit we bind to. This ensures that the device unit is active when systemd > tries to start the service. (Closes: #819314) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=0092dd05 > > Those fixes have been applied to the ifupdown package in stretch/sid, > which has taken over the ifup@.service unit. > > * systemctl: Fix argument handling when invoked as shutdown. > (Closes: #776997) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4e8c40a4 > > [ Simon McVittie ] > * localed: tolerate absence of /etc/default/keyboard. > The debian-specific patch to read Debian config files was not tolerating > the absence of /etc/default/keyboard. This causes systemd-localed to fail > to start on systems where that file isn't populated (like embedded systems > without keyboards). (Closes: #833849) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4b937b71 > > [ Martin Pitt ] > * systemctl, loginctl, etc.: Don't start polkit agent when running as root. > (Closes: #774153, LP: #1565617) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=f6024358 > > We want to avoid querying polkit as root, especially when being run from > the maintainer scripts. During a (dist-)upgrade, the policykit-1 package > can be in an unconfigured state and trying to talk to it can lead to a > dead lock. Regards, Adam
