hi again, not sure if the most sensible approach anyway in bionic I tried to revert the last two patches from the source of systemd_237-3ubuntu10.9.debian with the following commands:
export QUILT_PATCHES=debian/patches export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" quilt pop quilt pop sed 's/^CVE-2018-6954.*/#&/' debian/patches/series Then I recompiled and installed the new package and the error disappear. Anyway the involved patches were there to fix some issues: $ quilt header patches/CVE-2018-6954 Description: tmpfiles: don't resolve pathnames when traversing recursively through directory trees Otherwise we can be fooled if one path component is replaced underneath us. The patch achieves that by always operating at file descriptor level (by using *at() helpers) and by making sure we do not any path resolution when traversing direcotry trees. However this is not always possible, for instance when listing the content of a directory or some operations don't provide the *at() helpers or others (such as fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on /proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of objects and requires no checking of type beforehand. Also O_PATH flag is used when opening file objects in order to prevent undesired behaviors: device nodes from reacting, automounts from triggering, etc... Fixes: CVE-2018-6954 Origin: upstream, https://github.com/systemd/systemd/commit/936f6bdb803c432578e2cdcc5f93f3bfff93aff0 Bug: https://github.com/systemd/systemd/issues/7986 $ quilt header patches/CVE-2018-6954_2 Description: Make tmpfiles safe In addition to backporting the changesets in #8822, this also backports e04fc13 (test: add tests for systemd-tmpfiles), as well as empty_to_root() from v239. Origin: upstream, https://github.com/systemd/systemd/pull/8822/commits Bug: https://github.com/systemd/systemd/issues/7986 So I'm not sure if it's a secure/stable workaround Maybe it would be better mixixing up the releases installing the patched package from cosmic-proposed... I will test on another snapshot to see what happens.. Just a curiosity: is bionic still supported? ** Bug watch added: github.com/systemd/systemd/issues #7986 https://github.com/systemd/systemd/issues/7986 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1804603 Title: systemd-tmpfiles-setup.service fails on btrfs Status in systemd package in Ubuntu: Fix Released Status in systemd source package in Bionic: Confirmed Status in systemd source package in Cosmic: Fix Committed Status in systemd source package in Disco: Fix Released Bug description: [Impact] * Last security update introduced a regression on btrfs based systems, causing systemd-tmpfiles-setup.service to fail to start, resulting in degraded machines. * Cherrypick upstream fixes to resolve this. [Test Case] * Install VM using btrfs for / * Boot, check that systemd-tmpfiles-setup.service is started successfully with: $ systemctl status systemd-tmpfiles-setup.service [Regression Potential] * btrfs fd doesn't support the set of flags that systemd used, with this patch, a compat set of flags is set instead, thus resolving the introduced regression. The worst case scenario is that creating subvolumes/directories is still broken (as in, the current status quo). [Other Info] * Example bad output After update to systemd 237-3ubuntu10.9 systemd-tmpfiles-setup.service fails with: Nov 21 13:44:12 node-blc49 systemd[1]: Starting Create Volatile Files and Directories... Nov 21 13:44:12 node-blc49 systemd-tmpfiles[1226]: Failed to create directory or subvolume "/var": Bad file descriptor Nov 21 13:44:12 node-blc49 systemd-tmpfiles[1226]: Failed to create directory or subvolume "/home": Bad file descriptor Nov 21 13:44:12 node-blc49 systemd-tmpfiles[1226]: Failed to create directory or subvolume "/srv": Bad file descriptor Nov 21 13:44:12 node-blc49 systemd[1]: systemd-tmpfiles-setup.service: Main process exited, code=exited, status=1/FAILURE Nov 21 13:44:12 node-blc49 systemd[1]: systemd-tmpfiles-setup.service: Failed with result 'exit-code'. Nov 21 13:44:12 node-blc49 systemd[1]: Failed to start Create Volatile Files and Directories. This happens on btrfs root filesystems in real hardware and on our virtualized servers as well. 237-3ubuntu10.6 didnt show this errors and going back to 237-3ubuntu10 removes them as well. # lsb_release -rd Description: Ubuntu 18.04.1 LTS Release: 18.04 # apt-cache policy systemd systemd: Installiert: 237-3ubuntu10.9 Installationskandidat: 237-3ubuntu10.9 Versionstabelle: *** 237-3ubuntu10.9 500 500 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages 100 /var/lib/dpkg/status 237-3ubuntu10 500 500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804603/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
