Bug#929215: unblock: systemd/241-4

Michael Biebl biebl at debian.org
Sun May 19 11:19:29 BST 2019


Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock

Please unblock package systemd

All patches are cherry-picked from upstream git.

Annotated changelog:

systemd (241-4) unstable; urgency=medium

  * journal-remote: Do not request Content-Length if Transfer-Encoding is
    chunked (Closes: #927008)

https://salsa.debian.org/systemd-team/systemd/commit/d8e4bc4487b0f32b39b15152040351261329e92a

Without this fix, systemd-journal-remote is pretty much completely
broken, that's why I had marked this bug RC for the
systemd-journal-remote package


  * systemctl: Restore "systemctl reboot ARG" functionality.
    Fixes a regression introduced in v240. (Closes: #928659)

https://salsa.debian.org/systemd-team/systemd/commit/8127cbd86fadf245dd28666c1bfe82a3eb116448


  * random-util: Eat up bad RDRAND values seen on AMD CPUs.
    Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle
    while still reporting success via the carry flag.
    Filter out invalid data like -1 (and also 0, just to be sure).
    (Closes: #921267)

https://salsa.debian.org/systemd-team/systemd/commit/efbcf5102f0ac7b43a2f7b8c79084fdfd2d1fa72

RDRAND is used by systemd for its hashmap implementation. On some AMD
CPUs (AMD CPU family 22), RDRAND returns bogus data after
suspend/resume, leading to severe mis-behaviour of systemd. Typical
symptoms are failure to shutdown properly or when trying suspend again.


  * Add check to switch VTs only between K_XLATE or K_UNICODE.
    Switching to K_UNICODE from other than L_XLATE can make the keyboard
    unusable and possibly leak keypresses from X.
    (CVE-2018-20839, Closes: #929116)

https://salsa.debian.org/systemd-team/systemd/commit/5a564c6ef3906c0f3885a3a2aafce772393f760a


  * Document that DRM render nodes are now owned by group "render"
    (Closes: #926886)

https://salsa.debian.org/systemd-team/systemd/commit/e3772a013721083a740ab9dedbf060cf5b3c3709

Documentation update, which was explicitly requested for the
video->render change of the the /dev/dri/renderD* devices.

KiBi (and debian-boot) is in CC

Full debdiff is attached.

Regards,
Michael

unblock systemd/241-4

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-------------- next part --------------
diff --git a/debian/changelog b/debian/changelog
index 231cbb6..e13fd93 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,23 @@
+systemd (241-4) unstable; urgency=medium
+
+  * journal-remote: Do not request Content-Length if Transfer-Encoding is
+    chunked (Closes: #927008)
+  * systemctl: Restore "systemctl reboot ARG" functionality.
+    Fixes a regression introduced in v240. (Closes: #928659)
+  * random-util: Eat up bad RDRAND values seen on AMD CPUs.
+    Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle
+    while still reporting success via the carry flag.
+    Filter out invalid data like -1 (and also 0, just to be sure).
+    (Closes: #921267)
+  * Add check to switch VTs only between K_XLATE or K_UNICODE.
+    Switching to K_UNICODE from other than L_XLATE can make the keyboard
+    unusable and possibly leak keypresses from X.
+    (CVE-2018-20839, Closes: #929116)
+  * Document that DRM render nodes are now owned by group "render"
+    (Closes: #926886)
+
+ -- Michael Biebl <biebl at debian.org>  Fri, 17 May 2019 21:16:33 +0200
+
 systemd (241-3) unstable; urgency=high
 
   [ Michael Biebl ]
diff --git a/debian/patches/Add-check-to-switch-VTs-only-between-K_XLATE-or-K_UNICODE.patch b/debian/patches/Add-check-to-switch-VTs-only-between-K_XLATE-or-K_UNICODE.patch
new file mode 100644
index 0000000..6efd7ec
--- /dev/null
+++ b/debian/patches/Add-check-to-switch-VTs-only-between-K_XLATE-or-K_UNICODE.patch
@@ -0,0 +1,56 @@
+From: Balint Reczey <balint.reczey at canonical.com>
+Date: Wed, 24 Apr 2019 17:24:02 +0200
+Subject: Add check to switch VTs only between K_XLATE or K_UNICODE
+
+Switching to K_UNICODE from other than L_XLATE can make the keyboard
+unusable and possibly leak keypresses from X.
+
+BugLink: https://launchpad.net/bugs/1803993
+(cherry picked from commit 13a43c73d8cbac4b65472de04bb88ea1bacdeb89)
+---
+ src/basic/terminal-util.c     | 9 ++++++++-
+ src/vconsole/vconsole-setup.c | 7 +++++++
+ 2 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
+index 48ede7d..c7a7455 100644
+--- a/src/basic/terminal-util.c
++++ b/src/basic/terminal-util.c
+@@ -1273,11 +1273,18 @@ int vt_verify_kbmode(int fd) {
+ }
+ 
+ int vt_reset_keyboard(int fd) {
+-        int kb;
++        int kb, r;
+ 
+         /* If we can't read the default, then default to unicode. It's 2017 after all. */
+         kb = vt_default_utf8() != 0 ? K_UNICODE : K_XLATE;
+ 
++        r = vt_verify_kbmode(fd);
++        if (r == -EBUSY) {
++                log_debug_errno(r, "Keyboard is not in XLATE or UNICODE mode, not resetting: %m");
++                return 0;
++        } else if (r < 0)
++                return r;
++
+         if (ioctl(fd, KDSKBMODE, kb) < 0)
+                 return -errno;
+ 
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index be09619..bfa0f57 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -74,6 +74,13 @@ static int toggle_utf8(const char *name, int fd, bool utf8) {
+ 
+         assert(name);
+ 
++        r = vt_verify_kbmode(fd);
++        if (r == -EBUSY) {
++                log_warning_errno(r, "Virtual console %s is not in K_XLATE or K_UNICODE: %m", name);
++                return 0;
++        } else if (r < 0)
++                return log_warning_errno(r, "Failed to verify kbdmode on %s: %m", name);
++
+         r = ioctl(fd, KDSKBMODE, utf8 ? K_UNICODE : K_XLATE);
+         if (r < 0)
+                 return log_warning_errno(errno, "Failed to %s UTF-8 kbdmode on %s: %m", enable_disable(utf8), name);
diff --git a/debian/patches/Move-verify_vc_kbmode-to-terminal-util.c-as-vt_verify_kbm.patch b/debian/patches/Move-verify_vc_kbmode-to-terminal-util.c-as-vt_verify_kbm.patch
new file mode 100644
index 0000000..b91340f
--- /dev/null
+++ b/debian/patches/Move-verify_vc_kbmode-to-terminal-util.c-as-vt_verify_kbm.patch
@@ -0,0 +1,106 @@
+From: Balint Reczey <balint.reczey at canonical.com>
+Date: Wed, 24 Apr 2019 16:35:32 +0200
+Subject: Move verify_vc_kbmode() to terminal-util.c as vt_verify_kbmode()
+
+(cherry picked from commit bb5ac84d79ac3aef606a4a9eeaafef94a1f199be)
+---
+ src/basic/terminal-util.c     | 17 +++++++++++++++++
+ src/basic/terminal-util.h     |  1 +
+ src/vconsole/vconsole-setup.c | 23 +++--------------------
+ 3 files changed, 21 insertions(+), 20 deletions(-)
+
+diff --git a/src/basic/terminal-util.c b/src/basic/terminal-util.c
+index 0f38120..48ede7d 100644
+--- a/src/basic/terminal-util.c
++++ b/src/basic/terminal-util.c
+@@ -1255,6 +1255,23 @@ int vt_default_utf8(void) {
+         return parse_boolean(b);
+ }
+ 
++int vt_verify_kbmode(int fd) {
++        int curr_mode;
++
++        /*
++         * Make sure we only adjust consoles in K_XLATE or K_UNICODE mode.
++         * Otherwise we would (likely) interfere with X11's processing of the
++         * key events.
++         *
++         * http://lists.freedesktop.org/archives/systemd-devel/2013-February/008573.html
++         */
++
++        if (ioctl(fd, KDGKBMODE, &curr_mode) < 0)
++                return -errno;
++
++        return IN_SET(curr_mode, K_XLATE, K_UNICODE) ? 0 : -EBUSY;
++}
++
+ int vt_reset_keyboard(int fd) {
+         int kb;
+ 
+diff --git a/src/basic/terminal-util.h b/src/basic/terminal-util.h
+index c885e0a..b32528f 100644
+--- a/src/basic/terminal-util.h
++++ b/src/basic/terminal-util.h
+@@ -155,6 +155,7 @@ int openpt_in_namespace(pid_t pid, int flags);
+ int open_terminal_in_namespace(pid_t pid, const char *name, int mode);
+ 
+ int vt_default_utf8(void);
++int vt_verify_kbmode(int fd);
+ int vt_reset_keyboard(int fd);
+ int vt_restore(int fd);
+ int vt_release(int fd, bool restore_vt);
+diff --git a/src/vconsole/vconsole-setup.c b/src/vconsole/vconsole-setup.c
+index ebdeba3..be09619 100644
+--- a/src/vconsole/vconsole-setup.c
++++ b/src/vconsole/vconsole-setup.c
+@@ -68,23 +68,6 @@ static int verify_vc_allocation_byfd(int fd) {
+         return verify_vc_allocation(vcs.v_active);
+ }
+ 
+-static int verify_vc_kbmode(int fd) {
+-        int curr_mode;
+-
+-        /*
+-         * Make sure we only adjust consoles in K_XLATE or K_UNICODE mode.
+-         * Otherwise we would (likely) interfere with X11's processing of the
+-         * key events.
+-         *
+-         * http://lists.freedesktop.org/archives/systemd-devel/2013-February/008573.html
+-         */
+-
+-        if (ioctl(fd, KDGKBMODE, &curr_mode) < 0)
+-                return -errno;
+-
+-        return IN_SET(curr_mode, K_XLATE, K_UNICODE) ? 0 : -EBUSY;
+-}
+-
+ static int toggle_utf8(const char *name, int fd, bool utf8) {
+         int r;
+         struct termios tc = {};
+@@ -288,7 +271,7 @@ static void setup_remaining_vcs(int src_fd, unsigned src_idx, bool utf8) {
+                         continue;
+                 }
+ 
+-                if (verify_vc_kbmode(fd_d) < 0)
++                if (vt_verify_kbmode(fd_d) < 0)
+                         continue;
+ 
+                 toggle_utf8(ttyname, fd_d, utf8);
+@@ -363,7 +346,7 @@ static int find_source_vc(char **ret_path, unsigned *ret_idx) {
+                                 err = -fd;
+                         continue;
+                 }
+-                r = verify_vc_kbmode(fd);
++                r = vt_verify_kbmode(fd);
+                 if (r < 0) {
+                         if (!err)
+                                 err = -r;
+@@ -396,7 +379,7 @@ static int verify_source_vc(char **ret_path, const char *src_vc) {
+         if (r < 0)
+                 return log_error_errno(r, "Virtual console %s is not allocated: %m", src_vc);
+ 
+-        r = verify_vc_kbmode(fd);
++        r = vt_verify_kbmode(fd);
+         if (r < 0)
+                 return log_error_errno(r, "Virtual console %s is not in K_XLATE or K_UNICODE: %m", src_vc);
+ 
diff --git a/debian/patches/journal-remote-do-not-request-Content-Length-if-Transfer-.patch b/debian/patches/journal-remote-do-not-request-Content-Length-if-Transfer-.patch
new file mode 100644
index 0000000..a8ab578
--- /dev/null
+++ b/debian/patches/journal-remote-do-not-request-Content-Length-if-Transfer-.patch
@@ -0,0 +1,74 @@
+From: Yu Watanabe <watanabe.yu+github at gmail.com>
+Date: Mon, 11 Mar 2019 12:27:18 +0900
+Subject: journal-remote: do not request Content-Length if Transfer-Encoding
+ is chunked
+
+This fixes a bug introduced by 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd.
+
+Closes #11571.
+
+(cherry picked from commit a289dfd69b3ff4bccdde93e84b67c947bafa27e1)
+---
+ src/journal-remote/journal-remote-main.c | 41 +++++++++++++++++++++-----------
+ 1 file changed, 27 insertions(+), 14 deletions(-)
+
+diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
+index 802c3ea..2321a91 100644
+--- a/src/journal-remote/journal-remote-main.c
++++ b/src/journal-remote/journal-remote-main.c
+@@ -265,6 +265,7 @@ static int request_handler(
+         const char *header;
+         int r, code, fd;
+         _cleanup_free_ char *hostname = NULL;
++        bool chunked = false;
+         size_t len;
+ 
+         assert(connection);
+@@ -290,21 +291,33 @@ static int request_handler(
+                 return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
+                                    "Content-Type: application/vnd.fdo.journal is required.");
+ 
++        header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Transfer-Encoding");
++        if (header) {
++                if (!strcaseeq(header, "chunked"))
++                        return mhd_respondf(connection, 0, MHD_HTTP_BAD_REQUEST,
++                                            "Unsupported Transfer-Encoding type: %s", header);
++
++                chunked = true;
++        }
++
+         header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Length");
+-        if (!header)
+-                return mhd_respond(connection, MHD_HTTP_LENGTH_REQUIRED,
+-                                   "Content-Length header is required.");
+-        r = safe_atozu(header, &len);
+-        if (r < 0)
+-                return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED,
+-                                    "Content-Length: %s cannot be parsed: %m", header);
+-
+-        if (len > ENTRY_SIZE_MAX)
+-                /* When serialized, an entry of maximum size might be slightly larger,
+-                 * so this does not correspond exactly to the limit in journald. Oh well.
+-                 */
+-                return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
+-                                    "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
++        if (header) {
++                if (chunked)
++                        return mhd_respond(connection, MHD_HTTP_BAD_REQUEST,
++                                           "Content-Length must not specified when Transfer-Encoding type is 'chuncked'");
++
++                r = safe_atozu(header, &len);
++                if (r < 0)
++                        return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED,
++                                            "Content-Length: %s cannot be parsed: %m", header);
++
++                if (len > ENTRY_SIZE_MAX)
++                        /* When serialized, an entry of maximum size might be slightly larger,
++                         * so this does not correspond exactly to the limit in journald. Oh well.
++                         */
++                        return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
++                                            "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
++        }
+ 
+         {
+                 const union MHD_ConnectionInfo *ci;
diff --git a/debian/patches/random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch b/debian/patches/random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch
new file mode 100644
index 0000000..5c464ad
--- /dev/null
+++ b/debian/patches/random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch
@@ -0,0 +1,54 @@
+From: Michael Biebl <biebl at debian.org>
+Date: Tue, 14 May 2019 13:12:35 +0200
+Subject: random-util: eat up bad RDRAND values seen on AMD CPUs
+
+An ugly, ugly work-around for #11810. And no, we shouldn't have to do
+this. This is something for AMD, the firmware or the kernel to
+fix/work-around, not us. But nonetheless, this should do it for now.
+
+Fixes: #11810
+(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077)
+---
+ src/basic/random-util.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/random-util.c b/src/basic/random-util.c
+index f7decf6..38f8180 100644
+--- a/src/basic/random-util.c
++++ b/src/basic/random-util.c
+@@ -37,6 +37,7 @@ int rdrand(unsigned long *ret) {
+ 
+ #if defined(__i386__) || defined(__x86_64__)
+         static int have_rdrand = -1;
++        unsigned long v;
+         unsigned char err;
+ 
+         if (have_rdrand < 0) {
+@@ -56,7 +57,7 @@ int rdrand(unsigned long *ret) {
+ 
+         asm volatile("rdrand %0;"
+                      "setc %1"
+-                     : "=r" (*ret),
++                     : "=r" (v),
+                        "=qm" (err));
+ 
+ #if HAS_FEATURE_MEMORY_SANITIZER
+@@ -66,6 +67,18 @@ int rdrand(unsigned long *ret) {
+         if (!err)
+                 return -EAGAIN;
+ 
++        /* Apparently on some AMD CPUs RDRAND will sometimes (after a suspend/resume cycle?) report success
++         * via the carry flag but nonetheless return the same fixed value -1 in all cases. This appears to be
++         * a bad bug in the CPU or firmware. Let's deal with that and work-around this by explicitly checking
++         * for this special value (and also 0, just to be sure) and filtering it out. This is a work-around
++         * only however and something AMD really should fix properly. The Linux kernel should probably work
++         * around this issue by turning off RDRAND altogether on those CPUs. See:
++         * https://github.com/systemd/systemd/issues/11810 */
++        if (v == 0 || v == ULONG_MAX)
++                return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN),
++                                       "RDRAND returned suspicious value %lx, assuming bad hardware RNG, not using value.", v);
++
++        *ret = v;
+         return 0;
+ #else
+         return -EOPNOTSUPP;
diff --git a/debian/patches/series b/debian/patches/series
index c4bdca5..ead31db 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,6 +16,11 @@ networkd-clarify-that-IPv6-RA-uses-our-own-stack-no-the-k.patch
 network-remove-routing-policy-rule-from-foreign-rule-data.patch
 network-do-not-remove-rule-when-it-is-requested-by-existi.patch
 pam-systemd-use-secure_getenv-rather-than-getenv.patch
+journal-remote-do-not-request-Content-Length-if-Transfer-.patch
+systemctl-restore-systemctl-reboot-ARG-functionality.patch
+random-util-eat-up-bad-RDRAND-values-seen-on-AMD-CPUs.patch
+Move-verify_vc_kbmode-to-terminal-util.c-as-vt_verify_kbm.patch
+Add-check-to-switch-VTs-only-between-K_XLATE-or-K_UNICODE.patch
 debian/Use-Debian-specific-config-files.patch
 debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
 debian/Make-run-lock-tmpfs-an-API-fs.patch
diff --git a/debian/patches/systemctl-restore-systemctl-reboot-ARG-functionality.patch b/debian/patches/systemctl-restore-systemctl-reboot-ARG-functionality.patch
new file mode 100644
index 0000000..b10ee8b
--- /dev/null
+++ b/debian/patches/systemctl-restore-systemctl-reboot-ARG-functionality.patch
@@ -0,0 +1,108 @@
+From: =?utf-8?b?VmVzYSBKw6TDpHNrZWzDpGluZW4=?=
+ <vesa.jaaskelainen at vaisala.com>
+Date: Sat, 9 Mar 2019 22:30:45 +0200
+Subject: systemctl: restore "systemctl reboot ARG" functionality
+
+Commit d85515edcf9700dc068201ab9f7103f04f3b25b2 changed logic how reboot is
+executed. That commit changed behavior to use emergency action reboot code path
+to perform the reboot.
+
+This inadvertently broke rebooting with argument:
+$ systemctl reboot custom-reason
+
+Restore original behavior so that if reboot service unit similar to
+systemd-reboot.service is executed it is possible to override reboot reason
+with "systemctl reboot ARG".
+
+When "systemctl reboot ARG" is executed ARG is placed in file
+/run/systemd/reboot-param and reboot is issued using logind's Reboot
+dbus-service.
+
+If RebootArgument is specified in systemd-reboot.service it takes precedence
+over what systemctl sets.
+
+Fixes: #11828
+(cherry picked from commit 77defcf5382a557189350f928967d676510e362c)
+---
+ src/core/emergency-action.c | 4 ++--
+ src/shared/reboot-util.c    | 5 ++++-
+ src/shared/reboot-util.h    | 2 +-
+ src/systemctl/systemctl.c   | 4 ++--
+ 4 files changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
+index f98b0de..52edec0 100644
+--- a/src/core/emergency-action.c
++++ b/src/core/emergency-action.c
+@@ -47,7 +47,7 @@ int emergency_action(
+         case EMERGENCY_ACTION_REBOOT:
+                 log_and_status(m, warn, "Rebooting", reason);
+ 
+-                (void) update_reboot_parameter_and_warn(reboot_arg);
++                (void) update_reboot_parameter_and_warn(reboot_arg, true);
+                 (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL);
+ 
+                 break;
+@@ -55,7 +55,7 @@ int emergency_action(
+         case EMERGENCY_ACTION_REBOOT_FORCE:
+                 log_and_status(m, warn, "Forcibly rebooting", reason);
+ 
+-                (void) update_reboot_parameter_and_warn(reboot_arg);
++                (void) update_reboot_parameter_and_warn(reboot_arg, true);
+                 m->objective = MANAGER_REBOOT;
+ 
+                 break;
+diff --git a/src/shared/reboot-util.c b/src/shared/reboot-util.c
+index ca40159..6d5eee0 100644
+--- a/src/shared/reboot-util.c
++++ b/src/shared/reboot-util.c
+@@ -12,10 +12,13 @@
+ #include "umask-util.h"
+ #include "virt.h"
+ 
+-int update_reboot_parameter_and_warn(const char *parameter) {
++int update_reboot_parameter_and_warn(const char *parameter, bool keep) {
+         int r;
+ 
+         if (isempty(parameter)) {
++                if (keep)
++                        return 0;
++
+                 if (unlink("/run/systemd/reboot-param") < 0) {
+                         if (errno == ENOENT)
+                                 return 0;
+diff --git a/src/shared/reboot-util.h b/src/shared/reboot-util.h
+index d459333..ac59b7d 100644
+--- a/src/shared/reboot-util.h
++++ b/src/shared/reboot-util.h
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: LGPL-2.1+ */
+ #pragma once
+ 
+-int update_reboot_parameter_and_warn(const char *parameter);
++int update_reboot_parameter_and_warn(const char *parameter, bool keep);
+ 
+ typedef enum RebootFlags {
+         REBOOT_LOG      = 1 << 0, /* log about what we are going to do and all errors */
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 63dae2c..d05219d 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -3634,7 +3634,7 @@ static int start_special(int argc, char *argv[], void *userdata) {
+                 return r;
+ 
+         if (a == ACTION_REBOOT && argc > 1) {
+-                r = update_reboot_parameter_and_warn(argv[1]);
++                r = update_reboot_parameter_and_warn(argv[1], false);
+                 if (r < 0)
+                         return r;
+ 
+@@ -8005,7 +8005,7 @@ static int halt_parse_argv(int argc, char *argv[]) {
+                 }
+ 
+         if (arg_action == ACTION_REBOOT && (argc == optind || argc == optind + 1)) {
+-                r = update_reboot_parameter_and_warn(argc == optind + 1 ? argv[optind] : NULL);
++                r = update_reboot_parameter_and_warn(argc == optind + 1 ? argv[optind] : NULL, false);
+                 if (r < 0)
+                         return r;
+         } else if (optind < argc)
diff --git a/debian/udev.NEWS b/debian/udev.NEWS
index abca3dd..5a0194e 100644
--- a/debian/udev.NEWS
+++ b/debian/udev.NEWS
@@ -1,3 +1,13 @@
+systemd (241-4) unstable; urgency=medium
+
+  DRM render nodes (/dev/dri/renderD*) are now owned by group "render"
+  (previously group "video"). Dynamic ACLs via the "uaccess" udev tag are still
+  applied, so in the common case things should just continue to work.
+  If you rely on static permissions to access those devices, you need to update
+  group memberships accordingly to use group "render" now.
+
+ -- Michael Biebl <biebl at debian.org>  Fri, 17 May 2019 19:15:32 +0200
+
 systemd (220-7) unstable; urgency=medium
 
   The mechanism for providing stable network interface names changed.


More information about the Pkg-systemd-maintainers mailing list