Skip to content
Snippets Groups Projects
Commit 059003d2 authored by Apertis CI robot's avatar Apertis CI robot
Browse files

Merge updates from debian/buster

parents e40096a0 360260ef
No related branches found
No related tags found
No related merge requests found
systemd (241-7~deb10u6co1) UNRELEASED; urgency=medium
* PLEASE SUMMARIZE remaining Apertis changes
-- Apertis CI <devel@lists.apertis.org> Fri, 19 Feb 2021 14:34:31 +0000
systemd (241-7~deb10u6) buster; urgency=medium
* journal: do not trigger assertion when journal_file_close() get NULL
(Closes: #975561)
* test-bpf: skip test when run inside containers.
The test reliably fails inside LXC and Docker when run on a new enough
kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
issue and apparently there is no real interest to get this fixed, so
let's skip this test.
* autopkgtest: mark networkd-test.py as flaky.
See https://github.com/systemd/systemd/issues/18357
and https://github.com/systemd/systemd/issues/18196
-- Michael Biebl <biebl@debian.org> Fri, 29 Jan 2021 15:16:06 +0100
systemd (241-7~deb10u5) buster; urgency=medium
* basic/cap-list: parse/print numerical capabilities (Closes: #964926)
* missing: add new Linux capabilities.
Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
them even when built with an older kernel.
* networkd: do not generate MAC for bridge device (Closes: #963488)
-- Michael Biebl <biebl@debian.org> Sat, 24 Oct 2020 20:44:48 +0200
systemd (241-7~deb10u4co5) apertis; urgency=medium
* Force the call of systemd-journal-flush before `/var` unmount.
......
From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Jul 2020 23:15:47 +0200
Subject: basic/cap-list: parse/print numerical capabilities
We would refuse to print capabilities which were didn't have a name
for. The kernel adds new capabilities from time to time, most recently
cap_bpf. 'systmectl show -p CapabilityBoundingSet ...' would fail with
"Failed to parse bus message: Invalid argument" because
capability_set_to_string_alloc() would fail with -EINVAL. So let's
print such capabilities in hexadecimal:
CapabilityBoundingSet=cap_chown cap_dac_override cap_dac_read_search
cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap
cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin
cap_net_raw cap_ipc_lock cap_ipc_owner 0x10 0x11 0x12 0x13 0x14 0x15 0x16
0x17 0x18 0x19 0x1a ...
For symmetry, also allow capabilities that we don't know to be specified.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1853736.
(cherry picked from commit 417770f3033c426ca848b158d0bf057cd8ad1329)
---
src/basic/cap-list.c | 10 +++++++---
src/test/test-cap-list.c | 4 +++-
2 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
index 29a17d9..b72b037 100644
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -10,6 +10,7 @@
#include "macro.h"
#include "missing.h"
#include "parse-util.h"
+#include "stdio-util.h"
#include "util.h"
static const struct capability_name* lookup_capability(register const char *str, register GPERF_LEN_TYPE len);
@@ -37,7 +38,7 @@ int capability_from_name(const char *name) {
/* Try to parse numeric capability */
r = safe_atoi(name, &i);
if (r >= 0) {
- if (i >= 0 && (size_t) i < ELEMENTSOF(capability_names))
+ if (i >= 0 && i < 64)
return i;
else
return -EINVAL;
@@ -65,11 +66,14 @@ int capability_set_to_string_alloc(uint64_t set, char **s) {
for (i = 0; i < cap_last_cap(); i++)
if (set & (UINT64_C(1) << i)) {
const char *p;
+ char buf[2 + 16 + 1];
size_t add;
p = capability_to_name(i);
- if (!p)
- return -EINVAL;
+ if (!p) {
+ xsprintf(buf, "0x%lx", i);
+ p = buf;
+ }
add = strlen(p);
diff --git a/src/test/test-cap-list.c b/src/test/test-cap-list.c
index de5fa72..84bbb7b 100644
--- a/src/test/test-cap-list.c
+++ b/src/test/test-cap-list.c
@@ -30,6 +30,8 @@ static void test_cap_list(void) {
assert_se(capability_from_name("cAp_aUdIt_rEAd") == CAP_AUDIT_READ);
assert_se(capability_from_name("0") == 0);
assert_se(capability_from_name("15") == 15);
+ assert_se(capability_from_name("63") == 63);
+ assert_se(capability_from_name("64") == -EINVAL);
assert_se(capability_from_name("-1") == -EINVAL);
for (i = 0; i < capability_list_length(); i++) {
@@ -64,7 +66,7 @@ static void test_capability_set_one(uint64_t c, const char *t) {
free(t1);
assert_se(t1 = strjoin("'cap_chown cap_dac_override' \"cap_setgid cap_setuid\"", t,
- " hogehoge foobar 12345 3.14 -3 ", t));
+ " hogehoge foobar 18446744073709551616 3.14 -3 ", t));
assert_se(capability_set_from_string(t1, &c1) == 0);
assert_se(c1 == c_masked);
}
......@@ -30,7 +30,7 @@ index 2791678..3a9e20a 100644
<literal>systemd.journald.forward_to_syslog</literal>,
<literal>systemd.journald.forward_to_kmsg</literal>,
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 2a960eb..7fe0f82 100644
index ba0b35d..cd45212 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -1835,6 +1835,7 @@ int server_init(Server *s) {
......
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 28 May 2019 12:40:17 +0900
Subject: journal: do not trigger assertion when journal_file_close() get NULL
We generally expect destructors to not complain if a NULL argument is passed.
Closes #12400.
(cherry picked from commit c377a6f3ad3d9bed4ce7e873e8e9ec6b1650c57d)
---
src/journal/journal-file.c | 3 ++-
src/journal/journald-server.c | 7 ++-----
2 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 56827f9..04cf1ef 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -335,7 +335,8 @@ bool journal_file_is_offlining(JournalFile *f) {
}
JournalFile* journal_file_close(JournalFile *f) {
- assert(f);
+ if (!f)
+ return NULL;
#if HAVE_GCRYPT
/* Write the final tag */
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 2a960eb..ba0b35d 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -2037,11 +2037,8 @@ void server_done(Server *s) {
client_context_flush_all(s);
- if (s->system_journal)
- (void) journal_file_close(s->system_journal);
-
- if (s->runtime_journal)
- (void) journal_file_close(s->runtime_journal);
+ (void) journal_file_close(s->system_journal);
+ (void) journal_file_close(s->runtime_journal);
ordered_hashmap_free_with_destructor(s->user_journals, journal_file_close);
From: =?utf-8?q?Michal_Koutn=C3=BD?= <mkoutny@suse.com>
Date: Wed, 24 Jun 2020 12:43:22 +0200
Subject: missing: Add new Linux capabilities
Linux kernel v5.8 adds two new capabilities. Make sure we can recognize
them even when built with an older kernel.
(cherry picked from commit e41de5e491942b5391b1efb71c82ffd329b3d23d)
---
src/basic/missing_capability.h | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/basic/missing_capability.h b/src/basic/missing_capability.h
index 1308a3d..dd6bccd 100644
--- a/src/basic/missing_capability.h
+++ b/src/basic/missing_capability.h
@@ -10,3 +10,19 @@
#undef CAP_LAST_CAP
#define CAP_LAST_CAP CAP_AUDIT_READ
#endif
+
+/* 980737282232b752bb14dab96d77665c15889c36 (5.8) */
+#ifndef CAP_PERFMON
+#define CAP_PERFMON 38
+
+#undef CAP_LAST_CAP
+#define CAP_LAST_CAP CAP_PERFMON
+#endif
+
+/* a17b53c4a4b55ec322c132b6670743612229ee9c (5.8) */
+#ifndef CAP_BPF
+#define CAP_BPF 39
+
+#undef CAP_LAST_CAP
+#define CAP_LAST_CAP CAP_BPF
+#endif
From: Susant Sahani <ssahani@gmail.com>
Date: Tue, 14 May 2019 11:45:23 +0200
Subject: networkd: do not generate MAC for bridge device.
closes https://github.com/systemd/systemd/issues/12558
(cherry picked from commit deb2cfa4c6885d448eb1f17e5ef1b139106b7e86)
---
src/network/netdev/netdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index ecd6cf4..6ef1631 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -720,7 +720,7 @@ int netdev_load_one(Manager *manager, const char *filename) {
if (!netdev->filename)
return log_oom();
- if (!netdev->mac && netdev->kind != NETDEV_KIND_VLAN) {
+ if (!netdev->mac && !IN_SET(netdev->kind, NETDEV_KIND_VLAN, NETDEV_KIND_BRIDGE)) {
r = netdev_get_mac(netdev->ifname, &netdev->mac);
if (r < 0)
return log_error_errno(r, "Failed to generate predictable MAC address for %s: %m", netdev->ifname);
......@@ -52,6 +52,12 @@ polkit-use-structured-initialization.patch
sd-bus-introduce-API-for-re-enqueuing-incoming-messages.patch
polkit-when-authorizing-via-PK-let-s-re-resolve-callback-.patch
Fix-typo-in-function-name.patch
basic-cap-list-parse-print-numerical-capabilities.patch
missing-Add-new-Linux-capabilities.patch
networkd-do-not-generate-MAC-for-bridge-device.patch
journal-do-not-trigger-assertion-when-journal_file_close-.patch
test-bpf-skip-test-when-run-inside-containers.patch
tests-skip-test-bpf-only-when-we-re-100-sure-it-s-run-in-.patch
debian/Use-Debian-specific-config-files.patch
debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
debian/Make-run-lock-tmpfs-an-API-fs.patch
......
From: Michael Biebl <biebl@debian.org>
Date: Sun, 19 May 2019 20:57:07 +0200
Subject: test-bpf: skip test when run inside containers
The test reliably fails inside LXC and Docker when run on a new enough
kernel. It's unclear whether this is a kernel, LXC/Docker or systemd
issue and apparently there is no real interest to get this fixed, so
let's skip this test.
As this also covers Travis CI, there is no need for this additional
check anymore.
See https://github.com/systemd/systemd/issues/9666
(cherry picked from commit 98a3c188a1511caae422b2c891f3cc016824eb81)
---
src/test/test-bpf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c
index cd8d68f..eb1d8d7 100644
--- a/src/test/test-bpf.c
+++ b/src/test/test-bpf.c
@@ -14,6 +14,7 @@
#include "test-helper.h"
#include "tests.h"
#include "unit.h"
+#include "virt.h"
/* We use the same limit here that PID 1 bumps RLIMIT_MEMLOCK to if it can */
#define CAN_MEMLOCK_SIZE (64U*1024U*1024U)
@@ -56,8 +57,8 @@ int main(int argc, char *argv[]) {
test_setup_logging(LOG_DEBUG);
- if (is_run_on_travis_ci())
- return log_tests_skipped("test-bpf fails on Travis CI: https://github.com/systemd/systemd/issues/9666");
+ if (detect_container())
+ return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
rl.rlim_cur = rl.rlim_max = MAX3(rl.rlim_cur, rl.rlim_max, CAN_MEMLOCK_SIZE);
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Thu, 30 May 2019 03:29:50 +0200
Subject: tests: skip test-bpf only when we're 100% sure it's run in
containers
This is just a follow-up to https://github.com/systemd/systemd/pull/12617.
(cherry picked from commit 6bd1457afe396864cc4b9884157a6126027ed85e)
---
src/test/test-bpf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c
index eb1d8d7..9252c60 100644
--- a/src/test/test-bpf.c
+++ b/src/test/test-bpf.c
@@ -57,7 +57,7 @@ int main(int argc, char *argv[]) {
test_setup_logging(LOG_DEBUG);
- if (detect_container())
+ if (detect_container() > 0)
return log_tests_skipped("test-bpf fails inside LXC and Docker containers: https://github.com/systemd/systemd/issues/9666");
assert_se(getrlimit(RLIMIT_MEMLOCK, &rl) >= 0);
......@@ -52,7 +52,7 @@ Depends: systemd,
systemd-sysv,
policykit-1,
dnsmasq-base
Restrictions: needs-root, isolation-container
Restrictions: needs-root, isolation-container, flaky
Tests: build-login
Depends: systemd,
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment