Skip to content
Snippets Groups Projects
Commit cc3b1474 authored by Salvatore Bonaccorso's avatar Salvatore Bonaccorso Committed by Apertis CI robot
Browse files

Import Debian changes 247.3-6

parent 8daf0d65
No related branches found
No related tags found
No related merge requests found
Showing
with 847 additions and 3 deletions
systemd (247.3-6) unstable; urgency=high
* Non-maintainer upload (acked by maintainers)
* unit-name: generate a clear error code when converting an overly long fs
path to a unit name
* basic/unit-name: do not use strdupa() on a path (CVE-2021-33910)
* basic/unit-name: adjust comments
-- Salvatore Bonaccorso <carnil@debian.org> Tue, 13 Jul 2021 19:29:24 +0200
systemd (247.3-5) unstable; urgency=medium
* udev-udeb: setup /dev/fd, /dev/std{in,out,err} symlinks.
As systemd-udevd no longer sets them up itself, we create them manually
after mounting devtmpfs. This avoids breaking applications which expect
those symlinks. (Closes: #975018)
-- Michael Biebl <biebl@debian.org> Mon, 12 Apr 2021 20:21:24 +0200
systemd (247.3-4) unstable; urgency=medium
[ Luca Boccassi ]
* Backport patch to fix assert with invalid LoadCredentials=
Regression introduced in v247, fixed in v249, see:
https://github.com/systemd/systemd/issues/19178
(Closes: #986302)
[ Michael Biebl ]
* network: Delay addition of IPv6 Proxy NDP addresses.
Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after
networkd adds them". (Closes: #985510)
-- Michael Biebl <biebl@debian.org> Sun, 11 Apr 2021 16:06:46 +0200
systemd (247.3-3) unstable; urgency=medium
* pkg-config: make prefix overridable again (Closes: #984763)
* Revert "units: turn off DNSSEC validation when timesyncd resolves
hostnames"
Support for SYSTEMD_NSS_RESOLVE_VALIDATE=0 requires the changes from
https://github.com/systemd/systemd/pull/17823 for the dnssec bypass
logic. Those are rather invasive changes and not suitable for a stable
backport.
-- Michael Biebl <biebl@debian.org> Thu, 11 Mar 2021 18:09:35 +0100
systemd (247.3-2) unstable; urgency=medium
* Downgrade a couple of warnings to debug.
If a package still ships only a SysV init script or if a service file or
tmpfile uses /var/run, downgrade those messages to debug. We can use
lintian to detect those issues.
For service files and tmpfiles in /etc, keep the warning, as those files
are typically added locally and aren't checked by lintian.
(Closes: #981407)
* core: fix mtime calculation of dropin files
(Closes: #975289)
* analyze: slightly reword PrivateTmp= message
(Closes: #931753)
* rules: move ID_SMARTCARD_READER definition to a <70 configuration
(Closes: #978011)
* units: turn off DNSSEC validation when timesyncd resolves hostnames
(Closes: #898530)
* table: drop trailing white spaces of the last cell in row
(Closes: #980820)
-- Michael Biebl <biebl@debian.org> Sat, 06 Mar 2021 22:32:14 +0100
systemd (247.3-1) unstable; urgency=medium
[ Michael Biebl ]
......
......@@ -6,6 +6,11 @@ fi
if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
mount -n -o mode=0755 -t devtmpfs devtmpfs /dev
# Setup a few /dev symlinks, see #975018
[ ! -h /dev/fd ] && ln -s /proc/self/fd /dev/fd
[ ! -h /dev/stdin ] && ln -s /proc/self/fd/0 /dev/stdin
[ ! -h /dev/stdout ] && ln -s /proc/self/fd/1 /dev/stdout
[ ! -h /dev/stderr ] && ln -s /proc/self/fd/2 /dev/stderr
fi
SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
......
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Thu, 1 Apr 2021 22:18:29 +0100
Subject: LoadCredentials: do not assert on invalid syntax
LoadCredentials=foo causes an assertion to be triggered, as we
are not checking that the rvalue's right hand side part is non-empty
before using it in unit_full_printf.
Fixes #19178
# printf [Service]nLoadCredential=passwd.hashed-password.rootn > hello.service
# systemd-analyze verify ./hello.service
...
Assertion 'format' failed at src/core/unit-printf.c:232, function unit_full_printf(). Aborting.
Aborted (core dumped)
(cherry picked from commit f7a6f1226e800f7695c2073675523062ea697aa4)
---
src/core/load-fragment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 4964249..5b66fb1 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4569,7 +4569,7 @@ int config_parse_load_credential(
r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
if (r == -ENOMEM)
return log_oom();
- if (r <= 0) {
+ if (r <= 0 || isempty(p)) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
return 0;
}
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 10 Feb 2021 10:50:23 +0100
Subject: analyze: slightly reword PrivateTmp= message
Apparently there way confusion about "does not apply". Let's say "is not
appropriate".
Fixes: #13095
(cherry picked from commit 77552b9520ba0d47cbf33cdbe1ddedb9ce9b5bf3)
---
src/analyze/analyze-security.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 8d94fbc..99ec7b5 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -1545,7 +1545,7 @@ static int assess(const struct security_info *info, Table *overview_table, Analy
if (a->default_dependencies_only && !info->default_dependencies) {
badness = UINT64_MAX;
- d = strdup("Service runs in special boot phase, option does not apply");
+ d = strdup("Service runs in special boot phase, option is not appropriate");
if (!d)
return log_oom();
} else {
From cbcea9f517bfe79b019fcec5c364952ea33d24f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:52:56 +0200
Subject: basic/unit-name: adjust comments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We already checked for "too long" right above…
---
src/basic/unit-name.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index a22763443fdd..1deead74588b 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
return -EINVAL;
@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
return -ENAMETOOLONG;
- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ /* Refuse if this for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL;
--
2.32.0
From bae2f0d1109a8c75a7fb89ae6b8d1b6ef8dfab16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 23 Jun 2021 11:46:41 +0200
Subject: basic/unit-name: do not use strdupa() on a path
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
---
src/basic/unit-name.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 284a77348316..a22763443fdd 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
}
int unit_name_path_escape(const char *f, char **ret) {
- char *p, *s;
+ _cleanup_free_ char *p = NULL;
+ char *s;
assert(f);
assert(ret);
- p = strdupa(f);
+ p = strdup(f);
if (!p)
return -ENOMEM;
@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
if (!path_is_normalized(p))
return -EINVAL;
- /* Truncate trailing slashes */
+ /* Truncate trailing slashes and skip leading slashes */
delete_trailing_chars(p, "/");
-
- /* Truncate leading slashes */
- p = skip_leading_chars(p, "/");
-
- s = unit_name_escape(p);
+ s = unit_name_escape(skip_leading_chars(p, "/"));
}
if (!s)
return -ENOMEM;
--
2.32.0
From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 4 Mar 2021 00:36:24 +0100
Subject: core: fix mtime calculation of dropin files
Nominally, the bug was in unit_load_dropin(), which just took the last mtime
instead of calculating the maximum. But instead of adding code to wrap the
loop, this patch goes in the other direction.
All (correct) callers of config_parse() followed a very similar pattern to
calculate the maximum mtime. So let's simplify things by making config_parse()
assume that mtime is initialized and update it to the maximum. This makes all
the callers that care about mtime simpler and also fixes the issue in
unit_load_dropin().
config_parse_many_nulstr() and config_parse_many() are different, because it
makes sense to call them just once, and current ret_mtime behaviour make sense.
Fixes #17730, https://bugzilla.redhat.com/show_bug.cgi?id=1933137.
(cherry picked from commit da46a1bc3cd28ac36114002c216196dae004b05c)
---
src/core/load-dropin.c | 1 +
src/shared/conf-parser.c | 15 +++++++--------
src/shared/conf-parser.h | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c
index d1c85e2..3bb4856 100644
--- a/src/core/load-dropin.c
+++ b/src/core/load-dropin.c
@@ -112,6 +112,7 @@ int unit_load_dropin(Unit *u) {
return log_oom();
}
+ u->dropin_mtime = 0;
STRV_FOREACH(f, u->dropin_paths)
(void) config_parse(
u->id, *f, NULL,
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 35d301d..099c47a 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -259,7 +259,7 @@ int config_parse(const char *unit,
const void *table,
ConfigParseFlags flags,
void *userdata,
- usec_t *ret_mtime) {
+ usec_t *latest_mtime) {
_cleanup_free_ char *section = NULL, *continuation = NULL;
_cleanup_fclose_ FILE *ours = NULL;
@@ -271,6 +271,9 @@ int config_parse(const char *unit,
assert(filename);
assert(lookup);
+ /* latest_mtime is an input-output parameter: it will be updated if the mtime of the file we're
+ * looking at is later than the current *latest_mtime value. */
+
if (!f) {
f = ours = fopen(filename, "re");
if (!f) {
@@ -413,8 +416,8 @@ int config_parse(const char *unit,
}
}
- if (ret_mtime)
- *ret_mtime = mtime;
+ if (latest_mtime)
+ *latest_mtime = MAX(*latest_mtime, mtime);
return 0;
}
@@ -440,13 +443,9 @@ static int config_parse_many_files(
}
STRV_FOREACH(fn, files) {
- usec_t t;
-
- r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &t);
+ r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &mtime);
if (r < 0)
return r;
- if (t > mtime) /* Find the newest */
- mtime = t;
}
if (ret_mtime)
diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
index f115cb2..84c9bf6 100644
--- a/src/shared/conf-parser.h
+++ b/src/shared/conf-parser.h
@@ -89,7 +89,7 @@ int config_parse(
const void *table,
ConfigParseFlags flags,
void *userdata,
- usec_t *ret_mtime); /* possibly NULL */
+ usec_t *latest_mtime); /* input/output, possibly NULL */
int config_parse_many_nulstr(
const char *conf_file, /* possibly NULL */
From: Michael Biebl <biebl@debian.org>
Date: Tue, 16 Feb 2021 00:18:50 +0100
Subject: Downgrade a couple of warnings to debug
If a package still ships only a SysV init script or if a service file or
tmpfile uses /var/run, downgrade those messages to debug. We can use
lintian to detect those issues.
For service files and tmpfiles in /etc, keep the warning, as those files
are typically added locally and aren't checked by lintian.
Closes: #981407
---
src/core/load-fragment.c | 4 +++-
src/sysv-generator/sysv-generator.c | 2 +-
src/tmpfiles/tmpfiles.c | 4 +++-
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 5b66fb1..df5669a 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -372,6 +372,7 @@ static int patch_var_run(
const char *e;
char *z;
+ int log_level;
e = path_startswith(*path, "/var/run/");
if (!e)
@@ -381,7 +382,8 @@ static int patch_var_run(
if (!z)
return log_oom();
- log_syntax(unit, LOG_NOTICE, filename, line, 0,
+ log_level = path_startswith(filename, "/etc") ? LOG_NOTICE : LOG_DEBUG;
+ log_syntax(unit, log_level, filename, line, 0,
"%s= references a path below legacy directory /var/run/, updating %s → %s; "
"please update the unit file accordingly.", lvalue, *path, z);
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index 008a825..ab0054e 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c
@@ -787,7 +787,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) {
if (!fpath)
return log_oom();
- log_warning("SysV service '%s' lacks a native systemd unit file. "
+ log_debug("SysV service '%s' lacks a native systemd unit file. "
"Automatically generating a unit file for compatibility. "
"Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 9906c70..31e5707 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2538,6 +2538,7 @@ static int specifier_expansion_from_arg(Item *i) {
static int patch_var_run(const char *fname, unsigned line, char **path) {
const char *k;
char *n;
+ int log_level;
assert(path);
assert(*path);
@@ -2563,7 +2564,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) {
/* Also log about this briefly. We do so at LOG_NOTICE level, as we fixed up the situation automatically, hence
* there's no immediate need for action by the user. However, in the interest of making things less confusing
* to the user, let's still inform the user that these snippets should really be updated. */
- log_syntax(NULL, LOG_NOTICE, fname, line, 0, "Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", *path, n);
+ log_level = path_startswith(fname, "/etc") ? LOG_NOTICE : LOG_DEBUG;
+ log_syntax(NULL, log_level, fname, line, 0, "Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", *path, n);
free_and_replace(*path, n);
......@@ -14,11 +14,11 @@ Closes: #971282
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
index f2c0455..a009020 100644
index b5cc8f9..21dbf30 100644
--- a/src/core/systemd.pc.in
+++ b/src/core/systemd.pc.in
@@ -65,16 +65,16 @@ systemdshutdowndir=${systemd_shutdown_dir}
tmpfiles_dir=/usr/lib/tmpfiles.d
tmpfiles_dir=${prefix}/lib/tmpfiles.d
tmpfilesdir=${tmpfiles_dir}
-sysusers_dir=${rootprefix}/lib/sysusers.d
......@@ -37,7 +37,7 @@ index f2c0455..a009020 100644
+modules_load_dir=${prefix}/lib/modules-load.d
modulesloaddir=${modules_load_dir}
catalog_dir=/usr/lib/systemd/catalog
catalog_dir=${prefix}/lib/systemd/catalog
diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c
index 61ed7cb..682e3f1 100644
--- a/src/libsystemd/sd-path/sd-path.c
......
From: "Kevin P. Fleming" <kevin@km6g.us>
Date: Sat, 6 Feb 2021 10:58:43 -0500
Subject: network: Delay addition of IPv6 Proxy NDP addresses
Setting of IPv6 Proxy NDP addresses must be done at the same
time as static addresses, static routes, and other link attributes
that must be configured when the link is up. Doing this ensures
that they are reconfigured on the link if the link goes down
and returns to service.
(cherry picked from commit 12f7469bbe0142d7f360a29ca2b407ce7f5ff096)
Fixes https://github.com/systemd/systemd-stable/issues/89
(cherry picked from commit d5ea028e46673ef627843e90c3d01ebac8fe0e62)
---
src/network/networkd-address.c | 11 +++++++++++
src/network/networkd-link.c | 5 -----
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index 961b248..ef47af4 100644
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -9,6 +9,7 @@
#include "netlink-util.h"
#include "networkd-address-pool.h"
#include "networkd-address.h"
+#include "networkd-ipv6-proxy-ndp.h"
#include "networkd-manager.h"
#include "networkd-network.h"
#include "parse-util.h"
@@ -903,6 +904,7 @@ int address_configure(
static int static_address_ready_callback(Address *address) {
Address *a;
Link *link;
+ int r;
assert(address);
assert(address->link);
@@ -927,6 +929,10 @@ static int static_address_ready_callback(Address *address) {
link->addresses_ready = true;
+ r = link_set_ipv6_proxy_ndp_addresses(link);
+ if (r < 0)
+ return r;
+
return link_set_routes(link);
}
@@ -1046,6 +1052,11 @@ int link_set_addresses(Link *link) {
if (link->address_messages == 0) {
link->addresses_configured = true;
link->addresses_ready = true;
+
+ r = link_set_ipv6_proxy_ndp_addresses(link);
+ if (r < 0)
+ return r;
+
r = link_set_routes(link);
if (r < 0)
return r;
diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
index 8120343..e8a7223 100644
--- a/src/network/networkd-link.c
+++ b/src/network/networkd-link.c
@@ -28,7 +28,6 @@
#include "networkd-dhcp6.h"
#include "networkd-fdb.h"
#include "networkd-ipv4ll.h"
-#include "networkd-ipv6-proxy-ndp.h"
#include "networkd-link-bus.h"
#include "networkd-link.h"
#include "networkd-lldp-tx.h"
@@ -2056,10 +2055,6 @@ int link_configure(Link *link) {
if (r < 0)
return r;
- r = link_set_ipv6_proxy_ndp_addresses(link);
- if (r < 0)
- return r;
-
r = link_set_mac(link);
if (r < 0)
return r;
From: Jan Tojnar <jtojnar@gmail.com>
Date: Sat, 2 Jan 2021 02:46:33 +0100
Subject: pkg-config: make prefix overridable again
While we don't support prefix being != /usr, and this is hardcoded
all over the place, variables in pkg-config file are expected
to have overridable base directory.
This is important for at least the following two use cases:
- Installing projects to non-FHS package-specific prefixes for Nix-style
package managers. Of course, it is then their responsibility
to ensure systemd can find the service files.
- Installing to local path for development purposes.
This is a compromise between running a program from a build directory,
and running it fully installed to system prefix.
You will not want to write to system prefix in either case.
For more information, see also
https://www.bassi.io/articles/2018/03/15/pkg-config-and-paths/
Fixes https://github.com/systemd/systemd/issues/18082
Partially reverts 6e65df89c348242dbd10036abc7dd5e8181cf733
(cherry picked from commit 60bce7c6d9606185114df1bdcd5ea100407688b8)
---
src/core/systemd.pc.in | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
index f2c0455..b5cc8f9 100644
--- a/src/core/systemd.pc.in
+++ b/src/core/systemd.pc.in
@@ -26,10 +26,10 @@ systemdsystemunitdir=${systemd_system_unit_dir}
systemd_system_preset_dir=${rootprefix}/lib/systemd/system-preset
systemdsystempresetdir=${systemd_system_preset_dir}
-systemd_user_unit_dir=/usr/lib/systemd/user
+systemd_user_unit_dir=${prefix}/lib/systemd/user
systemduserunitdir=${systemd_user_unit_dir}
-systemd_user_preset_dir=/usr/lib/systemd/user-preset
+systemd_user_preset_dir=${prefix}/lib/systemd/user-preset
systemduserpresetdir=${systemd_user_preset_dir}
systemd_system_conf_dir=${sysconfdir}/systemd/system
@@ -47,7 +47,7 @@ systemduserunitpath=${systemd_user_unit_path}
systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators
systemdsystemgeneratordir=${systemd_system_generator_dir}
-systemd_user_generator_dir=/usr/lib/systemd/user-generators
+systemd_user_generator_dir=${prefix}/lib/systemd/user-generators
systemdusergeneratordir=${systemd_user_generator_dir}
systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir}
@@ -62,7 +62,7 @@ systemdsleepdir=${systemd_sleep_dir}
systemd_shutdown_dir=${root_prefix}/lib/systemd/system-shutdown
systemdshutdowndir=${systemd_shutdown_dir}
-tmpfiles_dir=/usr/lib/tmpfiles.d
+tmpfiles_dir=${prefix}/lib/tmpfiles.d
tmpfilesdir=${tmpfiles_dir}
sysusers_dir=${rootprefix}/lib/sysusers.d
@@ -77,7 +77,7 @@ binfmtdir=${binfmt_dir}
modules_load_dir=${rootprefix}/lib/modules-load.d
modulesloaddir=${modules_load_dir}
-catalog_dir=/usr/lib/systemd/catalog
+catalog_dir=${prefix}/lib/systemd/catalog
catalogdir=${catalog_dir}
system_uid_max=@SYSTEM_UID_MAX@
From: Vincent Pelletier <plr.vincent@gmail.com>
Date: Sat, 27 Feb 2021 00:17:06 +0000
Subject: rules: Move ID_SMARTCARD_READER definition to a <70 configuration.
70-uaccess.rules sets the uaccess tag on devices with ID_SMARTCARD_READER
set, but it is set in 99-systemd.rules .
Move this to a 60-*.rules which already matches USB CCID class, factorising
the matching, so 70-uaccess.rules sets up these devices as expected.
(cherry picked from commit dbdcd51f78bde5e9033d98d61bbb750c868bde9d)
---
rules.d/60-fido-id.rules | 3 ++-
rules.d/99-systemd.rules.in | 1 -
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules.d/60-fido-id.rules b/rules.d/60-fido-id.rules
index c7d5d2f..48c259e 100644
--- a/rules.d/60-fido-id.rules
+++ b/rules.d/60-fido-id.rules
@@ -7,7 +7,8 @@ SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
# Tag any form of security token as such
ENV{ID_SECURITY_TOKEN}=="1", TAG+="security-device"
+SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1"
# Tag any CCID device (i.e. Smartcard Reader) as security token
-SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="0b", TAG+="security-device"
+ENV{ID_SMARTCARD_READER}=="1", TAG+="security-device"
LABEL="fido_id_end"
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index 7c22eef..0abca6e 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -49,7 +49,6 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys
SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k", \
ENV{SYSTEMD_WANTS}+="bluetooth.target", ENV{SYSTEMD_USER_WANTS}+="bluetooth.target"
-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1"
ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target", ENV{SYSTEMD_USER_WANTS}+="smartcard.target"
SUBSYSTEM=="sound", KERNEL=="controlC*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target", ENV{SYSTEMD_USER_WANTS}+="sound.target"
Add-helper-for-case-independent-string-equality-checks.patch
localed-Run-locale-gen-if-available-to-generate-missing-l.patch
core-fix-mtime-calculation-of-dropin-files.patch
analyze-slightly-reword-PrivateTmp-message.patch
rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch
table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch
pkg-config-make-prefix-overridable-again.patch
LoadCredentials-do-not-assert-on-invalid-syntax.patch
network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch
unit-name-generate-a-clear-error-code-when-convertin.patch
basic-unit-name-do-not-use-strdupa-on-a-path.patch
basic-unit-name-adjust-comments.patch
debian/Use-Debian-specific-config-files.patch
debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
debian/Make-run-lock-tmpfs-an-API-fs.patch
......@@ -21,3 +31,4 @@ debian/Keep-journal-files-compatible-with-older-versions.patch
debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch
debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch
debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch
debian/Downgrade-a-couple-of-warnings-to-debug.patch
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 2 Feb 2021 01:47:58 +0900
Subject: table: drop trailing white spaces of the last cell in row
Fixes #18415.
(cherry picked from commit 71894e18313e41a72cecdc77fea5037f95d6903f)
---
src/shared/format-table.c | 6 ++++++
src/test/test-format-table.c | 40 ++++++++++++++++++++--------------------
2 files changed, 26 insertions(+), 20 deletions(-)
diff --git a/src/shared/format-table.c b/src/shared/format-table.c
index a13a198..2dc95e9 100644
--- a/src/shared/format-table.c
+++ b/src/shared/format-table.c
@@ -2155,6 +2155,12 @@ int table_print(Table *t, FILE *f) {
if (!aligned)
return -ENOMEM;
+ /* Drop trailing white spaces of last column when no cosmetics is set. */
+ if (j == display_columns - 1 &&
+ (!colors_enabled() || !table_data_color(d)) &&
+ (!urlify_enabled() || !d->url))
+ delete_trailing_chars(aligned, NULL);
+
free_and_replace(buffer, aligned);
field = buffer;
}
diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
index 24ee1df..b2943e6 100644
--- a/src/test/test-format-table.c
+++ b/src/test/test-format-table.c
@@ -29,7 +29,7 @@ static void test_issue_9549(void) {
printf("%s\n", formatted);
assert_se(streq(formatted,
- "NAME TYPE RO USAGE CREATED MODIFIED \n"
+ "NAME TYPE RO USAGE CREATED MODIFIED\n"
"foooo raw no 673.6M Wed 2018-07-11 00:10:33 J… Wed 2018-07-11 00:16:00 JST\n"
));
}
@@ -72,7 +72,7 @@ static void test_multiline(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"));
+ "lines \n"));
formatted = mfree(formatted);
table_set_cell_height_max(table, (size_t) -1);
@@ -82,7 +82,7 @@ static void test_multiline(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"));
+ "lines \n"));
formatted = mfree(formatted);
assert_se(table_add_many(table,
@@ -123,7 +123,7 @@ static void test_multiline(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"
+ "lines \n"
"short a\n"
" pair\n"
"short2 a\n"
@@ -138,7 +138,7 @@ static void test_multiline(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"
+ "lines \n"
"short a\n"
" pair\n"
"short2 a\n"
@@ -186,7 +186,7 @@ static void test_strv(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"));
+ "lines \n"));
formatted = mfree(formatted);
table_set_cell_height_max(table, (size_t) -1);
@@ -196,7 +196,7 @@ static void test_strv(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"));
+ "lines \n"));
formatted = mfree(formatted);
assert_se(table_add_many(table,
@@ -237,7 +237,7 @@ static void test_strv(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"
+ "lines \n"
"short a\n"
" pair\n"
"short2 a\n"
@@ -252,7 +252,7 @@ static void test_strv(void) {
"FOO BAR\n"
"three two\n"
"different lines\n"
- "lines \n"
+ "lines \n"
"short a\n"
" pair\n"
"short2 a\n"
@@ -333,7 +333,7 @@ static void test_strv_wrapped(void) {
assert_se(streq(formatted,
"FOO BAR\n"
"three different two lines\n"
- "lines \n"
+ "lines \n"
"short a pair\n"
"short2 a eight line ćęłł\n"
" ___5___ ___6___…\n"));
@@ -345,7 +345,7 @@ static void test_strv_wrapped(void) {
assert_se(streq(formatted,
"FOO BAR\n"
"three different two lines\n"
- "lines \n"
+ "lines \n"
"short a pair\n"
"short2 a eight line ćęłł\n"
" ___5___ ___6___\n"
@@ -358,7 +358,7 @@ static void test_strv_wrapped(void) {
assert_se(streq(formatted,
"FOO BAR\n"
"three different two lines\n"
- "lines \n"
+ "lines \n"
"short a pair\n"
"short2 a eight line ćęłł\n"
" ___5___ ___6___\n"
@@ -493,17 +493,17 @@ int main(int argc, char *argv[]) {
if (isatty(STDOUT_FILENO))
assert_se(streq(formatted,
" no a long f… no a long f… a long fi…\n"
- " no fäää no fäää fäää \n"
- " yes fäää yes fäää fäää \n"
- " yes xxx yes xxx xxx \n"
- "5min 5min \n"));
+ " no fäää no fäää fäää\n"
+ " yes fäää yes fäää fäää\n"
+ " yes xxx yes xxx xxx\n"
+ "5min 5min \n"));
else
assert_se(streq(formatted,
" no a long field no a long field a long field\n"
- " no fäää no fäää fäää \n"
- " yes fäää yes fäää fäää \n"
- " yes xxx yes xxx xxx \n"
- "5min 5min \n"));
+ " no fäää no fäää fäää\n"
+ " yes fäää yes fäää fäää\n"
+ " yes xxx yes xxx xxx\n"
+ "5min 5min \n"));
test_issue_9549();
test_multiline();
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 1 Jun 2021 19:43:55 +0200
Subject: unit-name: generate a clear error code when converting an overly long
fs path to a unit name
Origin: https://github.com/systemd/systemd/commit/9d5acfab20c5f1177d877d0bec18063c0a6c5929
[Salvatore Bonaccorso: Backport to 247.3 for context changes in
src/test/test-unit-name.c]
---
src/basic/unit-name.c | 6 ++++++
src/test/test-unit-name.c | 4 ++--
2 files changed, 8 insertions(+), 2 deletions(-)
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -528,6 +528,9 @@ int unit_name_from_path(const char *path
if (!s)
return -ENOMEM;
+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
+ return -ENAMETOOLONG;
+
/* Refuse this if this got too long or for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
return -EINVAL;
@@ -559,6 +562,9 @@ int unit_name_from_path_instance(const c
if (!s)
return -ENOMEM;
+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
+ return -ENAMETOOLONG;
+
/* Refuse this if this got too long or for some other reason didn't result in a valid name */
if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
return -EINVAL;
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -130,7 +130,7 @@ static void test_unit_name_from_path(voi
test_unit_name_from_path_one("///", ".mount", "-.mount", 0);
test_unit_name_from_path_one("/foo/../bar", ".mount", NULL, -EINVAL);
test_unit_name_from_path_one("/foo/./bar", ".mount", NULL, -EINVAL);
- test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -EINVAL);
+ test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -ENAMETOOLONG);
}
static void test_unit_name_from_path_instance_one(const char *pattern, const char *path, const char *suffix, const char *expected, int ret) {
@@ -160,7 +160,7 @@ static void test_unit_name_from_path_ins
test_unit_name_from_path_instance_one("waldo", "..", ".mount", NULL, -EINVAL);
test_unit_name_from_path_instance_one("waldo", "/foo", ".waldi", NULL, -EINVAL);
test_unit_name_from_path_instance_one("wa--ldo", "/--", ".mount", "wa--ldo@\\x2d\\x2d.mount", 0);
- test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -EINVAL);
+ test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -ENAMETOOLONG);
}
static void test_unit_name_to_path_one(const char *unit, const char *path, int ret) {
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment