Debian Patches
Status for systemd/252.39-1~deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| p11kit-switch-to-dlopen.patch | p11kit: switch to dlopen() | Luca Boccassi <bluca@debian.org> | no | 2022-12-17 | ||
| debian/Use-Debian-specific-config-files.patch | Use Debian specific config files Use /etc/default/locale instead of /etc/locale.conf for locale settings. Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for keyboard configuration. |
Michael Biebl <biebl@debian.org> | no | 2013-07-18 | ||
| debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch | Bring tmpfiles.d/tmp.conf in line with Debian defaults | Tollef Fog Heen <tfheen@err.no> | no | 2012-06-05 | ||
| debian/Make-run-lock-tmpfs-an-API-fs.patch | Make /run/lock tmpfs an API fs The /run/lock directory is world-writable in Debian due to historic reasons. To avoid user processes filling up /run, we mount a separate tmpfs for /run/lock. As this directory needs to be available during early boot, we make it an API fs. Drop it from tmpfiles.d/legacy.conf to not clobber the permissions. |
Michael Biebl <biebl@debian.org> | no | 2014-09-05 | ||
| debian/Add-support-for-TuxOnIce-hibernation.patch | Add support for TuxOnIce hibernation systemd does not support non-mainline kernel features so upstream rejected this patch. It is however required for systemd integration by tuxonice-userui package. |
Julien Muchembled <jm@jmuchemb.eu> | yes | 2014-04-29 | ||
| debian/Re-enable-journal-forwarding-to-syslog.patch | Re-enable journal forwarding to syslog Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers can/do all read from the journal directly. See http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved to pulling from the journal one by one and disable forwarding again in such a conf.d snippet. |
Martin Pitt <martin.pitt@ubuntu.com> | no | 2014-11-28 | ||
| debian/Don-t-enable-audit-by-default.patch | Don't enable audit by default It causes flooding of dmesg and syslog, suppressing actually important messages. Don't enable it for now, until a better solution is found: http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html |
Martin Pitt <martin.pitt@ubuntu.com> | no | debian | 2014-12-28 | |
| debian/Only-start-logind-if-dbus-is-installed.patch | Only start logind if dbus is installed logind fails to start in environments without dbus, such as LXC containers or servers. Add a startup condition to avoid the very noisy startup failure. Consider both dbus-daemon (the reference implementation) and dbus-broker. Part of #772700 |
Martin Pitt <martin.pitt@ubuntu.com> | no | 2015-02-09 | ||
| debian/fsckd-daemon-for-inter-fsckd-communication.patch | fsckd daemon for inter-fsckd communication Global logic: Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's /run/systemd/fsck.progress socket) fsck instances to connect to it and sends progress report. systemd-fsckd then computes and writes to /dev/console the number of devices currently being checked and the minimum fsck progress. Plymouth and user interaction: Forward the progress to plymouth and support canellation of in progress fsck. Try to connect and send to plymouth (if running) some checked report progress, using direct plymouth protocole. Update message is the following: fsckd:<num_devices>:<progress>:<string> * num_devices corresponds to the current number of devices being checked (int) * progress corresponds to the current minimum percentage of all devices being checked (float, from 0 to 100) * string is a translated message ready to be displayed by the plymouth theme displaying the information above. It can be overridden by plymouth themes supporting i18n. Grab in fsckd plymouth watch key Control+C, and propagate this cancel request to systemd-fsck which will terminate fsck. Send a message to signal to user what key we are grabbing for fsck cancel. Message is: fsckd-cancel-msg:<string> Where string is a translated string ready to be displayed by the plymouth theme indicating that Control+C can be used to cancel current checks. It can be overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n. Misc: systemd-fsckd stops on idle when no fsck is connected. Add man page explaining the plymouth theme protocol, usage of the daemon as well as the socket activation part. Adapt existing fsck man page. Note that fsckd had lived in the upstream tree for a while, but was removed. More information at http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html - |
Didier Roche <didrocks@ubuntu.com> | no | 2015-05-22 | ||
| debian/Skip-filesystem-check-if-already-done-by-the-initram.patch | Skip filesystem check if already done by the initramfs Newer versions of initramfs-tools already fsck and mount / and /usr in the initramfs. Skip the filesystem check in this case. Based on a previous patch by Michael Biebl <biebl@debian.org>. |
Nis Martensen <nis.martensen@web.de> | no | 2016-01-19 | ||
| debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch | Revert "core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it" This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. |
Martin Pitt <martin.pitt@ubuntu.com> | no | debian | 2015-04-27 | |
| debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch | Revert "core: set RLIMIT_CORE to unlimited by default" Partially revert commit 15a900327ab as this completely breaks core dumps without systemd-coredump. It's also contradicting core(8), and it's not systemd's place to redefine the kernel definitions of core files. Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This isn't what RLIMIT_CORE is supposed to do (it limits the size of the core *file*, but the kernel deliberately ignores it for piping), so set a static 2^63 core size limit for systemd-coredump to go back to the previous behaviour (otherwise the change above would break systemd-coredump). |
Martin Pitt <martin.pitt@ubuntu.com> | no | debian | 2016-02-27 | |
| debian/Let-graphical-session-pre.target-be-manually-started.patch | Let graphical-session-pre.target be manually started This is needed until https://github.com/systemd/systemd/issues/3750 is fixed. |
Iain Lane <iain@orangesquash.org.uk> | not-needed | 2016-08-22 | ||
| debian/deny-list-upstream-test-25.patch | deny-list-upstream-test-25 | Dan Streetman <ddstreet@canonical.com> | yes | upstream | 2019-11-06 | |
| debian/deny-list-upstream-test-02-ppc64el.patch | deny-list-upstream-test-02-ppc64el | Dan Streetman <ddstreet@canonical.com> | yes | upstream | 2019-11-06 | |
| debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch | udev: drop SystemCallArchitectures=native from systemd-udevd.service We can't really control what helper programs are run from other udev rules. E.g. running i386 binaries under amd64 is a valid use case and should not trigger a SIGSYS failure. |
Michael Biebl <biebl@debian.org> | no | 2019-11-19 | ||
| debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch | Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr In Debian, late mounting of /usr is no longer supported, so it is safe to install those files in /usr. We want those facilities in /usr, not /, as this will make an eventual switch to a merged-usr setup easier. |
Michael Biebl <biebl@debian.org> | no | 2020-10-15 | ||
| debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch | systemctl: do not shutdown immediately on scheduled shutdown When, for whatever reason, a scheduled shutdown fails to be set, systemd will proceed with immediate shutdown without allowing the user to react. This is counterintuitive because when a scheduled shutdown is issued, it means the user wants to shutdown at a specified time in the future, not immediately. This patch prevents the immediate shutdown and informs the user that no action will be taken. |
Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com> | no | 2020-12-17 | ||
| debian/Downgrade-a-couple-of-warnings-to-debug.patch | Downgrade a couple of warnings to debug If a package still ships only a SysV init script or if a service file or tmpfile uses /var/run, downgrade those messages to debug. We can use lintian to detect those issues. For service files and tmpfiles in /etc, keep the warning, as those files are typically added locally and aren't checked by lintian. |
Michael Biebl <biebl@debian.org> | no | 2021-02-16 | ||
| debian/Skip-flaky-test_resolved_domain_restricted_dns-in-network.patch | Skip flaky test_resolved_domain_restricted_dns in networkd-test.py This test is part of DnsmasqClientTest and does not work reliably under LXC/debci, so skip it for the time being. |
Michael Biebl <biebl@debian.org> | no | 2022-12-13 | ||
| test-cgroup-Ignore-ENOENT-from-cg_create.patch | test-cgroup: Ignore ENOENT from cg_create() which was the only test failure building systemd-252-51.el9 in a container, also previously reported against 252-rc1 under Gentoo in #25015 (cherry picked from commit 470da651109e2636c624ac27257a7a64472192f6) |
Solar Designer <solar@ciq.com> | no | upstream, https://github.com/systemd/systemd/commit/2fb0cb64c346e464b7189328146f7d003dc0f714 | 2025-07-11 | |
| CVE-2026-4105.patch | machined: reject invalid class types when registering machines Follow-up for fbe550738d03b178bb004a1390e74115e904118a (cherry picked from commit 6df5f80bd374be1b45c52d740e88f0236da922c7) (cherry picked from commit 497d0172416cbb5b70f96b95399d041407c223bd) (cherry picked from commit 749e2eaf7086c91598cf7043a31919854b1c2dfe) |
Luca Boccassi <luca.boccassi@gmail.com> | no | backport, https://github.com/systemd/systemd/commit/6941d92dc299667036cbe264435971cec59ebc76 | 2026-03-08 | |
| CVE-2026-29111-1.patch | path-util: add flavour of path_startswith() that leaves a leading slash in place (cherry picked from commit ee19edbb9f3455db3f750089082f3e5a925e3a0c) |
Lennart Poettering <lennart@poettering.net> | no | backport, https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6 | 2025-05-19 | |
| CVE-2026-29111-2.patch | path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag As requested: https://github.com/systemd/systemd/pull/37572#pullrequestreview-2861928094 (cherry picked from commit ceed11e465f1c8efff1931412a85924d9de7c08d) |
Lennart Poettering <lennart@poettering.net> | no | backport, https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69 | 2025-05-23 | |
| CVE-2026-29111-3.patch | core/cgroup: avoid one unnecessary strjoina() (cherry picked from commit 42aee39107fbdd7db1ccd402a2151822b2805e9f) (cherry picked from commit 80acea4ef80a4bb78560ed970c34952299b890d6) (cherry picked from commit b5fd14693057e5f2c9b4a49603be64ec3608ff6c) |
Mike Yuan <me@yhndnzj.com> | no | backport, https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412 | 2026-02-26 | |
| CVE-2026-29111-4.patch | core: validate input cgroup path more prudently (cherry picked from commit efa6ba2ab625aaa160ac435a09e6482fc63bdbe8) (cherry picked from commit 3cee294fe8cf4fa0eff933ab21416d099942cabd) (cherry picked from commit 1d22f706bd04f45f8422e17fbde3f56ece17758a) |
Mike Yuan <me@yhndnzj.com> | no | upstream, https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f | 2026-02-26 | |
| CVE-2026-40225.patch | udev: check for invalid chars in various fields received from the kernel (cherry picked from commit 16325b35fa6ecb25f66534a562583ce3b96d52f3) (cherry picked from commit 3513862eabe9ec4a6a095d7266e98f998f289ed2) (cherry picked from commit c20d21e0da293e715db468f9f4a15a5c8fbf8273) |
Luca Boccassi <luca.boccassi@gmail.com> | no | backport, https://github.com/systemd/systemd/commit/03bb697b8df0339c37f4b845025320b261aeb7cc | 2026-03-06 | |
| CVE-2026-40226-1.patch | nspawn: apply BindUser/Ephemeral from settings file only if trusted Originally reported on yeswehack.com as: YWH-PGM9780-116 Follow-up for 2f8930449079403b26c9164b8eeac78d5af2c8df Follow-up for a2f577fca0be79b23f61f033229b64884e7d840a (cherry picked from commit 61bceb1bff4b1f9c126b18dc971ca3e6d8c71c40) (cherry picked from commit 718711ed876c870a72149eea279b819cdab14e91) (cherry picked from commit e4db9c12957d315c0ed22c6ca87a816d0927d6dc) |
Luca Boccassi <luca.boccassi@gmail.com> | no | upstream, https://github.com/systemd/systemd/commit/773fd3b6e72e6c83cbb1cfc1cb20f3793db8649a | 2026-03-11 | |
| CVE-2026-40226-2.patch | nspawn: normalize pivot_root paths Originally reported on yeswehack.com as: YWH-PGM9780-116 Follow-up for b53ede699cdc5233041a22591f18863fb3fe2672 (cherry picked from commit 7b85f5498a958e5bb660c703b8f4a71cceed3373) (cherry picked from commit 6566dc1451089e07090f5a114ae2eb43ed39188d) (cherry picked from commit 1c55a0a5e26a07df828f72092ad1203e221b60db) |
Luca Boccassi <luca.boccassi@gmail.com> | no | upstream, https://github.com/systemd/systemd/commit/bfa0a842822c4f79da9d47f8a773fd128d8f8a0a | 2026-03-11 |
All known versions for source package 'systemd'
- 261~rc1-1 (sid)
- 260.1-1 (forky)
- 257.13-1~deb13u1 (trixie)
- 257.8-1~deb13u2 (trixie-updates)
- 254.26-1~bpo12+1 (bookworm-backports)
- 252.39-1~deb12u2 (bookworm)
- 252.38-1~deb12u1 (bookworm-security)