systemd (241-3) unstable; urgency=high . [ Michael Biebl ] * Drop systemd-shim alternative from libpam-systemd. A fixed systemd-shim package which works with newer versions of systemd is unlikely to happen given that the systemd-shim package has been removed from the archive. Drop the alternative dependency from libpam-systemd accordingly. * Properly remove duplicate directories from systemd package. When removing duplicate directories from the systemd package, sort the list of directories in reverse order so we properly delete nested directories. * udev: Run programs in the specified order (Closes: #925190) * bash-completion: Use default completion for redirect operators (Closes: #924541) * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's (Closes: #815582) * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf" Apparently Conflicts= are not a reliable mechanism to ensure alternative NTP implementations take precedence over systemd-timesyncd. (Closes: #902026) * network: Fix routing policy rule issue. When multiple links request a routing policy, make sure they are all applied correctly. (Closes: #924406) * pam-systemd: Use secure_getenv() rather than getenv() Fixes a vulnerability in the systemd PAM module which insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. (CVE-2019-3842) . [ Martin Pitt ] * Enable udev autopkgtest in containers. This test doesn't actually need udev.service (which is disabled in containers) and works fine in LXC. * Enable boot-and-service autopkgtest in containers - Skip tests which can't work in containers. - Add missing rsyslog test dependency. - e2scrub_reap.service fails in containers, ignore (filed as #926138) - Relax pgrep pattern for gdm, as there's no wayland session in containers. systemd (241-2) unstable; urgency=medium . [ Martin Pitt ] * debian/tests/boot-smoke: Create journal and udevdb artifacts on all failures * autopkgtests: Replace obsolete $ADT_* variables * networkd-test: Ignore failures of test_route_only_dns* in containers. This test exposes a race condition when running in LXC, see issue #11848 for details. Until that is understood and fixed, skip the test as it's not a recent regression. (Closes: #924539) * Bump Standards-Version to 4.3.0. No changes necessary. * debian/tests/boot-smoke: Only check current boot for connection timeouts. Otherwise we'll catch some Failed to resolve group 'render': Connection timed out messages that happen in earlier boots during VM setup, before the "render" group is created. Fixes https://github.com/systemd/systemd/issues/11875 * timedated: Fix emitted value when ntp client is enabled/disabled. Fixes a regression introduced in 241. * debian/tests/timedated: Check enabling/disabling NTP. Assert that `timedatectl set-ntp` correctly controls the service, sets the `org.freedesktop.timedate1 NTP` property, and sends the right `PropertiesChanged` signal. This reproduces and also the earlier . . [ Michael Biebl ] * Disable fallback DNS servers in resolved (Closes: #923081) * cgtop: Fix processing of controllers other than CPU (Closes: #921280) * udev: Restore debug level when logging a failure in the external prog called by IMPORT{program} (Closes: #924199) * core: Remove "." path components from required mount paths. Fixes mount related failures when a user's home directory contains "/./" (Closes: #923881) * udev.init: Use new s-s-d --notify-await to start udev daemon. Fixes a race condition during startup under SysV init. Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version of start-stop-daemon which supports --notify-await is installed. (Closes: #908796) * Make /dev/dri/renderD* accessible to group "render" Follow upstream and make render nodes available to a dedicated system group "render" instead of "video". Keep the uaccess tag for local, active users.