Bug#929215: unblock: systemd/241-4

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-4

Michael Biebl-3
Package: release.debian.org
Severity: normal
User: [hidden email]
Usertags: unblock

Please unblock package systemd

All patches are cherry-picked from upstream git.

Annotated changelog:

systemd (241-4) unstable; urgency=medium

  * journal-remote: Do not request Content-Length if Transfer-Encoding is
    chunked (Closes: #927008)

https://salsa.debian.org/systemd-team/systemd/commit/d8e4bc4487b0f32b39b15152040351261329e92a

Without this fix, systemd-journal-remote is pretty much completely
broken, that's why I had marked this bug RC for the
systemd-journal-remote package


  * systemctl: Restore "systemctl reboot ARG" functionality.
    Fixes a regression introduced in v240. (Closes: #928659)

https://salsa.debian.org/systemd-team/systemd/commit/8127cbd86fadf245dd28666c1bfe82a3eb116448


  * random-util: Eat up bad RDRAND values seen on AMD CPUs.
    Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle
    while still reporting success via the carry flag.
    Filter out invalid data like -1 (and also 0, just to be sure).
    (Closes: #921267)

https://salsa.debian.org/systemd-team/systemd/commit/efbcf5102f0ac7b43a2f7b8c79084fdfd2d1fa72

RDRAND is used by systemd for its hashmap implementation. On some AMD
CPUs (AMD CPU family 22), RDRAND returns bogus data after
suspend/resume, leading to severe mis-behaviour of systemd. Typical
symptoms are failure to shutdown properly or when trying suspend again.


  * Add check to switch VTs only between K_XLATE or K_UNICODE.
    Switching to K_UNICODE from other than L_XLATE can make the keyboard
    unusable and possibly leak keypresses from X.
    (CVE-2018-20839, Closes: #929116)

https://salsa.debian.org/systemd-team/systemd/commit/5a564c6ef3906c0f3885a3a2aafce772393f760a


  * Document that DRM render nodes are now owned by group "render"
    (Closes: #926886)

https://salsa.debian.org/systemd-team/systemd/commit/e3772a013721083a740ab9dedbf060cf5b3c3709

Documentation update, which was explicitly requested for the
video->render change of the the /dev/dri/renderD* devices.

KiBi (and debian-boot) is in CC

Full debdiff is attached.

Regards,
Michael

unblock systemd/241-4

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

systemd_241-4.debdiff (20K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-4

Niels Thykier
Control: tags -1 confirmed d-i

Michael Biebl:

> Package: release.debian.org
> Severity: normal
> User: [hidden email]
> Usertags: unblock
>
> Please unblock package systemd
>
> All patches are cherry-picked from upstream git.
>
> Annotated changelog:
>
> systemd (241-4) unstable; urgency=medium
>
>   * journal-remote: Do not request Content-Length if Transfer-Encoding is
>     chunked (Closes: #927008)
>
> https://salsa.debian.org/systemd-team/systemd/commit/d8e4bc4487b0f32b39b15152040351261329e92a
>
> Without this fix, systemd-journal-remote is pretty much completely
> broken, that's why I had marked this bug RC for the
> systemd-journal-remote package
>
>
>   * systemctl: Restore "systemctl reboot ARG" functionality.
>     Fixes a regression introduced in v240. (Closes: #928659)
>
> https://salsa.debian.org/systemd-team/systemd/commit/8127cbd86fadf245dd28666c1bfe82a3eb116448
>
>
>   * random-util: Eat up bad RDRAND values seen on AMD CPUs.
>     Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle
>     while still reporting success via the carry flag.
>     Filter out invalid data like -1 (and also 0, just to be sure).
>     (Closes: #921267)
>
> https://salsa.debian.org/systemd-team/systemd/commit/efbcf5102f0ac7b43a2f7b8c79084fdfd2d1fa72
>
> RDRAND is used by systemd for its hashmap implementation. On some AMD
> CPUs (AMD CPU family 22), RDRAND returns bogus data after
> suspend/resume, leading to severe mis-behaviour of systemd. Typical
> symptoms are failure to shutdown properly or when trying suspend again.
>
>
>   * Add check to switch VTs only between K_XLATE or K_UNICODE.
>     Switching to K_UNICODE from other than L_XLATE can make the keyboard
>     unusable and possibly leak keypresses from X.
>     (CVE-2018-20839, Closes: #929116)
>
> https://salsa.debian.org/systemd-team/systemd/commit/5a564c6ef3906c0f3885a3a2aafce772393f760a
>
>
>   * Document that DRM render nodes are now owned by group "render"
>     (Closes: #926886)
>
> https://salsa.debian.org/systemd-team/systemd/commit/e3772a013721083a740ab9dedbf060cf5b3c3709
>
> Documentation update, which was explicitly requested for the
> video->render change of the the /dev/dri/renderD* devices.
>
> KiBi (and debian-boot) is in CC
>
> Full debdiff is attached.
>
> Regards,
> Michael
>
> unblock systemd/241-4
>
> [...]
>

Ok with with me.  Waiting for KiBi to give an ack from the d-i side
before I will fully unblock it.

Thanks,
~Niels

Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-4

Michael Biebl-3
Am 19.05.19 um 12:47 schrieb Niels Thykier:

>>   * Add check to switch VTs only between K_XLATE or K_UNICODE.
>>     Switching to K_UNICODE from other than L_XLATE can make the keyboard
>>     unusable and possibly leak keypresses from X.
>>     (CVE-2018-20839, Closes: #929116)
>>
>> https://salsa.debian.org/systemd-team/systemd/commit/5a564c6ef3906c0f3885a3a2aafce772393f760a

In the mean time a regression was reported caused by this patch.
I marked the bug as RC. Given how long it takes to find a solution
upstream, I will either upload a fix for that or revert/drop the patch
again.

Regards,
Michael

--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-4

Michael Biebl-3
Am 20.05.19 um 14:06 schrieb Michael Biebl:

> Am 19.05.19 um 12:47 schrieb Niels Thykier:
>
>>>   * Add check to switch VTs only between K_XLATE or K_UNICODE.
>>>     Switching to K_UNICODE from other than L_XLATE can make the keyboard
>>>     unusable and possibly leak keypresses from X.
>>>     (CVE-2018-20839, Closes: #929116)
>>>
>>> https://salsa.debian.org/systemd-team/systemd/commit/5a564c6ef3906c0f3885a3a2aafce772393f760a
>
> In the mean time a regression was reported caused by this patch.
> I marked the bug as RC. Given how long it takes to find a solution
> upstream, I will either upload a fix for that or revert/drop the patch
> again.
I've reverted this patch in 241-5, as no fix is available yet.
No other changes were made in 241-5.

Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-4

Niels Thykier
Michael Biebl:

> Am 20.05.19 um 14:06 schrieb Michael Biebl:
>> Am 19.05.19 um 12:47 schrieb Niels Thykier:
>>
>>>>   * Add check to switch VTs only between K_XLATE or K_UNICODE.
>>>>     Switching to K_UNICODE from other than L_XLATE can make the keyboard
>>>>     unusable and possibly leak keypresses from X.
>>>>     (CVE-2018-20839, Closes: #929116)
>>>>
>>>> https://salsa.debian.org/systemd-team/systemd/commit/5a564c6ef3906c0f3885a3a2aafce772393f760a
>>
>> In the mean time a regression was reported caused by this patch.
>> I marked the bug as RC. Given how long it takes to find a solution
>> upstream, I will either upload a fix for that or revert/drop the patch
>> again.
>
> I've reverted this patch in 241-5, as no fix is available yet.
> No other changes were made in 241-5.
>
> Regards,
> Michael
>

Ack, thanks for handling this. The changes in 241-5 lgtm. :)

Thanks,
~Niels

Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-5

Michael Biebl-3
Control: retitle -1 unblock: systemd/241-5

Am 27.05.19 um 07:35 schrieb Niels Thykier:
> Ack, thanks for handling this. The changes in 241-5 lgtm. :)

Hi KiBi,

241-5 is waiting for an ack from d-i. Since the AMD related RDRAND
breakage is rather nasty for users of those affected systemd, it would
be good to have that version in testing.
While I don't expect any issues on the udeb/udev related parts, it would
be great if you can have a look and give this version a try wrt to d-i.

Regards,
Michael

--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#929215: unblock: systemd/241-5

Cyril Brulebois-4
Hi,

Michael Biebl <[hidden email]> (2019-06-03):
> 241-5 is waiting for an ack from d-i. Since the AMD related RDRAND
> breakage is rather nasty for users of those affected systemd, it would
> be good to have that version in testing.
> While I don't expect any issues on the udeb/udev related parts, it would
> be great if you can have a look and give this version a try wrt to d-i.

Apologies for the delay.

Changes look good, and so do runtime tests, so no objections.


Cheers,
--
Cyril Brulebois ([hidden email])            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

signature.asc (849 bytes) Download Attachment