dgit.raspbian.org Git - systemd.git/log

Revert "core: enable TasksMax= for all services by default, and set it to 512"

This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.

Introducing a default limit on number of threads broke a lot of software which
regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
indefinite number of subtasks that are not in a scope, like LXC or cron.

15% is way too much for most "simple" services, and it's too little for others
such as the ones mentioned above. There is also no particular rationale about
any particular global limit, so even if we'd bump it higher we'd just make the
limit even less useful while still breaking software.

It is both much safer and also much more effective in terms of guarding against
berserk programs/bugs/unintended fork bombs etc. to set limits in units
individually. Once someone looks at one, this is then a great time to also flip
on the other resource and privilege limitations that systemd offers.

Bug: https://github.com/systemd/systemd/issues/3211
Bug-Debian: https://bugs.debian.org/823530
Bug-Ubuntu: https://launchpad.net/bugs/1578080

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-core-enable-TasksMax-for-all-services-by-default-a.patch

Revert "core: set RLIMIT_CORE to unlimited by default"

Partially revert commit 15a900327ab as this completely breaks core dumps
without systemd-coredump. It's also contradicting core(8), and it's not
systemd's place to redefine the kernel definitions of core files.

Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
*file*, but the kernel deliberately ignores it for piping), so set a static
2^63 core size limit for systemd-coredump to go back to the previous behaviour
(otherwise the change above would break systemd-coredump).

Bug-Debian: https://bugs.debian.org/815020

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch

Revert "core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it"

This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.

Bug-Debian: https://bugs.debian.org/784720
Bug-Ubuntu: https://launchpad.net/bugs/1448259
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-core-one-step-back-again-for-nspawn-we-actual.patch

Skip filesystem check if already done by the initramfs

Newer versions of initramfs-tools already fsck and mount / and /usr in
the initramfs. Skip the filesystem check in this case.

Based on a previous patch by Michael Biebl <biebl@debian.org>.

Closes: #782522
Closes: #810748
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-filesystem-check-if-already-done-by-the-initram.patch

fsckd daemon for inter-fsckd communication

Global logic:
Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
progress report. systemd-fsckd then computes and writes to /dev/console the
number of devices currently being checked and the minimum fsck progress.

Plymouth and user interaction:
Forward the progress to plymouth and support canellation of in progress fsck.
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.

Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
  checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
  displaying the information above. It can be overridden by plymouth themes
  supporting i18n.

Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.

Send a message to signal to user what key we are grabbing for fsck cancel.

Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.

Misc:
systemd-fsckd stops on idle when no fsck is connected.
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part. Adapt existing fsck man page.

Note that fsckd had lived in the upstream tree for a while, but was removed.
More information at
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
-

Gbp-Pq: Topic debian
Gbp-Pq: Name fsckd-daemon-for-inter-fsckd-communication.patch

Only start logind if dbus is installed

logind fails to start in environments without dbus, such as LXC containers or
servers. Add a startup condition to avoid the very noisy startup failure.

Part of #772700

Gbp-Pq: Topic debian
Gbp-Pq: Name Only-start-logind-if-dbus-is-installed.patch

Don't enable audit by default

It causes flooding of dmesg and syslog, suppressing actually important
messages.

Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html

Bug-Debian: https://bugs.debian.org/773528

Gbp-Pq: Topic debian
Gbp-Pq: Name Don-t-enable-audit-by-default.patch

Re-enable journal forwarding to syslog

Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See

http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html

for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.

Gbp-Pq: Topic debian
Gbp-Pq: Name Re-enable-journal-forwarding-to-syslog.patch

Add support for TuxOnIce hibernation

systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.

Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html

Gbp-Pq: Topic debian
Gbp-Pq: Name Add-support-for-TuxOnIce-hibernation.patch

Revert "udev: network device renaming - immediately give up if the target name isn't available"

This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.

We need to keep supporting systems with 75-persistent-net-generator.rules
generated names for a while after switching to net.ifnames. Re-apply this old
hack to make the renaming less likely to fail.

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-udev-network-device-renaming-immediately-give.patch

Make /run/lock tmpfs an API fs

The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.

Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.

Closes: #751392
Gbp-Pq: Topic debian
Gbp-Pq: Name Make-run-lock-tmpfs-an-API-fs.patch

Bring tmpfiles.d/tmp.conf in line with Debian defaults

Closes: #675422
Gbp-Pq: Topic debian
Gbp-Pq: Name Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch

Use Debian specific config files

Use /etc/default/locale instead of /etc/locale.conf for locale settings.

Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.

Read/write /etc/timezone if /etc/localtime does not exist.

Gbp-Pq: Topic debian
Gbp-Pq: Name Use-Debian-specific-config-files.patch

meson: stop setting -fPIE globally

Setting -fPIE globally can lead to miscompilations on certain
architectures.
This is caused by both -fPIE and -fPIC options being added to various
compilation commands. Only -fPIC is being recorded in the LTO options
section of the object. The gcc-8 LTO plugin merges -fPIC + -fPIE to
nothing. So, the compilations done by the plugin are not
position-independent and fail to link with -pie.

The simplest solution is to stop setting -fPIE globally and instead
using meson's b_pie=true option. This requires meson 0.49 or later.

Since we don't set this option in meson.build but leave it up to the
distro maintainer to set this option, do not bump the meson version
requirement.

Fixes: #10548
(cherry picked from commit 4e4bbc439eb7f16a608f457d3eaac08c60633212)

Gbp-Pq: Name meson-stop-setting-fPIE-globally.patch

sd-device-monitor: fix ordering of setting buffer size

By b1c097af8df58a94cba031a347061b7cb9b62d9b (#10239), the receive buffer
size for uevents was set by SO_RCVBUF at first, and fallback to
use SO_RCVBUFFORCE. So, as SO_RCVBUF limits to the buffer size
net.core.rmem_max, which is usually much smaller than 128MB udevd requests,
uevents buffer size was not sufficient.

This fixes the ordering of the request: SO_RCVBUFFORCE first, and
fallback to SO_RCVBUF. Then, udevd's uevent buffer size can be set to
128MB.

This also revert 903893237a2105b05671fe87b8f5d5e7417040d2.

Fixes #11314 and #10754.

(cherry picked from commit ee0b9e721a368742ac6fa9c3d9a33e45dc3203a2)

Gbp-Pq: Name sd-device-monitor-fix-ordering-of-setting-buffer-size.patch

man: update color of journal logs in DEBUG level

Fixes #11303.

(cherry picked from commit 8a6d06cbaa794b1546d01a15dc5cdfde9f836101)

Gbp-Pq: Name man-update-color-of-journal-logs-in-DEBUG-level.patch

network: set *_configured flags to false before requesting addresses or freinds

Fixes #11272.

(cherry picked from commit 2428613f854f46b6624199c2dc58d02617320133)

Gbp-Pq: Name network-set-_configured-flags-to-false-before-requesting-.patch

network: rename link_set_routing_policy_rule() to link_request_set_routing_policy_rule()

For consistency to other functions.

(cherry picked from commit 47079967e64727dd9271d2b033b5aa485209a7f7)

Gbp-Pq: Name network-rename-link_set_routing_policy_rule-to-link_reque.patch

network: do not ignore errors on link_request_set_neighbors() and link_set_routing_policy()

(cherry picked from commit f3ef324dfa72ee1d0e113dbb234c643d8f0286f0)

Gbp-Pq: Name network-do-not-ignore-errors-on-link_request_set_neighbor.patch

udevadm: refuse to run trigger, control, settle and monitor commands in chroot

Closes #11333.

(cherry picked from commit c494b739a47359ab2697482f52545e2a6d1c86ad)

Gbp-Pq: Name udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch

Revert "logind: become the controlling terminal process before restoring VT"

This reverts commit ad96887a1205bad9656d280c5681f482e6d04838.

Commit adb8688 alone should be enough to fix issue #9754.

Fixes #11269

(cherry picked from commit c0f34168d4c5691fccb62e81d6d49dd2f730a17b)
(cherry picked from commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff)

Gbp-Pq: Name Revert-logind-become-the-controlling-terminal-process-bef.patch

udev: open control and netlink sockets before daemonization

c4b69e990f962128cc6975e36e91e9ad838fa2c4 effectively moved the initalization of socket.
Before that commit:
run → listen_fds → udev_ctrl_new → udev_ctrl_new_from_fd → socket()
After:
run → main_loop → manager_new → udev_ctrl_new_from_fd → socket()

The problem is that main_loop was called after daemonization. Move manager_new
out of main_loop and before daemonization.

Fixes #11314 (hopefully ;)).

v2: Yu Watanabe
sd_event is initialized in main_loop().

(cherry picked from commit b5af8c8cdf5fc7cc5d4108460270728375eb7fc4)
(cherry picked from commit 6b59b44b87568fe5f8362018f47d440b1e6681dd)

Gbp-Pq: Name udev-open-control-and-netlink-sockets-before-daemonizatio.patch

udevd: drop redundant call to sd_event_get_exit_code

sd_event_loop returns the same thing anyway.

(cherry picked from commit 44dcf454b604628bf451194482c97ce981596ce5)
(cherry picked from commit 1f6562d559bd11612b3f59b20fae4ed34d688dff)

Gbp-Pq: Name udevd-drop-redundant-call-to-sd_event_get_exit_code.patch

logind: do not pass negative number to strerror

(cherry picked from commit 65641b3cdc12923320879bac6f071eb45a70e79c)
(cherry picked from commit 8f8f3191d33ca8583fe62a9e6268e2a914a7b2c0)

Gbp-Pq: Name logind-do-not-pass-negative-number-to-strerror.patch

journal-remote: set a limit on the number of fields in a message

Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
reused for the new error condition (too many fields).

This matches the change done for systemd-journald, hence forming the second
part of the fix for CVE-2018-16865
(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).

(cherry picked from commit ef4d6abe7c7fab6cbff975b32e76b09feee56074)
(cherry picked from commit 1c9232336460d0f004156964df1478e4d3ddac97)

Gbp-Pq: Name journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch

journal-remote: verify entry length from header

Calling mhd_respond(), which ulimately calls MHD_queue_response() is
ineffective at point, becuase MHD_queue_response() immediately returns
MHD_NO signifying an error, because the connection is in state
MHD_CONNECTION_CONTINUE_SENT.

As Christian Grothoff kindly explained:
> You are likely calling MHD_queue_repsonse() too late: once you are
> receiving upload_data, HTTP forces you to process it all. At this time,
> MHD has already sent "100 continue" and cannot take it back (hence you
> get MHD_NO!).
>
> In your request handler, the first time when you are called for a
> connection (and when hence *upload_data_size == 0 and upload_data ==
> NULL) you must check the content-length header and react (with
> MHD_queue_response) based on this (to prevent MHD from automatically
> generating 100 continue).

If we ever encounter this kind of error, print a warning and immediately
abort the connection. (The alternative would be to keep reading the data,
but ignore it, and return an error after we get to the end of data.
That is possible, but of course puts additional load on both the
sender and reciever, and doesn't seem important enough just to return
a good error message.)

Note that sending of the error does not work (the connection is always aborted
when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case)
with libµhttpd 0.59, but works with 0.61:
https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1

(cherry picked from commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd)
(cherry picked from commit c6d56141fad673a42b6b4eb186d2d217becca71c)

Gbp-Pq: Name journal-remote-verify-entry-length-from-header.patch

µhttpd: use a cleanup function to call MHD_destroy_response

(cherry picked from commit d101fb24eb1c58c97f2adce1f69f4b61a788933a)
(cherry picked from commit 03bf8a389ea1e9822a1b66f14b699661e88e0cb3)

Gbp-Pq: Name httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch

journald: lower the maximum entry size limit to ½ for non-sealed fds

We immediately read the whole contents into memory, making thigs much more
expensive. Sealed fds should be used instead since they are more efficient
on our side.

(cherry picked from commit 6670c9de196c8e2d5e84a8890cbb68f70c4db6e3)
(cherry picked from commit f0ad5fe17fc6cee1f04f8f93899538ea2e96256c)

Gbp-Pq: Name journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch

journald: when processing a native message, bail more quickly on overbig messages

We'd first parse all or most of the message, and only then consider if it
is not too large. Also, when encountering a single field over the limit,
we'd still process the preceding part of the message. Let's be stricter,
and check size limits early, and let's refuse the whole message if it fails
any of the size limits.

(cherry picked from commit 964ef920ea6735d39f856b05fd8ef451a09a6a1d)
(cherry picked from commit c13facb835046af8ab8ebad2ec63d9e8c0909f26)

Gbp-Pq: Name journald-when-processing-a-native-message-bail-more-quick.patch

journald: set a limit on the number of fields (1k)

We allocate a iovec entry for each field, so with many short entries,
our memory usage and processing time can be large, even with a relatively
small message size. Let's refuse overly long entries.

CVE-2018-16865
https://bugzilla.redhat.com/show_bug.cgi?id=1653861

What from I can see, the problem is not from an alloca, despite what the CVE
description says, but from the attack multiplication that comes from creating
many very small iovecs: (void* + size_t) for each three bytes of input message.

(cherry picked from commit 052c57f132f04a3cf4148f87561618da1a6908b4)
(cherry picked from commit eaf1d6e1e6ec5023ffdc2801e2b671226e862774)

Gbp-Pq: Name journald-set-a-limit-on-the-number-of-fields-1k.patch

coredump: fix message when we fail to save a journald coredump

If creation of the message failed, we'd write a bogus entry:
systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
systemd-coredump[1400]: Coredump diverted to

(cherry picked from commit f0136e09221364f931c3a3b715da4e4d3ee9f2ac)
(cherry picked from commit 3f11736ae9f336ddbc34ad395c9fe5c99139af39)

Gbp-Pq: Name coredump-fix-message-when-we-fail-to-save-a-journald-core.patch

basic/process-util: limit command line lengths to _SC_ARG_MAX

This affects systemd-journald and systemd-coredump.

Example entry:
$ journalctl -o export -n1 'MESSAGE=Something logged'
__CURSOR=s=976542d120c649f494471be317829ef9;i=34e;b=4871e4c474574ce4a462dfe3f1c37f06;m=c7d0c37dd2;t=57c4ac58f3b98;x=67598e942bd23dc0
__REALTIME_TIMESTAMP=1544035467475864
__MONOTONIC_TIMESTAMP=858200964562
_BOOT_ID=4871e4c474574ce4a462dfe3f1c37f06
PRIORITY=6
_UID=1000
_GID=1000
_CAP_EFFECTIVE=0
_SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
_AUDIT_SESSION=1
_AUDIT_LOGINUID=1000
_SYSTEMD_OWNER_UID=1000
_SYSTEMD_UNIT=user@1000.service
_SYSTEMD_SLICE=user-1000.slice
_SYSTEMD_USER_SLICE=-.slice
_SYSTEMD_INVOCATION_ID=1c4a469986d448719cb0f9141a10810e
_MACHINE_ID=08a5690a2eed47cf92ac0a5d2e3cf6b0
_HOSTNAME=krowka
_TRANSPORT=syslog
SYSLOG_FACILITY=17
SYSLOG_IDENTIFIER=syslog-caller
MESSAGE=Something logged
_COMM=poc
_EXE=/home/zbyszek/src/systemd-work3/poc
_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
_SYSTEMD_USER_UNIT=gnome-terminal-server.service
SYSLOG_PID=4108
SYSLOG_TIMESTAMP=Dec 5 19:44:27
_PID=4108
_CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
_SOURCE_REALTIME_TIMESTAMP=1544035467475848

$ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc
6 2053 2097410

2MB might be hard for some clients to use meaningfully, but OTOH, it is
important to log the full commandline sometimes. For example, when the program
is crashing, the exact argument list is useful.

(cherry picked from commit 2d5d2e0cc5171c6795d2a485841474345d9e30ab)
(cherry picked from commit bcada1eb2f148e0712716d6095bb3a96e8153ec5)

Gbp-Pq: Name basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch

journald: do not store the iovec entry for process commandline on stack

This fixes a crash where we would read the commandline, whose length is under
control of the sending program, and then crash when trying to create a stack
allocation for it.

CVE-2018-16864
https://bugzilla.redhat.com/show_bug.cgi?id=1653855

The message actually doesn't get written to disk, because
journal_file_append_entry() returns -E2BIG.

(cherry picked from commit 084eeb865ca63887098e0945fb4e93c852b91b0f)
(cherry picked from commit cf56627fe5525132c8e09eb3e77bfc0556a2f04d)

Gbp-Pq: Name journald-do-not-store-the-iovec-entry-for-process-command.patch

journald: remove unnecessary {}

(cherry picked from commit bc2762a309132a34db1797d8b5792d5747a94484)
(cherry picked from commit ccbb69e14ea9938c20ced03b4952fee0d22684b0)

Gbp-Pq: Name journald-remove-unnecessary.patch

coredump: remove duplicate MESSAGE= prefix from message

systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...

log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
which appends MESSAGE= on its own.

(cherry picked from commit 4f62556d71206ac814a020a954b397d4940e14c3)
(cherry picked from commit 9f564b3f45008c1a178a186f944ddc7485614cd2)

Gbp-Pq: Name coredump-remove-duplicate-MESSAGE-prefix-from-message.patch

core/mount: make mount_setup_existing_unit() not drop MOUNT_PROC_JUST_MOUNTED flag from units

This fixes a bug introduced by ec88d1ea0591beccab97d9096fd3fd7b09bc823c.

Fixes #11362.

(cherry picked from commit d253a45e1c147f5174265d71d7419da7bd52a88b)
(cherry picked from commit 27492fe33697c88b5452602604b0b28771bfd39f)

Gbp-Pq: Name core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch

udev-node: make link_find_prioritized() return negative value when nothing found

Fixes a bug introduced by a2554acec652fc65c8ed0c6c1fede9ba8c3693b1.

Fixes RHBZ#1662303.

(cherry picked from commit 82d9ac23fd5ab2befe2a95187640a8d38799dd64)
(cherry picked from commit f665fe3e2e74548a2a236f3b7635227621aa568a)

Gbp-Pq: Name udev-node-make-link_find_prioritized-return-negative-valu.patch

json: handle NULL explicitly in json_variant_has_type()

(cherry picked from commit f8c186c9ece5c1c0b89abf52f058efb0ed37e0cb)
(cherry picked from commit 388e534d24cac041bd00b48f27a84d6b31089c67)

Gbp-Pq: Name json-handle-NULL-explicitly-in-json_variant_has_type.patch

udev: rework how we handle the return value from spawned programs

When running PROGRAM="...", we would log
systemd-udevd[447]: Failed to wait spawned command '...': Input/output error
no matter why the program actually failed, at error level.

The code wouldn't distinguish between an internal failure and a failure in the
program being called and run sd_event_exit(..., -EIO) on any kind of error. EIO
is rather misleading here, becuase it suggests a serious error.

on_spawn_sigchld is updated to set the return code to distinguish failure to
spawn, including the program being killed by a signal (a negative return value),
and the program failing (positive return value).

The logging levels are adjusted, so that for PROGRAM= calls, which are
essentially "if" statements, we only log at debug level (unless we get a
timeout or segfault or another unexpected error).

(cherry picked from commit a75211421fc9366068e6d9446e8e567246c72feb)
(cherry picked from commit 5862f1730af205e2b95349b477aeed25b2f3e3b8)

Gbp-Pq: Name udev-rework-how-we-handle-the-return-value-from-spawned-p.patch

Revert "pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS"

This reverts commit 2b2b7228bffef626fe8e9f131095995f3d50ee3b.

Fixes #11293.

Removing the environment variable causes problems, e.g. Xfce and Chromium and
... don't communicate with the running dbus instance. If they attempt to start their
own instance, things become even more confusing. Those packages could be fixed
one by one, but removing the variable right now is causing too many problems.

(cherry picked from commit 00efd4988b8e4a147f96337de32e54925640f0b7)
(cherry picked from commit 6c44e6c681e55f8291078b51c72cbfd81cc21a94)

Gbp-Pq: Name Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch

journal: rely on _cleanup_free_ to free a temporary string used in client_context_read_cgroup

Closes https://github.com/systemd/systemd/issues/11253.

(cherry picked from commit ef30f7cac18a810814ada7e6a68a31d48cc9fccd)
(cherry picked from commit 1789a12dbf74112992a478ac4cf2f13d8c286d15)

Gbp-Pq: Name journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch

test: add test for sending/receiving an invalid device

(cherry picked from commit 4fe0caadc85431118f2d8aea7570307cfc2aed27)
(cherry picked from commit c2a11194c33de9bc7545a7c4df3fda5b90f02a50)

Gbp-Pq: Name test-add-test-for-sending-receiving-an-invalid-device.patch

Revert "udevd: configure a child process name for worker processes"

This reverts commit 49f3ee7e74c714f55aab395c080b1099fc17f7fd.

(cherry picked from commit ff86c92e3043f71fc801cf687600a480ee8f6778)
(cherry picked from commit 77421020c9ab36c1e701901d7e72747ca98d3133)

Gbp-Pq: Name Revert-udevd-configure-a-child-process-name-for-worker-pr.patch

Revert "sd-device: ignore bind/unbind events for now"

This reverts commit 56c886dc7ed5b2bb0882ba85136f4070545bfc1b.

Fixes #11277 and #11299.

(cherry picked from commit b261494128e60dd3168e0ea961606ec4f39c5739)
(cherry picked from commit ff2145bfe5aac524c5870a295293b8e3cc74e27a)

Gbp-Pq: Name Revert-sd-device-ignore-bind-unbind-events-for-now.patch

sd-device: fix segfault when error occurs in device_new_from_{nulstr,strv}()

As devpath may not be set yet.

When debug logging is enabled, log_device_*() calls
sd_device_get_sysname(). So, we should not assume that devpath is always
set.

Fixes #11258.

(cherry picked from commit 18fee12a2d489378a2a9b647db0d0eb8c43f5362)
(cherry picked from commit 9ae73a6273461361eef7e83d48aadee111d6616e)

Gbp-Pq: Name sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch

libudev-util: make util_replace_whitespace() read only len characters

This effectively reverts df8ba4fa0e8be1ff7899d08a4b6be0196c8405a0.

Fixes #11264.

(cherry picked from commit 577ab71c58d36bc8577d15f172a306c9c05cd2f4)
(cherry picked from commit c3712308fc090116e388f395e4a8bb0bd8446ea6)

Gbp-Pq: Name libudev-util-make-util_replace_whitespace-read-only-len-c.patch

Pass separate dev_t var to device_path_parse_major_minor

MIPS/O32's st_rdev member of struct stat is unsigned long, which
is 32bit, while dev_t is defined as 64bit, which make some problems
in device_path_parse_major_minor.

Don't pass st.st_rdev, st_mode to device_path_parse_major_minor,
while pass 2 seperate variables. The result of stat is alos copied
out into these 2 variables. Fixes: #11247

(cherry picked from commit f5855697aa19fb92637e72ab02e4623abe77f288)
(cherry picked from commit a0d4edf0e7fe6674c44258a73e0722494d659976)

Gbp-Pq: Name Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch

test-json: check absolute and relative difference in floating point test

The test fails under valgrind, so there was an exception for valgrind.
Unfortunately that check only works when valgrind-devel headers are
available during build. But it is possible to have just valgrind installed,
or simply install it after the build, and then "valgrind test-json" would
fail.

It also seems that even without valgrind, this fails on some arm32 CPUs.
Let's do the usual-style test for absolute and relative differences.

(cherry picked from commit aa70783f55b369521b94e0985e84bbdaae16b174)
(cherry picked from commit 88938bf95b850849d075d7a6ebe37bb1d9780efe)

Gbp-Pq: Name test-json-check-absolute-and-relative-difference-in-float.patch

Docs: Add Missing Space Between Words

(cherry picked from commit 8d7fac92f07cc662e51dcda7c9f3a322454895c7)
(cherry picked from commit e60c80a908a2c8c6036e41d083134c9e095aa268)

Gbp-Pq: Name Docs-Add-Missing-Space-Between-Words.patch

ask-password-api: do not call ask_password_keyring() if keyname == NULL

Fixes #11295.

(cherry picked from commit 1f00998c8739ac6adc2b7623cc1e5a8f67d95d7d)
(cherry picked from commit 095a38313daf043413c863634378c8ea7e5f6a09)

Gbp-Pq: Name ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch

udev-event: do not read stdout or stderr if the pipefd is not created

Fixes #11255.

(cherry picked from commit adeb26c1affd09138bb96a9e25b795d146e64c97)
(cherry picked from commit 32a11a27b69031240beea38260d93e034ea33036)

Gbp-Pq: Name udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch

switch-root: fix error message

Fixes #11261.

(cherry picked from commit a5c67ccc575e6ebf12710cb7df84f65a51c5dc58)
(cherry picked from commit ebcd154e1df434865d2752efdccbc7737bb28029)

Gbp-Pq: Name switch-root-fix-error-message.patch

core: free lines after reading them

Closes https://github.com/systemd/systemd/issues/11251.

(cherry picked from commit 7334ade4a7e103b1a01d1c8fe1ea7c7a854a1c31)
(cherry picked from commit 5fa79ab2eb900fc58824060e3dcf9508276c9047)

Gbp-Pq: Name core-free-lines-after-reading-them.patch

Do not start server if it is already runnning (#11245)

(cherry picked from commit 7da7340afdd4760fb2dd9d000105c324a77aff4b)

Gbp-Pq: Name Do-not-start-server-if-it-is-already-runnning-11245.patch

systemd (240-4) unstable; urgency=medium

  [ Benjamin Drung ]
  * Fix shellcheck issues in initramfs-tools scripts

  [ Michael Biebl ]
  * Import patches from v240-stable branch (up to f02b5472c6)
    - Fixes a problem in logind closing the controlling terminal when using
      startx. (Closes: #918927)
    - Fixes various journald vulnerabilities via attacker controlled alloca.
      (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
  * sd-device-monitor: Fix ordering of setting buffer size.
    Fixes an issue with uevents not being processed properly during coldplug
    stage and some kernel modules not being loaded via "udevadm trigger".
    (Closes: #917607)
  * meson: Stop setting -fPIE globally.
    Setting -fPIE globally can lead to miscompilations on certain
    architectures. Instead use the b_pie=true build option, which was
    introduced in meson 0.49. Bump the Build-Depends accordingly.
    (Closes: #909396)

[dgit import unpatched systemd 240-4]

Import systemd_240-4.debian.tar.xz

[dgit import tarball systemd 240-4 systemd_240-4.debian.tar.xz]

Import systemd_240.orig.tar.gz

[dgit import orig systemd_240.orig.tar.gz]