New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd: 243.4 -> 243.7 #80480
systemd: 243.4 -> 243.7 #80480
Conversation
8ed8a9a
to
48b7100
Compare
48b7100
to
f1cb532
Compare
This has cooked on my laptop for quite some time, marking as "Ready for review". |
This is probably related to https://bugs.chromium.org/p/project-zero/issues/detail?id=1971 ? |
This bumps to the latest state of the systemd 242 stable, published at https://github.com/systemd/systemd-stable/tree/v243-stable. Should cover CVE-2020-1712. Git Log: f8dd0f2f15 (tag: v243.7, systemd-stable/v243-stable) Revert "Support Plugable UD-PRO8 dock" 1a5428c2ab hibernate-resume-generator: wait "infinitely" for the resume device eb3148c468 (tag: v243.6) hwdb: update to v245-rc1 f14fa558ae Fix typo in function name fb21e13e8e polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it 2e504c92d1 sd-bus: introduce API for re-enqueuing incoming messages 4d80c8f158 polkit: use structured initialization 54791aff01 polkit: on async pk requests, re-validate action/details 81532beddc polkit: reuse some common bus message appending code 4441844d58 bus-polkit: rename return error parameter to ret_error 31a1d569db shared: split out polkit stuff from bus-util.c → bus-polkit.c 560eb5babf test: adapt to the new capsh format 275b266bde meson: update efi path detection to gnu-efi-3.0.11 9239154545 presets: "disable" all passive targets by default a827c41851 shared/sysctl-util: normalize repeated slashes or dots to a single value fb1bfd6804 dhcp6: do not use T1 and T2 longer than one provided by the lease ca43a515c6 network: fix implicit type conversion warning by GCC-10 421eca7edf bootspec: parse random-seed-mode line in loader.conf 34e21fc6de sd-boot: fix typo df7b3a05c9 test: Synchronize journal before reading from it 9326efee71 sd-bus: fix introspection bug in signal parameter names 7bbdc56aaf efi: fix build. 486f8ca365 generator: order growfs for the root fs after systemd-remount-fs 56d442e29d loginctl: use /org/freedesktop/login1/session/auto when "lock-session" is called without argument 6ed1152282 Documentation update for x-systemd.{before,after} dba3efa34a man: fix typo in systemd.netdev Xfrm example 6f9a8621d8 timesyncd: log louder when we refuse a server due to root distance 0637255d3b resolved: drop DNSSEC root key that is not valid anymore 9a135baa40 journal: don't use startswith() on something that is not a NUL-terminated string 1ff3972a0f test: add test for systemd/systemd#14560 cac79b606b core: make sure StandardInput=file: doesn't get dup'ed to stdout/stderr by default 906ba9a67d pkgconf: add full generator paths 01b93e2c68 tree-wide: we forgot to destroy some bus errors 5c9455657e mount: make checks on perpetual mount units more lax 28c58beca1 core: never allow perpetual units to be masked d3b044b3e7 typo: "May modify to" -> "May modify" fd378d3d3c sysctl: downgrade message when we have no permission db4fbf5c61 Clarify journald.conf MaxLevelStore documentation c8365f71c0 logind: refuse overriding idle hint on tty sessions cd91f567b6 cgroup: update only siblings that got realized once c672dcd212 mount: mark an existing "mounting" unit from /proc/self/mountinfo as "just_mounted" a592a40564 journalctl: Correctly handle combination of --reverse and --lines (fixes NixOS#1596) 0aa144ab1d journalctl: Correctly handle --show-cursor in combination with --until or --since and --reverse 3b803a5e66 core: fix re-realization of cgroup siblings 7549dd40fc core: propagate service state to socket in more load states af6df343b2 man: describe "symlink" and "systemctl link" explicitly in UNIT FILE LOAD PATH a3c1ce25a7 core: be more restrictive on the dependency types we allow to be created transiently 2b9ec8384c udev: don't import parent ID_FS_ data on partitions ecd95c507c man: fix option name 0d4f06156b Support Plugable UD-PRO8 dock 7fba869abd gpt-auto: don't assume XBOOTLDR is vfat 494c281b67 man: fix documentation of IBM VIO device naming 7271fb056a man: slightly extend documentation on difference between ID_NET_NAME_ONBOARD and ID_NET_LABEL_ONBOARD 852ae28e68 boot: fix osrel parser 2613200370 udev: do not use exact match of file permission 46477397c1 network: lower the log-level of harmless message 7163b1fe86 hwdb: ignore keys added in kernel 5.5 92f90837dc systemctl: skip non-existent units in the 'cat' verb a67227cc99 systemd.exec: document the file system for EnvironmentFile paths cfb4c0aca5 systemd-analyze: fixed typo in documentation 017fddd998 test-condition: fix group check condition 9d5e3cb774 umount: show correct error message 252f1a5277 Revert "Drop dbus activation stub service" 20bbfac95e man: add section about user manager units c93ef60212 man: add remote-*.targets to the bootup sequence 55e0f99689 time-util: also use 32bit hack on EOVERFLOW 7afe2ecb02 [man] note which UID ranges will get user journals a43b67a4c9 [man] fix URL dedb26a8d6 analyze: badness if neither of RootImage and RootDirectory exists 714c93862a initrd: make udev cleanup service confict trigger and settle too 8932407ae1 man: we support growing xfs too these days 19af11dc07 time-util: deal with systems where userspace has 64bit time_t but kernel does not c90229d81d [import] fix stdin/stdout pipe behavior in import/export tar/raw 39910328da cryptsetup-generator: unconfuse writing of the device timeout fc5e6c87a4 shared/install: log syntax error for invalid DefaultInstance= 409c94a407 shared/install: provide a nicer error message for invalid WantedBy=/Required= values 70e8c1978a seccomp: real syscall numbers are >= 0 a0a1977d9a seccomp: more comprehensive protection against libseccomp's __NR_xyz namespace invasion 7f936c60d5 network: set ipv6 mtu after link-up or device mtu change b59d88cc62 man: fix typo in net-naming-scheme man page c5e5ac0958 man: fix typos (NixOS#14304) 9a2f26564d ipv4ll: do not reset conflict counter on restart bc9e1ebfdd Fix typo (duplicate "or") c6cb71b7e7 network: if /sys is rw, then udev should be around 67dcdfd956 nspawn: do not fail if udev is not running a7938a1bc6 Create parent directories when creating systemd-private subdirs 53aa44f873 network: do not return error but return UINT64_MAX if speed meter is disabled 65abf12674 core: swap priority can be negative b1cf452ff5 systemctl: enhance message about kexec missing kernel 07a0e5b425 man: use mkswap@ instead of makeswap@ 57dc017c6b journald: don't ask for the machine ID if we don't need it ac392a57c0 journalctl: pager_close() calls fflush(stdout) anyway as first thing ee7dfadc82 journald: remove unused field 471073f1b5 journalctl: return EOPNOTSUPP if pcre is not enabled 002ededb61 man: drop reference to machined, add one for journald instead fd3bd4be3b pid1: make TimeoutAbortSec settable for transient units eb2ef4d664 pid1: fix setting of DefaultTimeoutAbortSec 1d75e29b23 shared/ask-password-api: modify keyctl break value a16b1ee7e5 cryptsetup: reduce the chance that we will be OOM killed 4836fb010a core: write out correct field name when creating transient service units 3e2c547f6d udevd: don't use monitor after manager_exit() d42f7d45a8 Revert "udevd: fix crash when workers time out after exit is signal caught" c9a287eee8 man/systemd.link: Add missing verb *be* a67a3ae04b man: document all pager variables for systemctl and systemd 3a8fce3f38 core.timer: fix "systemd-analyze dump" and docs syntax inconsistencies wrt OnTimezoneChange= fdffd284b6 core/service: downgrade "scheduling restart" message to debug 733e7f19d3 travis: add missing closing quote sign 0d7b7817fc systemd-tmpfiles: don't install timer when service isn't installed either 0e7f83cd2b pam_systemd: prolong method call timeout when allocating session
f1cb532
to
53488b2
Compare
Yes, the polkit fixes should be in. I updated the commit message to include the reference to CVE-2020-1712. |
I can't currently tun this through my hydra as I usually do... (It doesn't build the latest master branch and with the current version it fails with newer nix from 19.09…) We should probably just let it go through staging and see then... |
Agreed. I just pushed |
@NixOS/backports this would need backports to 19.09 and 20.03, not sure about the current state of the |
There's an eval that had the rebuild for the NetworkManager update for 20.03 https://hydra.nixos.org/eval/1572028. It's not the most massive rebuild, but I guess we should merge |
We should probably at least wait for this PR to have landed in |
@FRidh is there a new staging round planned? |
backported to staging-20.03 932f2e3. |
Motivation for this change
This includes backports from upstreams https://github.com/systemd/systemd-stable, possibly security-related.
It doesn't bump to another major version.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)