Bug#849020: jessie-pu: package systemd/215-17+deb8u6

2017-01-06 Thread Adam D. Barratt 
Control: tags -1 + pending

On Thu, 2017-01-05 at 13:30 +0100, Michael Biebl wrote:
> Am 05.01.2017 um 07:18 schrieb Adam D. Barratt:
> > Michael, please feel free to upload. 
> 
> Thanks. done
> 
> (I'm assuming that the resulting
> > package has had at least some testing on a jessie system already.)
> 
> I did test the invididual fixes in a jessie VM and lxc container, which
> included installing and running the final version of systemd_215-17+deb8u6.

Thanks for the confirmation.

Flagged for acceptance into p-u.

Regards,

Adam

Bug#849020: jessie-pu: package systemd/215-17+deb8u6

2017-01-05 Thread Michael Biebl 
Am 05.01.2017 um 07:18 schrieb Adam D. Barratt:
> Michael, please feel free to upload. 

Thanks. done

(I'm assuming that the resulting
> package has had at least some testing on a jessie system already.)

I did test the invididual fixes in a jessie VM and lxc container, which
included installing and running the final version of systemd_215-17+deb8u6.

Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Bug#849020: jessie-pu: package systemd/215-17+deb8u6

2017-01-04 Thread Adam D. Barratt 
Control: tags -1 -moreinfo +confirmed

On Wed, 2017-01-04 at 23:49 +0100, Cyril Brulebois wrote:
> Adam D. Barratt  (2017-01-04):
> > Control: tags -1 + moreinfo
> > 
> > On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote:
> > > I'd like to make a stable upload for systemd with the following changes.
> > > All the changes are cherry-picks/backports from fixes which have already
> > > been applied to systemd in unstable.
> > > 
> > > The full debdiff is attached. For better readability I will provide an
> > > annotated debian/changelog which links to the invidual commits
> > 
> > I think this looks okay (although ordering changes always make me a
> > little paranoid), and while it doesn't look like any of the changes
> > should affect the udebs or d-i, I'd still appreciate a kibi-ack.
> 
> Looks good to me indeed.

Thanks.

Michael, please feel free to upload. (I'm assuming that the resulting
package has had at least some testing on a jessie system already.)

Regards,

Adam

Bug#849020: jessie-pu: package systemd/215-17+deb8u6

2017-01-04 Thread Cyril Brulebois 
Adam D. Barratt  (2017-01-04):
> Control: tags -1 + moreinfo
> 
> On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote:
> > I'd like to make a stable upload for systemd with the following changes.
> > All the changes are cherry-picks/backports from fixes which have already
> > been applied to systemd in unstable.
> > 
> > The full debdiff is attached. For better readability I will provide an
> > annotated debian/changelog which links to the invidual commits
> 
> I think this looks okay (although ordering changes always make me a
> little paranoid), and while it doesn't look like any of the changes
> should affect the udebs or d-i, I'd still appreciate a kibi-ack.

Looks good to me indeed.


KiBi.


signature.asc
Description: Digital signature

Bug#849020: jessie-pu: package systemd/215-17+deb8u6

2017-01-03 Thread Adam D. Barratt 
Control: tags -1 + moreinfo

On Wed, 2016-12-21 at 22:07 +0100, Michael Biebl wrote:
> I'd like to make a stable upload for systemd with the following changes.
> All the changes are cherry-picks/backports from fixes which have already
> been applied to systemd in unstable.
> 
> The full debdiff is attached. For better readability I will provide an
> annotated debian/changelog which links to the invidual commits

I think this looks okay (although ordering changes always make me a
little paranoid), and while it doesn't look like any of the changes
should affect the udebs or d-i, I'd still appreciate a kibi-ack.

> systemd (215-17+deb8u6) stable; urgency=medium
> 
>   [ Michael Biebl ]
>   * Don't return any error in manager_dispatch_notify_fd().
> If manager_dispatch_notify_fd() fails and returns an error then the
> handling of service notifications will be disabled entirely leading to a
> compromised system.
> For example pid1 won't be able to receive the WATCHDOG messages anymore
> and will kill all services supposed to send such messages. (CVE-2016-7796)
> (Closes: #839607)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=084e2c59
> 
> That's probably the most important one, as it fixes a local DoS. The
> security team wanted to see this fixed as part of a stable upload.
> 
>   * core: Rework logic to determine when we decide to add automatic deps for
> mounts.
> This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
> consider them managed by something else and do not add automatic ordering
> against umount.target, local-fs.target, remote-fs.target.
> Extrinsic mounts include API mounts such as everything below /proc, /sys,
> /dev. This avoids a crash in LXC containers where /dev/urandom is a bind
> mount from the host system and unmounting it leads to an assert in
> systemd. (Closes: #818978)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=b125d602
> 
> This patch is somewhat largeish, but it seemed preferable to use an
> upstream fix then cooking up our own patch.
> 
>   * Various ordering fixes for ifupdown.
> Run ifup after all kernel modules have been loaded and all sysctl settings
> are applied. Update ifup@.service to add missing After= for the device
> unit we bind to. This ensures that the device unit is active when systemd
> tries to start the service. (Closes: #819314)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=0092dd05
> 
> Those fixes have been applied to the ifupdown package in stretch/sid,
> which has taken over the ifup@.service unit.
> 
>   * systemctl: Fix argument handling when invoked as shutdown.
> (Closes: #776997)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4e8c40a4
> 
>   [ Simon McVittie ]
>   * localed: tolerate absence of /etc/default/keyboard.
> The debian-specific patch to read Debian config files was not tolerating
> the absence of /etc/default/keyboard. This causes systemd-localed to fail
> to start on systems where that file isn't populated (like embedded systems
> without keyboards). (Closes: #833849)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4b937b71
> 
>   [ Martin Pitt ]
>   * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
> (Closes: #774153, LP: #1565617)
> 
> https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=f6024358
> 
> We want to avoid querying polkit as root, especially when being run from
> the maintainer scripts. During a (dist-)upgrade, the policykit-1 package
> can be in an unconfigured state and trying to talk to it can lead to a
> dead lock.

Regards,

Adam

Bug#849020: jessie-pu: package systemd/215-17+deb8u6

2016-12-21 Thread Michael Biebl 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Hi release team,

I'd like to make a stable upload for systemd with the following changes.
All the changes are cherry-picks/backports from fixes which have already
been applied to systemd in unstable.

The full debdiff is attached. For better readability I will provide an
annotated debian/changelog which links to the invidual commits

systemd (215-17+deb8u6) stable; urgency=medium

  [ Michael Biebl ]
  * Don't return any error in manager_dispatch_notify_fd().
If manager_dispatch_notify_fd() fails and returns an error then the
handling of service notifications will be disabled entirely leading to a
compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore
and will kill all services supposed to send such messages. (CVE-2016-7796)
(Closes: #839607)

https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=084e2c59

That's probably the most important one, as it fixes a local DoS. The
security team wanted to see this fixed as part of a stable upload.

  * core: Rework logic to determine when we decide to add automatic deps for
mounts.
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
consider them managed by something else and do not add automatic ordering
against umount.target, local-fs.target, remote-fs.target.
Extrinsic mounts include API mounts such as everything below /proc, /sys,
/dev. This avoids a crash in LXC containers where /dev/urandom is a bind
mount from the host system and unmounting it leads to an assert in
systemd. (Closes: #818978)

https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=b125d602

This patch is somewhat largeish, but it seemed preferable to use an
upstream fix then cooking up our own patch.

  * Various ordering fixes for ifupdown.
Run ifup after all kernel modules have been loaded and all sysctl settings
are applied. Update ifup@.service to add missing After= for the device
unit we bind to. This ensures that the device unit is active when systemd
tries to start the service. (Closes: #819314)

https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=0092dd05

Those fixes have been applied to the ifupdown package in stretch/sid,
which has taken over the ifup@.service unit.

  * systemctl: Fix argument handling when invoked as shutdown.
(Closes: #776997)

https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4e8c40a4

  [ Simon McVittie ]
  * localed: tolerate absence of /etc/default/keyboard.
The debian-specific patch to read Debian config files was not tolerating
the absence of /etc/default/keyboard. This causes systemd-localed to fail
to start on systems where that file isn't populated (like embedded systems
without keyboards). (Closes: #833849)

https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=4b937b71

  [ Martin Pitt ]
  * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
(Closes: #774153, LP: #1565617)

https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie=f6024358

We want to avoid querying polkit as root, especially when being run from
the maintainer scripts. During a (dist-)upgrade, the policykit-1 package
can be in an unconfigured state and trying to talk to it can lead to a
dead lock.

 -- Michael Biebl   Wed, 21 Dec 2016 21:33:51 +0100


Please let me know when I can proceed with the upload. It would be great
if those fixes can make it into 8.7.

Regards,
Michael

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 3bee4fe..ffceb7d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,43 @@
+systemd (215-17+deb8u6) stable; urgency=medium
+
+  [ Michael Biebl ]
+  * Don't return any error in manager_dispatch_notify_fd().
+If manager_dispatch_notify_fd() fails and returns an error then the
+handling of service notifications will be disabled entirely leading to a
+compromised system.
+For example pid1 won't be able to receive the WATCHDOG messages anymore
+and will kill all services supposed to send such messages. (CVE-2016-7796)
+(Closes: #839607)
+  * core: Rework logic to determine when we decide to add automatic deps for
+mounts.
+This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
+consider them managed by something else and do not add automatic ordering
+against umount.target,