* systemd-fsckd: Fix ADT tests to work on s390x too.
systemd (235-3ubuntu1) bionic; urgency=medium
* Merge 235-3 from debian:
- Drop UBUNTU-CVE-2017-15908 included in Debian.
* Remaining delta from Debian:
- ship dhclient enter hook for dhclient integration with resolved
- ship resolvconf integration via stub-resolv.conf
- ship s390x virtio interface names migration
- do not disable systemd-resolved upon libnss-resolve removal
- do not remote fs in containers, for non-degrated boot
- CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
- Unlink invocation id key, upon chown failure in containers
- Change default to UseDomains by default
- Do not treat failure to set Nice= setting as error in containers
- Add a condition to systemd-journald-audit.socet to not start in
containers (fails)
- Build without any built-in/fallback DNS server setting
- Enable resolved by default
- Update autopkgtests for reliability/raciness, and testing for typical
defaults
- Always upgrade udev, when running adt tests
- Skip test-execute on armhf
- Cherry-pick a few testsuite fixes
* UBUNTU Do not use nested kvm during ADT tests.
systemd (235-3) unstable; urgency=medium
[ Michael Biebl ]
* Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
Package-Type is recognized as an official field name.
* Install modprobe configuration file to /lib/modprobe.d.
Otherwise it is not read by kmod. (Closes: #879191)
[ Felipe Sateler ]
* Backport upstream (partial) fix for combined DynamicUser= + User=
UID was not allowed to be different to GID, which is normally the case in
debian, due to the group users being allocated the GID 100 without an
equivalent UID 100 being allocated.
* Backport upstream patches to fully make DynamicUser=yes + static,
pre-existing User= work.
[ Martin Pitt ]
* Add missing python3-minimal dependency to systemd-tests
* Drop long-obsolete systemd-bus-proxy system user
systemd-bus-proxy hasn't been shipped since before stretch and never
created any files. Thus clean up the obsolete system user on upgrades.
(Closes: #878182)
* Drop static systemd-journal-gateway system user
systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
to create this statically any more. Don't remove the user on upgrades
though, as there is likely still be a running process. (Closes: #878183)
* Use DynamicUser= for systemd-journal-upload.service.
* Add Recommends: libnss-systemd to systemd-sysv.
This is useful to actually be able to resolve dynamically created system
users with DynamicUser=true. This concept is going to be used much more
in future versions and (hopefully) third-party .services, so pulling it
into the default installation seems prudent now.
* resolved: Fix loop on packets with pseudo dns types.
(CVE-2017-15908, Closes: #880026, LP: #1725351)
* bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
* Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
-- Dimitri John Ledkov <email address hidden> Tue, 21 Nov 2017 16:41:15 +0000
This bug was fixed in the package systemd - 235-3ubuntu2
---------------
systemd (235-3ubuntu2) bionic; urgency=medium
* systemd-fsckd: Fix ADT tests to work on s390x too.
systemd (235-3ubuntu1) bionic; urgency=medium
* Merge 235-3 from debian: CVE-2017- 15908 included in Debian.
- Drop UBUNTU-
* Remaining delta from Debian: journald- audit.socet to not start in raciness, and testing for typical
- ship dhclient enter hook for dhclient integration with resolved
- ship resolvconf integration via stub-resolv.conf
- ship s390x virtio interface names migration
- do not disable systemd-resolved upon libnss-resolve removal
- do not remote fs in containers, for non-degrated boot
- CVE-2017-15908 in resolved fix loop on packets with pseudo dns types
- Unlink invocation id key, upon chown failure in containers
- Change default to UseDomains by default
- Do not treat failure to set Nice= setting as error in containers
- Add a condition to systemd-
containers (fails)
- Build without any built-in/fallback DNS server setting
- Enable resolved by default
- Update autopkgtests for reliability/
defaults
- Always upgrade udev, when running adt tests
- Skip test-execute on armhf
- Cherry-pick a few testsuite fixes
* UBUNTU Do not use nested kvm during ADT tests.
systemd (235-3) unstable; urgency=medium
[ Michael Biebl ]
* Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
Package-Type is recognized as an official field name.
* Install modprobe configuration file to /lib/modprobe.d.
Otherwise it is not read by kmod. (Closes: #879191)
[ Felipe Sateler ]
* Backport upstream (partial) fix for combined DynamicUser= + User=
UID was not allowed to be different to GID, which is normally the case in
debian, due to the group users being allocated the GID 100 without an
equivalent UID 100 being allocated.
* Backport upstream patches to fully make DynamicUser=yes + static,
pre-existing User= work.
[ Martin Pitt ] bus-proxy hasn't been shipped since before stretch and never journal- gateway system user journal- gatewayd. service now uses DynamicUser=, so we don't need journal- upload. service. 2017-15908, Closes: #880026, LP: #1725351) Execution= bypass with pkey_mprotect() (LP: #1725348)
* Add missing python3-minimal dependency to systemd-tests
* Drop long-obsolete systemd-bus-proxy system user
systemd-
created any files. Thus clean up the obsolete system user on upgrades.
(Closes: #878182)
* Drop static systemd-
systemd-
to create this statically any more. Don't remove the user on upgrades
though, as there is likely still be a running process. (Closes: #878183)
* Use DynamicUser= for systemd-
* Add Recommends: libnss-systemd to systemd-sysv.
This is useful to actually be able to resolve dynamically created system
users with DynamicUser=true. This concept is going to be used much more
in future versions and (hopefully) third-party .services, so pulling it
into the default installation seems prudent now.
* resolved: Fix loop on packets with pseudo dns types.
(CVE-
* bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
* Fix MemoryDenyWrite
-- Dimitri John Ledkov <email address hidden> Tue, 21 Nov 2017 16:41:15 +0000