Dan Streetman authored Jan 29, 2019 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.12) bionic; urgency=medium

  * d/p/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch
    getaddrinfo() failures when fallback to dns tcp queries, so enable
    edns0 in resolv.conf (LP: #1811471)

  [ Victor Tapia ]
  * d/p/resolved-Increase-size-of-TCP-stub-replies.patch
    dns failures with edns0 disabled and truncated response (LP: #1804487)

Chris Coulson authored Jan 09, 2019 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.11) bionic-security; urgency=medium

  * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
    - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec
      entry for process commandline on the stack
    - CVE-2018-16864
  * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca
    - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the
      number of fields (1k)
    - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the
      number of fields in a message
    - CVE-2018-16865
  * SECURITY UPDATE: out-of-bounds read in journald
    - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier()
    - CVE-2018-16866

  * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation
    - add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch
    - update debian/patches/series
  * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts
    - add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch
    - update debian/patches/series

Dimitri John Ledkov authored Nov 19, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.10) bionic; urgency=medium

  * debian/extra/start-udev: ignore failure to set sync parameter.
    On old kernels (e.g. v4.4) the file is available but appears to be
    non-writable. Hide error messages and ignore failure to write out sync into the
    parameters file. This does not regress https://pad.lv/1779815 since older
    kernel did synchronous scan anyway. But it does resolve failure to start the
    installer on old kernels. (LP: #1784454)
    File: debian/extra/start-udev
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=98862745cf9cbbb74ea6b30ecd29e45a17feff95

  * Add conflicts with upstart and systemd-shim. (LP: #1773859)
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5ca89133e790fd0942e0ad81fa0c6998032d8882

  * units: Disable journald Watchdog (LP: #1773148)
    File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=779d89090e81ec832417146f4a858626febfb595

  * cryptsetup: add support for sector-size= option (LP: #1776626)
    File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2de081e8901f1780c3c1ffe586e40d2d8e8df1ed

  * Re-add support for /etc/writable for core18. (LP: #1778936)
    Author: Michael Vogt
    File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b2c03bbc5ae7d3e9bf3c9dde9aa6c247c3f6573b

  * systemctl: correctly proceed to immediate shutdown if scheduling fails
    (LP: #1670291)
    File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e69ab6c34b9bb7cd1b42a6ad7d24d7ce0ca103f5

  * core: export environment when running generators.
    Ensure that manager's environment (including e.g. PATH) is exported when
    running generators. Otherwise, one is at a mercy of running without PATH which
    can lead to buggy generator behaviour. (LP: #1771858)
    Files:
    - debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
    - debian/patches/core-execute-generators-with-manager-s-environmnet.patch
    - debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=76b0ec80fdff83b8a14596fe001e2e9fccd83bf2

  * networkd: add support to set IPv6MTUBytes (LP: #1671951)
    File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b700a36f3d272e740460619ad7a5f489dadd010f

  * Specify Ubuntu's Vcs-Git
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a69e9713d513fb1cdf547e1cc7f21d283cdd9a74

Chris Coulson authored Nov 15, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.9) bionic-security; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to
      resolve this completely
    - CVE-2018-6954

  [ Balint Reczey ]
  * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown
    - update debian/systemd.postinst

Dimitri John Ledkov authored Nov 15, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.8) bionic; urgency=medium

  * debian/extra/start-udev: ignore failure to set sync parameter.
    On old kernels (e.g. v4.4) the file is available but appears to be
    non-writable. Hide error messages and ignore failure to write out sync into the
    parameters file. This does not regress https://pad.lv/1779815 since older
    kernel did synchronous scan anyway. But it does resolve failure to start the
    installer on old kernels. (LP: #1784454)
    File: debian/extra/start-udev
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62edd5c6e963dbf1df4f4bb7556a6d3477559083

  * Add conflicts with upstart and systemd-shim. (LP: #1773859)
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=33385a01dbe44765dc24eead52d677147b2b06c9

  * units: Disable journald Watchdog (LP: #1773148)
    File: debian/patches/debian/UBUNTU-units-disable-journald-watchdog.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=622407bc2aa723a3bdf10e1de946d0d6e88fbeb6

  * cryptsetup: add support for sector-size= option (LP: #1776626)
    File: debian/patches/cryptsetup-add-support-for-sector-size-option-8881.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=89899133e977eb34dac4c3e9f83c59853eda66ab

  * Re-add support for /etc/writable for core18. (LP: #1778936)
    Author: Michael Vogt
    File: debian/patches/debian/UBUNTU-Support-system-image-read-only-etc.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fdc87994ab8f7036d07c8c208ad1fbac32cbd639

  * systemctl: correctly proceed to immediate shutdown if scheduling fails
    (LP: #1670291)
    File: debian/patches/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cdd3a0bb5f568a2500dbdff4bfcf97e3ba996fe3

  * core: export environment when running generators.
    Ensure that manager's environment (including e.g. PATH) is exported when
    running generators. Otherwise, one is at a mercy of running without PATH which
    can lead to buggy generator behaviour. (LP: #1771858)
    Files:
    - debian/patches/core-execute-environment_generators-with-manager-s-enviro.patch
    - debian/patches/core-execute-generators-with-manager-s-environmnet.patch
    - debian/patches/exec-util-in-execute_directories-support-initial-exec-env.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=d494ef816ca950c9a7c2bfb07620b3df8e46ed35

  * networkd: add support to set IPv6MTUBytes (LP: #1671951)
    File: debian/patches/networkd-add-support-to-configure-IPv6-MTU-8664.patch
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f4a308ea8f3f9187c97f81868a0408f9cefc96a7

  * Specify Ubuntu's Vcs-Git
    File: debian/control
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b739661356fe0e47223ae28c79b4b7f7740bea3a

systemd (237-3ubuntu10.7) bionic-security; urgency=medium

  * debian/systemd.postinst: Skip daemon-reexec and try-restarts during shutdown
    (LP: #1803391)
    Author: Balint Reczey
    File: debian/systemd.postinst
    https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=18eea38c62e73158d2160e319de31e054a58b8df

Chris Coulson authored Nov 06, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.6) bionic-security; urgency=medium

  * SECURITY UPDATE: reexec state injection
    - debian/patches/CVE-2018-15686.patch: when deserializing state always use
      read_line(…, LONG_LINE_MAX, …) rather than fgets()
    - CVE-2018-15686
  * SECURITY UPDATE: chown_one() can dereference symlinks
    - debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH
    - CVE-2018-15687
  * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles
    - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing
      recursively through directory trees
    - CVE-2018-6954

Marc Deslauriers authored Oct 31, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.4) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in dhcp6 client
    - debian/patches/CVE-2018-15688.patch:  make sure we have enough space
      for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c.
    - CVE-2018-15688

Adam Conrad authored Jul 20, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.3) bionic; urgency=medium

  * debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin
    to the kernel (we previously only set it in modprobe.d) LP: #1779815

Dimitri John Ledkov 🌈 authored Jun 22, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.2) bionic; urgency=medium

  * logind: backport v238/v239 fixes for handling DRM devices.
    These changes introduce all the fixes that correct handling of open fd's
    related to the DRM devices, as used by for example NVIDIA GPUs. This backport
    includes some refactoring, corrections, and comment updates. This to insure
    that correct history is preserved, code comments match reality, and to ease
    backporting logind fixes in the future SRUs. (LP: #1777099)
  * Disable dh_installinit generation of tmpfiles for the systemd package.
    Replace with a manual safe call to systemd-tmpfiles which will process any
    updates to the tmpfiles shipped by systemd package, taking into account any
    overrides shipped by other packages, sysadmin, or specified in the runtime
    directories. (LP: #1748147)

Dimitri John Ledkov authored May 21, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10.1) bionic; urgency=medium

  [ Dimitri John Ledkov ]
  * hwdb: Fix wlan/rfkill keycode on Dell systems. (LP: #1762385)
  * Cherrypick upstream fix for corrected detection of Virtualbox & Xen.
    (LP: #1768104)
  * Further improve captive portal workarounds.
    Retry any NXDOMAIN results with lower feature levels, instead of just those
    with 'secure' in the domain name. (LP: #1766969)

  [ Michael Biebl ]
  * Add dependencies of libsystemd-shared to Pre-Depends.
    This is necessary so systemctl is functional at all times during a
    dist-upgrade. (Closes: #897986) (LP: #1771791)

  [ Mario Limonciello ]
  * Fix hibernate disk offsets.
    Configure resume offset via sysfs, to enable resume from a swapfile.
    (LP: #1760106)

Balint Reczey authored Apr 20, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu10) bionic; urgency=medium

  * Create tmpfiles for persistent journal in postinst only when running
    systemd (LP: #1748659)

Dimitri John Ledkov authored Apr 20, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu9) bionic; urgency=medium

  * networkd: if RA was implicit, do not await ndisc_configured.
    If RA was iplicit, meaning not otherwise requested, and a kernel default was in
    use. Do not prevent link entering configured state, whilst ndisc configuration
    is pending. Implicit kernel RA, is expected to be asynchronous and
    non-blocking. (LP: #1765173)
  * udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i.
    This ensures that all scans are completed, before installer reaches
    partitioning stage. (LP: #1751813)

Dimitri John Ledkov authored Apr 12, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu8) bionic; urgency=medium

  * Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001).
    (LP: #1727237)
  * resolved: Listen on both TCP and UDP by default. (LP: #1731522)
  * Recommend networkd-dispatcher (LP: #1762386)
  * Refresh patches

Mario Limonciello authored Apr 02, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu7) bionic; urgency=medium

  * Introduce suspend then hibernate (LP: #1756006)

Dimitri John Ledkov authored Mar 27, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu6) bionic; urgency=medium

  * Adjust the new dropin test, for v237 systemd.
  * Refresh the keyring patch, to the one merged.

Dimitri John Ledkov authored Mar 26, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu5) bionic; urgency=medium

  * Drop old keyring/invocation_id patch, which made keyring setup be skipped in containers.
  * Use new patch, which sets up session keyring without relying on chown operation.
  * Drop systemd.prerm safety check.
    On Ubuntu, systemd is the only choice, and is essential, via init ->
    systemd-sysv -> systemd dependency chain, thus removing systemd is already
    quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438)
  * Detect Masked unit with drop-ins. (LP: #1752722)
  * wait-online: do not wait, if no links are managed (neither configured, or failed).
    (LP: #1728181)
  * journald.service: set Nice=-1 to dodge watchdog on soft lockups.
    (LP: #1696970)
  * Refresh all patches.

Dimitri John Ledkov authored Mar 05, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu4) bionic; urgency=medium

  * systemd-sysv-install: fix name initialisation.
    Only initialise NAME, after --root optional argument has been parsed, otherwise
    NAME is initialized to e.g. `enable', instead of to the `unit-name`, resulting
    in failures. (LP: #1752882)

Dimitri John Ledkov authored Feb 20, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu3) bionic; urgency=medium

  * tests/control: drop qemu-system-ppc.
    Whilst some tests pass, many regress / fail to boot. This is not a regression,
    as qemu-based tests were not run previously.

Dimitri John Ledkov authored Feb 20, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu2) bionic; urgency=medium

  * tests/boot-smoke: ignore udevd connection timeouts resolving colord group.
  * tests/systemd-fsckd: ignore systemd_fsck_with_plymouth_failure.
  * tests/control: ensure boot-smoke uses latest systemd & udev.
  * test/test-functions: on PPC64 use hvc0 console.

Dimitri John Ledkov authored Feb 19, 2018 and Simon McVittie committed Feb 27, 2019

systemd (237-3ubuntu1) bionic; urgency=medium

  [ Gunnar Hjalmarsson ]
  * Fix PO template creation.
    Cherry-pick upstream patches to build a correct systemd.pot including
    the polkit policy files even without policykit-1 being installed.
    (LP: #1707898)

  [ Dimitri John Ledkov ]
  * Blacklist TEST-16-EXTEND-TIMEOUT
  * test/test-functions: use vmlinux for ppc64 tests.

Always initialize `$ROOT`, to avoid the script getting confused by an
existing outside env variable. Also fix the `--root` option to actually
work, the previous approach was conceptually broken due to how shell
quoting works.

Make the work with `set -u`.

Closes: #890436

Use the existing upstream build system instead of a manual call to
`intltool-update` and `xgettext` to build systemd.pot. Remove the now
obsolete intltool build dependency, but still explicitly keep gettext.

Closes: #890423

- State the gettext package domain "systemd" explicitly, as with the
  move to meson it ended up as "untitled.pot"
- Call xgettext to extract strings from polkit *.policy.in files, which
  intltool-update ignores.

LP: #1707898

Also fail the test if calling journalctl fails, and avoid calling it
twice. See https://github.com/systemd/systemd/pull/8032

Let's read the PID file after all if there's a potentially unsafe
symlink chain in place. But if we do, then refuse taking the PID if its
outside of the cgroup.

Closes: #889144

Up-to-date udev rules for U2F devices are shipped in libu2f-udev
nowadays.

Closes: #889665

Update to upstream version '237'
with Debian dir 43ba4b4a8c6efb608fe3849a61612573b64553a5

This is used by hwdb/parse_hwdb.py to perform additional validation on
hwdb files.