diff -Nru systemd-248.3/debian/changelog systemd-248.3/debian/changelog --- systemd-248.3/debian/changelog 2022-03-24 01:02:23.000000000 +0800 +++ systemd-248.3/debian/changelog 2022-03-30 11:52:49.000000000 +0800 @@ -1,26 +1,9 @@ -systemd (248.3-1ubuntu8.4) impish; urgency=medium +systemd (248.3-1ubuntu8.5) impish; urgency=medium - [ Lukas Märdian ] - * Fix deadlock between pid1 and dbus-daemon (LP: #1871538) - Author: Lukas Märdian - File: debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f79535077473902bad911dc2652a2fff4066fa30 - * Don't override Ubuntu's default sysctl values (LP: #1962038) - Author: Lukas Märdian - File: debian/patches/debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3ba2764d8f77e616461c9722923f685fad79f8c6 + * Add mic mute key for HP Elite x360 series. (LP: #1967038) + - debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch - -- Nick Rosbrook Wed, 23 Mar 2022 13:02:23 -0400 - -systemd (248.3-1ubuntu8.3) impish; urgency=medium - - [ Jeremy Szu ] - * Add a allowlist to unblock intel-hid on new HP machines (LP: #1955997) - Author: Jeremy Szu - File: debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=554d46e6a6ab80befd424ead7ffa8e6f993b5f66 - - -- Lukas Märdian Tue, 08 Feb 2022 17:59:43 +0100 + -- Andy Chi Wed, 30 Mar 2022 03:52:49 +0000 systemd (248.3-1ubuntu8.2) impish-security; urgency=medium diff -Nru systemd-248.3/debian/patches/debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch systemd-248.3/debian/patches/debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch --- systemd-248.3/debian/patches/debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch 2022-03-24 01:02:23.000000000 +0800 +++ systemd-248.3/debian/patches/debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch 1970-01-01 08:00:00.000000000 +0800 @@ -1,30 +0,0 @@ -From: =?utf-8?q?Lukas_M=C3=A4rdian?= -Date: Fri, 25 Feb 2022 12:01:25 +0100 -Subject: Don't override Ubuntu's default sysctl values (LP: #1962038) - ---- - sysctl.d/50-default.conf | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf -index f41e24b..ea442a8 100644 ---- a/sysctl.d/50-default.conf -+++ b/sysctl.d/50-default.conf -@@ -16,7 +16,7 @@ - # Use kernel.sysrq = 1 to allow all keys. - # See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list - # of values and keys. --kernel.sysrq = 16 -+#kernel.sysrq = 16 # Ubuntu uses /etc/sysctl.d/10-magic-sysrq.conf - - # Append the PID to the core filename - kernel.core_uses_pid = 1 -@@ -24,7 +24,7 @@ kernel.core_uses_pid = 1 - # Source route verification - net.ipv4.conf.default.rp_filter = 2 - net.ipv4.conf.*.rp_filter = 2 ---net.ipv4.conf.all.rp_filter -+#-net.ipv4.conf.all.rp_filter # Ubuntu uses /etc/sysctl.d/10-network-security.conf - - # Do not accept source routing - net.ipv4.conf.default.accept_source_route = 0 diff -Nru systemd-248.3/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch systemd-248.3/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch --- systemd-248.3/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch 1970-01-01 08:00:00.000000000 +0800 +++ systemd-248.3/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch 2022-03-30 11:50:43.000000000 +0800 @@ -0,0 +1,26 @@ +From f09f6dc2c8f59b2b58159cc413b605a547c8646e Mon Sep 17 00:00:00 2001 +From: Andy Chi +Date: Tue, 29 Mar 2022 15:36:13 +0800 +Subject: [PATCH] hwdb: Add mic mute key mapping for HP Elite x360 + +On the new Elite x360 2 in 1 HP laptops, the microphone mute hotkey is "Fn+F8" and +the scancode for this hotkey is 0x81, but this scancode was mapped to +fn_esc in the HP generic keymap section. To fix this problem, we add +a machine specific keymap section to add the correct keymap rule. +--- + hwdb.d/60-keyboard.hwdb | 2 ++ + 1 file changed, 2 insertions(+) + +Index: systemd/hwdb.d/60-keyboard.hwdb +=================================================================== +--- systemd.orig/hwdb.d/60-keyboard.hwdb ++++ systemd/hwdb.d/60-keyboard.hwdb +@@ -627,6 +627,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett + # HP EliteBook + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBook*:* + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:* ++# HP Elite x360 ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPElite*x360*:* + # HP Elite Dragonfly + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteDragonfly*:* + # HP ProBook 440 G2 diff -Nru systemd-248.3/debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch systemd-248.3/debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch --- systemd-248.3/debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch 2022-03-24 01:02:23.000000000 +0800 +++ systemd-248.3/debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch 1970-01-01 08:00:00.000000000 +0800 @@ -1,30 +0,0 @@ -From: Jeremy Szu -Date: Tue, 8 Feb 2022 17:22:15 +0100 -Subject: lp1955997: add a allowlist to unblock intel-hid on HP machines - -For LP: #1955997, HP retired hp-wireless since 2022 and also confirmed the -correct source should be intel-hid instead of atkbd. Upstream already unblock -intel-hid on HP machines but it's risky to backport to stable series because -of pre-2022 machines. -I propose to maintain a allowlist on impish. For jammy, please refer to -LP: #1955997 for more details ---- - hwdb.d/60-keyboard.hwdb | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb -index 22f06c5..3a9705b 100644 ---- a/hwdb.d/60-keyboard.hwdb -+++ b/hwdb.d/60-keyboard.hwdb -@@ -501,6 +501,11 @@ evdev:input:b0003v0458p0708* - evdev:name:Intel HID events:dmi:bvn*:bvr*:bd*:svnHP*:pn*:* - KEYBOARD_KEY_8=unknown # Use hp-wireless instead - -+# The allowlist to unblock intel-hid on HP machines. -+evdev:name:Intel HID events:dmi:bvn*:bvr*:bd*:svnHP*:pnHPZBookFury16inchG9MobileWorkstationPC:pvr* -+evdev:name:Intel HID events:dmi:bvn*:bvr*:bd*:svnHP*:pnHPZBookStudio16.0InchMobileWorkstationPC:pvr* -+ KEYBOARD_KEY_8=wlan -+ - evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*:* - evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pn*:* - KEYBOARD_KEY_81=fn_esc diff -Nru systemd-248.3/debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch systemd-248.3/debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch --- systemd-248.3/debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch 2022-03-24 01:02:23.000000000 +0800 +++ systemd-248.3/debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch 1970-01-01 08:00:00.000000000 +0800 @@ -1,91 +0,0 @@ -From: Lennart Poettering -Date: Thu, 17 Feb 2022 14:49:54 +0100 -Subject: pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -There's currently a deadlock between PID 1 and dbus-daemon: in some -cases dbus-daemon will do NSS lookups (which are blocking) at the same -time PID 1 synchronously blocks on some call to dbus-daemon. Let's break -that by setting SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon, -which will disable synchronously blocking varlink calls from nss-systemd -to PID 1. - -In the long run we should fix this differently: remove all synchronous -calls to dbus-daemon from PID 1. This is not trivial however: so far we -had the rule that synchronous calls from PID 1 to the dbus broker are OK -as long as they only go to interfaces implemented by the broke itself -rather than services reachable through it. Given that the relationship -between PID 1 and dbus is kinda special anyway, this was considered -acceptable for the sake of simplicity, since we quite often need -metadata about bus peers from the broker, and the asynchronous logic -would substantially complicate even the simplest method handlers. - -This mostly reworks the existing code that sets SYSTEMD_NSS_BYPASS_BUS= -(which is a similar hack to deal with deadlocks between nss-systemd and -dbus-daemon itself) to set SYSTEMD_NSS_DYNAMIC_BYPASS=1 instead. No code -was checking SYSTEMD_NSS_BYPASS_BUS= anymore anyway, and it used to -solve a similar problem, hence it's an obvious piece of code to rework -like this. - -Issue originally tracked down by Lukas Märdian. This patch is inspired -and closely based on his patch: - - https://github.com/systemd/systemd/pull/22038 - -Fixes: #15316 -Co-authored-by: Lukas Märdian ---- - src/core/execute.c | 10 +++++----- - src/core/execute.h | 2 +- - src/core/service.c | 2 +- - 3 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index ca40874..b8d1ae4 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1829,11 +1829,11 @@ static int build_environment( - our_env[n_env++] = x; - } - -- /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic -- * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but -- * check the database directly. */ -- if (p->flags & EXEC_NSS_BYPASS_BUS) { -- x = strdup("SYSTEMD_NSS_BYPASS_BUS=1"); -+ /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use blocking -+ * Varlink calls back to us for look up dynamic users in PID 1. Break the deadlock between D-Bus and -+ * PID 1 by disabling use of PID1' NSS interface for looking up dynamic users. */ -+ if (p->flags & EXEC_NSS_DYNAMIC_BYPASS) { -+ x = strdup("SYSTEMD_NSS_DYNAMIC_BYPASS=1"); - if (!x) - return -ENOMEM; - our_env[n_env++] = x; -diff --git a/src/core/execute.h b/src/core/execute.h -index 4c7a5b8..2a261f3 100644 ---- a/src/core/execute.h -+++ b/src/core/execute.h -@@ -348,7 +348,7 @@ typedef enum ExecFlags { - EXEC_APPLY_TTY_STDIN = 1 << 2, - EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ - EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ -- EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ -+ EXEC_NSS_DYNAMIC_BYPASS = 1 << 5, /* Set the SYSTEMD_NSS_DYNAMIC_BYPASS environment variable, to disable nss-systemd blocking on PID 1, for use by dbus-daemon */ - EXEC_CGROUP_DELEGATE = 1 << 6, - EXEC_IS_CONTROL = 1 << 7, - EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ -diff --git a/src/core/service.c b/src/core/service.c -index 7b90822..debd9d6 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -1569,7 +1569,7 @@ static int service_spawn( - return -ENOMEM; - - /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */ -- SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS, -+ SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS, - MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE)); - - strv_free_and_replace(exec_params.environment, final_env); diff -Nru systemd-248.3/debian/patches/series systemd-248.3/debian/patches/series --- systemd-248.3/debian/patches/series 2022-03-24 01:02:23.000000000 +0800 +++ systemd-248.3/debian/patches/series 2022-03-30 11:50:33.000000000 +0800 @@ -74,6 +74,4 @@ CVE-2021-3997-1.patch CVE-2021-3997-2.patch CVE-2021-3997-3.patch -lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch -pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch -debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch +hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch