Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Control: tags -1 + pending On Thu, 2017-01-05 at 13:30 +0100, Michael Biebl wrote: > Am 05.01.2017 um 07:18 schrieb Adam D. Barratt: > > Michael, please feel free to upload. > > Thanks. done > > (I'm assuming that the resulting > > package has had at least some testing on a jessie system already.) > > I did test the invididual fixes in a jessie VM and lxc container, which > included installing and running the final version of systemd_215-17+deb8u6. Thanks for the confirmation. Flagged for acceptance into p-u. Regards, Adam
Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Am 05.01.2017 um 07:18 schrieb Adam D. Barratt: > Michael, please feel free to upload. Thanks. done (I'm assuming that the resulting > package has had at least some testing on a jessie system already.) I did test the invididual fixes in a jessie VM and lxc container, which included installing and running the final version of systemd_215-17+deb8u6. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Control: tags -1 -moreinfo +confirmed On Wed, 2017-01-04 at 23:49 +0100, Cyril Brulebois wrote: > Adam D. Barratt(2017-01-04): > > Control: tags -1 + moreinfo > > > > On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote: > > > I'd like to make a stable upload for systemd with the following changes. > > > All the changes are cherry-picks/backports from fixes which have already > > > been applied to systemd in unstable. > > > > > > The full debdiff is attached. For better readability I will provide an > > > annotated debian/changelog which links to the invidual commits > > > > I think this looks okay (although ordering changes always make me a > > little paranoid), and while it doesn't look like any of the changes > > should affect the udebs or d-i, I'd still appreciate a kibi-ack. > > Looks good to me indeed. Thanks. Michael, please feel free to upload. (I'm assuming that the resulting package has had at least some testing on a jessie system already.) Regards, Adam
Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Adam D. Barratt(2017-01-04): > Control: tags -1 + moreinfo > > On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote: > > I'd like to make a stable upload for systemd with the following changes. > > All the changes are cherry-picks/backports from fixes which have already > > been applied to systemd in unstable. > > > > The full debdiff is attached. For better readability I will provide an > > annotated debian/changelog which links to the invidual commits > > I think this looks okay (although ordering changes always make me a > little paranoid), and while it doesn't look like any of the changes > should affect the udebs or d-i, I'd still appreciate a kibi-ack. Looks good to me indeed. KiBi. signature.asc Description: Digital signature
Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Control: tags -1 + moreinfo On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote: > I'd like to make a stable upload for systemd with the following changes. > All the changes are cherry-picks/backports from fixes which have already > been applied to systemd in unstable. > > The full debdiff is attached. For better readability I will provide an > annotated debian/changelog which links to the invidual commits I think this looks okay (although ordering changes always make me a little paranoid), and while it doesn't look like any of the changes should affect the udebs or d-i, I'd still appreciate a kibi-ack. > systemd (215-17+deb8u6) stable; urgency=medium > > [ Michael Biebl ] > * Don't return any error in manager_dispatch_notify_fd(). > If manager_dispatch_notify_fd() fails and returns an error then the > handling of service notifications will be disabled entirely leading to a > compromised system. > For example pid1 won't be able to receive the WATCHDOG messages anymore > and will kill all services supposed to send such messages. (CVE-2016-7796) > (Closes: #839607) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=084e2c59 > > That's probably the most important one, as it fixes a local DoS. The > security team wanted to see this fixed as part of a stable upload. > > * core: Rework logic to determine when we decide to add automatic deps for > mounts. > This adds a concept of "extrinsic" mounts. If mounts are extrinsic we > consider them managed by something else and do not add automatic ordering > against umount.target, local-fs.target, remote-fs.target. > Extrinsic mounts include API mounts such as everything below /proc, /sys, > /dev. This avoids a crash in LXC containers where /dev/urandom is a bind > mount from the host system and unmounting it leads to an assert in > systemd. (Closes: #818978) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=b125d602 > > This patch is somewhat largeish, but it seemed preferable to use an > upstream fix then cooking up our own patch. > > * Various ordering fixes for ifupdown. > Run ifup after all kernel modules have been loaded and all sysctl settings > are applied. Update ifup@.service to add missing After= for the device > unit we bind to. This ensures that the device unit is active when systemd > tries to start the service. (Closes: #819314) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=0092dd05 > > Those fixes have been applied to the ifupdown package in stretch/sid, > which has taken over the ifup@.service unit. > > * systemctl: Fix argument handling when invoked as shutdown. > (Closes: #776997) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4e8c40a4 > > [ Simon McVittie ] > * localed: tolerate absence of /etc/default/keyboard. > The debian-specific patch to read Debian config files was not tolerating > the absence of /etc/default/keyboard. This causes systemd-localed to fail > to start on systems where that file isn't populated (like embedded systems > without keyboards). (Closes: #833849) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4b937b71 > > [ Martin Pitt ] > * systemctl, loginctl, etc.: Don't start polkit agent when running as root. > (Closes: #774153, LP: #1565617) > > https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=f6024358 > > We want to avoid querying polkit as root, especially when being run from > the maintainer scripts. During a (dist-)upgrade, the policykit-1 package > can be in an unconfigured state and trying to talk to it can lead to a > dead lock. Regards, Adam
Bug#849020: jessie-pu: package systemd/215-17+deb8u6
Package: release.debian.org Severity: normal Tags: jessie User: release.debian@packages.debian.org Usertags: pu Hi release team, I'd like to make a stable upload for systemd with the following changes. All the changes are cherry-picks/backports from fixes which have already been applied to systemd in unstable. The full debdiff is attached. For better readability I will provide an annotated debian/changelog which links to the invidual commits systemd (215-17+deb8u6) stable; urgency=medium [ Michael Biebl ] * Don't return any error in manager_dispatch_notify_fd(). If manager_dispatch_notify_fd() fails and returns an error then the handling of service notifications will be disabled entirely leading to a compromised system. For example pid1 won't be able to receive the WATCHDOG messages anymore and will kill all services supposed to send such messages. (CVE-2016-7796) (Closes: #839607) https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=084e2c59 That's probably the most important one, as it fixes a local DoS. The security team wanted to see this fixed as part of a stable upload. * core: Rework logic to determine when we decide to add automatic deps for mounts. This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider them managed by something else and do not add automatic ordering against umount.target, local-fs.target, remote-fs.target. Extrinsic mounts include API mounts such as everything below /proc, /sys, /dev. This avoids a crash in LXC containers where /dev/urandom is a bind mount from the host system and unmounting it leads to an assert in systemd. (Closes: #818978) https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=b125d602 This patch is somewhat largeish, but it seemed preferable to use an upstream fix then cooking up our own patch. * Various ordering fixes for ifupdown. Run ifup after all kernel modules have been loaded and all sysctl settings are applied. Update ifup@.service to add missing After= for the device unit we bind to. This ensures that the device unit is active when systemd tries to start the service. (Closes: #819314) https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=0092dd05 Those fixes have been applied to the ifupdown package in stretch/sid, which has taken over the ifup@.service unit. * systemctl: Fix argument handling when invoked as shutdown. (Closes: #776997) https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4e8c40a4 [ Simon McVittie ] * localed: tolerate absence of /etc/default/keyboard. The debian-specific patch to read Debian config files was not tolerating the absence of /etc/default/keyboard. This causes systemd-localed to fail to start on systems where that file isn't populated (like embedded systems without keyboards). (Closes: #833849) https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4b937b71 [ Martin Pitt ] * systemctl, loginctl, etc.: Don't start polkit agent when running as root. (Closes: #774153, LP: #1565617) https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=f6024358 We want to avoid querying polkit as root, especially when being run from the maintainer scripts. During a (dist-)upgrade, the policykit-1 package can be in an unconfigured state and trying to talk to it can lead to a dead lock. -- Michael BieblWed, 21 Dec 2016 21:33:51 +0100 Please let me know when I can proceed with the upload. It would be great if those fixes can make it into 8.7. Regards, Michael -- System Information: Debian Release: stretch/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) diff --git a/debian/changelog b/debian/changelog index 3bee4fe..ffceb7d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,43 @@ +systemd (215-17+deb8u6) stable; urgency=medium + + [ Michael Biebl ] + * Don't return any error in manager_dispatch_notify_fd(). +If manager_dispatch_notify_fd() fails and returns an error then the +handling of service notifications will be disabled entirely leading to a +compromised system. +For example pid1 won't be able to receive the WATCHDOG messages anymore +and will kill all services supposed to send such messages. (CVE-2016-7796) +(Closes: #839607) + * core: Rework logic to determine when we decide to add automatic deps for +mounts. +This adds a concept of "extrinsic" mounts. If mounts are extrinsic we +consider them managed by something else and do not add automatic ordering +against umount.target,