Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Debian's systemd has split-usr enabled as both Debian and in principle Apertis
support both a split and a merged-usr setup. This mostly adds search paths to
system (e.g. to look at both `/bin/` and `/usr/bin`) however it also means that
if `/usr` is a mountpoint system will try to unmount it.  Unfortunately this causes
issues at shutdown for systems with a merged-usr layout as basic libraries (e.g. libc)
are located in `/usr` making it impossible to unmount.

For Apertis we don't support `/usr` being a seperate partition, the only time
`/usr` is on a mountpoint is when using ostree images (where it is a bind mount
and which use a merged-usr layout). So also add `/usr` to the list of paths that
are considered unmountable even with split-usr support enabled in systemd.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Drop below patch which is now part of this upstream release

apertis/0101-basic-cap-list-parse-print-numerical-capabilities.patch

Dropped the below mentioned patches as they are not needed any more

apertis/0103-basic-cap-list-reduce-scope-of-variables.patch
apertis/0102-basic-capability-util-let-cap_last_cap-return-unsign.patch

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

systemd (241-7~deb10u6) buster; urgency=medium

  * journal: do not trigger assertion when journal_file_close() get NULL
    (Closes: #975561)
  * test-bpf: skip test when run inside containers.
    The test reliably fails inside LXC and Docker when run on a new enough
    kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
    issue and apparently there is no real interest to get this fixed, so
    let's skip this test.
  * autopkgtest: mark networkd-test.py as flaky.
    See https://github.com/systemd/systemd/issues/18357
    and https://github.com/systemd/systemd/issues/18196

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

The problem with failed `/var` unmount placed on separate partition
have a long story: https://github.com/systemd/systemd/issues/867
According messages after the fix integrated into upstream -- there are
some corner cases which aren't fully fixed by patches adding [relinquish
options](pkg/systemd!26

)

In case of ostree-based images we have a similar issue since `/var` is
bind-mounted in initramfs. Systemd is trying to unmount `/var` on
shutdown, however `ExecStop=` command from `systemd-journal-flush`
service is not executed during shutdown.
By adding `PartOf=var.mount` into service file we force the
`systemd-journal-flush.service` to be called prior the `/var` unmount.
This allow to unlock the bind-mount, since `journald` have a chance to
re-link it's journal into `/run` with `journalctl
--smart-relinquish-var` call.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Backported PR 16424 to avoid message
'Failed to parse bus message: Invalid argument'
with an updated kernel using new capabilities.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

systemd (241-7~deb10u5) buster; urgency=medium

  * basic/cap-list: parse/print numerical capabilities (Closes: #964926)
  * missing: add new Linux capabilities.
    Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
    them even when built with an older kernel.
  * networkd: do not generate MAC for bridge device (Closes: #963488)

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

systemd-boot selects the last valid entry by default, not the first, which
prevent correct rollback.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Newer version of systemd-journald support the --relinquish and
--smart-relinquish options that enable cleaner handling of mounts at
shutdown as journald can be told to close any logging under
/var/log/journal so that the /var filesystem can be unmounted should it be
on a separate partition.

Backport this feature as it enables shutdown without failures, a highly
desirable trait in embedded products using systemd.

The significant changes from the upstream patches are:

* Including `util.h` rather than `errno-util.h`, as the functionality
  hasn't been split out into a separate header file in our version.
  https://gitlab.apertis.org/pkg/target/systemd/-/merge_requests/26/diffs#10b30dfe96faf3663f42076bdb4984ccdea14817_0_88
- Adding `ERRNO_IS_ACCEPT_AGAIN` to `varlink.c` (the header file it's
  expected to be in doesn't exist in our version)
  https://gitlab.apertis.org/pkg/target/systemd/-/merge_requests/26/diffs#10b30dfe96faf3663f42076bdb4984ccdea14817_0_93
- Working around the changed parameters for
  `JSON_VARIANT_OBJECT_FOREACH`, adding a call to
  `json_variant_string()`, based on how upstream was modified when the
  macro changed
  https://gitlab.apertis.org/pkg/target/systemd/-/merge_requests/26/diffs#10b30dfe96faf3663f42076bdb4984ccdea14817_0_772
- Expanding the code around `inotify_add_watch()` which got factored out
  to a function in newer versions of systemd
  https://gitlab.apertis.org/pkg/target/systemd/-/merge_requests/26/diffs#f4174ac09c9ebd5278fe22a02b6207223a00f92e_0_74



Signed-off-by: Martyn Welch <martyn.welch@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.co.uk>

systemd (241-7~deb10u4) buster; urgency=medium

  * polkit: when authorizing via PolicyKit re-resolve callback/userdata
    instead of caching it.
    This fixes a heap use-after-free vulnerability in systemd, when
    asynchronous PolicyKit queries are performed while handling DBus messages.
    CVE-2020-1712 (Closes: #950732)
  * Install 60-block.rules in udev-udeb and initramfs-tools.
    The block device rules were split out from 60-persistent-storage.rules
    into its own rules file in v220. Those rules ensure that change events
    are emitted and the udev db is updated after metadata changes.
    Thanks to Pascal Hambourg (Closes: #958397)

systemd (241-7~deb10u3) buster; urgency=medium

  * core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX.
    Since kernel 5.2 (but also stable kernels like 4.19.53) the kernel
    thankfully returns proper errors when we write a value out of range to
    the sysctl. Which however breaks writing ULONG_MAX to request the
    maximum value. Hence let's write the new maximum value instead,
    LONG_MAX. (Closes: #945018)
  * core: change ownership/mode of the execution directories also for static
    users.
    This ensures that execution directories like CacheDirectory and
    StateDirectory are properly chowned to the user specified in User= before
    launching the service. (Closes: #919231)

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Updating fails with the following error:
dpkg: error processing archive /var/cache/apt/archives/systemd_241-7~deb10u1co3bv2021dev0b3_amd64.deb (--unpack):
 trying to overwrite '/etc/apparmor.d/lib.systemd.systemd-logind', which is also in package chaiwala-apparmor-profiles 1.2019.2bv2021dev0b1

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

Move apparmor profile from apertis-customization to the package it is
related to.

Signed-off-by: Frédéric Danis <frederic.danis@collabora.com>

systemd (241-7~deb10u2) buster; urgency=medium

  * core: never propagate reload failure to service result.
    Fixes a regression introduced in v239 where the main process of a
    service unit gets killed on reload if ExecReload fails. (Closes: #936032)
  * shared/seccomp: add sync_file_range2.
    Some architectures need the arguments to be reordered because of alignment
    issues. Otherwise, it's the same as sync_file_range.
    Fixes sync_file_range failures in nspawn containers on arm, ppc.
    (Closes: #935091)
  * core: factor root_directory application out of apply_working_directory.
    Fixes RootDirectory not working when used in combination with User.
    (Closes: #939408)
  * shared/bus-util: drop trusted annotation from
    bus_open_system_watch_bind_with_description().
    This ensures that access controls on systemd-resolved's D-Bus interface
    are enforced properly.
    (CVE-2019-15718, Closes: #939353)
  * login: add a missing error check for session_set_leader()
    Fixes assertion due to insufficient function return check.
    (Closes: #939998)
  * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
    (Closes: #934589)
  * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by user-space
  * namespace: make MountFlags=shared work again (Closes: #939551)
  * mount/generators: do not make unit wanted by its device unit.
    Among other things, this fixes StopWhenUnneeded=true being broken for
    mount units. (Closes: #941758)

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

systemd (241-7~deb10u1) buster; urgency=medium

  * Rebuild for buster

systemd (241-7) unstable; urgency=medium

  [ Michael Biebl ]
  * network: Fix failure to bring up interface with Linux kernel 5.2.
    Backport two patches from systemd master in order to fix a bug with 5.2
    kernels where the network interface fails to come up with the following
    error: "enp3s0: Could not bring up interface: Invalid argument"
    (Closes: #931636)
  * Use /usr/sbin/nologin as nologin shell.
    In Debian the nologin shell is installed in /usr/sbin, not /sbin.
    (Closes: #931850)

  [ Mert Dirik ]
  * 40-systemd: Don't fail if SysV init script uses set -u and $1 is unset
    (Closes: #931719)

systemd (241-6) unstable; urgency=medium

  * ask-password: Prevent buffer overflow when reading from keyring.
    Fixes a possible memory corruption that causes systemd-cryptsetup to
    crash either when a single large password is used or when multiple
    passwords have already been pushed to the keyring. (Closes: #929726)
  * Clarify documentation regarding %h/%u/%U specifiers.
    Make it clear, that setting "User=" has no effect on those specifiers.
    Also ensure that "%h" is actually resolved to "/root" for the system
    manager instance as documented in the systemd.unit man page.
    (Closes: #927911)
  * network: Behave more gracefully when IPv6 has been disabled.
    Ignore any configured IPv6 settings when IPv6 has been disabled in the
    kernel via sysctl. Instead of failing completely, continue and log a
    warning instead. (Closes: #929469)

Signed-off-by: Frédéric Dalleau <frederic.dalleau@collabora.com>

Signed-off-by: Frédéric Dalleau <frederic.dalleau@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

Refresh patches against the latest bashism changes from Buster.
Also, ignore some additional code related to INITRD_OPTIONS

Signed-off-by: Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>

systemd (241-5) unstable; urgency=medium

  * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE"
    This change left the keyboard in an unusable state when exiting an X
    session. (Closes: #929229)

systemd (241-4) unstable; urgency=medium

  * journal-remote: Do not request Content-Length if Transfer-Encoding is
    chunked (Closes: #927008)
  * systemctl: Restore "systemctl reboot ARG" functionality.
    Fixes a regression introduced in v240. (Closes: #928659)
  * random-util: Eat up bad RDRAND values seen on AMD CPUs.
    Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle
    while still reporting success via the carry flag.
    Filter out invalid data like -1 (and also 0, just to be sure).
    (Closes: #921267)
  * Add check to switch VTs only between K_XLATE or K_UNICODE.
    Switching to K_UNICODE from other than L_XLATE can make the keyboard
    unusable and possibly leak keypresses from X.
    (CVE-2018-20839, Closes: #929116)
  * Document that DRM render nodes are now owned by group "render"
    (Closes: #926886)

systemd (241-3) unstable; urgency=high

  [ Michael Biebl ]
  * Drop systemd-shim alternative from libpam-systemd.
    A fixed systemd-shim package which works with newer versions of systemd
    is unlikely to happen given that the systemd-shim package has been
    removed from the archive. Drop the alternative dependency from
    libpam-systemd accordingly.
  * Properly remove duplicate directories from systemd package.
    When removing duplicate directories from the systemd package, sort the
    list of directories in reverse order so we properly delete nested
    directories.
  * udev: Run programs in the specified order (Closes: #925190)
  * bash-completion: Use default completion for redirect operators
    (Closes: #924541)
  * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's
    (Closes: #815582)
  * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf"
    Apparently Conflicts= are not a reliable mechanism to ensure alternative
    NTP implementations take precedence over systemd-timesyncd.
    (Closes: #902026)
  * network: Fix routing policy rule issue.
    When multiple links request a routing policy, make sure they are all
    applied correctly. (Closes: #924406)
  * pam-systemd: Use secure_getenv() rather than getenv()
    Fixes a vulnerability in the systemd PAM module which insecurely uses
    the environment and lacks seat verification permitting spoofing an
    active session to PolicyKit. (CVE-2019-3842)

  [ Martin Pitt ]
  * Enable udev autopkgtest in containers.
    This test doesn't actually need udev.service (which is disabled in
    containers) and works fine in LXC.
  * Enable boot-and-service autopkgtest in containers
    - Skip tests which can't work in containers.
    - Add missing rsyslog test dependency.
    - e2scrub_reap.service fails in containers, ignore (filed as #926138)
    - Relax pgrep pattern for gdm, as there's no wayland session in
      containers.

systemd (241-2) unstable; urgency=medium

  [ Martin Pitt ]
  * debian/tests/boot-smoke: Create journal and udevdb artifacts on all
    failures
  * autopkgtests: Replace obsolete $ADT_* variables
  * networkd-test: Ignore failures of test_route_only_dns* in containers.
    This test exposes a race condition when running in LXC, see issue #11848
    for details. Until that is understood and fixed, skip the test as it's
    not a recent regression. (Closes: #924539)
  * Bump Standards-Version to 4.3.0.
    No changes necessary.
  * debian/tests/boot-smoke: Only check current boot for connection timeouts.
    Otherwise we'll catch some
        Failed to resolve group 'render': Connection timed out
    messages that happen in earlier boots during VM setup, before the
    "render" group is created.
    Fixes https://github.com/systemd/systemd/issues/11875
  * timedated: Fix emitted value when ntp client is enabled/disabled.
    Fixes a regression introduced in 241.
  * debian/tests/timedated: Check enabling/disabling NTP.
    Assert that `timedatectl set-ntp` correctly controls the service, sets
    the `org.freedesktop.timedate1 NTP` property, and sends the right
    `PropertiesChanged` signal.
    This reproduces <https://github.com/systemd/systemd/issues/11944> and
    also the earlier <https://github.com/systemd/systemd/issues/9672>.

  [ Michael Biebl ]
  * Disable fallback DNS servers in resolved (Closes: #923081)
  * cgtop: Fix processing of controllers other than CPU (Closes: #921280)
  * udev: Restore debug level when logging a failure in the external prog
    called by IMPORT{program} (Closes: #924199)
  * core: Remove "." path components from required mount paths.
    Fixes mount related failures when a user's home directory contains "/./"
    (Closes: #923881)
  * udev.init: Use new s-s-d --notify-await to start udev daemon.
    Fixes a race condition during startup under SysV init.
    Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version
    of start-stop-daemon which supports --notify-await is installed.
    (Closes: #908796)
  * Make /dev/dri/renderD* accessible to group "render"
    Follow upstream and make render nodes available to a dedicated system
    group "render" instead of "video". Keep the uaccess tag for local,
    active users.

systemd (241-1) unstable; urgency=medium

  [ Adam Borowski ]
  * Make libpam-systemd Provide: logind, default-logind.
    This allows alternate logind implementations such as elogind, without
    having to recompile every dependent package -- as long as the client API
    remains compatible.
    These new virtual packages got policy-approved in #917431. (Closes: #915407)

  [ Felipe Sateler ]
  * New upstream version 241
    - Refresh patches
    - Backport upstream fix for Driver= matches in .network files

  [ Martin Pitt ]
  * debian/libsystemd0.symbols: Add new symbol from release 241
  * Fix various bugs and races in networkd tests.
    This should get the autopkgtest back to green, which regressed with
    dnsmasq 2.80.

systemd (240-6) unstable; urgency=high

  * High urgency as this fixes a vulnerability.

  [ Felipe Sateler ]
  * Reenable pristine-tar in gbp.conf.
    The pristine-tar bug has been fixed, so we can use it again.
    This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e.
  * d/watch: add version mangle to transform -rc to ~rc.
    Upstream has started releasing rcs, so let's account for that
  * Fix comment about why we disable hwclock.service.
    Systemd nowadays doesn't do it itself because the kernel does it on its
    own when necessary, and when not, it is not safe to save the hwclock (eg,
    there is no certainty the system clock
    is correct)
  * udev: Backport upstream preventing mass killings when not running under
    systemd (Closes: #918764)

  [ Dimitri John Ledkov ]
  * debian/tests/storage: improve cleanups.
    On fast ppc64el machines, cryptsetup start job may not complete by the
    time tearDown is executed. In that case stop, causes to simply cancel the
    start job without actually cleaning up the dmsetup node. This leads to
    failing subsequent test as it no longer starts with a clean device. Thus
    ensure the systemd-cryptsetup unit is started, before stopping it.
    Also rmmod scsi_debug module at the end, to allow re-running the test in a
    loop.
  * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
  * debian/tests/control: add socat to upstream tests for pull #11591
  * Blacklist TEST-10-ISSUE-2467 #11706
  * debian/tests/storage: fix for LUKS2 and avoid interactive password
    prompts.

  [ Martin Pitt ]
  * udevadm: Fix segfault with subsystem-match containing '/'
    (Closes: #919206)
  * sd-bus: if we receive an invalid dbus message, ignore and proceed
  * sd-bus: enforce a size limit on D-Bus object paths.
    This avoids accessing/modifying memory outside of the allocated stack
    region by sending specially crafted D-Bus messages with very large object
    paths.
    Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>,
    patch provided by Riccardo Schirone <rschiron@redhat.com>.
    (CVE-2019-6454)