- 08 May, 2019 1 commit
-
-
Héctor Orón Martínez authored
Merge 215 17+steamosb1+deb8u13 See merge request !5
-
- 30 Apr, 2019 3 commits
-
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
systemd (215-17+deb8u13) jessie-security; urgency=medium * Regression fixes for CVE-2017-18078 in src/tmpfiles/tmpfiles.c: - Add missing pair of curly braces. - Return negative error code. systemd (215-17+deb8u12) jessie-security; urgency=medium * Non-maintainer upload by the LTS team. * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv().
-
- 21 Mar, 2019 1 commit
-
-
Héctor Orón Martínez authored
Merge 215 17+deb8u11 See merge request !4
-
- 19 Mar, 2019 3 commits
-
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
Andrew Lee (李健秋) authored
-
Markus Koschany authored
systemd (215-17+deb8u11) jessie-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2019-3815: A memory leak was discovered in the backport of fixes for CVE-2018-16864. Function dispatch_message_real() in journald-server.c does not free allocated memory to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. (Closes: #924060)
-
- 26 Feb, 2019 4 commits
-
-
Héctor Orón Martínez authored
Merge 215 17+deb8u10 See merge request !3
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
systemd (215-17+deb8u10) jessie-security; urgency=medium * Non-maintainer upload by the LTS Team. * CVE-2019-6454: DBus messages with a crafted (long) path can crash PID1.
-
- 31 Jan, 2019 4 commits
-
-
Héctor Orón Martínez authored
Merge 215 17+deb8u9 See merge request !2
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
systemd (215-17+deb8u9) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * CVE-2018-16865: fix memory allocation overflow which could result in crash or code execution in journald's socket (Closes: #918848). * CVE-2018-16864: fix memory allocation overflow which could result in crash or code execution on journald's commandline (Closes: #918841)
-
- 21 Dec, 2018 1 commit
-
-
Héctor Orón Martínez authored
Merge 215 17+deb8u8 See merge request !1
-
- 18 Dec, 2018 3 commits
-
-
Andrew Lee authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
Andrew Lee (李健秋) authored
Signed-off-by:
Andrew Lee (李健秋) <andrew.lee@collabora.co.uk>
-
Antoine Beaupré authored
systemd (215-17+deb8u8) jessie-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * CVE-2018-1049: fix race condition between .mount and .automount unitspossibly leading to Denial of Service * CVE-2018-15686: fix improper serialization on upgrade which can influence systemd execution environment and lead to root privilege escalation (Closes: #912005) * CVE-2018-15688: fix buffer overflow vulnerability in the dhcp6 client of systemd, which allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd, leading to denial of service or potential code execution. (Closes: #912008)
-
- 29 Jun, 2018 4 commits
-
-
Simon McVittie authored
Tested-by: smcv Reviewed-by: zumbi
-
Simon McVittie authored
-
Simon McVittie authored
mtd_probe.h-Include-stdint.h-for-uint32_t.patch: Add missing <stdint.h> for uint32_t to fix FTBFS on amd64
-
Simon McVittie authored
* Merge from Debian jessie, remaining changes: + d/p/sound-no-uaccess.patch - SteamOS uses a system-wide PulseAudio instance, which should be the only thing with access to the sound devices. As such, disable uaccess for sound devices. + d/p/pulse-owns-audio.patch - Change the sound device group from the default audio to pulse so that only the system-wide pulse daemon can access those devices. + streamcontroller-support.patch - Allow access by the steam group to uinput devices, as used for Steam Controller support
-
- 20 Apr, 2018 3 commits
-
-
Simon McVittie authored
-
Simon McVittie authored
-
systemd (215-17+steamos1) brewmaster; urgency=medium * Merge SteamOS patches + sound-no-uaccess.patch - SteamOS uses a system wide pulseaudio instance, which should be the only daemon with access to the sound devices. As such disable uaccess for sound devices + pulse-owns-audio.patch - Change the sound device group from the default audio to pulse such that only the system-wide pulse daemon can access those devices + streamcontroller-support.patch - Allow access to the stream group for uinput device as used for stream controller support
-
- 02 Apr, 2017 5 commits
-
-
Michael Biebl authored
-
Michael Biebl authored
Otherwise we'll hit an assert sooner or later. Closes: #856035
-
Michael Biebl authored
This can happen when the configuration is changed and reloaded while we are executing a service. Let's not hit an assert in this case. Closes: #856985
-
Michael Biebl authored
The update-rc.d utility does not provide is-enabled, so implement it ourselves in systemctl using the same logic as systemd-sysv-install from Stretch. Closes: #809405
-
Michael Biebl authored
This fixes the problem that on big endian architectures, like mips or powerpc, boolean properties that were retrieved via sd-bus were always set to 0 (no). Closes: #774430
-
- 21 Dec, 2016 5 commits
-
-
Michael Biebl authored
-
Michael Biebl authored
-
Michael Biebl authored
Closes: #776997
-
Michael Biebl authored
Run ifup after all kernel modules have been loaded and all sysctl settings are applied. Update ifup@.service to add missing After= for the device unit we bind to. This ensures that the device unit is active when systemd tries to start the service. Closes: #819314
-
Michael Biebl authored
This adds a concept of "extrinsic" mounts. If mounts are extrinsic we consider them managed by something else and do not add automatic ordering against umount.target, local-fs.target, remote-fs.target. Extrinsic mounts include API mounts such as everything below /proc, /sys, /dev. This avoids a crash in LXC containers where /dev/urandom is a bind mount from the host system and unmounting it leads to an assert in systemd. Closes: #818978
-
- 02 Dec, 2016 3 commits
-
-
Martin Pitt authored
Patch cherry-picked from upstream master. LP: #1565617 Closes: #774153
-
Simon McVittie authored
The debian-specific patch to read Debian config files was not tolerating the absence of /etc/default/keyboard. This causes systemd-localed to fail to start on systems where that file isn't populated (like embedded systems without keyboards). Closes: #833849
-
Michael Biebl authored
If manager_dispatch_notify_fd() fails and returns an error then the handling of service notifications will be disabled entirely leading to a compromised system. For example pid1 won't be able to receive the WATCHDOG messages anymore and will kill all services supposed to send such messages. Fixes: CVE-2016-7796 Closes: #839607
-