hi again, not sure if the most sensible approach anyway in bionic I tried to revert the last two patches from the source of systemd_237-3ubuntu10.9.debian with the following commands:
export QUILT_PATCHES=debian/patches export QUILT_REFRESH_ARGS="-p ab --no-timestamps --no-index" quilt pop quilt pop sed 's/^CVE-2018-6954.*/#&/' debian/patches/series Then I recompiled and installed the new package and the error disappear. Anyway the involved patches were there to fix some issues: $ quilt header patches/CVE-2018-6954 Description: tmpfiles: don't resolve pathnames when traversing recursively through directory trees Otherwise we can be fooled if one path component is replaced underneath us. The patch achieves that by always operating at file descriptor level (by using *at() helpers) and by making sure we do not any path resolution when traversing direcotry trees. However this is not always possible, for instance when listing the content of a directory or some operations don't provide the *at() helpers or others (such as fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on /proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of objects and requires no checking of type beforehand. Also O_PATH flag is used when opening file objects in order to prevent undesired behaviors: device nodes from reacting, automounts from triggering, etc... Fixes: CVE-2018-6954 Origin: upstream, https://github.com/systemd/systemd/commit/936f6bdb803c432578e2cdcc5f93f3bfff93aff0 Bug: https://github.com/systemd/systemd/issues/7986 $ quilt header patches/CVE-2018-6954_2 Description: Make tmpfiles safe In addition to backporting the changesets in #8822, this also backports e04fc13 (test: add tests for systemd-tmpfiles), as well as empty_to_root() from v239. Origin: upstream, https://github.com/systemd/systemd/pull/8822/commits Bug: https://github.com/systemd/systemd/issues/7986 So I'm not sure if it's a secure/stable workaround Maybe it would be better mixixing up the releases installing the patched package from cosmic-proposed... I will test on another snapshot to see what happens.. Just a curiosity: is bionic still supported? ** Bug watch added: github.com/systemd/systemd/issues #7986 https://github.com/systemd/systemd/issues/7986 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1804603 Title: systemd-tmpfiles-setup.service fails on btrfs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804603/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
