--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian....@packages.debian.org
Usertags: pu
Hi release team,
I'd like to make a stable upload for systemd with the following changes.
All the changes are cherry-picks/backports from fixes which have already
been applied to systemd in unstable.
The full debdiff is attached. For better readability I will provide an
annotated debian/changelog which links to the invidual commits
systemd (215-17+deb8u6) stable; urgency=medium
[ Michael Biebl ]
* Don't return any error in manager_dispatch_notify_fd().
If manager_dispatch_notify_fd() fails and returns an error then the
handling of service notifications will be disabled entirely leading to a
compromised system.
For example pid1 won't be able to receive the WATCHDOG messages anymore
and will kill all services supposed to send such messages. (CVE-2016-7796)
(Closes: #839607)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=084e2c59
That's probably the most important one, as it fixes a local DoS. The
security team wanted to see this fixed as part of a stable upload.
* core: Rework logic to determine when we decide to add automatic deps for
mounts.
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
consider them managed by something else and do not add automatic ordering
against umount.target, local-fs.target, remote-fs.target.
Extrinsic mounts include API mounts such as everything below /proc, /sys,
/dev. This avoids a crash in LXC containers where /dev/urandom is a bind
mount from the host system and unmounting it leads to an assert in
systemd. (Closes: #818978)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=b125d602
This patch is somewhat largeish, but it seemed preferable to use an
upstream fix then cooking up our own patch.
* Various ordering fixes for ifupdown.
Run ifup after all kernel modules have been loaded and all sysctl settings
are applied. Update ifup@.service to add missing After= for the device
unit we bind to. This ensures that the device unit is active when systemd
tries to start the service. (Closes: #819314)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=0092dd05
Those fixes have been applied to the ifupdown package in stretch/sid,
which has taken over the ifup@.service unit.
* systemctl: Fix argument handling when invoked as shutdown.
(Closes: #776997)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4e8c40a4
[ Simon McVittie ]
* localed: tolerate absence of /etc/default/keyboard.
The debian-specific patch to read Debian config files was not tolerating
the absence of /etc/default/keyboard. This causes systemd-localed to fail
to start on systems where that file isn't populated (like embedded systems
without keyboards). (Closes: #833849)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=4b937b71
[ Martin Pitt ]
* systemctl, loginctl, etc.: Don't start polkit agent when running as root.
(Closes: #774153, LP: #1565617)
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?h=jessie&id=f6024358
We want to avoid querying polkit as root, especially when being run from
the maintainer scripts. During a (dist-)upgrade, the policykit-1 package
can be in an unconfigured state and trying to talk to it can lead to a
dead lock.
-- Michael Biebl <bi...@debian.org> Wed, 21 Dec 2016 21:33:51 +0100
Please let me know when I can proceed with the upload. It would be great
if those fixes can make it into 8.7.
Regards,
Michael
-- System Information:
Debian Release: stretch/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff --git a/debian/changelog b/debian/changelog
index 3bee4fe..ffceb7d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,43 @@
+systemd (215-17+deb8u6) stable; urgency=medium
+
+ [ Michael Biebl ]
+ * Don't return any error in manager_dispatch_notify_fd().
+ If manager_dispatch_notify_fd() fails and returns an error then the
+ handling of service notifications will be disabled entirely leading to a
+ compromised system.
+ For example pid1 won't be able to receive the WATCHDOG messages anymore
+ and will kill all services supposed to send such messages. (CVE-2016-7796)
+ (Closes: #839607)
+ * core: Rework logic to determine when we decide to add automatic deps for
+ mounts.
+ This adds a concept of "extrinsic" mounts. If mounts are extrinsic we
+ consider them managed by something else and do not add automatic ordering
+ against umount.target, local-fs.target, remote-fs.target.
+ Extrinsic mounts include API mounts such as everything below /proc, /sys,
+ /dev. This avoids a crash in LXC containers where /dev/urandom is a bind
+ mount from the host system and unmounting it leads to an assert in
+ systemd. (Closes: #818978)
+ * Various ordering fixes for ifupdown.
+ Run ifup after all kernel modules have been loaded and all sysctl settings
+ are applied. Update ifup@.service to add missing After= for the device
+ unit we bind to. This ensures that the device unit is active when systemd
+ tries to start the service. (Closes: #819314)
+ * systemctl: Fix argument handling when invoked as shutdown.
+ (Closes: #776997)
+
+ [ Simon McVittie ]
+ * localed: tolerate absence of /etc/default/keyboard.
+ The debian-specific patch to read Debian config files was not tolerating
+ the absence of /etc/default/keyboard. This causes systemd-localed to fail
+ to start on systems where that file isn't populated (like embedded systems
+ without keyboards). (Closes: #833849)
+
+ [ Martin Pitt ]
+ * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
+ (Closes: #774153, LP: #1565617)
+
+ -- Michael Biebl <bi...@debian.org> Wed, 21 Dec 2016 21:33:51 +0100
+
systemd (215-17+deb8u5) stable; urgency=medium
* Use the right timeout for stop processes we fork. This ensures that
diff --git a/debian/extra/network-pre.conf b/debian/extra/network-pre.conf
index 4e9b7d4..76e3e31 100644
--- a/debian/extra/network-pre.conf
+++ b/debian/extra/network-pre.conf
@@ -1,2 +1,2 @@
[Unit]
-After=network-pre.target
+After=network-pre.target systemd-sysctl.service systemd-modules-load.service
diff --git a/debian/ifup@.service b/debian/ifup@.service
index bad5364..800f41d 100644
--- a/debian/ifup@.service
+++ b/debian/ifup@.service
@@ -1,8 +1,9 @@
[Unit]
Description=ifup for %I
-After=local-fs.target network-pre.target networking.service
+After=local-fs.target network-pre.target networking.service
systemd-sysctl.service
Before=network.target
BindsTo=sys-subsystem-net-devices-%i.device
+After=sys-subsystem-net-devices-%i.device
ConditionPathIsDirectory=/run/network
DefaultDependencies=no
diff --git a/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
b/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
index 72d41f9..fb7db64 100644
--- a/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
+++ b/debian/patches/Update-localed-to-use-the-Debian-config-files.patch
@@ -8,11 +8,11 @@ configuration and use /etc/default/keyboard instead of
Path courtesy of Steve Langasek.
---
- src/locale/localed.c | 214 +++++++++++++++++++++++++++------------------------
- 1 file changed, 113 insertions(+), 101 deletions(-)
+ src/locale/localed.c | 212 +++++++++++++++++++++++++++------------------------
+ 1 file changed, 114 insertions(+), 98 deletions(-)
diff --git a/src/locale/localed.c b/src/locale/localed.c
-index 23da149..4db8bef 100644
+index 23da149..0e09ad9 100644
--- a/src/locale/localed.c
+++ b/src/locale/localed.c
@@ -170,6 +170,24 @@ static int locale_read_data(Context *c) {
@@ -40,7 +40,7 @@ index 23da149..4db8bef 100644
if (r == -ENOENT) {
int p;
-@@ -206,72 +224,17 @@ static int vconsole_read_data(Context *c) {
+@@ -206,70 +224,19 @@ static int vconsole_read_data(Context *c) {
}
static int x11_read_data(Context *c) {
@@ -107,21 +107,20 @@ index 23da149..4db8bef 100644
- } else if (in_section && first_word(l, "EndSection"))
- in_section = false;
- }
--
-- fclose(f);
--
-- return 0;
+ r = parse_env_file("/etc/default/keyboard", NEWLINE,
+ "XKBMODEL", &c->x11_model,
+ "XKBLAYOUT", &c->x11_layout,
+ "XKBVARIANT", &c->x11_variant,
+ "XKBOPTIONS", &c->x11_options,
+ NULL);
-+ return r;
- }
- static int context_read_data(Context *c) {
-@@ -287,8 +250,13 @@ static int context_read_data(Context *c) {
+- fclose(f);
++ if (r < 0 && r != -ENOENT)
++ return r;
+
+ return 0;
+ }
+@@ -287,8 +254,13 @@ static int context_read_data(Context *c) {
static int locale_write_data(Context *c) {
int r, p;
char **l = NULL;
@@ -136,7 +135,7 @@ index 23da149..4db8bef 100644
if (r < 0 && r != -ENOENT)
return r;
-@@ -320,13 +288,13 @@ static int locale_write_data(Context *c) {
+@@ -320,13 +292,13 @@ static int locale_write_data(Context *c) {
if (strv_isempty(l)) {
strv_free(l);
@@ -152,7 +151,7 @@ index 23da149..4db8bef 100644
strv_free(l);
return r;
-@@ -447,57 +415,101 @@ static int vconsole_write_data(Context *c) {
+@@ -447,57 +419,101 @@ static int vconsole_write_data(Context *c) {
}
static int write_data_x11(Context *c) {
@@ -219,26 +218,28 @@ index 23da149..4db8bef 100644
+ strv_free(l);
+ return -ENOMEM;
+ }
-+
-+ u = strv_env_set(l, t);
-+ free(t);
-+ strv_free(l);
- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f,
&temp_path);
- if (r < 0)
- return r;
-+ if (!u)
-+ return -ENOMEM;
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
- fchmod(fileno(f), 0644);
-+ l = u;
-+ }
++ if (!u)
++ return -ENOMEM;
- fputs("# Read and parsed by systemd-localed. It's probably wise not
to edit this file\n"
- "# manually too freely.\n"
- "Section \"InputClass\"\n"
- " Identifier \"system-keyboard\"\n"
- " MatchIsKeyboard \"on\"\n", f);
++ l = u;
++ }
+
+- if (!isempty(c->x11_layout))
+- fprintf(f, " Option \"XkbLayout\" \"%s\"\n",
c->x11_layout);
+ if (isempty(c->x11_options)) {
+ l = strv_env_unset(l, "XKBOPTIONS");
+ } else {
@@ -247,24 +248,22 @@ index 23da149..4db8bef 100644
+ return -ENOMEM;
+ }
-- if (!isempty(c->x11_layout))
-- fprintf(f, " Option \"XkbLayout\" \"%s\"\n",
c->x11_layout);
+- if (!isempty(c->x11_model))
+- fprintf(f, " Option \"XkbModel\" \"%s\"\n",
c->x11_model);
+ u = strv_env_set(l, t);
+ free(t);
+ strv_free(l);
-- if (!isempty(c->x11_model))
-- fprintf(f, " Option \"XkbModel\" \"%s\"\n",
c->x11_model);
-+ if (!u)
-+ return -ENOMEM;
-
- if (!isempty(c->x11_variant))
- fprintf(f, " Option \"XkbVariant\" \"%s\"\n",
c->x11_variant);
-+ l = u;
-+ }
++ if (!u)
++ return -ENOMEM;
- if (!isempty(c->x11_options))
- fprintf(f, " Option \"XkbOptions\" \"%s\"\n",
c->x11_options);
++ l = u;
++ }
++
+ if (strv_isempty(l)) {
+ strv_free(l);
diff --git
a/debian/patches/core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
b/debian/patches/core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
new file mode 100644
index 0000000..b5c432b
--- /dev/null
+++
b/debian/patches/core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
@@ -0,0 +1,188 @@
+From: Lennart Poettering <lenn...@poettering.net>
+Date: Tue, 29 Nov 2016 22:50:21 +0100
+Subject: core: rework logic to determine when we decide to add automatic deps
+ for mounts
+
+This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider
+them managed by something else and do not add automatic ordering against
+umount.target, local-fs.target, remote-fs.target.
+
+Extrinsic mounts are considered:
+
+- All mounts if we are running in --user mode
+
+- API mounts such as everything below /proc, /sys, /dev, which exist from
+ earliest boot to latest shutdown.
+
+- All mounts marked as initrd mounts, if we run on the host
+
+- The initrd's private directory /run/initrams that should survive until last
+ reboot.
+
+This primarily merges a couple of different exclusion lists into a single
+concept.
+
+(cherry picked from commit ad2706db7cceba69203f3ac2b6ef65d7490c5f29)
+---
+ src/core/mount.c | 62 +++++++++++++++++++++++++++++++-------------------
+ src/shared/path-util.h | 25 ++++++++++++++++++++
+ 2 files changed, 64 insertions(+), 23 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index 102bbef91..44f79ba8a 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -350,19 +350,35 @@ static int mount_add_quota_links(Mount *m) {
+ return 0;
+ }
+
+-static bool should_umount(Mount *m) {
++static bool mount_is_extrinsic(Mount *m) {
+ MountParameters *p;
++ assert(m);
+
+- if (path_equal(m->where, "/") ||
+- path_equal(m->where, "/usr"))
+- return false;
++ /* Returns true for all units that are "magic" and should be excluded
from the usual start-up and shutdown
++ * dependencies. We call them "extrinsic" here, as they are generally
mounted outside of the systemd dependency
++ * logic. We shouldn't attempt to manage them ourselves but it's fine
if the user operates on them with us. */
++
++ if (UNIT(m)->manager->running_as != SYSTEMD_SYSTEM) /* We only
automatically manage mounts if we are in system mode */
++ return true;
+
++ if (PATH_IN_SET(m->where, /* Don't bother with the OS data itself */
++ "/",
++ "/usr"))
++ return true;
++
++ if (PATH_STARTSWITH_SET(m->where,
++ "/run/initramfs", /* This should stay
around from before we boot until after we shutdown */
++ "/proc", /* All of this is API
VFS */
++ "/sys", /* … dito … */
++ "/dev")) /* … dito … */
++ return true;
++
++ /* If this is an initrd mount, and we are not in the initrd, then
leave this around forever, too. */
+ p = get_mount_parameters(m);
+- if (p && mount_test_option(p->options, "x-initrd.mount") &&
+- !in_initrd())
+- return false;
++ if (p && mount_test_option(p->options, "x-initrd.mount") &&
!in_initrd())
++ return true;
+
+- return true;
++ return false;
+ }
+
+ static int mount_add_default_dependencies(Mount *m) {
+@@ -375,14 +391,17 @@ static int mount_add_default_dependencies(Mount *m) {
+ if (UNIT(m)->manager->running_as != SYSTEMD_SYSTEM)
+ return 0;
+
++ /* We do not add any default dependencies to /, /usr or
/run/initramfs/, since they are guaranteed to stay
++ * mounted the whole time, since our system is on it. Also, don't
bother with anything mounted below virtual
++ * file systems, it's also going to be virtual, and hence not worth
the effort. */
++ if (mount_is_extrinsic(m))
++ return 0;
++
+ p = get_mount_parameters(m);
+
+ if (!p)
+ return 0;
+
+- if (path_equal(m->where, "/"))
+- return 0;
+-
+ if (mount_is_network(p)) {
+ after = SPECIAL_REMOTE_FS_PRE_TARGET;
+ after2 = SPECIAL_NETWORK_TARGET;
+@@ -409,11 +428,9 @@ static int mount_add_default_dependencies(Mount *m) {
+ return r;
+ }
+
+- if (should_umount(m)) {
+- r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE,
UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
+- if (r < 0)
+- return r;
+- }
++ r = unit_add_two_dependencies_by_name(UNIT(m), UNIT_BEFORE,
UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
++ if (r < 0)
++ return r;
+
+ return 0;
+ }
+@@ -667,6 +684,7 @@ static void mount_dump(Unit *u, FILE *f, const char
*prefix) {
+ "%sOptions: %s\n"
+ "%sFrom /proc/self/mountinfo: %s\n"
+ "%sFrom fragment: %s\n"
++ "%sExtrinsic: %s\n"
+ "%sDirectoryMode: %04o\n",
+ prefix, mount_state_to_string(m->state),
+ prefix, mount_result_to_string(m->result),
+@@ -676,6 +694,7 @@ static void mount_dump(Unit *u, FILE *f, const char
*prefix) {
+ prefix, p ? strna(p->options) : "n/a",
+ prefix, yes_no(m->from_proc_self_mountinfo),
+ prefix, yes_no(m->from_fragment),
++ prefix, yes_no(mount_is_extrinsic(m)),
+ prefix, m->directory_mode);
+
+ if (m->control_pid > 0)
+@@ -1374,8 +1393,7 @@ static int mount_add_one(
+ goto fail;
+ }
+
+-
+- if (m->running_as == SYSTEMD_SYSTEM) {
++ if (!mount_is_extrinsic(MOUNT(u))) {
+ const char* target;
+
+ target = fstype_is_network(fstype) ?
SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
+@@ -1384,11 +1402,9 @@ static int mount_add_one(
+ if (r < 0)
+ goto fail;
+
+- if (should_umount(MOUNT(u))) {
+- r = unit_add_dependency_by_name(u,
UNIT_CONFLICTS, SPECIAL_UMOUNT_TARGET, NULL, true);
+- if (r < 0)
+- goto fail;
+- }
++ r = unit_add_dependency_by_name(u, UNIT_CONFLICTS,
SPECIAL_UMOUNT_TARGET, NULL, true);
++ if (r < 0)
++ goto fail;
+ }
+
+ unit_add_to_load_queue(u);
+diff --git a/src/shared/path-util.h b/src/shared/path-util.h
+index 54f00a8a8..6ac8eb9e2 100644
+--- a/src/shared/path-util.h
++++ b/src/shared/path-util.h
+@@ -70,3 +70,28 @@ int fsck_exists(const char *fstype);
+ /* Same as PATH_FOREACH_PREFIX but also includes the specified path itself */
+ #define PATH_FOREACH_PREFIX_MORE(prefix, path) \
+ for (char *_slash = ({ path_kill_slashes(strcpy(prefix, path)); if
(streq(prefix, "/")) prefix[0] = 0; strrchr(prefix, 0); }); _slash && !(*_slash
= 0); _slash = strrchr((prefix), '/'))
++
++/* Note: the search terminates on the first NULL item. */
++#define PATH_IN_SET(p, ...) \
++ ({ \
++ char **s; \
++ bool _found = false; \
++ STRV_FOREACH(s, STRV_MAKE(__VA_ARGS__)) \
++ if (path_equal(p, *s)) { \
++ _found = true; \
++ break; \
++ } \
++ _found; \
++ })
++
++#define PATH_STARTSWITH_SET(p, ...) \
++ ({ \
++ char **s; \
++ bool _found = false; \
++ STRV_FOREACH(s, STRV_MAKE(__VA_ARGS__)) \
++ if (path_startswith(p, *s)) { \
++ _found = true; \
++ break; \
++ } \
++ _found; \
++ })
diff --git
a/debian/patches/pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
b/debian/patches/pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
new file mode 100644
index 0000000..e0e0c8f
--- /dev/null
+++ b/debian/patches/pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
@@ -0,0 +1,45 @@
+From: Franck Bui <f...@suse.com>
+Date: Thu, 29 Sep 2016 19:44:34 +0200
+Subject: pid1: don't return any error in manager_dispatch_notify_fd() (#4240)
+
+If manager_dispatch_notify_fd() fails and returns an error then the handling of
+service notifications will be disabled entirely leading to a compromised
system.
+
+For example pid1 won't be able to receive the WATCHDOG messages anymore and
+will kill all services supposed to send such messages.
+
+Fixes: CVE-2016-7796
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839607
+
+(cherry picked from commit 9987750e7a4c62e0eb8473603150596ba7c3a015)
+---
+ src/core/manager.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index e6a0736..a8c40d4 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1493,14 +1493,14 @@ static int manager_dispatch_notify_fd(sd_event_source
*source, int fd, uint32_t
+ Unit *u;
+
+ n = recvmsg(m->notify_fd, &msghdr, MSG_DONTWAIT);
+- if (n <= 0) {
+- if (n == 0)
+- return -EIO;
+-
+- if (errno == EAGAIN || errno == EINTR)
+- break;
+-
+- return -errno;
++ if (n < 0) {
++ if (!IN_SET(errno, EAGAIN, EINTR))
++ log_error("Failed to receive notification
message: %m");
++ break;
++ }
++ if (n == 0) {
++ log_debug("Got zero-length notification message.
Ignoring.");
++ break;
+ }
+
+ if (msghdr.msg_controllen < CMSG_LEN(sizeof(struct ucred)) ||
diff --git
a/debian/patches/polkit-don-t-start-polkit-agent-when-running-as-root.patch
b/debian/patches/polkit-don-t-start-polkit-agent-when-running-as-root.patch
new file mode 100644
index 0000000..3046998
--- /dev/null
+++ b/debian/patches/polkit-don-t-start-polkit-agent-when-running-as-root.patch
@@ -0,0 +1,31 @@
+From: Martin Pitt <martin.p...@ubuntu.com>
+Date: Tue, 5 Apr 2016 10:30:45 +0200
+Subject: polkit: don't start polkit agent when running as root
+
+On the server side we already bypass the polkit checks if the caller is root
+(see the sd_bus_query_sender_privilege() call in bus_verify_polkit_async()). So
+there is no reason to invoke polkit when running
+systemctl/machinectl/loginctl/timedatectl as root.
+
+Fixes #2748
+
+(cherry picked from commit 89d034822075dfa8d18af8182019028cc428a1b5)
+---
+ src/shared/spawn-polkit-agent.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c
+index fccf1e9..829b275 100644
+--- a/src/shared/spawn-polkit-agent.c
++++ b/src/shared/spawn-polkit-agent.c
+@@ -44,6 +44,10 @@ int polkit_agent_open(void) {
+ if (agent_pid > 0)
+ return 0;
+
++ /* Clients that run as root don't need to activate/query polkit */
++ if (geteuid() == 0)
++ return 0;
++
+ /* We check STDIN here, not STDOUT, since this is about input,
+ * not output */
+ if (!isatty(STDIN_FILENO))
diff --git a/debian/patches/series b/debian/patches/series
index f8534a4..a883d86 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -165,6 +165,11 @@ man-update-links-to-kernel.org-cgroup-documentation.patch
console-getty.service-don-t-start-when-dev-console-is-mis.patch
units-explicitly-order-systemd-user-sessions.service-afte.patch
units-order-systemd-user-sessions.service-after-network.t.patch
+pid1-don-t-return-any-error-in-manager_dispatch_noti.patch
+polkit-don-t-start-polkit-agent-when-running-as-root.patch
+core-rework-logic-to-determine-when-we-decide-to-add-auto.patch
+systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
+systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
## Debian specific patches:
Add-back-support-for-Debian-specific-config-files.patch
diff --git
a/debian/patches/systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
b/debian/patches/systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
new file mode 100644
index 0000000..e9b2969
--- /dev/null
+++
b/debian/patches/systemctl-fix-argument-handling-when-invoked-as-shutdown.patch
@@ -0,0 +1,31 @@
+From: Jan Synacek <jsyna...@redhat.com>
+Date: Mon, 15 Dec 2014 10:39:00 +0100
+Subject: systemctl: fix argument handling when invoked as "shutdown"
+
+(cherry picked from commit 75836b9d2071aab978ee78d7d797126a18a32052)
+---
+ src/systemctl/systemctl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 942acbc..f4fbab5 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -6219,7 +6219,7 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
+ assert(argc >= 0);
+ assert(argv);
+
+- while ((c = getopt_long(argc, argv, "HPrhkt:afFc", options, NULL)) >=
0) {
++ while ((c = getopt_long(argc, argv, "HPrhkKt:afFc", options, NULL))
>= 0) {
+ switch (c) {
+
+ case ARG_HELP:
+@@ -6259,6 +6259,8 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
+
+ case 't':
+ case 'a':
++ case 'f':
++ case 'F':
+ /* Compatibility nops */
+ break;
+
diff --git
a/debian/patches/systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
b/debian/patches/systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
new file mode 100644
index 0000000..f3e85ea
--- /dev/null
+++
b/debian/patches/systemctl-when-reading-legacy-t-argument-for-shutdown-don.patch
@@ -0,0 +1,26 @@
+From: Lennart Poettering <lenn...@poettering.net>
+Date: Tue, 29 Sep 2015 22:40:05 +0200
+Subject: systemctl: when reading legacy -t argument for shutdown,
+ don't drop following parameter
+
+We currently completely ignore the following parameter, but we really
+should not, as that is actually the time to shut down on.
+
+(cherry picked from commit a4420f7b8ed73b05ef6f31622101e7804daef69f)
+---
+ src/systemctl/systemctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index f4fbab5..9adef05 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -6219,7 +6219,7 @@ static int shutdown_parse_argv(int argc, char *argv[]) {
+ assert(argc >= 0);
+ assert(argv);
+
+- while ((c = getopt_long(argc, argv, "HPrhkKt:afFc", options, NULL))
>= 0) {
++ while ((c = getopt_long(argc, argv, "HPrhkKtafFc", options, NULL)) >=
0) {
+ switch (c) {
+
+ case ARG_HELP:
--- End Message ---
