Merge updates from debian/buster

059003d2 · Apertis CI robot · e40096a0 · 360260ef · 059003d2 · 059003d2
Commit 059003d2 authored 4 years ago by Apertis CI robot
--- a/debian/changelog
+++ b/debian/changelog
+systemd (241-7~deb10u6co1) UNRELEASED; urgency=medium
+
+  * PLEASE SUMMARIZE remaining Apertis changes
+
+ -- Apertis CI <devel@lists.apertis.org>  Fri, 19 Feb 2021 14:34:31 +0000
+
+systemd (241-7~deb10u6) buster; urgency=medium
+
+  * journal: do not trigger assertion when journal_file_close() get NULL
+    (Closes: #975561)
+  * test-bpf: skip test when run inside containers.
+    The test reliably fails inside LXC and Docker when run on a new enough
+    kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
+    issue and apparently there is no real interest to get this fixed, so
+    let's skip this test.
+  * autopkgtest: mark networkd-test.py as flaky.
+    See https://github.com/systemd/systemd/issues/18357
+    and https://github.com/systemd/systemd/issues/18196
+
+ -- Michael Biebl <biebl@debian.org>  Fri, 29 Jan 2021 15:16:06 +0100
+
+systemd (241-7~deb10u5) buster; urgency=medium
+
+  * basic/cap-list: parse/print numerical capabilities (Closes: #964926)
+  * missing: add new Linux capabilities.
+    Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
+    them even when built with an older kernel.
+  * networkd: do not generate MAC for bridge device (Closes: #963488)
+
+ -- Michael Biebl <biebl@debian.org>  Sat, 24 Oct 2020 20:44:48 +0200
+
 systemd (241-7~deb10u4co5) apertis; urgency=medium

  * Force the call of systemd-journal-flush before `/var` unmount.

--- a/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch
+++ b/debian/patches/basic-cap-list-parse-print-numerical-capabilities.patch
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 9 Jul 2020 23:15:47 +0200
+Subject: basic/cap-list: parse/print numerical capabilities
+
+We would refuse to print capabilities which were didn't have a name
+for. The kernel adds new capabilities from time to time, most recently
+cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
+"Failed to parse bus message: Invalid argument" because
+capability_set_to_string_alloc() would fail with -EINVAL. So let's
+print such capabilities in hexadecimal:
+
+CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
+  cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
+  cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
+  cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
+  0x17 0x18 0x19 0x1a ...
+
+For symmetry, also allow capabilities that we don't know to be specified.
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
+
+(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329)
+---
+ src/basic/cap-list.c     | 10 +++++++---
+ src/test/test-cap-list.c |  4 +++-
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
+index 29a17d9..b72b037 100644
+--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
+@@ -10,6 +10,7 @@
+ #include "macro.h"
+ #include "missing.h"
+ #include "parse-util.h"
+#include "stdio-util.h"
+ #include "util.h"
+ 
+ static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
+@@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
+         /* Try to parse numeric capability */
+         r = safe_atoi(name, &i);
+         if (r >= 0) {
+-                if (i >= 0 && (size_t) i < ELEMENTSOF(capability_names))
+                if (i >= 0 && i < 64)
+                         return i;
+                 else
+                         return -EINVAL;
+@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
+         for (i = 0; i < cap_last_cap(); i++)
+                 if (set & (UINT64_C(1) << i)) {
+                         const char *p;
+                        char buf[2 + 16 + 1];
+                         size_t add;
+ 
+                         p = capability_to_name(i);
+-                        if (!p)
+-                                return -EINVAL;
+                        if (!p) {
+                                xsprintf(buf, "0x%lx", i);
+                                p = buf;
+                        }
+ 
+                         add = strlen(p);
+ 
+diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
+index de5fa72..84bbb7b 100644
+--- a/src/test/test-cap-list.c
+++ b/src/test/test-cap-list.c
+@@ -30,6 +30,8 @@ static void test_cap_list(void) {
+         assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ);
+         assert_se(capability_from_name("0") == 0);
+         assert_se(capability_from_name("15") == 15);
+        assert_se(capability_from_name("63") == 63);
+        assert_se(capability_from_name("64") == -EINVAL);
+         assert_se(capability_from_name("-1") == -EINVAL);
+ 
+         for (i = 0; i < capability_list_length(); i++) {
+@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
+ 
+         free(t1);
+         assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t,
+-                               " hogehoge foobar 12345 3.14 -3 ", t));
+                               " hogehoge foobar 18446744073709551616 3.14 -3 ", t));
+         assert_se(capability_set_from_string(t1, &c1) == 0);
+         assert_se(c1 == c_masked);
+ }
--- a/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
+++ b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
@@ -30,7 +30,7 @@ index 2791678..3a9e20a 100644
         <literal>systemd.journald.forward_to_syslog</literal>,
         <literal>systemd.journald.forward_to_kmsg</literal>,
 diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
-index 2a960eb..7fe0f82 100644
+index ba0b35d..cd45212 100644
 --- a/src/journal/journald-server.c
 +++ b/src/journal/journald-server.c
 @@ -1835,6 +1835,7 @@ int server_init(Server *s) {

--- a/debian/patches/journal-do-not-trigger-assertion-when-journal_file_close-.patch
+++ b/debian/patches/journal-do-not-trigger-assertion-when-journal_file_close-.patch
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 28 May 2019 12:40:17 +0900
+Subject: journal: do not trigger assertion when journal_file_close() get NULL
+
+We generally expect destructors to not complain if a NULL argument is passed.
+
+Closes #12400.
+
+(cherry picked from commit c377a6f3ad3d9bed4ce7e873e8e9ec6b1650c57d)
+---
+ src/journal/journal-file.c    | 3 ++-
+ src/journal/journald-server.c | 7 ++-----
+ 2 files changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index 56827f9..04cf1ef 100644
+--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
+@@ -335,7 +335,8 @@ bool journal_file_is_offlining(JournalFile *f) {
+ }
+ 
+ JournalFile* journal_file_close(JournalFile *f) {
+-        assert(f);
+        if (!f)
+                return NULL;
+ 
+ #if HAVE_GCRYPT
+         /* Write the final tag */
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 2a960eb..ba0b35d 100644
+--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
+@@ -2037,11 +2037,8 @@ void server_done(Server *s) {
+ 
+         client_context_flush_all(s);
+ 
+-        if (s->system_journal)
+-                (void) journal_file_close(s->system_journal);
+-
+-        if (s->runtime_journal)
+-                (void) journal_file_close(s->runtime_journal);
+        (void) journal_file_close(s->system_journal);
+        (void) journal_file_close(s->runtime_journal);
+ 
+         ordered_hashmap_free_with_destructor(s->user_journals, journal_file_close);
+ 
--- a/debian/patches/missing-Add-new-Linux-capabilities.patch
+++ b/debian/patches/missing-Add-new-Linux-capabilities.patch
+From: =?utf-8?q?Michal_Koutn=C3=BD?= <mkoutny@suse.com>
+Date: Wed, 24 Jun 2020 12:43:22 +0200
+Subject: missing: Add new Linux capabilities
+
+Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
+them even when built with an older kernel.
+
+(cherry picked from commit e41de5e491942b5391b1efb71c82ffd329b3d23d)
+---
+ src/basic/missing_capability.h | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+diff --git a/src/basic/missing_capability.h b/src/basic/missing_capability.h
+index 1308a3d..dd6bccd 100644
+--- a/src/basic/missing_capability.h
+++ b/src/basic/missing_capability.h
+@@ -10,3 +10,19 @@
+ #undef  CAP_LAST_CAP
+ #define CAP_LAST_CAP   CAP_AUDIT_READ
+ #endif
+
+/* 980737282232b752bb14dab96d77665c15889c36 (5.8) */
+#ifndef CAP_PERFMON
+#define CAP_PERFMON 38
+
+#undef  CAP_LAST_CAP
+#define CAP_LAST_CAP   CAP_PERFMON
+#endif
+
+/* a17b53c4a4b55ec322c132b6670743612229ee9c (5.8) */
+#ifndef CAP_BPF
+#define CAP_BPF 39
+
+#undef  CAP_LAST_CAP
+#define CAP_LAST_CAP   CAP_BPF
+#endif
--- a/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch
+++ b/debian/patches/networkd-do-not-generate-MAC-for-bridge-device.patch
+From: Susant Sahani <ssahani@gmail.com>
+Date: Tue, 14 May 2019 11:45:23 +0200
+Subject: networkd: do not generate MAC for bridge device.
+
+closes https://github.com/systemd/systemd/issues/12558
+
+(cherry picked from commit deb2cfa4c6885d448eb1f17e5ef1b139106b7e86)
+---
+ src/network/netdev/netdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
+index ecd6cf4..6ef1631 100644
+--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
+@@ -720,7 +720,7 @@ int netdev_load_one(Manager *manager, const char *filename) {
+         if (!netdev->filename)
+                 return log_oom();
+ 
+-        if (!netdev->mac && netdev->kind != NETDEV_KIND_VLAN) {
+        if (!netdev->mac && !IN_SET(netdev->kind, NETDEV_KIND_VLAN, NETDEV_KIND_BRIDGE)) {
+                 r = netdev_get_mac(netdev->ifname, &netdev->mac);
+                 if (r < 0)
+                         return log_error_errno(r, "Failed to generate predictable MAC address for %s: %m", netdev->ifname);
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -52,6 +52,12 @@ polkit-use-structured-initialization.patch
 sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch
 polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch
 Fix-typo-in-function-name.patch
+basic-cap-list-parse-print-numerical-capabilities.patch
+missing-Add-new-Linux-capabilities.patch
+networkd-do-not-generate-MAC-for-bridge-device.patch
+journal-do-not-trigger-assertion-when-journal_file_close-.patch
+test-bpf-skip-test-when-run-inside-containers.patch
+tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch
 debian/Use-Debian-specific-config-files.patch
 debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
 debian/Make-run-lock-tmpfs-an-API-fs.patch

--- a/debian/patches/test-bpf-skip-test-when-run-inside-containers.patch
+++ b/debian/patches/test-bpf-skip-test-when-run-inside-containers.patch
+From: Michael Biebl <biebl@debian.org>
+Date: Sun, 19 May 2019 20:57:07 +0200
+Subject: test-bpf: skip test when run inside containers
+
+The test reliably fails inside LXC and Docker when run on a new enough
+kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
+issue and apparently there is no real interest to get this fixed, so
+let's skip this test.
+As this also covers Travis CI, there is no need for this additional
+check anymore.
+
+See https://github.com/systemd/systemd/issues/9666
+
+(cherry picked from commit 98a3c188a1511caae422b2c891f3cc016824eb81)
+---
+ src/test/test-bpf.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c
+index cd8d68f..eb1d8d7 100644
+--- a/src/test/test-bpf.c
+++ b/src/test/test-bpf.c
+@@ -14,6 +14,7 @@
+ #include "test-helper.h"
+ #include "tests.h"
+ #include "unit.h"
+#include "virt.h"
+ 
+ /* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */
+ #define CAN_MEMLOCK_SIZE (64U*1024U*1024U)
+@@ -56,8 +57,8 @@ int main(int argc, char *argv[]) {
+ 
+         test_setup_logging(LOG_DEBUG);
+ 
+-        if (is_run_on_travis_ci())
+-                return log_tests_skipped("test-bpf fails on Travis CI: https://github.com/systemd/systemd/issues/9666");
+        if (detect_container())
+                return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
+ 
+         assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
+         rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE);
--- a/debian/patches/tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch
+++ b/debian/patches/tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Thu, 30 May 2019 03:29:50 +0200
+Subject: tests: skip test-bpf only when we're 100% sure it's run in
+ containers
+
+This is just a follow-up to https://github.com/systemd/systemd/pull/12617.
+
+(cherry picked from commit 6bd1457afe396864cc4b9884157a6126027ed85e)
+---
+ src/test/test-bpf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c
+index eb1d8d7..9252c60 100644
+--- a/src/test/test-bpf.c
+++ b/src/test/test-bpf.c
+@@ -57,7 +57,7 @@ int main(int argc, char *argv[]) {
+ 
+         test_setup_logging(LOG_DEBUG);
+ 
+-        if (detect_container())
+        if (detect_container() > 0)
+                 return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
+ 
+         assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -52,7 +52,7 @@ Depends: systemd,
  systemd-sysv,
  policykit-1,
  dnsmasq-base
-Restrictions: needs-root, isolation-container
+Restrictions: needs-root, isolation-container, flaky

 Tests: build-login
 Depends: systemd,