Skip to content
Snippets Groups Projects
Select Git revision
  • proposed-updates/debian/trixie/cc82553e
  • pristine-lfs protected
  • debian/trixie protected
  • upstream/trixie protected
  • pristine-lfs-source
  • apertis/v2025 protected
  • apertis/v2026dev1 protected
  • debian/bookworm protected
  • upstream/bookworm protected
  • apertis/v2024 protected
  • apertis/v2024-updates protected
  • apertis/v2025pre protected
  • apertis/v2026dev0 default protected
  • apertis/v2023 protected
  • debian/bullseye-security protected
  • apertis/v2025dev3 protected
  • debian/bullseye protected
  • apertis/v2025dev2 protected
  • apertis/v2025dev1 protected
  • apertis/v2024pre protected
  • debian/257-2
  • upstream/257
  • apertis/252.31-1_deb12u1+apertis1
  • debian/252.31-1_deb12u1
  • upstream/252.31
  • apertis/252.30-1_deb12u2+apertis1
  • debian/252.30-1_deb12u2
  • upstream/252.30
  • apertis/247.3-7+deb11u6+apertis1
  • debian/247.3-7+deb11u6
  • apertis/252.26-1_deb12u2+apertis1
  • apertis/247.3-7+deb11u5+apertis1
  • debian/252.26-1_deb12u2
  • upstream/252.26
  • debian/247.3-7+deb11u5
  • apertis/252.22-1_deb12u1+apertis2
  • apertis/252.22-1_deb12u1+apertis1
  • debian/252.22-1_deb12u1
  • upstream/252.22
  • apertis/252.19-1_deb12u1+apertis1
40 results
Blame Permalink
Forked from pkg / systemd
132 commits behind the upstream repository.
  • Michael Biebl's avatar
    677d5ce9
    Import Debian changes 241-7~deb10u2 · 677d5ce9
    Michael Biebl authored 
    systemd (241-7~deb10u2) buster; urgency=medium

  * core: never propagate reload failure to service result.
    Fixes a regression introduced in v239 where the main process of a
    service unit gets killed on reload if ExecReload fails. (Closes: #936032)
  * shared/seccomp: add sync_file_range2.
    Some architectures need the arguments to be reordered because of alignment
    issues. Otherwise, it's the same as sync_file_range.
    Fixes sync_file_range failures in nspawn containers on arm, ppc.
    (Closes: #935091)
  * core: factor root_directory application out of apply_working_directory.
    Fixes RootDirectory not working when used in combination with User.
    (Closes: #939408)
  * shared/bus-util: drop trusted annotation from
    bus_open_system_watch_bind_with_description().
    This ensures that access controls on systemd-resolved's D-Bus interface
    are enforced properly.
    (CVE-2019-15718, Closes: #939353)
  * login: add a missing error check for session_set_leader()
    Fixes assertion due to insufficient function return check.
    (Closes: #939998)
  * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
    (Closes: #934589)
  * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space
  * namespace: make MountFlags=shared work again (Closes: #939551)
  * mount/generators: do not make unit wanted by its device unit.
    Among other things, this fixes StopWhenUnneeded=true being broken for
    mount units. (Closes: #941758)
    677d5ce9
    History
    Import Debian changes 241-7~deb10u2
    Michael Biebl authored 
    systemd (241-7~deb10u2) buster; urgency=medium

  * core: never propagate reload failure to service result.
    Fixes a regression introduced in v239 where the main process of a
    service unit gets killed on reload if ExecReload fails. (Closes: #936032)
  * shared/seccomp: add sync_file_range2.
    Some architectures need the arguments to be reordered because of alignment
    issues. Otherwise, it's the same as sync_file_range.
    Fixes sync_file_range failures in nspawn containers on arm, ppc.
    (Closes: #935091)
  * core: factor root_directory application out of apply_working_directory.
    Fixes RootDirectory not working when used in combination with User.
    (Closes: #939408)
  * shared/bus-util: drop trusted annotation from
    bus_open_system_watch_bind_with_description().
    This ensures that access controls on systemd-resolved's D-Bus interface
    are enforced properly.
    (CVE-2019-15718, Closes: #939353)
  * login: add a missing error check for session_set_leader()
    Fixes assertion due to insufficient function return check.
    (Closes: #939998)
  * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
    (Closes: #934589)
  * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space
  * namespace: make MountFlags=shared work again (Closes: #939551)
  * mount/generators: do not make unit wanted by its device unit.
    Among other things, this fixes StopWhenUnneeded=true being broken for
    mount units. (Closes: #941758)
shared-bus-util-drop-trusted-annotation-from-bus_open_sys.patch 1.19 KiB 
From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 27 Aug 2019 19:00:34 +0200
Subject: shared/bus-util: drop trusted annotation from
 bus_open_system_watch_bind_with_description()

https://bugzilla.redhat.com/show_bug.cgi?id=1746057

This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
is also used in timesyncd, but it has no methods, only read-only properties, and
in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
polkit checks.

(cherry picked from commit 35e528018f315798d3bffcb592b32a0d8f5162bd)
---
 src/shared/bus-util.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c
index cbcf698..9d31fba 100644
--- a/src/shared/bus-util.c
+++ b/src/shared/bus-util.c
@@ -1696,10 +1696,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri
         if (r < 0)
                 return r;
 
-        r = sd_bus_set_trusted(bus, true);
-        if (r < 0)
-                return r;
-
         r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS);
         if (r < 0)
                 return r;
Apertis Website Terms of Use Privacy Policy