diff --git a/0029-Add-support-for-the-LoongArch-architecture.patch b/0029-Add-support-for-the-LoongArch-architecture.patch deleted file mode 100644 index 4976d6419ba1951a3b25074cddb75365d0667623..0000000000000000000000000000000000000000 --- a/0029-Add-support-for-the-LoongArch-architecture.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/src/basic/architecture.c b/src/basic/architecture.c -index 409632c..e86aff3 100644 ---- a/src/basic/architecture.c -+++ b/src/basic/architecture.c -@@ -118,6 +118,8 @@ int uname_architecture(void) { - #elif defined(__arc__) - { "arc", ARCHITECTURE_ARC }, - { "arceb", ARCHITECTURE_ARC_BE }, -+#elif defined(__loongarch64) -+ { "loongarch64", ARCHITECTURE_LOONGARCH64 }, - #else - #error "Please register your architecture here!" - #endif -@@ -173,6 +175,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { - [ARCHITECTURE_RISCV64] = "riscv64", - [ARCHITECTURE_ARC] = "arc", - [ARCHITECTURE_ARC_BE] = "arc-be", -+ [ARCHITECTURE_LOONGARCH64] = "loongarch64", - }; - - DEFINE_STRING_TABLE_LOOKUP(architecture, int); -diff --git a/src/basic/architecture.h b/src/basic/architecture.h -index 9abc183..758bd8c 100644 ---- a/src/basic/architecture.h -+++ b/src/basic/architecture.h -@@ -44,6 +44,7 @@ enum { - ARCHITECTURE_RISCV64, - ARCHITECTURE_ARC, - ARCHITECTURE_ARC_BE, -+ ARCHITECTURE_LOONGARCH64, - _ARCHITECTURE_MAX, - _ARCHITECTURE_INVALID = -EINVAL, - }; -@@ -229,6 +230,9 @@ int uname_architecture(void); - # define native_architecture() ARCHITECTURE_ARC - # define LIB_ARCH_TUPLE "arc-linux" - # endif -+#elif defined(__loongarch64) -+# define native_architecture() ARCHITECTURE_LOONGARCH64 -+# define LIB_ARCH_TUPLE "loongarch64-linux-gnu" - #else - # error "Please register your architecture here!" - #endif diff --git a/0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch b/0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch deleted file mode 100644 index 13cf40bac4aad9cd2441e09de2d3d80f1d5c1b22..0000000000000000000000000000000000000000 --- a/0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch +++ /dev/null @@ -1,65 +0,0 @@ -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7e88f09..de1acf1 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -140,7 +140,7 @@ static int detect_vm_device_tree(void) { - #endif - } - --#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) -+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) - static int detect_vm_dmi_vendor(void) { - static const char *const dmi_vendors[] = { - "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ -@@ -225,10 +225,10 @@ static int detect_vm_smbios(void) { - log_debug("DMI BIOS Extension table does not indicate virtualization."); - return SMBIOS_VM_BIT_UNSET; - } --#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) */ -+#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) */ - - static int detect_vm_dmi(void) { --#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) -+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) - - int r; - r = detect_vm_dmi_vendor(); -diff --git a/src/test/test-execute.c b/src/test/test-execute.c -index 125e0bb..6e168d3 100644 ---- a/src/test/test-execute.c -+++ b/src/test/test-execute.c -@@ -284,6 +284,8 @@ static void test_exec_personality(Manager *m) { - - #elif defined(__i386__) - test(m, "exec-personality-x86.service", 0, CLD_EXITED); -+#elif defined(__loongarch64) -+ test(m, "exec-personality-loongarch64.service", 0, CLD_EXITED); - #else - log_notice("Unknown personality, skipping %s", __func__); - #endif -diff --git a/src/udev/meson.build b/src/udev/meson.build -index 4e80f9b..f2eb0b2 100644 ---- a/src/udev/meson.build -+++ b/src/udev/meson.build -@@ -129,7 +129,7 @@ udev_id_progs = [['ata_id/ata_id.c'], - 'mtd_probe/mtd_probe.h', - 'mtd_probe/probe_smartmedia.c']] - --dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'mips'] -+dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips'] - if dmi_arches.contains(host_machine.cpu_family()) - udev_id_progs += [['dmi_memory_id/dmi_memory_id.c']] - endif -diff --git a/test/test-execute/exec-personality-loongarch64.service b/test/test-execute/exec-personality-loongarch64.service -new file mode 100644 -index 0000000..0531ad1 ---- /dev/null -+++ b/test/test-execute/exec-personality-loongarch64.service -@@ -0,0 +1,7 @@ -+[Unit] -+Description=Test for Personality=loongarch64 -+ -+[Service] -+ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "loongarch64")' -+Type=oneshot -+Personality=loongarch64 diff --git a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch index 39fa1d2a2343ae98380aefa84470ce7cfe962252..ef6b6de903a3b74afda8beaaad6c651895294530 100644 --- a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch +++ b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch @@ -9,10 +9,10 @@ When processing uevent events fails, retry it. 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 75e2086..023fe55 100644 +index c6d24d9..512192e 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c -@@ -69,6 +69,7 @@ +@@ -74,6 +74,7 @@ #include "version.h" #define WORKER_NUM_MAX 2048U @@ -20,7 +20,7 @@ index 75e2086..023fe55 100644 #define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) #define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) -@@ -123,6 +124,7 @@ typedef struct Event { +@@ -129,6 +130,7 @@ typedef struct Event { Manager *manager; Worker *worker; EventState state; @@ -28,8 +28,8 @@ index 75e2086..023fe55 100644 sd_device *dev; -@@ -166,6 +168,32 @@ typedef enum EventResult { - _EVENT_RESULT_INVALID = -EINVAL, +@@ -182,6 +184,32 @@ typedef enum EventResult { + _EVENT_RESULT_INVALID = -EINVAL, } EventResult; +static bool event_retry(Event *event) { @@ -61,27 +61,27 @@ index 75e2086..023fe55 100644 static Event *event_free(Event *event) { if (!event) return NULL; -@@ -1118,6 +1146,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - .seqnum = seqnum, - .action = action, +@@ -1140,6 +1168,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { + .devpath_old = devpath_old, + .devnode = devnode, .state = EVENT_QUEUED, + .retry = UEVENT_MAX_RETRY_TIMES, }; - if (LIST_IS_EMPTY(manager->events)) { -@@ -1547,8 +1576,10 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_delete_db(worker->event->dev); - device_tag_index(worker->event->dev, NULL, false); + if (!manager->events) { +@@ -1513,8 +1542,10 @@ static int on_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) { + device_delete_db(dev); + device_tag_index(dev, NULL, false); -- /* Forward kernel event to libudev listeners */ -- device_broadcast(manager->monitor, worker->event->dev); -+ if (event_retry(worker->event) == false) { -+ /* Forward kernel event to libudev listeners */ -+ device_broadcast(manager->monitor, worker->event->dev); -+ } - } +- /* Forward kernel event to libudev listeners */ +- device_broadcast(manager->monitor, dev, result); ++ if (event_retry(worker->event) == false) { ++ /* Forward kernel event to libudev listeners */ ++ device_broadcast(manager->monitor, worker->event->dev, result); ++ } + } - worker_free(worker); + worker_free(worker); -- 2.33.0 diff --git a/Systemd-Add-sw64-architecture.patch b/Systemd-Add-sw64-architecture.patch old mode 100755 new mode 100644 index e6d9b0cbbd2924d9a75f0c8a56bcf5e668533333..2de212554efc6d5b22a29e995abac0c4769e6aa2 --- a/Systemd-Add-sw64-architecture.patch +++ b/Systemd-Add-sw64-architecture.patch @@ -5,50 +5,51 @@ Subject: [PATCH] Systemd Add sw64 architecture Signed-off-by: rpm-build --- - src/basic/architecture.c | 3 + + src/basic/architecture.c | 4 + src/basic/architecture.h | 4 + src/basic/meson.build | 1 + src/basic/missing_fcntl.h | 2 + - src/basic/missing_syscall_def.h | 35 ++ + src/basic/missing_syscall_def.h | 33 ++ src/basic/missing_syscalls.py | 2 + src/basic/syscalls-sw_64.txt | 600 ++++++++++++++++++++++++++++++++ - 7 files changed, 647 insertions(+) + 7 files changed, 646 insertions(+) create mode 100644 src/basic/syscalls-sw_64.txt diff --git a/src/basic/architecture.c b/src/basic/architecture.c -index 409632c..8314aa5 100644 +index 773ee3c..59a4e31 100644 --- a/src/basic/architecture.c +++ b/src/basic/architecture.c -@@ -54,6 +54,8 @@ int uname_architecture(void) { - { "mips", ARCHITECTURE_MIPS }, +@@ -49,6 +49,9 @@ Architecture uname_architecture(void) { #elif defined(__alpha__) { "alpha" , ARCHITECTURE_ALPHA }, + +#elif defined(__sw_64__) + { "sw_64" , ARCHITECTURE_SW_64 }, - #elif defined(__arm__) || defined(__aarch64__) - { "aarch64", ARCHITECTURE_ARM64 }, - { "aarch64_be", ARCHITECTURE_ARM64_BE }, -@@ -159,6 +161,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { - [ARCHITECTURE_MIPS64] = "mips64", - [ARCHITECTURE_MIPS64_LE] = "mips64-le", - [ARCHITECTURE_ALPHA] = "alpha", -+ [ARCHITECTURE_SW_64] = "sw_64", - [ARCHITECTURE_ARM] = "arm", - [ARCHITECTURE_ARM_BE] = "arm-be", - [ARCHITECTURE_ARM64] = "arm64", ++ + #elif defined(__arc__) + { "arc", ARCHITECTURE_ARC }, + { "arceb", ARCHITECTURE_ARC_BE }, +@@ -145,6 +148,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { + [ARCHITECTURE_ARM] = "arm", + [ARCHITECTURE_ARM_BE] = "arm-be", + [ARCHITECTURE_ALPHA] = "alpha", ++ [ARCHITECTURE_SW_64] = "sw_64", + [ARCHITECTURE_ARC] = "arc", + [ARCHITECTURE_ARC_BE] = "arc-be", + [ARCHITECTURE_CRIS] = "cris", diff --git a/src/basic/architecture.h b/src/basic/architecture.h -index 9abc183..3361eaf 100644 +index 096526a..4c4be03 100644 --- a/src/basic/architecture.h +++ b/src/basic/architecture.h -@@ -30,6 +30,7 @@ enum { - ARCHITECTURE_MIPS64, - ARCHITECTURE_MIPS64_LE, +@@ -11,6 +11,7 @@ + + typedef enum { ARCHITECTURE_ALPHA, + ARCHITECTURE_SW_64, + ARCHITECTURE_ARC, + ARCHITECTURE_ARC_BE, ARCHITECTURE_ARM, - ARCHITECTURE_ARM_BE, - ARCHITECTURE_ARM64, -@@ -143,6 +144,9 @@ int uname_architecture(void); +@@ -142,6 +143,9 @@ Architecture uname_architecture(void); #elif defined(__alpha__) # define native_architecture() ARCHITECTURE_ALPHA # define LIB_ARCH_TUPLE "alpha-linux-gnu" @@ -59,10 +60,10 @@ index 9abc183..3361eaf 100644 # if __BYTE_ORDER == __BIG_ENDIAN # define native_architecture() ARCHITECTURE_ARM64_BE diff --git a/src/basic/meson.build b/src/basic/meson.build -index 452b965..80dab1b 100644 +index 7aae031..f0a0282 100644 --- a/src/basic/meson.build +++ b/src/basic/meson.build -@@ -325,6 +325,7 @@ basic_sources += generated_gperf_headers +@@ -177,6 +177,7 @@ basic_sources += generated_gperf_headers arch_list = [ 'alpha', @@ -84,10 +85,10 @@ index 00937d2..fff662b 100644 #define __O_TMPFILE 0400000000 #elif defined(__sparc__) || defined(__sparc64__) diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 29dfd2e..10a585b 100644 +index 402fdd0..9680923 100644 --- a/src/basic/missing_syscall_def.h +++ b/src/basic/missing_syscall_def.h -@@ -9,6 +9,7 @@ +@@ -10,6 +10,7 @@ * template as the per-syscall blocks below. */ # if defined(__aarch64__) # elif defined(__alpha__) @@ -95,7 +96,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # elif defined(__arm__) # elif defined(__i386__) -@@ -44,6 +45,8 @@ +@@ -47,6 +48,8 @@ # define systemd_NR_bpf 280 # elif defined(__alpha__) # define systemd_NR_bpf 515 @@ -104,7 +105,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_bpf 280 # elif defined(__arm__) -@@ -108,6 +111,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); +@@ -115,6 +118,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); # define systemd_NR_close_range 436 # elif defined(__alpha__) # define systemd_NR_close_range 546 @@ -113,7 +114,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_close_range 436 # elif defined(__arm__) -@@ -172,6 +177,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); +@@ -183,6 +188,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); # define systemd_NR_copy_file_range 285 # elif defined(__alpha__) # define systemd_NR_copy_file_range 519 @@ -122,16 +123,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_copy_file_range 285 # elif defined(__arm__) -@@ -236,6 +243,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); - # define systemd_NR_epoll_pwait2 441 - # elif defined(__alpha__) - # define systemd_NR_epoll_pwait2 551 -+# elif defined(__sw_64__) -+# define systemd_NR_epoll_pwait2 551 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_epoll_pwait2 441 - # elif defined(__arm__) -@@ -300,6 +309,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2); +@@ -251,6 +258,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); # define systemd_NR_getrandom 278 # elif defined(__alpha__) # define systemd_NR_getrandom 511 @@ -140,7 +132,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_getrandom 278 # elif defined(__arm__) -@@ -364,6 +375,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); +@@ -319,6 +328,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); # define systemd_NR_memfd_create 279 # elif defined(__alpha__) # define systemd_NR_memfd_create 512 @@ -149,7 +141,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_memfd_create 279 # elif defined(__arm__) -@@ -428,6 +441,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); +@@ -387,6 +398,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); # define systemd_NR_mount_setattr 442 # elif defined(__alpha__) # define systemd_NR_mount_setattr 552 @@ -158,7 +150,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_mount_setattr 442 # elif defined(__arm__) -@@ -492,6 +507,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); +@@ -455,6 +468,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); # define systemd_NR_move_mount 429 # elif defined(__alpha__) # define systemd_NR_move_mount 539 @@ -167,7 +159,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_move_mount 429 # elif defined(__arm__) -@@ -556,6 +573,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); +@@ -523,6 +538,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); # define systemd_NR_name_to_handle_at 264 # elif defined(__alpha__) # define systemd_NR_name_to_handle_at 497 @@ -176,7 +168,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_name_to_handle_at 264 # elif defined(__arm__) -@@ -620,6 +639,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); +@@ -591,6 +608,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); # define systemd_NR_open_tree 428 # elif defined(__alpha__) # define systemd_NR_open_tree 538 @@ -185,7 +177,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_open_tree 428 # elif defined(__arm__) -@@ -684,6 +705,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); +@@ -659,6 +678,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); # define systemd_NR_openat2 437 # elif defined(__alpha__) # define systemd_NR_openat2 547 @@ -194,7 +186,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_openat2 437 # elif defined(__arm__) -@@ -750,6 +773,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); +@@ -727,6 +748,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); # define systemd_NR_pidfd_open 434 # elif defined(__alpha__) # define systemd_NR_pidfd_open 544 @@ -203,7 +195,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_pidfd_open 434 # elif defined(__arm__) -@@ -814,6 +839,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); +@@ -795,6 +818,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); # define systemd_NR_pidfd_send_signal 424 # elif defined(__alpha__) # define systemd_NR_pidfd_send_signal 534 @@ -212,7 +204,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_pidfd_send_signal 424 # elif defined(__arm__) -@@ -878,6 +905,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); +@@ -863,6 +888,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); # define systemd_NR_pkey_mprotect 288 # elif defined(__alpha__) # define systemd_NR_pkey_mprotect 524 @@ -221,7 +213,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_pkey_mprotect 288 # elif defined(__arm__) -@@ -942,6 +971,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); +@@ -931,6 +958,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); # define systemd_NR_renameat2 276 # elif defined(__alpha__) # define systemd_NR_renameat2 510 @@ -230,7 +222,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_renameat2 276 # elif defined(__arm__) -@@ -1006,6 +1037,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); +@@ -999,6 +1028,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); # define systemd_NR_setns 268 # elif defined(__alpha__) # define systemd_NR_setns 501 @@ -239,7 +231,7 @@ index 29dfd2e..10a585b 100644 # elif defined(__arc__) || defined(__tilegx__) # define systemd_NR_setns 268 # elif defined(__arm__) -@@ -1070,6 +1103,8 @@ assert_cc(__NR_setns == systemd_NR_setns); +@@ -1067,6 +1098,8 @@ assert_cc(__NR_setns == systemd_NR_setns); # define systemd_NR_statx 291 # elif defined(__alpha__) # define systemd_NR_statx 522 @@ -249,10 +241,10 @@ index 29dfd2e..10a585b 100644 # define systemd_NR_statx 291 # elif defined(__arm__) diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py -index dd45899..cf448cc 100644 +index 5ccf02a..a7bfe7e 100644 --- a/src/basic/missing_syscalls.py +++ b/src/basic/missing_syscalls.py -@@ -52,6 +52,8 @@ DEF_TEMPLATE_B = '''\ +@@ -51,6 +51,8 @@ DEF_TEMPLATE_B = '''\ # define systemd_NR_{syscall} {nr_arm64} # elif defined(__alpha__) # define systemd_NR_{syscall} {nr_alpha} diff --git a/activation-service-must-be-restarted-when-reactivated.patch b/activation-service-must-be-restarted-when-reactivated.patch index a71eaa857c33af7dab199596c44a4fe2d848992f..b6ef28d926c8625b8d92685863a74800dc95ca07 100644 --- a/activation-service-must-be-restarted-when-reactivated.patch +++ b/activation-service-must-be-restarted-when-reactivated.patch @@ -24,7 +24,7 @@ index 29524d4..38940ef 100644 + Service *s = NULL; assert(message); - assert(m); + @@ -177,7 +179,13 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd goto failed; } diff --git a/add-loongarch-for-missing_syscall_def.patch b/add-loongarch-for-missing_syscall_def.patch deleted file mode 100644 index 19952aafbb300ff7f39b7be4e836a7e6ff3be99e..0000000000000000000000000000000000000000 --- a/add-loongarch-for-missing_syscall_def.patch +++ /dev/null @@ -1,165 +0,0 @@ -diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 29dfd2e..629cad0 100644 ---- a/src/basic/missing_syscall_def.h -+++ b/src/basic/missing_syscall_def.h -@@ -28,6 +28,7 @@ - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) - # elif defined(__s390__) - # elif defined(__sparc__) - # elif defined(__x86_64__) -@@ -74,6 +75,8 @@ - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_bpf 280 - # elif defined(__s390__) - # define systemd_NR_bpf 351 - # elif defined(__sparc__) -@@ -138,6 +141,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_close_range 436 - # elif defined(__s390__) - # define systemd_NR_close_range 436 - # elif defined(__sparc__) -@@ -202,6 +207,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_copy_file_range 285 - # elif defined(__s390__) - # define systemd_NR_copy_file_range 375 - # elif defined(__sparc__) -@@ -266,6 +273,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_epoll_pwait2 441 - # elif defined(__s390__) - # define systemd_NR_epoll_pwait2 441 - # elif defined(__sparc__) -@@ -330,6 +339,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_getrandom 278 - # elif defined(__s390__) - # define systemd_NR_getrandom 349 - # elif defined(__sparc__) -@@ -394,6 +405,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_memfd_create 279 - # elif defined(__s390__) - # define systemd_NR_memfd_create 350 - # elif defined(__sparc__) -@@ -458,6 +471,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_mount_setattr 442 - # elif defined(__s390__) - # define systemd_NR_mount_setattr 442 - # elif defined(__sparc__) -@@ -522,6 +537,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_move_mount 429 - # elif defined(__s390__) - # define systemd_NR_move_mount 429 - # elif defined(__sparc__) -@@ -586,6 +603,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_name_to_handle_at 264 - # elif defined(__s390__) - # define systemd_NR_name_to_handle_at 335 - # elif defined(__sparc__) -@@ -650,6 +669,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_open_tree 428 - # elif defined(__s390__) - # define systemd_NR_open_tree 428 - # elif defined(__sparc__) -@@ -692,7 +713,7 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); - # define systemd_NR_openat2 437 - # elif defined(__ia64__) - # define systemd_NR_openat2 1461 --# elif defined(__loongarch64) -+# elif defined(__loongarch__) - # define systemd_NR_openat2 437 - # elif defined(__m68k__) - # define systemd_NR_openat2 437 -@@ -780,6 +801,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_pidfd_open 434 - # elif defined(__s390__) - # define systemd_NR_pidfd_open 434 - # elif defined(__sparc__) -@@ -844,6 +867,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_pidfd_send_signal 424 - # elif defined(__s390__) - # define systemd_NR_pidfd_send_signal 424 - # elif defined(__sparc__) -@@ -908,6 +933,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_pkey_mprotect 288 - # elif defined(__s390__) - # define systemd_NR_pkey_mprotect 384 - # elif defined(__sparc__) -@@ -972,6 +999,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_renameat2 276 - # elif defined(__s390__) - # define systemd_NR_renameat2 347 - # elif defined(__sparc__) -@@ -1036,6 +1065,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_setns 268 - # elif defined(__s390__) - # define systemd_NR_setns 339 - # elif defined(__sparc__) -@@ -1100,6 +1131,8 @@ assert_cc(__NR_setns == systemd_NR_setns); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_statx 291 - # elif defined(__s390__) - # define systemd_NR_statx 379 - # elif defined(__sparc__) diff --git a/backport-Add-meson-option-to-disable-urlify.patch b/backport-Add-meson-option-to-disable-urlify.patch deleted file mode 100644 index 0b1760fcd54287f932585b419693d262b40b25e3..0000000000000000000000000000000000000000 --- a/backport-Add-meson-option-to-disable-urlify.patch +++ /dev/null @@ -1,66 +0,0 @@ -From e5d86ebed5624ef62342c820a5868b1075deb300 Mon Sep 17 00:00:00 2001 -From: James Hilliard -Date: Sun, 11 Jul 2021 04:39:33 -0600 -Subject: [PATCH] Add meson option to disable urlify. - -Useful for systems that don't use a version of less with hyperlink -support. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e5d86ebed5624ef62342c820a5868b1075deb300 ---- - meson.build | 1 + - meson_options.txt | 2 ++ - src/shared/pretty-print.c | 4 ++++ - 3 files changed, 7 insertions(+) - -diff --git a/meson.build b/meson.build -index 5735cfc7ad..a2ee15bf32 100644 ---- a/meson.build -+++ b/meson.build -@@ -278,6 +278,7 @@ conf.set_quoted('USER_PRESET_DIR', userpresetdir) - conf.set_quoted('VENDOR_KEYRING_PATH', join_paths(rootlibexecdir, 'import-pubring.gpg')) - - conf.set('ANSI_OK_COLOR', 'ANSI_' + get_option('ok-color').underscorify().to_upper()) -+conf.set10('ENABLE_URLIFY', get_option('urlify')) - conf.set10('ENABLE_FEXECVE', get_option('fexecve')) - conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_default) - conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper()) -diff --git a/meson_options.txt b/meson_options.txt -index 163c8df87d..b60261ac24 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -444,6 +444,8 @@ option('ok-color', type : 'combo', - 'highlight-cyan', 'highlight-white'], - value : 'green', - description: 'color of the "OK" status message') -+option('urlify', type : 'boolean', value : 'true', -+ description : 'enable pager Hyperlink ANSI sequence support') - option('fexecve', type : 'boolean', value : 'false', - description : 'use fexecve() to spawn children') - -diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c -index 137ba77b3a..7983c0a33a 100644 ---- a/src/shared/pretty-print.c -+++ b/src/shared/pretty-print.c -@@ -19,6 +19,7 @@ - #include "util.h" - - bool urlify_enabled(void) { -+#if ENABLE_URLIFY - static int cached_urlify_enabled = -1; - - if (cached_urlify_enabled < 0) { -@@ -32,6 +33,9 @@ bool urlify_enabled(void) { - } - - return cached_urlify_enabled; -+#else -+ return 0; -+#endif - } - - int terminal_urlify(const char *url, const char *text, char **ret) { --- -2.27.0 - diff --git a/backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch b/backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch deleted file mode 100644 index 02f65ce21d9cca71618d76f2d01cecbdb653af15..0000000000000000000000000000000000000000 --- a/backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Fri, 3 Dec 2021 11:23:36 +0100 -Subject: [PATCH] Bump the max number of inodes for /dev to 128k - -Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2. - -Apparently the previous limit set on the max number of inodes for /dev was too -small as a system with 4096 LUNs attached can consume up to 95k inodes for -symlinks: - - # /bin/df -i - Filesystem Inodes IUsed IFree IUse% Mounted on - devtmpfs 49274377 95075 49179302 1% /dev - -Hence this patch bumps the limit from 64k to 128k although the new limit is -still pretty arbitrary (that said, not sure if it really makes sense to put -such absolute limit number). - -(cherry picked from commit 4c733d3046942984c5f73b40c3af39cc218c103f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 ---- - src/shared/mount-util.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h -index 36501c2c4a..c5bd881070 100644 ---- a/src/shared/mount-util.h -+++ b/src/shared/mount-util.h -@@ -11,9 +11,9 @@ - #include "errno-util.h" - #include "macro.h" - --/* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, using -+/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using - * large storage array systems as a baseline */ --#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=64k" -+#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k" - - /* Very little, if any use expected */ - #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k" --- -2.33.0 - diff --git a/backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch b/backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch deleted file mode 100644 index 3b4470c869cef14bbb95e0ef4ebfce0f609bbea8..0000000000000000000000000000000000000000 --- a/backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e98d0662ffbffe2c60492be6b4f5d579038d3282 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 9 Dec 2021 10:09:17 +0100 -Subject: [PATCH 1/2] Bump the max number of inodes for /dev to a million - -4c733d3046942984c5f73b40c3af39cc218c103f shows that 95k can be used easily on a large -system. Let's bump it up even more so that we have some "breathing room". ---- - src/shared/mount-util.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h -index 3622170297..ce73aebd4b 100644 ---- a/src/shared/mount-util.h -+++ b/src/shared/mount-util.h -@@ -11,9 +11,9 @@ - #include "errno-util.h" - #include "macro.h" - --/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using -+/* 4MB for contents of regular files, 1m inodes for directories, symbolic links and device nodes, using - * large storage array systems as a baseline */ --#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k" -+#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=1m" - - /* Very little, if any use expected */ - #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k" --- -2.27.0 - diff --git a/backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch b/backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch deleted file mode 100644 index d2da5ff5bde173c1d35e168d2219194581f3c763..0000000000000000000000000000000000000000 --- a/backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch +++ /dev/null @@ -1,25 +0,0 @@ -From cac372a80177fb622806270eb0d810e4c6ad0c84 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 9 Dec 2021 10:20:46 +0100 -Subject: [PATCH] Bump the max number of inodes for /tmp to a million too - -Fixes #21626. (The bug report talks about /run, but the issue is actually with -/tmp.) People use /tmp for various things that fit in memory, e.g. unpacking -packages, and 400k is not much. Let's raise is a bit. ---- - units/tmp.mount | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/tmp.mount b/units/tmp.mount -index 516bd1621c..4e1bb8de24 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -22,4 +22,4 @@ After=swap.target - What=tmpfs - Where=/tmp - Type=tmpfs --Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k -+Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m --- -2.27.0 - diff --git a/backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch b/backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch deleted file mode 100644 index 6847def3b196955056b89577799c49065bebe5ed..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2426beacca09d84091759be45b25c88116302184 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 5 Oct 2021 10:32:56 +0200 -Subject: [PATCH] rm-rf: optionally fsync() after removing directory tree - -(cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2426beacca09d84091759be45b25c88116302184 ---- - src/shared/rm-rf.c | 3 +++ - src/shared/rm-rf.h | 1 + - 2 files changed, 4 insertions(+) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index dffb9cf6ee..5ef7c662dd 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -250,6 +250,9 @@ int rm_rf_children( - ret = r; - } - -+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) -+ ret = -errno; -+ - return ret; - } - -diff --git a/src/shared/rm-rf.h b/src/shared/rm-rf.h -index 577a2795e0..24fd9a2aa2 100644 ---- a/src/shared/rm-rf.h -+++ b/src/shared/rm-rf.h -@@ -14,6 +14,7 @@ typedef enum RemoveFlags { - REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ - REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete or access something */ - REMOVE_CHMOD_RESTORE = 1 << 6, /* Restore the old mode before returning */ -+ REMOVE_SYNCFS = 1 << 7, /* syncfs() the root of the specified directory after removing everything in it */ - } RemoveFlags; - - int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags); --- -2.33.0 - diff --git a/backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch b/backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch deleted file mode 100644 index 00aa7c38d7c548c905d7710a4bcde8b141fe5d78..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch +++ /dev/null @@ -1,324 +0,0 @@ -From ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 26 Jan 2021 16:30:06 +0100 -Subject: [PATCH] rm-rf: refactor rm_rf_children(), split out body of directory - iteration loop - -This splits out rm_rf_children_inner() as body of the loop. We can use -that to implement rm_rf_child() for deleting one specific entry in a -directory. - -(cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab ---- - src/shared/rm-rf.c | 223 ++++++++++++++++++++++++++------------------- - src/shared/rm-rf.h | 3 +- - 2 files changed, 131 insertions(+), 95 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 900a7fb5ff..dffb9cf6ee 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -19,6 +19,9 @@ - #include "stat-util.h" - #include "string-util.h" - -+/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after -+ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove -+ * those again. */ - static bool is_physical_fs(const struct statfs *sfs) { - return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); - } -@@ -113,133 +116,145 @@ int fstatat_harder(int dfd, - return 0; - } - --int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { -- _cleanup_closedir_ DIR *d = NULL; -- struct dirent *de; -- int ret = 0, r; -- struct statfs sfs; -+static int rm_rf_children_inner( -+ int fd, -+ const char *fname, -+ int is_dir, -+ RemoveFlags flags, -+ const struct stat *root_dev) { - -- assert(fd >= 0); -+ struct stat st; -+ int r; - -- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -- * fd, in all cases, including on failure.. */ -+ assert(fd >= 0); -+ assert(fname); - -- if (!(flags & REMOVE_PHYSICAL)) { -+ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { - -- r = fstatfs(fd, &sfs); -- if (r < 0) { -- safe_close(fd); -- return -errno; -- } -+ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); -+ if (r < 0) -+ return r; - -- if (is_physical_fs(&sfs)) { -- /* We refuse to clean physical file systems with this call, -- * unless explicitly requested. This is extra paranoia just -- * to be sure we never ever remove non-state data. */ -- _cleanup_free_ char *path = NULL; -+ is_dir = S_ISDIR(st.st_mode); -+ } - -- (void) fd_get_path(fd, &path); -- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.", -- strna(path)); -+ if (is_dir) { -+ _cleanup_close_ int subdir_fd = -1; -+ int q; - -- safe_close(fd); -- return -EPERM; -- } -- } -+ /* if root_dev is set, remove subdirectories only if device is same */ -+ if (root_dev && st.st_dev != root_dev->st_dev) -+ return 0; - -- d = fdopendir(fd); -- if (!d) { -- safe_close(fd); -- return errno == ENOENT ? 0 : -errno; -- } -+ /* Stop at mount points */ -+ r = fd_is_mount_point(fd, fname, 0); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ return 0; - -- FOREACH_DIRENT_ALL(de, d, return -errno) { -- bool is_dir; -- struct stat st; -+ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { - -- if (dot_or_dot_dot(de->d_name)) -- continue; -+ /* This could be a subvolume, try to remove it */ - -- if (de->d_type == DT_UNKNOWN || -- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) { -- r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags); -+ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); - if (r < 0) { -- if (ret == 0 && r != -ENOENT) -- ret = r; -- continue; -- } -+ if (!IN_SET(r, -ENOTTY, -EINVAL)) -+ return r; - -- is_dir = S_ISDIR(st.st_mode); -- } else -- is_dir = de->d_type == DT_DIR; -+ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ -+ } else -+ /* It was a subvolume, done. */ -+ return 1; -+ } - -- if (is_dir) { -- _cleanup_close_ int subdir_fd = -1; -+ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (subdir_fd < 0) -+ return -errno; - -- /* if root_dev is set, remove subdirectories only if device is same */ -- if (root_dev && st.st_dev != root_dev->st_dev) -- continue; -+ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type -+ * again for each directory */ -+ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); - -- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -- if (subdir_fd < 0) { -- if (ret == 0 && errno != ENOENT) -- ret = -errno; -- continue; -- } -+ r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); -+ if (r < 0) -+ return r; -+ if (q < 0) -+ return q; - -- /* Stop at mount points */ -- r = fd_is_mount_point(fd, de->d_name, 0); -- if (r < 0) { -- if (ret == 0 && r != -ENOENT) -- ret = r; -+ return 1; - -- continue; -- } -- if (r > 0) -- continue; -+ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -+ r = unlinkat_harder(fd, fname, 0, flags); -+ if (r < 0) -+ return r; - -- if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { -+ return 1; -+ } - -- /* This could be a subvolume, try to remove it */ -+ return 0; -+} - -- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); -- if (r < 0) { -- if (!IN_SET(r, -ENOTTY, -EINVAL)) { -- if (ret == 0) -- ret = r; -+int rm_rf_children( -+ int fd, -+ RemoveFlags flags, -+ const struct stat *root_dev) { - -- continue; -- } -+ _cleanup_closedir_ DIR *d = NULL; -+ struct dirent *de; -+ int ret = 0, r; - -- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ -- } else -- /* It was a subvolume, continue. */ -- continue; -- } -+ assert(fd >= 0); -+ -+ /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -+ * fd, in all cases, including on failure. */ -+ -+ d = fdopendir(fd); -+ if (!d) { -+ safe_close(fd); -+ return -errno; -+ } - -- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file -- * system type again for each directory */ -- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); -- if (r < 0 && ret == 0) -- ret = r; -+ if (!(flags & REMOVE_PHYSICAL)) { -+ struct statfs sfs; - -- r = unlinkat_harder(fd, de->d_name, AT_REMOVEDIR, flags); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -+ if (fstatfs(dirfd(d), &sfs) < 0) -+ return -errno; -+ -+ if (is_physical_fs(&sfs)) { -+ /* We refuse to clean physical file systems with this call, unless explicitly -+ * requested. This is extra paranoia just to be sure we never ever remove non-state -+ * data. */ - -- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -+ _cleanup_free_ char *path = NULL; - -- r = unlinkat_harder(fd, de->d_name, 0, flags); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -+ (void) fd_get_path(fd, &path); -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove disk file system under \"%s\", and we can't allow that.", -+ strna(path)); - } - } -+ -+ FOREACH_DIRENT_ALL(de, d, return -errno) { -+ int is_dir; -+ -+ if (dot_or_dot_dot(de->d_name)) -+ continue; -+ -+ is_dir = -+ de->d_type == DT_UNKNOWN ? -1 : -+ de->d_type == DT_DIR; -+ -+ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); -+ if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ } -+ - return ret; - } - - int rm_rf(const char *path, RemoveFlags flags) { - int fd, r; -- struct statfs s; - - assert(path); - -@@ -284,9 +299,10 @@ int rm_rf(const char *path, RemoveFlags flags) { - if (FLAGS_SET(flags, REMOVE_ROOT)) { - - if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -+ struct statfs s; -+ - if (statfs(path, &s) < 0) - return -errno; -- - if (is_physical_fs(&s)) - return log_error_errno(SYNTHETIC_ERRNO(EPERM), - "Attempted to remove files from a disk file system under \"%s\", refusing.", -@@ -314,3 +330,22 @@ int rm_rf(const char *path, RemoveFlags flags) { - - return r; - } -+ -+int rm_rf_child(int fd, const char *name, RemoveFlags flags) { -+ -+ /* Removes one specific child of the specified directory */ -+ -+ if (fd < 0) -+ return -EBADF; -+ -+ if (!filename_is_valid(name)) -+ return -EINVAL; -+ -+ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */ -+ return -EINVAL; -+ -+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) -+ return -EINVAL; -+ -+ return rm_rf_children_inner(fd, name, -1, flags, NULL); -+} -diff --git a/src/shared/rm-rf.h b/src/shared/rm-rf.h -index 40f0894c96..577a2795e0 100644 ---- a/src/shared/rm-rf.h -+++ b/src/shared/rm-rf.h -@@ -23,7 +23,8 @@ int fstatat_harder(int dfd, - int fstatat_flags, - RemoveFlags remove_flags); - --int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev); -+int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); -+int rm_rf_child(int fd, const char *name, RemoveFlags flags); - int rm_rf(const char *path, RemoveFlags flags); - - /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */ --- -2.33.0 - diff --git a/backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch b/backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch deleted file mode 100644 index 4858ff484c5c94d62fcb474b4d8af173387f5845..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch +++ /dev/null @@ -1,276 +0,0 @@ -From 6a28f8b55904c818b25e4db2e1511faac79fd471 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 30 Nov 2021 22:29:05 +0100 -Subject: [PATCH] shared/rm-rf: loop over nested directories instead of instead - of recursing - -To remove directory structures, we need to remove the innermost items first, -and then recursively remove higher-level directories. We would recursively -descend into directories and invoke rm_rf_children and rm_rm_children_inner. -This is problematic when too many directories are nested. - -Instead, let's create a "TODO" queue. In the the queue, for each level we -hold the DIR* object we were working on, and the name of the directory. This -allows us to leave a partially-processed directory, and restart the removal -loop one level down. When done with the inner directory, we use the name to -unlinkat() it from the parent, and proceed with the removal of other items. - -Because the nesting is increased by one level, it is best to view this patch -with -b/--ignore-space-change. - -This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. -The issue was reported and patches reviewed by Qualys Team. -Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. - -(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1) -(cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6a28f8b55904c818b25e4db2e1511faac79fd471 ---- - src/shared/rm-rf.c | 161 +++++++++++++++++++++++++++++++-------------- - 1 file changed, 113 insertions(+), 48 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 1bd2431d8a..954686ffc9 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -52,7 +52,6 @@ static int patch_dirfd_mode( - } - - int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) { -- - mode_t old_mode; - int r; - -@@ -116,12 +115,13 @@ int fstatat_harder(int dfd, - return 0; - } - --static int rm_rf_children_inner( -+static int rm_rf_inner_child( - int fd, - const char *fname, - int is_dir, - RemoveFlags flags, -- const struct stat *root_dev) { -+ const struct stat *root_dev, -+ bool allow_recursion) { - - struct stat st; - int r, q = 0; -@@ -141,9 +141,7 @@ static int rm_rf_children_inner( - } - - if (is_dir) { -- _cleanup_close_ int subdir_fd = -1; -- -- /* if root_dev is set, remove subdirectories only if device is same */ -+ /* If root_dev is set, remove subdirectories only if device is same */ - if (root_dev && st.st_dev != root_dev->st_dev) - return 0; - -@@ -155,7 +153,6 @@ static int rm_rf_children_inner( - return 0; - - if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { -- - /* This could be a subvolume, try to remove it */ - - r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); -@@ -169,13 +166,16 @@ static int rm_rf_children_inner( - return 1; - } - -- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (!allow_recursion) -+ return -EISDIR; -+ -+ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); - if (subdir_fd < 0) - return -errno; - - /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type - * again for each directory */ -- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); -+ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); - - } else if (flags & REMOVE_ONLY_DIRECTORIES) - return 0; -@@ -188,63 +188,128 @@ static int rm_rf_children_inner( - return 1; - } - -+typedef struct TodoEntry { -+ DIR *dir; /* A directory that we were operating on. */ -+ char *dirname; /* The filename of that directory itself. */ -+} TodoEntry; -+ -+static void free_todo_entries(TodoEntry **todos) { -+ for (TodoEntry *x = *todos; x && x->dir; x++) { -+ closedir(x->dir); -+ free(x->dirname); -+ } -+ -+ freep(todos); -+} -+ - int rm_rf_children( - int fd, - RemoveFlags flags, - const struct stat *root_dev) { - -- _cleanup_closedir_ DIR *d = NULL; -- struct dirent *de; -+ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; -+ size_t n_todo = 0; -+ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ - int ret = 0, r; - -- assert(fd >= 0); -+ /* Return the first error we run into, but nevertheless try to go on. -+ * The passed fd is closed in all cases, including on failure. */ -+ -+ for (;;) { /* This loop corresponds to the directory nesting level. */ -+ _cleanup_closedir_ DIR *d = NULL; -+ -+ if (n_todo > 0) { -+ /* We know that we are in recursion here, because n_todo is set. -+ * We need to remove the inner directory we were operating on. */ -+ assert(dirname); -+ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags); -+ if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ dirname = mfree(dirname); -+ -+ /* And now let's back out one level up */ -+ n_todo --; -+ d = TAKE_PTR(todos[n_todo].dir); -+ dirname = TAKE_PTR(todos[n_todo].dirname); -+ -+ assert(d); -+ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ -+ assert(fd >= 0); -+ } else { -+ next_fd: -+ assert(fd >= 0); -+ d = fdopendir(fd); -+ if (!d) { -+ safe_close(fd); -+ return -errno; -+ } -+ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have -+ * the right descriptor even if it were to internally invalidate the -+ * one we passed. */ -+ -+ if (!(flags & REMOVE_PHYSICAL)) { -+ struct statfs sfs; -+ -+ if (fstatfs(fd, &sfs) < 0) -+ return -errno; -+ -+ if (is_physical_fs(&sfs)) { -+ /* We refuse to clean physical file systems with this call, unless -+ * explicitly requested. This is extra paranoia just to be sure we -+ * never ever remove non-state data. */ -+ -+ _cleanup_free_ char *path = NULL; -+ -+ (void) fd_get_path(fd, &path); -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove disk file system under \"%s\", and we can't allow that.", -+ strna(path)); -+ } -+ } -+ } - -- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -- * fd, in all cases, including on failure. */ -+ struct dirent *de; -+ FOREACH_DIRENT_ALL(de, d, return -errno) { -+ int is_dir; - -- d = fdopendir(fd); -- if (!d) { -- safe_close(fd); -- return -errno; -- } -+ if (dot_or_dot_dot(de->d_name)) -+ continue; - -- if (!(flags & REMOVE_PHYSICAL)) { -- struct statfs sfs; -+ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; - -- if (fstatfs(dirfd(d), &sfs) < 0) -- return -errno; -+ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); -+ if (r == -EISDIR) { -+ /* Push the current working state onto the todo list */ - -- if (is_physical_fs(&sfs)) { -- /* We refuse to clean physical file systems with this call, unless explicitly -- * requested. This is extra paranoia just to be sure we never ever remove non-state -- * data. */ -+ if (!GREEDY_REALLOC0(todos, n_todo + 2)) -+ return log_oom(); - -- _cleanup_free_ char *path = NULL; -+ _cleanup_free_ char *newdirname = strdup(de->d_name); -+ if (!newdirname) -+ return log_oom(); - -- (void) fd_get_path(fd, &path); -- return log_error_errno(SYNTHETIC_ERRNO(EPERM), -- "Attempted to remove disk file system under \"%s\", and we can't allow that.", -- strna(path)); -- } -- } -+ int newfd = openat(fd, de->d_name, -+ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (newfd >= 0) { -+ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; -+ fd = newfd; -+ dirname = TAKE_PTR(newdirname); - -- FOREACH_DIRENT_ALL(de, d, return -errno) { -- int is_dir; -+ goto next_fd; - -- if (dot_or_dot_dot(de->d_name)) -- continue; -+ } else if (errno != -ENOENT && ret == 0) -+ ret = -errno; - -- is_dir = -- de->d_type == DT_UNKNOWN ? -1 : -- de->d_type == DT_DIR; -+ } else if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ } - -- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -- } -+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) -+ ret = -errno; - -- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) -- ret = -errno; -+ if (n_todo == 0) -+ break; -+ } - - return ret; - } -@@ -337,5 +402,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) { - if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) - return -EINVAL; - -- return rm_rf_children_inner(fd, name, -1, flags, NULL); -+ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); - } --- -2.33.0 - diff --git a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch b/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch deleted file mode 100644 index 8ba7906afe3c20535ae29141f8e1cc0db3ff7f4c..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 811b137d6137cc3e8932599e6ef9254ba43ff5eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 16:56:42 +0100 -Subject: [PATCH] shared/rm_rf: refactor rm_rf() to shorten code a bit - -(cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69) -(cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/811b137d6137cc3e8932599e6ef9254ba43ff5eb ---- - src/shared/rm-rf.c | 54 +++++++++++++++++++++------------------------- - 1 file changed, 24 insertions(+), 30 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 7362954116..1bd2431d8a 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -250,7 +250,7 @@ int rm_rf_children( - } - - int rm_rf(const char *path, RemoveFlags flags) { -- int fd, r; -+ int fd, r, q = 0; - - assert(path); - -@@ -282,49 +282,43 @@ int rm_rf(const char *path, RemoveFlags flags) { - } - - fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -- if (fd < 0) { -+ if (fd >= 0) { -+ /* We have a dir */ -+ r = rm_rf_children(fd, flags, NULL); -+ -+ if (FLAGS_SET(flags, REMOVE_ROOT) && rmdir(path) < 0) -+ q = -errno; -+ } else { - if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) - return 0; - - if (!IN_SET(errno, ENOTDIR, ELOOP)) - return -errno; - -- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) -+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) - return 0; - -- if (FLAGS_SET(flags, REMOVE_ROOT)) { -- -- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -- struct statfs s; -- -- if (statfs(path, &s) < 0) -- return -errno; -- if (is_physical_fs(&s)) -- return log_error_errno(SYNTHETIC_ERRNO(EPERM), -- "Attempted to remove files from a disk file system under \"%s\", refusing.", -- path); -- } -- -- if (unlink(path) < 0) { -- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) -- return 0; -+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -+ struct statfs s; - -+ if (statfs(path, &s) < 0) - return -errno; -- } -+ if (is_physical_fs(&s)) -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove files from a disk file system under \"%s\", refusing.", -+ path); - } - -- return 0; -+ r = 0; -+ if (unlink(path) < 0) -+ q = -errno; - } - -- r = rm_rf_children(fd, flags, NULL); -- -- if (FLAGS_SET(flags, REMOVE_ROOT) && -- rmdir(path) < 0 && -- r >= 0 && -- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) -- r = -errno; -- -- return r; -+ if (r < 0) -+ return r; -+ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) -+ return q; -+ return 0; - } - - int rm_rf_child(int fd, const char *name, RemoveFlags flags) { --- -2.33.0 - diff --git a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch b/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch deleted file mode 100644 index 3fcf1c99c04b3a9b96c724820c8740ebe4e55895..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 89395b63f04f1acc0db533c32637ea20379f97c0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 15:55:45 +0100 -Subject: [PATCH] shared/rm_rf: refactor rm_rf_children_inner() to shorten code - a bit - -(cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11) -(cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/89395b63f04f1acc0db533c32637ea20379f97c0 ---- - src/shared/rm-rf.c | 27 +++++++++------------------ - 1 file changed, 9 insertions(+), 18 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 19f37e0f19..7362954116 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -124,7 +124,7 @@ static int rm_rf_children_inner( - const struct stat *root_dev) { - - struct stat st; -- int r; -+ int r, q = 0; - - assert(fd >= 0); - assert(fname); -@@ -142,7 +142,6 @@ static int rm_rf_children_inner( - - if (is_dir) { - _cleanup_close_ int subdir_fd = -1; -- int q; - - /* if root_dev is set, remove subdirectories only if device is same */ - if (root_dev && st.st_dev != root_dev->st_dev) -@@ -178,23 +177,15 @@ static int rm_rf_children_inner( - * again for each directory */ - q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); - -- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); -- if (r < 0) -- return r; -- if (q < 0) -- return q; -- -- return 1; -- -- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -- r = unlinkat_harder(fd, fname, 0, flags); -- if (r < 0) -- return r; -- -- return 1; -- } -+ } else if (flags & REMOVE_ONLY_DIRECTORIES) -+ return 0; - -- return 0; -+ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags); -+ if (r < 0) -+ return r; -+ if (q < 0) -+ return q; -+ return 1; - } - - int rm_rf_children( --- -2.33.0 - diff --git a/backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch b/backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch deleted file mode 100644 index fd51c83adb5691766080af4d896855b4077d2362..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 7563de501246dccf5a9ea229933481aa1e7bd5c9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 15:05:58 +0100 -Subject: [PATCH] tmpfiles: 'st' may have been used uninitialized - -(cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7563de501246dccf5a9ea229933481aa1e7bd5c9 ---- - src/shared/rm-rf.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 5ef7c662dd..19f37e0f19 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -129,7 +129,9 @@ static int rm_rf_children_inner( - assert(fd >= 0); - assert(fname); - -- if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { -+ if (is_dir < 0 || -+ root_dev || -+ (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { - - r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); - if (r < 0) --- -2.33.0 - diff --git a/backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch b/backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch deleted file mode 100644 index 11968cfa26696f80c69fc14518cc54eddfbe457d..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 2c5d05b3cd986568105d67891e4010b868dea24f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Oct 2022 12:28:31 +0200 -Subject: [PATCH] basic: add STRERROR() wrapper for strerror_r() - -Conflict:Modify the content in meson.build. -Reference:https://github.com/systemd/systemd/commit/2c5d05b3cd986568105d67891e4010b868dea24f - ---- - src/basic/errno-util.h | 10 +++++++++ - src/test/meson.build | 2 ++ - src/test/test-errno-util.c | 44 ++++++++++++++++++++++++++++++++++++++ - 3 files changed, 56 insertions(+) - create mode 100644 src/test/test-errno-util.c - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index a71864ca60..f0d24d95cb 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -6,6 +6,16 @@ - - #include "macro.h" - -+/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */ -+#define ERRNO_BUF_LEN 1024 -+ -+/* Note: the lifetime of the compound literal is the immediately surrounding block, -+ * see C11 §6.5.2.5, and -+ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks -+ * -+ * Note that we use the GNU variant of strerror_r() here. */ -+#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) -+ - static inline void _reset_errno_(int *saved_errno) { - if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */ - return; -diff --git a/src/test/meson.build b/src/test/meson.build -index 31ac149b96..86fc1d4fc0 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -615,6 +615,8 @@ tests += [ - [['src/test/test-arphrd-list.c', - generated_gperf_headers]], - -+ [['src/test/test-errno-util.c']], -+ - [['src/test/test-ip-protocol-list.c', - shared_generated_gperf_headers]], - -diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c -new file mode 100644 -index 0000000000..284f451002 ---- /dev/null -+++ b/src/test/test-errno-util.c -@@ -0,0 +1,44 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include "errno-util.h" -+#include "stdio-util.h" -+#include "string-util.h" -+#include "tests.h" -+ -+TEST(strerror_not_threadsafe) { -+ /* Just check that strerror really is not thread-safe. */ -+ log_info("strerror(%d) → %s", 200, strerror(200)); -+ log_info("strerror(%d) → %s", 201, strerror(201)); -+ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX)); -+ -+ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201)); -+ -+ /* This call is not allowed, because the first returned string becomes invalid when -+ * we call strerror the second time: -+ * -+ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201)); -+ */ -+} -+ -+TEST(STRERROR) { -+ /* Just check that STRERROR really is thread-safe. */ -+ log_info("STRERROR(%d) → %s", 200, STRERROR(200)); -+ log_info("STRERROR(%d) → %s", 201, STRERROR(201)); -+ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201)); -+ -+ const char *a = STRERROR(200), *b = STRERROR(201); -+ assert_se(strstr(a, "200")); -+ assert_se(strstr(b, "201")); -+ -+ /* Check with negative values */ -+ assert_se(streq(a, STRERROR(-200))); -+ assert_se(streq(b, STRERROR(-201))); -+ -+ const char *c = STRERROR(INT_MAX); -+ char buf[DECIMAL_STR_MAX(int)]; -+ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */ -+ log_info("STRERROR(%d) → %s", INT_MAX, c); -+ assert_se(strstr(c, buf)); -+} -+ -+DEFINE_TEST_MAIN(LOG_INFO); --- -2.33.0 - diff --git a/backport-CVE-2022-4415-coredump-adjust-whitespace.patch b/backport-CVE-2022-4415-coredump-adjust-whitespace.patch deleted file mode 100644 index 044b773f9b8998aca297330fb8846aab820398b7..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-coredump-adjust-whitespace.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 510a146634f3e095b34e2a26023b1b1f99dcb8c0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 29 Nov 2022 09:00:16 +0100 -Subject: [PATCH] coredump: adjust whitespace - -Conflict:Delete the modification of parse_config. -Reference:https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0 - ---- - src/coredump/coredump.c | 56 ++++++++++++++++++++--------------------- - 1 file changed, 28 insertions(+), 28 deletions(-) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 50220c5ec7..9ce2b92ded 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -111,16 +111,16 @@ enum { - }; - - static const char * const meta_field_names[_META_MAX] = { -- [META_ARGV_PID] = "COREDUMP_PID=", -- [META_ARGV_UID] = "COREDUMP_UID=", -- [META_ARGV_GID] = "COREDUMP_GID=", -- [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=", -- [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=", -- [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=", -- [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=", -- [META_COMM] = "COREDUMP_COMM=", -- [META_EXE] = "COREDUMP_EXE=", -- [META_UNIT] = "COREDUMP_UNIT=", -+ [META_ARGV_PID] = "COREDUMP_PID=", -+ [META_ARGV_UID] = "COREDUMP_UID=", -+ [META_ARGV_GID] = "COREDUMP_GID=", -+ [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=", -+ [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=", -+ [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=", -+ [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=", -+ [META_COMM] = "COREDUMP_COMM=", -+ [META_EXE] = "COREDUMP_EXE=", -+ [META_UNIT] = "COREDUMP_UNIT=", - }; - - typedef struct Context { -@@ -139,9 +139,9 @@ typedef enum CoredumpStorage { - } CoredumpStorage; - - static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = { -- [COREDUMP_STORAGE_NONE] = "none", -+ [COREDUMP_STORAGE_NONE] = "none", - [COREDUMP_STORAGE_EXTERNAL] = "external", -- [COREDUMP_STORAGE_JOURNAL] = "journal", -+ [COREDUMP_STORAGE_JOURNAL] = "journal", - }; - - DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage); -@@ -209,15 +209,15 @@ static int fix_acl(int fd, uid_t uid) { - static int fix_xattr(int fd, const Context *context) { - - static const char * const xattrs[_META_MAX] = { -- [META_ARGV_PID] = "user.coredump.pid", -- [META_ARGV_UID] = "user.coredump.uid", -- [META_ARGV_GID] = "user.coredump.gid", -- [META_ARGV_SIGNAL] = "user.coredump.signal", -- [META_ARGV_TIMESTAMP] = "user.coredump.timestamp", -- [META_ARGV_RLIMIT] = "user.coredump.rlimit", -- [META_ARGV_HOSTNAME] = "user.coredump.hostname", -- [META_COMM] = "user.coredump.comm", -- [META_EXE] = "user.coredump.exe", -+ [META_ARGV_PID] = "user.coredump.pid", -+ [META_ARGV_UID] = "user.coredump.uid", -+ [META_ARGV_GID] = "user.coredump.gid", -+ [META_ARGV_SIGNAL] = "user.coredump.signal", -+ [META_ARGV_TIMESTAMP] = "user.coredump.timestamp", -+ [META_ARGV_RLIMIT] = "user.coredump.rlimit", -+ [META_ARGV_HOSTNAME] = "user.coredump.hostname", -+ [META_COMM] = "user.coredump.comm", -+ [META_EXE] = "user.coredump.exe", - }; - - int r = 0; --- -2.33.0 - diff --git a/backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch b/backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch deleted file mode 100644 index b9516a26813ccf27246c7cab830e02a407a6d965..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch +++ /dev/null @@ -1,386 +0,0 @@ -From 3e4d0f6cf99f8677edd6a237382a65bfe758de03 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 28 Nov 2022 12:12:55 +0100 -Subject: [PATCH] coredump: do not allow user to access coredumps with changed - uid/gid/capabilities - -When the user starts a program which elevates its permissions via setuid, -setgid, or capabilities set on the file, it may access additional information -which would then be visible in the coredump. We shouldn't make the the coredump -visible to the user in such cases. - -Reported-by: Matthias Gerstner - -This reads the /proc//auxv file and attaches it to the process metadata as -PROC_AUXV. Before the coredump is submitted, it is parsed and if either -at_secure was set (which the kernel will do for processes that are setuid, -setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file -is not made accessible to the user. If we can't access this data, we assume the -file should not be made accessible either. In principle we could also access -the auxv data from a note in the core file, but that is much more complex and -it seems better to use the stand-alone file that is provided by the kernel. - -Attaching auxv is both convient for this patch (because this way it's passed -between the stages along with other fields), but I think it makes sense to save -it in general. - -We use the information early in the core file to figure out if the program was -32-bit or 64-bit and its endianness. This way we don't need heuristics to guess -whether the format of the auxv structure. This test might reject some cases on -fringe architecutes. But the impact would be limited: we just won't grant the -user permissions to view the coredump file. If people report that we're missing -some cases, we can always enhance this to support more architectures. - -I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and -ppc64el, but not the whole coredump handling. - -Conflict:Change 'r = fsync_full(fd);' to 'if (fsync(fd) < 0)'. -Reference:https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03 - ---- - src/basic/io-util.h | 9 ++ - src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++--- - 2 files changed, 192 insertions(+), 13 deletions(-) - -diff --git a/src/basic/io-util.h b/src/basic/io-util.h -index 39728e06bc..3afb134266 100644 ---- a/src/basic/io-util.h -+++ b/src/basic/io-util.h -@@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void); - struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw); - struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw); - void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors); -+ - int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len); -+static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) { -+ /* Move data into iovw or free on error */ -+ int r = iovw_put(iovw, data, len); -+ if (r < 0) -+ free(data); -+ return r; -+} -+ - int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value); - int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value); - void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new); -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 9ce2b92ded..b6f3a2f256 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -107,6 +108,7 @@ enum { - - META_EXE = _META_MANDATORY_MAX, - META_UNIT, -+ META_PROC_AUXV, - _META_MAX - }; - -@@ -121,10 +123,12 @@ static const char * const meta_field_names[_META_MAX] = { - [META_COMM] = "COREDUMP_COMM=", - [META_EXE] = "COREDUMP_EXE=", - [META_UNIT] = "COREDUMP_UNIT=", -+ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=", - }; - - typedef struct Context { - const char *meta[_META_MAX]; -+ size_t meta_size[_META_MAX]; - pid_t pid; - bool is_pid1; - bool is_journald; -@@ -186,13 +190,16 @@ static uint64_t storage_size_max(void) { - return 0; - } - --static int fix_acl(int fd, uid_t uid) { -+static int fix_acl(int fd, uid_t uid, bool allow_user) { -+ assert(fd >= 0); -+ assert(uid_is_valid(uid)); - - #if HAVE_ACL - int r; - -- assert(fd >= 0); -- assert(uid_is_valid(uid)); -+ /* We don't allow users to read coredumps if the uid or capabilities were changed. */ -+ if (!allow_user) -+ return 0; - - if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) - return 0; -@@ -252,7 +259,8 @@ static int fix_permissions( - const char *filename, - const char *target, - const Context *context, -- uid_t uid) { -+ uid_t uid, -+ bool allow_user) { - - int r; - -@@ -262,7 +270,7 @@ static int fix_permissions( - - /* Ignore errors on these */ - (void) fchmod(fd, 0640); -- (void) fix_acl(fd, uid); -+ (void) fix_acl(fd, uid, allow_user); - (void) fix_xattr(fd, context); - - if (fsync(fd) < 0) -@@ -332,6 +340,153 @@ static int make_filename(const Context *context, char **ret) { - return 0; - } - -+static int parse_auxv64( -+ const uint64_t *auxv, -+ size_t size_bytes, -+ int *at_secure, -+ uid_t *uid, -+ uid_t *euid, -+ gid_t *gid, -+ gid_t *egid) { -+ -+ assert(auxv || size_bytes == 0); -+ -+ if (size_bytes % (2 * sizeof(uint64_t)) != 0) -+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); -+ -+ size_t words = size_bytes / sizeof(uint64_t); -+ -+ /* Note that we set output variables even on error. */ -+ -+ for (size_t i = 0; i + 1 < words; i += 2) -+ switch (auxv[i]) { -+ case AT_SECURE: -+ *at_secure = auxv[i + 1] != 0; -+ break; -+ case AT_UID: -+ *uid = auxv[i + 1]; -+ break; -+ case AT_EUID: -+ *euid = auxv[i + 1]; -+ break; -+ case AT_GID: -+ *gid = auxv[i + 1]; -+ break; -+ case AT_EGID: -+ *egid = auxv[i + 1]; -+ break; -+ case AT_NULL: -+ if (auxv[i + 1] != 0) -+ goto error; -+ return 0; -+ } -+ error: -+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), -+ "AT_NULL terminator not found, cannot parse auxv structure."); -+} -+ -+static int parse_auxv32( -+ const uint32_t *auxv, -+ size_t size_bytes, -+ int *at_secure, -+ uid_t *uid, -+ uid_t *euid, -+ gid_t *gid, -+ gid_t *egid) { -+ -+ assert(auxv || size_bytes == 0); -+ -+ size_t words = size_bytes / sizeof(uint32_t); -+ -+ if (size_bytes % (2 * sizeof(uint32_t)) != 0) -+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); -+ -+ /* Note that we set output variables even on error. */ -+ -+ for (size_t i = 0; i + 1 < words; i += 2) -+ switch (auxv[i]) { -+ case AT_SECURE: -+ *at_secure = auxv[i + 1] != 0; -+ break; -+ case AT_UID: -+ *uid = auxv[i + 1]; -+ break; -+ case AT_EUID: -+ *euid = auxv[i + 1]; -+ break; -+ case AT_GID: -+ *gid = auxv[i + 1]; -+ break; -+ case AT_EGID: -+ *egid = auxv[i + 1]; -+ break; -+ case AT_NULL: -+ if (auxv[i + 1] != 0) -+ goto error; -+ return 0; -+ } -+ error: -+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), -+ "AT_NULL terminator not found, cannot parse auxv structure."); -+} -+ -+static int grant_user_access(int core_fd, const Context *context) { -+ int at_secure = -1; -+ uid_t uid = UID_INVALID, euid = UID_INVALID; -+ uid_t gid = GID_INVALID, egid = GID_INVALID; -+ int r; -+ -+ assert(core_fd >= 0); -+ assert(context); -+ -+ if (!context->meta[META_PROC_AUXV]) -+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions."); -+ -+ uint8_t elf[EI_NIDENT]; -+ errno = 0; -+ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf)) -+ return log_warning_errno(errno_or_else(EIO), -+ "Failed to pread from coredump fd: %s", STRERROR_OR_EOF(errno)); -+ -+ if (elf[EI_MAG0] != ELFMAG0 || -+ elf[EI_MAG1] != ELFMAG1 || -+ elf[EI_MAG2] != ELFMAG2 || -+ elf[EI_MAG3] != ELFMAG3 || -+ elf[EI_VERSION] != EV_CURRENT) -+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "Core file does not have ELF header, not adjusting permissions."); -+ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) || -+ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB)) -+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "Core file has strange ELF class, not adjusting permissions."); -+ -+ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN)) -+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "Core file has non-native endianness, not adjusting permissions."); -+ -+ if (elf[EI_CLASS] == ELFCLASS64) -+ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV], -+ context->meta_size[META_PROC_AUXV], -+ &at_secure, &uid, &euid, &gid, &egid); -+ else -+ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV], -+ context->meta_size[META_PROC_AUXV], -+ &at_secure, &uid, &euid, &gid, &egid); -+ if (r < 0) -+ return r; -+ -+ /* We allow access if we got all the data and at_secure is not set and -+ * the uid/gid matches euid/egid. */ -+ bool ret = -+ at_secure == 0 && -+ uid != UID_INVALID && euid != UID_INVALID && uid == euid && -+ gid != GID_INVALID && egid != GID_INVALID && gid == egid; -+ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)", -+ ret ? "permit" : "restrict", -+ uid, euid, gid, egid, yes_no(at_secure)); -+ return ret; -+} -+ - static int save_external_coredump( - const Context *context, - int input_fd, -@@ -454,6 +609,8 @@ static int save_external_coredump( - context->meta[META_ARGV_PID], context->meta[META_COMM]); - truncated = r == 1; - -+ bool allow_user = grant_user_access(fd, context) > 0; -+ - #if HAVE_COMPRESSION - if (arg_compress) { - _cleanup_(unlink_and_freep) char *tmp_compressed = NULL; -@@ -491,7 +648,7 @@ static int save_external_coredump( - uncompressed_size += partial_uncompressed_size; - } - -- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); -+ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user); - if (r < 0) - return r; - -@@ -518,7 +675,7 @@ static int save_external_coredump( - "SIZE_LIMIT=%"PRIu64, max_size, - "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); - -- r = fix_permissions(fd, tmp, fn, context, uid); -+ r = fix_permissions(fd, tmp, fn, context, uid, allow_user); - if (r < 0) - return log_error_errno(r, "Failed to fix permissions and finalize coredump %s into %s: %m", coredump_tmpfile_name(tmp), fn); - -@@ -766,7 +923,7 @@ static int change_uid_gid(const Context *context) { - } - - static int submit_coredump( -- Context *context, -+ const Context *context, - struct iovec_wrapper *iovw, - int input_fd) { - -@@ -945,16 +1102,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { - struct iovec *iovec = iovw->iovec + n; - - for (size_t i = 0; i < ELEMENTSOF(meta_field_names); i++) { -- char *p; -- - /* Note that these strings are NUL terminated, because we made sure that a - * trailing NUL byte is in the buffer, though not included in the iov_len - * count (see process_socket() and gather_pid_metadata_*()) */ - assert(((char*) iovec->iov_base)[iovec->iov_len] == 0); - -- p = startswith(iovec->iov_base, meta_field_names[i]); -+ const char *p = startswith(iovec->iov_base, meta_field_names[i]); - if (p) { - context->meta[i] = p; -+ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]); - break; - } - } -@@ -1191,6 +1347,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { - uid_t owner_uid; - pid_t pid; - char *t; -+ size_t size; - const char *p; - int r; - -@@ -1255,13 +1412,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { - (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t); - - p = procfs_file_alloca(pid, "cgroup"); -- if (read_full_virtual_file(p, &t, NULL) >=0) -+ if (read_full_virtual_file(p, &t, NULL) >= 0) - (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t); - - p = procfs_file_alloca(pid, "mountinfo"); -- if (read_full_virtual_file(p, &t, NULL) >=0) -+ if (read_full_virtual_file(p, &t, NULL) >= 0) - (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t); - -+ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */ -+ p = procfs_file_alloca(pid, "auxv"); -+ if (read_full_virtual_file(p, &t, &size) >= 0) { -+ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1); -+ if (buf) { -+ /* Add a dummy terminator to make save_context() happy. */ -+ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0'; -+ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV=")); -+ } -+ -+ free(t); -+ } -+ - if (get_process_cwd(pid, &t) >= 0) - (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t); - --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch b/backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch deleted file mode 100644 index 5a1e5d29773e10c395a54af030f9f176d334c593..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 4c0acc0761aae0370e20e118b9db3b704e9045cd Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Thu, 25 Nov 2021 10:27:51 +0100 -Subject: [PATCH] test: Add TEST_RET macro - -This declares a test function whose return code will be passed from -main(). The first test that does not return EXIT_SUCCESS wins. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4c0acc0761aae0370e20e118b9db3b704e9045cd - ---- - src/shared/tests.h | 54 ++++++++++++++++++++++++++++++++-------------- - 1 file changed, 38 insertions(+), 16 deletions(-) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index 872b9b2d6c..d1c96ef35b 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -46,46 +46,68 @@ bool can_memlock(void); - const char *ci_environment(void); - - typedef struct TestFunc { -- void (*f)(void); -- const char * const n; -+ union f { -+ void (*void_func)(void); -+ int (*int_func)(void); -+ } f; -+ const char * const name; -+ bool has_ret; - } TestFunc; - - /* See static-destruct.h for an explanation of how this works. */ --#define REGISTER_TEST(func) \ -- static void func(void); \ -- _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ -- static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ -- .f = &(func), \ -- .n = STRINGIFY(func), \ -+#define REGISTER_TEST(func) \ -+ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ -+ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ -+ .f = (union f) &(func), \ -+ .name = STRINGIFY(func), \ -+ .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \ - } - - extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[]; - extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[]; - --#define TEST(name) \ -- REGISTER_TEST(test_##name); \ -+#define TEST(name) \ -+ static void test_##name(void); \ -+ REGISTER_TEST(test_##name); \ - static void test_##name(void) - --static inline void run_test_table(void) { -+#define TEST_RET(name) \ -+ static int test_##name(void); \ -+ REGISTER_TEST(test_##name); \ -+ static int test_##name(void) -+ -+static inline int run_test_table(void) { -+ int r = EXIT_SUCCESS; -+ - if (!__start_SYSTEMD_TEST_TABLE) -- return; -+ return r; - - const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); - while (t < __stop_SYSTEMD_TEST_TABLE) { -- log_info("/* %s */", t->n); -- t->f(); -+ log_info("/* %s */", t->name); -+ -+ if (t->has_ret) { -+ int r2 = t->f.int_func(); -+ if (r == EXIT_SUCCESS) -+ r = r2; -+ } else -+ t->f.void_func(); -+ - t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); - } -+ -+ return r; - } - - #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ - int main(int argc, char *argv[]) { \ -+ int _r = EXIT_SUCCESS; \ - test_setup_logging(log_level); \ - save_argc_argv(argc, argv); \ - intro; \ -- run_test_table(); \ -+ _r = run_test_table(); \ - outro; \ -- return EXIT_SUCCESS; \ -+ return _r; \ - } - - #define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch b/backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch deleted file mode 100644 index 147955022802a1d5347ba2a60843763dda31c68e..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 0578dfe3eb2ceb8571b62a904dec0ddf410f6352 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Thu, 25 Nov 2021 10:45:15 +0100 -Subject: [PATCH] test: Add sd_booted condition test to TEST macro - -Note that this will only report test skips if they use TEST_RET macro. -Regular TEST macros can still be skipped, but this will not be reported -back to main(); - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0578dfe3eb2ceb8571b62a904dec0ddf410f6352 - ---- - src/shared/tests.h | 43 ++++++++++++++++++++++++++----------------- - 1 file changed, 26 insertions(+), 17 deletions(-) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index d1c96ef35b..95283e2829 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -39,7 +39,7 @@ bool can_memlock(void); - if (sd_booted() > 0) { \ - x; \ - } else { \ -- printf("systemd not booted skipping '%s'\n", #x); \ -+ printf("systemd not booted, skipping '%s'\n", #x); \ - } - - /* Provide a convenient way to check if we're running in CI. */ -@@ -51,29 +51,31 @@ typedef struct TestFunc { - int (*int_func)(void); - } f; - const char * const name; -- bool has_ret; -+ bool has_ret:1; -+ bool sd_booted:1; - } TestFunc; - - /* See static-destruct.h for an explanation of how this works. */ --#define REGISTER_TEST(func) \ -+#define REGISTER_TEST(func, ...) \ - _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ - static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ - .f = (union f) &(func), \ - .name = STRINGIFY(func), \ - .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \ -+ ##__VA_ARGS__ \ - } - - extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[]; - extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[]; - --#define TEST(name) \ -- static void test_##name(void); \ -- REGISTER_TEST(test_##name); \ -+#define TEST(name, ...) \ -+ static void test_##name(void); \ -+ REGISTER_TEST(test_##name, ##__VA_ARGS__); \ - static void test_##name(void) - --#define TEST_RET(name) \ -- static int test_##name(void); \ -- REGISTER_TEST(test_##name); \ -+#define TEST_RET(name, ...) \ -+ static int test_##name(void); \ -+ REGISTER_TEST(test_##name, ##__VA_ARGS__); \ - static int test_##name(void) - - static inline int run_test_table(void) { -@@ -84,14 +86,21 @@ static inline int run_test_table(void) { - - const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); - while (t < __stop_SYSTEMD_TEST_TABLE) { -- log_info("/* %s */", t->name); -- -- if (t->has_ret) { -- int r2 = t->f.int_func(); -- if (r == EXIT_SUCCESS) -- r = r2; -- } else -- t->f.void_func(); -+ -+ if (t->sd_booted && sd_booted() <= 0) { -+ log_info("/* systemd not booted, skipping %s */", t->name); -+ if (t->has_ret && r == EXIT_SUCCESS) -+ r = EXIT_TEST_SKIP; -+ } else { -+ log_info("/* %s */", t->name); -+ -+ if (t->has_ret) { -+ int r2 = t->f.int_func(); -+ if (r == EXIT_SUCCESS) -+ r = r2; -+ } else -+ t->f.void_func(); -+ } - - t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); - } --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch b/backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch deleted file mode 100644 index e5af4bf1e590ef924164ca78c3b7e9c66848eb18..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 9cc615460830afdb51ad23e594906bbe60a3b25a Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Fri, 12 Nov 2021 10:54:44 +0100 -Subject: [PATCH] test: Create convenience macros to declare tests - -Conflict:Delete all contents in test-macro.c. -Reference:https://github.com/systemd/systemd/commit/9cc615460830afdb51ad23e594906bbe60a3b25a - ---- - src/shared/tests.h | 47 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 47 insertions(+) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index c1350763ad..f333ebd842 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -43,3 +43,50 @@ bool can_memlock(void); - - /* Provide a convenient way to check if we're running in CI. */ - const char *ci_environment(void); -+ -+typedef struct TestFunc { -+ void (*f)(void); -+ const char * const n; -+} TestFunc; -+ -+/* See static-destruct.h for an explanation of how this works. */ -+#define REGISTER_TEST(func) \ -+ static void func(void); \ -+ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ -+ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ -+ .f = &(func), \ -+ .n = STRINGIFY(func), \ -+ } -+ -+extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[]; -+extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[]; -+ -+#define TEST(name) \ -+ REGISTER_TEST(test_##name); \ -+ static void test_##name(void) -+ -+static inline void run_test_table(void) { -+ if (!__start_SYSTEMD_TEST_TABLE) -+ return; -+ -+ const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); -+ while (t < __stop_SYSTEMD_TEST_TABLE) { -+ log_info("/* %s */", t->n); -+ t->f(); -+ t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); -+ } -+} -+ -+#define DEFINE_TEST_MAIN \ -+ int main(int argc, char *argv[]) { \ -+ test_setup_logging(LOG_INFO); \ -+ run_test_table(); \ -+ return EXIT_SUCCESS; \ -+ } -+ -+#define DEFINE_CUSTOM_TEST_MAIN(impl) \ -+ int main(int argc, char *argv[]) { \ -+ test_setup_logging(LOG_INFO); \ -+ run_test_table(); \ -+ return impl(); \ -+ } --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch b/backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch deleted file mode 100644 index a32be710b9bc784051c06657e84435c11ab18329..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a40b728e1172cc07a09e12dd56089ab37c8c5924 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Tue, 23 Nov 2021 13:40:27 +0100 -Subject: [PATCH] test: Slightly rework DEFINE_TEST_MAIN macros - -- A lot of tests want a different log level -- Provides saved_argc/saved_argv to tests -- Separate intro/outro is more flexible - -Conflict:Delete content in test-macro.c. -Reference:https://github.com/systemd/systemd/commit/a40b728e1172cc07a09e12dd56089ab37c8c5924 - ---- - src/shared/tests.h | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index f333ebd842..872b9b2d6c 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -6,6 +6,7 @@ - #include "sd-daemon.h" - - #include "macro.h" -+#include "util.h" - - static inline bool manager_errno_skip_test(int r) { - return IN_SET(abs(r), -@@ -77,16 +78,14 @@ static inline void run_test_table(void) { - } - } - --#define DEFINE_TEST_MAIN \ -- int main(int argc, char *argv[]) { \ -- test_setup_logging(LOG_INFO); \ -- run_test_table(); \ -- return EXIT_SUCCESS; \ -+#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ -+ int main(int argc, char *argv[]) { \ -+ test_setup_logging(log_level); \ -+ save_argc_argv(argc, argv); \ -+ intro; \ -+ run_test_table(); \ -+ outro; \ -+ return EXIT_SUCCESS; \ - } - --#define DEFINE_CUSTOM_TEST_MAIN(impl) \ -- int main(int argc, char *argv[]) { \ -- test_setup_logging(LOG_INFO); \ -- run_test_table(); \ -- return impl(); \ -- } -+#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) --- -2.33.0 - diff --git a/backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch b/backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch deleted file mode 100644 index e1f7a7250a69aede7a0c1be8bcdb320f9c6028bd..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch +++ /dev/null @@ -1,105 +0,0 @@ -From f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 10 Oct 2022 21:19:43 +0200 -Subject: [PATCH] tree-wide: define and use STRERROR_OR_EOF() - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 - ---- - src/basic/errno-util.h | 5 +++++ - src/journal-remote/journal-gatewayd.c | 4 ++-- - src/libsystemd/sd-bus/test-bus-chat.c | 2 +- - src/login/logind-seat.c | 8 ++++---- - src/test/test-errno-util.c | 6 ++++++ - 5 files changed, 18 insertions(+), 7 deletions(-) - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index f0d24d95cb..1e2e5b9f15 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -16,6 +16,11 @@ - * Note that we use the GNU variant of strerror_r() here. */ - #define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) - -+/* A helper to print an error message or message for functions that return 0 on EOF. -+ * Note that we can't use ({ … }) to define a temporary variable, so errnum is -+ * evaluated twice. */ -+#define STRERROR_OR_EOF(errnum) ((errnum) != 0 ? STRERROR(errnum) : "Unexpected EOF") -+ - static inline void _reset_errno_(int *saved_errno) { - if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */ - return; -diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c -index 3e2a85ce29..34def4670e 100644 ---- a/src/journal-remote/journal-gatewayd.c -+++ b/src/journal-remote/journal-gatewayd.c -@@ -256,7 +256,7 @@ static ssize_t request_reader_entries( - errno = 0; - k = fread(buf, 1, n, m->tmp); - if (k != n) { -- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF"); -+ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno)); - return MHD_CONTENT_READER_END_WITH_ERROR; - } - -@@ -600,7 +600,7 @@ static ssize_t request_reader_fields( - errno = 0; - k = fread(buf, 1, n, m->tmp); - if (k != n) { -- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF"); -+ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno)); - return MHD_CONTENT_READER_END_WITH_ERROR; - } - -diff --git a/src/libsystemd/sd-bus/test-bus-chat.c b/src/libsystemd/sd-bus/test-bus-chat.c -index df6dd62151..93e8ebfb1b 100644 ---- a/src/libsystemd/sd-bus/test-bus-chat.c -+++ b/src/libsystemd/sd-bus/test-bus-chat.c -@@ -308,7 +308,7 @@ static void* client1(void *p) { - - errno = 0; - if (read(pp[0], &x, 1) <= 0) { -- log_error("Failed to read from pipe: %s", errno != 0 ? strerror_safe(errno) : "early read"); -+ log_error("Failed to read from pipe: %s", STRERROR_OR_EOF(errno)); - goto finish; - } - -diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c -index 43c72da11f..d8ad424bfe 100644 ---- a/src/login/logind-seat.c -+++ b/src/login/logind-seat.c -@@ -389,11 +389,11 @@ int seat_read_active_vt(Seat *s) { - if (lseek(s->manager->console_active_fd, SEEK_SET, 0) < 0) - return log_error_errno(errno, "lseek on console_active_fd failed: %m"); - -+ errno = 0; - k = read(s->manager->console_active_fd, t, sizeof(t)-1); -- if (k <= 0) { -- log_error("Failed to read current console: %s", k < 0 ? strerror_safe(errno) : "EOF"); -- return k < 0 ? -errno : -EIO; -- } -+ if (k <= 0) -+ return log_error_errno(errno ?: EIO, -+ "Failed to read current console: %s", STRERROR_OR_EOF(errno)); - - t[k] = 0; - truncate_nl(t); -diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c -index 284f451002..f858927c92 100644 ---- a/src/test/test-errno-util.c -+++ b/src/test/test-errno-util.c -@@ -41,4 +41,10 @@ TEST(STRERROR) { - assert_se(strstr(c, buf)); - } - -+TEST(STRERROR_OR_ELSE) { -+ log_info("STRERROR_OR_ELSE(0, \"EOF\") → %s", STRERROR_OR_EOF(0)); -+ log_info("STRERROR_OR_ELSE(EPERM, \"EOF\") → %s", STRERROR_OR_EOF(EPERM)); -+ log_info("STRERROR_OR_ELSE(-EPERM, \"EOF\") → %s", STRERROR_OR_EOF(-EPERM)); -+} -+ - DEFINE_TEST_MAIN(LOG_INFO); --- -2.33.0 - diff --git a/backport-Change-gendered-terms-to-be-gender-neutral-21325.patch b/backport-Change-gendered-terms-to-be-gender-neutral-21325.patch deleted file mode 100644 index 44c35d33859018130a98ddc82759adc3c9e2b6d6..0000000000000000000000000000000000000000 --- a/backport-Change-gendered-terms-to-be-gender-neutral-21325.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 3ba07929636e1a55c71767e40e23bf639b7a8db5 Mon Sep 17 00:00:00 2001 -From: Emily Gonyer -Date: Fri, 12 Nov 2021 10:09:56 -0500 -Subject: [PATCH] Change gendered terms to be gender-neutral (#21325) - -Some typos are also fixed. - -(cherry picked from commit be7148ebed5d73c4a76bc6089ebe2e82d8fa33e0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3ba07929636e1a55c71767e40e23bf639b7a8db5 ---- - docs/CODING_STYLE.md | 2 +- - docs/PREDICTABLE_INTERFACE_NAMES.md | 2 +- - man/sd_bus_add_object.xml | 2 +- - src/core/manager.h | 2 +- - src/hostname/hostnamectl.c | 2 +- - src/libsystemd/sd-bus/bus-socket.c | 4 ++-- - src/libsystemd/sd-bus/sd-bus.c | 2 +- - src/udev/dmi_memory_id/dmi_memory_id.c | 2 +- - 8 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md -index 54150e1ee7..05fbb2ac9e 100644 ---- a/docs/CODING_STYLE.md -+++ b/docs/CODING_STYLE.md -@@ -287,7 +287,7 @@ layout: default - with a more brutal `assert()`. We are more forgiving to public users than for - ourselves! Note that `assert()` and `assert_return()` really only should be - used for detecting programming errors, not for runtime errors. `assert()` and -- `assert_return()` by usage of `_likely_()` inform the compiler that he should -+ `assert_return()` by usage of `_likely_()` inform the compiler that it should - not expect these checks to fail, and they inform fellow programmers about the - expected validity and range of parameters. - -diff --git a/docs/PREDICTABLE_INTERFACE_NAMES.md b/docs/PREDICTABLE_INTERFACE_NAMES.md -index 07529e7a70..890bd3935c 100644 ---- a/docs/PREDICTABLE_INTERFACE_NAMES.md -+++ b/docs/PREDICTABLE_INTERFACE_NAMES.md -@@ -53,7 +53,7 @@ With this new scheme you now get: - * The same on all distributions that adopted systemd/udev - * It's easy to opt out of the scheme (see below) - --Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before he can invoke commands on it where previously he had a good chance that `eth0` was the right name. -+Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before they can invoke commands on it, where previously they had a good chance that `eth0` was the right name. - - - ## I don't like this, how do I disable this? -diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml -index 31a3344bbd..54683e4f11 100644 ---- a/man/sd_bus_add_object.xml -+++ b/man/sd_bus_add_object.xml -@@ -508,7 +508,7 @@ - - SD_BUS_VTABLE_METHOD_NO_REPLY - -- Mark his vtable entry as a method that will not return a reply using the -+ Mark this vtable entry as a method that will not return a reply using the - org.freedesktop.DBus.Method.NoReply annotation in introspection data. - - -diff --git a/src/core/manager.h b/src/core/manager.h -index b3e7c68e6d..14a80b396e 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -195,7 +195,7 @@ struct Manager { - - sd_event *event; - -- /* This maps PIDs we care about to units that are interested in. We allow multiple units to he interested in -+ /* This maps PIDs we care about to units that are interested in. We allow multiple units to be interested in - * the same PID and multiple PIDs to be relevant to the same unit. Since in most cases only a single unit will - * be interested in the same PID we use a somewhat special encoding here: the first unit interested in a PID is - * stored directly in the hashmap, keyed by the PID unmodified. If there are other units interested too they'll -diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c -index 283038c7cb..2eca5feaca 100644 ---- a/src/hostname/hostnamectl.c -+++ b/src/hostname/hostnamectl.c -@@ -442,7 +442,7 @@ static int set_hostname(int argc, char **argv, void *userdata) { - * dot if there is one. If it was not valid, then it will be made fully valid by truncating, dropping - * multiple dots, and dropping weird chars. Note that we clean the name up only if we also are - * supposed to set the pretty name. If the pretty name is not being set we assume the user knows what -- * he does and pass the name as-is. */ -+ * they are doing and pass the name as-is. */ - h = strdup(hostname); - if (!h) - return log_oom(); -diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c -index 378774fe8b..09eb49c37f 100644 ---- a/src/libsystemd/sd-bus/bus-socket.c -+++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -300,8 +300,8 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) { - uid_t u; - int r; - -- /* We don't do any real authentication here. Instead, we if -- * the owner of this bus wanted authentication he should have -+ /* We don't do any real authentication here. Instead, if -+ * the owner of this bus wanted authentication they should have - * checked SO_PEERCRED before even creating the bus object. */ - - if (!b->anonymous_auth && !b->ucred_valid) -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 79c24fe703..ab8d4e4a60 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -3274,7 +3274,7 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) { - return e; - - if (need_more) -- /* The caller really needs some more data, he doesn't -+ /* The caller really needs some more data, they don't - * care about what's already read, or any timeouts - * except its own. */ - e |= POLLIN; -diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c -index 64eba0d314..00e46f8b9e 100644 ---- a/src/udev/dmi_memory_id/dmi_memory_id.c -+++ b/src/udev/dmi_memory_id/dmi_memory_id.c -@@ -539,7 +539,7 @@ static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) { - - /* If a short entry is found (less than 4 bytes), not only it - * is invalid, but we cannot reliably locate the next entry. -- * Better stop at this point, and let the user know his/her -+ * Better stop at this point, and let the user know their - * table is broken. */ - if (h.length < 4) - break; --- -2.33.0 - diff --git a/backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch b/backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch deleted file mode 100644 index a1e417600d9e789d2e59a206ef51a3f6a0f93690..0000000000000000000000000000000000000000 --- a/backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 00e7f0994a39852ab1adabfb7e19ff2634e916a0 Mon Sep 17 00:00:00 2001 -From: Milo Turner -Date: Fri, 13 Aug 2021 10:28:58 -0400 -Subject: [PATCH] Don't open /var journals in volatile mode when - runtime_journal==NULL - -(cherry picked from commit d64441b669932ab97fbbfc71cb143045f690039e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00e7f0994a39852ab1adabfb7e19ff2634e916a0 ---- - src/journal/journald-server.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 30f04f5383..a0695ec519 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -415,6 +415,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) { - if (s->runtime_journal) - return s->runtime_journal; - -+ /* If we are not in persistent mode, then we need return NULL immediately rather than opening a -+ * persistent journal of any sort. -+ * -+ * Fixes https://github.com/systemd/systemd/issues/20390 */ -+ if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT)) -+ return NULL; -+ - if (uid_for_system_journal(uid)) - return s->system_journal; - --- -2.33.0 - diff --git a/backport-Drop-bundled-copy-of-linux-if_arp.h.patch b/backport-Drop-bundled-copy-of-linux-if_arp.h.patch deleted file mode 100644 index 6453c1045c5775d2d3784e4e49b3f228399ffec8..0000000000000000000000000000000000000000 --- a/backport-Drop-bundled-copy-of-linux-if_arp.h.patch +++ /dev/null @@ -1,227 +0,0 @@ -From f27585b58a308454bf3409a77c8b1dd12fc64816 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 15 Sep 2021 16:33:05 +0200 -Subject: [PATCH] Drop bundled copy of linux/if_arp.h -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As far as I can see, we use this to get a list of ARPHRD_* defines (used in -particular for Type= in .link files). If we drop our copy, and build against -old kernel headers, the user will have a shorter list of types available. This -seems OK, and I don't think it's worth carrying our own version of this file -just to have newest possible entries. - -7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd -have to update it every time the kernel adds new entries. But if we look at -the failure carefully: - -src/basic/arphrd-from-name.gperf:65:16: error: ‘ARPHRD_MCTP’ undeclared (first use in this function); did you mean ‘ARPHRD_FCPP’? - 65 | MCTP, ARPHRD_MCTP - | ^~ - | ARPHRD_FCPP - -we see that the list we were generating was from the system headers, so it was -only as good as the system headers anyway, without the newer entries in our -bundled copy, if there were any. So let's make things simpler by always using -system headers. - -And if somebody wants to fix things so that we always have the newest list, -then we should just generate and store the converted list, not the full header. - -(cherry picked from commit e7f46ee3ae1cc66a94b293957721d68dc09d7449) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f27585b58a308454bf3409a77c8b1dd12fc64816 ---- - src/basic/linux/if_arp.h | 165 --------------------------------------- - src/basic/meson.build | 1 - - 2 files changed, 166 deletions(-) - delete mode 100644 src/basic/linux/if_arp.h - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -deleted file mode 100644 -index 4783af9fe5..0000000000 ---- a/src/basic/linux/if_arp.h -+++ /dev/null -@@ -1,165 +0,0 @@ --/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ --/* -- * INET An implementation of the TCP/IP protocol suite for the LINUX -- * operating system. INET is implemented using the BSD Socket -- * interface as the means of communication with the user level. -- * -- * Global definitions for the ARP (RFC 826) protocol. -- * -- * Version: @(#)if_arp.h 1.0.1 04/16/93 -- * -- * Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988 -- * Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source. -- * Ross Biro -- * Fred N. van Kempen, -- * Florian La Roche, -- * Jonathan Layes -- * Arnaldo Carvalho de Melo ARPHRD_HWX25 -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of the GNU General Public License -- * as published by the Free Software Foundation; either version -- * 2 of the License, or (at your option) any later version. -- */ --#ifndef _UAPI_LINUX_IF_ARP_H --#define _UAPI_LINUX_IF_ARP_H -- --#include -- --/* ARP protocol HARDWARE identifiers. */ --#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */ --#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */ --#define ARPHRD_EETHER 2 /* Experimental Ethernet */ --#define ARPHRD_AX25 3 /* AX.25 Level 2 */ --#define ARPHRD_PRONET 4 /* PROnet token ring */ --#define ARPHRD_CHAOS 5 /* Chaosnet */ --#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */ --#define ARPHRD_ARCNET 7 /* ARCnet */ --#define ARPHRD_APPLETLK 8 /* APPLEtalk */ --#define ARPHRD_DLCI 15 /* Frame Relay DLCI */ --#define ARPHRD_ATM 19 /* ATM */ --#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */ --#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */ --#define ARPHRD_EUI64 27 /* EUI-64 */ --#define ARPHRD_INFINIBAND 32 /* InfiniBand */ -- --/* Dummy types for non ARP hardware */ --#define ARPHRD_SLIP 256 --#define ARPHRD_CSLIP 257 --#define ARPHRD_SLIP6 258 --#define ARPHRD_CSLIP6 259 --#define ARPHRD_RSRVD 260 /* Notional KISS type */ --#define ARPHRD_ADAPT 264 --#define ARPHRD_ROSE 270 --#define ARPHRD_X25 271 /* CCITT X.25 */ --#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ --#define ARPHRD_CAN 280 /* Controller Area Network */ --#define ARPHRD_MCTP 290 --#define ARPHRD_PPP 512 --#define ARPHRD_CISCO 513 /* Cisco HDLC */ --#define ARPHRD_HDLC ARPHRD_CISCO --#define ARPHRD_LAPB 516 /* LAPB */ --#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */ --#define ARPHRD_RAWHDLC 518 /* Raw HDLC */ --#define ARPHRD_RAWIP 519 /* Raw IP */ -- --#define ARPHRD_TUNNEL 768 /* IPIP tunnel */ --#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */ --#define ARPHRD_FRAD 770 /* Frame Relay Access Device */ --#define ARPHRD_SKIP 771 /* SKIP vif */ --#define ARPHRD_LOOPBACK 772 /* Loopback device */ --#define ARPHRD_LOCALTLK 773 /* Localtalk device */ --#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */ --#define ARPHRD_BIF 775 /* AP1000 BIF */ --#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */ --#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */ --#define ARPHRD_IPGRE 778 /* GRE over IP */ --#define ARPHRD_PIMREG 779 /* PIMSM register interface */ --#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */ --#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */ --#define ARPHRD_ECONET 782 /* Acorn Econet */ --#define ARPHRD_IRDA 783 /* Linux-IrDA */ --/* ARP works differently on different FC media .. so */ --#define ARPHRD_FCPP 784 /* Point to point fibrechannel */ --#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */ --#define ARPHRD_FCPL 786 /* Fibrechannel public loop */ --#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */ -- /* 787->799 reserved for fibrechannel media types */ --#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */ --#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */ --#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */ --#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */ --#define ARPHRD_IEEE802154 804 --#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */ -- --#define ARPHRD_PHONET 820 /* PhoNet media type */ --#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */ --#define ARPHRD_CAIF 822 /* CAIF media type */ --#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */ --#define ARPHRD_NETLINK 824 /* Netlink header */ --#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */ --#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */ -- --#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */ --#define ARPHRD_NONE 0xFFFE /* zero header length */ -- --/* ARP protocol opcodes. */ --#define ARPOP_REQUEST 1 /* ARP request */ --#define ARPOP_REPLY 2 /* ARP reply */ --#define ARPOP_RREQUEST 3 /* RARP request */ --#define ARPOP_RREPLY 4 /* RARP reply */ --#define ARPOP_InREQUEST 8 /* InARP request */ --#define ARPOP_InREPLY 9 /* InARP reply */ --#define ARPOP_NAK 10 /* (ATM)ARP NAK */ -- -- --/* ARP ioctl request. */ --struct arpreq { -- struct sockaddr arp_pa; /* protocol address */ -- struct sockaddr arp_ha; /* hardware address */ -- int arp_flags; /* flags */ -- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ -- char arp_dev[IFNAMSIZ]; --}; -- --struct arpreq_old { -- struct sockaddr arp_pa; /* protocol address */ -- struct sockaddr arp_ha; /* hardware address */ -- int arp_flags; /* flags */ -- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ --}; -- --/* ARP Flag values. */ --#define ATF_COM 0x02 /* completed entry (ha valid) */ --#define ATF_PERM 0x04 /* permanent entry */ --#define ATF_PUBL 0x08 /* publish entry */ --#define ATF_USETRAILERS 0x10 /* has requested trailers */ --#define ATF_NETMASK 0x20 /* want to use a netmask (only -- for proxy entries) */ --#define ATF_DONTPUB 0x40 /* don't answer this addresses */ -- --/* -- * This structure defines an ethernet arp header. -- */ -- --struct arphdr { -- __be16 ar_hrd; /* format of hardware address */ -- __be16 ar_pro; /* format of protocol address */ -- unsigned char ar_hln; /* length of hardware address */ -- unsigned char ar_pln; /* length of protocol address */ -- __be16 ar_op; /* ARP opcode (command) */ -- --#if 0 -- /* -- * Ethernet looks like this : This bit is variable sized however... -- */ -- unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ -- unsigned char ar_sip[4]; /* sender IP address */ -- unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ -- unsigned char ar_tip[4]; /* target IP address */ --#endif -- --}; -- -- --#endif /* _UAPI_LINUX_IF_ARP_H */ -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 9b016ce5e8..452b965db3 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -88,7 +88,6 @@ basic_sources = files(''' - linux/hdlc/ioctl.h - linux/if.h - linux/if_addr.h -- linux/if_arp.h - linux/if_bonding.h - linux/if_bridge.h - linux/if_ether.h --- -2.33.0 - diff --git a/backport-Fix-another-crash-due-to-missing-NHDR.patch b/backport-Fix-another-crash-due-to-missing-NHDR.patch deleted file mode 100644 index 6d8be876b0ad5b92dad8d91685528b163e1a3380..0000000000000000000000000000000000000000 --- a/backport-Fix-another-crash-due-to-missing-NHDR.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 60630b5e812ce103e9625bcc87778165374a455e Mon Sep 17 00:00:00 2001 -From: Kevin Orr -Date: Thu, 26 Aug 2021 17:04:53 -0400 -Subject: [PATCH] Fix another crash due to missing NHDR - -(cherry picked from commit a3a5446b7675696f43c2d8a2a0b898d72228a53d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/60630b5e812ce103e9625bcc87778165374a455e ---- - src/coredump/stacktrace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c -index e46b324cdf..f855a370ff 100644 ---- a/src/coredump/stacktrace.c -+++ b/src/coredump/stacktrace.c -@@ -299,6 +299,8 @@ static int module_callback(Dwfl_Module *mod, void **userdata, const char *name, - program_header->p_offset, - program_header->p_filesz, - ELF_T_NHDR); -+ if (!data) -+ continue; - - Elf *memelf = elf_memory(data->d_buf, data->d_size); - if (!memelf) --- -2.33.0 - diff --git a/backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch b/backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch deleted file mode 100644 index dd74d47087cb30ee4f6217892d117acadaa6a450..0000000000000000000000000000000000000000 --- a/backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d3dfc9afa2297e2e15019adf974da8fb0ab7270c Mon Sep 17 00:00:00 2001 -From: Marcus Harrison -Date: Wed, 15 Sep 2021 03:55:07 +0200 -Subject: [PATCH] Fix error building repart with no libcryptsetup (#20739) - -(cherry picked from commit 2709d02906dd3ab5ecc2b3e19e2846b1714a7e5a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d3dfc9afa2297e2e15019adf974da8fb0ab7270c ---- - src/partition/repart.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 589acaa49d..851c68cc4b 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -206,7 +206,12 @@ static const char *encrypt_mode_table[_ENCRYPT_MODE_MAX] = { - [ENCRYPT_KEY_FILE_TPM2] = "key-file+tpm2", - }; - -+#if HAVE_LIBCRYPTSETUP - DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE); -+#else -+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE); -+#endif -+ - - static uint64_t round_down_size(uint64_t v, uint64_t p) { - return (v / p) * p; --- -2.33.0 - diff --git a/backport-Fix-the-Failed-to-open-random-seed-.-message.patch b/backport-Fix-the-Failed-to-open-random-seed-.-message.patch deleted file mode 100644 index 7aca3b691ca5e6f128fadea917d492dbb2b575d9..0000000000000000000000000000000000000000 --- a/backport-Fix-the-Failed-to-open-random-seed-.-message.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c1b4ee2e0fd28a0c802a3694107613e1689d1c96 Mon Sep 17 00:00:00 2001 -From: longpanda <59477474+ventoy@users.noreply.github.com> -Date: Thu, 5 Aug 2021 09:31:44 +0800 -Subject: [PATCH] Fix the "Failed to open random seed ..." message. - -When boot ArchLinux from Ventoy, it always print `Failed to open random seed file: write protected.` -As Ventoy emulate the ISO file as a read-only CDROM, I didn't test with a real physical CDROM drive, but maybe it also has such problem. -As we use `EFI_FILE_MODE_WRITE` to open the `loader\random-seed` file, so I think it's better to check the result with both `EFI_WRITE_PROTECTED` and `EFI_NOT_FOUND`. - -(cherry picked from commit 2846007ecfb1fc84005b942167d394294c707d7b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c1b4ee2e0fd28a0c802a3694107613e1689d1c96 ---- - src/boot/efi/random-seed.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c -index ff364695f3..3e179851b0 100644 ---- a/src/boot/efi/random-seed.c -+++ b/src/boot/efi/random-seed.c -@@ -245,7 +245,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - - err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, (CHAR16*) L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL); - if (EFI_ERROR(err)) { -- if (err != EFI_NOT_FOUND) -+ if (err != EFI_NOT_FOUND && err != EFI_WRITE_PROTECTED) - Print(L"Failed to open random seed file: %r\n", err); - return err; - } --- -2.33.0 - diff --git a/backport-Get-rid-of-dangling-setutxent.patch b/backport-Get-rid-of-dangling-setutxent.patch deleted file mode 100644 index cb35353dbfcb4d0092bc5789f153180ded17079e..0000000000000000000000000000000000000000 --- a/backport-Get-rid-of-dangling-setutxent.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 540389a690b1d6cb00620d8ad6f54077a90e15f8 Mon Sep 17 00:00:00 2001 -From: MertsA -Date: Tue, 10 Aug 2021 20:54:50 -0700 -Subject: [PATCH] Get rid of dangling setutxent() - -utmp_wall() and utmp_put_dead_process() called setutxent() directly instead of the stub in utmp-wtmp.h and never called endutxent(). This would leave /run/utmp left open by PID 1 or journald. This can be reproduced by e.g. lsof /run/utmp and systemd-cat -p 0 echo test. For utmp_put_dead_process() it would only leave it open if it returned early before calling write_utmp_wtmp() - -(cherry picked from commit bbd239f67a683fe63ee3698896fa503ff25031ed) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/540389a690b1d6cb00620d8ad6f54077a90e15f8 ---- - src/shared/utmp-wtmp.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c -index 3eeee24693..784aad2943 100644 ---- a/src/shared/utmp-wtmp.c -+++ b/src/shared/utmp-wtmp.c -@@ -215,13 +215,14 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line - } - - int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) { -+ _cleanup_(utxent_cleanup) bool utmpx = false; - struct utmpx lookup = { - .ut_type = INIT_PROCESS /* looks for DEAD_PROCESS, LOGIN_PROCESS, USER_PROCESS, too */ - }, store, store_wtmp, *found; - - assert(id); - -- setutxent(); -+ utmpx = utxent_start(); - - /* Copy the whole string if it fits, or just the suffix without the terminating NUL. */ - copy_suffix(store.ut_id, sizeof(store.ut_id), id); -@@ -339,6 +340,7 @@ int utmp_wall( - bool (*match_tty)(const char *tty, void *userdata), - void *userdata) { - -+ _cleanup_(utxent_cleanup) bool utmpx = false; - _cleanup_free_ char *text = NULL, *hn = NULL, *un = NULL, *stdin_tty = NULL; - char date[FORMAT_TIMESTAMP_MAX]; - struct utmpx *u; -@@ -368,7 +370,7 @@ int utmp_wall( - message) < 0) - return -ENOMEM; - -- setutxent(); -+ utmpx = utxent_start(); - - r = 0; - --- -2.33.0 - diff --git a/backport-Respect-install_sysconfdir.patch b/backport-Respect-install_sysconfdir.patch deleted file mode 100644 index c228b0fb932ec1a3693024355cf7cfdb0559de1b..0000000000000000000000000000000000000000 --- a/backport-Respect-install_sysconfdir.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0062322638aa36df8190326a6afd38780fb7a271 Mon Sep 17 00:00:00 2001 -From: Kai Wohlfahrt -Date: Tue, 14 Sep 2021 00:32:52 +0100 -Subject: [PATCH] Respect install_sysconfdir - -This was lost e11a25cadbe and c900d89faa0 while adding jinja2 -templating. Breaks builds on NixOS. - -(cherry picked from commit 679de141122ca30388bba6d132f8c0dddcdddd15) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0062322638aa36df8190326a6afd38780fb7a271 ---- - src/core/meson.build | 2 +- - src/login/meson.build | 8 +++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index c66538eab1..367c085027 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -193,7 +193,7 @@ foreach item : in_files - output: file, - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, -- install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'), -+ install : (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no'), - install_dir : dir) - endforeach - -diff --git a/src/login/meson.build b/src/login/meson.build -index b637adc9a2..da704d238f 100644 ---- a/src/login/meson.build -+++ b/src/login/meson.build -@@ -71,18 +71,20 @@ in_files = [ - ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], - ['71-seat.rules', udevrulesdir, enable_logind], - ['73-seat-late.rules', udevrulesdir, enable_logind], -- ['systemd-user', pamconfdir, enable_logind and pamconfdir != 'no']] -+ ['systemd-user', pamconfdir, enable_logind]] - - foreach tuple : in_files - file = tuple[0] -+ dir = tuple[1] -+ install = (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no') - custom_target( - file, - input : file + '.in', - output: file, - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, -- install : tuple[2], -- install_dir : tuple[1]) -+ install : tuple[2] and install, -+ install_dir : dir) - endforeach - - if enable_logind --- -2.33.0 - diff --git a/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch b/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch deleted file mode 100644 index 0196b2ee0a5855442f26805538d3fe7fc70e9b8e..0000000000000000000000000000000000000000 --- a/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c3fa408dcc03bb6dbd11f180540fb9e684893c39 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 16 Oct 2022 21:52:43 +0200 -Subject: [PATCH] TEST-15: add one more test for drop-in precedence - ---- - test/units/testsuite-15.sh | 36 ++++++++++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - -diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh -index ed6d5f838d..079c8b290e 100755 ---- a/test/units/testsuite-15.sh -+++ b/test/units/testsuite-15.sh -@@ -282,6 +282,41 @@ MemoryMax=1000000001 - clear_services a-b-c.slice - } - -+test_transient_service_dropins () { -+ echo "Testing dropins for a transient service..." -+ echo "*** test transient service drop-ins" -+ -+ mkdir -p /etc/systemd/system/service.d -+ mkdir -p /etc/systemd/system/a-.service.d -+ mkdir -p /etc/systemd/system/a-b-.service.d -+ mkdir -p /etc/systemd/system/a-b-c.service.d -+ -+ echo -e '[Service]\nStandardInputText=aaa' >/etc/systemd/system/service.d/drop1.conf -+ echo -e '[Service]\nStandardInputText=bbb' >/etc/systemd/system/a-.service.d/drop2.conf -+ echo -e '[Service]\nStandardInputText=ccc' >/etc/systemd/system/a-b-.service.d/drop3.conf -+ echo -e '[Service]\nStandardInputText=ddd' >/etc/systemd/system/a-b-c.service.d/drop4.conf -+ -+ # There's no fragment yet, so this fails -+ systemctl cat a-b-c.service && exit 1 -+ -+ # xxx → eHh4Cg== -+ systemd-run -u a-b-c.service -p StandardInputData=eHh4Cg== sleep infinity -+ -+ data=$(systemctl show -P StandardInputData a-b-c.service) -+ # xxx\naaa\n\bbb\nccc\nddd\n → eHh4… -+ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo=" -+ -+ # Do a reload and check again -+ systemctl daemon-reload -+ data=$(systemctl show -P StandardInputData a-b-c.service) -+ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo=" -+ -+ clear_services a-b-c.service -+ rm /etc/systemd/system/service.d/drop1.conf \ -+ /etc/systemd/system/a-.service.d/drop2.conf \ -+ /etc/systemd/system/a-b-.service.d/drop3.conf -+} -+ - test_template_dropins () { - echo "Testing template dropins..." - -@@ -621,6 +656,7 @@ test_linked_units - test_template_alias - test_hierarchical_service_dropins - test_hierarchical_slice_dropins -+test_transient_service_dropins - test_template_dropins - test_alias_dropins - test_masked_dropins --- -2.33.0 - diff --git a/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch b/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch deleted file mode 100644 index e2653396ab700c633fd6b91f1020daa3a580f987..0000000000000000000000000000000000000000 --- a/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 6854434cfb5dda10c07d95835c38b75e5e71c2b5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 16 Oct 2022 14:02:45 +0200 -Subject: [PATCH] TEST-15: add test for transient units with drop-ins - -We want to test four things: -- that the transient units are successfully started when drop-ins exist -- that the transient setings override the defaults -- the drop-ins override the transient settings (the same as for a normal unit) -- that things are the same before and after a reload - -To make things more fun, we start and stop units in two different ways: via -systemctl and via a direct busctl invocation. This gives us a bit more coverage -of different code paths. ---- - test/units/testsuite-15.sh | 62 ++++++++++++++++++++++++++++++++++---- - 1 file changed, 56 insertions(+), 6 deletions(-) - -diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh -index 8b44d76982..ed6d5f838d 100755 ---- a/test/units/testsuite-15.sh -+++ b/test/units/testsuite-15.sh -@@ -181,19 +181,40 @@ test_hierarchical_service_dropins () { - echo "Testing hierarchical service dropins..." - echo "*** test service.d/ top level drop-in" - create_services a-b-c -- check_ko a-b-c ExecCondition "/bin/echo service.d" -- check_ko a-b-c ExecCondition "/bin/echo a-.service.d" -- check_ko a-b-c ExecCondition "/bin/echo a-b-.service.d" -- check_ko a-b-c ExecCondition "/bin/echo a-b-c.service.d" -+ check_ko a-b-c ExecCondition "echo service.d" -+ check_ko a-b-c ExecCondition "echo a-.service.d" -+ check_ko a-b-c ExecCondition "echo a-b-.service.d" -+ check_ko a-b-c ExecCondition "echo a-b-c.service.d" - - for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do - mkdir -p /usr/lib/systemd/system/$dropin - echo " - [Service] --ExecCondition=/bin/echo $dropin -+ExecCondition=echo $dropin - " >/usr/lib/systemd/system/$dropin/override.conf - systemctl daemon-reload -- check_ok a-b-c ExecCondition "/bin/echo $dropin" -+ check_ok a-b-c ExecCondition "echo $dropin" -+ -+ # Check that we can start a transient service in presence of the drop-ins -+ systemd-run -u a-b-c2.service -p Description='sleepy' sleep infinity -+ -+ # The transient setting replaces the default -+ check_ok a-b-c2.service Description "sleepy" -+ -+ # The override takes precedence for ExecCondition -+ # (except the last iteration when it only applies to the other service) -+ if [ "$dropin" != "a-b-c.service.d" ]; then -+ check_ok a-b-c2.service ExecCondition "echo $dropin" -+ fi -+ -+ # Check that things are the same after a reload -+ systemctl daemon-reload -+ check_ok a-b-c2.service Description "sleepy" -+ if [ "$dropin" != "a-b-c.service.d" ]; then -+ check_ok a-b-c2.service ExecCondition "echo $dropin" -+ fi -+ -+ systemctl stop a-b-c2.service - done - for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do - rm -rf /usr/lib/systemd/system/$dropin -@@ -218,6 +239,35 @@ MemoryMax=1000000000 - " >/usr/lib/systemd/system/$dropin/override.conf - systemctl daemon-reload - check_ok a-b-c.slice MemoryMax "1000000000" -+ -+ busctl call \ -+ org.freedesktop.systemd1 \ -+ /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager \ -+ StartTransientUnit 'ssa(sv)a(sa(sv))' \ -+ 'a-b-c.slice' 'replace' \ -+ 2 \ -+ 'Description' s 'slice too' \ -+ 'MemoryMax' t 1000000002 \ -+ 0 -+ -+ # The override takes precedence for MemoryMax -+ check_ok a-b-c.slice MemoryMax "1000000000" -+ # The transient setting replaces the default -+ check_ok a-b-c.slice Description "slice too" -+ -+ # Check that things are the same after a reload -+ systemctl daemon-reload -+ check_ok a-b-c.slice MemoryMax "1000000000" -+ check_ok a-b-c.slice Description "slice too" -+ -+ busctl call \ -+ org.freedesktop.systemd1 \ -+ /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager \ -+ StopUnit 'ss' \ -+ 'a-b-c.slice' 'replace' -+ - rm /usr/lib/systemd/system/$dropin/override.conf - done - --- -2.33.0 - diff --git a/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch b/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch deleted file mode 100644 index a4cab7905a84d2f1e5840cff4e55e39fa23d97b1..0000000000000000000000000000000000000000 --- a/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch +++ /dev/null @@ -1,78 +0,0 @@ -From f80c874af376052b6b81f47cbbc43d7fecd98cd6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 16 Oct 2022 12:54:34 +0200 -Subject: [PATCH] TEST-15: also test hierarchical drop-ins for slices - -Slices are worth testing too, because they don't need a fragment path so they -behave slightly differently than service units. I'm making this a separate -patch from the actual tests that I wanted to add later because it's complex -enough on its own. ---- - test/units/testsuite-15.sh | 37 ++++++++++++++++++++++++++++++++++--- - 1 file changed, 34 insertions(+), 3 deletions(-) - -diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh -index c3784e2..8bae64d 100755 ---- a/test/units/testsuite-15.sh -+++ b/test/units/testsuite-15.sh -@@ -174,8 +174,8 @@ test_template_alias() { - clear_services test15-a@ test15-b@ - } - --test_hierarchical_dropins () { -- echo "Testing hierarchical dropins..." -+test_hierarchical_service_dropins () { -+ echo "Testing hierarchical service dropins..." - echo "*** test service.d/ top level drop-in" - create_services a-b-c - check_ko a-b-c ExecCondition "/bin/echo service.d" -@@ -199,6 +199,36 @@ ExecCondition=/bin/echo $dropin - clear_services a-b-c - } - -+test_hierarchical_slice_dropins () { -+ echo "Testing hierarchical slice dropins..." -+ echo "*** test slice.d/ top level drop-in" -+ # Slice units don't even need a fragment, so we test the defaults here -+ check_ok a-b-c.slice Description "Slice /a/b/c" -+ check_ok a-b-c.slice MemoryMax "infinity" -+ -+ # Test drop-ins -+ for dropin in slice.d a-.slice.d a-b-.slice.d a-b-c.slice.d; do -+ mkdir -p /usr/lib/systemd/system/$dropin -+ echo " -+[Slice] -+MemoryMax=1000000000 -+ " >/usr/lib/systemd/system/$dropin/override.conf -+ systemctl daemon-reload -+ check_ok a-b-c.slice MemoryMax "1000000000" -+ rm /usr/lib/systemd/system/$dropin/override.conf -+ done -+ -+ # Test unit with a fragment -+ echo " -+[Slice] -+MemoryMax=1000000001 -+ " >/usr/lib/systemd/system/a-b-c.slice -+ systemctl daemon-reload -+ check_ok a-b-c.slice MemoryMax "1000000001" -+ -+ clear_services a-b-c.slice -+} -+ - test_template_dropins () { - echo "Testing template dropins..." - -@@ -517,7 +547,8 @@ test_invalid_dropins () { - test_basic_dropins - test_linked_units - test_template_alias --test_hierarchical_dropins -+test_hierarchical_service_dropins -+test_hierarchical_slice_dropins - test_template_dropins - test_alias_dropins - test_masked_dropins --- -2.33.0 - diff --git a/backport-Use-correct-fcntl.h-include.patch b/backport-Use-correct-fcntl.h-include.patch deleted file mode 100644 index 87940c4ac76f3454ecc0228727d5c821a659707d..0000000000000000000000000000000000000000 --- a/backport-Use-correct-fcntl.h-include.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3450d8dc8ddb582816c6c481b6a9b7378706ab3b Mon Sep 17 00:00:00 2001 -From: David Seifert -Date: Mon, 2 Aug 2021 12:41:38 +0200 -Subject: [PATCH] Use correct `` include - -* `` is not specified in POSIX - -(cherry picked from commit f8d54f7810aeea5ff27a5db03e1aab7ea54c8268) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3450d8dc8ddb582816c6c481b6a9b7378706ab3b ---- - src/basic/fileio.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index c28b17fef5..9bd2037f5b 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -2,11 +2,11 @@ - #pragma once - - #include -+#include - #include - #include - #include - #include --#include - #include - - #include "macro.h" --- -2.33.0 - diff --git a/backport-Use-correct-poll.h-include.patch b/backport-Use-correct-poll.h-include.patch deleted file mode 100644 index 6013564c3ea549c392e63821c55894974a0d12a7..0000000000000000000000000000000000000000 --- a/backport-Use-correct-poll.h-include.patch +++ /dev/null @@ -1,43 +0,0 @@ -From fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 Mon Sep 17 00:00:00 2001 -From: David Seifert -Date: Mon, 2 Aug 2021 16:09:10 +0200 -Subject: [PATCH] Use correct `` include - -* `` is not specified in POSIX - -(cherry picked from commit 2b6c0bb2a341c95223ce672249e43c743b03d78c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 ---- - src/shared/nscd-flush.c | 2 +- - src/shared/varlink.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/nscd-flush.c b/src/shared/nscd-flush.c -index dfc47c4234..19e16d9345 100644 ---- a/src/shared/nscd-flush.c -+++ b/src/shared/nscd-flush.c -@@ -1,5 +1,5 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ --#include -+#include - - #include "fd-util.h" - #include "io-util.h" -diff --git a/src/shared/varlink.c b/src/shared/varlink.c -index 6b0b343ae9..8da568e208 100644 ---- a/src/shared/varlink.c -+++ b/src/shared/varlink.c -@@ -1,7 +1,7 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include --#include -+#include - - #include "alloc-util.h" - #include "errno-util.h" --- -2.33.0 - diff --git a/backport-analyze-add-forgotten-return-statement.patch b/backport-analyze-add-forgotten-return-statement.patch deleted file mode 100644 index c0c95b202057edf53fa5dc3cb3d72b4aeddb8bc0..0000000000000000000000000000000000000000 --- a/backport-analyze-add-forgotten-return-statement.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 53fd101c2144cb104d34aea8e68c7c24443107bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Oct 2022 15:52:33 +0200 -Subject: [PATCH] analyze: add forgotten return statement - -We would fail with an assert in sd_bus_message_enter_container() afterwards. - -(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5) -(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc) -(cherry picked from commit 1316666e98accf6b8ab8cb0fb5ef73d275049a34) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/53fd101c2144cb104d34aea8e68c7c24443107bd ---- - src/analyze/analyze.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c -index 62c0ccbdfe..6452d23331 100644 ---- a/src/analyze/analyze.c -+++ b/src/analyze/analyze.c -@@ -1274,7 +1274,7 @@ static int dot(int argc, char *argv[], void *userdata) { - - r = bus_call_method(bus, bus_systemd_mgr, "ListUnits", &error, &reply, NULL); - if (r < 0) -- log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); -+ return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); - - r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)"); - if (r < 0) --- -2.27.0 - diff --git a/backport-analyze-fix-printing-config-when-there-is-no-main-co.patch b/backport-analyze-fix-printing-config-when-there-is-no-main-co.patch deleted file mode 100644 index 4abd79ed23768367569f2f7d3b13d8851850ff43..0000000000000000000000000000000000000000 --- a/backport-analyze-fix-printing-config-when-there-is-no-main-co.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 8621f957b6e3a7eed1c5965d332ad1c4c594f26e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 20 Nov 2021 11:42:31 +0100 -Subject: [PATCH] analyze: fix printing config when there is no main config - file - -Since 8b8024f1c231c166f5c450905c8fd91d11704ae7 and the follow-up commits, the -main config file may be located in /usr or in other paths. But the code in -analyze.c was still assuming that it must be in /etc. Things mostly worked for -our own config files because we usually install a comments-only file in /etc, -but was not correct in the general case. - -This fixes in particular 'systemd-analyze cat-config systemd/zram-generator.conf'. -In Fedora we distribute a config file in zram-generator-defaults.rpm that is in -/usr/lib, and 'cat-config' would refuse to show it because -/etc/systemd/zram-generator.conf does not exist. - -The main config file is optional, but let's print an informative message -because this is a slightly unusual case. - -The file paths that we printed were missing the root prefix. - -(cherry picked from commit 0895e87348e5fc02f50498cad5922eb3eb172323) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8621f957b6e3a7eed1c5965d332ad1c4c594f26e ---- - src/shared/pretty-print.c | 43 ++++++++++++++++++++++++++------------- - 1 file changed, 29 insertions(+), 14 deletions(-) - -diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c -index 137ba77b3a..97baeda401 100644 ---- a/src/shared/pretty-print.c -+++ b/src/shared/pretty-print.c -@@ -300,24 +300,39 @@ int conf_files_cat(const char *root, const char *name) { - return log_error_errno(r, "Failed to build directory list: %m"); - } - -- r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs); -- if (r < 0) -- return log_error_errno(r, "Failed to query file list: %m"); -+ if (DEBUG_LOGGING) { -+ log_debug("Looking for configuration in:"); -+ if (!is_collection) -+ STRV_FOREACH(prefix, prefixes) -+ log_debug(" %s%s%s", strempty(root), *prefix, name); - -+ STRV_FOREACH(t, dirs) -+ log_debug(" %s%s/*%s", strempty(root), *t, extension); -+ } -+ -+ /* First locate the main config file, if any */ - if (!is_collection) { -- path = path_join(root, "/etc", name); -+ STRV_FOREACH(prefix, prefixes) { -+ path = path_join(root, *prefix, name); -+ if (!path) -+ return log_oom(); -+ if (access(path, F_OK) == 0) -+ break; -+ path = mfree(path); -+ } -+ - if (!path) -- return log_oom(); -+ printf("%s# Main configuration file %s not found%s\n", -+ ansi_highlight_magenta(), -+ name, -+ ansi_normal()); - } - -- if (DEBUG_LOGGING) { -- log_debug("Looking for configuration in:"); -- if (path) -- log_debug(" %s", path); -- STRV_FOREACH(t, dirs) -- log_debug(" %s/*%s", *t, extension); -- } -+ /* Then locate the drop-ins, if any */ -+ r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs); -+ if (r < 0) -+ return log_error_errno(r, "Failed to query file list: %m"); - -- /* show */ -- return cat_files(path, files, CAT_FLAGS_MAIN_FILE_OPTIONAL); -+ /* Show */ -+ return cat_files(path, files, 0); - } --- -2.33.0 - diff --git a/backport-argv-util-also-update-program_invocation_short_name.patch b/backport-argv-util-also-update-program_invocation_short_name.patch deleted file mode 100644 index 6ef64867a71fd458d208596961e5480406ca41dc..0000000000000000000000000000000000000000 --- a/backport-argv-util-also-update-program_invocation_short_name.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 73be22c6f245ad86ef33d95bd4ab0a8e9fd121be Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 3 Feb 2023 18:29:36 +0900 -Subject: [PATCH] argv-util: also update program_invocation_short_name - -Our logging uses program_invocation_short_name. Without this patch, -logs from forked client may become broken; spuriously truncated or -the short invocation name is not completely shown in the log. - -(cherry picked from commit dd15e4cb57129b915e01495e113696bfe0b70214) -(cherry picked from commit ce4726468dc02bd7383cd7d90c8769576c6973e3) -(cherry picked from commit 7a862d9d1a7196a5576720959849f45fc68b041c) -(cherry picked from commit 9fbbd7bf28e5362b786e152a9ce4e8bd40621759) ---- - src/basic/process-util.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index b76ca6f7c5..10651a4564 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -371,6 +371,10 @@ int rename_process(const char name[]) { - strncpy(program_invocation_name, name, k); - if (l > k) - truncated = true; -+ -+ /* Also update the short name. */ -+ char *p = strrchr(program_invocation_name, '/'); -+ program_invocation_short_name = p ? p + 1 : program_invocation_name; - } - - /* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but --- -2.27.0 - diff --git a/backport-backlight-ignore-error-if-the-backlight-device-is-al.patch b/backport-backlight-ignore-error-if-the-backlight-device-is-al.patch deleted file mode 100644 index c02cf02bab88484ea8033be0e9b50787842bfaf9..0000000000000000000000000000000000000000 --- a/backport-backlight-ignore-error-if-the-backlight-device-is-al.patch +++ /dev/null @@ -1,43 +0,0 @@ -From a69c240157e2ca066130c12bb061e0065f2c2425 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 5 Jan 2022 18:26:46 +0900 -Subject: [PATCH] backlight: ignore error if the backlight device is already - removed - -Fixes #21997. - -(cherry picked from commit f0f65087834198d4dabf8b389ddc34223400aab7) -(cherry picked from commit b4c57e1b1c249f28f13a86637d8854c920bcf26d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a69c240157e2ca066130c12bb061e0065f2c2425 ---- - src/backlight/backlight.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c -index 7c0970a60c..5aeee0de47 100644 ---- a/src/backlight/backlight.c -+++ b/src/backlight/backlight.c -@@ -395,8 +395,16 @@ static int run(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Not a backlight or LED device: '%s:%s'", ss, sysname); - - r = sd_device_new_from_subsystem_sysname(&device, ss, sysname); -- if (r < 0) -- return log_error_errno(r, "Failed to get backlight or LED device '%s:%s': %m", ss, sysname); -+ if (r < 0) { -+ bool ignore = r == -ENODEV; -+ -+ /* Some drivers, e.g. for AMD GPU, removes acpi backlight device soon after it is added. -+ * See issue #21997. */ -+ log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r, -+ "Failed to get backlight or LED device '%s:%s'%s: %m", -+ ss, sysname, ignore ? ", ignoring" : ""); -+ return ignore ? 0 : r; -+ } - - /* If max_brightness is 0, then there is no actual backlight device. This happens on desktops - * with Asus mainboards that load the eeepc-wmi module. */ --- -2.33.0 - diff --git a/backport-basic-env-util-correctly-parse-extended-vars-after-n.patch b/backport-basic-env-util-correctly-parse-extended-vars-after-n.patch deleted file mode 100644 index 5db2bcaae1f3cf750732ffe502be3e5991e03102..0000000000000000000000000000000000000000 --- a/backport-basic-env-util-correctly-parse-extended-vars-after-n.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 74583cad5a3bf4051b879b8b1ac53934027ef485 Mon Sep 17 00:00:00 2001 -From: Andrew Soutar -Date: Tue, 5 Oct 2021 22:55:27 -0400 -Subject: [PATCH] basic/env-util: correctly parse extended vars after - non-extended vars (#20941) - -(cherry picked from commit 5ef97a712236f0ddddec52665c0aea7d4e6d3c13) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/74583cad5a3bf4051b879b8b1ac53934027ef485 ---- - src/basic/env-util.c | 1 + - src/test/test-env-util.c | 5 ++++- - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/basic/env-util.c b/src/basic/env-util.c -index 81b1e3f10e..1ca445dab4 100644 ---- a/src/basic/env-util.c -+++ b/src/basic/env-util.c -@@ -577,6 +577,7 @@ char *replace_env_n(const char *format, size_t n, char **env, unsigned flags) { - - word = e+1; - state = WORD; -+ nest--; - } else if (*e == ':') { - if (flags & REPLACE_ENV_ALLOW_EXTENDED) { - len = e - word - 2; -diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c -index ed4580e4af..3d5951c46e 100644 ---- a/src/test/test-env-util.c -+++ b/src/test/test-env-util.c -@@ -198,7 +198,7 @@ static void test_replace_env2(bool extended) { - "BAR=bar", - NULL - }; -- _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL; -+ _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL, *y = NULL; - unsigned flags = REPLACE_ENV_ALLOW_EXTENDED*extended; - - t = replace_env("FOO=${FOO:-${BAR}}", (char**) env, flags); -@@ -218,6 +218,9 @@ static void test_replace_env2(bool extended) { - - x = replace_env("XXX=${XXX:+${BAR}post}", (char**) env, flags); - assert_se(streq(x, extended ? "XXX=" : "XXX=${XXX:+barpost}")); -+ -+ y = replace_env("FOO=${FOO}between${BAR:-baz}", (char**) env, flags); -+ assert_se(streq(y, extended ? "FOO=foobetweenbar" : "FOO=foobetween${BAR:-baz}")); - } - - static void test_replace_env_argv(void) { --- -2.33.0 - diff --git a/backport-basic-escape-add-helper-for-quoting-command-lines.patch b/backport-basic-escape-add-helper-for-quoting-command-lines.patch deleted file mode 100644 index c405da86f9824ca86c817ca9e73391a8065ae55b..0000000000000000000000000000000000000000 --- a/backport-basic-escape-add-helper-for-quoting-command-lines.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 16:27:51 +0200 -Subject: [PATCH] basic/escape: add helper for quoting command lines - -(cherry picked from commit eeb91d29b0279d6bf8a3f1c4da54c9e9c0881a19) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 ---- - src/basic/escape.c | 21 +++++++++++++++++++++ - src/basic/escape.h | 1 + - src/test/test-escape.c | 24 ++++++++++++++++++++++++ - 3 files changed, 46 insertions(+) - -diff --git a/src/basic/escape.c b/src/basic/escape.c -index 2a3a0e31a1..fcade5a1b4 100644 ---- a/src/basic/escape.c -+++ b/src/basic/escape.c -@@ -8,6 +8,7 @@ - #include "escape.h" - #include "hexdecoct.h" - #include "macro.h" -+#include "strv.h" - #include "utf8.h" - - int cescape_char(char c, char *buf) { -@@ -542,3 +543,23 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) { - - return str_realloc(buf); - } -+ -+char* quote_command_line(char **argv) { -+ _cleanup_free_ char *result = NULL; -+ -+ assert(argv); -+ -+ char **a; -+ STRV_FOREACH(a, argv) { -+ _cleanup_free_ char *t = NULL; -+ -+ t = shell_maybe_quote(*a, SHELL_ESCAPE_EMPTY); -+ if (!t) -+ return NULL; -+ -+ if (!strextend_with_separator(&result, " ", t)) -+ return NULL; -+ } -+ -+ return TAKE_PTR(result); -+} -diff --git a/src/basic/escape.h b/src/basic/escape.h -index 907b572bd4..e9d48d227a 100644 ---- a/src/basic/escape.h -+++ b/src/basic/escape.h -@@ -68,3 +68,4 @@ char* escape_non_printable_full(const char *str, size_t console_width, XEscapeFl - - char* shell_escape(const char *s, const char *bad); - char* shell_maybe_quote(const char *s, ShellEscapeFlags flags); -+char* quote_command_line(char **argv); -diff --git a/src/test/test-escape.c b/src/test/test-escape.c -index 991b135a33..8bda9cdc8d 100644 ---- a/src/test/test-escape.c -+++ b/src/test/test-escape.c -@@ -192,6 +192,29 @@ static void test_shell_maybe_quote(void) { - test_shell_maybe_quote_one("gÅ‚Ä…b\002\003rzÄ…d", SHELL_ESCAPE_POSIX, "$'gÅ‚Ä…b\\002\\003rzÄ…d'"); - } - -+static void test_quote_command_line_one(char **argv, const char *expected) { -+ _cleanup_free_ char *s; -+ -+ assert_se(s = quote_command_line(argv)); -+ log_info("%s", s); -+ assert_se(streq(s, expected)); -+} -+ -+static void test_quote_command_line(void) { -+ log_info("/* %s */", __func__); -+ -+ test_quote_command_line_one(STRV_MAKE("true", "true"), -+ "true true"); -+ test_quote_command_line_one(STRV_MAKE("true", "with a space"), -+ "true \"with a space\""); -+ test_quote_command_line_one(STRV_MAKE("true", "with a 'quote'"), -+ "true \"with a 'quote'\""); -+ test_quote_command_line_one(STRV_MAKE("true", "with a \"quote\""), -+ "true \"with a \\\"quote\\\"\""); -+ test_quote_command_line_one(STRV_MAKE("true", "$dollar"), -+ "true \"\\$dollar\""); -+} -+ - int main(int argc, char *argv[]) { - test_setup_logging(LOG_DEBUG); - -@@ -202,6 +225,7 @@ int main(int argc, char *argv[]) { - test_cunescape(); - test_shell_escape(); - test_shell_maybe_quote(); -+ test_quote_command_line(); - - return 0; - } --- -2.33.0 - diff --git a/backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch b/backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch deleted file mode 100644 index a72d4d191cc83c9a91189e10776d7a1ea0a26977..0000000000000000000000000000000000000000 --- a/backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6674c65c74dcf52b6887e76642683b593d86cb69 Mon Sep 17 00:00:00 2001 -From: Chris Packham -Date: Fri, 10 Sep 2021 09:51:36 +1200 -Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 - -ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition - -Fixes #20694 - -(cherry picked from commit 7c5b9952c4f6e2b72f90edbe439982528b7cf223) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6674c65c74dcf52b6887e76642683b593d86cb69 ---- - src/basic/linux/if_arp.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -index c3cc5a9e5e..4783af9fe5 100644 ---- a/src/basic/linux/if_arp.h -+++ b/src/basic/linux/if_arp.h -@@ -54,6 +54,7 @@ - #define ARPHRD_X25 271 /* CCITT X.25 */ - #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ - #define ARPHRD_CAN 280 /* Controller Area Network */ -+#define ARPHRD_MCTP 290 - #define ARPHRD_PPP 512 - #define ARPHRD_CISCO 513 /* Cisco HDLC */ - #define ARPHRD_HDLC ARPHRD_CISCO --- -2.33.0 - diff --git a/backport-basic-log-allow-errno-values-higher-than-255.patch b/backport-basic-log-allow-errno-values-higher-than-255.patch deleted file mode 100644 index 7e2d563d48fa8c54e30af869d952f3ac3c540a8c..0000000000000000000000000000000000000000 --- a/backport-basic-log-allow-errno-values-higher-than-255.patch +++ /dev/null @@ -1,48 +0,0 @@ -From fb824c90e5a83218e4252a2c21c7f365d0167458 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 3 Jan 2022 17:53:29 +0100 -Subject: [PATCH] basic/log: allow errno values higher than 255 - -When the support for "synthetic errno" was added, we started truncating -the errno value to just the least significant byte. This is generally OK, -because errno values are defined up to ~130. - -The docs don't really say what the maximum value is. But at least in principle -higher values could be added in the future. So let's stop truncating -the values needlessly. - -The kernel (or libbpf?) have an error where they return 524 as an errno -value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would -confusingly truncate this to 12 (ENOMEM). It seems much nicer to let -strerror() give us "Unknown error 524" rather than to print the bogus -message about ENOMEM. - -(cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93) -(cherry picked from commit cd686fe4c719bfb894bd24d673c51f19cea64643) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fb824c90e5a83218e4252a2c21c7f365d0167458 ---- - src/basic/log.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/basic/log.h b/src/basic/log.h -index 738c181070..8bfae8e0e5 100644 ---- a/src/basic/log.h -+++ b/src/basic/log.h -@@ -27,10 +27,10 @@ typedef enum LogTarget{ - _LOG_TARGET_INVALID = -EINVAL, - } LogTarget; - --/* Note to readers: << and >> have lower precedence than & and | */ -+/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */ - #define SYNTHETIC_ERRNO(num) (1 << 30 | (num)) - #define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1) --#define ERRNO_VALUE(val) (abs(val) & 255) -+#define ERRNO_VALUE(val) (abs(val) & ~(1 << 30)) - - const char *log_target_to_string(LogTarget target) _const_; - LogTarget log_target_from_string(const char *s) _pure_; --- -2.33.0 - diff --git a/backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch b/backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch deleted file mode 100644 index 94fd836fcd7f184862224a9be896bfe133c6c67f..0000000000000000000000000000000000000000 --- a/backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch +++ /dev/null @@ -1,76 +0,0 @@ -From fdb86800e854d5079c13d3a4597f73617db991f6 Mon Sep 17 00:00:00 2001 -From: Donald Chan -Date: Fri, 28 Jan 2022 22:53:46 +0000 -Subject: [PATCH] basic: mac_[selinux,smack]_apply_fd does not work when - applying labels - -Commit a7fdc6c introduced a regression where file descriptors are opened -using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail -with a -EBADF (Bad file descriptor) error. - -Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and -call setxattr() or setfilecon() instead. - -Signed-off-by: Donald Chan -(cherry picked from commit a718364e9d9242cc2111c9860f2ab5bb9bb26db9) -(cherry picked from commit 9f596964f6e403b089450dc083724b48fb4b4bb1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fdb86800e854d5079c13d3a4597f73617db991f6 ---- - src/shared/selinux-util.c | 6 +++++- - src/shared/smack-util.c | 7 +++++-- - 2 files changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c -index 03cee76f64..832c29435d 100644 ---- a/src/shared/selinux-util.c -+++ b/src/shared/selinux-util.c -@@ -344,12 +344,16 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) { - assert(fd >= 0); - - #if HAVE_SELINUX -+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; -+ - if (!mac_selinux_use()) - return 0; - - assert(label); - -- if (fsetfilecon(fd, label) < 0) -+ xsprintf(procfs_path, "/proc/self/fd/%i", fd); -+ -+ if (setfilecon(procfs_path, label) < 0) - return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path)); - #endif - return 0; -diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c -index 3362ee3924..8d88a7b49a 100644 ---- a/src/shared/smack-util.c -+++ b/src/shared/smack-util.c -@@ -86,6 +86,7 @@ int mac_smack_apply(const char *path, SmackAttr attr, const char *label) { - } - - int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { -+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; - int r; - - assert(fd >= 0); -@@ -94,10 +95,12 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { - if (!mac_smack_use()) - return 0; - -+ xsprintf(procfs_path, "/proc/self/fd/%i", fd); -+ - if (label) -- r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0); -+ r = setxattr(procfs_path, smack_attr_to_string(attr), label, strlen(label), 0); - else -- r = fremovexattr(fd, smack_attr_to_string(attr)); -+ r = removexattr(procfs_path, smack_attr_to_string(attr)); - if (r < 0) - return -errno; - --- -2.33.0 - diff --git a/backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch b/backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch deleted file mode 100644 index f944c57c2ca64d4b687e7ac8971c9797d8d4d56c..0000000000000000000000000000000000000000 --- a/backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 74af5a3696cd3747fa814a21eb1b3d7cae3dea56 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 4 Nov 2021 20:29:43 +0000 -Subject: [PATCH] basic/mountpoint-util: detect erofs as a read-only FS - -(cherry picked from commit fac2c3e97d80fb356eb50abb429bdb5ed36afcf1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/74af5a3696cd3747fa814a21eb1b3d7cae3dea56 ---- - src/basic/mountpoint-util.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c -index e7a5a99551..7e57d9a226 100644 ---- a/src/basic/mountpoint-util.c -+++ b/src/basic/mountpoint-util.c -@@ -424,6 +424,7 @@ bool fstype_is_ro(const char *fstype) { - return STR_IN_SET(fstype, - "DM_verity_hash", - "iso9660", -+ "erofs", - "squashfs"); - } - --- -2.33.0 - diff --git a/backport-basic-unit-file-don-t-filter-out-names-starting-with.patch b/backport-basic-unit-file-don-t-filter-out-names-starting-with.patch deleted file mode 100644 index 735b09c8359f9d1817e5bc4fbd88de43a705b297..0000000000000000000000000000000000000000 --- a/backport-basic-unit-file-don-t-filter-out-names-starting-with.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 28 Sep 2021 23:52:39 -0700 -Subject: [PATCH] basic/unit-file: don't filter out names starting with dot - -Fixes #20859 -Reverts 3796bdc55d6ba499d1049f749072218879e619a7 - -(cherry picked from commit 14bb72953458caace048b55ead7ea06a592b864f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb ---- - src/basic/unit-file.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index 884a0674a9..0d58b1c4fe 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -284,7 +284,7 @@ int unit_file_build_name_map( - continue; - } - -- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { -+ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; - _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; - const char *suffix, *dst = NULL; --- -2.33.0 - diff --git a/backport-binfmt-fix-exit-value.patch b/backport-binfmt-fix-exit-value.patch deleted file mode 100644 index 80ba1e34c54caf850115395504db20b6c39ddeea..0000000000000000000000000000000000000000 --- a/backport-binfmt-fix-exit-value.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d4406e94a32d423d8a73deb7757fb09890afe2c4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 10 Nov 2021 13:58:32 +0100 -Subject: [PATCH] binfmt: fix exit value - -Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g. -systemd-binfmt --foobar would "succeed". - -(cherry picked from commit 52707598d5c0dbbc8a967e4874b0b08ee2486772) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d4406e94a32d423d8a73deb7757fb09890afe2c4 ---- - src/binfmt/binfmt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c -index 29530bb691..981218f52f 100644 ---- a/src/binfmt/binfmt.c -+++ b/src/binfmt/binfmt.c -@@ -189,7 +189,7 @@ static int run(int argc, char *argv[]) { - - r = parse_argv(argc, argv); - if (r <= 0) -- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; -+ return r; - - log_setup(); - --- -2.33.0 - diff --git a/backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch b/backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch deleted file mode 100644 index fdcfcc5e705d628eb7ab62bead28a314e9bdda09..0000000000000000000000000000000000000000 --- a/backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 9ee300a0b6429b7af73f40edfb2330cbbd7828f3 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Sun, 9 Jan 2022 14:22:15 +0100 -Subject: [PATCH] boot-timestamps: Discard firmware init time when running in a - VM - -Fixes: #22060 -(cherry picked from commit f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e) -(cherry picked from commit 3c5c13f82c760c7067bb189484e1f672ff6713f6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9ee300a0b6429b7af73f40edfb2330cbbd7828f3 ---- - src/shared/boot-timestamps.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/src/shared/boot-timestamps.c b/src/shared/boot-timestamps.c -index 8786e89c0e..e00b37aa32 100644 ---- a/src/shared/boot-timestamps.c -+++ b/src/shared/boot-timestamps.c -@@ -5,11 +5,13 @@ - #include "efi-loader.h" - #include "macro.h" - #include "time-util.h" -+#include "virt.h" - - int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_timestamp *loader) { - usec_t x = 0, y = 0, a; - int r; - dual_timestamp _n; -+ bool use_firmware = true; - - assert(firmware); - assert(loader); -@@ -24,6 +26,10 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time - r = efi_loader_get_boot_usec(&x, &y); - if (r < 0) - return r; -+ -+ /* If we are running in a VM, the init timestamp would -+ * be equivalent to the host uptime. */ -+ use_firmware = detect_vm() <= 0; - } - - /* Let's convert this to timestamps where the firmware -@@ -33,12 +39,14 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time - * the monotonic timestamps here as negative of the actual - * value. */ - -- firmware->monotonic = y; -- loader->monotonic = y - x; -- -- a = n->monotonic + firmware->monotonic; -- firmware->realtime = n->realtime > a ? n->realtime - a : 0; -+ if (use_firmware) { -+ firmware->monotonic = y; -+ a = n->monotonic + firmware->monotonic; -+ firmware->realtime = n->realtime > a ? n->realtime - a : 0; -+ } else -+ firmware->monotonic = firmware->realtime = 0; - -+ loader->monotonic = y - x; - a = n->monotonic + loader->monotonic; - loader->realtime = n->realtime > a ? n->realtime - a : 0; - --- -2.33.0 - diff --git a/backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch b/backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch deleted file mode 100644 index c62801a701047416faaeb101786885da1ab998e1..0000000000000000000000000000000000000000 --- a/backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0028a3eb976dfa7209433dfa3a24b785f05fd352 Mon Sep 17 00:00:00 2001 -From: Anssi Hannula -Date: Thu, 23 Sep 2021 12:08:05 +0300 -Subject: [PATCH] bootctl: Fix update not adding EFI entry if Boot IDs are - non-consecutive - -"bootctl update" tries to add sd-boot to the EFI boot loader list if it -is not already there. To do so, it uses find_slot() which finds the -proper BootXXXX slot ID to use and also returns 1 if an existing sd-boot -entry was found at this ID or 0 if it is a new unused ID. In "update" -case install_variables() only writes the entry in case 0 (no existing -entry). - -However, find_slot() erroneously returns 1 if it finds a gap in the Boot -IDs (i.e. when not resorting to max(ids) + 1). This causes -"bootctl update" to not add a missing systemd-boot boot entry if the -existing BootXXXX entry IDs are not consecutive. - -Fix that by returning 0 in find_slot() when an empty gap ID is selected -to make it match the behavior when selecting an empty non-gap ID. - -(cherry picked from commit 26d54e1263dcb58daa6578595cc6ab1037315593) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0028a3eb976dfa7209433dfa3a24b785f05fd352 ---- - src/boot/bootctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c -index fa8c600321..bd96812246 100644 ---- a/src/boot/bootctl.c -+++ b/src/boot/bootctl.c -@@ -711,7 +711,7 @@ static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) { - for (i = 0; i < n; i++) - if (i != options[i]) { - *id = i; -- return 1; -+ return 0; - } - - /* use the next one */ --- -2.33.0 - diff --git a/backport-bus-util-retrieve-bus-error-from-message.patch b/backport-bus-util-retrieve-bus-error-from-message.patch deleted file mode 100644 index 132b4da7fec26c5c4b79d394e4921cb2be59ee96..0000000000000000000000000000000000000000 --- a/backport-bus-util-retrieve-bus-error-from-message.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 443f25f3cd34ce504a4850373babcde5d572335f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Jan 2022 05:36:56 +0900 -Subject: [PATCH] bus-util: retrieve bus error from message - -The error in argument is not input, but used for output. - -(cherry picked from commit 853b94863cf26d084454edd63ce987cc7ab0505a) -(cherry picked from commit b9e144629bdb7c3d4535fb0a0ad8639140a25034) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/443f25f3cd34ce504a4850373babcde5d572335f ---- - src/shared/bus-wait-for-units.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/shared/bus-wait-for-units.c b/src/shared/bus-wait-for-units.c -index 29620e0d1b..c867f1cbfd 100644 ---- a/src/shared/bus-wait-for-units.c -+++ b/src/shared/bus-wait-for-units.c -@@ -1,5 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - -+#include "bus-error.h" - #include "bus-map-properties.h" - #include "bus-wait-for-units.h" - #include "hashmap.h" -@@ -288,19 +289,22 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error - return 0; - } - --static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *error) { -+static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { - WaitForItem *item = userdata; -+ const sd_bus_error *e; - int r; - - assert(item); - -- if (sd_bus_error_is_set(error)) { -+ e = sd_bus_message_get_error(m); -+ if (e) { - BusWaitForUnits *d = item->parent; - - d->has_failed = true; - -- log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s", -- item->bus_path, error->message); -+ r = sd_bus_error_get_errno(e); -+ log_debug_errno(r, "GetAll() failed for %s: %s", -+ item->bus_path, bus_error_message(e, r)); - - call_unit_callback_and_wait(d, item, false); - bus_wait_for_units_check_ready(d); --- -2.33.0 - diff --git a/backport-calendarspec-fix-possibly-skips-next-elapse.patch b/backport-calendarspec-fix-possibly-skips-next-elapse.patch deleted file mode 100644 index ec48edee31d9979b25433173aae0412732d28680..0000000000000000000000000000000000000000 --- a/backport-calendarspec-fix-possibly-skips-next-elapse.patch +++ /dev/null @@ -1,82 +0,0 @@ -From bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 Mon Sep 17 00:00:00 2001 -From: Gibeom Gwon -Date: Sun, 6 Mar 2022 09:45:38 +0900 -Subject: [PATCH] calendarspec: fix possibly skips next elapse - -If the time unit changes after adding the repetition value, the -timer may skip the next elapse. This patch reset sub time units -to minimum value when upper unit is changed. - -Fixes #22665. - -(cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c) -(cherry picked from commit 8d4c0d2383e72f30753bf33f206387bc03879ff8) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 ---- - src/shared/calendarspec.c | 27 ++++++++++++++++++++------- - src/test/test-calendarspec.c | 2 ++ - 2 files changed, 22 insertions(+), 7 deletions(-) - -diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c -index bf24d8d5bb..238766c96a 100644 ---- a/src/shared/calendarspec.c -+++ b/src/shared/calendarspec.c -@@ -1180,6 +1180,7 @@ static int find_matching_component( - - static int tm_within_bounds(struct tm *tm, bool utc) { - struct tm t; -+ int cmp; - assert(tm); - - /* -@@ -1194,13 +1195,25 @@ static int tm_within_bounds(struct tm *tm, bool utc) { - if (mktime_or_timegm(&t, utc) < 0) - return negative_errno(); - -- /* Did any normalization take place? If so, it was out of bounds before */ -- int cmp = CMP(t.tm_year, tm->tm_year) ?: -- CMP(t.tm_mon, tm->tm_mon) ?: -- CMP(t.tm_mday, tm->tm_mday) ?: -- CMP(t.tm_hour, tm->tm_hour) ?: -- CMP(t.tm_min, tm->tm_min) ?: -- CMP(t.tm_sec, tm->tm_sec); -+ /* -+ * Did any normalization take place? If so, it was out of bounds before. -+ * Normalization could skip next elapse, e.g. result of normalizing 3-33 -+ * is 4-2. This skips 4-1. So reset the sub time unit if upper unit was -+ * out of bounds. Normalization has occurred implies find_matching_component() > 0, -+ * other sub time units are already reset in find_next(). -+ */ -+ if ((cmp = CMP(t.tm_year, tm->tm_year)) != 0) -+ t.tm_mon = 0; -+ else if ((cmp = CMP(t.tm_mon, tm->tm_mon)) != 0) -+ t.tm_mday = 1; -+ else if ((cmp = CMP(t.tm_mday, tm->tm_mday)) != 0) -+ t.tm_hour = 0; -+ else if ((cmp = CMP(t.tm_hour, tm->tm_hour)) != 0) -+ t.tm_min = 0; -+ else if ((cmp = CMP(t.tm_min, tm->tm_min)) != 0) -+ t.tm_sec = 0; -+ else -+ cmp = CMP(t.tm_sec, tm->tm_sec); - - if (cmp < 0) - return -EDEADLK; /* Refuse to go backward */ -diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c -index 4f1d0f64d5..bc5e56a238 100644 ---- a/src/test/test-calendarspec.c -+++ b/src/test/test-calendarspec.c -@@ -201,6 +201,8 @@ int main(int argc, char* argv[]) { - test_next("2016-02~01 UTC", "", 12345, 1456704000000000); - test_next("Mon 2017-05~01..07 UTC", "", 12345, 1496016000000000); - test_next("Mon 2017-05~07/1 UTC", "", 12345, 1496016000000000); -+ test_next("*-*-01/5 04:00:00 UTC", "", 1646010000000000, 1646107200000000); -+ test_next("*-01/7-01 04:00:00 UTC", "", 1664607600000000, 1672545600000000); - test_next("2017-08-06 9,11,13,15,17:00 UTC", "", 1502029800000000, 1502031600000000); - test_next("2017-08-06 9..17/2:00 UTC", "", 1502029800000000, 1502031600000000); - test_next("2016-12-* 3..21/6:00 UTC", "", 1482613200000001, 1482634800000000); --- -2.33.0 - diff --git a/backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch b/backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch deleted file mode 100644 index 596dc397a1d34be47b9b7dcd6dcd39186182b617..0000000000000000000000000000000000000000 --- a/backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 52ab3b8f534eafeed86908ad38f4cd0f169e23ff Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Sun, 11 Jul 2021 16:59:27 -0400 -Subject: [PATCH] cgroup: do 'catchup' for unit cgroup inotify watch files - -While reexec/reload, we drop the inotify watch on cgroup file(s), so -we need to re-check them in case they changed and we missed the event. - -Fixes: #20198 -(cherry picked from commit 869f52f21831b611160c4937bef822ca94c802ba) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/52ab3b8f534eafeed86908ad38f4cd0f169e23ff ---- - src/core/cgroup.c | 18 ++++++++++++++++++ - src/core/cgroup.h | 2 ++ - src/core/unit.c | 2 ++ - 3 files changed, 22 insertions(+) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 3a6f768c60..5c07aa71d1 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -3039,6 +3039,9 @@ static int unit_check_cgroup_events(Unit *u) { - - assert(u); - -+ if (!u->cgroup_path) -+ return 0; -+ - r = cg_get_keyed_attribute_graceful(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events", - STRV_MAKE("populated", "frozen"), values); - if (r < 0) -@@ -3871,6 +3874,21 @@ void unit_invalidate_cgroup_bpf(Unit *u) { - } - } - -+void unit_cgroup_catchup(Unit *u) { -+ assert(u); -+ -+ if (!UNIT_HAS_CGROUP_CONTEXT(u)) -+ return; -+ -+ /* We dropped the inotify watch during reexec/reload, so we need to -+ * check these as they may have changed. -+ * Note that (currently) the kernel doesn't actually update cgroup -+ * file modification times, so we can't just serialize and then check -+ * the mtime for file(s) we are interested in. */ -+ (void) unit_check_cgroup_events(u); -+ unit_add_to_cgroup_oom_queue(u); -+} -+ - bool unit_cgroup_delegate(Unit *u) { - CGroupContext *c; - -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index ea929368cb..3f8cad899d 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -313,6 +313,8 @@ void manager_invalidate_startup_units(Manager *m); - const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_; - CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_; - -+void unit_cgroup_catchup(Unit *u); -+ - bool unit_cgroup_delegate(Unit *u); - - int compare_job_priority(const void *a, const void *b); -diff --git a/src/core/unit.c b/src/core/unit.c -index 47966bcf0d..7e3bd7505e 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3616,6 +3616,8 @@ void unit_catchup(Unit *u) { - - if (UNIT_VTABLE(u)->catchup) - UNIT_VTABLE(u)->catchup(u); -+ -+ unit_cgroup_catchup(u); - } - - static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) { --- -2.33.0 - diff --git a/backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch b/backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch deleted file mode 100644 index 15d9e2ed609884d96f1d3605af3af66f37e18cba..0000000000000000000000000000000000000000 --- a/backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f4472e406eaa1087534066d09a4b7f2fd1de2a06 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 30 Nov 2021 23:49:33 +0000 -Subject: [PATCH] cgroup: don't emit BPF firewall warning when manager is in - test mode - -Support for BPF might not have been checked, since it's not necessary -in test mode (eg: running offline analysis of units). This causes an -assert: - -Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting. - -Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger -this assert while doing an offline analysis of a unit that has some -firewall/network restrictions set. - -Skip the warning if the manager is in test mode. - -(cherry picked from commit a42232a18c5716f69efc67c779dd2ef6c4b9d6c2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f4472e406eaa1087534066d09a4b7f2fd1de2a06 ---- - src/core/bpf-firewall.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c -index 4a92052925..c4989a3ea6 100644 ---- a/src/core/bpf-firewall.c -+++ b/src/core/bpf-firewall.c -@@ -911,7 +911,10 @@ int bpf_firewall_supported(void) { - void emit_bpf_firewall_warning(Unit *u) { - static bool warned = false; - -- if (!warned) { -+ assert(u); -+ assert(u->manager); -+ -+ if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) { - bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0; - - log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, --- -2.33.0 - diff --git a/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch b/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch deleted file mode 100644 index 67decec2ebf672bb96498c522c40c23bde005e4b..0000000000000000000000000000000000000000 --- a/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a59a7227a29a73e8e1b0d80153f258e20354c0d7 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 15 Jul 2022 11:02:40 +0200 -Subject: [PATCH] cgroups-agent: connect stdin/stdout/stderr to /dev/null - -Inspired by https://github.com/systemd/systemd/pull/24024 this is -another user mode helper, where this might be an issue. hence let's -rather be safe than sorry, and also connect stdin/stdout/stderr -explicitly with /dev/null. - -(cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf) -(cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde) -(cherry picked from commit d8464304f03e6644bfc6ed42e13fb3a460b9ff60) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a59a7227a29a73e8e1b0d80153f258e20354c0d7 ---- - src/cgroups-agent/cgroups-agent.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c -index 071cba3099..9126736235 100644 ---- a/src/cgroups-agent/cgroups-agent.c -+++ b/src/cgroups-agent/cgroups-agent.c -@@ -16,6 +16,13 @@ int main(int argc, char *argv[]) { - _cleanup_close_ int fd = -1; - ssize_t n; - size_t l; -+ int r; -+ -+ r = rearrange_stdio(-1, -1, -1); -+ if (r < 0) { -+ log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m"); -+ return EXIT_FAILURE; -+ } - - if (argc != 2) { - log_error("Incorrect number of arguments."); --- -2.27.0 - diff --git a/backport-change-indicator-used-for-later-versions-of-VirtualB.patch b/backport-change-indicator-used-for-later-versions-of-VirtualB.patch deleted file mode 100644 index 24ab4b016ba2f28d81d6d13724e70e6faed015a9..0000000000000000000000000000000000000000 --- a/backport-change-indicator-used-for-later-versions-of-VirtualB.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 7459b7f4a63de87a6e76e9187893c65291b7931f Mon Sep 17 00:00:00 2001 -From: Greg Zuro -Date: Tue, 26 Oct 2021 21:02:37 -0700 -Subject: [PATCH] change indicator used for later versions of VirtualBox - (#21127) - -Detection of VirtualBox is accomplished in the existing code by *either* `innotek GmbH` -or `Oracle Corporation` existing in any of: - -- /sys/class/dmi/id/product_name -- /sys/class/dmi/id/sys_vendor -- /sys/class/dmi/id/board_vendor -- /sys/class/dmi/id/bios_vendor - -With Oracle's physical servers, both `/sys/class/dmi/id/sys_vendor` and -`/sys/class/dmi/id/board_vendor` contain `Oracle Corporation`, so those -servers are detected as `oracle` (VirtualBox). - -VirtualBox has the following values in the latest versions: - -- /sys/class/dmi/id/product_name: `VirtualBox` -- /sys/class/dmi/id/sys_vendor: `innotek GmbH` -- /sys/class/dmi/id/board_vendor: `Oracle Corporation` -- /sys/class/dmi/id/bios_vendor: `innotek GmbH` - -Presumably the existing check for `innotek GmbH` is meant to detect -older versions of VirtualBox, while changing the second checked value -from `Oracle Corporation` to `VirtualBox` will reliably detect later and future -versions. - -(cherry picked from commit cfee6b955154c30be31ffcf0e3b7b89374a52fff) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7459b7f4a63de87a6e76e9187893c65291b7931f ---- - src/basic/virt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 0243b2d2a8..cc123a286f 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -159,7 +159,7 @@ static int detect_vm_dmi_vendor(void) { - { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ - { "VMW", VIRTUALIZATION_VMWARE }, - { "innotek GmbH", VIRTUALIZATION_ORACLE }, -- { "Oracle Corporation", VIRTUALIZATION_ORACLE }, -+ { "VirtualBox", VIRTUALIZATION_ORACLE }, - { "Xen", VIRTUALIZATION_XEN }, - { "Bochs", VIRTUALIZATION_BOCHS }, - { "Parallels", VIRTUALIZATION_PARALLELS }, --- -2.33.0 - diff --git a/backport-ci-cancel-previous-jobs-on-ref-update.patch b/backport-ci-cancel-previous-jobs-on-ref-update.patch deleted file mode 100644 index 08ecd81f1c77f334a832788e8d29e3cf492881ef..0000000000000000000000000000000000000000 --- a/backport-ci-cancel-previous-jobs-on-ref-update.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 47b12629b47d9dfc857874a1b680f60ffc0af0bd Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 10 Nov 2021 16:45:12 +0100 -Subject: [PATCH] ci: cancel previous jobs on ref update - -Let's save the environment (and reduce the number of jobs in GH Actions -queues) by cancelling old jobs on a ref update (force push). - -See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency -(cherry picked from commit 3884837610168e6fb69fc2d5709f6c017a30beb9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/47b12629b47d9dfc857874a1b680f60ffc0af0bd ---- - .github/workflows/build_test.yml | 3 +++ - .github/workflows/cifuzz.yml | 3 +++ - .github/workflows/mkosi.yml | 3 +++ - .github/workflows/unit_tests.yml | 3 +++ - 4 files changed, 12 insertions(+) - -diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml -index 486016abc1..fa86236c2a 100644 ---- a/.github/workflows/build_test.yml -+++ b/.github/workflows/build_test.yml -@@ -14,6 +14,9 @@ on: - jobs: - build: - runs-on: ubuntu-20.04 -+ concurrency: -+ group: ${{ github.workflow }}-${{ matrix.env.COMPILER }}-${{ matrix.env.COMPILER_VERSION }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -index 5296dc7069..df1fb15ace 100644 ---- a/.github/workflows/cifuzz.yml -+++ b/.github/workflows/cifuzz.yml -@@ -19,6 +19,9 @@ jobs: - Fuzzing: - runs-on: ubuntu-latest - if: github.repository == 'systemd/systemd' -+ concurrency: -+ group: ${{ github.workflow }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index babdf7ae6e..f67fd23b1c 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -13,6 +13,9 @@ on: - jobs: - ci: - runs-on: ubuntu-20.04 -+ concurrency: -+ group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: -diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml -index ca1e6e0c30..aaf8fcad3d 100644 ---- a/.github/workflows/unit_tests.yml -+++ b/.github/workflows/unit_tests.yml -@@ -10,6 +10,9 @@ on: - jobs: - build: - runs-on: ubuntu-20.04 -+ concurrency: -+ group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: --- -2.33.0 - diff --git a/backport-ci-fix-clang-13-installation.patch b/backport-ci-fix-clang-13-installation.patch deleted file mode 100644 index 5f085313aac3acc2bf46dd8077945e8bec9ca59c..0000000000000000000000000000000000000000 --- a/backport-ci-fix-clang-13-installation.patch +++ /dev/null @@ -1,59 +0,0 @@ -From eaa74c30212d62f546692731ec3cef498f3edb08 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Tue, 22 Feb 2022 14:43:40 +0100 -Subject: [PATCH] ci: fix clang-13 installation - -For some reason Ubuntu Focal repositories now have `llvm-13` virtual -package which can't be installed, but successfully fools our check, -resulting in no clang/llvm being installed... - -``` -$ apt show llvm-13 -Package: llvm-13 -State: not a real package (virtual) -N: Can't select candidate version from package llvm-13 as it has no candidate -N: Can't select versions from package 'llvm-13' as it is purely virtual -N: No packages found - -$ apt install --dry-run llvm-13 -Reading package lists... Done -Building dependency tree -Reading state information... Done -Package llvm-13 is not available, but is referred to by another package. -This may mean that the package is missing, has been obsoleted, or -is only available from another source - -E: Package 'llvm-13' has no installation candidate -``` - -(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077) -(cherry picked from commit fa6e263273905cfc9e4528e8175ace3d19d881e3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/eaa74c30212d62f546692731ec3cef498f3edb08 ---- - .github/workflows/build_test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh -index db38554d97..1200fa23f3 100755 ---- a/.github/workflows/build_test.sh -+++ b/.github/workflows/build_test.sh -@@ -75,12 +75,12 @@ if [[ "$COMPILER" == clang ]]; then - # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 - # provided by the apt.llvm.org repositories. Let's use the system - # llvm package if available in such cases to avoid that. -- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then -+ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then - # Latest LLVM stack deb packages provided by https://apt.llvm.org/ - # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg - printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ -- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list -+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list - PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") - fi - elif [[ "$COMPILER" == gcc ]]; then --- -2.33.0 - diff --git a/backport-ci-fix-indentation.patch b/backport-ci-fix-indentation.patch deleted file mode 100644 index 99caf2e886be318e650c67fe82605532878795d4..0000000000000000000000000000000000000000 --- a/backport-ci-fix-indentation.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 6db77b2c9f31c8246ec920a189fe44873111566f Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 10 Nov 2021 16:42:07 +0100 -Subject: [PATCH] ci: fix indentation - -(cherry picked from commit 46573ee1319ee8ae5b292a0a737740eca1a68184) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6db77b2c9f31c8246ec920a189fe44873111566f ---- - .github/workflows/cifuzz.yml | 58 ++++++++++++++++++------------------ - 1 file changed, 29 insertions(+), 29 deletions(-) - -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -index 14d81a67ff..5296dc7069 100644 ---- a/.github/workflows/cifuzz.yml -+++ b/.github/workflows/cifuzz.yml -@@ -16,32 +16,32 @@ on: - branches: - - main - jobs: -- Fuzzing: -- runs-on: ubuntu-latest -- if: github.repository == 'systemd/systemd' -- strategy: -- fail-fast: false -- matrix: -- sanitizer: [address, undefined, memory] -- steps: -- - name: Build Fuzzers (${{ matrix.sanitizer }}) -- id: build -- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master -- with: -- oss-fuzz-project-name: 'systemd' -- dry-run: false -- allowed-broken-targets-percentage: 0 -- sanitizer: ${{ matrix.sanitizer }} -- - name: Run Fuzzers (${{ matrix.sanitizer }}) -- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master -- with: -- oss-fuzz-project-name: 'systemd' -- fuzz-seconds: 600 -- dry-run: false -- sanitizer: ${{ matrix.sanitizer }} -- - name: Upload Crash -- uses: actions/upload-artifact@v1 -- if: failure() && steps.build.outcome == 'success' -- with: -- name: ${{ matrix.sanitizer }}-artifacts -- path: ./out/artifacts -+ Fuzzing: -+ runs-on: ubuntu-latest -+ if: github.repository == 'systemd/systemd' -+ strategy: -+ fail-fast: false -+ matrix: -+ sanitizer: [address, undefined, memory] -+ steps: -+ - name: Build Fuzzers (${{ matrix.sanitizer }}) -+ id: build -+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master -+ with: -+ oss-fuzz-project-name: 'systemd' -+ dry-run: false -+ allowed-broken-targets-percentage: 0 -+ sanitizer: ${{ matrix.sanitizer }} -+ - name: Run Fuzzers (${{ matrix.sanitizer }}) -+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master -+ with: -+ oss-fuzz-project-name: 'systemd' -+ fuzz-seconds: 600 -+ dry-run: false -+ sanitizer: ${{ matrix.sanitizer }} -+ - name: Upload Crash -+ uses: actions/upload-artifact@v1 -+ if: failure() && steps.build.outcome == 'success' -+ with: -+ name: ${{ matrix.sanitizer }}-artifacts -+ path: ./out/artifacts --- -2.33.0 - diff --git a/backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch b/backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch deleted file mode 100644 index d5fb67ed5cefd83ee3917374dea3b2faafe5dbbc..0000000000000000000000000000000000000000 --- a/backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch +++ /dev/null @@ -1,32 +0,0 @@ -From cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 14 Nov 2021 12:28:21 +0100 -Subject: [PATCH] ci: pin the debian systemd repo to a specific revision - -to work around missing systemd/systemd#20056 in pre-v250 stable -branches. - -v249-stable-only - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 ---- - .semaphore/semaphore.yml | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml -index 06f162007e..7fc38a553d 100644 ---- a/.semaphore/semaphore.yml -+++ b/.semaphore/semaphore.yml -@@ -25,3 +25,8 @@ blocks: - - checkout --use-cache - - .semaphore/semaphore-runner.sh SETUP - - .semaphore/semaphore-runner.sh RUN -+ env_vars: -+ # Pin the debian systemd repo to a specific revision, to work around -+ # missing systemd/systemd#20056 in pre-v250 stable branches -+ - name: BRANCH -+ value: e138f8573a14f8f094bd6c9582bc26ed62c1347f --- -2.33.0 - diff --git a/backport-ci-replace-apt-key-with-signed-by.patch b/backport-ci-replace-apt-key-with-signed-by.patch deleted file mode 100644 index ba60037e96e28dda316ba3c52af9fb2702b8f78d..0000000000000000000000000000000000000000 --- a/backport-ci-replace-apt-key-with-signed-by.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 84230ae4e3a10fccfb4750b832d2c70fe56df128 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sun, 26 Dec 2021 01:11:00 +0000 -Subject: [PATCH] ci: replace apt-key with signed-by - -to limit the scope of the key to apt.llvm.org only. - -This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/ - -(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da) -(cherry picked from commit c92297a20c13b7e15b0026b1f36ebe99d86cfce8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84230ae4e3a10fccfb4750b832d2c70fe56df128 ---- - .github/workflows/build_test.sh | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh -index 10fa1ea9b0..db38554d97 100755 ---- a/.github/workflows/build_test.sh -+++ b/.github/workflows/build_test.sh -@@ -77,9 +77,10 @@ if [[ "$COMPILER" == clang ]]; then - # llvm package if available in such cases to avoid that. - if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then - # Latest LLVM stack deb packages provided by https://apt.llvm.org/ -- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh -- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" -+ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh -+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg -+ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ -+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list - PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") - fi - elif [[ "$COMPILER" == gcc ]]; then --- -2.33.0 - diff --git a/backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch b/backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch deleted file mode 100644 index e9988f45bbef2a895e51971b3d8e426e1587b7d8..0000000000000000000000000000000000000000 --- a/backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9d08ba9b3fa7542037e0522c10d63517366afda6 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 12 Nov 2021 17:37:15 +0100 -Subject: [PATCH] ci: run the unit_tests and mkosi jobs on stable branches as - well - -To provide more coverage for the systemd-stable repo. - -See: https://github.com/systemd/systemd-stable/issues/24 -(cherry picked from commit c76a83858996148fea36d1018b4707ce5334363b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9d08ba9b3fa7542037e0522c10d63517366afda6 ---- - .github/workflows/mkosi.yml | 2 ++ - .github/workflows/unit_tests.yml | 1 + - 2 files changed, 3 insertions(+) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index f67fd23b1c..489eb01880 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -6,9 +6,11 @@ on: - push: - branches: - - main -+ - v[0-9]+-stable - pull_request: - branches: - - main -+ - v[0-9]+-stable - - jobs: - ci: -diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml -index aaf8fcad3d..4a19a6a1c8 100644 ---- a/.github/workflows/unit_tests.yml -+++ b/.github/workflows/unit_tests.yml -@@ -6,6 +6,7 @@ on: - pull_request: - branches: - - main -+ - v[0-9]+-stable - - jobs: - build: --- -2.33.0 - diff --git a/backport-ci-take-CIFuzz-s-matrix-into-consideration.patch b/backport-ci-take-CIFuzz-s-matrix-into-consideration.patch deleted file mode 100644 index e9dcbb118903e282d2bf72badf28140d17cb0ba6..0000000000000000000000000000000000000000 --- a/backport-ci-take-CIFuzz-s-matrix-into-consideration.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 428d4988d2bc68e189481f7b46ffd1f84090aadd Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 10 Nov 2021 20:15:41 +0100 -Subject: [PATCH] ci: take CIFuzz's matrix into consideration - -Otherwise the jobs will try to cancel each other out. - -Follow-up to 3884837610168e6fb69fc2d5709f6c017a30beb9. - -(cherry picked from commit 8b212f3596d03f8e1025cd151d17f9a82433844a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/428d4988d2bc68e189481f7b46ffd1f84090aadd ---- - .github/workflows/cifuzz.yml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -index df1fb15ace..8ab2a4cf55 100644 ---- a/.github/workflows/cifuzz.yml -+++ b/.github/workflows/cifuzz.yml -@@ -20,7 +20,7 @@ jobs: - runs-on: ubuntu-latest - if: github.repository == 'systemd/systemd' - concurrency: -- group: ${{ github.workflow }}-${{ github.ref }} -+ group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} - cancel-in-progress: true - strategy: - fail-fast: false --- -2.33.0 - diff --git a/backport-ci-use-the-system-llvm-11-package-on-Focal.patch b/backport-ci-use-the-system-llvm-11-package-on-Focal.patch deleted file mode 100644 index 8c9591db65c7475078b956bf0f141e8ec86a6232..0000000000000000000000000000000000000000 --- a/backport-ci-use-the-system-llvm-11-package-on-Focal.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 441c959460217ba81591ada9185bed2665cdc994 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Mon, 11 Oct 2021 21:12:42 +0200 -Subject: [PATCH] ci: use the system llvm-11 package on Focal - -ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 -provided by the apt.llvm.org repositories. Let's use the system -llvm package if available in such cases to avoid that. - -(cherry picked from commit 1c71302f70c7d0712d49b5214f5f29b4d6a2c73e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/441c959460217ba81591ada9185bed2665cdc994 ---- - .github/workflows/build_test.sh | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh -index bdcb71ba9c..10fa1ea9b0 100755 ---- a/.github/workflows/build_test.sh -+++ b/.github/workflows/build_test.sh -@@ -71,11 +71,17 @@ if [[ "$COMPILER" == clang ]]; then - CC="clang-$COMPILER_VERSION" - CXX="clang++-$COMPILER_VERSION" - AR="llvm-ar-$COMPILER_VERSION" -- # Latest LLVM stack deb packages provided by https://apt.llvm.org/ -- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh -- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" -- PACKAGES+=(clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION) -+ -+ # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 -+ # provided by the apt.llvm.org repositories. Let's use the system -+ # llvm package if available in such cases to avoid that. -+ if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then -+ # Latest LLVM stack deb packages provided by https://apt.llvm.org/ -+ # Following snippet was borrowed from https://apt.llvm.org/llvm.sh -+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -+ add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" -+ PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") -+ fi - elif [[ "$COMPILER" == gcc ]]; then - CC="gcc-$COMPILER_VERSION" - CXX="g++-$COMPILER_VERSION" --- -2.33.0 - diff --git a/backport-clang-format-we-actually-typically-use-16ch-continua.patch b/backport-clang-format-we-actually-typically-use-16ch-continua.patch deleted file mode 100644 index e373bc73e355da034e4c9c46928b7cfa8478d44b..0000000000000000000000000000000000000000 --- a/backport-clang-format-we-actually-typically-use-16ch-continua.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8282cc686bedb0cf3702ea4ac2856b39ae351ef3 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 22 Feb 2022 16:51:58 +0100 -Subject: [PATCH] clang-format: we actually typically use 16ch continuation - indentation - -We use 8 for blocks, and 16 for continuation in most cases afaics, hence -say so in .clang-format too - -(cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85) -(cherry picked from commit 4a90c12f4f09f23e071e649422754f04eda6d273) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8282cc686bedb0cf3702ea4ac2856b39ae351ef3 ---- - .clang-format | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.clang-format b/.clang-format -index 651249c701..c94866fcd5 100644 ---- a/.clang-format -+++ b/.clang-format -@@ -46,7 +46,7 @@ ColumnLimit: 109 - CompactNamespaces: true - ConstructorInitializerAllOnOneLineOrOnePerLine: true - ConstructorInitializerIndentWidth: 8 --ContinuationIndentWidth: 8 -+ContinuationIndentWidth: 16 - Cpp11BracedListStyle: false - ForEachMacros: - - BITMAP_FOREACH --- -2.33.0 - diff --git a/backport-condition-fix-device-tree-firmware-path.patch b/backport-condition-fix-device-tree-firmware-path.patch deleted file mode 100644 index fbfced58c2700b73ef40b10b84a875f308132910..0000000000000000000000000000000000000000 --- a/backport-condition-fix-device-tree-firmware-path.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae Mon Sep 17 00:00:00 2001 -From: Daniel Braunwarth -Date: Sun, 28 Aug 2022 20:02:50 +0200 -Subject: [PATCH] condition: fix device-tree firmware path - -The path /sys/firmware/device-tree doesn't exist. This should be either -/proc/device-tree or /sys/firmware/devicetree. - -The first path is only a link. So lets use the second path. - -See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218. - -(cherry picked from commit 1037178acfd093fb10d8f5e74f3072f78afdf7e8) -(cherry picked from commit 254b77e73cb81265146de653563a7fe3f9936b56) -(cherry picked from commit ba29bb342deb4eeb55debfa7abb4ba97d50df076) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae ---- - src/shared/condition.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index 6645f771dd..b0520566ed 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -555,9 +555,9 @@ static int condition_test_firmware(Condition *c, char **env) { - assert(c->type == CONDITION_FIRMWARE); - - if (streq(c->parameter, "device-tree")) { -- if (access("/sys/firmware/device-tree/", F_OK) < 0) { -+ if (access("/sys/firmware/devicetree/", F_OK) < 0) { - if (errno != ENOENT) -- log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/device-tree/: %m"); -+ log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/devicetree/: %m"); - return false; - } else - return true; --- -2.27.0 - diff --git a/backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch b/backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch deleted file mode 100644 index 853ac7239437c66ae0120bec2c7eecc1185a5c5b..0000000000000000000000000000000000000000 --- a/backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 59894983693d36c6017ad995864b5541d7132563 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Wed, 4 Aug 2021 18:59:35 +0200 -Subject: [PATCH] core: Make sure cgroup_oom_queue is flushed on manager exit - -The unit queues are not serialized/deserialized (they are recreated -after reexec/reload instead). The destroyed units are not removed from -the cgroup_oom_queue. That means the queue may contain possibly invalid -pointers to released units. - -Fix this by removing the units from cgroup_oom_queue as we do for -others. When at it, sync assert checks with currently existing queues -and put them in order in the manager cleanup code. - -(cherry picked from commit 13e721036bf4ba15eb255d8f0a14800f969ac0d7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/59894983693d36c6017ad995864b5541d7132563 ---- - src/core/manager.c | 4 ++++ - src/core/unit.c | 7 +++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 8884437347..34891a8754 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1410,6 +1410,10 @@ static void manager_clear_jobs_and_units(Manager *m) { - assert(!m->cleanup_queue); - assert(!m->gc_unit_queue); - assert(!m->gc_job_queue); -+ assert(!m->cgroup_realize_queue); -+ assert(!m->cgroup_empty_queue); -+ assert(!m->cgroup_oom_queue); -+ assert(!m->target_deps_queue); - assert(!m->stop_when_unneeded_queue); - assert(!m->start_when_upheld_queue); - assert(!m->stop_when_bound_queue); -diff --git a/src/core/unit.c b/src/core/unit.c -index 7e3bd7505e..e469beb534 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -733,6 +733,9 @@ Unit* unit_free(Unit *u) { - if (u->in_dbus_queue) - LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u); - -+ if (u->in_cleanup_queue) -+ LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u); -+ - if (u->in_gc_queue) - LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u); - -@@ -742,8 +745,8 @@ Unit* unit_free(Unit *u) { - if (u->in_cgroup_empty_queue) - LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u); - -- if (u->in_cleanup_queue) -- LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u); -+ if (u->in_cgroup_oom_queue) -+ LIST_REMOVE(cgroup_oom_queue, u->manager->cgroup_oom_queue, u); - - if (u->in_target_deps_queue) - LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u); --- -2.33.0 - diff --git a/backport-core-Parse-log-environment-settings-again-after-appl.patch b/backport-core-Parse-log-environment-settings-again-after-appl.patch deleted file mode 100644 index 0612288ccea588acea7217ff6eca66926ee8bd11..0000000000000000000000000000000000000000 --- a/backport-core-Parse-log-environment-settings-again-after-appl.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b246b5370e95756e9597d8ec967ae030b442e73f Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 7 Sep 2021 16:13:56 +0100 -Subject: [PATCH] core: Parse log environment settings again after applying - manager environment - -Currently, SYSTEMD_LOG_LEVEL set in the ManagerEnvironment property in system.conf -or user.conf doesn't affect the manager's logging level. Parsing the logging environment -variables again after pushing the manager environment into the process environment -block makes sure any new environment changes also get taken into account for logging. - -(cherry picked from commit a4303b4096d9a75acd09c5b897ed3d20c9bca6de) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b246b5370e95756e9597d8ec967ae030b442e73f ---- - src/core/main.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/core/main.c b/src/core/main.c -index b32a19a1d8..c64c73883e 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -2454,6 +2454,9 @@ static int parse_configuration(const struct rlimit *saved_rlimit_nofile, - /* Push variables into the manager environment block */ - setenv_manager_environment(); - -+ /* Parse log environment variables again to take into account any new environment variables. */ -+ log_parse_environment(); -+ - return 0; - } - --- -2.33.0 - diff --git a/backport-core-Remove-circular-include.patch b/backport-core-Remove-circular-include.patch deleted file mode 100644 index 14fbb0212259b4cb647b3c25f72653e6151ff717..0000000000000000000000000000000000000000 --- a/backport-core-Remove-circular-include.patch +++ /dev/null @@ -1,45 +0,0 @@ -From a203879ae5914fa1a676dbd480a7ad41ca0d8e40 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 24 Aug 2021 16:19:03 +0100 -Subject: [PATCH] core: Remove circular include - -service.h includes socket.h and socket.h includes service.h. Move -service.h include from socket.h to socket.c to remove the circular -dependency. - -(cherry picked from commit a243128d1fcfc378df9fce1b4997148a17ef23a5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a203879ae5914fa1a676dbd480a7ad41ca0d8e40 ---- - src/core/socket.c | 1 + - src/core/socket.h | 1 - - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/socket.c b/src/core/socket.c -index 8144780bf8..f362a5baa8 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -34,6 +34,7 @@ - #include "process-util.h" - #include "selinux-util.h" - #include "serialize.h" -+#include "service.h" - #include "signal-util.h" - #include "smack-util.h" - #include "socket.h" -diff --git a/src/core/socket.h b/src/core/socket.h -index a65195f2aa..6813bdcf8c 100644 ---- a/src/core/socket.h -+++ b/src/core/socket.h -@@ -5,7 +5,6 @@ typedef struct Socket Socket; - typedef struct SocketPeer SocketPeer; - - #include "mount.h" --#include "service.h" - #include "socket-util.h" - #include "unit.h" - --- -2.33.0 - diff --git a/backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch b/backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch deleted file mode 100644 index 61b913018a1b8353a3d6d8d29447176c86faf783..0000000000000000000000000000000000000000 --- a/backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 27028ef0f0bc128d14f41e233ad256687fd7e379 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Dec 2021 21:07:22 +0900 -Subject: [PATCH] core/bpf-firewall: make bpf_firewall_supported() always set - unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned - -Otherwise, log_unit_full_errno() in emit_bpf_firewall_warning() will -trigger an assertion. - -(cherry picked from commit 8751bb6f5e89562d438566c374b9c3a1059c9211) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/27028ef0f0bc128d14f41e233ad256687fd7e379 ---- - src/core/bpf-firewall.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c -index 9317edeb4c..4a92052925 100644 ---- a/src/core/bpf-firewall.c -+++ b/src/core/bpf-firewall.c -@@ -869,7 +869,10 @@ int bpf_firewall_supported(void) { - - /* YAY! */ - } else { -- log_debug("Wut? Kernel accepted our invalid BPF_PROG_DETACH call? Something is weird, assuming BPF firewalling is broken and hence not supported."); -+ bpf_firewall_unsupported_reason = -+ log_debug_errno(SYNTHETIC_ERRNO(EBADE), -+ "Wut? Kernel accepted our invalid BPF_PROG_DETACH call? " -+ "Something is weird, assuming BPF firewalling is broken and hence not supported."); - return supported = BPF_FIREWALL_UNSUPPORTED; - } - -@@ -897,7 +900,10 @@ int bpf_firewall_supported(void) { - - return supported = BPF_FIREWALL_SUPPORTED; - } else { -- log_debug("Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? Something is weird, assuming BPF firewalling is broken and hence not supported."); -+ bpf_firewall_unsupported_reason = -+ log_debug_errno(SYNTHETIC_ERRNO(EBADE), -+ "Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? " -+ "Something is weird, assuming BPF firewalling is broken and hence not supported."); - return supported = BPF_FIREWALL_UNSUPPORTED; - } - } --- -2.33.0 - diff --git a/backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch b/backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch deleted file mode 100644 index 08a26a1a65df43a4a634a04d8d00dade1a63b20c..0000000000000000000000000000000000000000 --- a/backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 7e79bfce0674c58068d2a125ed666986544e790f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 5 Aug 2021 03:13:48 +0900 -Subject: [PATCH] core/cgroup: fix error handling of cg_remove_xattr() - -(cherry picked from commit 0cddb53c85588fbfb8043f622895c7bd15819198) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7e79bfce0674c58068d2a125ed666986544e790f ---- - src/core/cgroup.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 2cbb789978..eab0929dc5 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -724,13 +724,13 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_AVOID) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid"); -- if (r != -ENODATA) -+ if (r < 0 && r != -ENODATA) - log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", cgroup_path); - } - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_OMIT) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit"); -- if (r != -ENODATA) -+ if (r < 0 && r != -ENODATA) - log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", cgroup_path); - } - } -@@ -762,7 +762,7 @@ static void cgroup_xattr_apply(Unit *u) { - log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", u->cgroup_path); - } else { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "trusted.delegate"); -- if (r != -ENODATA) -+ if (r < 0 && r != -ENODATA) - log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", u->cgroup_path); - } - --- -2.33.0 - diff --git a/backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch b/backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch deleted file mode 100644 index 26d4754df6ad983e254377a1c0484b32deb16171..0000000000000000000000000000000000000000 --- a/backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 25 Aug 2021 01:28:47 +0900 -Subject: [PATCH] core/cgroup: set bfq.weight first, and fixes blkio.weight - value - -Fixes issues introduced by 29eb0eefd14afc9a2424781a28b376db47c3c570. - -This also fixes the value sets to blkio.weight, that is, "default" is dropped. - -Moreover, This also changes the logic for mapping weight -> bfq.weight, -to always matches the min, max, and default values. - -Fixes #20519 and #21187. - -(cherry picked from commit 17283ce7b6035775f125585d1b228226942daf4b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f ---- - src/core/cgroup.c | 55 +++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 44 insertions(+), 11 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 79e10ca3c0..8b5b403ae8 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -37,6 +37,12 @@ - - #define CGROUP_CPU_QUOTA_DEFAULT_PERIOD_USEC ((usec_t) 100 * USEC_PER_MSEC) - -+/* Special values for the bfq.weight attribute */ -+#define CGROUP_BFQ_WEIGHT_INVALID UINT64_MAX -+#define CGROUP_BFQ_WEIGHT_MIN UINT64_C(1) -+#define CGROUP_BFQ_WEIGHT_MAX UINT64_C(1000) -+#define CGROUP_BFQ_WEIGHT_DEFAULT UINT64_C(100) -+ - /* Returns the log level to use when cgroup attribute writes fail. When an attribute is missing or we have access - * problems we downgrade to LOG_DEBUG. This is supposed to be nice to container managers and kernels which want to mask - * out specific attributes from us. */ -@@ -1194,21 +1200,48 @@ static int cgroup_apply_devices(Unit *u) { - return r; - } - --static void set_io_weight(Unit *u, const char *controller, uint64_t weight) { -- char buf[8+DECIMAL_STR_MAX(uint64_t)+1]; -- const char *p; -+static void set_io_weight(Unit *u, uint64_t weight) { -+ char buf[STRLEN("default \n")+DECIMAL_STR_MAX(uint64_t)]; -+ uint64_t bfq_weight; -+ -+ assert(u); -+ -+ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" -+ * See also: https://github.com/systemd/systemd/pull/13335 and -+ * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -+ * The range is 1..1000 apparently, and the default is 100. */ -+ if (weight <= CGROUP_WEIGHT_DEFAULT) -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN); -+ else -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT); -+ -+ xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); - -- p = strjoina(controller, ".weight"); - xsprintf(buf, "default %" PRIu64 "\n", weight); -- (void) set_attribute_and_warn(u, controller, p, buf); -+ (void) set_attribute_and_warn(u, "io", "io.weight", buf); -+} -+ -+static void set_blkio_weight(Unit *u, uint64_t weight) { -+ char buf[STRLEN("\n")+DECIMAL_STR_MAX(uint64_t)]; -+ uint64_t bfq_weight; -+ -+ assert(u); - - /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" - * See also: https://github.com/systemd/systemd/pull/13335 and - * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -- * The range is 1..1000 apparently. */ -- p = strjoina(controller, ".bfq.weight"); -- xsprintf(buf, "%" PRIu64 "\n", (weight + 9) / 10); -- (void) set_attribute_and_warn(u, controller, p, buf); -+ * The range is 1..1000 apparently, and the default is 100. */ -+ if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT) -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN); -+ else -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT); -+ -+ xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); -+ -+ xsprintf(buf, "%" PRIu64 "\n", weight); -+ (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); - } - - static void cgroup_apply_bpf_foreign_program(Unit *u) { -@@ -1322,7 +1355,7 @@ static void cgroup_context_apply( - } else - weight = CGROUP_WEIGHT_DEFAULT; - -- set_io_weight(u, "io", weight); -+ set_io_weight(u, weight); - - if (has_io) { - CGroupIODeviceLatency *latency; -@@ -1392,7 +1425,7 @@ static void cgroup_context_apply( - else - weight = CGROUP_BLKIO_WEIGHT_DEFAULT; - -- set_io_weight(u, "blkio", weight); -+ set_blkio_weight(u, weight); - - if (has_io) { - CGroupIODeviceWeight *w; --- -2.33.0 - diff --git a/backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch b/backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch deleted file mode 100644 index 9fa8c71214b237b5428df050a768502027c982d1..0000000000000000000000000000000000000000 --- a/backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch +++ /dev/null @@ -1,82 +0,0 @@ -From d98169555c07668d999ac8ad62718da0ae9eec0f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 10 Nov 2021 11:37:15 +0100 -Subject: [PATCH] core/cgroup: use helper macro for bfq conversion - -As suggested in https://github.com/systemd/systemd/pull/20522#discussion_r696699984. - -(cherry picked from commit 311822ac28c99e2fb0e25286bdb72c9188314a66) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d98169555c07668d999ac8ad62718da0ae9eec0f ---- - src/core/cgroup.c | 34 ++++++++++++++++------------------ - 1 file changed, 16 insertions(+), 18 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 8b5b403ae8..6e4780f2f6 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -1200,9 +1200,21 @@ static int cgroup_apply_devices(Unit *u) { - return r; - } - -+/* Convert the normal io.weight value to io.bfq.weight */ -+#define BFQ_WEIGHT(weight) \ -+ (weight <= CGROUP_WEIGHT_DEFAULT ? \ -+ CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN) : \ -+ CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT)) -+ -+assert_cc(BFQ_WEIGHT(1) == 1); -+assert_cc(BFQ_WEIGHT(50) == 50); -+assert_cc(BFQ_WEIGHT(100) == 100); -+assert_cc(BFQ_WEIGHT(500) == 136); -+assert_cc(BFQ_WEIGHT(5000) == 545); -+assert_cc(BFQ_WEIGHT(10000) == 1000); -+ - static void set_io_weight(Unit *u, uint64_t weight) { - char buf[STRLEN("default \n")+DECIMAL_STR_MAX(uint64_t)]; -- uint64_t bfq_weight; - - assert(u); - -@@ -1210,12 +1222,7 @@ static void set_io_weight(Unit *u, uint64_t weight) { - * See also: https://github.com/systemd/systemd/pull/13335 and - * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. - * The range is 1..1000 apparently, and the default is 100. */ -- if (weight <= CGROUP_WEIGHT_DEFAULT) -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN); -- else -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT); -- -- xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); - (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); - - xsprintf(buf, "default %" PRIu64 "\n", weight); -@@ -1224,20 +1231,11 @@ static void set_io_weight(Unit *u, uint64_t weight) { - - static void set_blkio_weight(Unit *u, uint64_t weight) { - char buf[STRLEN("\n")+DECIMAL_STR_MAX(uint64_t)]; -- uint64_t bfq_weight; - - assert(u); - -- /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" -- * See also: https://github.com/systemd/systemd/pull/13335 and -- * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -- * The range is 1..1000 apparently, and the default is 100. */ -- if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT) -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN); -- else -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT); -- -- xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ /* FIXME: see comment in set_io_weight(). */ -+ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); - (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); - - xsprintf(buf, "%" PRIu64 "\n", weight); --- -2.33.0 - diff --git a/backport-core-check-size-before-mmap.patch b/backport-core-check-size-before-mmap.patch deleted file mode 100644 index b18b1576c17c6daa3be1903d29443d4b74df329c..0000000000000000000000000000000000000000 --- a/backport-core-check-size-before-mmap.patch +++ /dev/null @@ -1,148 +0,0 @@ -From d7ff7e3b6e2bd9eee809880d3632b293097e22e7 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Wed, 2 Mar 2022 22:03:26 +0100 -Subject: [PATCH] core: check size before mmap - -The data type off_t can be 64 on 32 bit systems if they have large -file support. Since mmap expects a size_t with 32 bits as second -argument truncation could occur. At worst these huge files could -lead to mmaps smaller than the previous check for small files. - -This in turn shouldn't have a lot of impact because mmap allocates -at page size boundaries. This also made the PAGE_ALIGN call in -open_mmap unneeded. In fact it was neither in sync with other mmap -calls nor with its own munmap counterpart in error path. - -If such large files are encountered, which is very unlikely in these -code paths, treat them with the same error as if they are too small. - -(cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7) -(cherry picked from commit 6b37adf4a16c8f7e917dfd9f19dab259cda878b2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d7ff7e3b6e2bd9eee809880d3632b293097e22e7 ---- - src/basic/fileio.h | 6 ++++++ - src/basic/locale-util.c | 4 ++++ - src/boot/bootctl.c | 2 +- - src/libsystemd/sd-hwdb/sd-hwdb.c | 4 ++++ - src/libsystemd/sd-journal/catalog.c | 4 ++-- - src/libsystemd/sd-journal/compress.c | 4 ++++ - 6 files changed, 21 insertions(+), 3 deletions(-) - -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 9bd2037f5b..ee356ddb02 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -112,6 +112,12 @@ typedef enum ReadLineFlags { - - int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret); - -+static inline bool file_offset_beyond_memory_size(off_t x) { -+ if (x < 0) /* off_t is signed, filter that out */ -+ return false; -+ return (uint64_t) x > (uint64_t) SIZE_MAX; -+} -+ - static inline int read_line(FILE *f, size_t limit, char **ret) { - return read_line_full(f, limit, 0, ret); - } -diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c -index fd6b01cfaa..b181646abe 100644 ---- a/src/basic/locale-util.c -+++ b/src/basic/locale-util.c -@@ -15,6 +15,7 @@ - #include "dirent-util.h" - #include "env-util.h" - #include "fd-util.h" -+#include "fileio.h" - #include "hashmap.h" - #include "locale-util.h" - #include "path-util.h" -@@ -113,6 +114,9 @@ static int add_locales_from_archive(Set *locales) { - if (st.st_size < (off_t) sizeof(struct locarhead)) - return -EBADMSG; - -+ if (file_offset_beyond_memory_size(st.st_size)) -+ return -EFBIG; -+ - p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (p == MAP_FAILED) - return -errno; -diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c -index bd96812246..d6eb6d00a5 100644 ---- a/src/boot/bootctl.c -+++ b/src/boot/bootctl.c -@@ -145,7 +145,7 @@ static int get_file_version(int fd, char **v) { - if (r < 0) - return log_error_errno(r, "EFI binary is not a regular file: %m"); - -- if (st.st_size < 27) { -+ if (st.st_size < 27 || file_offset_beyond_memory_size(st.st_size)) { - *v = NULL; - return 0; - } -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index 53601765fe..748cf26934 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -15,6 +15,7 @@ - - #include "alloc-util.h" - #include "fd-util.h" -+#include "fileio.h" - #include "hashmap.h" - #include "hwdb-internal.h" - #include "nulstr-util.h" -@@ -312,6 +313,9 @@ _public_ int sd_hwdb_new(sd_hwdb **ret) { - if (hwdb->st.st_size < (off_t) offsetof(struct trie_header_f, strings_len) + 8) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), - "File %s is too short: %m", hwdb_bin_path); -+ if (file_offset_beyond_memory_size(hwdb->st.st_size)) -+ return log_debug_errno(SYNTHETIC_ERRNO(EFBIG), -+ "File %s is too long: %m", hwdb_bin_path); - - hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0); - if (hwdb->map == MAP_FAILED) -diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c -index ce8d47ccc3..f2ad1a2039 100644 ---- a/src/libsystemd/sd-journal/catalog.c -+++ b/src/libsystemd/sd-journal/catalog.c -@@ -524,10 +524,10 @@ static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p - if (fstat(fd, &st) < 0) - return -errno; - -- if (st.st_size < (off_t) sizeof(CatalogHeader)) -+ if (st.st_size < (off_t) sizeof(CatalogHeader) || file_offset_beyond_memory_size(st.st_size)) - return -EINVAL; - -- p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0); -+ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (p == MAP_FAILED) - return -errno; - -diff --git a/src/libsystemd/sd-journal/compress.c b/src/libsystemd/sd-journal/compress.c -index 837abab76c..cb2e82667f 100644 ---- a/src/libsystemd/sd-journal/compress.c -+++ b/src/libsystemd/sd-journal/compress.c -@@ -25,6 +25,7 @@ - #include "alloc-util.h" - #include "compress.h" - #include "fd-util.h" -+#include "fileio.h" - #include "io-util.h" - #include "journal-def.h" - #include "macro.h" -@@ -807,6 +808,9 @@ int decompress_stream_lz4(int in, int out, uint64_t max_bytes) { - if (fstat(in, &st) < 0) - return log_debug_errno(errno, "fstat() failed: %m"); - -+ if (file_offset_beyond_memory_size(st.st_size)) -+ return -EFBIG; -+ - buf = malloc(LZ4_BUFSIZE); - if (!buf) - return -ENOMEM; --- -2.33.0 - diff --git a/backport-core-command-argument-can-be-longer-than-PATH_MAX.patch b/backport-core-command-argument-can-be-longer-than-PATH_MAX.patch deleted file mode 100644 index 8826eea2017fdbc9c7e43cdcfa7d614fcf97c7d3..0000000000000000000000000000000000000000 --- a/backport-core-command-argument-can-be-longer-than-PATH_MAX.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a8a4d9a65902b8bfb15395479451070e9644560a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 5 Apr 2022 21:47:46 +0900 -Subject: [PATCH] core: command argument can be longer than PATH_MAX - -Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4. - -Fixes #22957. - -(cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e) -(cherry picked from commit 9727b9ee7b90afb8fa0e6328dcb6c34b1522d4fd) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/a8a4d9a65902b8bfb15395479451070e9644560a ---- - src/core/load-fragment.c | 2 +- - src/test/test-load-fragment.c | 16 ++++++++++++++++ - 2 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 399a759ad0..cd07f3e60d 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -849,7 +849,7 @@ int config_parse_exec( - if (r < 0) - return ignore ? 0 : -ENOEXEC; - -- r = unit_path_printf(u, word, &resolved); -+ r = unit_full_printf(u, word, &resolved); - if (r < 0) { - log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r, - "Failed to resolve unit specifiers in %s%s: %m", -diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c -index b41a8abf7b..1a0a0579b2 100644 ---- a/src/test/test-load-fragment.c -+++ b/src/test/test-load-fragment.c -@@ -10,6 +10,7 @@ - #include "capability-util.h" - #include "conf-parser.h" - #include "fd-util.h" -+#include "fileio.h" - #include "format-util.h" - #include "fs-util.h" - #include "hashmap.h" -@@ -412,6 +413,21 @@ static void test_config_parse_exec(void) { - assert_se(r == 0); - assert_se(c1->command_next == NULL); - -+ log_info("/* long arg */"); /* See issue #22957. */ -+ -+ char x[LONG_LINE_MAX-100], *y; -+ y = mempcpy(x, "/bin/echo ", STRLEN("/bin/echo ")); -+ memset(y, 'x', sizeof(x) - STRLEN("/bin/echo ") - 1); -+ x[sizeof(x) - 1] = '\0'; -+ -+ r = config_parse_exec(NULL, "fake", 5, "section", 1, -+ "LValue", 0, x, -+ &c, u); -+ assert_se(r >= 0); -+ c1 = c1->command_next; -+ check_execcommand(c1, -+ "/bin/echo", NULL, y, NULL, false); -+ - log_info("/* empty argument, reset */"); - r = config_parse_exec(NULL, "fake", 4, "section", 1, - "LValue", 0, "", --- -2.33.0 - diff --git a/backport-core-device-also-serialize-deserialize-device-syspat.patch b/backport-core-device-also-serialize-deserialize-device-syspat.patch deleted file mode 100644 index 32b057ff8a118f55a5f07dc8e86b62c7bce032d4..0000000000000000000000000000000000000000 --- a/backport-core-device-also-serialize-deserialize-device-syspat.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 1ea74fca3a3c737f3901bc10d879b7830b3528bf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 25 Oct 2022 21:41:17 +0900 -Subject: [PATCH] core/device: also serialize/deserialize device syspath - -The field will be used in later commits. ---- - src/core/device.c | 13 ++++++++++++- - src/core/device.h | 2 +- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 9d694aa..26a6d1f 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -114,6 +114,7 @@ static void device_done(Unit *u) { - assert(d); - - device_unset_sysfs(d); -+ d->deserialized_sysfs = mfree(d->deserialized_sysfs); - d->wants_property = strv_free(d->wants_property); - } - -@@ -295,6 +296,9 @@ static int device_serialize(Unit *u, FILE *f, FDSet *fds) { - assert(f); - assert(fds); - -+ if (d->sysfs) -+ (void) serialize_item(f, "sysfs", d->sysfs); -+ - (void) serialize_item(f, "state", device_state_to_string(d->state)); - - if (device_found_to_string_many(d->found, &s) >= 0) -@@ -312,7 +316,14 @@ static int device_deserialize_item(Unit *u, const char *key, const char *value, - assert(value); - assert(fds); - -- if (streq(key, "state")) { -+ if (streq(key, "sysfs")) { -+ if (!d->deserialized_sysfs) { -+ d->deserialized_sysfs = strdup(value); -+ if (!d->deserialized_sysfs) -+ log_oom_debug(); -+ } -+ -+ } else if (streq(key, "state")) { - DeviceState state; - - state = device_state_from_string(value); -diff --git a/src/core/device.h b/src/core/device.h -index dfe8a13..99bf134 100644 ---- a/src/core/device.h -+++ b/src/core/device.h -@@ -20,7 +20,7 @@ typedef enum DeviceFound { - struct Device { - Unit meta; - -- char *sysfs; -+ char *sysfs, *deserialized_sysfs; - - /* In order to be able to distinguish dependencies on different device nodes we might end up creating multiple - * devices for the same sysfs path. We chain them up here. */ --- -2.33.0 - diff --git a/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch b/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch deleted file mode 100644 index 2f3964cec516d4291ce21ddabc4002651332da57..0000000000000000000000000000000000000000 --- a/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch +++ /dev/null @@ -1,43 +0,0 @@ -From cf1ac0cfe44997747b0f857a1d0b67cea1298272 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Wed, 25 May 2022 12:01:00 +0200 -Subject: [PATCH] core/device: device_coldplug(): don't set DEVICE_DEAD - -dm-crypt device units generated by systemd-cryptsetup-generator -habe BindsTo= dependencies on their backend devices. The dm-crypt -devices have the db_persist flag set, and thus survive the udev db -cleanup while switching root. But backend devices usually don't survive. -These devices are neither mounted nor used for swap, thus they will -seen as DEVICE_NOT_FOUND after switching root. - -The BindsTo dependency will cause systemd to schedule a stop -job for the dm-crypt device, breaking boot: - -[ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device. -[ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace -[ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343 - -Avoid this by not setting the state of the backend devices to -DEVICE_DEAD. - -Fixes the LUKS setup issue reported in #23429. ---- - src/core/device.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 4c261ec554..8728630523 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -205,8 +205,6 @@ static int device_coldplug(Unit *u) { - found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ - if (state == DEVICE_PLUGGED) - state = DEVICE_TENTATIVE; /* downgrade state */ -- if (found == DEVICE_NOT_FOUND) -- state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ - } - - if (d->found == found && d->state == state) --- -2.33.0 - diff --git a/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch b/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch deleted file mode 100644 index 76075801e3b102f93b4cf68aef631dfcbb527af6..0000000000000000000000000000000000000000 --- a/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 4fc69e8a0949c2537019466f839d9b7aee5628c9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 May 2022 10:25:12 +0200 -Subject: [PATCH] core/device: do not downgrade device state if it is already - enumerated - -On switching root, a device may have a persistent databse. In that case, -Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not -necessary to downgrade the Device.deserialized_found and -Device.deserialized_state. Otherwise, the state of the device unit may -be changed plugged -> dead -> plugged, if the device has not been mounted. - -Fixes #23429. - -[mwilck: cherry-picked from #23437] ---- - src/core/device.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 8728630523..fcde8a420e 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -201,7 +201,8 @@ static int device_coldplug(Unit *u) { - * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by - * device_catchup() or uevents. */ - -- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { -+ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && -+ !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { - found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ - if (state == DEVICE_PLUGGED) - state = DEVICE_TENTATIVE; /* downgrade state */ --- -2.33.0 - diff --git a/backport-core-device-drop-unnecessary-condition.patch b/backport-core-device-drop-unnecessary-condition.patch deleted file mode 100644 index 1e8b7bf80615797b6ae859cde53a1ce52cf27f0a..0000000000000000000000000000000000000000 --- a/backport-core-device-drop-unnecessary-condition.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f33bc87989a87475ed41bc9cd715c4cbb18ee389 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 1 May 2022 21:42:43 +0900 -Subject: [PATCH] core/device: drop unnecessary condition - ---- - src/core/device.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 44425cda3c..934676287e 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -179,10 +179,7 @@ static void device_catchup(Unit *u) { - - assert(d); - -- /* Second, let's update the state with the enumerated state if it's different */ -- if (d->enumerated_found == d->found) -- return; -- -+ /* Second, let's update the state with the enumerated state */ - device_update_found_one(d, d->enumerated_found, DEVICE_FOUND_MASK); - } - --- -2.33.0 - diff --git a/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch b/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch deleted file mode 100644 index f2b40962b73750f376321f967a7b289c9b940951..0000000000000000000000000000000000000000 --- a/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 75d7b5989f99125e52d5c0e5656fa1cd0fae2405 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 29 Apr 2022 20:29:11 +0900 -Subject: [PATCH] core/device: ignore DEVICE_FOUND_UDEV bit on switching root - -The issue #12953 is caused by the following: -On switching root, -- deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT, -- deserialized_state == DEVICE_PLUGGED, -- enumerated_found == DEVICE_FOUND_MOUNT, -On switching root, most devices are not found by the enumeration process. -Hence, the device state is set to plugged by device_coldplug(), and then -changed to the dead state in device_catchup(). So the corresponding -mount point is unmounted. Later when the device is processed by udevd, it -will be changed to plugged state again. - -The issue #23208 is caused by the fact that generated udev database in -initramfs and the main system are often different. - -So, the two issues have the same root; we should not honor -DEVICE_FOUND_UDEV bit in the deserialized_found on switching root. - -This partially reverts c6e892bc0eebe1d42c282bd2d8bae149fbeba85f. - -Fixes #12953 and #23208. -Replaces #23215. - -Co-authored-by: Martin Wilck ---- - src/core/device.c | 59 +++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 49 insertions(+), 10 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 934676287e..1a4563a3d9 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -163,14 +163,57 @@ static int device_coldplug(Unit *u) { - assert(d->state == DEVICE_DEAD); - - /* First, let's put the deserialized state and found mask into effect, if we have it. */ -+ if (d->deserialized_state < 0) -+ return 0; -+ -+ Manager *m = u->manager; -+ DeviceFound found = d->deserialized_found; -+ DeviceState state = d->deserialized_state; -+ -+ /* On initial boot, switch-root, reload, reexecute, the following happen: -+ * 1. MANAGER_IS_RUNNING() == false -+ * 2. enumerate devices: manager_enumerate() -> device_enumerate() -+ * Device.enumerated_found is set. -+ * 3. deserialize devices: manager_deserialize() -> device_deserialize() -+ * Device.deserialize_state and Device.deserialized_found are set. -+ * 4. coldplug devices: manager_coldplug() -> device_coldplug() -+ * deserialized properties are copied to the main properties. -+ * 5. MANAGER_IS_RUNNING() == true: manager_ready() -+ * 6. catchup devices: manager_catchup() -> device_catchup() -+ * Device.enumerated_found is applied to Device.found, and state is updated based on that. -+ * -+ * Notes: -+ * - On initial boot, no udev database exists. Hence, no devices are enumerated in the step 2. -+ * Also, there is no deserialized device. Device units are (a) generated based on dependencies of -+ * other units, or (b) generated when uevents are received. -+ * -+ * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. -+ * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, -+ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be -+ * ignored, as udev rules in initramfs and the main system are often different. If the deserialized -+ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody -+ * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false -+ * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. -+ * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd -+ * will (re-)process all devices, and the Device.found and Device.state will be adjusted. -+ * -+ * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. -+ * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by -+ * device_catchup() or uevents. */ -+ -+ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { -+ found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ -+ if (state == DEVICE_PLUGGED) -+ state = DEVICE_TENTATIVE; /* downgrade state */ -+ if (found == DEVICE_NOT_FOUND) -+ state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ -+ } - -- if (d->deserialized_state < 0 || -- (d->deserialized_state == d->state && -- d->deserialized_found == d->found)) -+ if (d->found == found && d->state == state) - return 0; - -- d->found = d->deserialized_found; -- device_set_state(d, d->deserialized_state); -+ d->found = found; -+ device_set_state(d, state); - return 0; - } - -@@ -644,13 +687,9 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no - } - - static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { -- Manager *m; -- - assert(d); - -- m = UNIT(d)->manager; -- -- if (MANAGER_IS_RUNNING(m) && (m->honor_device_enumeration || MANAGER_IS_USER(m))) { -+ if (MANAGER_IS_RUNNING(UNIT(d)->manager)) { - DeviceFound n, previous; - - /* When we are already running, then apply the new mask right-away, and trigger state changes --- -2.33.0 - diff --git a/backport-core-device-update-comment.patch b/backport-core-device-update-comment.patch deleted file mode 100644 index c52fbdbf0b435014a0154c777215e23d781c3e9a..0000000000000000000000000000000000000000 --- a/backport-core-device-update-comment.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 54a4d71509c0f3401aa576346754a0781795214a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 25 Oct 2022 21:40:21 +0900 -Subject: [PATCH] core/device: update comment - ---- - src/core/device.c | 29 +++++++++++++++++------------ - 1 file changed, 17 insertions(+), 12 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 0bca0ff..9d694aa 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -172,7 +172,7 @@ static int device_coldplug(Unit *u) { - * 1. MANAGER_IS_RUNNING() == false - * 2. enumerate devices: manager_enumerate() -> device_enumerate() - * Device.enumerated_found is set. -- * 3. deserialize devices: manager_deserialize() -> device_deserialize() -+ * 3. deserialize devices: manager_deserialize() -> device_deserialize_item() - * Device.deserialize_state and Device.deserialized_found are set. - * 4. coldplug devices: manager_coldplug() -> device_coldplug() - * deserialized properties are copied to the main properties. -@@ -187,22 +187,27 @@ static int device_coldplug(Unit *u) { - * - * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. - * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, -- * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be -- * ignored, as udev rules in initramfs and the main system are often different. If the deserialized -- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting -- * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called. -- * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd -- * will (re-)process all devices, and the Device.found and Device.state will be adjusted. -+ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the -+ * Device.deserialized_found must be ignored, as udev rules in initrd and the main system are often -+ * different. If the deserialized state is DEVICE_PLUGGED, we need to downgrade it to -+ * DEVICE_TENTATIVE. Unlike the other starting mode, MANAGER_IS_SWITCHING_ROOT() is true when -+ * device_coldplug() and device_catchup() are called. Hence, let's conditionalize the operations by -+ * using the flag. After switch-root, systemd-udevd will (re-)process all devices, and the -+ * Device.found and Device.state will be adjusted. - * -- * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. -- * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by -- * device_catchup() or uevents. */ -+ * - On reload or reexecute, we can trust Device.enumerated_found, Device.deserialized_found, and -+ * Device.deserialized_state. Of course, deserialized parameters may be outdated, but the unit -+ * state can be adjusted later by device_catchup() or uevents. */ - - if (MANAGER_IS_SWITCHING_ROOT(m) && - !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { -- found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ -+ /* The device has not been enumerated. On switching-root, such situation is natural. See the -+ * above comment. To prevent problematic state transition active → dead → active, let's -+ * drop the DEVICE_FOUND_UDEV flag and downgrade state to DEVICE_TENTATIVE(activating). See -+ * issue #12953 and #23208. */ -+ found &= ~DEVICE_FOUND_UDEV; - if (state == DEVICE_PLUGGED) -- state = DEVICE_TENTATIVE; /* downgrade state */ -+ state = DEVICE_TENTATIVE; - } - - if (d->found == found && d->state == state) --- -2.33.0 - diff --git a/backport-core-device-verify-device-syspath-on-switching-root.patch b/backport-core-device-verify-device-syspath-on-switching-root.patch deleted file mode 100644 index eae111edddbba87f1c8a457746b7e8da99cee07b..0000000000000000000000000000000000000000 --- a/backport-core-device-verify-device-syspath-on-switching-root.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b6c86ae28149c4abb2f0bd6acab13153382da9e7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 26 Oct 2022 01:18:05 +0900 -Subject: [PATCH] core/device: verify device syspath on switching root - -Otherwise, if a device is removed while switching root, then the -corresponding .device unit will never go to inactive state. - -This replaces the code dropped by cf1ac0cfe44997747b0f857a1d0b67cea1298272. - -Fixes #25106. ---- - src/core/device.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/core/device.c b/src/core/device.c -index 7e354b2b4a..6e07f2745b 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -305,6 +305,19 @@ static int device_coldplug(Unit *u) { - found &= ~DEVICE_FOUND_UDEV; - if (state == DEVICE_PLUGGED) - state = DEVICE_TENTATIVE; -+ -+ /* Also check the validity of the device syspath. Without this check, if the device was -+ * removed while switching root, it would never go to inactive state, as both Device.found -+ * and Device.enumerated_found do not have the DEVICE_FOUND_UDEV flag, so device_catchup() in -+ * device_update_found_one() does nothing in most cases. See issue #25106. Note that the -+ * syspath field is only serialized when systemd is sufficiently new and the device has been -+ * already processed by udevd. */ -+ if (d->deserialized_sysfs) { -+ _cleanup_(sd_device_unrefp) sd_device *dev = NULL; -+ -+ if (sd_device_new_from_syspath(&dev, d->deserialized_sysfs) < 0) -+ state = DEVICE_DEAD; -+ } - } - - if (d->found == found && d->state == state) --- -2.33.0 - diff --git a/backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch b/backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch deleted file mode 100644 index 2aac40f43205f1d3b31c02ea6c5bb1328e75eb7e..0000000000000000000000000000000000000000 --- a/backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 37e8b3a312e64886c6fb1401c741dee7c8c102f4 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Fri, 28 Jan 2022 22:56:10 +0000 -Subject: [PATCH] core: don't fail on EEXIST when creating mount point - -systemd[1016]: Failed to mount /tmp/app1 (type n/a) on /run/systemd/unit-extensions/1 (MS_BIND ): No such file or directory -systemd[1016]: Failed to create destination mount point node '/run/systemd/unit-extensions/1': File exists - -(cherry picked from commit 9d6d4c305ab8d65aab7f546450d7331f760b7259) -(cherry picked from commit ae8bc570a81e1286eb5b59a77ef179a500b95f9d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/37e8b3a312e64886c6fb1401c741dee7c8c102f4 ---- - src/core/namespace.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index a6c6963bb7..19942d912f 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -1380,7 +1380,7 @@ static int apply_one_mount( - (void) mkdir_parents(mount_entry_path(m), 0755); - - q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755); -- if (q < 0) -+ if (q < 0 && q != -EEXIST) - log_error_errno(q, "Failed to create destination mount point node '%s': %m", - mount_entry_path(m)); - else --- -2.33.0 - diff --git a/backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch b/backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch deleted file mode 100644 index 1102871f34ace7465bee538b9d7afa47d73b7230..0000000000000000000000000000000000000000 --- a/backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 7a58bf7aac8b2c812ee0531b0cc426e0067edd35 Mon Sep 17 00:00:00 2001 -From: Henri Chain -Date: Tue, 5 Oct 2021 13:10:31 +0200 -Subject: [PATCH] core: fix SIGABRT on empty exec command argv - -This verifies that the argv part of any exec_command parameters that -are sent through dbus is not empty at deserialization time. - -There is an additional check in service.c service_verify() that again -checks if all exec_commands are correctly populated, after the service -has been loaded, whether through dbus or otherwise. - -Fixes #20933. - -(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7a58bf7aac8b2c812ee0531b0cc426e0067edd35 ---- - src/core/dbus-execute.c | 4 ++++ - src/core/service.c | 10 ++++++++++ - test/units/testsuite-23.sh | 31 +++++++++++++++++++++++++++++++ - 3 files changed, 45 insertions(+) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 50daef6702..902e074bd2 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -1421,6 +1421,10 @@ int bus_set_transient_exec_command( - if (r < 0) - return r; - -+ if (strv_isempty(argv)) -+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, -+ "\"%s\" argv cannot be empty", name); -+ - r = is_ex_prop ? sd_bus_message_read_strv(message, &ex_opts) : sd_bus_message_read(message, "b", &b); - if (r < 0) - return r; -diff --git a/src/core/service.c b/src/core/service.c -index b7cfc04c84..e061d488c7 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -548,6 +548,16 @@ static int service_verify(Service *s) { - assert(s); - assert(UNIT(s)->load_state == UNIT_LOADED); - -+ for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) { -+ ExecCommand *command; -+ -+ LIST_FOREACH(command, command, s->exec_command[c]) -+ if (strv_isempty(command->argv)) -+ return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), -+ "Service has an empty argv in %s=. Refusing.", -+ service_exec_command_to_string(c)); -+ } -+ - if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] && - UNIT(s)->success_action == EMERGENCY_ACTION_NONE) - /* FailureAction= only makes sense if one of the start or stop commands is specified. -diff --git a/test/units/testsuite-23.sh b/test/units/testsuite-23.sh -index 4ef7c878a8..5488447a87 100755 ---- a/test/units/testsuite-23.sh -+++ b/test/units/testsuite-23.sh -@@ -27,6 +27,37 @@ test "$(systemctl show --value -p RestartKillSignal seven.service)" -eq 2 - systemctl restart seven.service - systemctl stop seven.service - -+# For issue #20933 -+ -+# Should work normally -+busctl call \ -+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager StartTransientUnit \ -+ "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \ -+ ExecStart "a(sasb)" 1 \ -+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \ -+ 0 -+ -+# DBus call should fail but not crash systemd -+busctl call \ -+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager StartTransientUnit \ -+ "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \ -+ ExecStart "a(sasb)" 1 \ -+ /usr/bin/sleep 0 true \ -+ 0 && { echo 'unexpected success'; exit 1; } -+ -+# Same but with the empty argv in the middle -+busctl call \ -+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager StartTransientUnit \ -+ "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \ -+ ExecStart "a(sasb)" 3 \ -+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \ -+ /usr/bin/sleep 0 true \ -+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \ -+ 0 && { echo 'unexpected success'; exit 1; } -+ - systemd-analyze log-level info - - echo OK >/testok --- -2.33.0 - diff --git a/backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch b/backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch deleted file mode 100644 index ad3d40139bcfaf08600a35857e882ca1c5ba5c50..0000000000000000000000000000000000000000 --- a/backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b5162039b2309b78a9c1feb6cc1355988e02b6c3 Mon Sep 17 00:00:00 2001 -From: xujing <17826839720@163.com> -Date: Wed, 8 Sep 2021 14:26:20 +0800 -Subject: [PATCH] core: fix free undefined pointer when strdup failed in the - first loop - -(cherry picked from commit 1509274359979079e3e61899ce12fc8b0f0958d9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b5162039b2309b78a9c1feb6cc1355988e02b6c3 ---- - src/core/load-fragment.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 8fb3c378ee..399a759ad0 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -800,7 +800,7 @@ int config_parse_exec( - if (!separate_argv0) { - char *w = NULL; - -- if (!GREEDY_REALLOC(n, nlen + 2)) -+ if (!GREEDY_REALLOC0(n, nlen + 2)) - return log_oom(); - - w = strdup(path); -@@ -832,7 +832,7 @@ int config_parse_exec( - p += 2; - p += strspn(p, WHITESPACE); - -- if (!GREEDY_REALLOC(n, nlen + 2)) -+ if (!GREEDY_REALLOC0(n, nlen + 2)) - return log_oom(); - - w = strdup(";"); --- -2.33.0 - diff --git a/backport-core-ignore-failure-on-setting-smack-process-label-w.patch b/backport-core-ignore-failure-on-setting-smack-process-label-w.patch deleted file mode 100644 index 4ee196a8fd94d7bc32c2c2c8c257320cc658a84d..0000000000000000000000000000000000000000 --- a/backport-core-ignore-failure-on-setting-smack-process-label-w.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 1 Nov 2021 13:48:32 +0900 -Subject: [PATCH] core: ignore failure on setting smack process label when - allowed - -(cherry picked from commit 29ff62473b119c0e1d3467148eddcdccc2c9b732) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d ---- - src/core/execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index e324db87cc..2f2de4d9cf 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4408,7 +4408,7 @@ static int exec_child( - * process. This is the latest place before dropping capabilities. Other MAC context are set later. */ - if (use_smack) { - r = setup_smack(context, executable_fd); -- if (r < 0) { -+ if (r < 0 && !context->smack_process_label_ignore) { - *exit_status = EXIT_SMACK_PROCESS_LABEL; - return log_unit_error_errno(unit, r, "Failed to set SMACK process label: %m"); - } --- -2.33.0 - diff --git a/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch b/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch deleted file mode 100644 index 29f5352f7b7f2bb50da48b1bb3ec5baf57ac82c4..0000000000000000000000000000000000000000 --- a/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch +++ /dev/null @@ -1,91 +0,0 @@ -From d35fe8c0afaa55441608cb7bbfa4af908e1ea8e3 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 5 May 2022 08:49:56 +0200 -Subject: [PATCH] core: introduce MANAGER_IS_SWITCHING_ROOT() helper function - -Will be used by the following commit. ---- - src/core/main.c | 3 +++ - src/core/manager.c | 6 ++++++ - src/core/manager.h | 6 ++++++ - 3 files changed, 15 insertions(+) - -diff --git a/src/core/main.c b/src/core/main.c -index 1213ad6..df4fb9d 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -1981,6 +1981,8 @@ static int invoke_main_loop( - return 0; - - case MANAGER_SWITCH_ROOT: -+ manager_set_switching_root(m, true); -+ - if (!m->switch_root_init) { - r = prepare_reexecute(m, &arg_serialization, ret_fds, true); - if (r < 0) { -@@ -2899,6 +2901,7 @@ int main(int argc, char *argv[]) { - set_manager_defaults(m); - set_manager_settings(m); - manager_set_first_boot(m, first_boot); -+ manager_set_switching_root(m, arg_switched_root); - - /* Remember whether we should queue the default job */ - queue_default_job = !arg_serialization || arg_switched_root; -diff --git a/src/core/manager.c b/src/core/manager.c -index abc63a7..d3b7fc5 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -756,6 +756,10 @@ static int manager_setup_sigchld_event_source(Manager *m) { - return 0; - } - -+void manager_set_switching_root(Manager *m, bool switching_root) { -+ m->switching_root = MANAGER_IS_SYSTEM(m) && switching_root; -+} -+ - int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **_m) { - _cleanup_(manager_freep) Manager *m = NULL; - const char *e; -@@ -1799,6 +1803,8 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - - manager_ready(m); - -+ manager_set_switching_root(m, false); -+ - return 0; - } - -diff --git a/src/core/manager.h b/src/core/manager.h -index 14a80b3..453706c 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -400,6 +400,9 @@ struct Manager { - char *switch_root; - char *switch_root_init; - -+ /* This is true before and after switching root. */ -+ bool switching_root; -+ - /* This maps all possible path prefixes to the units needing - * them. It's a hashmap with a path string as key and a Set as - * value where Unit objects are contained. */ -@@ -461,6 +464,8 @@ static inline usec_t manager_default_timeout_abort_usec(Manager *m) { - /* The objective is set to OK as soon as we enter the main loop, and set otherwise as soon as we are done with it */ - #define MANAGER_IS_RUNNING(m) ((m)->objective == MANAGER_OK) - -+#define MANAGER_IS_SWITCHING_ROOT(m) ((m)->switching_root) -+ - #define MANAGER_IS_TEST_RUN(m) ((m)->test_run_flags != 0) - - int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **m); -@@ -525,6 +530,7 @@ void manager_set_show_status(Manager *m, ShowStatus mode, const char *reason); - void manager_override_show_status(Manager *m, ShowStatus mode, const char *reason); - - void manager_set_first_boot(Manager *m, bool b); -+void manager_set_switching_root(Manager *m, bool switching_root); - - void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) _printf_(4,5); - --- -2.33.0 - diff --git a/backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch b/backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch deleted file mode 100644 index 4f4dfc3469877e8a99b1c18ebf70a81a52b9312a..0000000000000000000000000000000000000000 --- a/backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 1bb8af46d1181a407cbc858025b85392f3af7812 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 21:20:43 +0900 -Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount - unit is generated from /proc/self/mountinfo - -Hopefully fixes #20566. - -(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1bb8af46d1181a407cbc858025b85392f3af7812 ---- - src/core/mount.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/core/mount.c b/src/core/mount.c -index cde4b52731..9bec190cb6 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1576,6 +1576,10 @@ static int mount_setup_new_unit( - if (r < 0) - return r; - -+ r = mount_add_non_exec_dependencies(MOUNT(u)); -+ if (r < 0) -+ return r; -+ - /* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load - * the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps - * to. */ --- -2.33.0 - diff --git a/backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch b/backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch deleted file mode 100644 index c02fa072d8af70a6855b496bc51fbbcfccb59f78..0000000000000000000000000000000000000000 --- a/backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch +++ /dev/null @@ -1,79 +0,0 @@ -From b7e5e6e85048c1a71632bc2d5efe57fb1bfe7472 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Wed, 18 Jan 2023 23:20:31 +0100 -Subject: [PATCH] core: mount namespaces: Remove auxiliary bind mounts - directory after unit termination - -Unit that requires its own mount namespace creates a temporary directory -to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit). -However, this directory is never removed and they will accumulate for -each unique unit (e.g. templated units of systemd-coredump@). - -Attach the auxiliary runtime directory existence to lifetime of other -"runtime" only per-unit directories. - -(cherry picked from commit b9f976fb45635e09cd709dbedd0afb03d4b73c05) -(cherry picked from commit 80e8340ec49d0da3744cdf81f82202e13b0fad3b) -(cherry picked from commit fd260cb37e3441b851c7fee4825d5b6af17f66ca) -(cherry picked from commit ff542dcd1a8c2c7cdc96b9f4b9889774b9474c26) ---- - src/core/execute.c | 17 +++++++++++++++++ - src/core/execute.h | 1 + - src/core/unit.c | 1 + - 3 files changed, 19 insertions(+) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 37f63a9378..6844b1d28f 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4978,6 +4978,23 @@ int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_p - return 0; - } - -+int exec_context_destroy_mount_ns_dir(Unit *u) { -+ _cleanup_free_ char *p = NULL; -+ -+ if (!u || !MANAGER_IS_SYSTEM(u->manager)) -+ return 0; -+ -+ p = path_join("/run/systemd/propagate/", u->id); -+ if (!p) -+ return -ENOMEM; -+ -+ /* This is only filled transiently (see mount_in_namespace()), should be empty or even non-existent*/ -+ if (rmdir(p) < 0 && errno != ENOENT) -+ log_unit_debug_errno(u, errno, "Unable to remove propagation dir '%s', ignoring: %m", p); -+ -+ return 0; -+} -+ - static void exec_command_done(ExecCommand *c) { - assert(c); - -diff --git a/src/core/execute.h b/src/core/execute.h -index 47349a69a2..f1f0ee4186 100644 ---- a/src/core/execute.h -+++ b/src/core/execute.h -@@ -422,6 +422,7 @@ void exec_context_dump(const ExecContext *c, FILE* f, const char *prefix); - - int exec_context_destroy_runtime_directory(const ExecContext *c, const char *runtime_root); - int exec_context_destroy_credentials(const ExecContext *c, const char *runtime_root, const char *unit); -+int exec_context_destroy_mount_ns_dir(Unit *u); - - const char* exec_context_fdname(const ExecContext *c, int fd_index); - -diff --git a/src/core/unit.c b/src/core/unit.c -index 0e8a01966a..0f44ea8bcd 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -5700,6 +5700,7 @@ void unit_destroy_runtime_data(Unit *u, const ExecContext *context) { - exec_context_destroy_runtime_directory(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME]); - - exec_context_destroy_credentials(context, u->manager->prefix[EXEC_DIRECTORY_RUNTIME], u->id); -+ exec_context_destroy_mount_ns_dir(u); - } - - int unit_clean(Unit *u, ExecCleanMask mask) { --- -2.27.0 - diff --git a/backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch b/backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch deleted file mode 100644 index 0406216be1ed2b20e40f81ac8440c45caa1c456f..0000000000000000000000000000000000000000 --- a/backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch +++ /dev/null @@ -1,53 +0,0 @@ -From eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Fri, 21 Jan 2022 13:08:19 +0100 -Subject: [PATCH] core/namespace: allow using ProtectSubset=pid and - ProtectHostname=true together - -If a service requests both ProtectSubset=pid and ProtectHostname=true -then it will currently fail to start. The ProcSubset=pid option -instructs systemd to mount procfs for the service with subset=pid which -hides all entries other than /proc/. Consequently trying to -interact with the two files /proc/sys/kernel/{hostname,domainname} -covered by ProtectHostname=true will fail. - -Fix this by only performing this check when ProtectSubset=pid is not -requested. Essentially ProtectSubset=pid implies/provides -ProtectHostname=true. - -(cherry picked from commit 1361f015773e3b4d74e382edf1565f3315a3396b) -(cherry picked from commit a727941affa7821592d503c8a5033c92d615f64c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 ---- - src/core/namespace.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index e3aebe8b5e..5961b14f98 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -2115,14 +2115,19 @@ int setup_namespace( - goto finish; - } - -+ /* Note, if proc is mounted with subset=pid then neither of the -+ * two paths will exist, i.e. they are implicitly protected by -+ * the mount option. */ - if (ns_info->protect_hostname) { - *(m++) = (MountEntry) { - .path_const = "/proc/sys/kernel/hostname", - .mode = READONLY, -+ .ignore = ignore_protect_proc, - }; - *(m++) = (MountEntry) { - .path_const = "/proc/sys/kernel/domainname", - .mode = READONLY, -+ .ignore = ignore_protect_proc, - }; - } - --- -2.33.0 - diff --git a/backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch b/backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch deleted file mode 100644 index a87e2ed66e1a041ba7350c0fab9b2bf8fbe41751..0000000000000000000000000000000000000000 --- a/backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2540b0e3e0aa3e9bc4eef39723aa869f235923dd Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Mon, 24 Jan 2022 10:12:57 +0100 -Subject: [PATCH] core/namespace: s/normalize_mounts()/drop_unused_mounts() - -Rename the normalize_mounts() helper to drop_unused_mounts. All the -helpers called in there get rid of mounts that are unused for a variety -of reasons. And whereas the helpers are aptly prefixed with "drop" the -overall helper isn't and instead uses "normalize". - -Make it more obvious what the helper actually does by renaming it from -normalize_mounts() to drop_unused_mounts(). Readers of code calling this -helper will immediately see that it will get rid of unused mounts. - -Link: https://github.com/systemd/systemd/issues/22206 -(cherry picked from commit fbf90c0d5cadc5d1e95485f770f45a7d4cd39daa) -(cherry picked from commit 09936a7ec92c859b3c4c9520ecd49c2909a8b35c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2540b0e3e0aa3e9bc4eef39723aa869f235923dd ---- - src/core/namespace.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 5961b14f98..a6c6963bb7 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -1578,7 +1578,14 @@ static size_t namespace_calculate_mounts( - ns_info->private_ipc; /* /dev/mqueue */ - } - --static void normalize_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { -+/* Walk all mount entries and dropping any unused mounts. This affects all -+ * mounts: -+ * - that are implicitly protected by a path that has been rendered inaccessible -+ * - whose immediate parent requests the same protection mode as the mount itself -+ * - that are outside of the relevant root directory -+ * - which are duplicates -+ */ -+static void drop_unused_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { - assert(root_directory); - assert(n_mounts); - assert(mounts || *n_mounts == 0); -@@ -1659,7 +1666,7 @@ static int apply_mounts( - if (!again) - break; - -- normalize_mounts(root, mounts, n_mounts); -+ drop_unused_mounts(root, mounts, n_mounts); - } - - /* Create a deny list we can pass to bind_mount_recursive() */ -@@ -2208,7 +2215,7 @@ int setup_namespace( - if (r < 0) - goto finish; - -- normalize_mounts(root, mounts, &n_mounts); -+ drop_unused_mounts(root, mounts, &n_mounts); - } - - /* All above is just preparation, figuring out what to do. Let's now actually start doing something. */ --- -2.33.0 - diff --git a/backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch b/backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch deleted file mode 100644 index 038642fd557ce1272218f0022ef24fa2be7393fa..0000000000000000000000000000000000000000 --- a/backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 84ec6a0043f7a447157753fb12e991ebce6e14b7 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 27 Oct 2021 23:08:58 +0200 -Subject: [PATCH] core: normalize 'r' variable handling in - unit_attach_pids_to_cgroup() a bit - -The 'r' variable is our "go-to" variable for error return codes, all -across our codebase. In unit_attach_pids_to_cgroup() it was so far used -in a strange way for most of the function: instead of directly storing -the error codes of functions we call we'd store it in a local variable -'q' instead, and propagate it to 'r' only in some cases finally we'd -return the ultimate result of 'r'. - -Let's normalize this a bit: let's always store error return values in -'r', and then use 'ret' as the variable to sometimes propagate errors -to, and then return that. - -This also allows us to get rid of one local variable. - -No actual codeflow changes, just some renaming of variables that allows -us to remove one. - -(cherry picked from commit db4229d12f48663400802171b336c7cadbbe04ef) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84ec6a0043f7a447157753fb12e991ebce6e14b7 ---- - src/core/cgroup.c | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 5c07aa71d1..1551d57e90 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2137,7 +2137,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - CGroupMask delegated_mask; - const char *p; - void *pidp; -- int r, q; -+ int ret, r; - - assert(u); - -@@ -2164,16 +2164,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - delegated_mask = unit_get_delegate_mask(u); - -- r = 0; -+ ret = 0; - SET_FOREACH(pidp, pids) { - pid_t pid = PTR_TO_PID(pidp); - - /* First, attach the PID to the main cgroup hierarchy */ -- q = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid); -- if (q < 0) { -- bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(q); -+ r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid); -+ if (r < 0) { -+ bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(r); - -- log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q, -+ log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, r, - "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", - pid, again ? " directly" : "", empty_to_root(p)); - -@@ -2192,16 +2192,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ - } - -- if (r >= 0) -- r = q; /* Remember first error */ -+ if (ret >= 0) -+ ret = r; /* Remember first error */ - - continue; - } - -- q = cg_all_unified(); -- if (q < 0) -- return q; -- if (q > 0) -+ r = cg_all_unified(); -+ if (r < 0) -+ return r; -+ if (r > 0) - continue; - - /* In the legacy hierarchy, attach the process to the request cgroup if possible, and if not to the -@@ -2216,11 +2216,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - /* If this controller is delegated and realized, honour the caller's request for the cgroup suffix. */ - if (delegated_mask & u->cgroup_realized_mask & bit) { -- q = cg_attach(cgroup_controller_to_string(c), p, pid); -- if (q >= 0) -+ r = cg_attach(cgroup_controller_to_string(c), p, pid); -+ if (r >= 0) - continue; /* Success! */ - -- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", -+ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", - pid, empty_to_root(p), cgroup_controller_to_string(c)); - } - -@@ -2231,14 +2231,14 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - if (!realized) - continue; /* Not even realized in the root slice? Then let's not bother */ - -- q = cg_attach(cgroup_controller_to_string(c), realized, pid); -- if (q < 0) -- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m", -+ r = cg_attach(cgroup_controller_to_string(c), realized, pid); -+ if (r < 0) -+ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m", - pid, realized, cgroup_controller_to_string(c)); - } - } - -- return r; -+ return ret; - } - - static bool unit_has_mask_realized( --- -2.33.0 - diff --git a/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch b/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch index 5542dac9e9257279c87ce98c5c1c5b99abbed967..43eb3b73b3fe9a9bbe4a1c8d6e1686bc3730fc64 100644 --- a/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch +++ b/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch @@ -1,4 +1,4 @@ -From fe432460c2ecbd3dd7f0fa16278b9d4ca57a0de3 Mon Sep 17 00:00:00 2001 +From bee6e755bb8e53a7a436e221b015ce0232ed87c0 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 10 May 2023 13:54:15 +0800 Subject: [PATCH] core: only refuse Type=dbus service enqueuing if dbus has @@ -33,22 +33,14 @@ What we can support is: Replaces #27590 Fixes #27588 --- - src/core/dbus-unit.c | 32 +++++++++++++++++++++++++------- - 1 file changed, 25 insertions(+), 7 deletions(-) + src/core/dbus-unit.c | 31 ++++++++++++++++++++++++------- + 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index 295e271..24e4d25 100644 +index 5b89c76586..59d541ebfe 100644 --- a/src/core/dbus-unit.c +++ b/src/core/dbus-unit.c -@@ -1849,6 +1849,7 @@ int bus_unit_queue_job( - sd_bus_error *error) { - - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ const char *dbus_unit; - int r; - - assert(message); -@@ -1879,13 +1880,30 @@ int bus_unit_queue_job( +@@ -1875,13 +1875,30 @@ int bus_unit_queue_job( (type == JOB_STOP && u->refuse_manual_stop) || (IN_SET(type, JOB_RESTART, JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) || (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start)) diff --git a/backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch b/backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch deleted file mode 100644 index 0b7200437033c3195ff9d5ecc14d075804b6d19d..0000000000000000000000000000000000000000 --- a/backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch +++ /dev/null @@ -1,54 +0,0 @@ -From b17f9c7c8db6959227cebf1b30ed1698d024382e Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Fri, 18 Feb 2022 10:06:24 +0100 -Subject: [PATCH] core: really skip automatic restart when a JOB_STOP job is - pending - -It's not clear why we rescheduled a service auto restart while a stop job for -the unit was pending. The comment claims that the unit shouldn't be restarted -but the code did reschedule an auto restart meanwhile. - -In practice that was rarely an issue because the service waited for the next -auto restart to be rescheduled, letting the queued stop job to be proceed and -service_stop() to be called preventing the next restart to complete. - -However when RestartSec=0, the timer expired right away making PID1 to -reschedule the unit again, making the timer expired right away... and so -on. This busy loop prevented PID1 to handle any queued jobs (and hence giving -no chance to the start rate limiting to trigger), which made the busy loop last -forever. - -This patch breaks this loop by skipping the reschedule of the unit auto restart -and hence not depending on the value of u->restart_usec anymore. - -Fixes: #13667 -(cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332) -(cherry picked from commit 2198c08d0786c5cec1b39283831969b2cc1adf40) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b17f9c7c8db6959227cebf1b30ed1698d024382e ---- - src/core/service.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index a480edc439..21bf3dc28c 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2267,12 +2267,7 @@ static void service_enter_restart(Service *s) { - - if (unit_has_job_type(UNIT(s), JOB_STOP)) { - /* Don't restart things if we are going down anyway */ -- log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); -- -- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); -- if (r < 0) -- goto fail; -- -+ log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); - return; - } - --- -2.33.0 - diff --git a/backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch b/backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch deleted file mode 100644 index 0996f5814a97aa6c60b55f5ee50613dd1c77b5c9..0000000000000000000000000000000000000000 --- a/backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch +++ /dev/null @@ -1,34 +0,0 @@ -From af8d87d6bc8506629f1e73599ccdc4b8f8eaa6c8 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 19 Jan 2022 00:08:57 +0000 -Subject: [PATCH] core: refuse to mount ExtensionImages if the base layer - doesn't at least have ID in os-release - -We can't match an extension if we don't at least have an ID, -so refuse to continue - -(cherry picked from commit 78ab2b5064a0f87579ce5430f9cb83bba0db069a) -(cherry picked from commit 179bd47f04c538ed1f2c1de2cf2c18f17b027a51) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/af8d87d6bc8506629f1e73599ccdc4b8f8eaa6c8 ---- - src/core/namespace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index b933d46cf6..e3aebe8b5e 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -1151,6 +1151,8 @@ static int mount_image(const MountEntry *m, const char *root_directory) { - NULL); - if (r < 0) - return log_debug_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); -+ if (isempty(host_os_release_id)) -+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); - } - - r = verity_dissect_and_mount( --- -2.33.0 - diff --git a/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch b/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch deleted file mode 100644 index 98c27fa104ed55c056960a13f7918d4ae876ed84..0000000000000000000000000000000000000000 --- a/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 7870de03c52982290f9b8ae11eb4d89db66f4be3 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 5 May 2022 11:11:57 +0200 -Subject: [PATCH] core: replace m->honor_device_enumeration with - MANAGER_IS_SWITCHING_ROOT() - ---- - src/core/device.c | 7 +++---- - src/core/manager.c | 21 +-------------------- - src/core/manager.h | 2 -- - 3 files changed, 4 insertions(+), 26 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index d9669e3..0bca0ff 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -189,9 +189,8 @@ static int device_coldplug(Unit *u) { - * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, - * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be - * ignored, as udev rules in initramfs and the main system are often different. If the deserialized -- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody -- * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false -- * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. -+ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting -+ * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called. - * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd - * will (re-)process all devices, and the Device.found and Device.state will be adjusted. - * -@@ -199,7 +198,7 @@ static int device_coldplug(Unit *u) { - * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by - * device_catchup() or uevents. */ - -- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && -+ if (MANAGER_IS_SWITCHING_ROOT(m) && - !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { - found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ - if (state == DEVICE_PLUGGED) -diff --git a/src/core/manager.c b/src/core/manager.c -index 5ed7191..91e9b2a 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1689,8 +1689,6 @@ static void manager_ready(Manager *m) { - - /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ - manager_catchup(m); -- -- m->honor_device_enumeration = true; - } - - static Manager* manager_reloading_start(Manager *m) { -@@ -3259,9 +3257,6 @@ int manager_serialize( - (void) serialize_bool(f, "taint-logged", m->taint_logged); - (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); - -- /* After switching root, udevd has not been started yet. So, enumeration results should not be emitted. */ -- (void) serialize_bool(f, "honor-device-enumeration", !switching_root); -- - if (m->show_status_overridden != _SHOW_STATUS_INVALID) - (void) serialize_item(f, "show-status-overridden", - show_status_to_string(m->show_status_overridden)); -@@ -3635,15 +3630,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - else - m->service_watchdogs = b; - -- } else if ((val = startswith(l, "honor-device-enumeration="))) { -- int b; -- -- b = parse_boolean(val); -- if (b < 0) -- log_notice("Failed to parse honor-device-enumeration flag '%s', ignoring.", val); -- else -- m->honor_device_enumeration = b; -- - } else if ((val = startswith(l, "show-status-overridden="))) { - ShowStatus s; - -@@ -3767,7 +3753,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - - if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ - (void) deserialize_dual_timestamp(val, m->timestamps + q); -- else if (!startswith(l, "kdbus-fd=")) /* ignore kdbus */ -+ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ - log_notice("Unknown serialization item '%s', ignoring.", l); - } - } -@@ -3860,11 +3846,6 @@ int manager_reload(Manager *m) { - assert(m->n_reloading > 0); - m->n_reloading--; - -- /* On manager reloading, device tag data should exists, thus, we should honor the results of device -- * enumeration. The flag should be always set correctly by the serialized data, but it may fail. So, -- * let's always set the flag here for safety. */ -- m->honor_device_enumeration = true; -- - manager_ready(m); - - m->send_reloading_done = true; -diff --git a/src/core/manager.h b/src/core/manager.h -index 453706c..67c204f 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -442,8 +442,6 @@ struct Manager { - unsigned sigchldgen; - unsigned notifygen; - -- bool honor_device_enumeration; -- - VarlinkServer *varlink_server; - /* Only systemd-oomd should be using this to subscribe to changes in ManagedOOM settings */ - Varlink *managed_oom_varlink_request; --- -2.33.0 - diff --git a/backport-core-replace-slice-dependencies-as-they-get-added.patch b/backport-core-replace-slice-dependencies-as-they-get-added.patch deleted file mode 100644 index 158be33da6a68de102a9b89d15b53df2898b1b14..0000000000000000000000000000000000000000 --- a/backport-core-replace-slice-dependencies-as-they-get-added.patch +++ /dev/null @@ -1,178 +0,0 @@ -From b68731eeb692a4cfcdf5790ae118ebf21d827301 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 9 Nov 2021 15:26:28 -0800 -Subject: [PATCH] core: replace slice dependencies as they get added - -Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that -is used when adding slices to the dependencies hashmap. This type is -used to remove slice dependencies when they get overridden by new ones. - -Fixes #20182 - -Reference:https://github.com/systemd/systemd/commit/899acf5c2d4b89caa891d05ccfa4be828a999c2d -Conflict: NA ---- - src/core/dbus-unit.c | 2 +- - src/core/load-fragment.c | 2 +- - src/core/unit-serialize.c | 1 + - src/core/unit.c | 10 +++++++--- - src/core/unit.h | 7 +++++-- - src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- - 6 files changed, 45 insertions(+), 8 deletions(-) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index aa10939..c42ae5e 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -2272,7 +2272,7 @@ static int bus_unit_set_transient_property( - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) - return r; - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 399a759..3f5d6d3 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3575,7 +3575,7 @@ int config_parse_unit_slice( - return 0; - } - -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); - return 0; -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 689a536..3544f18 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -571,6 +571,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency - { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, - { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, - { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, -+ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, - }; - - assert(f); -diff --git a/src/core/unit.c b/src/core/unit.c -index ffcf8eb..bff0527 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3267,7 +3267,7 @@ reset: - return r; - } - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { -+int unit_set_slice(Unit *u, Unit *slice) { - int r; - - assert(u); -@@ -3300,7 +3300,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { - if (UNIT_GET_SLICE(u) && u->cgroup_realized) - return -EBUSY; - -- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); -+ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ -+ if (UNIT_GET_SLICE(u)) -+ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); -+ -+ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); - if (r < 0) - return r; - -@@ -3353,7 +3357,7 @@ int unit_set_default_slice(Unit *u) { - if (r < 0) - return r; - -- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ return unit_set_slice(u, slice); - } - - const char *unit_slice_name(Unit *u) { -diff --git a/src/core/unit.h b/src/core/unit.h -index 759104f..6dc2bcb 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -88,7 +88,10 @@ typedef enum UnitDependencyMask { - /* A dependency created because of data read from /proc/swaps and no other configuration source */ - UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, - -- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, -+ /* A dependency for units in slices assigned by directly setting Slice= */ -+ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, -+ -+ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, - } UnitDependencyMask; - - /* The Unit's dependencies[] hashmaps use this structure as value. It has the same size as a void pointer, and thus can -@@ -761,7 +764,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; - int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); - int unit_load(Unit *unit); - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); -+int unit_set_slice(Unit *u, Unit *slice); - int unit_set_default_slice(Unit *u); - - const char *unit_description(Unit *u) _pure_; -diff --git a/src/test/test-engine.c b/src/test/test-engine.c -index 6dc1619..1ac15a8 100644 ---- a/src/test/test-engine.c -+++ b/src/test/test-engine.c -@@ -8,6 +8,7 @@ - #include "manager-dump.h" - #include "rm-rf.h" - #include "service.h" -+#include "slice.h" - #include "special.h" - #include "strv.h" - #include "tests.h" -@@ -75,7 +76,8 @@ int main(int argc, char *argv[]) { - _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; - _cleanup_(manager_freep) Manager *m = NULL; - Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, -- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; -+ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, -+ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; - Job *j; - int r; - -@@ -260,5 +262,32 @@ int main(int argc, char *argv[]) { - - verify_dependency_atoms(); - -+ /* Test adding multiple Slice= dependencies; only the last should remain */ -+ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); -+ -+ unit_set_slice(tomato, sauce); -+ unit_set_slice(tomato, fruit); -+ unit_set_slice(tomato, zupa); -+ -+ assert_se(UNIT_GET_SLICE(tomato) == zupa); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); -+ -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); -+ - return 0; - } --- -1.8.3.1 - diff --git a/backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch b/backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch deleted file mode 100644 index b5477b1d9791a255a874836433ff2c36cd930276..0000000000000000000000000000000000000000 --- a/backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d36785b19b10ec04ae7b87cdb402de4126e17bca Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Mon, 26 Jul 2021 16:57:43 +0200 -Subject: [PATCH] core: respect install_sysconfdir_samples in meson file - -The refactoring done in e11a25cadbe caused the configuration files to be -installed into the pkgsysconfdir regardless of the state of the -install_sysconfdir_samples boolean that indicates whether or not the -sample files should be installed. - -(cherry picked from commit cfd760b6a77808d0b9451ed618a23b6259fe525f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d36785b19b10ec04ae7b87cdb402de4126e17bca ---- - src/core/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index f0d2c6f642..c66538eab1 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -193,7 +193,7 @@ foreach item : in_files - output: file, - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, -- install : dir != 'no', -+ install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'), - install_dir : dir) - endforeach - --- -2.33.0 - diff --git a/backport-core-service-also-check-path-in-exec-commands.patch b/backport-core-service-also-check-path-in-exec-commands.patch deleted file mode 100644 index f7d6552adc82a1f4a8ba85f61255d48ae6945f9a..0000000000000000000000000000000000000000 --- a/backport-core-service-also-check-path-in-exec-commands.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b3978cf401306a793c7531299a5e9b3c63e53a27 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 6 Oct 2021 00:19:41 +0900 -Subject: [PATCH] core/service: also check path in exec commands - -(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b3978cf401306a793c7531299a5e9b3c63e53a27 ---- - src/core/service.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/core/service.c b/src/core/service.c -index e061d488c7..701c145565 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -551,11 +551,17 @@ static int service_verify(Service *s) { - for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) { - ExecCommand *command; - -- LIST_FOREACH(command, command, s->exec_command[c]) -+ LIST_FOREACH(command, command, s->exec_command[c]) { -+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) -+ return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), -+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.", -+ command->path, -+ service_exec_command_to_string(c)); - if (strv_isempty(command->argv)) - return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), - "Service has an empty argv in %s=. Refusing.", - service_exec_command_to_string(c)); -+ } - } - - if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] && --- -2.33.0 - diff --git a/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch b/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch deleted file mode 100644 index 08a96a1df8432b3c019b311674f15c20035b0f10..0000000000000000000000000000000000000000 --- a/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 4617bad0a3b5d8026243cb4e72a5cae25ca106f0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 6 May 2022 14:01:22 +0900 -Subject: [PATCH] core/slice: make slice_freezer_action() return 0 if freezing - state is unchanged - -Fixes #23278. - -(cherry picked from commit d171e72e7afa11b238ba20758384d223b0c76e39) ---- - src/core/slice.c | 6 +----- - src/core/unit.c | 2 ++ - 2 files changed, 3 insertions(+), 5 deletions(-) - -diff --git a/src/core/slice.c b/src/core/slice.c -index 2e43c00119..c453aa033e 100644 ---- a/src/core/slice.c -+++ b/src/core/slice.c -@@ -389,11 +389,7 @@ static int slice_freezer_action(Unit *s, FreezerAction action) { - return r; - } - -- r = unit_cgroup_freezer_action(s, action); -- if (r < 0) -- return r; -- -- return 1; -+ return unit_cgroup_freezer_action(s, action); - } - - static int slice_freeze(Unit *s) { -diff --git a/src/core/unit.c b/src/core/unit.c -index b233aca28c..3bceba1317 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -5831,6 +5831,8 @@ static int unit_freezer_action(Unit *u, FreezerAction action) { - if (r <= 0) - return r; - -+ assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING)); -+ - return 1; - } - --- -2.33.0 - diff --git a/backport-core-timer-fix-memleak.patch b/backport-core-timer-fix-memleak.patch deleted file mode 100644 index 2d04881780420321a2b68d873d542ebddd916e7a..0000000000000000000000000000000000000000 --- a/backport-core-timer-fix-memleak.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 82362b16ac842fc38340d21ebf39b259c5edaed3 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 May 2022 14:09:24 +0900 -Subject: [PATCH] core/timer: fix memleak - -Fixes #23326. - -(cherry picked from commit d3ab7b8078944db28bc621f43dd942a3c878fffb) ---- - src/core/timer.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/core/timer.c b/src/core/timer.c -index a13b864741..0dc49dd46b 100644 ---- a/src/core/timer.c -+++ b/src/core/timer.c -@@ -135,6 +135,7 @@ static int timer_add_trigger_dependencies(Timer *t) { - } - - static int timer_setup_persistent(Timer *t) { -+ _cleanup_free_ char *stamp_path = NULL; - int r; - - assert(t); -@@ -148,13 +149,13 @@ static int timer_setup_persistent(Timer *t) { - if (r < 0) - return r; - -- t->stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); -+ stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); - } else { - const char *e; - - e = getenv("XDG_DATA_HOME"); - if (e) -- t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); -+ stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); - else { - - _cleanup_free_ char *h = NULL; -@@ -163,14 +164,14 @@ static int timer_setup_persistent(Timer *t) { - if (r < 0) - return log_unit_error_errno(UNIT(t), r, "Failed to determine home directory: %m"); - -- t->stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); -+ stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); - } - } - -- if (!t->stamp_path) -+ if (!stamp_path) - return log_oom(); - -- return 0; -+ return free_and_replace(t->stamp_path, stamp_path); - } - - static uint64_t timer_get_fixed_delay_hash(Timer *t) { --- -2.33.0 - diff --git a/backport-core-timer-fix-potential-use-after-free.patch b/backport-core-timer-fix-potential-use-after-free.patch deleted file mode 100644 index fc0569e48f7b277e9cd50b49239dddede2500f41..0000000000000000000000000000000000000000 --- a/backport-core-timer-fix-potential-use-after-free.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 38410e13ec9b1b67364f2f0af3b27d9e934bcd96 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 May 2022 14:10:17 +0900 -Subject: [PATCH] core/timer: fix potential use-after-free - -(cherry picked from commit 756491af392a99c4286d876b0041535e50df80ad) ---- - src/core/timer.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/timer.c b/src/core/timer.c -index 0dc49dd46b..b439802bc2 100644 ---- a/src/core/timer.c -+++ b/src/core/timer.c -@@ -68,7 +68,7 @@ static void timer_done(Unit *u) { - t->monotonic_event_source = sd_event_source_disable_unref(t->monotonic_event_source); - t->realtime_event_source = sd_event_source_disable_unref(t->realtime_event_source); - -- free(t->stamp_path); -+ t->stamp_path = mfree(t->stamp_path); - } - - static int timer_verify(Timer *t) { --- -2.33.0 - diff --git a/backport-core-unit-drop-dependency-to-the-unit-being-merged.patch b/backport-core-unit-drop-dependency-to-the-unit-being-merged.patch deleted file mode 100644 index da217a1ca27f05aef57b7ef613a524b96babc591..0000000000000000000000000000000000000000 --- a/backport-core-unit-drop-dependency-to-the-unit-being-merged.patch +++ /dev/null @@ -1,65 +0,0 @@ -From c8b3b524134539846917269ddd644ee93a35623f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Nov 2022 03:08:22 +0900 -Subject: [PATCH] core/unit: drop dependency to the unit being merged - -Fixes a bug in 15ed3c3a188cf7fa5a60ae508fc7a3ed048d2220. - -Fixes #24990. Also, hopefully fixes #24577. ---- - src/core/unit.c | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 36e3afd7fb..1a580157af 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1044,10 +1044,10 @@ static int unit_add_dependency_hashmap( - return unit_per_dependency_type_hashmap_update(per_type, other, origin_mask, destination_mask); - } - --static void unit_merge_dependencies( -- Unit *u, -- Unit *other) { -- -+static void unit_merge_dependencies(Unit *u, Unit *other) { -+ Hashmap *deps; -+ void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, -+ * since the hashmaps all want it as void pointer. */ - int r; - - assert(u); -@@ -1056,12 +1056,19 @@ static void unit_merge_dependencies( - if (u == other) - return; - -+ /* First, remove dependency to other. */ -+ HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) { -+ if (hashmap_remove(deps, other)) -+ unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ -+ if (hashmap_isempty(deps)) -+ hashmap_free(hashmap_remove(u->dependencies, dt)); -+ } -+ - for (;;) { - _cleanup_(hashmap_freep) Hashmap *other_deps = NULL; - UnitDependencyInfo di_back; - Unit *back; -- void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, -- * since the hashmaps all want it as void pointer. */ - - /* Let's focus on one dependency type at a time, that 'other' has defined. */ - other_deps = hashmap_steal_first_key_and_value(other->dependencies, &dt); -@@ -1103,8 +1110,6 @@ static void unit_merge_dependencies( - * them per type wholesale. */ - r = hashmap_put(u->dependencies, dt, other_deps); - if (r == -EEXIST) { -- Hashmap *deps; -- - /* The target unit already has dependencies of this type, let's then merge this individually. */ - - assert_se(deps = hashmap_get(u->dependencies, dt)); --- -2.27.0 - diff --git a/backport-core-unit-fix-log-message.patch b/backport-core-unit-fix-log-message.patch deleted file mode 100644 index b6b44e16b15bfc7359d28172ae286152a9d6eca0..0000000000000000000000000000000000000000 --- a/backport-core-unit-fix-log-message.patch +++ /dev/null @@ -1,112 +0,0 @@ -From ed9911630e4bca844381d7caeb850dad9a9fa122 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Nov 2022 22:59:01 +0900 -Subject: [PATCH] core/unit: fix log message - -As you can see in the below, the dropped dependency Before=issue-24990.service -is not logged, but the dependency Before=test1.service which is not owned by -the units generated by the TEST-26 is logged. - -Before: -systemd[1]: issue-24990.service: Dependency After=test1.service dropped, merged into issue-24990.service -systemd[1]: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service - -After: -systemd[1]: issue-24990.service: Dependency After=test1.service is dropped, as test1.service is merged into issue-24990.service. -systemd[1]: issue-24990.service: Dependency Before=issue-24990.service in test1.service is dropped, as test1.service is merged into issue-24990.service. ---- - src/core/unit.c | 49 ++++++++++++++++++++++--------------------------- - 1 file changed, 22 insertions(+), 27 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index ea09416be5..988ba8e34a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -937,29 +937,17 @@ static int unit_reserve_dependencies(Unit *u, Unit *other) { - return 0; - } - --static void unit_maybe_warn_about_dependency( -- Unit *u, -- const char *other_id, -- UnitDependency dependency) { -- -- assert(u); -- -+static bool unit_should_warn_about_dependency(UnitDependency dependency) { - /* Only warn about some unit types */ -- if (!IN_SET(dependency, -- UNIT_CONFLICTS, -- UNIT_CONFLICTED_BY, -- UNIT_BEFORE, -- UNIT_AFTER, -- UNIT_ON_SUCCESS, -- UNIT_ON_FAILURE, -- UNIT_TRIGGERS, -- UNIT_TRIGGERED_BY)) -- return; -- -- if (streq_ptr(u->id, other_id)) -- log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id); -- else -- log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other_id), u->id); -+ return IN_SET(dependency, -+ UNIT_CONFLICTS, -+ UNIT_CONFLICTED_BY, -+ UNIT_BEFORE, -+ UNIT_AFTER, -+ UNIT_ON_SUCCESS, -+ UNIT_ON_FAILURE, -+ UNIT_TRIGGERS, -+ UNIT_TRIGGERED_BY); - } - - static int unit_per_dependency_type_hashmap_update( -@@ -1057,8 +1045,10 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - - /* First, remove dependency to other. */ - HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) { -- if (hashmap_remove(deps, other)) -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ if (hashmap_remove(deps, other) && unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt))) -+ log_unit_warning(u, "Dependency %s=%s is dropped, as %s is merged into %s.", -+ unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)), -+ other->id, other->id, u->id); - - if (hashmap_isempty(deps)) - hashmap_free(hashmap_remove(u->dependencies, dt)); -@@ -1085,7 +1075,11 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - if (back == u) { - /* This is a dependency pointing back to the unit we want to merge with? - * Suppress it (but warn) */ -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ if (unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt))) -+ log_unit_warning(u, "Dependency %s=%s in %s is dropped, as %s is merged into %s.", -+ unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)), -+ u->id, other->id, other->id, u->id); -+ - hashmap_remove(other_deps, back); - continue; - } -@@ -3055,7 +3049,6 @@ int unit_add_dependency( - [UNIT_IN_SLICE] = UNIT_SLICE_OF, - [UNIT_SLICE_OF] = UNIT_IN_SLICE, - }; -- Unit *original_u = u, *original_other = other; - UnitDependencyAtom a; - int r; - -@@ -3074,7 +3067,9 @@ int unit_add_dependency( - - /* We won't allow dependencies on ourselves. We will not consider them an error however. */ - if (u == other) { -- unit_maybe_warn_about_dependency(original_u, original_other->id, d); -+ if (unit_should_warn_about_dependency(d)) -+ log_unit_warning(u, "Dependency %s=%s is dropped.", -+ unit_dependency_to_string(d), u->id); - return 0; - } - --- -2.27.0 - diff --git a/backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch b/backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch deleted file mode 100644 index 09e19cbae26359b356c842f04ea293eee850eaf9..0000000000000000000000000000000000000000 --- a/backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 53e0e6ef0eea396bb432cbfc1f2f6ea1272ff1f1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Nov 2022 23:08:35 +0900 -Subject: [PATCH] core/unit: fix logic of dropping self-referencing - dependencies - -Fixes a bug in 15ed3c3a188cf7fa5a60ae508fc7a3ed048d2220. ---- - src/core/unit.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 1a580157af..a9052428e4 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1131,10 +1131,11 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - } - } else { - assert_se(r >= 0); -- TAKE_PTR(other_deps); - - if (hashmap_remove(other_deps, u)) - unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ -+ TAKE_PTR(other_deps); - } - } - --- -2.27.0 - diff --git a/backport-core-unit-fix-use-after-free.patch b/backport-core-unit-fix-use-after-free.patch deleted file mode 100644 index 9998e8f51b5863c94858108f06f2c8a03ca3e89d..0000000000000000000000000000000000000000 --- a/backport-core-unit-fix-use-after-free.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3daae8785764304a65892ddcd548b6aae16c9463 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 9 May 2022 00:56:05 +0900 -Subject: [PATCH] core/unit: fix use-after-free - -Fixes #23312. - -(cherry picked from commit 734582830b58e000a26e18807ea277c18778573c) ---- - src/core/unit.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index af6cf097fc..b233aca28c 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -671,8 +671,8 @@ Unit* unit_free(Unit *u) { - - unit_dequeue_rewatch_pids(u); - -- sd_bus_slot_unref(u->match_bus_slot); -- sd_bus_track_unref(u->bus_track); -+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ u->bus_track = sd_bus_track_unref(u->bus_track); - u->deserialized_refs = strv_free(u->deserialized_refs); - u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message); - --- -2.33.0 - diff --git a/backport-core-unit-merge-two-loops-into-one.patch b/backport-core-unit-merge-two-loops-into-one.patch deleted file mode 100644 index 3b792d0e8466c36993ba18a67e1c10a23c023c68..0000000000000000000000000000000000000000 --- a/backport-core-unit-merge-two-loops-into-one.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 4b7918a65cc2571a2b3fc166229e1b8db463e217 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Nov 2022 12:46:45 +0900 -Subject: [PATCH] core/unit: merge two loops into one - -No functional change, just refactoring. ---- - src/core/unit.c | 47 +++++++++++++++-------------------------------- - 1 file changed, 15 insertions(+), 32 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index a9052428e4..0d52e4bf1a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1048,7 +1048,6 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - Hashmap *deps; - void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, - * since the hashmaps all want it as void pointer. */ -- int r; - - assert(u); - assert(other); -@@ -1075,6 +1074,8 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - if (!other_deps) - break; /* done! */ - -+ deps = hashmap_get(u->dependencies, dt); -+ - /* Now iterate through all dependencies of this dependency type, of 'other'. We refer to the - * referenced units as 'back'. */ - HASHMAP_FOREACH_KEY(di_back.data, back, other_deps) { -@@ -1085,6 +1086,7 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - /* This is a dependency pointing back to the unit we want to merge with? - * Suppress it (but warn) */ - unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ hashmap_remove(other_deps, back); - continue; - } - -@@ -1103,40 +1105,21 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - di_move.origin_mask, - di_move.destination_mask) >= 0); - } -- } - -- /* Now all references towards 'other' of the current type 'dt' are corrected to point to -- * 'u'. Lets's now move the deps of type 'dt' from 'other' to 'u'. First, let's try to move -- * them per type wholesale. */ -- r = hashmap_put(u->dependencies, dt, other_deps); -- if (r == -EEXIST) { - /* The target unit already has dependencies of this type, let's then merge this individually. */ -- -- assert_se(deps = hashmap_get(u->dependencies, dt)); -- -- for (;;) { -- UnitDependencyInfo di_move; -- -- /* Get first dep */ -- di_move.data = hashmap_steal_first_key_and_value(other_deps, (void**) &back); -- if (!di_move.data) -- break; /* done */ -- if (back == u) { -- /* Would point back to us, ignore */ -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -- continue; -- } -- -- assert_se(unit_per_dependency_type_hashmap_update(deps, back, di_move.origin_mask, di_move.destination_mask) >= 0); -- } -- } else { -- assert_se(r >= 0); -- -- if (hashmap_remove(other_deps, u)) -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -- -- TAKE_PTR(other_deps); -+ if (deps) -+ assert_se(unit_per_dependency_type_hashmap_update( -+ deps, -+ back, -+ di_back.origin_mask, -+ di_back.destination_mask) >= 0); - } -+ -+ /* Now all references towards 'other' of the current type 'dt' are corrected to point to 'u'. -+ * Lets's now move the deps of type 'dt' from 'other' to 'u'. If the unit does not have -+ * dependencies of this type, let's move them per type wholesale. */ -+ if (!deps) -+ assert_se(hashmap_put(u->dependencies, dt, TAKE_PTR(other_deps)) >= 0); - } - - other->dependencies = hashmap_free(other->dependencies); --- -2.27.0 - diff --git a/backport-core-unit-merge-unit-names-after-merging-deps.patch b/backport-core-unit-merge-unit-names-after-merging-deps.patch deleted file mode 100644 index ec6e0960887005a676e2f5f87ea5657752668fc3..0000000000000000000000000000000000000000 --- a/backport-core-unit-merge-unit-names-after-merging-deps.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1d0c81a05b1605a5fc3db44d5a157a1d6876eda9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Nov 2022 03:18:30 +0900 -Subject: [PATCH] core/unit: merge unit names after merging deps - -Before: -systemd[1]: issue-24990.service: Dependency Before=n/a dropped, merged into issue-24990.service -After: -systemd[1]: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service ---- - src/core/unit.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 0d52e4bf1a..ea09416be5 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1165,11 +1165,6 @@ int unit_merge(Unit *u, Unit *other) { - if (r < 0) - return r; - -- /* Merge names */ -- r = unit_merge_names(u, other); -- if (r < 0) -- return r; -- - /* Redirect all references */ - while (other->refs_by_target) - unit_ref_set(other->refs_by_target, other->refs_by_target->source, u); -@@ -1177,6 +1172,11 @@ int unit_merge(Unit *u, Unit *other) { - /* Merge dependencies */ - unit_merge_dependencies(u, other); - -+ /* Merge names. It is better to do that after merging deps, otherwise the log message contains n/a. */ -+ r = unit_merge_names(u, other); -+ if (r < 0) -+ return r; -+ - other->load_state = UNIT_MERGED; - other->merged_into = u; - --- -2.27.0 - diff --git a/backport-core-unit-use-bus_error_message-at-one-more-place.patch b/backport-core-unit-use-bus_error_message-at-one-more-place.patch deleted file mode 100644 index be4658f547ffbf00d0c694b44b800861463eb9c6..0000000000000000000000000000000000000000 --- a/backport-core-unit-use-bus_error_message-at-one-more-place.patch +++ /dev/null @@ -1,36 +0,0 @@ -From aa25320dbbc2b239d9f551cffac39263814a3dfa Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Jan 2022 05:38:01 +0900 -Subject: [PATCH] core/unit: use bus_error_message() at one more place - -(cherry picked from commit 33322185554799b08e94aca036dd109aaee52408) -(cherry picked from commit 81e59411161078f4f90d80e2e111755adc16db33) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/aa25320dbbc2b239d9f551cffac39263814a3dfa ---- - src/core/unit.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index dfe200ee20..0e8a01966a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3422,8 +3422,12 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - - e = sd_bus_message_get_error(message); - if (e) { -- if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) -- log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); -+ if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) { -+ r = sd_bus_error_get_errno(e); -+ log_unit_error_errno(u, r, -+ "Unexpected error response from GetNameOwner(): %s", -+ bus_error_message(e, r)); -+ } - - new_owner = NULL; - } else { --- -2.33.0 - diff --git a/backport-core-use-correct-level-for-CPU-time-log-message.patch b/backport-core-use-correct-level-for-CPU-time-log-message.patch deleted file mode 100644 index f4db746689f909a7afaa7c93cf3f2e5566466d43..0000000000000000000000000000000000000000 --- a/backport-core-use-correct-level-for-CPU-time-log-message.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 034a23c640c74856df76b3af5fdc4af5cb48256b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 6 Dec 2021 16:57:42 +0100 -Subject: [PATCH] core: use correct level for CPU time log message - -raise_level() takes the info condition as second argument and the notice -one as third. For the consumed CPU time these conditions are swapped. - -Fixes: 37109b856aeb ("pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message") -(cherry picked from commit ef6bb4dd3e3bb9c210c310026b4d827a46acc762) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/034a23c640c74856df76b3af5fdc4af5cb48256b ---- - src/core/unit.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index c792bd8e82..dfe200ee20 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2296,8 +2296,8 @@ static int unit_log_resources(Unit *u) { - message_parts[n_message_parts++] = t; - - log_level = raise_level(log_level, -- nsec > NOTICEWORTHY_CPU_NSEC, -- nsec > MENTIONWORTHY_CPU_NSEC); -+ nsec > MENTIONWORTHY_CPU_NSEC, -+ nsec > NOTICEWORTHY_CPU_NSEC); - } - - for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) { --- -2.33.0 - diff --git a/backport-core-use-the-new-quoting-helper.patch b/backport-core-use-the-new-quoting-helper.patch deleted file mode 100644 index e2d969e9854110b7b8044f8fc59d416fe698b99f..0000000000000000000000000000000000000000 --- a/backport-core-use-the-new-quoting-helper.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 284781bcb00be27737b52ffb974b66b7d5e990d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 16:28:19 +0200 -Subject: [PATCH] core: use the new quoting helper - -(cherry picked from commit 8a62620ebe23945021075df7e1b0759102c286ae) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/284781bcb00be27737b52ffb974b66b7d5e990d5 ---- - src/core/execute.c | 64 ++++++++++------------------------------------ - 1 file changed, 13 insertions(+), 51 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index e24775c150..28efe5c36f 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -51,6 +51,7 @@ - #include "env-file.h" - #include "env-util.h" - #include "errno-list.h" -+#include "escape.h" - #include "execute.h" - #include "exit-status.h" - #include "fd-util.h" -@@ -3596,8 +3597,6 @@ static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p - return 0; - } - --static char *exec_command_line(char **argv); -- - static int exec_parameters_get_cgroup_path(const ExecParameters *params, char **ret) { - bool using_subcgroup; - char *p; -@@ -3800,7 +3799,7 @@ static int exec_child( - const char *vc = params->confirm_spawn; - _cleanup_free_ char *cmdline = NULL; - -- cmdline = exec_command_line(command->argv); -+ cmdline = quote_command_line(command->argv); - if (!cmdline) { - *exit_status = EXIT_MEMORY; - return log_oom(); -@@ -4650,12 +4649,15 @@ static int exec_child( - if (DEBUG_LOGGING) { - _cleanup_free_ char *line = NULL; - -- line = exec_command_line(final_argv); -- if (line) -- log_unit_struct(unit, LOG_DEBUG, -- "EXECUTABLE=%s", executable, -- LOG_UNIT_MESSAGE(unit, "Executing: %s", line), -- LOG_UNIT_INVOCATION_ID(unit)); -+ line = quote_command_line(final_argv); -+ if (!line) { -+ *exit_status = EXIT_MEMORY; -+ return log_oom(); -+ } -+ -+ log_unit_struct(unit, LOG_DEBUG, -+ "EXECUTABLE=%s", executable, -+ LOG_UNIT_MESSAGE(unit, "Executing: %s", line)); - } - - if (exec_fd >= 0) { -@@ -4739,7 +4741,7 @@ int exec_spawn(Unit *unit, - if (r < 0) - return log_unit_error_errno(unit, r, "Failed to load environment files: %m"); - -- line = exec_command_line(command->argv); -+ line = quote_command_line(command->argv); - if (!line) - return log_oom(); - -@@ -5954,46 +5956,6 @@ void exec_status_dump(const ExecStatus *s, FILE *f, const char *prefix) { - prefix, s->status); - } - --static char *exec_command_line(char **argv) { -- size_t k; -- char *n, *p, **a; -- bool first = true; -- -- assert(argv); -- -- k = 1; -- STRV_FOREACH(a, argv) -- k += strlen(*a)+3; -- -- n = new(char, k); -- if (!n) -- return NULL; -- -- p = n; -- STRV_FOREACH(a, argv) { -- -- if (!first) -- *(p++) = ' '; -- else -- first = false; -- -- if (strpbrk(*a, WHITESPACE)) { -- *(p++) = '\''; -- p = stpcpy(p, *a); -- *(p++) = '\''; -- } else -- p = stpcpy(p, *a); -- -- } -- -- *p = 0; -- -- /* FIXME: this doesn't really handle arguments that have -- * spaces and ticks in them */ -- -- return n; --} -- - static void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { - _cleanup_free_ char *cmd = NULL; - const char *prefix2; -@@ -6004,7 +5966,7 @@ static void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { - prefix = strempty(prefix); - prefix2 = strjoina(prefix, "\t"); - -- cmd = exec_command_line(c->argv); -+ cmd = quote_command_line(c->argv); - fprintf(f, - "%sCommand Line: %s\n", - prefix, cmd ? cmd : strerror_safe(ENOMEM)); --- -2.33.0 - diff --git a/backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch b/backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch deleted file mode 100644 index 729a4275c02a4cbcd26e515f4ddbf97f4d7f5fe3..0000000000000000000000000000000000000000 --- a/backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch +++ /dev/null @@ -1,261 +0,0 @@ -From 24a40953d3d6ad8b1429d19da2f66399ae3f7e0b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 5 Aug 2021 03:14:41 +0900 -Subject: [PATCH] core: wrap cgroup path with empty_to_root() in log messages - -This fixes e.g. the following log message: ---- -systemd[1]: -.slice: Failed to migrate controller cgroups from , ignoring: Read-only file system ---- - -(cherry picked from commit 6178e2f88956e1900f445908ed053865cc22e879) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/24a40953d3d6ad8b1429d19da2f66399ae3f7e0b ---- - src/core/bpf-devices.c | 3 ++- - src/core/cgroup.c | 46 +++++++++++++++++++++--------------------- - src/core/unit.c | 6 +++--- - 3 files changed, 28 insertions(+), 27 deletions(-) - -diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c -index 8a345a4498..4daa7f76b0 100644 ---- a/src/core/bpf-devices.c -+++ b/src/core/bpf-devices.c -@@ -9,6 +9,7 @@ - #include "fileio.h" - #include "nulstr-util.h" - #include "parse-util.h" -+#include "path-util.h" - #include "stat-util.h" - #include "stdio-util.h" - #include "string-util.h" -@@ -260,7 +261,7 @@ int bpf_devices_apply_policy( - r = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE, controller_path, BPF_F_ALLOW_MULTI); - if (r < 0) - return log_error_errno(r, "Attaching device control BPF program to cgroup %s failed: %m", -- cgroup_path); -+ empty_to_root(cgroup_path)); - - finish: - /* Unref the old BPF program (which will implicitly detach it) right before attaching the new program. */ -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index eab0929dc5..3a6f768c60 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -84,7 +84,7 @@ static int set_attribute_and_warn(Unit *u, const char *controller, const char *a - r = cg_set_attribute(controller, u->cgroup_path, attribute, value); - if (r < 0) - log_unit_full_errno(u, LOG_LEVEL_CGROUP_WRITE(r), r, "Failed to set '%s' attribute on '%s' to '%.*s': %m", -- strna(attribute), isempty(u->cgroup_path) ? "/" : u->cgroup_path, (int) strcspn(value, NEWLINE), value); -+ strna(attribute), empty_to_root(u->cgroup_path), (int) strcspn(value, NEWLINE), value); - - return r; - } -@@ -713,25 +713,25 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { - if (c->moom_preference == MANAGED_OOM_PREFERENCE_OMIT) { - r = cg_set_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit", "1", 1, 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set oomd_omit flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set oomd_omit flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - - if (c->moom_preference == MANAGED_OOM_PREFERENCE_AVOID) { - r = cg_set_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid", "1", 1, 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set oomd_avoid flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set oomd_avoid flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_AVOID) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid"); - if (r < 0 && r != -ENODATA) -- log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_OMIT) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit"); - if (r < 0 && r != -ENODATA) -- log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - } - -@@ -750,7 +750,7 @@ static void cgroup_xattr_apply(Unit *u) { - sd_id128_to_string(u->invocation_id, ids), 32, - 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set invocation ID on control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set invocation ID on control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } - - if (unit_cgroup_delegate(u)) { -@@ -759,11 +759,11 @@ static void cgroup_xattr_apply(Unit *u) { - "1", 1, - 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } else { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "trusted.delegate"); - if (r < 0 && r != -ENODATA) -- log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } - - cgroup_oomd_xattr_apply(u, u->cgroup_path); -@@ -1921,12 +1921,12 @@ int unit_watch_cgroup(Unit *u) { - * is not an error */ - return 0; - -- return log_unit_error_errno(u, errno, "Failed to add control inotify watch descriptor for control group %s: %m", u->cgroup_path); -+ return log_unit_error_errno(u, errno, "Failed to add control inotify watch descriptor for control group %s: %m", empty_to_root(u->cgroup_path)); - } - - r = hashmap_put(u->manager->cgroup_control_inotify_wd_unit, INT_TO_PTR(u->cgroup_control_inotify_wd), u); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to add control inotify watch descriptor to hash map: %m"); -+ return log_unit_error_errno(u, r, "Failed to add control inotify watch descriptor for control group %s to hash map: %m", empty_to_root(u->cgroup_path)); - - return 0; - } -@@ -1984,12 +1984,12 @@ int unit_watch_cgroup_memory(Unit *u) { - * is not an error */ - return 0; - -- return log_unit_error_errno(u, errno, "Failed to add memory inotify watch descriptor for control group %s: %m", u->cgroup_path); -+ return log_unit_error_errno(u, errno, "Failed to add memory inotify watch descriptor for control group %s: %m", empty_to_root(u->cgroup_path)); - } - - r = hashmap_put(u->manager->cgroup_memory_inotify_wd_unit, INT_TO_PTR(u->cgroup_memory_inotify_wd), u); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to add memory inotify watch descriptor to hash map: %m"); -+ return log_unit_error_errno(u, r, "Failed to add memory inotify watch descriptor for control group %s to hash map: %m", empty_to_root(u->cgroup_path)); - - return 0; - } -@@ -2012,9 +2012,9 @@ int unit_pick_cgroup_path(Unit *u) { - - r = unit_set_cgroup_path(u, path); - if (r == -EEXIST) -- return log_unit_error_errno(u, r, "Control group %s exists already.", path); -+ return log_unit_error_errno(u, r, "Control group %s exists already.", empty_to_root(path)); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to set unit's control group path to %s: %m", path); -+ return log_unit_error_errno(u, r, "Failed to set unit's control group path to %s: %m", empty_to_root(path)); - - return 0; - } -@@ -2042,7 +2042,7 @@ static int unit_update_cgroup( - /* First, create our own group */ - r = cg_create_everywhere(u->manager->cgroup_supported, target_mask, u->cgroup_path); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to create cgroup %s: %m", u->cgroup_path); -+ return log_unit_error_errno(u, r, "Failed to create cgroup %s: %m", empty_to_root(u->cgroup_path)); - created = r; - - /* Start watching it */ -@@ -2058,7 +2058,7 @@ static int unit_update_cgroup( - /* Enable all controllers we need */ - r = cg_enable_everywhere(u->manager->cgroup_supported, enable_mask, u->cgroup_path, &result_mask); - if (r < 0) -- log_unit_warning_errno(u, r, "Failed to enable/disable controllers on cgroup %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to enable/disable controllers on cgroup %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - /* Remember what's actually enabled now */ - u->cgroup_enabled_mask = result_mask; -@@ -2080,12 +2080,12 @@ static int unit_update_cgroup( - if (cg_all_unified() == 0) { - r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); - if (r < 0) -- log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); - r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); - if (r < 0) -- log_unit_warning_errno(u, r, "Failed to delete controller cgroups %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to delete controller cgroups %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } - - /* Set attributes */ -@@ -2175,7 +2175,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q, - "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", -- pid, again ? " directly" : "", p); -+ pid, again ? " directly" : "", empty_to_root(p)); - - if (again) { - int z; -@@ -2187,7 +2187,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); - if (z < 0) -- log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, p); -+ log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); - else - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ - } -@@ -2221,7 +2221,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - continue; /* Success! */ - - log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", -- pid, p, cgroup_controller_to_string(c)); -+ pid, empty_to_root(p), cgroup_controller_to_string(c)); - } - - /* So this controller is either not delegate or realized, or something else weird happened. In -@@ -2656,7 +2656,7 @@ void unit_prune_cgroup(Unit *u) { - * the containing slice is stopped. So even if we failed now, this unit shouldn't assume - * that the cgroup is still realized the next time it is started. Do not return early - * on error, continue cleanup. */ -- log_unit_full_errno(u, r == -EBUSY ? LOG_DEBUG : LOG_WARNING, r, "Failed to destroy cgroup %s, ignoring: %m", u->cgroup_path); -+ log_unit_full_errno(u, r == -EBUSY ? LOG_DEBUG : LOG_WARNING, r, "Failed to destroy cgroup %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - if (is_root_slice) - return; -@@ -2869,7 +2869,7 @@ void unit_add_to_cgroup_empty_queue(Unit *u) { - - r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path); - if (r < 0) { -- log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", empty_to_root(u->cgroup_path)); - return; - } - if (r == 0) -diff --git a/src/core/unit.c b/src/core/unit.c -index 30afd5a776..47966bcf0d 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -427,7 +427,7 @@ bool unit_may_gc(Unit *u) { - - r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", empty_to_root(u->cgroup_path)); - if (r <= 0) - return false; - } -@@ -4553,7 +4553,7 @@ int unit_kill_context( - log_func, u); - if (r < 0) { - if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT)) -- log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - } else if (r > 0) { - -@@ -5011,7 +5011,7 @@ int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) { - if (u->cgroup_path) { - r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL); - if (r < 0) { -- log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path); -+ log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", empty_to_root(u->cgroup_path)); - _exit(EXIT_CGROUP); - } - } --- -2.33.0 - diff --git a/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch b/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch deleted file mode 100644 index f6f3bcb54299a2421929975746073802661ac327..0000000000000000000000000000000000000000 --- a/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 098a25754b0835ffe078b12f75a1862cf528a986 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 15 Jul 2022 01:49:25 +0200 -Subject: [PATCH] coredump: Connect stdout/stderr to /dev/null before doing - anything - -When invoked as the coredump handler by the kernel, systemd-coredump's -stdout and stderr streams are closed. This is dangerous as this means -the fd's can get reallocated, leading to hard to debug errors such as -log messages ending up being appended to a compressed coredump file. - -To avoid such issues in the future, let's bind stdout/stderr to -/dev/null so the file descriptors can't get used for anything else. - -(cherry picked from commit 1f9d2a8199c261593aa6a11df9cce5d31e23c714) -(cherry picked from commit fba50bc0fc5a69e5573ceadb5d6224f365d3c3f5) -(cherry picked from commit 3e1224d4ac3f44558c7bc3ceec2d6080afe21dc3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/098a25754b0835ffe078b12f75a1862cf528a986 ---- - src/coredump/coredump.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index c6639c0100..72df958bc3 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -1268,6 +1268,13 @@ static int process_kernel(int argc, char* argv[]) { - struct iovec_wrapper *iovw; - int r; - -+ /* When we're invoked by the kernel, stdout/stderr are closed which is dangerous because the fds -+ * could get reallocated. To avoid hard to debug issues, let's instead bind stdout/stderr to -+ * /dev/null. */ -+ r = rearrange_stdio(STDIN_FILENO, -1, -1); -+ if (r < 0) -+ return log_error_errno(r, "Failed to connect stdout/stderr to /dev/null: %m"); -+ - log_debug("Processing coredump received from the kernel..."); - - iovw = iovw_new(); --- -2.27.0 - diff --git a/backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch b/backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch deleted file mode 100644 index eddefb467f2cd840d19e8b882938e36a55171d66..0000000000000000000000000000000000000000 --- a/backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6745eaa6308b835e2c5e68d49e9bece29fd37fa2 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 6 Oct 2021 13:20:36 +0100 -Subject: [PATCH] coredump: Don't log an error if D-Bus isn't running - -coredumpctl could be used in a chroot where D-Bus isn't running. If -that's the case, we shouldn't consider it an error if we can't connect -to the D-Bus daemon so let's reduce the severity of the error we log -when we can't connect to D-Bus because the socket doesn't exist. - -(cherry picked from commit 414bd2e786f9912f51b82e5fe4a1126179a5652a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6745eaa6308b835e2c5e68d49e9bece29fd37fa2 ---- - src/coredump/coredumpctl.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c -index def3650bb4..3d44e51e32 100644 ---- a/src/coredump/coredumpctl.c -+++ b/src/coredump/coredumpctl.c -@@ -1186,6 +1186,10 @@ static int check_units_active(void) { - return false; - - r = sd_bus_default_system(&bus); -+ if (r == -ENOENT) { -+ log_debug("D-Bus is not running, skipping active unit check"); -+ return 0; -+ } - if (r < 0) - return log_error_errno(r, "Failed to acquire bus: %m"); - --- -2.33.0 - diff --git a/backport-coredump-Fix-format-string-type-mismatch.patch b/backport-coredump-Fix-format-string-type-mismatch.patch deleted file mode 100644 index ae3e024739d43e33f6aa2020c9bcdde19a3aed8d..0000000000000000000000000000000000000000 --- a/backport-coredump-Fix-format-string-type-mismatch.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Sun, 22 May 2022 14:36:07 +0200 -Subject: [PATCH] coredump: Fix format string type mismatch - -Fixes #23471 - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4 - ---- - src/coredump/coredump.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index c9747416ad..994d968d87 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -512,8 +512,8 @@ static int save_external_coredump( - - if (truncated) - log_struct(LOG_INFO, -- LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size), -- "SIZE_LIMIT=%zu", max_size, -+ LOG_MESSAGE("Core file was truncated to %"PRIu64" bytes.", max_size), -+ "SIZE_LIMIT=%"PRIu64, max_size, - "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); - - r = fix_permissions(fd, tmp, fn, context, uid); --- -2.33.0 - diff --git a/backport-coredump-drop-an-unused-variable.patch b/backport-coredump-drop-an-unused-variable.patch deleted file mode 100644 index 8f3af80378bdbfaba3f8fc874486f4dd095d7e0c..0000000000000000000000000000000000000000 --- a/backport-coredump-drop-an-unused-variable.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9abe4cfc39579037937c63602ce8fe4f51746d38 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sat, 20 Aug 2022 21:04:24 +0200 -Subject: [PATCH] coredump: drop an unused variable - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9abe4cfc39579037937c63602ce8fe4f51746d38 - ---- - src/coredump/coredump.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 3ec41a32c3..98e7492811 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -931,7 +931,6 @@ log: - } - - static int save_context(Context *context, const struct iovec_wrapper *iovw) { -- unsigned count = 0; - const char *unit; - int r; - -@@ -955,7 +954,6 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { - p = startswith(iovec->iov_base, meta_field_names[i]); - if (p) { - context->meta[i] = p; -- count++; - break; - } - } --- -2.33.0 - diff --git a/backport-coredump-fix-filename-in-journal-when-not-compressed.patch b/backport-coredump-fix-filename-in-journal-when-not-compressed.patch deleted file mode 100644 index c328f72af45a12bb90e7db373bb29e430917688e..0000000000000000000000000000000000000000 --- a/backport-coredump-fix-filename-in-journal-when-not-compressed.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 01cf580c235ac4725051e6101ce5bcef1b97cc48 Mon Sep 17 00:00:00 2001 -From: xdavidwu -Date: Fri, 5 Nov 2021 22:37:06 +0800 -Subject: [PATCH] coredump: fix filename in journal when not compressed - -Since 587f2a5e564cf434c2e0a653f52b8f73e86092d8, filename for -not-compressed coredump is missing from save_external_coredump, making -it write COREDUMP_FILENAME= (empty) in journal, making `coredumpctl` -report it missing but it is actually saved. -This fixes it. - -(cherry picked from commit 0cfb0971f0fcd345cae76f6837d9801b6cbde407) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/01cf580c235ac4725051e6101ce5bcef1b97cc48 ---- - src/coredump/coredump.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 444b9ec374..1e34c4b5be 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -525,6 +525,7 @@ static int save_external_coredump( - if (lseek(fd, 0, SEEK_SET) == (off_t) -1) - return log_error_errno(errno, "Failed to seek on coredump %s: %m", fn); - -+ *ret_filename = TAKE_PTR(fn); - *ret_data_fd = TAKE_FD(fd); - *ret_size = (uint64_t) st.st_size; - *ret_truncated = truncated; --- -2.33.0 - diff --git a/backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch b/backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch deleted file mode 100644 index ef501bb2da203c51e89abad9ca1cb3efc748641d..0000000000000000000000000000000000000000 --- a/backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 765c366274db3ff841da237769f2b20a4ec3a045 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich -Date: Sat, 31 Jul 2021 13:07:54 +0100 -Subject: [PATCH] coredump/stacktrace.c: avoid crash on binaries without NHDR - -Observed as a crash on binaries built with gcc-master: - -``` - 3 0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0, - elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157 - 4 0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=, - name=0x5573b901a620 "/a", start=, arg=0x7fffc688f790) - at ../systemd-stable-249.2/src/coredump/stacktrace.c:306 - 5 0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0, - callback=callback@entry=0x5573b8841eb0 , arg=arg@entry=0x7fffc688f790, offset=offset@entry=0) - at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86 - 6 0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850, - executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366 - 7 coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850, - ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848) - at ../systemd-stable-249.2/src/coredump/stacktrace.c:406 - 8 0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990, - input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827 - 9 0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041 - 10 run (argv=, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416 - 11 main (argc=-964101648, argv=) at ../systemd-stable-249.2/src/coredump/coredump.c:1422 -``` - -Happens only on enabled elfutils symbolizer. - -Signed-off-by: Sergei Trofimovich -(cherry picked from commit 1da3eef262078905ec14c707eeab655a17ae8bd2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/765c366274db3ff841da237769f2b20a4ec3a045 ---- - src/coredump/stacktrace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c -index 0edb1b40a7..e46b324cdf 100644 ---- a/src/coredump/stacktrace.c -+++ b/src/coredump/stacktrace.c -@@ -153,6 +153,8 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e - program_header->p_offset, - program_header->p_filesz, - ELF_T_NHDR); -+ if (!data) -+ continue; - - while (note_offset < data->d_size && - (note_offset = gelf_getnote(data, note_offset, ¬e_header, &name_offset, &desc_offset)) > 0) { --- -2.33.0 - diff --git a/backport-coredumpctl-stop-truncating-information-about-coredu.patch b/backport-coredumpctl-stop-truncating-information-about-coredu.patch deleted file mode 100644 index 072fb9a6270d6003874966157c9de931aeffa94b..0000000000000000000000000000000000000000 --- a/backport-coredumpctl-stop-truncating-information-about-coredu.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 12 Oct 2021 19:46:25 +0200 -Subject: [PATCH] coredumpctl: stop truncating information about coredump -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -With the changes to limit that print 'Found module …' over and over, we were -hitting the journal field message limit, effectively truncating the info output. - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488. - -(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c ---- - src/coredump/coredumpctl.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c -index 3d44e51e32..7eba8330d7 100644 ---- a/src/coredump/coredumpctl.c -+++ b/src/coredump/coredumpctl.c -@@ -555,6 +555,8 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) { - assert(file); - assert(j); - -+ (void) sd_journal_set_data_threshold(j, 0); -+ - SD_JOURNAL_FOREACH_DATA(j, d, l) { - RETRIEVE(d, l, "MESSAGE_ID", mid); - RETRIEVE(d, l, "COREDUMP_PID", pid); --- -2.33.0 - diff --git a/backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch b/backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch deleted file mode 100644 index e63c2e89f4a3c9e253c9c55ce601f5a5b0a4896a..0000000000000000000000000000000000000000 --- a/backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch +++ /dev/null @@ -1,995 +0,0 @@ -From 5f4862e5e1cd2a7ef302947b8634f7980e8d6275 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 09:47:08 +0200 -Subject: [PATCH] creds-util: switch to OpenSSL 3.0 APIs - -Let's switch from the low-level SHA256 APIs to EVP APIs. The former are -deprecated on OpenSSL 3.0, the latter are supported both by old -OpenSSL and by OpenSSL 3.0, hence are the better choice. - -Fixes: #20775 -(cherry picked from commit 18f568b8e64b48f6aee204cc6384b4796cd27eb0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f4862e5e1cd2a7ef302947b8634f7980e8d6275 ---- - src/shared/creds-util.c | 954 ++++++++++++++++++++++++++++++++++++++ - src/shared/openssl-util.h | 1 + - 2 files changed, 955 insertions(+) - create mode 100644 src/shared/creds-util.c - -diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c -new file mode 100644 -index 0000000000..b764198b76 ---- /dev/null -+++ b/src/shared/creds-util.c -@@ -0,0 +1,954 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include -+ -+#if HAVE_OPENSSL -+#include -+#endif -+ -+#include "sd-id128.h" -+ -+#include "blockdev-util.h" -+#include "chattr-util.h" -+#include "creds-util.h" -+#include "env-util.h" -+#include "fd-util.h" -+#include "fileio.h" -+#include "fs-util.h" -+#include "io-util.h" -+#include "memory-util.h" -+#include "mkdir.h" -+#include "openssl-util.h" -+#include "path-util.h" -+#include "random-util.h" -+#include "sparse-endian.h" -+#include "stat-util.h" -+#include "tpm2-util.h" -+#include "virt.h" -+ -+bool credential_name_valid(const char *s) { -+ /* We want that credential names are both valid in filenames (since that's our primary way to pass -+ * them around) and as fdnames (which is how we might want to pass them around eventually) */ -+ return filename_is_valid(s) && fdname_is_valid(s); -+} -+ -+int get_credentials_dir(const char **ret) { -+ const char *e; -+ -+ assert(ret); -+ -+ e = secure_getenv("CREDENTIALS_DIRECTORY"); -+ if (!e) -+ return -ENXIO; -+ -+ if (!path_is_absolute(e) || !path_is_normalized(e)) -+ return -EINVAL; -+ -+ *ret = e; -+ return 0; -+} -+ -+int read_credential(const char *name, void **ret, size_t *ret_size) { -+ _cleanup_free_ char *fn = NULL; -+ const char *d; -+ int r; -+ -+ assert(ret); -+ -+ if (!credential_name_valid(name)) -+ return -EINVAL; -+ -+ r = get_credentials_dir(&d); -+ if (r < 0) -+ return r; -+ -+ fn = path_join(d, name); -+ if (!fn) -+ return -ENOMEM; -+ -+ return read_full_file_full( -+ AT_FDCWD, fn, -+ UINT64_MAX, SIZE_MAX, -+ READ_FULL_FILE_SECURE, -+ NULL, -+ (char**) ret, ret_size); -+} -+ -+#if HAVE_OPENSSL -+ -+#define CREDENTIAL_HOST_SECRET_SIZE 4096 -+ -+static const sd_id128_t credential_app_id = -+ SD_ID128_MAKE(d3,ac,ec,ba,0d,ad,4c,df,b8,c9,38,15,28,93,6c,58); -+ -+struct credential_host_secret_format { -+ /* The hashed machine ID of the machine this belongs to. Why? We want to ensure that each machine -+ * gets its own secret, even if people forget to flush out this secret file. Hence we bind it to the -+ * machine ID, for which there's hopefully a better chance it will be flushed out. We use a hashed -+ * machine ID instead of the literal one, because it's trivial to, and it might be a good idea not -+ * being able to directly associate a secret key file with a host. */ -+ sd_id128_t machine_id; -+ -+ /* The actual secret key */ -+ uint8_t data[CREDENTIAL_HOST_SECRET_SIZE]; -+} _packed_; -+ -+static int make_credential_host_secret( -+ int dfd, -+ const sd_id128_t machine_id, -+ const char *fn, -+ void **ret_data, -+ size_t *ret_size) { -+ -+ struct credential_host_secret_format buf; -+ _cleanup_free_ char *t = NULL; -+ _cleanup_close_ int fd = -1; -+ int r; -+ -+ assert(dfd >= 0); -+ assert(fn); -+ -+ fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400); -+ if (fd < 0) { -+ log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m"); -+ -+ if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0) -+ return -ENOMEM; -+ -+ fd = openat(dfd, t, O_CLOEXEC|O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0400); -+ if (fd < 0) -+ return -errno; -+ } -+ -+ r = chattr_secret(fd, 0); -+ if (r < 0) -+ log_debug_errno(r, "Failed to set file attributes for secrets file, ignoring: %m"); -+ -+ buf = (struct credential_host_secret_format) { -+ .machine_id = machine_id, -+ }; -+ -+ r = genuine_random_bytes(buf.data, sizeof(buf.data), RANDOM_BLOCK); -+ if (r < 0) -+ goto finish; -+ -+ r = loop_write(fd, &buf, sizeof(buf), false); -+ if (r < 0) -+ goto finish; -+ -+ if (fsync(fd) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (t) { -+ r = rename_noreplace(dfd, t, dfd, fn); -+ if (r < 0) -+ goto finish; -+ -+ t = mfree(t); -+ } else if (linkat(fd, "", dfd, fn, AT_EMPTY_PATH) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (fsync(dfd) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (ret_data) { -+ void *copy; -+ -+ copy = memdup(buf.data, sizeof(buf.data)); -+ if (!copy) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ *ret_data = copy; -+ } -+ -+ if (ret_size) -+ *ret_size = sizeof(buf.data); -+ -+ r = 0; -+ -+finish: -+ if (t && unlinkat(dfd, t, 0) < 0) -+ log_debug_errno(errno, "Failed to remove temporary credential key: %m"); -+ -+ explicit_bzero_safe(&buf, sizeof(buf)); -+ return r; -+} -+ -+int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) { -+ _cleanup_free_ char *efn = NULL, *ep = NULL; -+ _cleanup_close_ int dfd = -1; -+ sd_id128_t machine_id; -+ const char *e, *fn, *p; -+ int r; -+ -+ r = sd_id128_get_machine_app_specific(credential_app_id, &machine_id); -+ if (r < 0) -+ return r; -+ -+ e = secure_getenv("SYSTEMD_CREDENTIAL_SECRET"); -+ if (e) { -+ if (!path_is_normalized(e)) -+ return -EINVAL; -+ if (!path_is_absolute(e)) -+ return -EINVAL; -+ -+ r = path_extract_directory(e, &ep); -+ if (r < 0) -+ return r; -+ -+ r = path_extract_filename(e, &efn); -+ if (r < 0) -+ return r; -+ -+ p = ep; -+ fn = efn; -+ } else { -+ p = "/var/lib/systemd"; -+ fn = "credential.secret"; -+ } -+ -+ (void) mkdir_p(p, 0755); -+ dfd = open(p, O_CLOEXEC|O_DIRECTORY|O_RDONLY); -+ if (dfd < 0) -+ return -errno; -+ -+ if (FLAGS_SET(flags, CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS)) { -+ r = fd_is_temporary_fs(dfd); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ return -ENOMEDIUM; -+ } -+ -+ for (unsigned attempt = 0;; attempt++) { -+ _cleanup_(erase_and_freep) struct credential_host_secret_format *f = NULL; -+ _cleanup_close_ int fd = -1; -+ size_t l = 0; -+ ssize_t n = 0; -+ struct stat st; -+ -+ if (attempt >= 3) /* Somebody is playing games with us */ -+ return -EIO; -+ -+ fd = openat(dfd, fn, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); -+ if (fd < 0) { -+ if (errno != ENOENT || !FLAGS_SET(flags, CREDENTIAL_SECRET_GENERATE)) -+ return -errno; -+ -+ r = make_credential_host_secret(dfd, machine_id, fn, ret, ret_size); -+ if (r == -EEXIST) { -+ log_debug_errno(r, "Credential secret was created while we were creating it. Trying to read new secret."); -+ continue; -+ } -+ if (r < 0) -+ return r; -+ -+ return 0; -+ } -+ -+ if (fstat(fd, &st) < 0) -+ return -errno; -+ -+ r = stat_verify_regular(&st); -+ if (r < 0) -+ return r; -+ if (st.st_nlink == 0) /* Deleted by now, try again */ -+ continue; -+ if (st.st_nlink > 1) -+ return -EPERM; /* Our deletion check won't work if hardlinked somewhere else */ -+ if ((st.st_mode & 07777) != 0400) /* Don't use file if not 0400 access mode */ -+ return -EPERM; -+ if (st.st_size > 16*1024*1024) -+ return -E2BIG; -+ l = st.st_size; -+ if (l < offsetof(struct credential_host_secret_format, data) + 1) -+ return -EINVAL; -+ -+ f = malloc(l+1); -+ if (!f) -+ return -ENOMEM; -+ -+ n = read(fd, f, l+1); -+ if (n < 0) -+ return -errno; -+ if ((size_t) n != l) /* What? The size changed? */ -+ return -EIO; -+ -+ if (sd_id128_equal(machine_id, f->machine_id)) { -+ size_t sz; -+ -+ if (FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED)) { -+ r = fd_is_encrypted(fd); -+ if (r < 0) -+ log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.", p, fn); -+ else if (r == 0) -+ log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.", p, fn); -+ } -+ -+ sz = l - offsetof(struct credential_host_secret_format, data); -+ assert(sz > 0); -+ -+ if (ret) { -+ void *copy; -+ -+ assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */ -+ -+ copy = memdup(f->data, sz); -+ if (!copy) -+ return -ENOMEM; -+ -+ *ret = copy; -+ } -+ -+ if (ret_size) -+ *ret_size = sz; -+ -+ return 0; -+ } -+ -+ /* Hmm, this secret is from somewhere else. Let's delete the file. Let's first acquire a lock -+ * to ensure we are the only ones accessing the file while we delete it. */ -+ -+ if (flock(fd, LOCK_EX) < 0) -+ return -errno; -+ -+ /* Before we delete it check that the file is still linked into the file system */ -+ if (fstat(fd, &st) < 0) -+ return -errno; -+ if (st.st_nlink == 0) /* Already deleted by now? */ -+ continue; -+ if (st.st_nlink != 1) /* Safety check, someone is playing games with us */ -+ return -EPERM; -+ -+ if (unlinkat(dfd, fn, 0) < 0) -+ return -errno; -+ -+ /* And now try again */ -+ } -+} -+ -+/* Construction is like this: -+ * -+ * A symmetric encryption key is derived from: -+ * -+ * 1. Either the "host" key (a key stored in /var/lib/credential.secret) -+ * -+ * 2. A key generated by letting the TPM2 calculate an HMAC hash of some nonce we pass to it, keyed -+ * by a key derived from its internal seed key. -+ * -+ * 3. The concatenation of the above. -+ * -+ * The above is hashed with SHA256 which is then used as encryption key for AES256-GCM. The encrypted -+ * credential is a short (unencrypted) header describing which of the three keys to use, the IV to use for -+ * AES256-GCM and some more meta information (sizes of certain objects) that is strictly speaking redundant, -+ * but kinda nice to have since we can have a more generic parser. If the TPM2 key is used this is followed -+ * by another (unencrypted) header, with information about the TPM2 policy used (specifically: the PCR mask -+ * to bind against, and a hash of the resulting policy — the latter being redundant, but speeding up things a -+ * bit, since we can more quickly refuse PCR state), followed by a sealed/exported TPM2 HMAC key. This is -+ * then followed by the encrypted data, which begins with a metadata header (which contains validity -+ * timestamps as well as the credential name), followed by the actual credential payload. The file ends in -+ * the AES256-GCM tag. To make things simple, the AES256-GCM AAD covers the main and the TPM2 header in -+ * full. This means the whole file is either protected by AAD, or is ciphertext, or is the tag. No -+ * unprotected data is included. -+ */ -+ -+struct _packed_ encrypted_credential_header { -+ sd_id128_t id; -+ le32_t key_size; -+ le32_t block_size; -+ le32_t iv_size; -+ le32_t tag_size; -+ uint8_t iv[]; -+ /* Followed by NUL bytes until next 8 byte boundary */ -+}; -+ -+struct _packed_ tpm2_credential_header { -+ le64_t pcr_mask; /* Note that the spec for PC Clients only mandates 24 PCRs, and that's what systems -+ * generally have. But keep the door open for more. */ -+ le16_t pcr_bank; /* For now, either TPM2_ALG_SHA256 or TPM2_ALG_SHA1 */ -+ le16_t primary_alg; /* Primary key algorithm (either TPM2_ALG_RSA or TPM2_ALG_ECC for now) */ -+ le32_t blob_size; -+ le32_t policy_hash_size; -+ uint8_t policy_hash_and_blob[]; -+ /* Followed by NUL bytes until next 8 byte boundary */ -+}; -+ -+struct _packed_ metadata_credential_header { -+ le64_t timestamp; -+ le64_t not_after; -+ le32_t name_size; -+ char name[]; -+ /* Followed by NUL bytes until next 8 byte boundary */ -+}; -+ -+/* Some generic limit for parts of the encrypted credential for which we don't know the right size ahead of -+ * time, but where we are really sure it won't be larger than this. Should be larger than any possible IV, -+ * padding, tag size and so on. This is purely used for early filtering out of invalid sizes. */ -+#define CREDENTIAL_FIELD_SIZE_MAX (16U*1024U) -+ -+static int sha256_hash_host_and_tpm2_key( -+ const void *host_key, -+ size_t host_key_size, -+ const void *tpm2_key, -+ size_t tpm2_key_size, -+ uint8_t ret[static SHA256_DIGEST_LENGTH]) { -+ -+ _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL; -+ unsigned l; -+ -+ assert(host_key_size == 0 || host_key); -+ assert(tpm2_key_size == 0 || tpm2_key); -+ assert(ret); -+ -+ /* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */ -+ -+ md = EVP_MD_CTX_new(); -+ if (!md) -+ return log_oom(); -+ -+ if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context."); -+ -+ if (host_key && EVP_DigestUpdate(md, host_key, host_key_size) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key."); -+ -+ if (tpm2_key && EVP_DigestUpdate(md, tpm2_key, tpm2_key_size) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key."); -+ -+ assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH); -+ -+ if (EVP_DigestFinal_ex(md, ret, &l) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash."); -+ -+ assert(l == SHA256_DIGEST_LENGTH); -+ return 0; -+} -+ -+int encrypt_credential_and_warn( -+ sd_id128_t with_key, -+ const char *name, -+ usec_t timestamp, -+ usec_t not_after, -+ const char *tpm2_device, -+ uint32_t tpm2_pcr_mask, -+ const void *input, -+ size_t input_size, -+ void **ret, -+ size_t *ret_size) { -+ -+ _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL; -+ _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL; -+ size_t host_key_size = 0, tpm2_key_size = 0, tpm2_blob_size = 0, tpm2_policy_hash_size = 0, output_size, p, ml; -+ _cleanup_free_ void *tpm2_blob = NULL, *tpm2_policy_hash = NULL, *iv = NULL, *output = NULL; -+ _cleanup_free_ struct metadata_credential_header *m = NULL; -+ uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0; -+ struct encrypted_credential_header *h; -+ int ksz, bsz, ivsz, tsz, added, r; -+ uint8_t md[SHA256_DIGEST_LENGTH]; -+ const EVP_CIPHER *cc; -+#if HAVE_TPM2 -+ bool try_tpm2 = false; -+#endif -+ sd_id128_t id; -+ -+ assert(input || input_size == 0); -+ assert(ret); -+ assert(ret_size); -+ -+ if (name && !credential_name_valid(name)) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid credential name: %s", name); -+ -+ if (not_after != USEC_INFINITY && timestamp != USEC_INFINITY && not_after < timestamp) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential is invalidated before it is valid (" USEC_FMT " < " USEC_FMT ").", not_after, timestamp); -+ -+ if (DEBUG_LOGGING) { -+ char buf[FORMAT_TIMESTAMP_MAX]; -+ -+ if (name) -+ log_debug("Including credential name '%s' in encrypted credential.", name); -+ if (timestamp != USEC_INFINITY) -+ log_debug("Including timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), timestamp)); -+ if (not_after != USEC_INFINITY) -+ log_debug("Including not-after timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), not_after)); -+ } -+ -+ if (sd_id128_is_null(with_key) || -+ sd_id128_in_set(with_key, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) { -+ -+ r = get_credential_host_secret( -+ CREDENTIAL_SECRET_GENERATE| -+ CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED| -+ (sd_id128_is_null(with_key) ? CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS : 0), -+ &host_key, -+ &host_key_size); -+ if (r == -ENOMEDIUM && sd_id128_is_null(with_key)) -+ log_debug_errno(r, "Credential host secret location on temporary file system, not using."); -+ else if (r < 0) -+ return log_error_errno(r, "Failed to determine local credential host secret: %m"); -+ } -+ -+#if HAVE_TPM2 -+ if (sd_id128_is_null(with_key)) { -+ /* If automatic mode is selected and we are running in a container, let's not try TPM2. OTOH -+ * if user picks TPM2 explicitly, let's always honour the request and try. */ -+ -+ r = detect_container(); -+ if (r < 0) -+ log_debug_errno(r, "Failed to determine whether we are running in a container, ignoring: %m"); -+ else if (r > 0) -+ log_debug("Running in container, not attempting to use TPM2."); -+ -+ try_tpm2 = r <= 0; -+ } -+ -+ if (try_tpm2 || -+ sd_id128_in_set(with_key, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) { -+ -+ r = tpm2_seal(tpm2_device, -+ tpm2_pcr_mask, -+ &tpm2_key, -+ &tpm2_key_size, -+ &tpm2_blob, -+ &tpm2_blob_size, -+ &tpm2_policy_hash, -+ &tpm2_policy_hash_size, -+ &tpm2_pcr_bank, -+ &tpm2_primary_alg); -+ if (r < 0) { -+ if (!sd_id128_is_null(with_key)) -+ return r; -+ -+ log_debug_errno(r, "TPM2 sealing didn't work, not using: %m"); -+ } -+ -+ assert(tpm2_blob_size <= CREDENTIAL_FIELD_SIZE_MAX); -+ assert(tpm2_policy_hash_size <= CREDENTIAL_FIELD_SIZE_MAX); -+ } -+#endif -+ -+ if (sd_id128_is_null(with_key)) { -+ /* Let's settle the key type in auto mode now. */ -+ -+ if (host_key && tpm2_key) -+ id = CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC; -+ else if (tpm2_key) -+ id = CRED_AES256_GCM_BY_TPM2_HMAC; -+ else if (host_key) -+ id = CRED_AES256_GCM_BY_HOST; -+ else -+ return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), -+ "TPM2 not available and host key located on temporary file system, no encryption key available."); -+ } else -+ id = with_key; -+ -+ /* Let's now take the host key and the TPM2 key and hash it together, to use as encryption key for the data */ -+ r = sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md); -+ if (r < 0) -+ return r; -+ -+ assert_se(cc = EVP_aes_256_gcm()); -+ -+ ksz = EVP_CIPHER_key_length(cc); -+ assert(ksz == sizeof(md)); -+ -+ bsz = EVP_CIPHER_block_size(cc); -+ assert(bsz > 0); -+ assert((size_t) bsz <= CREDENTIAL_FIELD_SIZE_MAX); -+ -+ ivsz = EVP_CIPHER_iv_length(cc); -+ if (ivsz > 0) { -+ assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX); -+ -+ iv = malloc(ivsz); -+ if (!iv) -+ return log_oom(); -+ -+ r = genuine_random_bytes(iv, ivsz, RANDOM_BLOCK); -+ if (r < 0) -+ return log_error_errno(r, "Failed to acquired randomized IV: %m"); -+ } -+ -+ tsz = 16; /* FIXME: On OpenSSL 3 there is EVP_CIPHER_CTX_get_tag_length(), until then let's hardcode this */ -+ -+ context = EVP_CIPHER_CTX_new(); -+ if (!context) -+ return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate encryption object: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_EncryptInit_ex(context, cc, NULL, md, iv) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ /* Just an upper estimate */ -+ output_size = -+ ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz) + -+ ALIGN8(tpm2_key ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size : 0) + -+ ALIGN8(offsetof(struct metadata_credential_header, name) + strlen_ptr(name)) + -+ input_size + 2U * (size_t) bsz + -+ tsz; -+ -+ output = malloc0(output_size); -+ if (!output) -+ return log_oom(); -+ -+ h = (struct encrypted_credential_header*) output; -+ h->id = id; -+ h->block_size = htole32(bsz); -+ h->key_size = htole32(ksz); -+ h->tag_size = htole32(tsz); -+ h->iv_size = htole32(ivsz); -+ memcpy(h->iv, iv, ivsz); -+ -+ p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz); -+ -+ if (tpm2_key) { -+ struct tpm2_credential_header *t; -+ -+ t = (struct tpm2_credential_header*) ((uint8_t*) output + p); -+ t->pcr_mask = htole64(tpm2_pcr_mask); -+ t->pcr_bank = htole16(tpm2_pcr_bank); -+ t->primary_alg = htole16(tpm2_primary_alg); -+ t->blob_size = htole32(tpm2_blob_size); -+ t->policy_hash_size = htole32(tpm2_policy_hash_size); -+ memcpy(t->policy_hash_and_blob, tpm2_blob, tpm2_blob_size); -+ memcpy(t->policy_hash_and_blob + tpm2_blob_size, tpm2_policy_hash, tpm2_policy_hash_size); -+ -+ p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size); -+ } -+ -+ /* Pass the encrypted + TPM2 header as AAD */ -+ if (EVP_EncryptUpdate(context, NULL, &added, output, p) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ /* Now construct the metadata header */ -+ ml = strlen_ptr(name); -+ m = malloc0(ALIGN8(offsetof(struct metadata_credential_header, name) + ml)); -+ if (!m) -+ return log_oom(); -+ -+ m->timestamp = htole64(timestamp); -+ m->not_after = htole64(not_after); -+ m->name_size = htole32(ml); -+ memcpy_safe(m->name, name, ml); -+ -+ /* And encrypt the metadata header */ -+ if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, (const unsigned char*) m, ALIGN8(offsetof(struct metadata_credential_header, name) + ml)) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt metadata header: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= output_size - p); -+ p += added; -+ -+ /* Then encrypt the plaintext */ -+ if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, input, input_size) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= output_size - p); -+ p += added; -+ -+ /* Finalize */ -+ if (EVP_EncryptFinal_ex(context, (uint8_t*) output + p, &added) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize data encryption: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= output_size - p); -+ p += added; -+ -+ assert(p <= output_size - tsz); -+ -+ /* Append tag */ -+ if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_GET_TAG, tsz, (uint8_t*) output + p) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get tag: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ p += tsz; -+ assert(p <= output_size); -+ -+ if (DEBUG_LOGGING && input_size > 0) { -+ size_t base64_size; -+ -+ base64_size = DIV_ROUND_UP(p * 4, 3); /* Include base64 size increase in debug output */ -+ assert(base64_size >= input_size); -+ log_debug("Input of %zu bytes grew to output of %zu bytes (+%2zu%%).", input_size, base64_size, base64_size * 100 / input_size - 100); -+ } -+ -+ *ret = TAKE_PTR(output); -+ *ret_size = p; -+ -+ return 0; -+} -+ -+int decrypt_credential_and_warn( -+ const char *validate_name, -+ usec_t validate_timestamp, -+ const char *tpm2_device, -+ const void *input, -+ size_t input_size, -+ void **ret, -+ size_t *ret_size) { -+ -+ _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL, *plaintext = NULL; -+ _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL; -+ size_t host_key_size = 0, tpm2_key_size = 0, plaintext_size, p, hs; -+ struct encrypted_credential_header *h; -+ struct metadata_credential_header *m; -+ uint8_t md[SHA256_DIGEST_LENGTH]; -+ bool with_tpm2, with_host_key; -+ const EVP_CIPHER *cc; -+ int r, added; -+ -+ assert(input || input_size == 0); -+ assert(ret); -+ assert(ret_size); -+ -+ h = (struct encrypted_credential_header*) input; -+ -+ /* The ID must fit in, for the current and all future formats */ -+ if (input_size < sizeof(h->id)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ with_host_key = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC); -+ with_tpm2 = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC); -+ -+ if (!with_host_key && !with_tpm2) -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unknown encryption format, or corrupted data: %m"); -+ -+ /* Now we know the minimum header size */ -+ if (input_size < offsetof(struct encrypted_credential_header, iv)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ /* Verify some basic header values */ -+ if (le32toh(h->key_size) != sizeof(md)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header."); -+ if (le32toh(h->block_size) <= 0 || le32toh(h->block_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header."); -+ if (le32toh(h->iv_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "IV size too large."); -+ if (le32toh(h->tag_size) != 16) /* FIXME: On OpenSSL 3, let's verify via EVP_CIPHER_CTX_get_tag_length() */ -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected tag size in header."); -+ -+ /* Ensure we have space for the full header now (we don't know the size of the name hence this is a -+ * lower limit only) */ -+ if (input_size < -+ ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) + -+ ALIGN8((with_tpm2 ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) : 0)) + -+ ALIGN8(offsetof(struct metadata_credential_header, name)) + -+ le32toh(h->tag_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)); -+ -+ if (with_tpm2) { -+#if HAVE_TPM2 -+ struct tpm2_credential_header* t = (struct tpm2_credential_header*) ((uint8_t*) input + p); -+ -+ if (le64toh(t->pcr_mask) >= (UINT64_C(1) << TPM2_PCRS_MAX)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range."); -+ if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported"); -+ if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported."); -+ if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size."); -+ if (le32toh(t->policy_hash_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 policy hash size."); -+ -+ /* Ensure we have space for the full TPM2 header now (still don't know the name, and its size -+ * though, hence still just a lower limit test only) */ -+ if (input_size < -+ ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) + -+ ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + le32toh(t->blob_size) + le32toh(t->policy_hash_size)) + -+ ALIGN8(offsetof(struct metadata_credential_header, name)) + -+ le32toh(h->tag_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ r = tpm2_unseal(tpm2_device, -+ le64toh(t->pcr_mask), -+ le16toh(t->pcr_bank), -+ le16toh(t->primary_alg), -+ t->policy_hash_and_blob, -+ le32toh(t->blob_size), -+ t->policy_hash_and_blob + le32toh(t->blob_size), -+ le32toh(t->policy_hash_size), -+ &tpm2_key, -+ &tpm2_key_size); -+ if (r < 0) -+ return r; -+ -+ p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + -+ le32toh(t->blob_size) + -+ le32toh(t->policy_hash_size)); -+#else -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Credential requires TPM2 support, but TPM2 support not available."); -+#endif -+ } -+ -+ if (with_host_key) { -+ r = get_credential_host_secret( -+ 0, -+ &host_key, -+ &host_key_size); -+ if (r < 0) -+ return log_error_errno(r, "Failed to determine local credential key: %m"); -+ } -+ -+ sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md); -+ -+ assert_se(cc = EVP_aes_256_gcm()); -+ -+ /* Make sure cipher expectations match the header */ -+ if (EVP_CIPHER_key_length(cc) != (int) le32toh(h->key_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header."); -+ if (EVP_CIPHER_block_size(cc) != (int) le32toh(h->block_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header."); -+ -+ context = EVP_CIPHER_CTX_new(); -+ if (!context) -+ return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate decryption object: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptInit_ex(context, cc, NULL, NULL, NULL) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_IVLEN, le32toh(h->iv_size), NULL) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV size on decryption context: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptInit_ex(context, NULL, NULL, md, h->iv) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV and key: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptUpdate(context, NULL, &added, input, p) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ plaintext = malloc(input_size - p - le32toh(h->tag_size)); -+ if (!plaintext) -+ return -ENOMEM; -+ -+ if (EVP_DecryptUpdate( -+ context, -+ plaintext, -+ &added, -+ (uint8_t*) input + p, -+ input_size - p - le32toh(h->tag_size)) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= input_size - p - le32toh(h->tag_size)); -+ plaintext_size = added; -+ -+ if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_TAG, le32toh(h->tag_size), (uint8_t*) input + input_size - le32toh(h->tag_size)) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set tag: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptFinal_ex(context, (uint8_t*) plaintext + plaintext_size, &added) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Decryption failed (incorrect key?): %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ plaintext_size += added; -+ -+ if (plaintext_size < ALIGN8(offsetof(struct metadata_credential_header, name))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete."); -+ -+ m = plaintext; -+ -+ if (le64toh(m->timestamp) != USEC_INFINITY && -+ le64toh(m->not_after) != USEC_INFINITY && -+ le64toh(m->timestamp) >= le64toh(m->not_after)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Timestamps of credential are not in order, refusing."); -+ -+ if (le32toh(m->name_size) > CREDENTIAL_NAME_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name too long, refusing."); -+ -+ hs = ALIGN8(offsetof(struct metadata_credential_header, name) + le32toh(m->name_size)); -+ if (plaintext_size < hs) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete."); -+ -+ if (le32toh(m->name_size) > 0) { -+ _cleanup_free_ char *embedded_name = NULL; -+ -+ if (memchr(m->name, 0, le32toh(m->name_size))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name contains NUL byte, refusing."); -+ -+ embedded_name = memdup_suffix0(m->name, le32toh(m->name_size)); -+ if (!embedded_name) -+ return log_oom(); -+ -+ if (!credential_name_valid(embedded_name)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name is not valid, refusing."); -+ -+ if (validate_name && !streq(embedded_name, validate_name)) { -+ -+ r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); -+ if (r < 0 && r != -ENXIO) -+ log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m"); -+ if (r != 0) -+ return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "Embedded credential name '%s' does not match filename '%s', refusing.", embedded_name, validate_name); -+ -+ log_debug("Embedded credential name '%s' does not match expected name '%s', but configured to use credential anyway.", embedded_name, validate_name); -+ } -+ } -+ -+ if (validate_timestamp != USEC_INFINITY) { -+ if (le64toh(m->timestamp) != USEC_INFINITY && le64toh(m->timestamp) > validate_timestamp) -+ log_debug("Credential timestamp is from the future, assuming clock skew."); -+ -+ if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) { -+ -+ r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); -+ if (r < 0 && r != -ENXIO) -+ log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m"); -+ if (r != 0) -+ return log_error_errno(SYNTHETIC_ERRNO(ESTALE), "Credential's time passed, refusing to use."); -+ -+ log_debug("Credential not-after timestamp has passed, but configured to use credential anyway."); -+ } -+ } -+ -+ if (ret) { -+ char *without_metadata; -+ -+ without_metadata = memdup((uint8_t*) plaintext + hs, plaintext_size - hs); -+ if (!without_metadata) -+ return log_oom(); -+ -+ *ret = without_metadata; -+ } -+ -+ if (ret_size) -+ *ret_size = plaintext_size - hs; -+ -+ return 0; -+} -+ -+#else -+ -+int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) { -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); -+} -+ -+int encrypt_credential_and_warn(sd_id128_t with_key, const char *name, usec_t timestamp, usec_t not_after, const char *tpm2_device, uint32_t tpm2_pcr_mask, const void *input, size_t input_size, void **ret, size_t *ret_size) { -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); -+} -+ -+int decrypt_credential_and_warn(const char *validate_name, usec_t validate_timestamp, const char *tpm2_device, const void *input, size_t input_size, void **ret, size_t *ret_size) { -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); -+} -+ -+#endif -diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h -index e6c2bd9310..ce8207414f 100644 ---- a/src/shared/openssl-util.h -+++ b/src/shared/openssl-util.h -@@ -11,6 +11,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL); - DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL); - DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); - DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); -+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL); - - int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size); - --- -2.33.0 - diff --git a/backport-cryptenroll-fix-wrong-error-messages.patch b/backport-cryptenroll-fix-wrong-error-messages.patch deleted file mode 100644 index b234f971f787437361aeecd1c73a0083b6a1afaf..0000000000000000000000000000000000000000 --- a/backport-cryptenroll-fix-wrong-error-messages.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a9149ef71dbfafd964b4e509690418be602c6eb6 Mon Sep 17 00:00:00 2001 -From: Gibeom Gwon -Date: Fri, 3 Dec 2021 15:10:50 +0900 -Subject: [PATCH] cryptenroll: fix wrong error messages - -PKCS#11 -> FIDO2 in cryptenroll-fido2.c - -(cherry picked from commit 4b9aa29bc9ded35147f9fa77f77e13c3c6fa7fcf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a9149ef71dbfafd964b4e509690418be602c6eb6 ---- - src/cryptenroll/cryptenroll-fido2.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c -index fbf76ee586..9e1d94bd16 100644 ---- a/src/cryptenroll/cryptenroll-fido2.c -+++ b/src/cryptenroll/cryptenroll-fido2.c -@@ -67,7 +67,7 @@ int enroll_fido2( - base64_encoded, - strlen(base64_encoded)); - if (keyslot < 0) -- return log_error_errno(keyslot, "Failed to add new PKCS#11 key to %s: %m", node); -+ return log_error_errno(keyslot, "Failed to add new FIDO2 key to %s: %m", node); - - if (asprintf(&keyslot_as_string, "%i", keyslot) < 0) - return log_oom(); -@@ -83,7 +83,7 @@ int enroll_fido2( - JSON_BUILD_PAIR("fido2-up-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UP))), - JSON_BUILD_PAIR("fido2-uv-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UV))))); - if (r < 0) -- return log_error_errno(r, "Failed to prepare PKCS#11 JSON token object: %m"); -+ return log_error_errno(r, "Failed to prepare FIDO2 JSON token object: %m"); - - r = cryptsetup_add_token_json(cd, v); - if (r < 0) --- -2.33.0 - diff --git a/backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch b/backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch deleted file mode 100644 index db4033d5573e6b7f3c398955a7de58d03dab6c55..0000000000000000000000000000000000000000 --- a/backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 84188acc6fe4a2f04c91c2c4d7b20a3166caa63b Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 30 Dec 2021 00:53:29 +0000 -Subject: [PATCH] dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one() - -And pass it through to bus_wait_for_jobs() - -(cherry picked from commit 86980de64bf8c03505eec729808f52f3b3042998) -(cherry picked from commit 0c4fe2e3dcde8225006a36cff643c112bd6c6523) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84188acc6fe4a2f04c91c2c4d7b20a3166caa63b ---- - src/mount/mount-tool.c | 6 +++--- - src/nspawn/nspawn-register.c | 2 +- - src/run/run.c | 6 +++--- - src/shared/bus-wait-for-jobs.c | 4 ++-- - src/shared/bus-wait-for-jobs.h | 2 +- - src/shared/tests.c | 2 +- - 6 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c -index 70b4c5a765..9659355c33 100644 ---- a/src/mount/mount-tool.c -+++ b/src/mount/mount-tool.c -@@ -600,7 +600,7 @@ static int start_transient_mount( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -@@ -709,7 +709,7 @@ static int start_transient_automount( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -@@ -875,7 +875,7 @@ static int stop_mount( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c -index 2e6c12b3b7..c78bead4a4 100644 ---- a/src/nspawn/nspawn-register.c -+++ b/src/nspawn/nspawn-register.c -@@ -313,7 +313,7 @@ int allocate_scope( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, false); -+ r = bus_wait_for_jobs_one(w, object, false, NULL); - if (r < 0) - return r; - -diff --git a/src/run/run.c b/src/run/run.c -index 1c83e36e4e..9a7e1efaca 100644 ---- a/src/run/run.c -+++ b/src/run/run.c -@@ -1228,7 +1228,7 @@ static int start_transient_service( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -@@ -1473,7 +1473,7 @@ static int start_transient_scope(sd_bus *bus) { - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - -@@ -1693,7 +1693,7 @@ static int start_transient_trigger( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - -diff --git a/src/shared/bus-wait-for-jobs.c b/src/shared/bus-wait-for-jobs.c -index e4a3ab9a95..0cd47d5787 100644 ---- a/src/shared/bus-wait-for-jobs.c -+++ b/src/shared/bus-wait-for-jobs.c -@@ -323,12 +323,12 @@ int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path) { - return set_put_strdup(&d->jobs, path); - } - --int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet) { -+int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args) { - int r; - - r = bus_wait_for_jobs_add(d, path); - if (r < 0) - return log_oom(); - -- return bus_wait_for_jobs(d, quiet, NULL); -+ return bus_wait_for_jobs(d, quiet, extra_args); - } -diff --git a/src/shared/bus-wait-for-jobs.h b/src/shared/bus-wait-for-jobs.h -index 68c9d604ad..5acf8b9241 100644 ---- a/src/shared/bus-wait-for-jobs.h -+++ b/src/shared/bus-wait-for-jobs.h -@@ -11,6 +11,6 @@ int bus_wait_for_jobs_new(sd_bus *bus, BusWaitForJobs **ret); - BusWaitForJobs* bus_wait_for_jobs_free(BusWaitForJobs *d); - int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path); - int bus_wait_for_jobs(BusWaitForJobs *d, bool quiet, const char* const* extra_args); --int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet); -+int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args); - - DEFINE_TRIVIAL_CLEANUP_FUNC(BusWaitForJobs*, bus_wait_for_jobs_free); -diff --git a/src/shared/tests.c b/src/shared/tests.c -index ab7d799029..6d35bc6a8d 100644 ---- a/src/shared/tests.c -+++ b/src/shared/tests.c -@@ -247,7 +247,7 @@ static int allocate_scope(void) { - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, false); -+ r = bus_wait_for_jobs_one(w, object, false, NULL); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch b/backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch deleted file mode 100644 index 49eba0c4e53c3b17eb80297cc7f4d2ef3cb7f0ec..0000000000000000000000000000000000000000 --- a/backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 541ada330879dd928b33b55f1fc437ec1bbd349f Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Thu, 3 Mar 2022 15:58:24 +0100 -Subject: [PATCH] devnode-acl: use _cleanup_ to free acl_t - -(cherry picked from commit 203ea2c8f158288fea56c5be980715b2b7e002fe) -(cherry picked from commit 543c73300e3b9298e5316555bf4df6ff7dfc210f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/541ada330879dd928b33b55f1fc437ec1bbd349f ---- - src/shared/devnode-acl.c | 73 ++++++++++++++-------------------------- - 1 file changed, 25 insertions(+), 48 deletions(-) - -diff --git a/src/shared/devnode-acl.c b/src/shared/devnode-acl.c -index 07e29e1019..394422b164 100644 ---- a/src/shared/devnode-acl.c -+++ b/src/shared/devnode-acl.c -@@ -52,8 +52,8 @@ int devnode_acl(const char *path, - bool del, uid_t old_uid, - bool add, uid_t new_uid) { - -- acl_t acl; -- int r = 0; -+ _cleanup_(acl_freep) acl_t acl = NULL; -+ int r; - bool changed = false; - - assert(path); -@@ -66,7 +66,7 @@ int devnode_acl(const char *path, - - r = flush_acl(acl); - if (r < 0) -- goto finish; -+ return r; - if (r > 0) - changed = true; - -@@ -75,13 +75,11 @@ int devnode_acl(const char *path, - - r = acl_find_uid(acl, old_uid, &entry); - if (r < 0) -- goto finish; -+ return r; - - if (r > 0) { -- if (acl_delete_entry(acl, entry) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_delete_entry(acl, entry) < 0) -+ return -errno; - - changed = true; - } -@@ -94,68 +92,47 @@ int devnode_acl(const char *path, - - r = acl_find_uid(acl, new_uid, &entry); - if (r < 0) -- goto finish; -+ return r; - - if (r == 0) { -- if (acl_create_entry(&acl, &entry) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_create_entry(&acl, &entry) < 0) -+ return -errno; - - if (acl_set_tag_type(entry, ACL_USER) < 0 || -- acl_set_qualifier(entry, &new_uid) < 0) { -- r = -errno; -- goto finish; -- } -+ acl_set_qualifier(entry, &new_uid) < 0) -+ return -errno; - } - -- if (acl_get_permset(entry, &permset) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_get_permset(entry, &permset) < 0) -+ return -errno; - - rd = acl_get_perm(permset, ACL_READ); -- if (rd < 0) { -- r = -errno; -- goto finish; -- } -+ if (rd < 0) -+ return -errno; - - wt = acl_get_perm(permset, ACL_WRITE); -- if (wt < 0) { -- r = -errno; -- goto finish; -- } -+ if (wt < 0) -+ return -errno; - - if (!rd || !wt) { - -- if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) -+ return -errno; - - changed = true; - } - } - - if (!changed) -- goto finish; -- -- if (acl_calc_mask(&acl) < 0) { -- r = -errno; -- goto finish; -- } -- -- if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) { -- r = -errno; -- goto finish; -- } -+ return 0; - -- r = 0; -+ if (acl_calc_mask(&acl) < 0) -+ return -errno; - --finish: -- acl_free(acl); -+ if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) -+ return -errno; - -- return r; -+ return 0; - } - - int devnode_acl_all(const char *seat, --- -2.33.0 - diff --git a/backport-dhcp-fix-assertion-failure.patch b/backport-dhcp-fix-assertion-failure.patch deleted file mode 100644 index ff9c40cd9af7b10500810c13e229b5df6e38f873..0000000000000000000000000000000000000000 --- a/backport-dhcp-fix-assertion-failure.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d59f045a9341f33df161a83a0a5428e137381206 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 8 Dec 2021 05:47:11 +0900 -Subject: [PATCH] dhcp: fix assertion failure - -Fixes #21671. - -(cherry picked from commit 990d0aa98023140d1efc897c3dcd5e0599a60203) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d59f045a9341f33df161a83a0a5428e137381206 ---- - src/libsystemd-network/sd-dhcp-lease.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 095a4ee683..9a0d7f6fea 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -691,7 +691,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void - } - - if (!timezone_is_valid(tz, LOG_DEBUG)) { -- log_debug_errno(r, "Timezone is not valid, ignoring: %m"); -+ log_debug("Timezone is not valid, ignoring."); - return 0; - } - --- -2.33.0 - diff --git a/backport-dhcp-fix-potential-buffer-overflow.patch b/backport-dhcp-fix-potential-buffer-overflow.patch deleted file mode 100644 index d704e41d22ce9aeb30a7ed3ff23d8dc267f911ce..0000000000000000000000000000000000000000 --- a/backport-dhcp-fix-potential-buffer-overflow.patch +++ /dev/null @@ -1,102 +0,0 @@ -From d903e94e8ea532d2128c5c4686ae440ebf17a07d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 6 Aug 2022 13:05:59 +0900 -Subject: [PATCH] dhcp: fix potential buffer overflow - -Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315. - -This also renames several macros for DHCP packet size. - -(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b) -(cherry picked from commit 037b1a8acc50cbeeebb82f95594a4909375577c2) -(cherry picked from commit 887837a5a9425945b91488db661122459af94c52) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d903e94e8ea532d2128c5c4686ae440ebf17a07d ---- - src/libsystemd-network/dhcp-protocol.h | 7 ++++--- - src/libsystemd-network/sd-dhcp-client.c | 11 +++++------ - src/libsystemd-network/sd-dhcp-lease.c | 6 +++--- - 3 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/libsystemd-network/dhcp-protocol.h b/src/libsystemd-network/dhcp-protocol.h -index 11f4201ab2..686cf67e84 100644 ---- a/src/libsystemd-network/dhcp-protocol.h -+++ b/src/libsystemd-network/dhcp-protocol.h -@@ -43,9 +43,10 @@ typedef struct DHCPPacket DHCPPacket; - - #define DHCP_IP_SIZE (int32_t)(sizeof(struct iphdr)) - #define DHCP_IP_UDP_SIZE (int32_t)(sizeof(struct udphdr) + DHCP_IP_SIZE) --#define DHCP_MESSAGE_SIZE (int32_t)(sizeof(DHCPMessage)) --#define DHCP_DEFAULT_MIN_SIZE 576 /* the minimum internet hosts must be able to receive */ --#define DHCP_MIN_OPTIONS_SIZE (DHCP_DEFAULT_MIN_SIZE - DHCP_IP_UDP_SIZE - DHCP_MESSAGE_SIZE) -+#define DHCP_HEADER_SIZE (int32_t)(sizeof(DHCPMessage)) -+#define DHCP_MIN_MESSAGE_SIZE 576 /* the minimum internet hosts must be able to receive, see RFC 2132 Section 9.10 */ -+#define DHCP_MIN_OPTIONS_SIZE (DHCP_MIN_MESSAGE_SIZE - DHCP_HEADER_SIZE) -+#define DHCP_MIN_PACKET_SIZE (DHCP_MIN_MESSAGE_SIZE + DHCP_IP_UDP_SIZE) - #define DHCP_MAGIC_COOKIE (uint32_t)(0x63825363) - - enum { -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index 46191e58f5..b9c5748fed 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -637,7 +637,7 @@ int sd_dhcp_client_set_client_port( - - int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) { - assert_return(client, -EINVAL); -- assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE); -+ assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE); - - client->mtu = mtu; - -@@ -804,7 +804,6 @@ static int client_message_init( - - _cleanup_free_ DHCPPacket *packet = NULL; - size_t optlen, optoffset, size; -- be16_t max_size; - usec_t time_now; - uint16_t secs; - int r; -@@ -955,9 +954,9 @@ static int client_message_init( - */ - /* RFC7844 section 3: - SHOULD NOT contain any other option. */ -- if (!client->anonymize && type != DHCP_RELEASE) { -- max_size = htobe16(size); -- r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0, -+ if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) { -+ be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX)); -+ r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0, - SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE, - 2, &max_size); - if (r < 0) -@@ -2267,7 +2266,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { - .state = DHCP_STATE_INIT, - .ifindex = -1, - .fd = -1, -- .mtu = DHCP_DEFAULT_MIN_SIZE, -+ .mtu = DHCP_MIN_PACKET_SIZE, - .port = DHCP_PORT_CLIENT, - .anonymize = !!anonymize, - .max_attempts = UINT64_MAX, -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 89386f6809..b818020589 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -621,9 +621,9 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void - r = lease_parse_u16(option, len, &lease->mtu, 68); - if (r < 0) - log_debug_errno(r, "Failed to parse MTU, ignoring: %m"); -- if (lease->mtu < DHCP_DEFAULT_MIN_SIZE) { -- log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_DEFAULT_MIN_SIZE); -- lease->mtu = DHCP_DEFAULT_MIN_SIZE; -+ if (lease->mtu < DHCP_MIN_PACKET_SIZE) { -+ log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_MIN_PACKET_SIZE); -+ lease->mtu = DHCP_MIN_PACKET_SIZE; - } - - break; --- -2.27.0 - diff --git a/backport-discover-image-mount-as-read-only-when-extracting-me.patch b/backport-discover-image-mount-as-read-only-when-extracting-me.patch deleted file mode 100644 index 83b1f7bcac20a1931b64c9b16361bffb49f038dd..0000000000000000000000000000000000000000 --- a/backport-discover-image-mount-as-read-only-when-extracting-me.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 783b787a3aecbd2c9d6908546f89c9690728aa79 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 22 Jul 2021 22:21:10 +0100 -Subject: [PATCH] discover-image: mount as read-only when extracting metadata - -We don't need to modify the image, and the loopback device is already set to read-only. - -(cherry picked from commit f6f4ec7951f429e8a470f8912cbeacde8fa1206e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/783b787a3aecbd2c9d6908546f89c9690728aa79 ---- - src/shared/discover-image.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c -index 5c833afc78..521264ec29 100644 ---- a/src/shared/discover-image.c -+++ b/src/shared/discover-image.c -@@ -1208,6 +1208,7 @@ int image_read_metadata(Image *i) { - DISSECT_IMAGE_GENERIC_ROOT | - DISSECT_IMAGE_REQUIRE_ROOT | - DISSECT_IMAGE_RELAX_VAR_CHECK | -+ DISSECT_IMAGE_READ_ONLY | - DISSECT_IMAGE_USR_NO_ROOT, - &m); - if (r < 0) --- -2.33.0 - diff --git a/backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch b/backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch deleted file mode 100644 index 978d488b6daa2d07e516c22f4b1d98dd7ec8ac2e..0000000000000000000000000000000000000000 --- a/backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 64b025686f36ae4385811be6f81d5f7d94da3437 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 18 Aug 2021 22:41:08 +0200 -Subject: [PATCH] discover-image: pass the right fd to fd_getcrtime() - -(cherry picked from commit 12a7f04a2b9135a4751dba71e2f688525d7c93e7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/64b025686f36ae4385811be6f81d5f7d94da3437 ---- - src/shared/discover-image.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c -index 521264ec29..5f8bf43776 100644 ---- a/src/shared/discover-image.c -+++ b/src/shared/discover-image.c -@@ -305,7 +305,7 @@ static int image_make( - } - - /* Get directory creation time (not available everywhere, but that's OK */ -- (void) fd_getcrtime(dfd, &crtime); -+ (void) fd_getcrtime(fd, &crtime); - - /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not - * supported everywhere we ignore failures. */ --- -2.33.0 - diff --git a/backport-dissect-image-add-extension-specific-validation-flag.patch b/backport-dissect-image-add-extension-specific-validation-flag.patch deleted file mode 100644 index 8c523a6e61fbeeac41734a0cdde0f7460f4a179d..0000000000000000000000000000000000000000 --- a/backport-dissect-image-add-extension-specific-validation-flag.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 1d1b529d7781c7ac28fd6130eeda76bf2d70fe79 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 18 Aug 2021 16:08:14 +0100 -Subject: [PATCH] dissect-image: add extension-specific validation flag - -Allows callers to specify which image type they are looking for - -(cherry picked from commit 9ccb531a5f99a7f399f352e79079188957f5a170) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1d1b529d7781c7ac28fd6130eeda76bf2d70fe79 ---- - src/portable/portable.c | 9 ++++++++- - src/shared/dissect-image.c | 26 +++++++++++++++++++------- - src/shared/dissect-image.h | 23 ++++++++++++----------- - 3 files changed, 39 insertions(+), 19 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 4cf5fb4f0a..5ecbeec2de 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -424,9 +424,16 @@ static int portable_extract_by_path( - if (r < 0) - return r; - if (r == 0) { -+ DissectImageFlags flags = DISSECT_IMAGE_READ_ONLY; -+ - seq[0] = safe_close(seq[0]); - -- r = dissected_image_mount(m, tmpdir, UID_INVALID, UID_INVALID, DISSECT_IMAGE_READ_ONLY); -+ if (!extract_os_release) -+ flags |= DISSECT_IMAGE_VALIDATE_OS_EXT; -+ else -+ flags |= DISSECT_IMAGE_VALIDATE_OS; -+ -+ r = dissected_image_mount(m, tmpdir, UID_INVALID, UID_INVALID, flags); - if (r < 0) { - log_debug_errno(r, "Failed to mount dissected image: %m"); - goto child_finish; -diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c -index 9b30c86a53..3a24f5041f 100644 ---- a/src/shared/dissect-image.c -+++ b/src/shared/dissect-image.c -@@ -1725,17 +1725,28 @@ int dissected_image_mount( - if (r < 0) - return r; - -- if (flags & DISSECT_IMAGE_VALIDATE_OS) { -- r = path_is_os_tree(where); -- if (r < 0) -- return r; -- if (r == 0) { -+ if ((flags & (DISSECT_IMAGE_VALIDATE_OS|DISSECT_IMAGE_VALIDATE_OS_EXT)) != 0) { -+ /* If either one of the validation flags are set, ensure that the image qualifies -+ * as one or the other (or both). */ -+ bool ok = false; -+ -+ if (FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS)) { -+ r = path_is_os_tree(where); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ ok = true; -+ } -+ if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT)) { - r = path_is_extension_tree(where, m->image_name); - if (r < 0) - return r; -- if (r == 0) -- return -EMEDIUMTYPE; -+ if (r > 0) -+ ok = true; - } -+ -+ if (!ok) -+ return -ENOMEDIUM; - } - } - -@@ -2617,6 +2628,7 @@ int dissected_image_acquire_metadata(DissectedImage *m) { - DISSECT_IMAGE_READ_ONLY| - DISSECT_IMAGE_MOUNT_ROOT_ONLY| - DISSECT_IMAGE_VALIDATE_OS| -+ DISSECT_IMAGE_VALIDATE_OS_EXT| - DISSECT_IMAGE_USR_NO_ROOT); - if (r < 0) { - /* Let parent know the error */ -diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h -index 1ce14e915e..9db2719afb 100644 ---- a/src/shared/dissect-image.h -+++ b/src/shared/dissect-image.h -@@ -100,19 +100,20 @@ typedef enum DissectImageFlags { - DISSECT_IMAGE_MOUNT_ROOT_ONLY = 1 << 6, /* Mount only the root and /usr partitions */ - DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7, /* Mount only the non-root and non-/usr partitions */ - DISSECT_IMAGE_VALIDATE_OS = 1 << 8, /* Refuse mounting images that aren't identifiable as OS images */ -- DISSECT_IMAGE_NO_UDEV = 1 << 9, /* Don't wait for udev initializing things */ -- DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 10, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */ -- DISSECT_IMAGE_FSCK = 1 << 11, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */ -- DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 12, /* Only recognize single file system images */ -- DISSECT_IMAGE_VERITY_SHARE = 1 << 13, /* When activating a verity device, reuse existing one if already open */ -- DISSECT_IMAGE_MKDIR = 1 << 14, /* Make top-level directory to mount right before mounting, if missing */ -- DISSECT_IMAGE_USR_NO_ROOT = 1 << 15, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */ -- DISSECT_IMAGE_REQUIRE_ROOT = 1 << 16, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */ -- DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 17, /* Make mounts read-only */ -+ DISSECT_IMAGE_VALIDATE_OS_EXT = 1 << 9, /* Refuse mounting images that aren't identifiable as OS extension images */ -+ DISSECT_IMAGE_NO_UDEV = 1 << 10, /* Don't wait for udev initializing things */ -+ DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 11, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */ -+ DISSECT_IMAGE_FSCK = 1 << 12, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */ -+ DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 13, /* Only recognize single file system images */ -+ DISSECT_IMAGE_VERITY_SHARE = 1 << 14, /* When activating a verity device, reuse existing one if already open */ -+ DISSECT_IMAGE_MKDIR = 1 << 15, /* Make top-level directory to mount right before mounting, if missing */ -+ DISSECT_IMAGE_USR_NO_ROOT = 1 << 16, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */ -+ DISSECT_IMAGE_REQUIRE_ROOT = 1 << 17, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */ -+ DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 18, /* Make mounts read-only */ - DISSECT_IMAGE_READ_ONLY = DISSECT_IMAGE_DEVICE_READ_ONLY | - DISSECT_IMAGE_MOUNT_READ_ONLY, -- DISSECT_IMAGE_GROWFS = 1 << 18, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ -- DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 19, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ -+ DISSECT_IMAGE_GROWFS = 1 << 19, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ -+ DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 20, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ - } DissectImageFlags; - - struct DissectedImage { --- -2.33.0 - diff --git a/backport-dissect-image-validate-extension-release-even-if-the.patch b/backport-dissect-image-validate-extension-release-even-if-the.patch deleted file mode 100644 index bea0bf62634f650c42078ddc63997d40999a23a0..0000000000000000000000000000000000000000 --- a/backport-dissect-image-validate-extension-release-even-if-the.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4b14a6aafe45270b50b4a0b75d0cce11a9ac738d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 19 Jan 2022 00:01:48 +0000 -Subject: [PATCH] dissect-image: validate extension-release even if the host - has only ID in os-release - -A rolling distro won't set VERSION_ID or SYSEXT_LEVEL in os-release, -which means we skip validation of ExtensionImages. -Validate even with just an ID, the lower level helper already -recognizes and accepts this use case. - -Fixes https://github.com/systemd/systemd/issues/22146 - -(cherry picked from commit 37361f46d571ad0b71ef99dec6a9b76edbab38bb) -(cherry picked from commit 0dab9e5f057380322755e90ee4d35716d5bf6232) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4b14a6aafe45270b50b4a0b75d0cce11a9ac738d ---- - src/shared/dissect-image.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c -index 714baa8572..9b30c86a53 100644 ---- a/src/shared/dissect-image.c -+++ b/src/shared/dissect-image.c -@@ -3015,9 +3015,9 @@ int verity_dissect_and_mount( - /* If we got os-release values from the caller, then we need to match them with the image's - * extension-release.d/ content. Return -EINVAL if there's any mismatch. - * First, check the distro ID. If that matches, then check the new SYSEXT_LEVEL value if -- * available, or else fallback to VERSION_ID. */ -- if (required_host_os_release_id && -- (required_host_os_release_version_id || required_host_os_release_sysext_level)) { -+ * available, or else fallback to VERSION_ID. If neither is present (eg: rolling release), -+ * then a simple match on the ID will be performed. */ -+ if (required_host_os_release_id) { - _cleanup_strv_free_ char **extension_release = NULL; - - r = load_extension_release_pairs(dest, dissected_image->image_name, &extension_release); --- -2.33.0 - diff --git a/backport-dns-domain-make-each-label-nul-terminated.patch b/backport-dns-domain-make-each-label-nul-terminated.patch deleted file mode 100644 index 11d9d70ebe712554f71c57d32a4d366bcba9bb42..0000000000000000000000000000000000000000 --- a/backport-dns-domain-make-each-label-nul-terminated.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ec5a6e5a3011f095e739fa0636c3273fe868f2cf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 11 Jun 2022 05:51:03 +0900 -Subject: [PATCH] dns-domain: make each label nul-terminated - -dns_label_unescape() does not nul-terminate the buffer if it does not -have enough space. Hence, if a lable is enough long, then strjoin() -triggers buffer-overflow. - -Fixes #23705. - -(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a) -(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321) -(cherry picked from commit ac4e64939d05ed81739028c0a45c3f99d2f91ba4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ec5a6e5a3011f095e739fa0636c3273fe868f2cf ---- - src/shared/dns-domain.c | 2 +- - src/test/test-dns-domain.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c -index 787bb8fec9..517fe85600 100644 ---- a/src/shared/dns-domain.c -+++ b/src/shared/dns-domain.c -@@ -1035,7 +1035,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) { - int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) { - _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; - const char *p = joined, *q = NULL, *d = NULL; -- char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX]; -+ char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1]; - int an, bn, cn, r; - unsigned x = 0; - -diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c -index 2df2380de4..10916dd057 100644 ---- a/src/test/test-dns-domain.c -+++ b/src/test/test-dns-domain.c -@@ -560,6 +560,7 @@ static void test_dns_service_split(void) { - test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0); - test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0); - test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0); -+ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0); - } - - static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) { --- -2.27.0 - diff --git a/backport-dns-domain-re-introduce-dns_name_is_empty.patch b/backport-dns-domain-re-introduce-dns_name_is_empty.patch deleted file mode 100644 index 19d4d6675209669f5234708fe96e0c7a1f415e85..0000000000000000000000000000000000000000 --- a/backport-dns-domain-re-introduce-dns_name_is_empty.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 435a9af906c02d8024811311b012c9d7a2400009 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 24 Jan 2022 06:06:55 +0900 -Subject: [PATCH] dns-domain: re-introduce dns_name_is_empty() - -(cherry picked from commit 7bdf41983044268b4bc2f9d34462db7f89ba284a) -(cherry picked from commit df08c12062dfd9903edec371598412a47a3055e0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/435a9af906c02d8024811311b012c9d7a2400009 ---- - src/shared/dns-domain.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h -index c25fcaacc2..24bf00bd58 100644 ---- a/src/shared/dns-domain.h -+++ b/src/shared/dns-domain.h -@@ -60,6 +60,10 @@ static inline int dns_name_is_valid_ldh(const char *s) { - return 1; - } - -+static inline bool dns_name_is_empty(const char *s) { -+ return isempty(s) || streq(s, "."); -+} -+ - void dns_name_hash_func(const char *s, struct siphash *state); - int dns_name_compare_func(const char *a, const char *b); - extern const struct hash_ops dns_name_hash_ops; --- -2.33.0 - diff --git a/backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch b/backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch deleted file mode 100644 index bd99668e98c534ef0418a9c057bc44a13c2306b4..0000000000000000000000000000000000000000 --- a/backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a7cfaa555379f19ab229c024027a74a5d22991d6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 17 Feb 2022 14:47:34 +0100 -Subject: [PATCH] docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't - document it - -It was removed back in 1684c56f40f020e685e70b3d1785d596ff16f892 - -Follow-up for: 1684c56f40f020e685e70b3d1785d596ff16f892 - -(cherry picked from commit cec16155e3dab4f123ba073223477a4ef2cf10f9) -(cherry picked from commit 4ec9aec4b695e1f0a26dc9cd55719c2f91ebdd6a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a7cfaa555379f19ab229c024027a74a5d22991d6 ---- - docs/ENVIRONMENT.md | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md -index 2cec3bdc16..efb360f0a4 100644 ---- a/docs/ENVIRONMENT.md -+++ b/docs/ENVIRONMENT.md -@@ -208,10 +208,6 @@ All tools: - user/group records for dynamically registered service users (i.e. users - registered through `DynamicUser=1`). - --* `$SYSTEMD_NSS_BYPASS_BUS=1` — if set, `nss-systemd` won't use D-Bus to do -- dynamic user lookups. This is primarily useful to make `nss-systemd` work -- safely from within `dbus-daemon`. -- - `systemd-timedated`: - - * `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of --- -2.33.0 - diff --git a/backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch b/backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch deleted file mode 100644 index c9e9ba00a1031907ad94654ea8cab73263e20f2a..0000000000000000000000000000000000000000 --- a/backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 6822cfa5f066fcbf79ded85419d59a97decc67b9 Mon Sep 17 00:00:00 2001 -From: nl6720 -Date: Fri, 9 Jul 2021 12:56:54 +0300 -Subject: [PATCH] docs: improve wording when mentioning the acronym "ESP" - -"ESP" is "EFI system partition", so "ESP partition" is redundant. - -(cherry picked from commit 250db1bf02b9fd73f2e0604acddbc20937c67d19) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6822cfa5f066fcbf79ded85419d59a97decc67b9 ---- - docs/BOOT_LOADER_INTERFACE.md | 8 ++++---- - docs/BOOT_LOADER_SPECIFICATION.md | 4 ++-- - man/systemd-boot.xml | 4 ++-- - src/boot/bootctl.c | 2 +- - src/systemctl/systemctl-start-special.c | 2 +- - 5 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/docs/BOOT_LOADER_INTERFACE.md b/docs/BOOT_LOADER_INTERFACE.md -index be3b6e401d..e9155117b9 100644 ---- a/docs/BOOT_LOADER_INTERFACE.md -+++ b/docs/BOOT_LOADER_INTERFACE.md -@@ -76,10 +76,10 @@ variables. All EFI variables use the vendor UUID - * `1 << 6` → The boot loader supports passing a random seed to the OS. - - * The EFI variable `LoaderRandomSeed` contains a binary random seed if set. It -- is set by the boot loader to pass an entropy seed read from the ESP partition -- to the OS. The system manager then credits this seed to the kernel's entropy -- pool. It is the responsibility of the boot loader to ensure the quality and -- integrity of the random seed. -+ is set by the boot loader to pass an entropy seed read from the ESP to the OS. -+ The system manager then credits this seed to the kernel's entropy pool. It is -+ the responsibility of the boot loader to ensure the quality and integrity of -+ the random seed. - - * The EFI variable `LoaderSystemToken` contains binary random data, - persistently set by the OS installer. Boot loaders that support passing -diff --git a/docs/BOOT_LOADER_SPECIFICATION.md b/docs/BOOT_LOADER_SPECIFICATION.md -index b87246ede1..7b5b19700a 100644 ---- a/docs/BOOT_LOADER_SPECIFICATION.md -+++ b/docs/BOOT_LOADER_SPECIFICATION.md -@@ -61,8 +61,8 @@ Everything described below is located on a placeholder file system `$BOOT`. The - * On disks with GPT (GUID Partition Table) - * If the OS is installed on a disk with GPT, and an Extended Boot Loader Partition or XBOOTLDR partition for short, i.e. a partition with GPT type GUID of `bc13c2ff-59e6-4262-a352-b275fd6f7172`, already exists, it should be used as `$BOOT`. - * Otherwise, if the OS is installed on a disk with GPT, and an EFI System Partition or ESP for short, i.e. a partition with GPT type UID of `c12a7328-f81f-11d2-ba4b-00a0c93ec93b`) already exists and is large enough (let's say 250MB) and otherwise qualifies, it should be used as `$BOOT`. -- * Otherwise, if the OS is installed on a disk with GPT, and if the ESP partition already exists but is too small, a new suitably sized (let's say 500MB) XBOOTLDR partition shall be created and used as `$BOOT`. -- * Otherwise, if the OS is installed on a disk with GPT, and no ESP partition exists yet, a new suitably sized (let's say 500MB) ESP should be created and used as `$BOOT`. -+ * Otherwise, if the OS is installed on a disk with GPT, and if the ESP already exists but is too small, a new suitably sized (let's say 500MB) XBOOTLDR partition shall be created and used as `$BOOT`. -+ * Otherwise, if the OS is installed on a disk with GPT, and no ESP exists yet, a new suitably sized (let's say 500MB) ESP should be created and used as `$BOOT`. - - This placeholder file system shall be determined during _installation time_, and an fstab entry may be created. It should be mounted to either `/boot/` or `/efi/`. Additional locations like `/boot/efi/`, with `/boot/` being a separate file system, might be supported by implementations. This is not recommended because the mounting of `$BOOT` is then dependent on and requires the mounting of the intermediate file system. - -diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml -index 139f79fa6b..2135d9eb36 100644 ---- a/man/systemd-boot.xml -+++ b/man/systemd-boot.xml -@@ -73,8 +73,8 @@ - systemctl1 for - details. - -- An EFI variable set by the boot loader informs the OS about the ESP partition used -- during boot. This is then used to automatically mount the correct ESP partition to -+ An EFI variable set by the boot loader informs the OS about the EFI System Partition used -+ during boot. This is then used to automatically mount the correct EFI System Partition to - /efi/ or /boot/ during OS runtime. See - systemd-gpt-auto-generator8 - for details. -diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c -index df8b0542c9..fa8c600321 100644 ---- a/src/boot/bootctl.c -+++ b/src/boot/bootctl.c -@@ -1337,7 +1337,7 @@ static int verb_status(int argc, char *argv[], void *userdata) { - sd_id128_t bootloader_esp_uuid; - bool have_bootloader_esp_uuid = efi_loader_get_device_part_uuid(&bootloader_esp_uuid) >= 0; - -- print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP partition information"); -+ print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP information"); - if (have_bootloader_esp_uuid && !sd_id128_equal(esp_uuid, bootloader_esp_uuid)) - printf("WARNING: The boot loader reports a different ESP UUID than detected!\n"); - -diff --git a/src/systemctl/systemctl-start-special.c b/src/systemctl/systemctl-start-special.c -index 3edb65be61..56068d25f5 100644 ---- a/src/systemctl/systemctl-start-special.c -+++ b/src/systemctl/systemctl-start-special.c -@@ -36,7 +36,7 @@ static int load_kexec_kernel(void) { - return log_error_errno(r, - "No kexec kernel loaded and autodetection failed.\n%s", - is_efi_boot() -- ? "Cannot automatically load kernel: ESP partition mount point not found." -+ ? "Cannot automatically load kernel: ESP mount point not found." - : "Automatic loading works only on systems booted with EFI."); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-docs-portablectl-is-in-bin.patch b/backport-docs-portablectl-is-in-bin.patch deleted file mode 100644 index fc6261888bfd19036ad033fe226ae5ecf55026c0..0000000000000000000000000000000000000000 --- a/backport-docs-portablectl-is-in-bin.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b4221cca108f46f58cc15d83a298714b4de0bebf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Sep 2021 18:43:58 +0200 -Subject: [PATCH] docs: portablectl is in bin/ - -Follow-up for 80f39b81f3876ed3816061f1093db991f72269ec. - -(cherry picked from commit a00ff6717b98580136d46cde0e8f9543e60c8f76) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b4221cca108f46f58cc15d83a298714b4de0bebf ---- - docs/PORTABLE_SERVICES.md | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/docs/PORTABLE_SERVICES.md b/docs/PORTABLE_SERVICES.md -index d9171c7b65..ec4a50373c 100644 ---- a/docs/PORTABLE_SERVICES.md -+++ b/docs/PORTABLE_SERVICES.md -@@ -86,7 +86,7 @@ If you have a portable service image, maybe in a raw disk image called - `foobar_0.7.23.raw`, then attaching the services to the host is as easy as: - - ``` --# /usr/lib/systemd/portablectl attach foobar_0.7.23.raw -+# portablectl attach foobar_0.7.23.raw - ``` - - This command does the following: -@@ -268,7 +268,7 @@ include template units such as `foobar@.service`, so that instantiation is as - simple as: - - ``` --# /usr/lib/systemd/portablectl attach foobar_0.7.23.raw -+# portablectl attach foobar_0.7.23.raw - # systemctl enable --now foobar@instancea.service - # systemctl enable --now foobar@instanceb.service - … --- -2.33.0 - diff --git a/backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch b/backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch deleted file mode 100644 index 4332d61b34cc6840118f8fb6da57795798918afc..0000000000000000000000000000000000000000 --- a/backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 3f2ada89f3a277625390bf6789ccd4e7aba08743 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 13:50:50 +0100 -Subject: [PATCH] errno-util: add ERRNO_IS_DEVICE_ABSENT() macro - -Inspired by: https://github.com/systemd/systemd/pull/22717#discussion_r834254495 - -Reference:https://github.com/systemd/systemd/commit/3f2ada89f3a277625390bf6789ccd4e7aba08743 -Conflict:discard change on homework-luks.c - ---- - src/basic/errno-util.h | 10 +++++++++- - src/rfkill/rfkill.c | 2 +- - src/udev/udev-builtin-btrfs.c | 3 ++- - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index 09abf0b7512d..648de50eb497 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -138,10 +138,18 @@ static inline bool ERRNO_IS_PRIVILEGE(int r) { - EPERM); - } - --/* Three difference errors for "not enough disk space" */ -+/* Three different errors for "not enough disk space" */ - static inline bool ERRNO_IS_DISK_SPACE(int r) { - return IN_SET(abs(r), - ENOSPC, - EDQUOT, - EFBIG); - } -+ -+/* Three different errors for "this device does not quite exist" */ -+static inline bool ERRNO_IS_DEVICE_ABSENT(int r) { -+ return IN_SET(abs(r), -+ ENODEV, -+ ENXIO, -+ ENOENT); -+} -diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c -index 656afa06ac8b..a833771d97f2 100644 ---- a/src/rfkill/rfkill.c -+++ b/src/rfkill/rfkill.c -@@ -80,7 +80,7 @@ static int find_device( - - r = sd_device_new_from_subsystem_sysname(&device, "rfkill", sysname); - if (r < 0) -- return log_full_errno(IN_SET(r, -ENOENT, -ENXIO, -ENODEV) ? LOG_DEBUG : LOG_ERR, r, -+ return log_full_errno(ERRNO_IS_DEVICE_ABSENT(r) ? LOG_DEBUG : LOG_ERR, r, - "Failed to open device '%s': %m", sysname); - - r = sd_device_get_sysattr_value(device, "name", &name); -diff --git a/src/udev/udev-builtin-btrfs.c b/src/udev/udev-builtin-btrfs.c -index a0093cb42347..f9d4f1dd4ef4 100644 ---- a/src/udev/udev-builtin-btrfs.c -+++ b/src/udev/udev-builtin-btrfs.c -@@ -6,6 +6,7 @@ - #include - - #include "device-util.h" -+#include "errno-util.h" - #include "fd-util.h" - #include "string-util.h" - #include "strxcpyx.h" -@@ -22,7 +23,7 @@ static int builtin_btrfs(sd_device *dev, sd_netlink **rtnl, int argc, char *argv - - fd = open("/dev/btrfs-control", O_RDWR|O_CLOEXEC); - if (fd < 0) { -- if (IN_SET(errno, ENOENT, ENXIO, ENODEV)) { -+ if (ERRNO_IS_DEVICE_ABSENT(errno)) { - /* Driver not installed? Then we aren't ready. This is useful in initrds that lack - * btrfs.ko. After the host transition (where btrfs.ko will hopefully become - * available) the device can be retriggered and will then be considered ready. */ - diff --git a/backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch b/backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch deleted file mode 100644 index 59807412535cca9fc78477921ccc6a7e1dfdb709..0000000000000000000000000000000000000000 --- a/backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 798baafc027d829bdf6fc41163e6d12085a2c620 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 22:59:52 +0900 -Subject: [PATCH] ether-addr-util: make hw_addr_to_string() return valid string - even if hardware address is null - -Previously, when the length of the hardware address is zero, then the -buffer was not nul-terminated. - -This also replaces sprintf() with hexchar(). - -(cherry picked from commit 914ac555cd40f9c09e655a737214bfb7de21b8d9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/798baafc027d829bdf6fc41163e6d12085a2c620 ---- - src/basic/ether-addr-util.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/basic/ether-addr-util.c b/src/basic/ether-addr-util.c -index e660ac2c6f..dc5b5b833d 100644 ---- a/src/basic/ether-addr-util.c -+++ b/src/basic/ether-addr-util.c -@@ -7,6 +7,7 @@ - #include - - #include "ether-addr-util.h" -+#include "hexdecoct.h" - #include "macro.h" - #include "string-util.h" - -@@ -15,12 +16,13 @@ char* hw_addr_to_string(const struct hw_addr_data *addr, char buffer[HW_ADDR_TO_ - assert(buffer); - assert(addr->length <= HW_ADDR_MAX_SIZE); - -- for (size_t i = 0; i < addr->length; i++) { -- sprintf(&buffer[3*i], "%02"PRIx8, addr->bytes[i]); -- if (i < addr->length - 1) -- buffer[3*i + 2] = ':'; -+ for (size_t i = 0, j = 0; i < addr->length; i++) { -+ buffer[j++] = hexchar(addr->bytes[i] >> 4); -+ buffer[j++] = hexchar(addr->bytes[i] & 0x0f); -+ buffer[j++] = ':'; - } - -+ buffer[addr->length > 0 ? addr->length * 3 - 1 : 0] = '\0'; - return buffer; - } - --- -2.33.0 - diff --git a/backport-event-util-introduce-event_reset_time_relative.patch b/backport-event-util-introduce-event_reset_time_relative.patch deleted file mode 100644 index 5279c500eefceae8bbf6592b9665961d387fe234..0000000000000000000000000000000000000000 --- a/backport-event-util-introduce-event_reset_time_relative.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 52c3bc708fb6a3eb68a3cac780b49192818bd409 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 13 Nov 2021 10:33:08 +0900 -Subject: [PATCH] event-util: introduce event_reset_time_relative() - -Reference:https://github.com/systemd/systemd/commit/52c3bc708fb6a3eb68a3cac780b49192818bd409 -Conflict:NA - ---- - src/libsystemd/sd-event/event-util.c | 24 ++++++++++++++++++++++++ - src/libsystemd/sd-event/event-util.h | 26 ++++++++++++++++++++++---- - 2 files changed, 46 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd/sd-event/event-util.c b/src/libsystemd/sd-event/event-util.c -index 132796f..0e53406 100644 ---- a/src/libsystemd/sd-event/event-util.c -+++ b/src/libsystemd/sd-event/event-util.c -@@ -84,6 +84,30 @@ int event_reset_time( - return created; - } - -+int event_reset_time_relative( -+ sd_event *e, -+ sd_event_source **s, -+ clockid_t clock, -+ uint64_t usec, -+ uint64_t accuracy, -+ sd_event_time_handler_t callback, -+ void *userdata, -+ int64_t priority, -+ const char *description, -+ bool force_reset) { -+ -+ usec_t usec_now; -+ int r; -+ -+ assert(e); -+ -+ r = sd_event_now(e, clock, &usec_now); -+ if (r < 0) -+ return log_debug_errno(r, "sd-event: Failed to get the current time: %m"); -+ -+ return event_reset_time(e, s, clock, usec_add(usec_now, usec), accuracy, callback, userdata, priority, description, force_reset); -+} -+ - int event_source_disable(sd_event_source *s) { - if (!s) - return 0; -diff --git a/src/libsystemd/sd-event/event-util.h b/src/libsystemd/sd-event/event-util.h -index c8f97bc..64a4199 100644 ---- a/src/libsystemd/sd-event/event-util.h -+++ b/src/libsystemd/sd-event/event-util.h -@@ -5,9 +5,27 @@ - - #include "sd-event.h" - --int event_reset_time(sd_event *e, sd_event_source **s, -- clockid_t clock, uint64_t usec, uint64_t accuracy, -- sd_event_time_handler_t callback, void *userdata, -- int64_t priority, const char *description, bool force_reset); -+int event_reset_time( -+ sd_event *e, -+ sd_event_source **s, -+ clockid_t clock, -+ uint64_t usec, -+ uint64_t accuracy, -+ sd_event_time_handler_t callback, -+ void *userdata, -+ int64_t priority, -+ const char *description, -+ bool force_reset); -+int event_reset_time_relative( -+ sd_event *e, -+ sd_event_source **s, -+ clockid_t clock, -+ uint64_t usec, -+ uint64_t accuracy, -+ sd_event_time_handler_t callback, -+ void *userdata, -+ int64_t priority, -+ const char *description, -+ bool force_reset); - int event_source_disable(sd_event_source *s); - int event_source_is_enabled(sd_event_source *s); --- -2.33.0 - diff --git a/backport-execute-document-that-the-env-param-is-input-and-out.patch b/backport-execute-document-that-the-env-param-is-input-and-out.patch deleted file mode 100644 index 0e386acec0164b0a04ccca1f93214bde9c9242ef..0000000000000000000000000000000000000000 --- a/backport-execute-document-that-the-env-param-is-input-and-out.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5c8437361d54bd6c04d613619f71c161df32024f Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 13:50:28 +0100 -Subject: [PATCH] execute: document that the 'env' param is input *and* output - -(cherry picked from commit 421bb42d1b366c00392ef5bbab6a67412295b6dc) -(cherry picked from commit c4357f31da66b1917d3612d02c28adb300d4b0c6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5c8437361d54bd6c04d613619f71c161df32024f ---- - src/core/execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 1129905b61..e24775c150 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1152,7 +1152,7 @@ static int setup_pam( - uid_t uid, - gid_t gid, - const char *tty, -- char ***env, -+ char ***env, /* updated on success */ - const int fds[], size_t n_fds) { - - #if HAVE_PAM --- -2.33.0 - diff --git a/backport-execute-line-break-comments-a-bit-less-aggressively.patch b/backport-execute-line-break-comments-a-bit-less-aggressively.patch deleted file mode 100644 index b10e32d47e07180546a405ea4e34a395d8cd56e6..0000000000000000000000000000000000000000 --- a/backport-execute-line-break-comments-a-bit-less-aggressively.patch +++ /dev/null @@ -1,107 +0,0 @@ -From ee7db04c13f5b46ad2437762caa7b4c239780de5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 13:50:13 +0100 -Subject: [PATCH] execute: line break comments a bit less aggressively - -(cherry picked from commit cafc5ca147cb05b90bd731661d8594c299601f79) -(cherry picked from commit 14567dc93d5c498bfaadd28478f59952f6da320c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ee7db04c13f5b46ad2437762caa7b4c239780de5 ---- - src/core/execute.c | 41 +++++++++++++++++------------------------ - 1 file changed, 17 insertions(+), 24 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index b6c54493d3..1129905b61 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1238,8 +1238,7 @@ static int setup_pam( - goto fail; - } - -- /* Block SIGTERM, so that we know that it won't get lost in -- * the child */ -+ /* Block SIGTERM, so that we know that it won't get lost in the child */ - - assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0); - -@@ -1251,18 +1250,16 @@ static int setup_pam( - if (r == 0) { - int sig, ret = EXIT_PAM; - -- /* The child's job is to reset the PAM session on -- * termination */ -+ /* The child's job is to reset the PAM session on termination */ - barrier_set_role(&barrier, BARRIER_CHILD); - - /* Make sure we don't keep open the passed fds in this child. We assume that otherwise only - * those fds are open here that have been opened by PAM. */ - (void) close_many(fds, n_fds); - -- /* Drop privileges - we don't need any to pam_close_session -- * and this will make PR_SET_PDEATHSIG work in most cases. -- * If this fails, ignore the error - but expect sd-pam threads -- * to fail to exit normally */ -+ /* Drop privileges - we don't need any to pam_close_session and this will make -+ * PR_SET_PDEATHSIG work in most cases. If this fails, ignore the error - but expect sd-pam -+ * threads to fail to exit normally */ - - r = maybe_setgroups(0, NULL); - if (r < 0) -@@ -1274,20 +1271,16 @@ static int setup_pam( - - (void) ignore_signals(SIGPIPE); - -- /* Wait until our parent died. This will only work if -- * the above setresuid() succeeds, otherwise the kernel -- * will not allow unprivileged parents kill their privileged -- * children this way. We rely on the control groups kill logic -- * to do the rest for us. */ -+ /* Wait until our parent died. This will only work if the above setresuid() succeeds, -+ * otherwise the kernel will not allow unprivileged parents kill their privileged children -+ * this way. We rely on the control groups kill logic to do the rest for us. */ - if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) - goto child_finish; - -- /* Tell the parent that our setup is done. This is especially -- * important regarding dropping privileges. Otherwise, unit -- * setup might race against our setresuid(2) call. -+ /* Tell the parent that our setup is done. This is especially important regarding dropping -+ * privileges. Otherwise, unit setup might race against our setresuid(2) call. - * -- * If the parent aborted, we'll detect this below, hence ignore -- * return failure here. */ -+ * If the parent aborted, we'll detect this below, hence ignore return failure here. */ - (void) barrier_place(&barrier); - - /* Check if our parent process might already have died? */ -@@ -1332,19 +1325,19 @@ static int setup_pam( - - barrier_set_role(&barrier, BARRIER_PARENT); - -- /* If the child was forked off successfully it will do all the -- * cleanups, so forget about the handle here. */ -+ /* If the child was forked off successfully it will do all the cleanups, so forget about the handle -+ * here. */ - handle = NULL; - - /* Unblock SIGTERM again in the parent */ - assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0); - -- /* We close the log explicitly here, since the PAM modules -- * might have opened it, but we don't want this fd around. */ -+ /* We close the log explicitly here, since the PAM modules might have opened it, but we don't want -+ * this fd around. */ - closelog(); - -- /* Synchronously wait for the child to initialize. We don't care for -- * errors as we cannot recover. However, warn loudly if it happens. */ -+ /* Synchronously wait for the child to initialize. We don't care for errors as we cannot -+ * recover. However, warn loudly if it happens. */ - if (!barrier_place_and_sync(&barrier)) - log_error("PAM initialization failed"); - --- -2.33.0 - diff --git a/backport-execute-respect-selinux_context_ignore.patch b/backport-execute-respect-selinux_context_ignore.patch deleted file mode 100644 index 7dacf3c76fde1a093e4f09f4632b511677eddd89..0000000000000000000000000000000000000000 --- a/backport-execute-respect-selinux_context_ignore.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Sat, 30 Oct 2021 19:58:41 +0300 -Subject: [PATCH] execute: respect selinux_context_ignore - -When `SELinuxContext=` parameter is prefixed with `-`, the documentation states -that any errors determining or changing context should be ignored, but this -doesn't actually happen and the service may fail with `229/SELINUX_CONTEXT`. - -Fix by adding checks to `context->selinux_context_ignore`. - -Closes: #21057 -(cherry picked from commit 2ad2925de5f258d128ec8cdb07f10f3c52fa4fcf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef ---- - src/core/execute.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 6ff757ff04..e324db87cc 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4361,7 +4361,7 @@ static int exec_child( - - if (fd >= 0) { - r = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context, &mac_selinux_context_net); -- if (r < 0) { -+ if (r < 0 && !context->selinux_context_ignore) { - *exit_status = EXIT_SELINUX_CONTEXT; - return log_unit_error_errno(unit, r, "Failed to determine SELinux context: %m"); - } -@@ -4495,7 +4495,7 @@ static int exec_child( - - if (exec_context) { - r = setexeccon(exec_context); -- if (r < 0) { -+ if (r < 0 && !context->selinux_context_ignore) { - *exit_status = EXIT_SELINUX_CONTEXT; - return log_unit_error_errno(unit, r, "Failed to change SELinux context to %s: %m", exec_context); - } --- -2.33.0 - diff --git a/backport-execute-use-_cleanup_-logic-where-appropriate.patch b/backport-execute-use-_cleanup_-logic-where-appropriate.patch deleted file mode 100644 index 07b41e720fe3b2038e67a3d807d14157ea9788b3..0000000000000000000000000000000000000000 --- a/backport-execute-use-_cleanup_-logic-where-appropriate.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1fa6abd4ae2445b08e3c3fc3d4eade1e833f43da Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 13:49:56 +0100 -Subject: [PATCH] execute: use _cleanup_ logic where appropriate - -(cherry picked from commit 46e5bbab5895b7137b03453dee08bd1c89c710e9) -(cherry picked from commit 9b2954b79435eaf54be208acdce8026b83bdc249) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1fa6abd4ae2445b08e3c3fc3d4eade1e833f43da ---- - src/core/execute.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 04c0513453..b6c54493d3 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1163,10 +1163,11 @@ static int setup_pam( - }; - - _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; -+ _cleanup_strv_free_ char **e = NULL; - pam_handle_t *handle = NULL; - sigset_t old_ss; - int pam_code = PAM_SUCCESS, r; -- char **nv, **e = NULL; -+ char **nv; - bool close_session = false; - pid_t pam_pid = 0, parent_pid; - int flags = 0; -@@ -1363,9 +1364,7 @@ fail: - (void) pam_end(handle, pam_code | flags); - } - -- strv_free(e); - closelog(); -- - return r; - #else - return 0; --- -2.33.0 - diff --git a/backport-explicitly-close-FIDO2-devices.patch b/backport-explicitly-close-FIDO2-devices.patch deleted file mode 100644 index c1b79265f29bedf380ffca36b7e38ce1d8330021..0000000000000000000000000000000000000000 --- a/backport-explicitly-close-FIDO2-devices.patch +++ /dev/null @@ -1,66 +0,0 @@ -From d6e4920b10c3da1665cb44f4686893b865003d12 Mon Sep 17 00:00:00 2001 -From: pedro martelletto -Date: Wed, 8 Sep 2021 10:42:56 +0200 -Subject: [PATCH] explicitly close FIDO2 devices - -FIDO2 device access is serialised by libfido2 using flock(). -Therefore, make sure to close a FIDO2 device once we are done -with it, or we risk opening it again at a later point and -deadlocking. Fixes #20664. - -(cherry picked from commit b6aa89b0a399992c8ea762e6ec4f30cff90618f2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d6e4920b10c3da1665cb44f4686893b865003d12 ---- - src/shared/libfido2-util.c | 2 ++ - src/shared/libfido2-util.h | 5 ++++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c -index 12c644dcfc..6d18178b68 100644 ---- a/src/shared/libfido2-util.c -+++ b/src/shared/libfido2-util.c -@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL; - int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL; - fido_dev_t* (*sym_fido_dev_new)(void) = NULL; - int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL; -+int (*sym_fido_dev_close)(fido_dev_t *) = NULL; - const char* (*sym_fido_strerr)(int) = NULL; - - int dlopen_libfido2(void) { -@@ -106,6 +107,7 @@ int dlopen_libfido2(void) { - DLSYM_ARG(fido_dev_make_cred), - DLSYM_ARG(fido_dev_new), - DLSYM_ARG(fido_dev_open), -+ DLSYM_ARG(fido_dev_close), - DLSYM_ARG(fido_strerr)); - } - -diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h -index 5640cca5e3..4ebf8ab775 100644 ---- a/src/shared/libfido2-util.h -+++ b/src/shared/libfido2-util.h -@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *); - extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *); - extern fido_dev_t* (*sym_fido_dev_new)(void); - extern int (*sym_fido_dev_open)(fido_dev_t *, const char *); -+extern int (*sym_fido_dev_close)(fido_dev_t *); - extern const char* (*sym_fido_strerr)(int); - - int dlopen_libfido2(void); -@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) { - } - - static inline void fido_dev_free_wrapper(fido_dev_t **p) { -- if (*p) -+ if (*p) { -+ sym_fido_dev_close(*p); - sym_fido_dev_free(p); -+ } - } - - static inline void fido_cred_free_wrapper(fido_cred_t **p) { --- -2.33.0 - diff --git a/backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch b/backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch deleted file mode 100644 index 7b02708b3cefa67b82571ed0a4cfd0ecf10e8531..0000000000000000000000000000000000000000 --- a/backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c9e0daf821b3e1e6504ca4c4e3a8b73513e28fa7 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 16 Sep 2021 12:20:09 +0200 -Subject: [PATCH] fileio: fix truncated read handling in read_virtual_file() - -We mishandled the case where the size we read from the file actually -matched the maximum size fully. In that case we cannot really make a -determination whether the file was fully read or only partially. In that -case let's do another loop, so that we operate with a buffer, and -we can detect the EOF (which will be signalled to us via a short read). - -(cherry picked from commit 00bd9a4a82ed57bc0c7f158da4564fc1eab808b4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c9e0daf821b3e1e6504ca4c4e3a8b73513e28fa7 ---- - src/basic/fileio.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 1046e5b9b4..6c8ebe63e0 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -470,9 +470,14 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - if (n <= size) - break; - -- /* If a maximum size is specified and we already read as much, no need to try again */ -- if (max_size != SIZE_MAX && n >= max_size) { -- n = max_size; -+ /* If a maximum size is specified and we already read more we know the file is larger, and -+ * can handle this as truncation case. Note that if the size of what we read equals the -+ * maximum size then this doesn't mean truncation, the file might or might not end on that -+ * byte. We need to rerun the loop in that case, with a larger buffer size, so that we read -+ * at least one more byte to be able to distinguish EOF from truncation. */ -+ if (max_size != SIZE_MAX && n > max_size) { -+ n = size; /* Make sure we never use more than what we sized the buffer for (so that -+ * we have one free byte in it for the trailing NUL we add below).*/ - truncated = true; - break; - } --- -2.33.0 - diff --git a/backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch b/backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch deleted file mode 100644 index e883954d425dd04c7fa5447900f0dc84a6f0f8c8..0000000000000000000000000000000000000000 --- a/backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch +++ /dev/null @@ -1,71 +0,0 @@ -From feb68f6aad36930f0b0c6c70164287c5bc46b64c Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 14 Sep 2021 23:03:37 +0200 -Subject: [PATCH] fileio: lower maximum virtual file buffer size by one byte -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When reading virtual files (i.e. procfs, sysfs, …) we currently put a -limit of 4M-1 on that. We have to pick something, and we have to read -these files in a single read() (since the kernel generally doesn't -support continuation read()s for them). 4M-1 is actually the maximum -size the kernel allows for reads from files in /proc/sys/, all larger -reads will result in an ENOMEM error (which is really weird, but the -kernel does what the kernel does). Hence 4M-1 sounds like a smart -choice. - -However, we made one mistake here: in order to be able to detect EOFs -properly we actually read one byte more than we actually intend to -return: if that extra byte can be read, then we know the file is -actually larger than our limit and we can generate an EFBIG error from -that. However, if it cannot be read then we know EOF was hit, and we are -good. So ultimately after all we issued a single 4M read, which the -kernel then responds with ENOMEM to. And that means read_virtual_file() -actually doesn't work properly right now on /proc/sys/. Let's fix that. - -The fix is simple, lower the limit of the the buffer we intend to return -by one, i.e. 4M-2. That way, the read() we'll issue is exactly as large -as the limit the kernel allows, and we still get safely detect EOF from -it. - -(cherry picked from commit 7ab7547a40d456d34120b2f44b26385ac1338ebd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/feb68f6aad36930f0b0c6c70164287c5bc46b64c ---- - src/basic/fileio.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 99a44fdea2..ba0ca98d72 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -30,14 +30,16 @@ - /* The maximum size of the file we'll read in one go in read_full_file() (64M). */ - #define READ_FULL_BYTES_MAX (64U*1024U*1024U - 1U) - --/* The maximum size of virtual files we'll read in one go in read_virtual_file() (4M). Note that this limit -- * is different (and much lower) than the READ_FULL_BYTES_MAX limit. This reflects the fact that we use -- * different strategies for reading virtual and regular files: virtual files are generally size constrained: -- * there we allocate the full buffer size in advance. Regular files OTOH can be much larger, and here we grow -- * the allocations exponentially in a loop. In glibc large allocations are immediately backed by mmap() -- * making them relatively slow (measurably so). Thus, when allocating the full buffer in advance the large -- * limit is a problem. When allocating piecemeal it's not. Hence pick two distinct limits. */ --#define READ_VIRTUAL_BYTES_MAX (4U*1024U*1024U - 1U) -+/* The maximum size of virtual files (i.e. procfs, sysfs, and other virtual "API" files) we'll read in one go -+ * in read_virtual_file(). Note that this limit is different (and much lower) than the READ_FULL_BYTES_MAX -+ * limit. This reflects the fact that we use different strategies for reading virtual and regular files: -+ * virtual files we generally have to read in a single read() syscall since the kernel doesn't support -+ * continuation read()s for them. Thankfully they are somewhat size constrained. Thus we can allocate the -+ * full potential buffer in advance. Regular files OTOH can be much larger, and there we grow the allocations -+ * exponentially in a loop. We use a size limit of 4M-2 because 4M-1 is the maximum buffer that /proc/sys/ -+ * allows us to read() (larger reads will fail with ENOMEM), and we want to read one extra byte so that we -+ * can detect EOFs. */ -+#define READ_VIRTUAL_BYTES_MAX (4U*1024U*1024U - 2U) - - int fopen_unlocked(const char *path, const char *options, FILE **ret) { - assert(ret); --- -2.33.0 - diff --git a/backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch b/backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch deleted file mode 100644 index 2d7ae85c0f8123de9297437596dbf55536b60169..0000000000000000000000000000000000000000 --- a/backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ca6c93956879e368e40bbf5a742fcb1689712d81 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 14 Sep 2021 23:11:55 +0200 -Subject: [PATCH] fileio: set O_NOCTTY when reading virtual files - -Better be safe than sorry, maybe someone points this call to a TTY one -day, and we'd rather not make it our controlling TTY in that case. - -(cherry picked from commit be991d7678c35aa037ef79672c0c70781eebed9c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ca6c93956879e368e40bbf5a742fcb1689712d81 ---- - src/basic/fileio.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index ba0ca98d72..39abf985eb 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -395,7 +395,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on - * partial success, 1 if untruncated contents were read. */ - -- fd = open(filename, O_RDONLY|O_CLOEXEC); -+ fd = open(filename, O_RDONLY|O_NOCTTY|O_CLOEXEC); - if (fd < 0) - return -errno; - --- -2.33.0 - diff --git a/backport-fileio-start-with-4k-buffer-for-procfs.patch b/backport-fileio-start-with-4k-buffer-for-procfs.patch deleted file mode 100644 index ed9f02abcd5e1eb4885f25501b0210e65c16c763..0000000000000000000000000000000000000000 --- a/backport-fileio-start-with-4k-buffer-for-procfs.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b3f5d2f4044751a4a741e033a9bc621ede573cb2 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 14 Sep 2021 16:33:10 -0700 -Subject: [PATCH] fileio: start with 4k buffer for procfs - -There's a very gradual increase of anonymous memory in systemd-journald that -blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. - -systemd-journald makes many calls to read /proc/PID/cmdline and -/proc/PID/status, both of which tend to be well under 4K. However the -combination of allocating 4M read buffers, then using `realloc()` to -shrink the buffer in `read_virtual_file()` appears to be creating -fragmentation in the heap (when combined with the other allocations -systemd-journald is doing). - -To help mitigate this, try reading /proc with a 4K buffer as -`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. -If it isn't big enough then try again with the larger buffers. - -(cherry picked from commit 5aaa55d841249f057fd69e50cf12a52e9781a6ce) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b3f5d2f4044751a4a741e033a9bc621ede573cb2 ---- - src/basic/fileio.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 39abf985eb..1046e5b9b4 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -433,6 +433,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - } - - n_retries--; -+ } else if (n_retries > 1) { -+ /* Files in /proc are generally smaller than the page size so let's start with a page size -+ * buffer from malloc and only use the max buffer on the final try. */ -+ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); -+ n_retries = 1; - } else { - size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); - n_retries = 0; --- -2.33.0 - diff --git a/backport-fix-CVE-2021-33910.patch b/backport-fix-CVE-2021-33910.patch deleted file mode 100644 index cf702e549af37bdd34157f214a85511a2b86d27e..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2021-33910.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 764b74113e36ac5219a4b82a05f311b5a92136ce Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/764b74113e36ac5219a4b82a05f311b5a92136ce ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 284a773483..a22763443f 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; --- -2.33.0 - diff --git a/backport-fix-CVE-2022-3821.patch b/backport-fix-CVE-2022-3821.patch deleted file mode 100644 index 0c26aa6377c3ea91321cd161ed353d75472665c4..0000000000000000000000000000000000000000 --- a/backport-fix-CVE-2022-3821.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 8d2d0895229cfbe39c1c5c16e61e426812a72e8b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 7 Jul 2022 18:27:02 +0900 -Subject: [PATCH] time-util: fix buffer-over-run - -Fixes #23928. -Conflict:adapt test context -Reference:https://github.com/systemd/systemd/pull/23933/commits/8d2d0895229cfbe39c1c5c16e61e426812a72e8b ---- - src/basic/time-util.c | 2 +- - src/test/test-time-util.c | 5 +++++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 5d162e8..2cc0b92 100644 ---- a/src/basic/time-util.c -+++ b/src/basic/time-util.c -@@ -590,7 +590,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { - t = b; - } - -- n = MIN((size_t) k, l); -+ n = MIN((size_t) k, l-1); - - l -= n; - p += n; -diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c -index 6f4675a..d7cb71c 100644 ---- a/src/test/test-time-util.c -+++ b/src/test/test-time-util.c -@@ -241,6 +241,11 @@ static void test_format_timespan(usec_t accuracy) { - test_format_timespan_one(500 * USEC_PER_MSEC, accuracy); - test_format_timespan_one(9*USEC_PER_YEAR/5 - 23, accuracy); - test_format_timespan_one(USEC_INFINITY, accuracy); -+ -+ /* See issue #23928. */ -+ _cleanup_free_ char *buf; -+ assert_se(buf = new(char, 5)); -+ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); - } - - static void test_verify_timezone(void) { --- -2.27.0 - diff --git a/backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch b/backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch deleted file mode 100644 index 182e9c61485a706aee3e566e91060dc33e7da03c..0000000000000000000000000000000000000000 --- a/backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 10fc8b7775a8cfd9519a1c6628d813b1aa315a33 Mon Sep 17 00:00:00 2001 -From: jiangchuangang -Date: Mon, 29 Nov 2021 22:30:37 +0800 -Subject: [PATCH] fix ConditionDirectoryNotEmpty when it comes to a - Non-directory file - -(cherry picked from commit 193105f2d0408e2d96265935174b3cf0f100ef2e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/10fc8b7775a8cfd9519a1c6628d813b1aa315a33 ---- - src/shared/condition.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index ec9d57b292..163ddc1208 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -934,7 +934,7 @@ static int condition_test_directory_not_empty(Condition *c, char **env) { - assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY); - - r = dir_is_empty(c->parameter); -- return r <= 0 && r != -ENOENT; -+ return r <= 0 && !IN_SET(r, -ENOENT, -ENOTDIR); - } - - static int condition_test_file_not_empty(Condition *c, char **env) { --- -2.33.0 - diff --git a/backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch b/backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch deleted file mode 100644 index b70ba2c1543341766c7712c9cec9d4afad73b87c..0000000000000000000000000000000000000000 --- a/backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 80b7a4276abb832b6af1d1d060affb0988ab7fa0 Mon Sep 17 00:00:00 2001 -From: jiangchuangang -Date: Tue, 30 Nov 2021 15:25:27 +0800 -Subject: [PATCH] fix ConditionPathIsReadWrite when path does not exist. - -(cherry picked from commit 7c4c9948d02ceda903ed4e4deea0d0084612625a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/80b7a4276abb832b6af1d1d060affb0988ab7fa0 ---- - src/shared/condition.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index 163ddc1208..6645f771dd 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -897,11 +897,15 @@ static int condition_test_path_is_mount_point(Condition *c, char **env) { - } - - static int condition_test_path_is_read_write(Condition *c, char **env) { -+ int r; -+ - assert(c); - assert(c->parameter); - assert(c->type == CONDITION_PATH_IS_READ_WRITE); - -- return path_is_read_only_fs(c->parameter) <= 0; -+ r = path_is_read_only_fs(c->parameter); -+ -+ return r <= 0 && r != -ENOENT; - } - - static int condition_test_cpufeature(Condition *c, char **env) { --- -2.33.0 - diff --git a/backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch b/backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch deleted file mode 100644 index 0e0f6d6ff012256192d838b6f0807484dab0a058..0000000000000000000000000000000000000000 --- a/backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0fdcae09c44486e30e4fe0469606c02d034577be Mon Sep 17 00:00:00 2001 -From: yangmingtai <961612727@qq.com> -Date: Mon, 6 Dec 2021 17:06:13 +0800 -Subject: [PATCH] fix DirectoryNotEmpty when it comes to a Non-directory file - -(cherry picked from commit 5896a9ebdbe4d38c01390d0a5e82f9fcb4971059) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0fdcae09c44486e30e4fe0469606c02d034577be ---- - src/core/path.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/path.c b/src/core/path.c -index e098e83a31..684e17f433 100644 ---- a/src/core/path.c -+++ b/src/core/path.c -@@ -215,7 +215,7 @@ static bool path_spec_check_good(PathSpec *s, bool initial, bool from_trigger_no - int k; - - k = dir_is_empty(s->path); -- good = !(k == -ENOENT || k > 0); -+ good = !(IN_SET(k, -ENOENT, -ENOTDIR) || k > 0); - break; - } - --- -2.33.0 - diff --git a/backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch b/backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch deleted file mode 100644 index bab87450a59df866803c0fe0d2c4689089515e08..0000000000000000000000000000000000000000 --- a/backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch +++ /dev/null @@ -1,71 +0,0 @@ -From bad124022e97195191d3dd1ea2b5b9aa9df57aea Mon Sep 17 00:00:00 2001 -From: yangmingtai <961612727@qq.com> -Date: Tue, 11 Jan 2022 20:22:11 +0800 -Subject: [PATCH] fix test-string-util failed when locale is not utf8 - -(cherry picked from commit 647082cf7f07a87c65601626e86c3ed9f78fb387) -(cherry picked from commit 32f33c9474ab89061d799a92a1273b106468e8c6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bad124022e97195191d3dd1ea2b5b9aa9df57aea ---- - src/test/test-string-util.c | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - -diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c -index 4d9d0260c9..266aee9115 100644 ---- a/src/test/test-string-util.c -+++ b/src/test/test-string-util.c -@@ -176,33 +176,33 @@ static void test_cellescape(void) { - assert_se(streq(cellescape(buf, 1, "\020"), "")); - assert_se(streq(cellescape(buf, 2, "\020"), ".")); - assert_se(streq(cellescape(buf, 3, "\020"), "..")); -- assert_se(streq(cellescape(buf, 4, "\020"), "…")); -+ assert_se(streq(cellescape(buf, 4, "\020"), is_locale_utf8() ? "…" : "...")); - assert_se(streq(cellescape(buf, 5, "\020"), "\\020")); - -- assert_se(streq(cellescape(buf, 5, "1234\020"), "1…")); -- assert_se(streq(cellescape(buf, 6, "1234\020"), "12…")); -- assert_se(streq(cellescape(buf, 7, "1234\020"), "123…")); -- assert_se(streq(cellescape(buf, 8, "1234\020"), "1234…")); -+ assert_se(streq(cellescape(buf, 5, "1234\020"), is_locale_utf8() ? "1…" : "1...")); -+ assert_se(streq(cellescape(buf, 6, "1234\020"), is_locale_utf8() ? "12…" : "12...")); -+ assert_se(streq(cellescape(buf, 7, "1234\020"), is_locale_utf8() ? "123…" : "123...")); -+ assert_se(streq(cellescape(buf, 8, "1234\020"), is_locale_utf8() ? "1234…" : "1234...")); - assert_se(streq(cellescape(buf, 9, "1234\020"), "1234\\020")); - - assert_se(streq(cellescape(buf, 1, "\t\n"), "")); - assert_se(streq(cellescape(buf, 2, "\t\n"), ".")); - assert_se(streq(cellescape(buf, 3, "\t\n"), "..")); -- assert_se(streq(cellescape(buf, 4, "\t\n"), "…")); -+ assert_se(streq(cellescape(buf, 4, "\t\n"), is_locale_utf8() ? "…" : "...")); - assert_se(streq(cellescape(buf, 5, "\t\n"), "\\t\\n")); - -- assert_se(streq(cellescape(buf, 5, "1234\t\n"), "1…")); -- assert_se(streq(cellescape(buf, 6, "1234\t\n"), "12…")); -- assert_se(streq(cellescape(buf, 7, "1234\t\n"), "123…")); -- assert_se(streq(cellescape(buf, 8, "1234\t\n"), "1234…")); -+ assert_se(streq(cellescape(buf, 5, "1234\t\n"), is_locale_utf8() ? "1…" : "1...")); -+ assert_se(streq(cellescape(buf, 6, "1234\t\n"), is_locale_utf8() ? "12…" : "12...")); -+ assert_se(streq(cellescape(buf, 7, "1234\t\n"), is_locale_utf8() ? "123…" : "123...")); -+ assert_se(streq(cellescape(buf, 8, "1234\t\n"), is_locale_utf8() ? "1234…" : "1234...")); - assert_se(streq(cellescape(buf, 9, "1234\t\n"), "1234\\t\\n")); - -- assert_se(streq(cellescape(buf, 4, "x\t\020\n"), "…")); -- assert_se(streq(cellescape(buf, 5, "x\t\020\n"), "x…")); -- assert_se(streq(cellescape(buf, 6, "x\t\020\n"), "x…")); -- assert_se(streq(cellescape(buf, 7, "x\t\020\n"), "x\\t…")); -- assert_se(streq(cellescape(buf, 8, "x\t\020\n"), "x\\t…")); -- assert_se(streq(cellescape(buf, 9, "x\t\020\n"), "x\\t…")); -+ assert_se(streq(cellescape(buf, 4, "x\t\020\n"), is_locale_utf8() ? "…" : "...")); -+ assert_se(streq(cellescape(buf, 5, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); -+ assert_se(streq(cellescape(buf, 6, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); -+ assert_se(streq(cellescape(buf, 7, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); -+ assert_se(streq(cellescape(buf, 8, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); -+ assert_se(streq(cellescape(buf, 9, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); - assert_se(streq(cellescape(buf, 10, "x\t\020\n"), "x\\t\\020\\n")); - - assert_se(streq(cellescape(buf, 6, "1\011"), "1\\t")); --- -2.33.0 - diff --git a/backport-fstab-generator-Respect-nofail-when-ordering.patch b/backport-fstab-generator-Respect-nofail-when-ordering.patch deleted file mode 100644 index 11b4c20f2da071711825de84595a72a6f3945c72..0000000000000000000000000000000000000000 --- a/backport-fstab-generator-Respect-nofail-when-ordering.patch +++ /dev/null @@ -1,30 +0,0 @@ -From efd98964fb9202451293043dcffb3898b176a7d0 Mon Sep 17 00:00:00 2001 -From: Vladimir Panteleev -Date: Tue, 17 Aug 2021 18:30:29 +0000 -Subject: [PATCH] fstab-generator: Respect nofail when ordering - -(cherry picked from commit e9aee932409754c9f709a8ea3ad13caf39fce7d2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/efd98964fb9202451293043dcffb3898b176a7d0 ---- - src/fstab-generator/fstab-generator.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index a4e3ea5311..b6582c9538 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -435,7 +435,8 @@ static int add_mount( - - /* Order the mount unit we generate relative to the post unit, so that DefaultDependencies= on the - * target unit won't affect us. */ -- if (post && !FLAGS_SET(flags, MOUNT_AUTOMOUNT) && !FLAGS_SET(flags, MOUNT_NOAUTO)) -+ if (post && !FLAGS_SET(flags, MOUNT_AUTOMOUNT) && !FLAGS_SET(flags, MOUNT_NOAUTO) && -+ !FLAGS_SET(flags, MOUNT_NOFAIL)) - fprintf(f, "Before=%s\n", post); - - if (passno != 0) { --- -2.33.0 - diff --git a/backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch b/backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch deleted file mode 100644 index c79e2da9c3b82a187e5f0504a51342e5078c6e3d..0000000000000000000000000000000000000000 --- a/backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch +++ /dev/null @@ -1,43 +0,0 @@ -From cee7e40200b5eba60a5fed04fe006e8b48944fb2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Dec 2021 11:43:21 +0900 -Subject: [PATCH] fstab-generator: do not remount /sys when running in a - container - -Closes #21744. - -(cherry picked from commit 18f0eaafd7f180f5d0d2d65349835374146efdb3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cee7e40200b5eba60a5fed04fe006e8b48944fb2 ---- - src/fstab-generator/fstab-generator.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index b6582c9538..1dee728233 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -601,9 +601,16 @@ static int parse_fstab(bool initrd) { - if (!what) - return log_oom(); - -- if (is_device_path(what) && path_is_read_only_fs("/sys") > 0) { -- log_info("Running in a container, ignoring fstab device entry for %s.", what); -- continue; -+ if (path_is_read_only_fs("/sys") > 0) { -+ if (streq(what, "sysfs")) { -+ log_info("Running in a container, ignoring fstab entry for %s.", what); -+ continue; -+ } -+ -+ if (is_device_path(what)) { -+ log_info("Running in a container, ignoring fstab device entry for %s.", what); -+ continue; -+ } - } - - where = strdup(me->mnt_dir); --- -2.33.0 - diff --git a/backport-fstab-generator-skip-root-directory-handling-when-nf.patch b/backport-fstab-generator-skip-root-directory-handling-when-nf.patch deleted file mode 100644 index 34e5b38f42bbe1f99d683b5ecc05081640617104..0000000000000000000000000000000000000000 --- a/backport-fstab-generator-skip-root-directory-handling-when-nf.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 60d4ac20d8b02dd8f67150aaf55a4e0d019f58d2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 5 Jan 2022 19:24:46 +0900 -Subject: [PATCH] fstab-generator: skip root directory handling when nfsroot is - requested - -Fixes RHBZ#2037233 (https://bugzilla.redhat.com/show_bug.cgi?id=2037233). - -(cherry picked from commit 77b8e92de8264c0b656a7d2fb437dd8d598ab597) -(cherry picked from commit 7ca41c509e6549abbfc753e560c822b5e32a63cc) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/60d4ac20d8b02dd8f67150aaf55a4e0d019f58d2 ---- - src/fstab-generator/fstab-generator.c | 59 ++++++++++++++++++++++++++- - 1 file changed, 57 insertions(+), 2 deletions(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index 1dee728233..0f3892789f 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -10,6 +10,7 @@ - #include "fs-util.h" - #include "fstab-util.h" - #include "generator.h" -+#include "in-addr-util.h" - #include "log.h" - #include "main-func.h" - #include "mkdir.h" -@@ -691,6 +692,57 @@ static int parse_fstab(bool initrd) { - return r; - } - -+static int sysroot_is_nfsroot(void) { -+ union in_addr_union u; -+ const char *sep, *a; -+ int r; -+ -+ assert(arg_root_what); -+ -+ /* From dracut.cmdline(7). -+ * -+ * root=[:][:] -+ * root=nfs:[:][:], -+ * root=nfs4:[:][:], -+ * root={dhcp|dhcp6} -+ * -+ * mount nfs share from :/, if no server-ip is given, use dhcp next_server. -+ * If server-ip is an IPv6 address it has to be put in brackets, e.g. [2001:DB8::1]. NFS options -+ * can be appended with the prefix ":" or "," and are separated by ",". */ -+ -+ if (path_equal(arg_root_what, "/dev/nfs") || -+ STR_IN_SET(arg_root_what, "dhcp", "dhcp6") || -+ STARTSWITH_SET(arg_root_what, "nfs:", "nfs4:")) -+ return true; -+ -+ /* IPv6 address */ -+ if (arg_root_what[0] == '[') { -+ sep = strchr(arg_root_what + 1, ']'); -+ if (!sep) -+ return -EINVAL; -+ -+ a = strndupa(arg_root_what + 1, sep - arg_root_what - 1); -+ -+ r = in_addr_from_string(AF_INET6, a, &u); -+ if (r < 0) -+ return r; -+ -+ return true; -+ } -+ -+ /* IPv4 address */ -+ sep = strchr(arg_root_what, ':'); -+ if (sep) { -+ a = strndupa(arg_root_what, sep - arg_root_what); -+ -+ if (in_addr_from_string(AF_INET, a, &u) >= 0) -+ return true; -+ } -+ -+ /* root directory without address */ -+ return path_is_absolute(arg_root_what) && !path_startswith(arg_root_what, "/dev"); -+} -+ - static int add_sysroot_mount(void) { - _cleanup_free_ char *what = NULL; - const char *opts, *fstype; -@@ -708,9 +760,12 @@ static int add_sysroot_mount(void) { - return 0; - } - -- if (path_equal(arg_root_what, "/dev/nfs")) { -+ r = sysroot_is_nfsroot(); -+ if (r < 0) -+ log_debug_errno(r, "Failed to determine if the root directory is on NFS, assuming not: %m"); -+ else if (r > 0) { - /* This is handled by the kernel or the initrd */ -- log_debug("Skipping root directory handling, as /dev/nfs was requested."); -+ log_debug("Skipping root directory handling, as root on NFS was requested."); - return 0; - } - --- -2.33.0 - diff --git a/backport-growfs-don-t-actually-resize-on-dry-run.patch b/backport-growfs-don-t-actually-resize-on-dry-run.patch deleted file mode 100644 index 4e2b23737b9c93886f03da1b7ed476dc1a8bb614..0000000000000000000000000000000000000000 --- a/backport-growfs-don-t-actually-resize-on-dry-run.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e9a1f6237f281b4bf05386bd9b2c921ea999232f Mon Sep 17 00:00:00 2001 -From: undef -Date: Thu, 14 Jul 2022 05:53:15 +0000 -Subject: [PATCH] growfs: don't actually resize on dry-run - -This causes systemd-growfs to exit before resizing the partition when -`--dry-run` is passed. Resizing during a dry run of a change breaks the -users expectations. - -(cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0) -(cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678) -(cherry picked from commit e39019fd1065c8e2eb078b72359c5e755b013493) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e9a1f6237f281b4bf05386bd9b2c921ea999232f ---- - src/partition/growfs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/partition/growfs.c b/src/partition/growfs.c -index 15c56d0584..a7e745208b 100644 ---- a/src/partition/growfs.c -+++ b/src/partition/growfs.c -@@ -241,6 +241,10 @@ static int run(int argc, char *argv[]) { - return log_error_errno(errno, "Failed to query size of \"%s\": %m", devpath); - - log_debug("Resizing \"%s\" to %"PRIu64" bytes...", arg_target, size); -+ -+ if (arg_dry_run) -+ return 0; -+ - r = resize_fs(mountfd, size, &newsize); - if (r < 0) - return log_error_errno(r, "Failed to resize \"%s\" to %"PRIu64" bytes: %m", --- -2.27.0 - diff --git a/backport-home-fix-heap-use-after-free.patch b/backport-home-fix-heap-use-after-free.patch deleted file mode 100644 index 47e679978e3968ab364d7161436eb9fadbe50de4..0000000000000000000000000000000000000000 --- a/backport-home-fix-heap-use-after-free.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5ed20345db356121bc72e0092c17b74e2de67ff7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 14 Dec 2021 15:38:12 +0900 -Subject: [PATCH] home: fix heap-use-after-free - -`bus_home_emit_remove()` may be called from manager_free() -> home_free(). -In that case, manager->bus is already unref()ed. - -Fixes #21767. - -(cherry picked from commit 2ff457720bd3bc59985e807b748f6305bdf27826) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5ed20345db356121bc72e0092c17b74e2de67ff7 ---- - src/home/homed-home-bus.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c -index c71256d15e..601ecc5cf5 100644 ---- a/src/home/homed-home-bus.c -+++ b/src/home/homed-home-bus.c -@@ -940,6 +940,12 @@ int bus_home_emit_remove(Home *h) { - if (!h->announced) - return 0; - -+ if (!h->manager) -+ return 0; -+ -+ if (!h->manager->bus) -+ return 0; -+ - r = bus_home_path(h, &path); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-home-secret-argument-of-handle_generic_user_record_e.patch b/backport-home-secret-argument-of-handle_generic_user_record_e.patch deleted file mode 100644 index ffb203f993581e7b5da1ffcb57e7a8fd90d1c839..0000000000000000000000000000000000000000 --- a/backport-home-secret-argument-of-handle_generic_user_record_e.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 5179b3a071535610be2b55efa77f174c87c3c2b6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 5 Sep 2021 11:16:26 +0900 -Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error - may be null - -When RefHome() bus method is called in acquire_home(), secret is NULL. - -Fixes #20639. - -(cherry picked from commit 6a09dbb89507449d158af6c7097d2c51ce83205f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5179b3a071535610be2b55efa77f174c87c3c2b6 ---- - src/home/pam_systemd_home.c | 19 ++++++++++++++++++- - 1 file changed, 18 insertions(+), 1 deletion(-) - -diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c -index b7db39dab9..27b292f460 100644 ---- a/src/home/pam_systemd_home.c -+++ b/src/home/pam_systemd_home.c -@@ -281,7 +281,6 @@ static int handle_generic_user_record_error( - const sd_bus_error *error) { - - assert(user_name); -- assert(secret); - assert(error); - - int r; -@@ -301,6 +300,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - /* This didn't work? Ask for an (additional?) password */ - - if (strv_isempty(secret->password)) -@@ -326,6 +327,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - if (strv_isempty(secret->password)) { - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: "); -@@ -350,6 +353,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: "); - if (r != PAM_SUCCESS) - return PAM_CONV_ERR; /* no logging here */ -@@ -367,6 +372,8 @@ static int handle_generic_user_record_error( - - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) { - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name); - - r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true); -@@ -377,6 +384,8 @@ static int handle_generic_user_record_error( - - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) { - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name); - - r = user_record_set_fido2_user_presence_permitted(secret, true); -@@ -387,6 +396,8 @@ static int handle_generic_user_record_error( - - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) { - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name); - - r = user_record_set_fido2_user_verification_permitted(secret, true); -@@ -403,6 +414,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); - if (r != PAM_SUCCESS) -@@ -422,6 +435,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); - if (r != PAM_SUCCESS) -@@ -441,6 +456,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); - if (r != PAM_SUCCESS) --- -2.33.0 - diff --git a/backport-homed-add-missing-SYNTHETIC_ERRNO.patch b/backport-homed-add-missing-SYNTHETIC_ERRNO.patch deleted file mode 100644 index 56b670cf5d13374f55d23cf99b3186e3048e088d..0000000000000000000000000000000000000000 --- a/backport-homed-add-missing-SYNTHETIC_ERRNO.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 00eff1d423d2cb336d1e378cc8f348d2d19c2ed4 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:47:29 +0200 -Subject: [PATCH] homed: add missing SYNTHETIC_ERRNO() - -(cherry picked from commit 9191142ddfb3ccd2007245c01197d3f42943815c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00eff1d423d2cb336d1e378cc8f348d2d19c2ed4 ---- - src/home/homework-cifs.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c -index a697f7e5ee..04a4db8a94 100644 ---- a/src/home/homework-cifs.c -+++ b/src/home/homework-cifs.c -@@ -86,7 +86,8 @@ int home_prepare_cifs( - } - - if (!mounted) -- return log_error_errno(ENOKEY, "Failed to mount home directory with supplied password."); -+ return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), -+ "Failed to mount home directory with supplied password."); - - setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - } --- -2.33.0 - diff --git a/backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch b/backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch deleted file mode 100644 index 31da36a0d4504f007037886ad968570d6813c445..0000000000000000000000000000000000000000 --- a/backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f41b77e9788541244ad6d6bafe3e130fbabace84 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:47:02 +0200 -Subject: [PATCH] homed: fix log message referring to fsck, when we actually - mean mount - -(cherry picked from commit e070b9eac92993422db25c72ebdbdcc1cf424a0f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f41b77e9788541244ad6d6bafe3e130fbabace84 ---- - src/home/homework-cifs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c -index cf3c58431a..a697f7e5ee 100644 ---- a/src/home/homework-cifs.c -+++ b/src/home/homework-cifs.c -@@ -71,7 +71,7 @@ int home_prepare_cifs( - h->cifs_service, "/run/systemd/user-home-mount", - "-o", options, NULL); - -- log_error_errno(errno, "Failed to execute fsck: %m"); -+ log_error_errno(errno, "Failed to execute mount: %m"); - _exit(EXIT_FAILURE); - } - --- -2.33.0 - diff --git a/backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch b/backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch deleted file mode 100644 index ba15a3e709cea0096199c7a10f9e848556ef17f0..0000000000000000000000000000000000000000 --- a/backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b2420e2f911455b57edbb67e16883485ba75a638 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:46:06 +0200 -Subject: [PATCH] homed: make sure to use right asssesors for GID + access mode - -Don't reach directly into the UserRecord struct, but use the right -assessors, so that the "unspecified" case is covered. - -(cherry picked from commit 279e060e2549183101ebf94e9739b70ed499c4c1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b2420e2f911455b57edbb67e16883485ba75a638 ---- - src/home/homework-cifs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c -index 2254eb59cd..cf3c58431a 100644 ---- a/src/home/homework-cifs.c -+++ b/src/home/homework-cifs.c -@@ -58,8 +58,8 @@ int home_prepare_cifs( - - f = safe_fclose(f); - -- if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" UID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", -- p, h->uid, h->uid, h->access_mode, h->access_mode) < 0) -+ if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", -+ p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0) - return log_oom(); - - r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid); --- -2.33.0 - diff --git a/backport-homed-remove-misplaced-assert.patch b/backport-homed-remove-misplaced-assert.patch deleted file mode 100644 index a541e8d374011ace9ffeda42a5ad512ceab1ae88..0000000000000000000000000000000000000000 --- a/backport-homed-remove-misplaced-assert.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3c8240a44dc28a4c7c60c1599799383776f9e6dc Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:47:40 +0200 -Subject: [PATCH] homed: remove misplaced assert() - -(cherry picked from commit 67f9bf897c762ecb61872a5e8e0707a97c8ccd3d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3c8240a44dc28a4c7c60c1599799383776f9e6dc ---- - src/home/homework-mount.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c -index 5e737687d1..da4f14e08d 100644 ---- a/src/home/homework-mount.c -+++ b/src/home/homework-mount.c -@@ -69,9 +69,10 @@ int home_move_mount(const char *user_name_and_realm, const char *target) { - const char *d; - int r; - -- assert(user_name_and_realm); - assert(target); - -+ /* If user_name_and_realm is set, then we'll mount a subdir of the source mount into the host. If -+ * it's NULL we'll move the mount itself */ - if (user_name_and_realm) { - subdir = path_join("/run/systemd/user-home-mount/", user_name_and_realm); - if (!subdir) --- -2.33.0 - diff --git a/backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch b/backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch deleted file mode 100644 index 83bced076d2756edf9aa2787c52dea0935477bc3..0000000000000000000000000000000000000000 --- a/backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch +++ /dev/null @@ -1,84 +0,0 @@ -From bf6bd21f7c887ffa4591ed0cee00b234835ca2be Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 15 Oct 2021 17:58:13 +0200 -Subject: [PATCH] homed,shutdown: call valgrind magic after LOOP_GET_STATUS64 - -valgrind doesn't understand LOOP_GET_STATUS64. We already work around -this in various placed, via VALGRIND_MAKE_MEM_DEFINE(), but we forgot -three places. Let's fix that. - -(cherry picked from commit 48f462547d63e1d03bee612e1c77073263e71293) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bf6bd21f7c887ffa4591ed0cee00b234835ca2be ---- - src/home/homework-luks.c | 8 ++++++++ - src/shutdown/umount.c | 12 ++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 38d7d7cc70..05a0ed861e 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -8,6 +8,10 @@ - #include - #include - -+#if HAVE_VALGRIND_MEMCHECK_H -+#include -+#endif -+ - #include "blkid-util.h" - #include "blockdev-util.h" - #include "btrfs-util.h" -@@ -1136,6 +1140,10 @@ int home_prepare_luks( - offset *= 512U; - } - } else { -+#if HAVE_VALGRIND_MEMCHECK_H -+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); -+#endif -+ - offset = info.lo_offset; - size = info.lo_sizelimit; - } -diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index c2a26242c0..1f945b7875 100644 ---- a/src/shutdown/umount.c -+++ b/src/shutdown/umount.c -@@ -15,6 +15,10 @@ - #include - #include - -+#if HAVE_VALGRIND_MEMCHECK_H -+#include -+#endif -+ - #include "sd-device.h" - - #include "alloc-util.h" -@@ -409,6 +413,10 @@ static int delete_loopback(const char *device) { - return -EBUSY; /* propagate original error */ - } - -+#if HAVE_VALGRIND_MEMCHECK_H -+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); -+#endif -+ - if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) /* someone else already set LO_FLAGS_AUTOCLEAR for us? fine by us */ - return -EBUSY; /* propagate original error */ - -@@ -434,6 +442,10 @@ static int delete_loopback(const char *device) { - return 1; - } - -+#if HAVE_VALGRIND_MEMCHECK_H -+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); -+#endif -+ - /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing - * anything. Very confusing. Let's hence not claim we did anything in this case. */ - if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) --- -2.33.0 - diff --git a/backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch b/backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch deleted file mode 100644 index 84b46be287e1be247c217baa3365c33787671a71..0000000000000000000000000000000000000000 --- a/backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7b3ff9a957630535ec58aeca7e41e6c63fa99114 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 15 Oct 2021 11:23:00 +0200 -Subject: [PATCH] homework: don't bother with BLKRRPART on images that aren't - block devices - -We currently call this ioctl even if we are backed by a regular file, -which is actually the common case. While this doesn't really hurt, it -does result in very confusing logs. - -(cherry picked from commit 6a1301d8c97dc650e4355bb7c193f5821b3383a8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b3ff9a957630535ec58aeca7e41e6c63fa99114 ---- - src/home/homework-luks.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 64bbfe3c77..38d7d7cc70 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -2813,7 +2813,7 @@ int home_resize_luks( - if (r > 0) - log_info("Growing of partition completed."); - -- if (ioctl(image_fd, BLKRRPART, 0) < 0) -+ if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0) - log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m"); - - /* Tell LUKS about the new bigger size too */ -@@ -2887,7 +2887,7 @@ int home_resize_luks( - if (r > 0) - log_info("Shrinking of partition completed."); - -- if (ioctl(image_fd, BLKRRPART, 0) < 0) -+ if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0) - log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m"); - } else { - r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home); --- -2.33.0 - diff --git a/backport-homework-fix-a-bad-error-propagation.patch b/backport-homework-fix-a-bad-error-propagation.patch deleted file mode 100644 index 8f04f0b74f428ad7fe5ea933a078de3e8fcb1295..0000000000000000000000000000000000000000 --- a/backport-homework-fix-a-bad-error-propagation.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e05915315fdf21ee51ec1501e02d04ba1e9af045 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 24 Nov 2021 18:36:00 +0100 -Subject: [PATCH] homework: fix a bad error propagation - -(cherry picked from commit b05f4495bd374dc28d39ea43ac7cec3f0fea4071) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e05915315fdf21ee51ec1501e02d04ba1e9af045 ---- - src/home/homework.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/home/homework.c b/src/home/homework.c -index b20b4bdf3e..32a42c5d09 100644 ---- a/src/home/homework.c -+++ b/src/home/homework.c -@@ -485,7 +485,7 @@ static int write_identity_file(int root_fd, JsonVariant *v, uid_t uid) { - } - - if (fchown(fileno(identity_file), uid, uid) < 0) { -- log_error_errno(r, "Failed to change ownership of identity file: %m"); -+ r = log_error_errno(errno, "Failed to change ownership of identity file: %m"); - goto fail; - } - --- -2.33.0 - diff --git a/backport-homework-fix-incorrect-error-variable-use.patch b/backport-homework-fix-incorrect-error-variable-use.patch deleted file mode 100644 index 3b7d7478bbb4af69ff3e2a35280fe4090472ebcf..0000000000000000000000000000000000000000 --- a/backport-homework-fix-incorrect-error-variable-use.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3e9dbda7d5efbe642e6254cc086b4cf54c862618 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 14 Oct 2021 15:40:59 +0200 -Subject: [PATCH] homework: fix incorrect error variable use - -(cherry picked from commit 82fb0911fc0aa2aaf39428ef36e78898ece2b4ea) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3e9dbda7d5efbe642e6254cc086b4cf54c862618 ---- - src/home/homework-luks.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 6448883fe0..64bbfe3c77 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -1146,7 +1146,7 @@ int home_prepare_luks( - - root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - if (root_fd < 0) { -- r = log_error_errno(r, "Failed to open home directory: %m"); -+ r = log_error_errno(errno, "Failed to open home directory: %m"); - goto fail; - } - } else { -@@ -1233,7 +1233,7 @@ int home_prepare_luks( - - root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - if (root_fd < 0) { -- r = log_error_errno(r, "Failed to open home directory: %m"); -+ r = log_error_errno(errno, "Failed to open home directory: %m"); - goto fail; - } - --- -2.33.0 - diff --git a/backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch b/backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch deleted file mode 100644 index 21dc8b5faa9120d21341455631246044dbd5fd44..0000000000000000000000000000000000000000 --- a/backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 7b49704dfe47474be0d74996db45e6ba42d6b2e1 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 28 Oct 2021 19:06:52 +0200 -Subject: [PATCH] homework,repart: turn on cryptsetup logging before we have a - context - -Otherwise we'll miss the log message from allocation of the context. We -already made this change in most of our tools that interface with -libcryptsetup, but we forgot two. - -As suggested: - -https://github.com/systemd/systemd/pull/21135#discussion_r738287504 -(cherry picked from commit 30f194001ff647280ad49b68597c223e57ad7f6e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b49704dfe47474be0d74996db45e6ba42d6b2e1 ---- - src/home/homework.c | 2 ++ - src/partition/repart.c | 4 ++++ - 2 files changed, 6 insertions(+) - -diff --git a/src/home/homework.c b/src/home/homework.c -index bdd9ac649e..b20b4bdf3e 100644 ---- a/src/home/homework.c -+++ b/src/home/homework.c -@@ -1651,6 +1651,8 @@ static int run(int argc, char *argv[]) { - - log_setup(); - -+ cryptsetup_enable_logging(NULL); -+ - umask(0022); - - if (argc < 2 || argc > 3) -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 3c80d1380a..7602ac6aa8 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -4863,6 +4863,10 @@ static int run(int argc, char *argv[]) { - if (r < 0) - return r; - -+#if HAVE_LIBCRYPTSETUP -+ cryptsetup_enable_logging(NULL); -+#endif -+ - if (arg_image) { - assert(!arg_root); - --- -2.33.0 - diff --git a/backport-hostname-fix-off-by-one-issue-in-gethostname.patch b/backport-hostname-fix-off-by-one-issue-in-gethostname.patch deleted file mode 100644 index 30fdc7db819d5ad73feb098839cce902456011c8..0000000000000000000000000000000000000000 --- a/backport-hostname-fix-off-by-one-issue-in-gethostname.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6a8b886fef4ad101108126cab2125a90f7aa6441 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 11 Aug 2021 00:12:40 +0900 -Subject: [PATCH] hostname: fix off-by-one issue in gethostname() - -gethostname() returns null-terminated hostname. - -Fixes #20309 and #20417. - -(cherry picked from commit ccdf235464297c2ca4c1dea8733a6bad423084d5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6a8b886fef4ad101108126cab2125a90f7aa6441 ---- - src/shared/hostname-setup.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/shared/hostname-setup.c b/src/shared/hostname-setup.c -index 511aa7d031..742174d6c8 100644 ---- a/src/shared/hostname-setup.c -+++ b/src/shared/hostname-setup.c -@@ -20,11 +20,11 @@ - #include "util.h" - - static int sethostname_idempotent_full(const char *s, bool really) { -- char buf[HOST_NAME_MAX + 1] = {}; -+ char buf[HOST_NAME_MAX + 1]; - - assert(s); - -- if (gethostname(buf, sizeof(buf) - 1) < 0) -+ if (gethostname(buf, sizeof(buf)) < 0) - return -errno; - - if (streq(buf, s)) -@@ -42,11 +42,11 @@ int sethostname_idempotent(const char *s) { - } - - bool get_hostname_filtered(char ret[static HOST_NAME_MAX + 1]) { -- char buf[HOST_NAME_MAX + 1] = {}; -+ char buf[HOST_NAME_MAX + 1]; - - /* Returns true if we got a good hostname, false otherwise. */ - -- if (gethostname(buf, sizeof(buf) - 1) < 0) -+ if (gethostname(buf, sizeof(buf)) < 0) - return false; /* This can realistically only fail with ENAMETOOLONG. - * Let's treat that case the same as an invalid hostname. */ - --- -2.33.0 - diff --git a/backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch b/backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch deleted file mode 100644 index 184cfdf7c2e1da9fe03c825cd268d9381910305e..0000000000000000000000000000000000000000 --- a/backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch +++ /dev/null @@ -1,59 +0,0 @@ -From b873f52871845b769f739e9d6954080ba490200c Mon Sep 17 00:00:00 2001 -From: Jan Palus -Date: Thu, 8 Jul 2021 00:23:21 +0200 -Subject: [PATCH] hostnamed: correct variable with errno in fallback_chassis - -fixes assertion failure on arm: - -systemd-hostnamed[642]: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting. - -(cherry picked from commit 105a4245ff13d588e1e848e8ee3cffd6185bd0ae) -(cherry picked from commit 4a44597bdd725f504ebd520b0deef7797dc46daa) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b873f52871845b769f739e9d6954080ba490200c ---- - src/hostname/hostnamed.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index bd535ddc4d..36702f2fb0 100644 ---- a/src/hostname/hostnamed.c -+++ b/src/hostname/hostnamed.c -@@ -204,14 +204,14 @@ static const char* fallback_chassis(void) { - - r = read_one_line_file("/sys/class/dmi/id/chassis_type", &type); - if (r < 0) { -- log_debug_errno(v, "Failed to read DMI chassis type, ignoring: %m"); -+ log_debug_errno(r, "Failed to read DMI chassis type, ignoring: %m"); - goto try_acpi; - } - - r = safe_atou(type, &t); - free(type); - if (r < 0) { -- log_debug_errno(v, "Failed to parse DMI chassis type, ignoring: %m"); -+ log_debug_errno(r, "Failed to parse DMI chassis type, ignoring: %m"); - goto try_acpi; - } - -@@ -260,14 +260,14 @@ static const char* fallback_chassis(void) { - try_acpi: - r = read_one_line_file("/sys/firmware/acpi/pm_profile", &type); - if (r < 0) { -- log_debug_errno(v, "Failed read ACPI PM profile, ignoring: %m"); -+ log_debug_errno(r, "Failed read ACPI PM profile, ignoring: %m"); - return NULL; - } - - r = safe_atou(type, &t); - free(type); - if (r < 0) { -- log_debug_errno(v, "Failed parse ACPI PM profile, ignoring: %m"); -+ log_debug_errno(r, "Failed parse ACPI PM profile, ignoring: %m"); - return NULL; - } - --- -2.33.0 - diff --git a/backport-hwdb-Allow-console-users-access-to-media-nodes.patch b/backport-hwdb-Allow-console-users-access-to-media-nodes.patch deleted file mode 100644 index 991bd32d725d274bd8208166b9f1fdb82092e333..0000000000000000000000000000000000000000 --- a/backport-hwdb-Allow-console-users-access-to-media-nodes.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 920d0d1b14dfb94788a5b2794860cac583b982c3 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Tue, 26 Oct 2021 11:57:30 +0200 -Subject: [PATCH] hwdb: Allow console users access to media* nodes - -Newer webcams and video devices have controls only available through -/dev/media* nodes. Make sure they're accessible in the same way as -/dev/video* nodes. - -Closes: #21054 -(cherry picked from commit 63fbfc598f9f6d3ce34cc00a7687089dab24daff) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/920d0d1b14dfb94788a5b2794860cac583b982c3 ---- - src/login/70-uaccess.rules.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/login/70-uaccess.rules.in b/src/login/70-uaccess.rules.in -index 56e1087fef..1b6be82703 100644 ---- a/src/login/70-uaccess.rules.in -+++ b/src/login/70-uaccess.rules.in -@@ -33,6 +33,7 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ - # Webcams, frame grabber, TV cards - SUBSYSTEM=="video4linux", TAG+="uaccess" - SUBSYSTEM=="dvb", TAG+="uaccess" -+SUBSYSTEM=="media", TAG+="uaccess" - - # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more - SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" --- -2.33.0 - diff --git a/backport-hwdb-fix-parsing-options.patch b/backport-hwdb-fix-parsing-options.patch deleted file mode 100644 index 00eb94e4cd51683285e827123a42050c447f8833..0000000000000000000000000000000000000000 --- a/backport-hwdb-fix-parsing-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -From eee4da4d240bef47a6cc8ab60838d6c443ab8ab8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 6 Apr 2022 01:08:35 +0900 -Subject: [PATCH] hwdb: fix parsing options - -Fixes #22976. - -(cherry picked from commit 5674b74c4f99e433fd8e7242e9f16f6ddfece94c) -(cherry picked from commit df6253cbda3e5d1b3c694de223cb7899f3aecc74) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/eee4da4d240bef47a6cc8ab60838d6c443ab8ab8 ---- - src/hwdb/hwdb.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c -index 50b4cb304a..a3a050530b 100644 ---- a/src/hwdb/hwdb.c -+++ b/src/hwdb/hwdb.c -@@ -73,8 +73,8 @@ static int parse_argv(int argc, char *argv[]) { - assert(argc >= 0); - assert(argv); - -- while ((c = getopt_long(argc, argv, "ust:r:h", options, NULL)) >= 0) -- switch(c) { -+ while ((c = getopt_long(argc, argv, "sr:h", options, NULL)) >= 0) -+ switch (c) { - - case 'h': - return help(); --- -2.33.0 - diff --git a/backport-hwdb-remove-double-empty-line-in-help-text.patch b/backport-hwdb-remove-double-empty-line-in-help-text.patch deleted file mode 100644 index 7189fea36579e79c9b5b583b87c9ba2622f05a5c..0000000000000000000000000000000000000000 --- a/backport-hwdb-remove-double-empty-line-in-help-text.patch +++ /dev/null @@ -1,29 +0,0 @@ -From da61fe147e40ba26ed8cf405dbf0a0e71e060d0b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 30 Aug 2021 13:20:59 +0200 -Subject: [PATCH] hwdb: remove double empty line in --help text - -(cherry picked from commit aecc04f1800c87e0479e74e0225e288a403ba77e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/da61fe147e40ba26ed8cf405dbf0a0e71e060d0b ---- - src/hwdb/hwdb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c -index 26cc83f31b..50b4cb304a 100644 ---- a/src/hwdb/hwdb.c -+++ b/src/hwdb/hwdb.c -@@ -43,7 +43,7 @@ static int help(void) { - " --version Show package version\n" - " -s --strict When updating, return non-zero exit value on any parsing error\n" - " --usr Generate in " UDEVLIBEXECDIR " instead of /etc/udev\n" -- " -r --root=PATH Alternative root path in the filesystem\n\n" -+ " -r --root=PATH Alternative root path in the filesystem\n" - "\nSee the %s for details.\n", - program_invocation_short_name, - ansi_highlight(), --- -2.33.0 - diff --git a/backport-icmp6-drop-unnecessary-assertion.patch b/backport-icmp6-drop-unnecessary-assertion.patch deleted file mode 100644 index 4b4dbaefce9d8bb243c662765e1bdf39c4cf72be..0000000000000000000000000000000000000000 --- a/backport-icmp6-drop-unnecessary-assertion.patch +++ /dev/null @@ -1,30 +0,0 @@ -From aff2bf0465f677ba60e1cc701ae73968991e4a3f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 Aug 2021 08:44:27 +0900 -Subject: [PATCH] icmp6: drop unnecessary assertion - -Follow-up for 3691bcf3c5eebdcca5b4f1c51c745441c57a6cd1. - -(cherry picked from commit 6da22a2fa592cc908d26c732b537d8b4fc004280) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/aff2bf0465f677ba60e1cc701ae73968991e4a3f ---- - src/libsystemd-network/icmp6-util.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c -index 67c6b55d84..0b8c3e4cc3 100644 ---- a/src/libsystemd-network/icmp6-util.c -+++ b/src/libsystemd-network/icmp6-util.c -@@ -186,7 +186,6 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, - - /* namelen == 0 only happens when running the test-suite over a socketpair */ - -- assert(!(msg.msg_flags & MSG_CTRUNC)); - assert(!(msg.msg_flags & MSG_TRUNC)); - - CMSG_FOREACH(cmsg, &msg) { --- -2.33.0 - diff --git a/backport-import-turn-off-weird-protocols-in-curl.patch b/backport-import-turn-off-weird-protocols-in-curl.patch deleted file mode 100644 index 5994c122ab364c46d29464686a458c74a95b4bf1..0000000000000000000000000000000000000000 --- a/backport-import-turn-off-weird-protocols-in-curl.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4d8fd88b9641fce81272f60f556543f713175403 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 19 Aug 2021 18:12:56 +0200 -Subject: [PATCH] import: turn off weird protocols in curl - -Let's lock things down a bit and now allow curl's weirder protocols to -be used with our use. i.e. stick to http:// + https:// + file:// and -turn everything else off. (Gopher!) - -This is cde that interfaces with the network after all, and we better -shouldn't support protocols needlessly that are much less tested. - -(Given that HTTP redirects (and other redirects) exist, this should give -us a security benefit, since we will then be sure that noone can forward -us to a weird protocol, which we never tested, and other people test -neither) - -(cherry picked from commit 55b90ee00b78a449c8f187a5e8141f8ccb100bf4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4d8fd88b9641fce81272f60f556543f713175403 ---- - src/import/curl-util.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/import/curl-util.c b/src/import/curl-util.c -index ed2ac0a654..d6a16b4f57 100644 ---- a/src/import/curl-util.c -+++ b/src/import/curl-util.c -@@ -256,6 +256,9 @@ int curl_glue_make(CURL **ret, const char *url, void *userdata) { - if (curl_easy_setopt(c, CURLOPT_LOW_SPEED_LIMIT, 30L) != CURLE_OK) - return -EIO; - -+ if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK) -+ return -EIO; -+ - *ret = TAKE_PTR(c); - return 0; - } --- -2.33.0 - diff --git a/backport-journactl-show-info-about-journal-range-only-at-debu.patch b/backport-journactl-show-info-about-journal-range-only-at-debu.patch deleted file mode 100644 index 8ade4a13a359fe12476a4a4c9df084fd6929dcff..0000000000000000000000000000000000000000 --- a/backport-journactl-show-info-about-journal-range-only-at-debu.patch +++ /dev/null @@ -1,51 +0,0 @@ -From cc9ef67919c33b253bed86db415f5970e96440d9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 14 Dec 2021 22:30:15 +0100 -Subject: [PATCH] journactl: show info about journal range only at debug level - (#21775) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The message that the "journal begins … ends …" has been always confusing to -users. (Before b91ae210e62 it was "logs begin … end …" which was arguably even -more confusing, but really the change in b91ae210e62 didn't substantially change -this.) - -When the range shown is limited (by -e, -f, --since, or other options), it -doesn't really matter to the user what the oldest entries are, since they are -purposefully limiting the range. In fact, if we are showing the last few -entries with -e or -f, knowing that many months the oldest entries have is -completely useless. - -And when such options are *not* used, the first entry generally corresponds to -the beginning of the range shown, and the last entry corresponds to the end of -that range. So again, it's not particularly useful, except when debugging -journalctl or such. Let's just treat it as a debug message. - -Fixes #21491. - -(cherry picked from commit a2d7654f99eba250eddf988db262abef96ebbe7a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cc9ef67919c33b253bed86db415f5970e96440d9 ---- - src/journal/journalctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c -index 3eac97510d..decdf14145 100644 ---- a/src/journal/journalctl.c -+++ b/src/journal/journalctl.c -@@ -2598,7 +2598,7 @@ int main(int argc, char *argv[]) { - if (!arg_follow) - (void) pager_open(arg_pager_flags); - -- if (!arg_quiet && (arg_lines != 0 || arg_follow)) { -+ if (!arg_quiet && (arg_lines != 0 || arg_follow) && DEBUG_LOGGING) { - usec_t start, end; - char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX]; - --- -2.33.0 - diff --git a/backport-journal-Deduplicate-entry-items-before-they-are-stor.patch b/backport-journal-Deduplicate-entry-items-before-they-are-stor.patch deleted file mode 100644 index 757d1da5ab54a95026c7f2ebeb8c8bd6b78f2025..0000000000000000000000000000000000000000 --- a/backport-journal-Deduplicate-entry-items-before-they-are-stor.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 71976e91c5a887585b9fb8a162116824b141eecf Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 12 Nov 2021 14:32:40 +0000 -Subject: [PATCH] journal: Deduplicate entry items before they are stored in - the entry object - -If the iovec contains the same data more than once, we'll end up with -duplicate offsets in the items array. Let's make sure we remove any -duplicates before we store the items in an entry object. - -(cherry picked from commit 5ec9fbae64bef896368f744a875dd0437a4c42f2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/71976e91c5a887585b9fb8a162116824b141eecf ---- - src/libsystemd/sd-journal/journal-file.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index ae19c1c1f2..a8029c2868 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -2082,6 +2082,21 @@ static int entry_item_cmp(const EntryItem *a, const EntryItem *b) { - return CMP(le64toh(a->object_offset), le64toh(b->object_offset)); - } - -+static size_t remove_duplicate_entry_items(EntryItem items[], size_t n) { -+ -+ /* This function relies on the items array being sorted. */ -+ size_t j = 1; -+ -+ if (n <= 1) -+ return n; -+ -+ for (size_t i = 1; i < n; i++) -+ if (items[i].object_offset != items[j - 1].object_offset) -+ items[j++] = items[i]; -+ -+ return j; -+} -+ - int journal_file_append_entry( - JournalFile *f, - const dual_timestamp *ts, -@@ -2151,6 +2166,7 @@ int journal_file_append_entry( - /* Order by the position on disk, in order to improve seek - * times for rotating media. */ - typesafe_qsort(items, n_iovec, entry_item_cmp); -+ n_iovec = remove_duplicate_entry_items(items, n_iovec); - - r = journal_file_append_entry_internal(f, ts, boot_id, xor_hash, items, n_iovec, seqnum, ret, ret_offset); - --- -2.33.0 - diff --git a/backport-journal-Only-move-to-objects-when-necessary.patch b/backport-journal-Only-move-to-objects-when-necessary.patch deleted file mode 100644 index 68b0eeea174e955964f2003531a7c9143b6a99bd..0000000000000000000000000000000000000000 --- a/backport-journal-Only-move-to-objects-when-necessary.patch +++ /dev/null @@ -1,244 +0,0 @@ -From 57ba83ddd33d8ed5e8cee6a35f6ee780532a7a0d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 25 Jan 2022 11:50:40 +0000 -Subject: [PATCH] journal: Only move to objects when necessary - -Conflict:don't modify journal_file_read_object because 117e2112 isn't merged; -don't modify generic_array_get because 8d801e35cb isn't merged; adapt context -Reference:https://github.com/systemd/systemd/commit/ded10e3a5f4c9a9fca9a57f5feb7e77db4155dbd - -Let's make sure we only move to objects when it's required. If "ret" -is NULL, the caller isn't interested in the actual object and the -function being called shouldn't move to it unless it has to -inspect/modify the object itself. ---- - src/libsystemd/sd-journal/journal-file.c | 99 +++++++++-------------- - 1 file changed, 39 insertions(+), 60 deletions(-) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index e3e926b..efc5018 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -931,7 +931,6 @@ int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset - uint64_t s; - - assert(f); -- assert(ret); - - /* Objects may only be located at multiple of 64 bit */ - if (!VALID64(offset)) -@@ -986,7 +985,9 @@ int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset - if (r < 0) - return r; - -- *ret = o; -+ if (ret) -+ *ret = o; -+ - return 0; - } - -@@ -1584,19 +1585,11 @@ static int journal_file_append_field( - - hash = journal_file_hash_data(f, field, size); - -- r = journal_file_find_field_object_with_hash(f, field, size, hash, &o, &p); -+ r = journal_file_find_field_object_with_hash(f, field, size, hash, ret, ret_offset); - if (r < 0) - return r; -- if (r > 0) { -- -- if (ret) -- *ret = o; -- -- if (ret_offset) -- *ret_offset = p; -- -+ if (r > 0) - return 0; -- } - - osize = offsetof(Object, field.payload) + size; - r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p); -@@ -1610,20 +1603,20 @@ static int journal_file_append_field( - if (r < 0) - return r; - -- /* The linking might have altered the window, so let's -- * refresh our pointer */ -- r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o); -- if (r < 0) -- return r; -+ /* The linking might have altered the window, so let's only pass the offset to hmac which will -+ * move to the object again if needed. */ - - #if HAVE_GCRYPT -- r = journal_file_hmac_put_object(f, OBJECT_FIELD, o, p); -+ r = journal_file_hmac_put_object(f, OBJECT_FIELD, NULL, p); - if (r < 0) - return r; - #endif - -- if (ret) -- *ret = o; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_FIELD, p, ret); -+ if (r < 0) -+ return r; -+ } - - if (ret_offset) - *ret_offset = p; -@@ -1647,19 +1640,11 @@ static int journal_file_append_data( - - hash = journal_file_hash_data(f, data, size); - -- r = journal_file_find_data_object_with_hash(f, data, size, hash, &o, &p); -+ r = journal_file_find_data_object_with_hash(f, data, size, hash, ret, ret_offset); - if (r < 0) - return r; -- if (r > 0) { -- -- if (ret) -- *ret = o; -- -- if (ret_offset) -- *ret_offset = p; -- -+ if (r > 0) - return 0; -- } - - osize = offsetof(Object, data.payload) + size; - r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p); -@@ -1693,17 +1678,16 @@ static int journal_file_append_data( - if (r < 0) - return r; - --#if HAVE_GCRYPT -- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); -+ /* The linking might have altered the window, so let's refresh our pointer. */ -+ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); - if (r < 0) - return r; --#endif - -- /* The linking might have altered the window, so let's -- * refresh our pointer */ -- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -+#if HAVE_GCRYPT -+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); - if (r < 0) - return r; -+#endif - - if (!data) - eq = NULL; -@@ -2307,20 +2290,15 @@ static int generic_array_get_plus_one( - uint64_t i, - Object **ret, uint64_t *ret_offset) { - -- Object *o; -- - assert(f); - - if (i == 0) { - int r; - -- r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, ret); - if (r < 0) - return r; - -- if (ret) -- *ret = o; -- - if (ret_offset) - *ret_offset = extra; - -@@ -2349,7 +2327,7 @@ static int generic_array_bisect( - - uint64_t a, p, t = 0, i = 0, last_p = 0, last_index = UINT64_MAX; - bool subtract_one = false; -- Object *o, *array = NULL; -+ Object *array = NULL; - int r; - ChainCacheItem *ci; - -@@ -2537,12 +2515,11 @@ found: - else - p = le64toh(array->entry_array.items[i]); - -- r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o); -- if (r < 0) -- return r; -- -- if (ret) -- *ret = o; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, p, ret); -+ if (r < 0) -+ return r; -+ } - - if (ret_offset) - *ret_offset = p; -@@ -2567,7 +2544,6 @@ static int generic_array_bisect_plus_one( - - int r; - bool step_back = false; -- Object *o; - - assert(f); - assert(test_object); -@@ -2610,12 +2586,11 @@ static int generic_array_bisect_plus_one( - return r; - - found: -- r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); -- if (r < 0) -- return r; -- -- if (ret) -- *ret = o; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, ret); -+ if (r < 0) -+ return r; -+ } - - if (ret_offset) - *ret_offset = extra; -@@ -3088,7 +3063,6 @@ int journal_file_move_to_entry_by_monotonic_for_data( - * exists in both bisection arrays */ - - for (;;) { -- Object *qo; - uint64_t p, q; - - r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d); -@@ -3117,14 +3091,18 @@ int journal_file_move_to_entry_by_monotonic_for_data( - p, - test_object_offset, - direction, -- &qo, &q, NULL); -+ NULL, &q, NULL); - - if (r <= 0) - return r; - - if (p == q) { -- if (ret) -- *ret = qo; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, q, ret); -+ if (r < 0) -+ return r; -+ } -+ - if (ret_offset) - *ret_offset = q; - --- -2.23.0 - diff --git a/backport-journal-Remove-entry-seqnum-revert-logic.patch b/backport-journal-Remove-entry-seqnum-revert-logic.patch deleted file mode 100644 index b2a1a519e02a12594525ab1f759a210162fd0645..0000000000000000000000000000000000000000 --- a/backport-journal-Remove-entry-seqnum-revert-logic.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 06a0e8283ed87773795f28e58318d5d1b46b1088 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 12 Nov 2021 14:29:02 +0000 -Subject: [PATCH] journal: Remove entry seqnum revert logic - -This actually causes mismatches between the header tail entry seqnum -and the last entry seqnum since when we revert the header seqnum, we -don't remove the entry object we added. If adding the entry object -itself fails, we don't need to revert the seqnum since it's never -incremented so let's remove this logic alltogether. - -(cherry picked from commit b41b682bd6f1290caa4220291b22cae317cb6413) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/06a0e8283ed87773795f28e58318d5d1b46b1088 ---- - src/libsystemd/sd-journal/journal-file.c | 32 ++---------------------- - 1 file changed, 2 insertions(+), 30 deletions(-) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 2c17435de2..ae19c1c1f2 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -1021,30 +1021,6 @@ static uint64_t journal_file_entry_seqnum( - return ret; - } - --static void journal_file_revert_entry_seqnum( -- JournalFile *f, -- uint64_t *seqnum, -- uint64_t revert_seqnum) { -- -- assert(f); -- assert(f->header); -- -- if (revert_seqnum == 0) /* sequence number 0? can't go back */ -- return; -- -- /* Undoes the effect of journal_file_entry_seqnum() above: if we fail to append an entry to a file, -- * let's revert the seqnum we were about to use, so that we can use it on the next entry. */ -- -- if (le64toh(f->header->tail_entry_seqnum) == revert_seqnum) -- f->header->tail_entry_seqnum = htole64(revert_seqnum - 1); -- -- if (le64toh(f->header->head_entry_seqnum) == revert_seqnum) -- f->header->head_entry_seqnum = 0; -- -- if (seqnum && *seqnum == revert_seqnum) -- *seqnum = revert_seqnum - 1; --} -- - int journal_file_append_object( - JournalFile *f, - ObjectType type, -@@ -2004,12 +1980,12 @@ static int journal_file_append_entry_internal( - #if HAVE_GCRYPT - r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np); - if (r < 0) -- goto fail; -+ return r; - #endif - - r = journal_file_link_entry(f, o, np); - if (r < 0) -- goto fail; -+ return r; - - if (ret) - *ret = o; -@@ -2017,10 +1993,6 @@ static int journal_file_append_entry_internal( - if (ret_offset) - *ret_offset = np; - -- return 0; -- --fail: -- journal_file_revert_entry_seqnum(f, seqnum, le64toh(o->entry.seqnum)); - return r; - } - --- -2.33.0 - diff --git a/backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch b/backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch deleted file mode 100644 index 82b2269b70aafead4deba733406f15df87e12a13..0000000000000000000000000000000000000000 --- a/backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2124893b258ffc23ae034bce388b61fb148c805f Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 17 Nov 2021 16:46:29 +0000 -Subject: [PATCH] journal: Skip corrupt Data objects in sd_journal_get_data() - -Similar to the change we made for sd_journal_enumerate_data(), let's -skip corrupt entry items and data objects in sd_journal_get_data(). - -(cherry picked from commit 8a799bed4c25be5792acf4d375bd2cdf0a4a3165) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2124893b258ffc23ae034bce388b61fb148c805f ---- - src/libsystemd/sd-journal/sd-journal.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 18ede19e26..71875a4dc8 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2309,11 +2309,17 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - p = le64toh(o->entry.items[i].object_offset); - le_hash = o->entry.items[i].hash; - r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); -+ if (r == -EBADMSG) { -+ log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); -+ continue; -+ } - if (r < 0) - return r; - -- if (le_hash != d->data.hash) -- return -EBADMSG; -+ if (le_hash != d->data.hash) { -+ log_debug("Entry item %"PRIu64" hash is bad, skipping over it.", i); -+ continue; -+ } - - l = le64toh(d->object.size) - offsetof(Object, data.payload); - --- -2.33.0 - diff --git a/backport-journal-Skip-data-objects-with-invalid-offsets.patch b/backport-journal-Skip-data-objects-with-invalid-offsets.patch deleted file mode 100644 index e2af7d697994ce46cfc0988f65c3f4615876d2b3..0000000000000000000000000000000000000000 --- a/backport-journal-Skip-data-objects-with-invalid-offsets.patch +++ /dev/null @@ -1,68 +0,0 @@ -From bf022f9f4841368bb84372ee5605ce5c0f936c79 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 12 Jan 2022 14:44:50 +0000 -Subject: [PATCH] journal: Skip data objects with invalid offsets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We already skip invalid objects, but don't yet skip invalid offsets. -Let's skip these as well to improve robustness when we're dealing with -corrupted journals. - -Before: - -``` -âžœ systemd git:(main) build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ -Failed to get journal fields: Cannot assign requested address --- No entries -- -``` - -After: - -``` -âžœ systemd git:(main) ✗ build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ -Dec 09 08:32:38 snowball3 NetworkManager[911]: [1639038758.1464] device (wlp1s0): supplicant interface state: scanning -> authenticating -Dec 09 08:32:38 snowball3 kernel: wlp1s0: send auth to ec:a9:40:79:fb:ad (try 1/3) -Dec 09 08:32:38 snowball3 kernel: wlp1s0: authenticate with ec:a9:40:79:fb:ad -Dec 09 08:32:38 snowball3 wpa_supplicant[1003]: wlp1s0: SME: Trying to authenticate with ec:a9:40:79:fb:ad (SSID='UPC949397B' freq=5500 MHz) -``` - -(cherry picked from commit df207ccb7be02b1ca6bdd0a2066a898e5b24ee86) -(cherry picked from commit 556f46aa3b17f4ed6768521137405297c8a99d35) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bf022f9f4841368bb84372ee5605ce5c0f936c79 ---- - src/libsystemd/sd-journal/sd-journal.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index dd28b8008f..3cdc629a8d 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2310,8 +2310,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - p = le64toh(o->entry.items[i].object_offset); - le_hash = o->entry.items[i].hash; - r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); -- if (r == -EBADMSG) { -- log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); -+ if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { -+ log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", i); - continue; - } - if (r < 0) -@@ -2455,8 +2455,8 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t - p = le64toh(o->entry.items[j->current_field].object_offset); - le_hash = o->entry.items[j->current_field].hash; - r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -- if (r == -EBADMSG) { -- log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); -+ if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { -+ log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", j->current_field); - continue; - } - if (r < 0) --- -2.33.0 - diff --git a/backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch b/backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch deleted file mode 100644 index 9cfa077350ba5403e887b67f4b219c9469b0e967..0000000000000000000000000000000000000000 --- a/backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch +++ /dev/null @@ -1,93 +0,0 @@ -From e8a54526d8a89097742d808a53956a54431ded06 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 17 Nov 2021 15:54:35 +0000 -Subject: [PATCH] journal: Skip over corrupt entry items in enumerate_data() - -Similar to sd_journal_next(), if trying to access an entry item -offset's data results in EBADMSG, skip to the next entry item so -we handle corruption better. - -Fixes #21407 - -(cherry picked from commit 5a94a2bf2b9c9ae362dd4a7c2e6b263c55545036) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e8a54526d8a89097742d808a53956a54431ded06 ---- - src/libsystemd/sd-journal/sd-journal.c | 47 ++++++++++++++++---------- - 1 file changed, 29 insertions(+), 18 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index b3240177cb..02d4582c98 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2425,10 +2425,8 @@ static int return_data( - - _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *size) { - JournalFile *f; -- uint64_t p, n; -- le64_t le_hash; -- int r; - Object *o; -+ int r; - - assert_return(j, -EINVAL); - assert_return(!journal_pid_changed(j), -ECHILD); -@@ -2446,26 +2444,39 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t - if (r < 0) - return r; - -- n = journal_file_entry_n_items(o); -- if (j->current_field >= n) -- return 0; -+ for (uint64_t n = journal_file_entry_n_items(o); j->current_field < n; j->current_field++) { -+ uint64_t p; -+ le64_t le_hash; - -- p = le64toh(o->entry.items[j->current_field].object_offset); -- le_hash = o->entry.items[j->current_field].hash; -- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -- if (r < 0) -- return r; -+ p = le64toh(o->entry.items[j->current_field].object_offset); -+ le_hash = o->entry.items[j->current_field].hash; -+ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -+ if (r == -EBADMSG) { -+ log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); -+ continue; -+ } -+ if (r < 0) -+ return r; - -- if (le_hash != o->data.hash) -- return -EBADMSG; -+ if (le_hash != o->data.hash) { -+ log_debug("Entry item %"PRIu64" hash is bad, skipping over it.", j->current_field); -+ continue; -+ } - -- r = return_data(j, f, o, data, size); -- if (r < 0) -- return r; -+ r = return_data(j, f, o, data, size); -+ if (r == -EBADMSG) { -+ log_debug("Entry item %"PRIu64" data payload is bad, skipping over it.", j->current_field); -+ continue; -+ } -+ if (r < 0) -+ return r; - -- j->current_field++; -+ j->current_field++; - -- return 1; -+ return 1; -+ } -+ -+ return 0; - } - - _public_ int sd_journal_enumerate_available_data(sd_journal *j, const void **data, size_t *size) { --- -2.33.0 - diff --git a/backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch b/backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch deleted file mode 100644 index be58cca79ed4579a41cfb7819d4aa660daa0dcc2..0000000000000000000000000000000000000000 --- a/backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch +++ /dev/null @@ -1,95 +0,0 @@ -From a1ca5320ec74f5112d32338e3061a34f17c4b954 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 17 Nov 2021 16:44:21 +0000 -Subject: [PATCH] journal: Use separate variable for Data object in - sd_journal_get_data() - -A little cleanup to make the next change easier. We're not moving to a -new Entry object in the for loop so there's no danger of changing the -Entry object window. - -(cherry picked from commit 847c7ee8c3c1a6cecd02501562b1afd8dd3c51de) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a1ca5320ec74f5112d32338e3061a34f17c4b954 ---- - src/libsystemd/sd-journal/sd-journal.c | 23 ++++++++++------------- - 1 file changed, 10 insertions(+), 13 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 02d4582c98..18ede19e26 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2300,6 +2300,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - - n = journal_file_entry_n_items(o); - for (i = 0; i < n; i++) { -+ Object *d; - uint64_t p, l; - le64_t le_hash; - size_t t; -@@ -2307,20 +2308,20 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - - p = le64toh(o->entry.items[i].object_offset); - le_hash = o->entry.items[i].hash; -- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -+ r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); - if (r < 0) - return r; - -- if (le_hash != o->data.hash) -+ if (le_hash != d->data.hash) - return -EBADMSG; - -- l = le64toh(o->object.size) - offsetof(Object, data.payload); -+ l = le64toh(d->object.size) - offsetof(Object, data.payload); - -- compression = o->object.flags & OBJECT_COMPRESSION_MASK; -+ compression = d->object.flags & OBJECT_COMPRESSION_MASK; - if (compression) { - #if HAVE_COMPRESSION - r = decompress_startswith(compression, -- o->data.payload, l, -+ d->data.payload, l, - &f->compress_buffer, - field, field_length, '='); - if (r < 0) -@@ -2331,7 +2332,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - size_t rsize; - - r = decompress_blob(compression, -- o->data.payload, l, -+ d->data.payload, l, - &f->compress_buffer, &rsize, - j->data_threshold); - if (r < 0) -@@ -2346,23 +2347,19 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - return -EPROTONOSUPPORT; - #endif - } else if (l >= field_length+1 && -- memcmp(o->data.payload, field, field_length) == 0 && -- o->data.payload[field_length] == '=') { -+ memcmp(d->data.payload, field, field_length) == 0 && -+ d->data.payload[field_length] == '=') { - - t = (size_t) l; - - if ((uint64_t) t != l) - return -E2BIG; - -- *data = o->data.payload; -+ *data = d->data.payload; - *size = t; - - return 0; - } -- -- r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o); -- if (r < 0) -- return r; - } - - return -ENOENT; --- -2.33.0 - diff --git a/backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch b/backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch deleted file mode 100644 index 2156ec174dd1d78afec0af98fa2a96e8873adc6c..0000000000000000000000000000000000000000 --- a/backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 88afe98fa9887ba636d5f271c7b9c9b7c5a65960 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 21:24:23 +0100 -Subject: [PATCH] journal-file: if we are going down, don't use event loop to - schedule post - -The event loop is already shutting down, hence no point in using it -anymore, it's not going to run any further iteration. - -(cherry picked from commit 47f04c2a69d5a604411f17a2e660021165d09c89) -(cherry picked from commit 6253eb576cdde2230b75f84532f745b4409f71ad) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/88afe98fa9887ba636d5f271c7b9c9b7c5a65960 ---- - src/libsystemd/sd-journal/journal-file.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index a8029c2868..e3e926b0f0 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -2022,11 +2022,18 @@ static int post_change_thunk(sd_event_source *timer, uint64_t usec, void *userda - } - - static void schedule_post_change(JournalFile *f) { -+ sd_event *e; - int r; - - assert(f); - assert(f->post_change_timer); - -+ assert_se(e = sd_event_source_get_event(f->post_change_timer)); -+ -+ /* If we are aleady going down, post the change immediately. */ -+ if (IN_SET(sd_event_get_state(e), SD_EVENT_EXITING, SD_EVENT_FINISHED)) -+ goto fail; -+ - r = sd_event_source_get_enabled(f->post_change_timer, NULL); - if (r < 0) { - log_debug_errno(r, "Failed to get ftruncate timer state: %m"); --- -2.33.0 - diff --git a/backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch b/backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch deleted file mode 100644 index 93f3cb61c4d5048941ed3774106aaf4a36605543..0000000000000000000000000000000000000000 --- a/backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch +++ /dev/null @@ -1,71 +0,0 @@ -From bacb991ea76b4a8ad41e74273b65549ac926a694 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 23:29:11 +0900 -Subject: [PATCH] journal,network,timesync: fix segfault on 32bit - timeval/timespec systems - -Fixes #20741. - -(cherry picked from commit f782eee68aea996c68b8cfeba5f288dae7fc876f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bacb991ea76b4a8ad41e74273b65549ac926a694 ---- - src/journal/journald-server.c | 7 +++++-- - src/libsystemd-network/icmp6-util.c | 3 ++- - src/timesync/timesyncd-manager.c | 3 ++- - 3 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index abd52f7c14..2d1d9e66d7 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -1275,11 +1275,14 @@ int server_process_datagram( - /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but - * according to suggestions from the SELinux people this will change and it will probably be - * identical to NAME_MAX. For now we use that, but this should be updated one day when the final -- * limit is known. */ -+ * limit is known. -+ * -+ * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in -+ * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */ - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + - CMSG_SPACE_TIMEVAL + - CMSG_SPACE(sizeof(int)) + /* fd */ -- CMSG_SPACE(NAME_MAX) /* selinux label */) control; -+ CMSG_SPACE(NAME_MAX) /* selinux label */) control = {}; - - union sockaddr_union sa = {}; - -diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c -index 823be0f275..3832bbd920 100644 ---- a/src/libsystemd-network/icmp6-util.c -+++ b/src/libsystemd-network/icmp6-util.c -@@ -148,8 +148,9 @@ int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr) { - int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, - triple_timestamp *ret_timestamp) { - -+ /* This needs to be initialized with zero. See #20741. */ - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */ -- CMSG_SPACE_TIMEVAL) control; -+ CMSG_SPACE_TIMEVAL) control = {}; - struct iovec iov = {}; - union sockaddr_union sa = {}; - struct msghdr msg = { -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index 648e804105..e37db1c570 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -412,7 +412,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - .iov_base = &ntpmsg, - .iov_len = sizeof(ntpmsg), - }; -- CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control; -+ /* This needs to be initialized with zero. See #20741. */ -+ CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control = {}; - union sockaddr_union server_addr; - struct msghdr msghdr = { - .msg_iov = &iov, --- -2.33.0 - diff --git a/backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch b/backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch deleted file mode 100644 index c123614a74c01906451b5c8a949d0ce75fe5c759..0000000000000000000000000000000000000000 --- a/backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch +++ /dev/null @@ -1,52 +0,0 @@ -From c4d12459c6bc065bd255c9f5555ca20bf735e16a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 20 Dec 2021 20:48:32 +0900 -Subject: [PATCH] journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as - MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 - -(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c4d12459c6bc065bd255c9f5555ca20bf735e16a ---- - src/journal-remote/journal-remote-main.c | 2 +- - src/journal-remote/microhttpd-util.h | 10 +++++++--- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c -index ae1d43756a..9ff31763da 100644 ---- a/src/journal-remote/journal-remote-main.c -+++ b/src/journal-remote/journal-remote-main.c -@@ -319,7 +319,7 @@ static mhd_result request_handler( - /* When serialized, an entry of maximum size might be slightly larger, - * so this does not correspond exactly to the limit in journald. Oh well. - */ -- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE, -+ return mhd_respondf(connection, 0, MHD_HTTP_CONTENT_TOO_LARGE, - "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX); - } - -diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h -index a92ba57d0f..7e7d1b56b1 100644 ---- a/src/journal-remote/microhttpd-util.h -+++ b/src/journal-remote/microhttpd-util.h -@@ -38,9 +38,13 @@ - # define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE - #endif - --/* Renamed in µhttpd 0.9.53 */ --#ifndef MHD_HTTP_PAYLOAD_TOO_LARGE --# define MHD_HTTP_PAYLOAD_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE -+/* Renamed in µhttpd 0.9.74 (8c644fc1f4d498ea489add8d40a68f5d3e5899fa) */ -+#ifndef MHD_HTTP_CONTENT_TOO_LARGE -+# ifdef MHD_HTTP_PAYLOAD_TOO_LARGE -+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_PAYLOAD_TOO_LARGE /* 0.9.53 or newer */ -+# else -+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE -+# endif - #endif - - #if MHD_VERSION < 0x00094203 --- -2.33.0 - diff --git a/backport-journal-send-close-fd-on-exit-when-running-with-valg.patch b/backport-journal-send-close-fd-on-exit-when-running-with-valg.patch deleted file mode 100644 index 20b5b3df9bfff7d29673dd0c0dff1b7b5c037f7d..0000000000000000000000000000000000000000 --- a/backport-journal-send-close-fd-on-exit-when-running-with-valg.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6e5141ba038c1d8e22933f969b2bfe25bbc031d8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 02:03:54 +0900 -Subject: [PATCH] journal-send: close fd on exit when running with valgrind - -Fixes an issue reported in #22576. - -(cherry picked from commit eb9752d2be82d994cd6a17f271be27c4d56423d6) -(cherry picked from commit a7ec2be1509372974f44f1d98bf243a155cd203f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6e5141ba038c1d8e22933f969b2bfe25bbc031d8 ---- - src/libsystemd/meson.build | 1 + - src/libsystemd/sd-journal/journal-send.c | 26 +++++++++++++++++-- - src/libsystemd/sd-journal/journal-send.h | 8 ++++++ - src/libsystemd/sd-journal/test-journal-send.c | 3 +++ - 4 files changed, 36 insertions(+), 2 deletions(-) - create mode 100644 src/libsystemd/sd-journal/journal-send.h - -diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build -index 489ed12a73..3be5b3ec5e 100644 ---- a/src/libsystemd/meson.build -+++ b/src/libsystemd/meson.build -@@ -12,6 +12,7 @@ sd_journal_sources = files( - 'sd-journal/journal-file.h', - 'sd-journal/journal-internal.h', - 'sd-journal/journal-send.c', -+ 'sd-journal/journal-send.h', - 'sd-journal/journal-vacuum.c', - 'sd-journal/journal-vacuum.h', - 'sd-journal/journal-verify.c', -diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c -index fd3fd7ef9c..d96e422d3b 100644 ---- a/src/libsystemd/sd-journal/journal-send.c -+++ b/src/libsystemd/sd-journal/journal-send.c -@@ -6,6 +6,9 @@ - #include - #include - #include -+#if HAVE_VALGRIND_VALGRIND_H -+#include -+#endif - - #define SD_JOURNAL_SUPPRESS_LOCATION - -@@ -14,8 +17,9 @@ - #include "alloc-util.h" - #include "errno-util.h" - #include "fd-util.h" --#include "io-util.h" - #include "fileio.h" -+#include "io-util.h" -+#include "journal-send.h" - #include "memfd-util.h" - #include "socket-util.h" - #include "stdio-util.h" -@@ -39,10 +43,10 @@ - * all its threads, and all its subprocesses. This means we need to - * initialize it atomically, and need to operate on it atomically - * never assuming we are the only user */ -+static int fd_plus_one = 0; - - static int journal_fd(void) { - int fd; -- static int fd_plus_one = 0; - - retry: - if (fd_plus_one > 0) -@@ -62,6 +66,24 @@ retry: - return fd; - } - -+#if VALGRIND -+void close_journal_fd(void) { -+ /* Be nice to valgrind. This is not atomic. This must be used only in tests. */ -+ -+ if (!RUNNING_ON_VALGRIND) -+ return; -+ -+ if (getpid() != gettid()) -+ return; -+ -+ if (fd_plus_one <= 0) -+ return; -+ -+ safe_close(fd_plus_one - 1); -+ fd_plus_one = 0; -+} -+#endif -+ - _public_ int sd_journal_print(int priority, const char *format, ...) { - int r; - va_list ap; -diff --git a/src/libsystemd/sd-journal/journal-send.h b/src/libsystemd/sd-journal/journal-send.h -new file mode 100644 -index 0000000000..cf8b199297 ---- /dev/null -+++ b/src/libsystemd/sd-journal/journal-send.h -@@ -0,0 +1,8 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+#pragma once -+ -+#if VALGRIND -+void close_journal_fd(void); -+#else -+static inline void close_journal_fd(void) {} -+#endif -diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c -index b6644e65c1..533b8d91e6 100644 ---- a/src/libsystemd/sd-journal/test-journal-send.c -+++ b/src/libsystemd/sd-journal/test-journal-send.c -@@ -5,7 +5,9 @@ - #include - - #include "sd-journal.h" -+ - #include "fileio.h" -+#include "journal-send.h" - #include "macro.h" - #include "memory-util.h" - -@@ -103,5 +105,6 @@ int main(int argc, char *argv[]) { - /* Sleep a bit to make it easy for journald to collect metadata. */ - sleep(1); - -+ close_journal_fd(); - return 0; - } --- -2.33.0 - diff --git a/backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch b/backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch deleted file mode 100644 index 3be690d977350442c8a6ddfc829c0c9de1248014..0000000000000000000000000000000000000000 --- a/backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From dc331f4c9268d17a66f4393cfd0dba14c7022d41 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Wed, 4 Aug 2021 11:20:07 +0200 -Subject: [PATCH] journalctl: never fail at flushing when the flushed flag is - set - -Even if journald was not running, flushing the volatile journal used to work if -the journal was already flushed (ie the flushed flag -/run/systemd/journald/flushed was created). - -However since commit 4f413af2a0a, this behavior changed and now '--flush' fails -because it tries to contact journald without checking the presence of the -flushed flag anymore. - -This patch restores the previous behavior since there's no reason to fail when -journalctl can figure out that the flush is not necessary. - -(cherry picked from commit f6fca35e642a112e80cc9bddb9a2b4805ad40df2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/dc331f4c9268d17a66f4393cfd0dba14c7022d41 ---- - src/journal/journalctl.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c -index c8fb726d42..3eac97510d 100644 ---- a/src/journal/journalctl.c -+++ b/src/journal/journalctl.c -@@ -2074,6 +2074,11 @@ static int simple_varlink_call(const char *option, const char *method) { - } - - static int flush_to_var(void) { -+ if (access("/run/systemd/journal/flushed", F_OK) >= 0) -+ return 0; /* Already flushed, no need to contact journald */ -+ if (errno != ENOENT) -+ return log_error_errno(errno, "Unable to check for existence of /run/systemd/journal/flushed: %m"); -+ - return simple_varlink_call("--flush", "io.systemd.Journal.FlushToVar"); - } - --- -2.33.0 - diff --git a/backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch b/backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch deleted file mode 100644 index a460e1009492ff8ed81691b6b49739a24b9b197c..0000000000000000000000000000000000000000 --- a/backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch +++ /dev/null @@ -1,125 +0,0 @@ -From a98f2d7a0b017505720477d9fc89de2b56470dfa Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 20:37:43 +0100 -Subject: [PATCH] journald: make sure SIGTERM handling doesn't get starved out - -Fixes: #22642 -(cherry picked from commit 19252b254861d8c9b56e2acaeb182812c8f07e52) -(cherry picked from commit c901bc8680d1835737de116f2bf1f522bdb083c2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a98f2d7a0b017505720477d9fc89de2b56470dfa ---- - src/journal/journald-server.c | 76 +++++++++++++++++++++++++++++++++-- - 1 file changed, 73 insertions(+), 3 deletions(-) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index a212079758..86302e31e3 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -1443,12 +1443,82 @@ static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo * - } - - static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) { -+ _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL; - Server *s = userdata; -+ int r; - - assert(s); - - log_received_signal(LOG_INFO, si); - -+ (void) sd_event_source_set_enabled(es, false); /* Make sure this handler is called at most once */ -+ -+ /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded -+ * time. On the other hand we want that everything pending is first comprehensively processed and -+ * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process -+ * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event -+ * sources: one low priority idle one that will issue the exit once everything else is processed (and -+ * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety -+ * net: if our idle handler isn't run within 10s, we'll exit anyway. -+ * -+ * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens -+ * first. -+ * -+ * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as -+ * messages will remain queued in the sockets they came in from, and thus can be processed when we -+ * start up next – unless we are going down for the final system shutdown, in which case everything -+ * is lost. */ -+ -+ r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */ -+ if (r < 0) { -+ log_error_errno(r, "Failed to allocate exit idle event handler: %m"); -+ goto fail; -+ } -+ -+ (void) sd_event_source_set_description(news, "exit-idle"); -+ -+ /* Run everything relevant before this. */ -+ r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20); -+ if (r < 0) { -+ log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m"); -+ goto fail; -+ } -+ -+ /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */ -+ r = sd_event_source_set_floating(news, true); -+ if (r < 0) { -+ log_error_errno(r, "Failed to make exit idle event handler floating: %m"); -+ goto fail; -+ } -+ -+ news = sd_event_source_unref(news); -+ -+ r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL); -+ if (r < 0) { -+ log_error_errno(r, "Failed to allocate exit timeout event handler: %m"); -+ goto fail; -+ } -+ -+ (void) sd_event_source_set_description(news, "exit-timeout"); -+ -+ r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */ -+ if (r < 0) { -+ log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m"); -+ goto fail; -+ } -+ -+ r = sd_event_source_set_floating(news, true); -+ if (r < 0) { -+ log_error_errno(r, "Failed to make exit timeout event handler floating: %m"); -+ goto fail; -+ } -+ -+ news = sd_event_source_unref(news); -+ -+ log_debug("Exit event sources are now pending."); -+ return 0; -+ -+fail: - sd_event_exit(s->event, 0); - return 0; - } -@@ -1500,8 +1570,8 @@ static int setup_signals(Server *s) { - if (r < 0) - return r; - -- /* Let's process SIGTERM late, so that we flush all queued messages to disk before we exit */ -- r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20); -+ /* Let's process SIGTERM early, so that we definitely react to it */ -+ r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); - if (r < 0) - return r; - -@@ -1511,7 +1581,7 @@ static int setup_signals(Server *s) { - if (r < 0) - return r; - -- r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20); -+ r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-json-do-something-remotely-reasonable-when-we-see-Na.patch b/backport-json-do-something-remotely-reasonable-when-we-see-Na.patch deleted file mode 100644 index c4c0f5c79ccf4ffc5c1ad6dd00294b877bd00748..0000000000000000000000000000000000000000 --- a/backport-json-do-something-remotely-reasonable-when-we-see-Na.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 06444b314b863facdb173f10f2d1ff11196755d2 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 26 Oct 2021 15:45:49 +0200 -Subject: [PATCH] json: do something remotely reasonable when we see - NaN/infinity - -JSON doesn't have NaN/infinity/-infinity concepts in the spec. -Implementations vary what they do with it. JSON5 + Python simply -generate special words "NAN" and "Inifinity" from it. Others generate -"null" for it. - -At this point we never actually want to output this, so let's be -conservative and generate RFC compliant JSON, i.e. convert to null. - -One day should JSON5 actually become a thing we can revisit this, but in -that case we should implement things via a flag, and only optinally -process nan/infinity/-infinity. - -This patch is extremely simple: whenever accepting a -nan/infinity/-infinity from outside it converts it to NULL. I.e. we -convert on input, not output. - -(cherry picked from commit 8f1daefce6e952f2fad9510e5101b5fc675d363f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/06444b314b863facdb173f10f2d1ff11196755d2 ---- - src/shared/json.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/shared/json.c b/src/shared/json.c -index c52460a3ec..d72b1e3a38 100644 ---- a/src/shared/json.c -+++ b/src/shared/json.c -@@ -359,6 +359,12 @@ int json_variant_new_real(JsonVariant **ret, long double d) { - } - REENABLE_WARNING; - -+ /* JSON doesn't know NaN, +Infinity or -Infinity. Let's silently convert to 'null'. */ -+ if (isnan(d) || isinf(d)) { -+ *ret = JSON_VARIANT_MAGIC_NULL; -+ return 0; -+ } -+ - r = json_variant_new(&v, JSON_VARIANT_REAL, sizeof(d)); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-kernel-install-also-remove-modules.builtin.alias.bin.patch b/backport-kernel-install-also-remove-modules.builtin.alias.bin.patch deleted file mode 100644 index 1aa7a99341949065d07d464481f70fa73984440a..0000000000000000000000000000000000000000 --- a/backport-kernel-install-also-remove-modules.builtin.alias.bin.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 44e060dd1641068752b79d49322d379c2ef2a1c1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 15 Jan 2022 03:37:40 +0900 -Subject: [PATCH] kernel-install: also remove modules.builtin.alias.bin - -Fixes RHBZ#2016630. - -(cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca) -(cherry picked from commit fdcb1bf67371615f12c4b11283f2bd6a25bda019) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/44e060dd1641068752b79d49322d379c2ef2a1c1 ---- - src/kernel-install/50-depmod.install | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install -index 2fd959865f..fd00c43632 100644 ---- a/src/kernel-install/50-depmod.install -+++ b/src/kernel-install/50-depmod.install -@@ -36,7 +36,7 @@ case "$COMMAND" in - remove) - [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ - echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" -- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} -+ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} - ;; - *) - exit 0 --- -2.33.0 - diff --git a/backport-libsystemd-network-disable-event-sources-before-unre.patch b/backport-libsystemd-network-disable-event-sources-before-unre.patch deleted file mode 100644 index d947eff68c285bb2e2808da6db9077269fbc05a7..0000000000000000000000000000000000000000 --- a/backport-libsystemd-network-disable-event-sources-before-unre.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 00a2361bb5d3fccfa5b4fdb4d73b7aa7938e2449 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 17:26:35 +0900 -Subject: [PATCH] libsystemd-network: disable event sources before unref them - -Fixes #20825. - -(cherry picked from commit eb2f750242d6c4c0963887dbd561d8bafa318685) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00a2361bb5d3fccfa5b4fdb4d73b7aa7938e2449 ---- - src/libsystemd-network/sd-dhcp-client.c | 12 +++++------- - src/libsystemd-network/sd-dhcp-server.c | 4 ++-- - src/libsystemd-network/sd-ipv4acd.c | 5 ++--- - src/libsystemd-network/sd-lldp.c | 7 ++++--- - src/libsystemd-network/sd-ndisc.c | 9 +++++---- - src/libsystemd-network/sd-radv.c | 6 ++---- - 6 files changed, 20 insertions(+), 23 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index 030b50cf2a..46191e58f5 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -726,7 +726,7 @@ static int client_notify(sd_dhcp_client *client, int event) { - static int client_initialize(sd_dhcp_client *client) { - assert_return(client, -EINVAL); - -- client->receive_message = sd_event_source_unref(client->receive_message); -+ client->receive_message = sd_event_source_disable_unref(client->receive_message); - - client->fd = safe_close(client->fd); - -@@ -1492,7 +1492,7 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata) - - assert(client); - -- client->receive_message = sd_event_source_unref(client->receive_message); -+ client->receive_message = sd_event_source_disable_unref(client->receive_message); - client->fd = safe_close(client->fd); - - client->state = DHCP_STATE_REBINDING; -@@ -1847,7 +1847,7 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i - - client->start_delay = 0; - (void) event_source_disable(client->timeout_resend); -- client->receive_message = sd_event_source_unref(client->receive_message); -+ client->receive_message = sd_event_source_disable_unref(client->receive_message); - client->fd = safe_close(client->fd); - - client->state = DHCP_STATE_BOUND; -@@ -2229,17 +2229,15 @@ static sd_dhcp_client *dhcp_client_free(sd_dhcp_client *client) { - - log_dhcp_client(client, "FREE"); - -+ client_initialize(client); -+ - client->timeout_resend = sd_event_source_unref(client->timeout_resend); - client->timeout_t1 = sd_event_source_unref(client->timeout_t1); - client->timeout_t2 = sd_event_source_unref(client->timeout_t2); - client->timeout_expire = sd_event_source_unref(client->timeout_expire); - -- client_initialize(client); -- - sd_dhcp_client_detach_event(client); - -- sd_dhcp_lease_unref(client->lease); -- - set_free(client->req_opts); - free(client->hostname); - free(client->vendor_class_identifier); -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 9ae884b0fc..3f4af8440e 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -267,8 +267,8 @@ int sd_dhcp_server_stop(sd_dhcp_server *server) { - if (!server) - return 0; - -- server->receive_message = sd_event_source_unref(server->receive_message); -- server->receive_broadcast = sd_event_source_unref(server->receive_broadcast); -+ server->receive_message = sd_event_source_disable_unref(server->receive_message); -+ server->receive_broadcast = sd_event_source_disable_unref(server->receive_broadcast); - - server->fd_raw = safe_close(server->fd_raw); - server->fd = safe_close(server->fd); -diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c -index 9a77a33317..ebd4764840 100644 ---- a/src/libsystemd-network/sd-ipv4acd.c -+++ b/src/libsystemd-network/sd-ipv4acd.c -@@ -120,7 +120,7 @@ static void ipv4acd_reset(sd_ipv4acd *acd) { - assert(acd); - - (void) event_source_disable(acd->timer_event_source); -- acd->receive_message_event_source = sd_event_source_unref(acd->receive_message_event_source); -+ acd->receive_message_event_source = sd_event_source_disable_unref(acd->receive_message_event_source); - - acd->fd = safe_close(acd->fd); - -@@ -130,9 +130,8 @@ static void ipv4acd_reset(sd_ipv4acd *acd) { - static sd_ipv4acd *ipv4acd_free(sd_ipv4acd *acd) { - assert(acd); - -- acd->timer_event_source = sd_event_source_unref(acd->timer_event_source); -- - ipv4acd_reset(acd); -+ sd_event_source_unref(acd->timer_event_source); - sd_ipv4acd_detach_event(acd); - free(acd->ifname); - return mfree(acd); -diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c -index 49aa876a53..b38d6dbd1e 100644 ---- a/src/libsystemd-network/sd-lldp.c -+++ b/src/libsystemd-network/sd-lldp.c -@@ -239,7 +239,7 @@ static void lldp_reset(sd_lldp *lldp) { - assert(lldp); - - (void) event_source_disable(lldp->timer_event_source); -- lldp->io_event_source = sd_event_source_unref(lldp->io_event_source); -+ lldp->io_event_source = sd_event_source_disable_unref(lldp->io_event_source); - lldp->fd = safe_close(lldp->fd); - } - -@@ -365,10 +365,11 @@ const char *sd_lldp_get_ifname(sd_lldp *lldp) { - static sd_lldp* lldp_free(sd_lldp *lldp) { - assert(lldp); - -- lldp->timer_event_source = sd_event_source_unref(lldp->timer_event_source); -- - lldp_reset(lldp); -+ -+ sd_event_source_unref(lldp->timer_event_source); - sd_lldp_detach_event(lldp); -+ - lldp_flush_neighbors(lldp); - - hashmap_free(lldp->neighbor_by_id); -diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c -index 4d5f1b54cd..9b3a89378c 100644 ---- a/src/libsystemd-network/sd-ndisc.c -+++ b/src/libsystemd-network/sd-ndisc.c -@@ -133,18 +133,19 @@ static void ndisc_reset(sd_ndisc *nd) { - (void) event_source_disable(nd->timeout_event_source); - (void) event_source_disable(nd->timeout_no_ra); - nd->retransmit_time = 0; -- nd->recv_event_source = sd_event_source_unref(nd->recv_event_source); -+ nd->recv_event_source = sd_event_source_disable_unref(nd->recv_event_source); - nd->fd = safe_close(nd->fd); - } - - static sd_ndisc *ndisc_free(sd_ndisc *nd) { - assert(nd); - -- nd->timeout_event_source = sd_event_source_unref(nd->timeout_event_source); -- nd->timeout_no_ra = sd_event_source_unref(nd->timeout_no_ra); -- - ndisc_reset(nd); -+ -+ sd_event_source_unref(nd->timeout_event_source); -+ sd_event_source_unref(nd->timeout_no_ra); - sd_ndisc_detach_event(nd); -+ - free(nd->ifname); - return mfree(nd); - } -diff --git a/src/libsystemd-network/sd-radv.c b/src/libsystemd-network/sd-radv.c -index 857401bf6e..eac8aa385b 100644 ---- a/src/libsystemd-network/sd-radv.c -+++ b/src/libsystemd-network/sd-radv.c -@@ -89,8 +89,7 @@ static void radv_reset(sd_radv *ra) { - - (void) event_source_disable(ra->timeout_event_source); - -- ra->recv_event_source = -- sd_event_source_unref(ra->recv_event_source); -+ ra->recv_event_source = sd_event_source_disable_unref(ra->recv_event_source); - - ra->ra_sent = 0; - } -@@ -116,10 +115,9 @@ static sd_radv *radv_free(sd_radv *ra) { - free(ra->rdnss); - free(ra->dnssl); - -- ra->timeout_event_source = sd_event_source_unref(ra->timeout_event_source); -- - radv_reset(ra); - -+ sd_event_source_unref(ra->timeout_event_source); - sd_radv_detach_event(ra); - - ra->fd = safe_close(ra->fd); --- -2.33.0 - diff --git a/backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch b/backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch deleted file mode 100644 index 7766b8798118f3429e865dfa0f64afdc91220650..0000000000000000000000000000000000000000 --- a/backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch +++ /dev/null @@ -1,102 +0,0 @@ -From bd335c961fed6982e5ad8c2322414ff33a46e92e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 16:12:06 +0900 -Subject: [PATCH] list: introduce LIST_FOREACH_BACKWARDS() macro and drop - LIST_FOREACH_AFTER/BEFORE() - -Reference:https://github.com/systemd/systemd/commit/bd335c961fed6982e5ad8c2322414ff33a46e92e -Conflict:NA - ---- - src/basic/list.h | 7 ++----- - src/core/device.c | 8 ++++---- - src/core/swap.c | 4 ++-- - src/udev/udev-rules.c | 2 +- - 4 files changed, 9 insertions(+), 12 deletions(-) - -diff --git a/src/basic/list.h b/src/basic/list.h -index 256b718..e488fff 100644 ---- a/src/basic/list.h -+++ b/src/basic/list.h -@@ -142,11 +142,8 @@ - #define LIST_FOREACH_SAFE(name,i,n,head) \ - for ((i) = (head); (i) && (((n) = (i)->name##_next), 1); (i) = (n)) - --#define LIST_FOREACH_BEFORE(name,i,p) \ -- for ((i) = (p)->name##_prev; (i); (i) = (i)->name##_prev) -- --#define LIST_FOREACH_AFTER(name,i,p) \ -- for ((i) = (p)->name##_next; (i); (i) = (i)->name##_next) -+#define LIST_FOREACH_BACKWARDS(name,i,p) \ -+ for ((i) = (p); (i); (i) = (i)->name##_prev) - - /* Iterate through all the members of the list p is included in, but skip over p */ - #define LIST_FOREACH_OTHERS(name,i,p) \ -diff --git a/src/core/device.c b/src/core/device.c -index c24bc12..06270e7 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -785,11 +785,11 @@ static Unit *device_following(Unit *u) { - return NULL; - - /* Make everybody follow the unit that's named after the sysfs path */ -- LIST_FOREACH_AFTER(same_sysfs, other, d) -+ LIST_FOREACH(same_sysfs, other, d->same_sysfs_next) - if (startswith(UNIT(other)->id, "sys-")) - return UNIT(other); - -- LIST_FOREACH_BEFORE(same_sysfs, other, d) { -+ LIST_FOREACH_BACKWARDS(same_sysfs, other, d->same_sysfs_prev) { - if (startswith(UNIT(other)->id, "sys-")) - return UNIT(other); - -@@ -816,13 +816,13 @@ static int device_following_set(Unit *u, Set **_set) { - if (!set) - return -ENOMEM; - -- LIST_FOREACH_AFTER(same_sysfs, other, d) { -+ LIST_FOREACH(same_sysfs, other, d->same_sysfs_next) { - r = set_put(set, other); - if (r < 0) - return r; - } - -- LIST_FOREACH_BEFORE(same_sysfs, other, d) { -+ LIST_FOREACH_BACKWARDS(same_sysfs, other, d->same_sysfs_prev) { - r = set_put(set, other); - if (r < 0) - return r; -diff --git a/src/core/swap.c b/src/core/swap.c -index 83e77d2..7a9628e 100644 ---- a/src/core/swap.c -+++ b/src/core/swap.c -@@ -1323,11 +1323,11 @@ static Unit *swap_following(Unit *u) { - if (streq_ptr(s->what, s->devnode)) - return NULL; - -- LIST_FOREACH_AFTER(same_devnode, other, s) -+ LIST_FOREACH(same_devnode, other, s->same_devnode_next) - if (streq_ptr(other->what, other->devnode)) - return UNIT(other); - -- LIST_FOREACH_BEFORE(same_devnode, other, s) { -+ LIST_FOREACH_BACKWARDS(same_devnode, other, s->same_devnode_prev) { - if (streq_ptr(other->what, other->devnode)) - return UNIT(other); - -diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c -index bf997fc..5e8dad2 100644 ---- a/src/udev/udev-rules.c -+++ b/src/udev/udev-rules.c -@@ -1154,7 +1154,7 @@ static void rule_resolve_goto(UdevRuleFile *rule_file) { - if (!FLAGS_SET(line->type, LINE_HAS_GOTO)) - continue; - -- LIST_FOREACH_AFTER(rule_lines, i, line) -+ LIST_FOREACH(rule_lines, i, line->rule_lines_next) - if (streq_ptr(i->label, line->goto_label)) { - line->goto_line = i; - break; --- -2.33.0 - diff --git a/backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch b/backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch deleted file mode 100644 index f6961b329d7f90fa9821483bf438a45413466d4b..0000000000000000000000000000000000000000 --- a/backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 00b0393e65252bf631670604f58b844780b08c50 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 11 Oct 2021 13:56:22 +0200 -Subject: [PATCH] localed: use PROJECT_FILE rather than __FILE__ for logging - -All our log.h code uses PROJECT_FILE for this, let's hence use it here -too. - -(cherry picked from commit 11c8b1f1031d368358286f4bb26abebd73cd2868) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00b0393e65252bf631670604f58b844780b08c50 ---- - src/locale/localed.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/locale/localed.c b/src/locale/localed.c -index df0eb030d4..c228385d0e 100644 ---- a/src/locale/localed.c -+++ b/src/locale/localed.c -@@ -560,7 +560,7 @@ static void log_xkb(struct xkb_context *ctx, enum xkb_log_level lvl, const char - - fmt = strjoina("libxkbcommon: ", format); - DISABLE_WARNING_FORMAT_NONLITERAL; -- log_internalv(LOG_DEBUG, 0, __FILE__, __LINE__, __func__, fmt, args); -+ log_internalv(LOG_DEBUG, 0, PROJECT_FILE, __LINE__, __func__, fmt, args); - REENABLE_WARNING; - } - --- -2.33.0 - diff --git a/backport-log-don-t-attempt-to-duplicate-closed-fd.patch b/backport-log-don-t-attempt-to-duplicate-closed-fd.patch deleted file mode 100644 index d8cf41375a2f6f2c605e448a52c32a5eb9323982..0000000000000000000000000000000000000000 --- a/backport-log-don-t-attempt-to-duplicate-closed-fd.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 417f37c1455fe770d96559205b864766188d9866 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 2 Sep 2022 18:35:03 +0200 -Subject: [PATCH] log: don't attempt to duplicate closed fd -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -if the console fd is not open we shouldn#t try to move it out of the 0…2 -range. - -Fixes: #24535 -Alternative-for: #24537 -(cherry picked from commit f1ee066840eea748ad4074ac2bc859bb897953b9) -(cherry picked from commit e0dde8a14f8b05b88e1add1abdb68c364913346b) -(cherry picked from commit 40cedddab7e5c84c8fa4738de423971997d9aef5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/417f37c1455fe770d96559205b864766188d9866 ---- - src/basic/log.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/log.c b/src/basic/log.c -index 1d68b49963..4a1d3c0d6d 100644 ---- a/src/basic/log.c -+++ b/src/basic/log.c -@@ -1477,7 +1477,7 @@ int log_dup_console(void) { - /* Duplicate the fd we use for fd logging if it's < 3 and use the copy from now on. This call is useful - * whenever we want to continue logging through the original fd, but want to rearrange stderr. */ - -- if (console_fd >= 3) -+ if (console_fd < 0 || console_fd >= 3) - return 0; - - copy = fcntl(console_fd, F_DUPFD_CLOEXEC, 3); --- -2.27.0 - diff --git a/backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch b/backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch deleted file mode 100644 index a4535998db9a03755f3f0fad04de187198c75133..0000000000000000000000000000000000000000 --- a/backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0bc055cf52251a98e41391a7587b7222120c67d2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 28 Apr 2022 19:53:12 +0900 -Subject: [PATCH] login: drop non-default value for RuntimeDirectoryInodesMax= - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0bc055cf52251a98e41391a7587b7222120c67d2 ---- - src/login/logind.conf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 8ec979e0e8..08a89c351c 100644 ---- a/src/login/logind.conf.in -+++ b/src/login/logind.conf.in -@@ -42,7 +42,7 @@ - #IdleAction=ignore - #IdleActionSec=30min - #RuntimeDirectorySize=10% --#RuntimeDirectoryInodesMax=400k -+#RuntimeDirectoryInodesMax= - #RemoveIPC=yes - #InhibitorsMax=8192 - #SessionsMax=8192 --- -2.33.0 \ No newline at end of file diff --git a/backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch b/backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch deleted file mode 100644 index a363efee4cbe40896e26724d9aa72c3104d151c0..0000000000000000000000000000000000000000 --- a/backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 08a767f1e03bd59c0960a96ad585dbc3ef0bc78d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 27 Apr 2022 17:44:46 +0900 -Subject: [PATCH] login: make RuntimeDirectoryInodesMax= support K, G, M - suffixes - -Fixes #23017. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08a767f1e03bd59c0960a96ad585dbc3ef0bc78d ---- - src/login/logind-gperf.gperf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf -index 867db36533..f11ab8ada5 100644 ---- a/src/login/logind-gperf.gperf -+++ b/src/login/logind-gperf.gperf -@@ -45,7 +45,7 @@ Login.HoldoffTimeoutSec, config_parse_sec, 0, offse - Login.IdleAction, config_parse_handle_action, 0, offsetof(Manager, idle_action) - Login.IdleActionSec, config_parse_sec, 0, offsetof(Manager, idle_action_usec) - Login.RuntimeDirectorySize, config_parse_tmpfs_size, 0, offsetof(Manager, runtime_dir_size) --Login.RuntimeDirectoryInodesMax, config_parse_uint64, 0, offsetof(Manager, runtime_dir_inodes) -+Login.RuntimeDirectoryInodesMax, config_parse_iec_uint64, 0, offsetof(Manager, runtime_dir_inodes) - Login.RemoveIPC, config_parse_bool, 0, offsetof(Manager, remove_ipc) - Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max) - Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max) --- -2.27.0 - diff --git a/backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch b/backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch deleted file mode 100644 index 16c0e9d6c085f7db9a6d070d66bff99b4cdb79b7..0000000000000000000000000000000000000000 --- a/backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 426cd32268f6068b843bc24d54b3f969034ab998 Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Mon, 26 Jul 2021 17:20:34 +0200 -Subject: [PATCH] login: respect install_sysconfdir_samples in meson file - -The refactoring done in c900d89faa0 caused the configuration files to be -installed into the pkgsysconfdir regardless of the state of the -install_sysconfdir_samples boolean that indicates whether or not the -sample files should be installed. - -(cherry picked from commit 72964d047a7a8f79ae12ab41168feb0080eef6c3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/426cd32268f6068b843bc24d54b3f969034ab998 ---- - src/login/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/meson.build b/src/login/meson.build -index 8c20e6be65..b637adc9a2 100644 ---- a/src/login/meson.build -+++ b/src/login/meson.build -@@ -67,7 +67,7 @@ pam_systemd_c = files('pam_systemd.c') - - enable_logind = conf.get('ENABLE_LOGIND') == 1 - in_files = [ -- ['logind.conf', pkgsysconfdir, enable_logind], -+ ['logind.conf', pkgsysconfdir, enable_logind and install_sysconfdir_samples], - ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], - ['71-seat.rules', udevrulesdir, enable_logind], - ['73-seat-late.rules', udevrulesdir, enable_logind], --- -2.33.0 - diff --git a/backport-login-use-bus_error_message-at-one-more-place.patch b/backport-login-use-bus_error_message-at-one-more-place.patch deleted file mode 100644 index ef14f1382c086d14f3c13d655256abb1209c448a..0000000000000000000000000000000000000000 --- a/backport-login-use-bus_error_message-at-one-more-place.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 98f8c18db0edda121db05171fbaf35c342fd86b2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Jan 2022 05:38:35 +0900 -Subject: [PATCH] login: use bus_error_message() at one more place - -(cherry picked from commit 80c8c786a314bceba180fac5506e72aa48c0764a) -(cherry picked from commit 048487c094a149e99b4067c8cd2d3974a8f17397) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/98f8c18db0edda121db05171fbaf35c342fd86b2 ---- - src/login/logind-user.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/login/logind-user.c b/src/login/logind-user.c -index a2c468e8dd..3c65867cb6 100644 ---- a/src/login/logind-user.c -+++ b/src/login/logind-user.c -@@ -358,15 +358,19 @@ static void user_start_service(User *u) { - - static int update_slice_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { - _cleanup_(user_record_unrefp) UserRecord *ur = userdata; -+ const sd_bus_error *e; -+ int r; - - assert(m); - assert(ur); - -- if (sd_bus_message_is_method_error(m, NULL)) { -- log_warning_errno(sd_bus_message_get_errno(m), -+ e = sd_bus_message_get_error(m); -+ if (e) { -+ r = sd_bus_error_get_errno(e); -+ log_warning_errno(r, - "Failed to update slice of %s, ignoring: %s", - ur->user_name, -- sd_bus_message_get_error(m)->message); -+ bus_error_message(e, r)); - - return 0; - } --- -2.33.0 - diff --git a/backport-logind-do-not-propagate-error-in-delayed-action.patch b/backport-logind-do-not-propagate-error-in-delayed-action.patch deleted file mode 100644 index 6dddc40f61fac882441732f9fdef81378155726d..0000000000000000000000000000000000000000 --- a/backport-logind-do-not-propagate-error-in-delayed-action.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 5 Jan 2022 15:10:33 +0100 -Subject: [PATCH] logind: do not propagate error in delayed action - -If the action failed, we should log about the issue, and continue. -Exiting would bring the graphical session down, which of course is not -appreciated by users. - -As documented in previous commits, a non-negative return from the callback -doesn't matter, so the callback is simplified a bit. - -Fixes #21991. - -(cherry picked from commit 8207b8321bbbcbd19a345deb77d455d98e6ffb84) -(cherry picked from commit fb9bbbee6a3c09b75817f9f343176fa2170fdb31) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36 ---- - src/login/logind-dbus.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c -index 19c3f9bd6e..b3c204f0b0 100644 ---- a/src/login/logind-dbus.c -+++ b/src/login/logind-dbus.c -@@ -1639,7 +1639,6 @@ error: - } - - int manager_dispatch_delayed(Manager *manager, bool timeout) { -- - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - Inhibitor *offending = NULL; - int r; -@@ -1671,10 +1670,9 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) { - - manager->action_unit = NULL; - manager->action_what = 0; -- return r; - } - -- return 1; -+ return 1; /* We did some work. */ - } - - static int manager_inhibit_timeout_handler( -@@ -1683,13 +1681,11 @@ static int manager_inhibit_timeout_handler( - void *userdata) { - - Manager *manager = userdata; -- int r; - - assert(manager); - assert(manager->inhibit_timeout_source == s); - -- r = manager_dispatch_delayed(manager, true); -- return (r < 0) ? r : 0; -+ return manager_dispatch_delayed(manager, true); - } - - static int delay_shutdown_or_sleep( --- -2.33.0 - diff --git a/backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch b/backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch deleted file mode 100644 index 0ca919013d6bef9725551197ce55c3e7619c68c1..0000000000000000000000000000000000000000 --- a/backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5ac75f556c2ff3c28a815414dab92b58c3726dbd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 8 Nov 2021 23:08:13 +0100 -Subject: [PATCH] logind: downgrade message about /run/utmp missing to - LOG_DEBUG - -This isn't really anything to really complain about, let's debug log -about this, and continue quietly as if utmp was empty. - -(cherry picked from commit 9830d716147c4e35026457027af95f303e690ae9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5ac75f556c2ff3c28a815414dab92b58c3726dbd ---- - src/login/logind-core.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 22031f485a..e08929e52a 100644 ---- a/src/login/logind-core.c -+++ b/src/login/logind-core.c -@@ -707,7 +707,9 @@ int manager_read_utmp(Manager *m) { - errno = 0; - u = getutxent(); - if (!u) { -- if (errno != 0) -+ if (errno == ENOENT) -+ log_debug_errno(errno, _PATH_UTMPX " does not exist, ignoring."); -+ else if (errno != 0) - log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); - return 0; - } --- -2.33.0 - diff --git a/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch b/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch deleted file mode 100644 index 562f73946569b1e12264d9a5ea70dcd6d334fbe4..0000000000000000000000000000000000000000 --- a/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 848586f6f46e58c4960c2675102757d8c11ce046 Mon Sep 17 00:00:00 2001 -From: Michael Biebl -Date: Wed, 12 Oct 2022 11:07:57 +0200 -Subject: [PATCH] logind: fix getting property OnExternalPower via D-Bus - -The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third -argument, so we need to call manager_is_on_external_power(). Otherwise -the function pointer is interpreted as a boolean and always returns -true: - -``` -$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower -b true -$ /lib/systemd/systemd-ac-power --verbose -no -``` - -Thanks: Helmut Grohne -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644 -(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150) -(cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9) -(cherry picked from commit c622de4c9d474c2b666881ccbf60c7e2bf1fb484) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/848586f6f46e58c4960c2675102757d8c11ce046 ---- - src/login/logind-dbus.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c -index b3c204f0b0..1d0cf904bc 100644 ---- a/src/login/logind-dbus.c -+++ b/src/login/logind-dbus.c -@@ -353,7 +353,7 @@ static int property_get_scheduled_shutdown( - static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction); - static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays); - static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed); --static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power); -+static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power()); - static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX); - static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size); - --- -2.27.0 - diff --git a/backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch b/backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch deleted file mode 100644 index 411c6b5a81022642f5c58f701d17779b35e631f1..0000000000000000000000000000000000000000 --- a/backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 927898c86d121a2985bc6c8d261f505197df8e80 Mon Sep 17 00:00:00 2001 -From: Arfrever Frehtes Taifersar Arahesis -Date: Thu, 27 Jan 2022 00:00:00 +0000 -Subject: [PATCH] logind.conf: Fix name of option: RuntimeDirectoryInodes -> - RuntimeDirectoryInodesMax - -(cherry picked from commit a42a93830fcc18da073a5ac06f93c386efc9109d) -(cherry picked from commit 5b20a2b19c847b8ad8b354f1b735fbbaf88d2f8f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/927898c86d121a2985bc6c8d261f505197df8e80 ---- - src/login/logind.conf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 27ba77ce79..be2eb790bf 100644 ---- a/src/login/logind.conf.in -+++ b/src/login/logind.conf.in -@@ -38,7 +38,7 @@ - #IdleAction=ignore - #IdleActionSec=30min - #RuntimeDirectorySize=10% --#RuntimeDirectoryInodes=400k -+#RuntimeDirectoryInodesMax=400k - #RemoveIPC=yes - #InhibitorsMax=8192 - #SessionsMax=8192 --- -2.33.0 - diff --git a/backport-machined-set-TTYPath-for-container-shell.patch b/backport-machined-set-TTYPath-for-container-shell.patch deleted file mode 100644 index 61634ff7423f30d9a28141941e1904e6ef8b5190..0000000000000000000000000000000000000000 --- a/backport-machined-set-TTYPath-for-container-shell.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 6076f379d6911abd69c9565cbbecc60d34be8ce8 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Tue, 21 Dec 2021 11:38:49 +0100 -Subject: [PATCH] machined: set TTYPath for container shell - -TTYPath is needed for proper utmp registration of the shell to -receive wall messages. - -(cherry picked from commit a9c97bbbfb271d68b2ca4f3aa346fdf5e9c70c27) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6076f379d6911abd69c9565cbbecc60d34be8ce8 ---- - src/machine/machine-dbus.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c -index 0022a980c5..404ff1ca46 100644 ---- a/src/machine/machine-dbus.c -+++ b/src/machine/machine-dbus.c -@@ -688,7 +688,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu - - description = strjoina("Shell for User ", user); - r = sd_bus_message_append(tm, -- "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)", -+ "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)", - "Description", "s", description, - "StandardInputFileDescriptor", "h", slave, - "StandardOutputFileDescriptor", "h", slave, -@@ -696,6 +696,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu - "SendSIGHUP", "b", true, - "IgnoreSIGPIPE", "b", false, - "KillMode", "s", "mixed", -+ "TTYPath", "s", pty_name, - "TTYReset", "b", true, - "UtmpIdentifier", "s", utmp_id, - "UtmpMode", "s", "user", --- -2.33.0 - diff --git a/backport-machined-varlink-fix-double-free.patch b/backport-machined-varlink-fix-double-free.patch deleted file mode 100644 index b98a6ae554e7dc39048fccaffe7211a63facd27c..0000000000000000000000000000000000000000 --- a/backport-machined-varlink-fix-double-free.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 1600b38cd2029533547f8c3d4abfa12911ca0630 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Mon, 2 Aug 2021 13:31:04 +0200 -Subject: [PATCH] machined-varlink: fix double free - -Fixes: #18599 -(cherry picked from commit feac9a1d1bf3f59adaa85f58b655ec01a111a29a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1600b38cd2029533547f8c3d4abfa12911ca0630 ---- - src/machine/machined-varlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 009d283acc..fc0b0f11ad 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -297,7 +297,7 @@ static int group_lookup_name(Manager *m, const char *name, gid_t *ret_gid, char - desc = mfree(desc); - - *ret_gid = converted_gid; -- *ret_description = desc; -+ *ret_description = TAKE_PTR(desc); - return 0; - } - --- -2.33.0 - diff --git a/backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch b/backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch deleted file mode 100644 index 740c0c16e324f76a52166bb959c61cc08a25311d..0000000000000000000000000000000000000000 --- a/backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 19c0ce4c68fd424f48a71afbc9d8b7b67ba58709 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 13 Mar 2022 14:45:03 +0100 -Subject: [PATCH] macro: account for negative values in DECIMAL_STR_WIDTH() - -With negative numbers we wouldn't account for the minus sign, thus -returning a string with one character too short, triggering buffer -overflows in certain situations. - -(cherry picked from commit e3dd9ea8ea4510221f73071ad30ee657ca77565d) -(cherry picked from commit 25b3c48ec5203a1220daaf33b8df6e50e79fd74a) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/19c0ce4c68fd424f48a71afbc9d8b7b67ba58709 ---- - src/basic/macro.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/macro.h b/src/basic/macro.h -index 072fed4378..5a3027ae5c 100644 ---- a/src/basic/macro.h -+++ b/src/basic/macro.h -@@ -349,7 +349,7 @@ static inline int __coverity_check_and_return__(int condition) { - #define DECIMAL_STR_WIDTH(x) \ - ({ \ - typeof(x) _x_ = (x); \ -- unsigned ans = 1; \ -+ unsigned ans = 2; \ - while ((_x_ /= 10) != 0) \ - ans++; \ - ans; \ --- -2.33.0 - diff --git a/backport-main-drop-get_process_cmdline-from-crash-handler.patch b/backport-main-drop-get_process_cmdline-from-crash-handler.patch deleted file mode 100644 index 423b559ef70a225eaeeea2a5e4a1b11605573bc6..0000000000000000000000000000000000000000 --- a/backport-main-drop-get_process_cmdline-from-crash-handler.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 28c5859fa30572950a24a7638a3a8191d65daf68 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 10 Mar 2022 09:22:29 +0800 -Subject: [PATCH] main: drop get_process_cmdline from crash handler - get_process_cmdline calls malloc, which should be avoid in signal handler. - -Fixes: #22690 ---- - src/core/main.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 41a4b4225f..7c9265f394 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -274,11 +274,12 @@ _noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) { - int r; - - if (siginfo) { -- _cleanup_free_ char *cmdline = NULL; -- pid_t sender_pid = siginfo->si_pid; -- -- (void) get_process_cmdline(sender_pid, SIZE_MAX, 0, &cmdline); -- log_emergency("Caught <%s> from PID "PID_FMT" (%s)", signal_to_string(sig), sender_pid, strna(cmdline)); -+ if (siginfo->si_pid == 0) -+ log_emergency("Caught <%s> from unknown sender process.", signal_to_string(sig)); -+ else if (siginfo->si_pid == 1) -+ log_emergency("Caught <%s> from our own process.", signal_to_string(sig)); -+ else -+ log_emergency("Caught <%s> from PID "PID_FMT".", signal_to_string(sig), siginfo->si_pid); - } - - /* Order things nicely. */ --- -2.27.0 - diff --git a/backport-main-log-which-process-send-SIGNAL-to-PID1.patch b/backport-main-log-which-process-send-SIGNAL-to-PID1.patch deleted file mode 100644 index 184cecd8dda3de5914d5338f2191362628e195cc..0000000000000000000000000000000000000000 --- a/backport-main-log-which-process-send-SIGNAL-to-PID1.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 7347b3db838ea3f02afc6c8a6dccac1ff8e7edbd Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Tue, 8 Mar 2022 19:18:36 +0800 -Subject: [PATCH] main: log which process send SIGNAL to PID1 This can help - users to figure out what makes systemd freeze. 1. Someone kills systemd - accidentally, then the sender_pid won't be 1; 2. systemd triggers segfault or - assert, then the sender_pid will be 1; - ---- - src/core/main.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 5009b8d85f..41a4b4225f 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -228,7 +228,7 @@ _noreturn_ static void freeze_or_exit_or_reboot(void) { - freeze(); - } - --_noreturn_ static void crash(int sig) { -+_noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) { - struct sigaction sa; - pid_t pid; - -@@ -273,6 +273,14 @@ _noreturn_ static void crash(int sig) { - siginfo_t status; - int r; - -+ if (siginfo) { -+ _cleanup_free_ char *cmdline = NULL; -+ pid_t sender_pid = siginfo->si_pid; -+ -+ (void) get_process_cmdline(sender_pid, SIZE_MAX, 0, &cmdline); -+ log_emergency("Caught <%s> from PID "PID_FMT" (%s)", signal_to_string(sig), sender_pid, strna(cmdline)); -+ } -+ - /* Order things nicely. */ - r = wait_for_terminate(pid, &status); - if (r < 0) -@@ -330,8 +338,8 @@ _noreturn_ static void crash(int sig) { - - static void install_crash_handler(void) { - static const struct sigaction sa = { -- .sa_handler = crash, -- .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ -+ .sa_sigaction = crash, -+ .sa_flags = SA_NODEFER | SA_SIGINFO, /* So that we can raise the signal again from the signal handler */ - }; - int r; - --- -2.27.0 - diff --git a/backport-malloc-uses-getrandom-now.patch b/backport-malloc-uses-getrandom-now.patch deleted file mode 100644 index 3f9220fb57aceda028559673ef6e064fcaa16d51..0000000000000000000000000000000000000000 --- a/backport-malloc-uses-getrandom-now.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 08c99e5600f92c5143b931a507980a2655380cb3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Fri, 9 Jul 2021 17:19:05 -0400 -Subject: [PATCH] malloc() uses getrandom now - -glibc master uses getrandom in malloc since https://sourceware.org/git/?p=glibc.git;a=commit;h=fc859c304898a5ec72e0ba5269ed136ed0ea10e1 , getrandom should be in the default set so to avoid all non trivial programs to fallback to a PRNG. - -(cherry picked from commit 14f4b1b568907350d023d1429c1aa4aaa8925f22) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08c99e5600f92c5143b931a507980a2655380cb3 ---- - src/shared/seccomp-util.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index e0f88aec73..cad0af89f2 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -310,6 +310,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "getpgrp\0" - "getpid\0" - "getppid\0" -+ "getrandom\0" - "getresgid\0" - "getresgid32\0" - "getresuid\0" --- -2.33.0 - diff --git a/backport-manager-allow-transient-units-to-have-drop-ins.patch b/backport-manager-allow-transient-units-to-have-drop-ins.patch deleted file mode 100644 index 32d625016784124cec31194ebbc7142ab14bd3d9..0000000000000000000000000000000000000000 --- a/backport-manager-allow-transient-units-to-have-drop-ins.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 1a09fb995e0e84c2a5f40945248644b174863c6b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 14 Oct 2022 15:02:20 +0200 -Subject: [PATCH] manager: allow transient units to have drop-ins - -In https://github.com/containers/podman/issues/16107, starting of a transient -slice unit fails because there's a "global" drop-in -/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by -systemd-oomd-defaults package to install some default oomd policy). This means -that the unit_is_pristine() check fails and starting of the unit is forbidden. - -It seems pretty clear to me that dropins at any other level then the unit -should be ignored in this check: we now have multiple layers of drop-ins -(for each level of the cgroup path, and also "global" ones for a specific -unit type). If we install a "global" drop-in, we wouldn't be able to start -any transient units of that type, which seems undesired. - -In principle we could reject dropins at the unit level, but I don't think that -is useful. The whole reason for drop-ins is that they are "add ons", and there -isn't any particular reason to disallow them for transient units. It would also -make things harder to implement and describe: one place for drop-ins is good, -but another is bad. (And as a corner case: for instanciated units, a drop-in -in the template would be acceptable, but a instance-specific drop-in bad?) - -Thus, $subject. - -While at it, adjust the message. All the conditions in unit_is_pristine() -essentially mean that it wasn't loaded (e.g. it might be in an error state), -and that it doesn't have a fragment path (now that drop-ins are acceptable). -If there's a job for it, it necessarilly must have been loaded. If it is -merged into another unit, it also was loaded and found to be an alias. -Based on the discussion in the bugs, it seems that the current message -is far from obvious ;) - -Fixes https://github.com/containers/podman/issues/16107, -https://bugzilla.redhat.com/show_bug.cgi?id=2133792. - -(cherry picked from commit 1f83244641f13a9cb28fdac7e3c17c5446242dfb) -(cherry picked from commit 98a45608c4bf5aa1ba9b603ac2e5730f13659d88) ---- - src/core/dbus-manager.c | 2 +- - src/core/unit.c | 14 ++++++++------ - 2 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 1a3098ceb1..9a2a5531c6 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -901,7 +901,7 @@ static int transient_unit_from_message( - - if (!unit_is_pristine(u)) - return sd_bus_error_setf(error, BUS_ERROR_UNIT_EXISTS, -- "Unit %s already exists.", name); -+ "Unit %s was already loaded or has a fragment file.", name); - - /* OK, the unit failed to load and is unreferenced, now let's - * fill in the transient data instead */ -diff --git a/src/core/unit.c b/src/core/unit.c -index a7b3208432..60e4e42d2f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4806,16 +4806,18 @@ int unit_fail_if_noncanonical(Unit *u, const char* where) { - bool unit_is_pristine(Unit *u) { - assert(u); - -- /* Check if the unit already exists or is already around, -- * in a number of different ways. Note that to cater for unit -- * types such as slice, we are generally fine with units that -- * are marked UNIT_LOADED even though nothing was actually -- * loaded, as those unit types don't require a file on disk. */ -+ /* Check if the unit already exists or is already around, in a number of different ways. Note that to -+ * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED -+ * even though nothing was actually loaded, as those unit types don't require a file on disk. -+ * -+ * Note that we don't check for drop-ins here, because we allow drop-ins for transient units -+ * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service: -+ * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf. -+ */ - - return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && - !u->fragment_path && - !u->source_path && -- strv_isempty(u->dropin_paths) && - !u->job && - !u->merged_into; - } --- -2.33.0 - diff --git a/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch b/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch deleted file mode 100644 index 7a0d94ddd8ba73eb8f2ed4b38df6b78afe715b9c..0000000000000000000000000000000000000000 --- a/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b146a7345b69de16e88347acadb3783ffeeaad9d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 14 Oct 2022 14:40:24 +0200 -Subject: [PATCH] manager: reformat boolean expression in unit_is_pristine() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Not not IN_SET(…) is just too much for my poor brain. Let's invert -the expression to make it easier to undertand. ---- - src/core/unit.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index d6bea2080f..5016114cb4 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4850,12 +4850,12 @@ bool unit_is_pristine(Unit *u) { - * are marked UNIT_LOADED even though nothing was actually - * loaded, as those unit types don't require a file on disk. */ - -- return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) || -- u->fragment_path || -- u->source_path || -- !strv_isempty(u->dropin_paths) || -- u->job || -- u->merged_into); -+ return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && -+ !u->fragment_path && -+ !u->source_path && -+ strv_isempty(u->dropin_paths) && -+ !u->job && -+ !u->merged_into; - } - - pid_t unit_control_pid(Unit *u) { --- -2.33.0 - diff --git a/backport-meson.build-change-operator-combining-bools-from-to-.patch b/backport-meson.build-change-operator-combining-bools-from-to-.patch deleted file mode 100644 index 55fe2f574cfead0cf5f6c08311789fb35db43f00..0000000000000000000000000000000000000000 --- a/backport-meson.build-change-operator-combining-bools-from-to-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c29537f39e4f413a6cbfe9669fa121bdd6d8b36f Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Fri, 3 Sep 2021 12:43:33 -0400 -Subject: [PATCH] meson.build: change operator combining bools from + to and - -upstream meson stopped allowing combining boolean with the plus -operator, and now requires using the logical and operator - -reference: -https://github.com/mesonbuild/meson/commit/43302d3296baff6aeaf8e03f5d701b0402e37a6c - -Fixes: #20632 - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c29537f39e4f413a6cbfe9669fa121bdd6d8b36f ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 6e1a8b1e50..0fe996adba 100644 ---- a/meson.build -+++ b/meson.build -@@ -35,7 +35,7 @@ conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer', - - want_ossfuzz = get_option('oss-fuzz') - want_libfuzzer = get_option('llvm-fuzz') --if want_ossfuzz + want_libfuzzer > 1 -+if want_ossfuzz and want_libfuzzer - error('only one of oss-fuzz or llvm-fuzz can be specified') - endif - --- -2.33.0 - diff --git a/backport-missing-syscall-add-__NR_openat2.patch b/backport-missing-syscall-add-__NR_openat2.patch deleted file mode 100644 index ef7c146bb987ffe23a0116b9801df17da3bbb336..0000000000000000000000000000000000000000 --- a/backport-missing-syscall-add-__NR_openat2.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 31f64a65423414bf1d11fc9035450e9b6256858c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 3 Jan 2022 03:44:50 +0900 -Subject: [PATCH] missing-syscall: add __NR_openat2 - -(cherry picked from commit d96ad9e8cb9fc8a9adfeebf69a645b809705daa0) -(cherry picked from commit cd88d010e862d26ce816eb3bd6735a80999ac41e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/31f64a65423414bf1d11fc9035450e9b6256858c ---- - src/basic/missing_syscall_def.h | 66 +++++++++++++++++++++++++++++++++ - src/basic/missing_syscalls.py | 1 + - 2 files changed, 67 insertions(+) - -diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 6a48c2a0c5..29dfd2e5fa 100644 ---- a/src/basic/missing_syscall_def.h -+++ b/src/basic/missing_syscall_def.h -@@ -679,6 +679,72 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); - # endif - #endif - -+#ifndef __IGNORE_openat2 -+# if defined(__aarch64__) -+# define systemd_NR_openat2 437 -+# elif defined(__alpha__) -+# define systemd_NR_openat2 547 -+# elif defined(__arc__) || defined(__tilegx__) -+# define systemd_NR_openat2 437 -+# elif defined(__arm__) -+# define systemd_NR_openat2 437 -+# elif defined(__i386__) -+# define systemd_NR_openat2 437 -+# elif defined(__ia64__) -+# define systemd_NR_openat2 1461 -+# elif defined(__loongarch64) -+# define systemd_NR_openat2 437 -+# elif defined(__m68k__) -+# define systemd_NR_openat2 437 -+# elif defined(_MIPS_SIM) -+# if _MIPS_SIM == _MIPS_SIM_ABI32 -+# define systemd_NR_openat2 4437 -+# elif _MIPS_SIM == _MIPS_SIM_NABI32 -+# define systemd_NR_openat2 6437 -+# elif _MIPS_SIM == _MIPS_SIM_ABI64 -+# define systemd_NR_openat2 5437 -+# else -+# error "Unknown MIPS ABI" -+# endif -+# elif defined(__powerpc__) -+# define systemd_NR_openat2 437 -+# elif defined(__riscv) -+# if __riscv_xlen == 32 -+# define systemd_NR_openat2 437 -+# elif __riscv_xlen == 64 -+# define systemd_NR_openat2 437 -+# else -+# error "Unknown RISC-V ABI" -+# endif -+# elif defined(__s390__) -+# define systemd_NR_openat2 437 -+# elif defined(__sparc__) -+# define systemd_NR_openat2 437 -+# elif defined(__x86_64__) -+# if defined(__ILP32__) -+# define systemd_NR_openat2 (437 | /* __X32_SYSCALL_BIT */ 0x40000000) -+# else -+# define systemd_NR_openat2 437 -+# endif -+# elif !defined(missing_arch_template) -+# warning "openat2() syscall number is unknown for your architecture" -+# endif -+ -+/* may be an (invalid) negative number due to libseccomp, see PR 13319 */ -+# if defined __NR_openat2 && __NR_openat2 >= 0 -+# if defined systemd_NR_openat2 -+assert_cc(__NR_openat2 == systemd_NR_openat2); -+# endif -+# else -+# if defined __NR_openat2 -+# undef __NR_openat2 -+# endif -+# if defined systemd_NR_openat2 && systemd_NR_openat2 >= 0 -+# define __NR_openat2 systemd_NR_openat2 -+# endif -+# endif -+#endif -+ - #ifndef __IGNORE_pidfd_open - # if defined(__aarch64__) - # define systemd_NR_pidfd_open 434 -diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py -index 19f9726d4e..dd458994f2 100644 ---- a/src/basic/missing_syscalls.py -+++ b/src/basic/missing_syscalls.py -@@ -16,6 +16,7 @@ SYSCALLS = [ - 'move_mount', - 'name_to_handle_at', - 'open_tree', -+ 'openat2', - 'pidfd_open', - 'pidfd_send_signal', - 'pkey_mprotect', --- -2.33.0 - diff --git a/backport-mkosi-Build-Fedora-35-images.patch b/backport-mkosi-Build-Fedora-35-images.patch deleted file mode 100644 index 748d1c22b57f65579f1e92498dbabbe2e4ef7b3c..0000000000000000000000000000000000000000 --- a/backport-mkosi-Build-Fedora-35-images.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e5c19733785558e6fc17f96e6c18219d46179a2d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Dec 2021 12:35:23 +0100 -Subject: [PATCH] mkosi: Build Fedora 35 images - -(cherry picked from commit 808b23ecf681c12493cbb84958e75ea300ebbeab) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e5c19733785558e6fc17f96e6c18219d46179a2d ---- - .mkosi/mkosi.fedora | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.mkosi/mkosi.fedora b/.mkosi/mkosi.fedora -index cc3a5a2d1a..3e7462e477 100644 ---- a/.mkosi/mkosi.fedora -+++ b/.mkosi/mkosi.fedora -@@ -5,7 +5,7 @@ - - [Distribution] - Distribution=fedora --Release=34 -+Release=35 - - [Packages] - BuildPackages= --- -2.33.0 - diff --git a/backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch b/backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch deleted file mode 100644 index 1188a08b07a6f6ceb1d6f963e783726b62e007cd..0000000000000000000000000000000000000000 --- a/backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c135c18d0aedeb6043ea4e54a252b7d2452d0937 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Thu, 10 Jun 2021 14:39:13 +0200 -Subject: [PATCH] mkosi: Fix openSUSE Jinja2 package name -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Dare to be different ¯\_(ツ)_/¯ - -(cherry picked from commit ed802c44da7918ba1c14944b711a20b14d9e0fd4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c135c18d0aedeb6043ea4e54a252b7d2452d0937 ---- - .mkosi/mkosi.opensuse | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.mkosi/mkosi.opensuse b/.mkosi/mkosi.opensuse -index fdbbdeb1f8..7eb7b857ca 100644 ---- a/.mkosi/mkosi.opensuse -+++ b/.mkosi/mkosi.opensuse -@@ -36,7 +36,7 @@ BuildPackages= - pcre-devel - python3 - python3-lxml -- python3-jinja2 -+ python3-Jinja2 - qrencode-devel - system-user-nobody - systemd-sysvinit --- -2.33.0 - diff --git a/backport-mkosi-Remove-Arch-nspawn-workaround.patch b/backport-mkosi-Remove-Arch-nspawn-workaround.patch deleted file mode 100644 index bbc1d4caf0a39edec4536520bd6468cbf8d2b342..0000000000000000000000000000000000000000 --- a/backport-mkosi-Remove-Arch-nspawn-workaround.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c24f4e86781d866894128a56fbc03f4302f737f6 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 25 Feb 2022 11:01:07 +0000 -Subject: [PATCH] mkosi: Remove Arch nspawn workaround - -This has been fixed so the workaround can be removed. - -(cherry picked from commit 6b2ab8fc5cc0f706b85cbd559e8dcf4e05d7687d) -(cherry picked from commit f0cc6d2f99b2510c57fa36ad7f28cc42c0b724b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c24f4e86781d866894128a56fbc03f4302f737f6 ---- - .github/workflows/mkosi.yml | 13 ------------- - 1 file changed, 13 deletions(-) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index 489eb01880..c8d572a4d8 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -37,19 +37,6 @@ jobs: - - name: Symlink - run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default - -- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is -- # required, since current Arch's glibc implements faccessat() via faccessat2(). -- - name: Update systemd-nspawn -- if: ${{ matrix.distro == 'arch' }} -- run: | -- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list -- sudo apt update -- sudo apt build-dep systemd -- meson build -- ninja -C build -- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` -- systemd-nspawn --version -- - - name: Build ${{ matrix.distro }} - run: sudo python3 -m mkosi --password= --qemu-headless build - --- -2.33.0 - diff --git a/backport-mkosi-openSUSE-update-bootable-no-dependencies.patch b/backport-mkosi-openSUSE-update-bootable-no-dependencies.patch deleted file mode 100644 index 4e81ba429349e63ffca3ca7b2f199dc79b4c09f6..0000000000000000000000000000000000000000 --- a/backport-mkosi-openSUSE-update-bootable-no-dependencies.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e4e572117b41f6e8152a30acc6f60a0385090137 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Fri, 12 Feb 2021 18:11:18 +0100 -Subject: [PATCH] mkosi: openSUSE update --bootable=no dependencies - -Since we can build --bootable=no images without dracut->systemd, we need -to add systemd runtime dependencies explicitely. - -(cherry picked from commit f2bb8857cd093eb9bd5e1dad6fb996a0a4463556) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e4e572117b41f6e8152a30acc6f60a0385090137 ---- - .mkosi/mkosi.opensuse | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/.mkosi/mkosi.opensuse b/.mkosi/mkosi.opensuse -index b468433f34..fdbbdeb1f8 100644 ---- a/.mkosi/mkosi.opensuse -+++ b/.mkosi/mkosi.opensuse -@@ -60,6 +60,7 @@ Packages= - libapparmor1 - libcrypt1 - libcryptsetup12 -+ libgcrypt20 - libkmod2 - liblz4-1 - libmount1 --- -2.33.0 - diff --git a/backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch b/backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch deleted file mode 100644 index 4bd7350a35d86602a517fde232b22e00e370b404..0000000000000000000000000000000000000000 --- a/backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03 Mon Sep 17 00:00:00 2001 -From: Vito Caputo -Date: Thu, 25 Nov 2021 07:05:06 -0800 -Subject: [PATCH] mmap-cache: LIST_REMOVE() *after* w->unused_prev - -The LIST_REMOVE() macro always assigns NULL to w->unused_prev, -meaning every time this window was in last_unused, the remainder -of the unused list was lost to the ether. - -Turns out there's been a memory leak in journald after all, this -code has been there since at least 2013... - -(cherry picked from commit b82aca89a5b366c4377b3b140e54313e817e8f57) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03 ---- - src/libsystemd/sd-journal/mmap-cache.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/mmap-cache.c b/src/libsystemd/sd-journal/mmap-cache.c -index 9e0be01d41..02d2d721cf 100644 ---- a/src/libsystemd/sd-journal/mmap-cache.c -+++ b/src/libsystemd/sd-journal/mmap-cache.c -@@ -224,9 +224,9 @@ static void context_attach_window(Context *c, Window *w) { - - if (w->in_unused) { - /* Used again? */ -- LIST_REMOVE(unused, c->cache->unused, w); - if (c->cache->last_unused == w) - c->cache->last_unused = w->unused_prev; -+ LIST_REMOVE(unused, c->cache->unused, w); - - w->in_unused = false; - } --- -2.33.0 - diff --git a/backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch b/backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch deleted file mode 100644 index 38ceedfd1fc0f66533ac0227a5a0aee4144b698d..0000000000000000000000000000000000000000 --- a/backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ccbb0b48c48f80a3121ff9d99f395b642a0090b5 Mon Sep 17 00:00:00 2001 -From: jcg -Date: Fri, 9 Dec 2022 20:45:39 +0800 -Subject: [PATCH] mount-setup: don't need to mount /sys/fs/pstore if there is - no ENABLE_PSTORE - -(cherry picked from commit 5e5fce3e918ebba5d0cbf0b64bb97f0eaeae70a3) -(cherry picked from commit 613994c10b19f02c0764aa1d5865730f3af99267) -(cherry picked from commit 46a7e30cb9f274763657d40193c2a03a02c687ab) -(cherry picked from commit 0e96d07e8c03e543816702b13db891924b485951) ---- - src/shared/mount-setup.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c -index ef3527e9a7..8c7c390854 100644 ---- a/src/shared/mount-setup.c -+++ b/src/shared/mount-setup.c -@@ -102,8 +102,10 @@ static const MountPoint mount_table[] = { - cg_is_legacy_wanted, MNT_IN_CONTAINER }, - { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, - cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER }, -+#if ENABLE_PSTORE - { "pstore", "/sys/fs/pstore", "pstore", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, - NULL, MNT_NONE }, -+#endif - #if ENABLE_EFI - { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, - is_efi_boot, MNT_NONE }, --- -2.27.0 - diff --git a/backport-mount-util-fix-error-code.patch b/backport-mount-util-fix-error-code.patch deleted file mode 100644 index d4dc3b491aed72559d379db2460c8c4cc9d4c7d8..0000000000000000000000000000000000000000 --- a/backport-mount-util-fix-error-code.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 561205a9c4fd0db341a93e227d249a6b6d03e2e1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 4 Sep 2022 22:34:38 +0900 -Subject: [PATCH] mount-util: fix error code - -If multiple service is starting simultaneously with a shared image, -then one of the service may fail to create a mount node: - -systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... -systemd[696]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... -systemd[695]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory -systemd[696]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory -systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... -systemd[696]: Failed to create destination mount point node '/run/systemd/unit-root/run/host/os-release': Operation not permitted -systemd[695]: Successfully mounted /usr/lib/os-release to /run/systemd/unit-root/run/host/os-release - -The function apply_one_mount() in src/core/namespace.c gracefully -handles -EEXIST from make_mount_point_inode_from_path(), but it erroneously -returned -EPERM previously. This fixes the issue. - -Fixes one of the issues in #24147, especially reported at -https://github.com/systemd/systemd/issues/24147#issuecomment-1236194671. - -(cherry picked from commit b6ca2b281eff254dce2293990360e799af806ad4) -(cherry picked from commit 24238be484e6d7633bc68c784f7b3180299a80d4) -(cherry picked from commit 260633c50b5da5522b714d7989a138ecd73febd6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/561205a9c4fd0db341a93e227d249a6b6d03e2e1 ---- - src/shared/mount-util.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c -index 26618bb113..199ff6163d 100644 ---- a/src/shared/mount-util.c -+++ b/src/shared/mount-util.c -@@ -1089,8 +1089,10 @@ int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mo - - if (S_ISDIR(st->st_mode)) - return mkdir_label(dest, mode); -+ else if (mknod(dest, S_IFREG|(mode & ~0111), 0) < 0) -+ return -errno; - else -- return mknod(dest, S_IFREG|(mode & ~0111), 0); -+ return 0; - } - - int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode) { --- -2.27.0 - diff --git a/backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch b/backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch deleted file mode 100644 index acdfb33730229b6b99a182283c028974e112ef43..0000000000000000000000000000000000000000 --- a/backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 8de173ff933510200ac3db77f1ae713f2c4acdc3 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 30 Sep 2021 14:05:36 +0200 -Subject: [PATCH] mount-util: fix fd_is_mount_point() when both the parent and - directory are network fs - -The second call to name_to_handle_at_loop() didn't check for the specific -errors that can happen when the parent dir is mounted by nfs and instead of -falling back like it's done for the child dir, fd_is_mount_point() failed in -this case. - -(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8de173ff933510200ac3db77f1ae713f2c4acdc3 ---- - src/basic/mountpoint-util.c | 68 ++++++++++++++++++++++--------------- - 1 file changed, 41 insertions(+), 27 deletions(-) - -diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c -index 8c836a1b74..e7a5a99551 100644 ---- a/src/basic/mountpoint-util.c -+++ b/src/basic/mountpoint-util.c -@@ -157,6 +157,19 @@ static bool filename_possibly_with_slash_suffix(const char *s) { - return filename_is_valid(copied); - } - -+static bool is_name_to_handle_at_fatal_error(int err) { -+ /* name_to_handle_at() can return "acceptable" errors that are due to the context. For -+ * example the kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall -+ * was blocked (EACCES/EPERM; maybe through seccomp, because we are running inside of a -+ * container), or the mount point is not triggered yet (EOVERFLOW, think nfs4), or some -+ * general name_to_handle_at() flakiness (EINVAL). However other errors are not supposed to -+ * happen and therefore are considered fatal ones. */ -+ -+ assert(err < 0); -+ -+ return !IN_SET(err, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL); -+} -+ - int fd_is_mount_point(int fd, const char *filename, int flags) { - _cleanup_free_ struct file_handle *h = NULL, *h_parent = NULL; - int mount_id = -1, mount_id_parent = -1; -@@ -206,39 +219,40 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { - return false; /* symlinks are never mount points */ - - r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags); -- if (IN_SET(r, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) -- /* This kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall was blocked -- * (EACCES/EPERM; maybe through seccomp, because we are running inside of a container?), or the mount -- * point is not triggered yet (EOVERFLOW, think nfs4), or some general name_to_handle_at() flakiness -- * (EINVAL): fall back to simpler logic. */ -- goto fallback_fdinfo; -- else if (r == -EOPNOTSUPP) -- /* This kernel or file system does not support name_to_handle_at(), hence let's see if the upper fs -- * supports it (in which case it is a mount point), otherwise fall back to the traditional stat() -- * logic */ -+ if (r < 0) { -+ if (is_name_to_handle_at_fatal_error(r)) -+ return r; -+ if (r != -EOPNOTSUPP) -+ goto fallback_fdinfo; -+ -+ /* This kernel or file system does not support name_to_handle_at(), hence let's see -+ * if the upper fs supports it (in which case it is a mount point), otherwise fall -+ * back to the traditional stat() logic */ - nosupp = true; -- else if (r < 0) -- return r; -+ } - - r = name_to_handle_at_loop(fd, "", &h_parent, &mount_id_parent, AT_EMPTY_PATH); -- if (r == -EOPNOTSUPP) { -+ if (r < 0) { -+ if (is_name_to_handle_at_fatal_error(r)) -+ return r; -+ if (r != -EOPNOTSUPP) -+ goto fallback_fdinfo; - if (nosupp) -- /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */ -+ /* Both the parent and the directory can't do name_to_handle_at() */ - goto fallback_fdinfo; -- else -- /* The parent can't do name_to_handle_at() but the directory we are interested in can? If so, -- * it must be a mount point. */ -- return 1; -- } else if (r < 0) -- return r; - -- /* The parent can do name_to_handle_at() but the directory we are interested in can't? If so, it must -- * be a mount point. */ -+ /* The parent can't do name_to_handle_at() but the directory we are -+ * interested in can? If so, it must be a mount point. */ -+ return 1; -+ } -+ -+ /* The parent can do name_to_handle_at() but the directory we are interested in can't? If -+ * so, it must be a mount point. */ - if (nosupp) - return 1; - -- /* If the file handle for the directory we are interested in and its parent are identical, we assume -- * this is the root directory, which is a mount point. */ -+ /* If the file handle for the directory we are interested in and its parent are identical, -+ * we assume this is the root directory, which is a mount point. */ - - if (h->handle_bytes == h_parent->handle_bytes && - h->handle_type == h_parent->handle_type && -@@ -338,10 +352,10 @@ int path_get_mnt_id(const char *path, int *ret) { - } - - r = name_to_handle_at_loop(AT_FDCWD, path, NULL, ret, 0); -- if (IN_SET(r, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) /* kernel/fs don't support this, or seccomp blocks access, or untriggered mount, or name_to_handle_at() is flaky */ -- return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret); -+ if (r == 0 || is_name_to_handle_at_fatal_error(r)) -+ return r; - -- return r; -+ return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret); - } - - bool fstype_is_network(const char *fstype) { --- -2.33.0 - diff --git a/backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch b/backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch deleted file mode 100644 index 7175d71a904ba4dff9a4c26575d20dcdc80e01e5..0000000000000000000000000000000000000000 --- a/backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch +++ /dev/null @@ -1,116 +0,0 @@ -From c789d2f457d2e160d00760aa3ecfd6883c64cf5f Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Sat, 27 Nov 2021 12:51:39 +0200 -Subject: [PATCH] namespace: allow ProcSubset=pid with some ProtectKernel - options - -In case `/proc` is successfully mounted with pid tree subset only due to -`ProcSubset=pid`, the protective mounts for `ProtectKernelTunables=yes` and -`ProtectKernelLogs=yes` to non-pid `/proc` paths are failing because the paths -don't exist. But the pid only option may have failed gracefully (for example -because of ancient kernel), so let's try the mounts but it's not fatal if they -don't succeed. - -(cherry picked from commit 788e720181aead8c85ba30fc7ec9a1455a865cbe) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c789d2f457d2e160d00760aa3ecfd6883c64cf5f ---- - src/core/namespace.c | 42 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 34 insertions(+), 8 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 9251871384..b933d46cf6 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -101,7 +101,7 @@ static const MountEntry apivfs_table[] = { - }; - - /* ProtectKernelTunables= option and the related filesystem APIs */ --static const MountEntry protect_kernel_tunables_table[] = { -+static const MountEntry protect_kernel_tunables_proc_table[] = { - { "/proc/acpi", READONLY, true }, - { "/proc/apm", READONLY, true }, /* Obsolete API, there's no point in permitting access to this, ever */ - { "/proc/asound", READONLY, true }, -@@ -116,6 +116,9 @@ static const MountEntry protect_kernel_tunables_table[] = { - { "/proc/sys", READONLY, true }, - { "/proc/sysrq-trigger", READONLY, true }, - { "/proc/timer_stats", READONLY, true }, -+}; -+ -+static const MountEntry protect_kernel_tunables_sys_table[] = { - { "/sys", READONLY, false }, - { "/sys/fs/bpf", READONLY, true }, - { "/sys/fs/cgroup", READWRITE_IMPLICIT, false }, /* READONLY is set by ProtectControlGroups= option */ -@@ -133,8 +136,11 @@ static const MountEntry protect_kernel_modules_table[] = { - }; - - /* ProtectKernelLogs= option */ --static const MountEntry protect_kernel_logs_table[] = { -+static const MountEntry protect_kernel_logs_proc_table[] = { - { "/proc/kmsg", INACCESSIBLE, true }, -+}; -+ -+static const MountEntry protect_kernel_logs_dev_table[] = { - { "/dev/kmsg", INACCESSIBLE, true }, - }; - -@@ -1554,9 +1560,11 @@ static size_t namespace_calculate_mounts( - (n_extension_images > 0 ? n_hierarchies + n_extension_images : 0) + /* Mount each image plus an overlay per hierarchy */ - n_temporary_filesystems + - ns_info->private_dev + -- (ns_info->protect_kernel_tunables ? ELEMENTSOF(protect_kernel_tunables_table) : 0) + -+ (ns_info->protect_kernel_tunables ? -+ ELEMENTSOF(protect_kernel_tunables_proc_table) + ELEMENTSOF(protect_kernel_tunables_sys_table) : 0) + - (ns_info->protect_kernel_modules ? ELEMENTSOF(protect_kernel_modules_table) : 0) + -- (ns_info->protect_kernel_logs ? ELEMENTSOF(protect_kernel_logs_table) : 0) + -+ (ns_info->protect_kernel_logs ? -+ ELEMENTSOF(protect_kernel_logs_proc_table) + ELEMENTSOF(protect_kernel_logs_dev_table) : 0) + - (ns_info->protect_control_groups ? 1 : 0) + - protect_home_cnt + protect_system_cnt + - (ns_info->protect_hostname ? 2 : 0) + -@@ -2037,10 +2045,21 @@ int setup_namespace( - .flags = DEV_MOUNT_OPTIONS, - }; - -+ /* In case /proc is successfully mounted with pid tree subset only (ProcSubset=pid), the -+ protective mounts to non-pid /proc paths would fail. But the pid only option may have -+ failed gracefully, so let's try the mounts but it's not fatal if they don't succeed. */ -+ bool ignore_protect_proc = ns_info->ignore_protect_paths || ns_info->proc_subset == PROC_SUBSET_PID; - if (ns_info->protect_kernel_tunables) { - r = append_static_mounts(&m, -- protect_kernel_tunables_table, -- ELEMENTSOF(protect_kernel_tunables_table), -+ protect_kernel_tunables_proc_table, -+ ELEMENTSOF(protect_kernel_tunables_proc_table), -+ ignore_protect_proc); -+ if (r < 0) -+ goto finish; -+ -+ r = append_static_mounts(&m, -+ protect_kernel_tunables_sys_table, -+ ELEMENTSOF(protect_kernel_tunables_sys_table), - ns_info->ignore_protect_paths); - if (r < 0) - goto finish; -@@ -2057,8 +2076,15 @@ int setup_namespace( - - if (ns_info->protect_kernel_logs) { - r = append_static_mounts(&m, -- protect_kernel_logs_table, -- ELEMENTSOF(protect_kernel_logs_table), -+ protect_kernel_logs_proc_table, -+ ELEMENTSOF(protect_kernel_logs_proc_table), -+ ignore_protect_proc); -+ if (r < 0) -+ goto finish; -+ -+ r = append_static_mounts(&m, -+ protect_kernel_logs_dev_table, -+ ELEMENTSOF(protect_kernel_logs_dev_table), - ns_info->ignore_protect_paths); - if (r < 0) - goto finish; --- -2.33.0 - diff --git a/backport-namespace-make-tmp-dir-handling-code-independent-of-.patch b/backport-namespace-make-tmp-dir-handling-code-independent-of-.patch deleted file mode 100644 index 581e66a3cdd06eeccd1b16288efbf027899b861a..0000000000000000000000000000000000000000 --- a/backport-namespace-make-tmp-dir-handling-code-independent-of-.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 78858632566c30d2299bcdbd6efe3cbd1cc99d5a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:16:02 +0100 -Subject: [PATCH] namespace: make tmp dir handling code independent of umask - too - -Let's make all code in namespace.c robust towards weird umask. This -doesn't matter too much given that the parent dirs we deal here almost -certainly exist anyway, but let's clean this up anyway and make it fully -clean. - -(cherry picked from commit 30443439274cc223583c6c57f7d9041e440e346f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/78858632566c30d2299bcdbd6efe3cbd1cc99d5a ---- - src/core/namespace.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index b10a53ad2e..9251871384 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -2466,7 +2466,8 @@ static int make_tmp_prefix(const char *prefix) { - if (errno != ENOENT) - return -errno; - -- r = mkdir_parents(prefix, 0755); -+ RUN_WITH_UMASK(000) -+ r = mkdir_parents(prefix, 0755); - if (r < 0) - return r; - -@@ -2474,7 +2475,8 @@ static int make_tmp_prefix(const char *prefix) { - if (r < 0) - return r; - -- if (mkdir(t, 0777) < 0) -+ if (mkdir(t, 0777) < 0) /* umask will corrupt this access mode, but that doesn't matter, we need to -+ * call chmod() anyway for the suid bit, below. */ - return -errno; - - if (chmod(t, 01777) < 0) { -@@ -2533,10 +2535,9 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch - if (!y) - return -ENOMEM; - -- RUN_WITH_UMASK(0000) { -+ RUN_WITH_UMASK(0000) - if (mkdir(y, 0777 | S_ISVTX) < 0) - return -errno; -- } - - r = label_fix_container(y, prefix, 0); - if (r < 0) -@@ -2548,7 +2549,8 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch - /* Trouble: we failed to create the directory. Instead of failing, let's simulate /tmp being - * read-only. This way the service will get the EROFS result as if it was writing to the real - * file system. */ -- r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); -+ RUN_WITH_UMASK(0000) -+ r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-namespace-make-whole-namespace_setup-work-regardless.patch b/backport-namespace-make-whole-namespace_setup-work-regardless.patch deleted file mode 100644 index 3631c599528478c8c250787260fa2d1199519c20..0000000000000000000000000000000000000000 --- a/backport-namespace-make-whole-namespace_setup-work-regardless.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 569ef9413c2ef3275b45458367342112e5d5f991 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:11:27 +0100 -Subject: [PATCH] namespace: make whole namespace_setup() work regardless of - configured umask - -Let's reset the umask during the whole namespace_setup() logic, so that -all our mkdir() + mknod() are not subjected to whatever umask might -currently be set. - -This mostly moves the umask save/restore logic out of -mount_private_dev() and into the stack frame of namespace_setup() that -is further out. - -Fixes #19899 - -(cherry picked from commit cdf42f9bd40ff21a67d58b948efea055d56ad398) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/569ef9413c2ef3275b45458367342112e5d5f991 ---- - src/core/namespace.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 233ee7be40..b10a53ad2e 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -852,13 +852,10 @@ static int mount_private_dev(MountEntry *m) { - char temporary_mount[] = "/tmp/namespace-dev-XXXXXX"; - const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; - bool can_mknod = true; -- _cleanup_umask_ mode_t u; - int r; - - assert(m); - -- u = umask(0000); -- - if (!mkdtemp(temporary_mount)) - return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount); - -@@ -1864,6 +1861,10 @@ int setup_namespace( - - assert(ns_info); - -+ /* Make sure that all mknod(), mkdir() calls we do are unaffected by the umask, and the access modes -+ * we configure take effect */ -+ BLOCK_WITH_UMASK(0000); -+ - if (!isempty(propagate_dir) && !isempty(incoming_dir)) - setup_propagate = true; - --- -2.33.0 - diff --git a/backport-namespace-rebreak-a-few-comments.patch b/backport-namespace-rebreak-a-few-comments.patch deleted file mode 100644 index dd7258133a6411cb0876af727216e1213be059e1..0000000000000000000000000000000000000000 --- a/backport-namespace-rebreak-a-few-comments.patch +++ /dev/null @@ -1,92 +0,0 @@ -From bce7fb14df960aee57f0ad5c9c12a0d35c3e504e Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:09:40 +0100 -Subject: [PATCH] namespace: rebreak a few comments - -(cherry picked from commit d73020f2420aa3f220481016829aaa2602abf081) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bce7fb14df960aee57f0ad5c9c12a0d35c3e504e ---- - src/core/namespace.c | 30 ++++++++++++++---------------- - 1 file changed, 14 insertions(+), 16 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 982aeeac19..233ee7be40 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -806,8 +806,7 @@ static int clone_device_node( - *make_devnode = false; - } - -- /* We're about to fall back to bind-mounting the device -- * node. So create a dummy bind-mount target. -+ /* We're about to fall back to bind-mounting the device node. So create a dummy bind-mount target. - * Do not prepare device-node SELinux label (see issue 13762) */ - r = mknod(dn, S_IFREG, 0); - if (r < 0 && errno != EEXIST) -@@ -930,10 +929,8 @@ static int mount_private_dev(MountEntry *m) { - if (r < 0) - log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount); - -- /* Create the /dev directory if missing. It is more likely to be -- * missing when the service is started with RootDirectory. This is -- * consistent with mount units creating the mount points when missing. -- */ -+ /* Create the /dev directory if missing. It is more likely to be missing when the service is started -+ * with RootDirectory. This is consistent with mount units creating the mount points when missing. */ - (void) mkdir_p_label(mount_entry_path(m), 0755); - - /* Unmount everything in old /dev */ -@@ -975,8 +972,8 @@ static int mount_bind_dev(const MountEntry *m) { - - assert(m); - -- /* Implements the little brother of mount_private_dev(): simply bind mounts the host's /dev into the service's -- * /dev. This is only used when RootDirectory= is set. */ -+ /* Implements the little brother of mount_private_dev(): simply bind mounts the host's /dev into the -+ * service's /dev. This is only used when RootDirectory= is set. */ - - (void) mkdir_p_label(mount_entry_path(m), 0755); - -@@ -1085,7 +1082,8 @@ static int mount_tmpfs(const MountEntry *m) { - entry_path = mount_entry_path(m); - inner_path = mount_entry_unprefixed_path(m); - -- /* First, get rid of everything that is below if there is anything. Then, overmount with our new tmpfs */ -+ /* First, get rid of everything that is below if there is anything. Then, overmount with our new -+ * tmpfs */ - - (void) mkdir_p_label(entry_path, 0755); - (void) umount_recursive(entry_path, 0); -@@ -1930,11 +1928,11 @@ int setup_namespace( - * we create it if it doesn't already exist. */ - (void) mkdir_p_label("/run/systemd", 0755); - -- /* Always create the mount namespace in a temporary directory, instead of operating -- * directly in the root. The temporary directory prevents any mounts from being -- * potentially obscured my other mounts we already applied. -- * We use the same mount point for all images, which is safe, since they all live -- * in their own namespaces after all, and hence won't see each other. */ -+ /* Always create the mount namespace in a temporary directory, instead of operating directly -+ * in the root. The temporary directory prevents any mounts from being potentially obscured -+ * my other mounts we already applied. We use the same mount point for all images, which is -+ * safe, since they all live in their own namespaces after all, and hence won't see each -+ * other. */ - - root = "/run/systemd/unit-root"; - (void) mkdir_label(root, 0700); -@@ -2198,8 +2196,8 @@ int setup_namespace( - (void) mkdir_p(propagate_dir, 0600); - - if (n_extension_images > 0) -- /* ExtensionImages mountpoint directories will be created -- * while parsing the mounts to create, so have the parent ready */ -+ /* ExtensionImages mountpoint directories will be created while parsing the mounts to create, -+ * so have the parent ready */ - (void) mkdir_p(extension_dir, 0600); - - /* Remount / as SLAVE so that nothing now mounted in the namespace --- -2.33.0 - diff --git a/backport-network-add-comments.patch b/backport-network-add-comments.patch deleted file mode 100644 index 15583546904613c7a898dd7bfa308707227ad5f1..0000000000000000000000000000000000000000 --- a/backport-network-add-comments.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 7522b239b865f851e7834b53367dc196244e48fd Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 13:52:52 +0900 -Subject: [PATCH] network: add comments - -(cherry picked from commit 17d808a8bf55471009f5e0e1ccb06b1ffccdfa1a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7522b239b865f851e7834b53367dc196244e48fd ---- - src/network/networkd-setlink.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index a316a6c59b..fa1dd9b3ba 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -106,7 +106,7 @@ on_error: - static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - -- r = set_link_handler_internal(rtnl, m, link, SET_LINK_ADDRESS_GENERATION_MODE, true, NULL); -+ r = set_link_handler_internal(rtnl, m, link, SET_LINK_ADDRESS_GENERATION_MODE, /* ignore = */ true, NULL); - if (r <= 0) - return r; - -@@ -120,31 +120,31 @@ static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m - } - - static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BOND, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BOND, /* ignore = */ false, NULL); - } - - static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ false, NULL); - } - - static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE_VLAN, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE_VLAN, /* ignore = */ false, NULL); - } - - static int link_set_can_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_CAN, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_CAN, /* ignore = */ false, NULL); - } - - static int link_set_flags_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_FLAGS, false, get_link_update_flag_handler); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_FLAGS, /* ignore = */ false, get_link_update_flag_handler); - } - - static int link_set_group_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_GROUP, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_GROUP, /* ignore = */ false, NULL); - } - - static int link_set_mac_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_MAC, true, get_link_default_handler); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_MAC, /* ignore = */ true, get_link_default_handler); - } - - static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -@@ -180,13 +180,13 @@ static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message - } - - static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, false, get_link_master_handler); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ false, get_link_master_handler); - } - - static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - -- r = set_link_handler_internal(rtnl, m, link, SET_LINK_MTU, true, get_link_default_handler); -+ r = set_link_handler_internal(rtnl, m, link, SET_LINK_MTU, /* ignore = */ true, get_link_default_handler); - if (r <= 0) - return r; - --- -2.33.0 - diff --git a/backport-network-address-read-flags-from-message-header-when-.patch b/backport-network-address-read-flags-from-message-header-when-.patch deleted file mode 100644 index d47827e6dc1fdad1e0220140d58eb8a62ca2e155..0000000000000000000000000000000000000000 --- a/backport-network-address-read-flags-from-message-header-when-.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a6c264cbd6fc8c10c905ee2c1cd22717247c3c25 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 8 Dec 2021 05:35:37 +0900 -Subject: [PATCH] network: address: read flags from message header when - IFA_FLAGS is not supported by kernel - -Follow-up for 0828a38605975b68c14c9194a1ee2c5c2ff7038f. - -Fixes #21670. - -(cherry picked from commit 8ed68422e1bafc84afe524bc5020d343bc6163ca) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a6c264cbd6fc8c10c905ee2c1cd22717247c3c25 ---- - src/network/networkd-address.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 7b221516d7..bfc2e19bee 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -1368,6 +1368,14 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, - } - - r = sd_netlink_message_read_u32(message, IFA_FLAGS, &tmp->flags); -+ if (r == -ENODATA) { -+ unsigned char flags; -+ -+ /* For old kernels. */ -+ r = sd_rtnl_message_addr_get_flags(message, &flags); -+ if (r >= 0) -+ tmp->flags = flags; -+ } - if (r < 0) { - log_link_warning_errno(link, r, "rtnl: received address message without flags, ignoring: %m"); - return 0; --- -2.33.0 - diff --git a/backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch b/backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch deleted file mode 100644 index 06bef7024b0366190a688e3661a31b1e605949c0..0000000000000000000000000000000000000000 --- a/backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23 Mon Sep 17 00:00:00 2001 -From: Tom Yan -Date: Mon, 16 Aug 2021 18:00:42 +0800 -Subject: [PATCH] network: allow users to forbid passthru MACVLAN from putting - its link into promiscuous mode - -While we haven't implemented a key for users to set MACVLAN/MACVTAP flags, -we can at least allow them to make use of the Promiscuous= key of -the corresponding link to set the nopromisc flag. - -(cherry picked from commit 17a6a4ae2e7104a1105a0cef0ba049799f3ef6bc) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23 ---- - src/network/netdev/macvlan.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c -index 46b0826148..9d037c2f36 100644 ---- a/src/network/netdev/macvlan.c -+++ b/src/network/netdev/macvlan.c -@@ -5,6 +5,7 @@ - #include "conf-parser.h" - #include "macvlan.h" - #include "macvlan-util.h" -+#include "networkd-network.h" - #include "parse-util.h" - - DEFINE_CONFIG_PARSE_ENUM(config_parse_macvlan_mode, macvlan_mode, MacVlanMode, "Failed to parse macvlan mode"); -@@ -16,6 +17,7 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net - assert(netdev); - assert(link); - assert(netdev->ifname); -+ assert(link->network); - - if (netdev->kind == NETDEV_KIND_MACVLAN) - m = MACVLAN(netdev); -@@ -52,6 +54,13 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net - return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_MODE attribute: %m"); - } - -+ /* set the nopromisc flag if Promiscuous= of the link is explicitly set to false */ -+ if (m->mode == NETDEV_MACVLAN_MODE_PASSTHRU && link->network->promiscuous == 0) { -+ r = sd_netlink_message_append_u16(req, IFLA_MACVLAN_FLAGS, MACVLAN_FLAG_NOPROMISC); -+ if (r < 0) -+ return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_FLAGS attribute: %m"); -+ } -+ - if (m->bc_queue_length != UINT32_MAX) { - r = sd_netlink_message_append_u32(req, IFLA_MACVLAN_BC_QUEUE_LEN, m->bc_queue_length); - if (r < 0) --- -2.33.0 - diff --git a/backport-network-also-check-addresses-when-determine-a-gatewa.patch b/backport-network-also-check-addresses-when-determine-a-gatewa.patch deleted file mode 100644 index b42298bfc9c26416a6f99afe419acf351bbddda9..0000000000000000000000000000000000000000 --- a/backport-network-also-check-addresses-when-determine-a-gatewa.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 2f599380f1ab1ee5fe3f7b02926ae2dd642bed9b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Jul 2021 15:46:44 +0900 -Subject: [PATCH] network: also check addresses when determine a gateway - address is reachable or not - -Fixes #20201. - -(cherry picked from commit 11046cea1414c70b5d7aab37ea88d5a839cbd209) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2f599380f1ab1ee5fe3f7b02926ae2dd642bed9b ---- - src/network/networkd-route.c | 34 ++++++++++++++++++++++++++++++++++ - 1 file changed, 34 insertions(+) - -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 77a93beca9..068915616e 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -746,6 +746,26 @@ static bool route_address_is_reachable(const Route *route, int family, const uni - FAMILY_ADDRESS_SIZE(family) * 8) > 0; - } - -+static bool prefix_route_address_is_reachable(const Address *a, int family, const union in_addr_union *address) { -+ assert(a); -+ assert(IN_SET(family, AF_INET, AF_INET6)); -+ assert(address); -+ -+ if (a->family != family) -+ return false; -+ if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE)) -+ return false; -+ if (in_addr_is_set(a->family, &a->in_addr_peer)) -+ return false; -+ -+ return in_addr_prefix_intersect( -+ family, -+ &a->in_addr, -+ a->prefixlen, -+ address, -+ FAMILY_ADDRESS_SIZE(family) * 8) > 0; -+} -+ - bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { - Link *link; - -@@ -764,6 +784,20 @@ bool manager_address_is_reachable(Manager *manager, int family, const union in_a - return true; - } - -+ /* If we do not manage foreign routes, then there may exist a prefix route we do not know, -+ * which was created on configuring an address. Hence, also check the addresses. */ -+ if (!manager->manage_foreign_routes) -+ HASHMAP_FOREACH(link, manager->links_by_index) { -+ Address *a; -+ -+ SET_FOREACH(a, link->addresses) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ SET_FOREACH(a, link->addresses_foreign) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ } -+ - return false; - } - --- -2.33.0 - diff --git a/backport-network-bridge-fix-endian-of-vlan-protocol.patch b/backport-network-bridge-fix-endian-of-vlan-protocol.patch deleted file mode 100644 index 59cdde4d0728b9976259dcdd2987f596f8e43418..0000000000000000000000000000000000000000 --- a/backport-network-bridge-fix-endian-of-vlan-protocol.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7b9aa956fbf9fc342a4e35fbcf90e7083cccbf6c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 10 Feb 2022 17:47:14 +0900 -Subject: [PATCH] network: bridge: fix endian of vlan protocol - -Fixes #22469. - -(cherry picked from commit 6eb35be8e0fa5f1f00dddd558cf4dc3642d9e53e) -(cherry picked from commit 514a4c051ce6cceaa5417a2044e708bd5105131d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b9aa956fbf9fc342a4e35fbcf90e7083cccbf6c ---- - src/network/netdev/bridge.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c -index 99fb9e1c3c..b9a0136843 100644 ---- a/src/network/netdev/bridge.c -+++ b/src/network/netdev/bridge.c -@@ -126,7 +126,7 @@ static int netdev_bridge_post_create(NetDev *netdev, Link *link, sd_netlink_mess - } - - if (b->vlan_protocol >= 0) { -- r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, b->vlan_protocol); -+ r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, htobe16(b->vlan_protocol)); - if (r < 0) - return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_VLAN_PROTOCOL attribute: %m"); - } --- -2.33.0 - diff --git a/backport-network-check-the-received-interface-name-is-actuall.patch b/backport-network-check-the-received-interface-name-is-actuall.patch deleted file mode 100644 index b23ec35cd0ce06855ef3d4b2bf7d24ca346688de..0000000000000000000000000000000000000000 --- a/backport-network-check-the-received-interface-name-is-actuall.patch +++ /dev/null @@ -1,71 +0,0 @@ -From d2895063305712cd9e5d7f4361f9343bf3b3f00b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Jul 2021 21:23:41 +0900 -Subject: [PATCH] network: check the received interface name is actually new - -For some reasons I do not know, on interface renaming, kernel once send -netlink message with old interface name, and then send with new name. -If eth0 is renamed, and then new interface appears as eth0, then the -message with the old name 'eth0' makes the interface enters failed -state. - -To ignore such invalid(?) rename event messages, let's confirm the -received interface name. - -Fixes #20203. - -(cherry picked from commit 176b8be10ffce2f8c1fc931a37904a528057016f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d2895063305712cd9e5d7f4361f9343bf3b3f00b ---- - src/network/networkd-link.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 9421ce1aa6..d58b700050 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -1,5 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - -+#include - #include - #include - #include -@@ -21,6 +22,7 @@ - #include "ethtool-util.h" - #include "fd-util.h" - #include "fileio.h" -+#include "format-util.h" - #include "fs-util.h" - #include "ipvlan.h" - #include "missing_network.h" -@@ -2161,6 +2163,7 @@ static int link_update_alternative_names(Link *link, sd_netlink_message *message - } - - static int link_update_name(Link *link, sd_netlink_message *message) { -+ char ifname_from_index[IF_NAMESIZE + 1]; - const char *ifname; - int r; - -@@ -2177,6 +2180,16 @@ static int link_update_name(Link *link, sd_netlink_message *message) { - if (streq(ifname, link->ifname)) - return 0; - -+ if (!format_ifname(link->ifindex, ifname_from_index)) -+ return log_link_debug_errno(link, SYNTHETIC_ERRNO(ENXIO), "Could not get interface name for index %i.", link->ifindex); -+ -+ if (!streq(ifname, ifname_from_index)) { -+ log_link_debug(link, "New interface name '%s' received from the kernel does not correspond " -+ "with the name currently configured on the actual interface '%s'. Ignoring.", -+ ifname, ifname_from_index); -+ return 0; -+ } -+ - log_link_info(link, "Interface name change detected, renamed to %s.", ifname); - - hashmap_remove(link->manager->links_by_name, link->ifname); --- -2.33.0 - diff --git a/backport-network-configure-address-with-requested-lifetime.patch b/backport-network-configure-address-with-requested-lifetime.patch deleted file mode 100644 index 9489faef244d6d13c4c92986325052eceaa98a7e..0000000000000000000000000000000000000000 --- a/backport-network-configure-address-with-requested-lifetime.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d18f1ad555a0b0b03fe8eb176f763b50a1aab215 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 19 Jul 2021 15:18:37 +0900 -Subject: [PATCH] network: configure address with requested lifetime - -When assigning the same address provided by a dynamic addressing -protocol, the new lifetime is stored on Request::Address, but not -Address object in Link object, which can be obtained by address_get(). -So, we need to configure address with Address object in Request. - -Fixes #20245. - -(cherry picked from commit 2d302d88e4dfd48b18486c5ce2c7dfeb229a1b0a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d18f1ad555a0b0b03fe8eb176f763b50a1aab215 ---- - src/network/networkd-address.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 6b2230b725..7b221516d7 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -1272,17 +1272,17 @@ int request_process_address(Request *req) { - if (r <= 0) - return r; - -- r = address_get(link, req->address, &a); -- if (r < 0) -- return r; -- -- r = address_configure(a, link, req->netlink_handler); -+ r = address_configure(req->address, link, req->netlink_handler); - if (r < 0) - return r; - - /* To prevent a double decrement on failure in after_configure(). */ - req->message_counter = NULL; - -+ r = address_get(link, req->address, &a); -+ if (r < 0) -+ return r; -+ - if (req->after_configure) { - r = req->after_configure(req, a); - if (r < 0) --- -2.33.0 - diff --git a/backport-network-disable-event-sources-before-unref-them.patch b/backport-network-disable-event-sources-before-unref-them.patch deleted file mode 100644 index e084d88c3f30196c7a120c0bd374b1bb39fff3f4..0000000000000000000000000000000000000000 --- a/backport-network-disable-event-sources-before-unref-them.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 847168ed320e9ff14ed95dbde0a1f392acbe4a44 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 17:26:10 +0900 -Subject: [PATCH] network: disable event sources before unref them - -(cherry picked from commit d105befc976ad704d3b17b3a5ee1b659a5f624d4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/847168ed320e9ff14ed95dbde0a1f392acbe4a44 ---- - src/network/networkd-lldp-tx.c | 2 +- - src/network/networkd-route.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/network/networkd-lldp-tx.c b/src/network/networkd-lldp-tx.c -index 45a087b301..82a403fe21 100644 ---- a/src/network/networkd-lldp-tx.c -+++ b/src/network/networkd-lldp-tx.c -@@ -413,7 +413,7 @@ int link_lldp_emit_start(Link *link) { - void link_lldp_emit_stop(Link *link) { - assert(link); - -- link->lldp_emit_event_source = sd_event_source_unref(link->lldp_emit_event_source); -+ link->lldp_emit_event_source = sd_event_source_disable_unref(link->lldp_emit_event_source); - } - - int config_parse_lldp_mud( -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index b7852f6eec..791fd64c39 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -290,7 +290,7 @@ Route *route_free(Route *route) { - - ordered_set_free_with_destructor(route->multipath_routes, multipath_route_free); - -- sd_event_source_unref(route->expire); -+ sd_event_source_disable_unref(route->expire); - - return mfree(route); - } -@@ -1273,7 +1273,7 @@ static int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdat - } - - static int route_add_and_setup_timer_one(Link *link, const Route *route, const MultipathRoute *m, const NextHop *nh, uint8_t nh_weight, Route **ret) { -- _cleanup_(sd_event_source_unrefp) sd_event_source *expire = NULL; -+ _cleanup_(sd_event_source_disable_unrefp) sd_event_source *expire = NULL; - Route *nr; - int r; - -@@ -1311,7 +1311,7 @@ static int route_add_and_setup_timer_one(Link *link, const Route *route, const M - return log_link_error_errno(link, r, "Could not arm expiration timer: %m"); - } - -- sd_event_source_unref(nr->expire); -+ sd_event_source_disable_unref(nr->expire); - nr->expire = TAKE_PTR(expire); - - *ret = nr; --- -2.33.0 - diff --git a/backport-network-do-not-assume-the-highest-priority-when-Prio.patch b/backport-network-do-not-assume-the-highest-priority-when-Prio.patch deleted file mode 100644 index b7059d954a00ada50ba64a2de1167bf0af48b16e..0000000000000000000000000000000000000000 --- a/backport-network-do-not-assume-the-highest-priority-when-Prio.patch +++ /dev/null @@ -1,292 +0,0 @@ -From c5ff3ea39882609b307c4a9925d1c17413d17dfc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 17 Aug 2021 14:03:19 +0900 -Subject: [PATCH] network: do not assume the highest priority when Priority= is - unspecified - -Previously, when Priority= is unspecified, networkd configured the rule with -the highest (=0) priority. This commit makes networkd distinguish the case -the setting is unspecified and one explicitly specified as Priority=0. - -Note. -1) If the priority is unspecified on configure, then kernel dynamically picks - a priority for the rule. -2) The new behavior is consistent with 'ip rule' command. - -Replaces #15606. - -(cherry picked from commit c4f7a347566b8926382029593b4d9957fef2564c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c5ff3ea39882609b307c4a9925d1c17413d17dfc ---- - man/systemd.network.xml | 4 +- - src/network/networkd-routing-policy-rule.c | 120 +++++++++++++++++--- - src/network/networkd-routing-policy-rule.h | 1 + - test/test-network/systemd-networkd-tests.py | 2 +- - 4 files changed, 110 insertions(+), 17 deletions(-) - -diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index 3b7680eb8b..9de9816ced 100644 ---- a/man/systemd.network.xml -+++ b/man/systemd.network.xml -@@ -1238,7 +1238,9 @@ IPv6Token=prefixstable:2002:da8:1:: - Priority= - - Specifies the priority of this rule. Priority= is an unsigned -- integer. Higher number means lower priority, and rules get processed in order of increasing number. -+ integer in the range 0…4294967295. Higher number means lower priority, and rules get -+ processed in order of increasing number. Defaults to unset, and the kernel will pick -+ a value dynamically. - - - -diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c -index af7e8a973c..03ccbd8e85 100644 ---- a/src/network/networkd-routing-policy-rule.c -+++ b/src/network/networkd-routing-policy-rule.c -@@ -163,7 +163,9 @@ void routing_policy_rule_hash_func(const RoutingPolicyRule *rule, struct siphash - siphash24_compress(&rule->type, sizeof(rule->type), state); - siphash24_compress(&rule->fwmark, sizeof(rule->fwmark), state); - siphash24_compress(&rule->fwmask, sizeof(rule->fwmask), state); -- siphash24_compress(&rule->priority, sizeof(rule->priority), state); -+ siphash24_compress_boolean(rule->priority_set, state); -+ if (rule->priority_set) -+ siphash24_compress(&rule->priority, sizeof(rule->priority), state); - siphash24_compress(&rule->table, sizeof(rule->table), state); - siphash24_compress(&rule->suppress_prefixlen, sizeof(rule->suppress_prefixlen), state); - -@@ -229,10 +231,16 @@ int routing_policy_rule_compare_func(const RoutingPolicyRule *a, const RoutingPo - if (r != 0) - return r; - -- r = CMP(a->priority, b->priority); -+ r = CMP(a->priority_set, b->priority_set); - if (r != 0) - return r; - -+ if (a->priority_set) { -+ r = CMP(a->priority, b->priority); -+ if (r != 0) -+ return r; -+ } -+ - r = CMP(a->table, b->table); - if (r != 0) - return r; -@@ -293,8 +301,9 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( - routing_policy_rule_compare_func, - routing_policy_rule_free); - --static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, RoutingPolicyRule **ret) { -+static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, bool require_priority, RoutingPolicyRule **ret) { - RoutingPolicyRule *existing; -+ int r; - - assert(m); - -@@ -312,6 +321,23 @@ static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, Ro - return 0; - } - -+ if (!require_priority && rule->priority_set) { -+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL; -+ -+ r = routing_policy_rule_dup(rule, &tmp); -+ if (r < 0) -+ return r; -+ -+ tmp->priority_set = false; -+ -+ existing = set_get(m->rules, tmp); -+ if (existing) { -+ if (ret) -+ *ret = existing; -+ return 1; -+ } -+ } -+ - return -ENOENT; - } - -@@ -328,7 +354,7 @@ static int routing_policy_rule_add(Manager *m, const RoutingPolicyRule *in, Rout - if (r < 0) - return r; - -- r = routing_policy_rule_get(m, rule, &existing); -+ r = routing_policy_rule_get(m, rule, true, &existing); - if (r == -ENOENT) { - /* Rule does not exist, use a new one. */ - r = set_ensure_put(&m->rules, &routing_policy_rule_hash_ops, rule); -@@ -371,6 +397,32 @@ static int routing_policy_rule_consume_foreign(Manager *m, RoutingPolicyRule *ru - return 1; - } - -+static int routing_policy_rule_update_priority(RoutingPolicyRule *rule, uint32_t priority) { -+ int r; -+ -+ assert(rule); -+ assert(rule->manager); -+ -+ if (rule->priority_set) -+ return 0; -+ -+ if (!set_remove(rule->manager->rules, rule)) -+ return -ENOENT; -+ -+ rule->priority = priority; -+ rule->priority_set = true; -+ -+ r = set_put(rule->manager->rules, rule); -+ if (r <= 0) { -+ /* Undo */ -+ rule->priority_set = false; -+ assert_se(set_put(rule->manager->rules, rule) > 0); -+ return r == 0 ? -EEXIST : r; -+ } -+ -+ return 1; -+} -+ - static void log_routing_policy_rule_debug(const RoutingPolicyRule *rule, const char *str, const Link *link, const Manager *m) { - _cleanup_free_ char *from = NULL, *to = NULL, *table = NULL; - -@@ -422,9 +474,11 @@ static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule - return log_link_error_errno(link, r, "Could not set destination prefix length: %m"); - } - -- r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); -+ if (rule->priority_set) { -+ r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); -+ if (r < 0) -+ return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); -+ } - - if (rule->tos > 0) { - r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos); -@@ -662,6 +716,28 @@ int manager_drop_routing_policy_rules_internal(Manager *m, bool foreign, const L - continue; - } - -+ if (!foreign) { -+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL; -+ -+ /* The rule may be configured without priority. Try to find without priority. */ -+ -+ k = routing_policy_rule_dup(rule, &tmp); -+ if (k < 0) { -+ if (r >= 0) -+ r = k; -+ continue; -+ } -+ -+ tmp->priority_set = false; -+ -+ k = links_have_routing_policy_rule(m, tmp, except); -+ if (k != 0) { -+ if (k < 0 && r >= 0) -+ r = k; -+ continue; -+ } -+ } -+ - k = routing_policy_rule_remove(rule, m); - if (k < 0 && r >= 0) - r = k; -@@ -821,11 +897,11 @@ int request_process_routing_policy_rule(Request *req) { - } - - static const RoutingPolicyRule kernel_rules[] = { -- { .family = AF_INET, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET, .priority = 32767, .table = RT_TABLE_DEFAULT, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET6, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET6, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET, .priority_set = true, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET, .priority_set = true, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET, .priority_set = true, .priority = 32767, .table = RT_TABLE_DEFAULT, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET6, .priority_set = true, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET6, .priority_set = true, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, - }; - - static bool routing_policy_rule_is_created_by_kernel(const RoutingPolicyRule *rule) { -@@ -936,6 +1012,9 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man - log_warning_errno(r, "rtnl: could not get FRA_PRIORITY attribute, ignoring: %m"); - return 0; - } -+ /* The kernel does not send priority if priority is zero. So, the flag below must be always set -+ * even if the message does not contain FRA_PRIORITY. */ -+ tmp->priority_set = true; - - r = sd_netlink_message_read_u32(message, FRA_TABLE, &tmp->table); - if (r < 0 && r != -ENODATA) { -@@ -1027,13 +1106,16 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man - * protocol of the received rule is RTPROT_KERNEL or RTPROT_STATIC. */ - tmp->protocol = routing_policy_rule_is_created_by_kernel(tmp) ? RTPROT_KERNEL : RTPROT_STATIC; - -- (void) routing_policy_rule_get(m, tmp, &rule); -+ (void) routing_policy_rule_get(m, tmp, false, &rule); - - switch (type) { - case RTM_NEWRULE: -- if (rule) -+ if (rule) { - log_routing_policy_rule_debug(tmp, "Received remembered", NULL, m); -- else if (!m->manage_foreign_routes) -+ r = routing_policy_rule_update_priority(rule, tmp->priority); -+ if (r < 0) -+ log_warning_errno(r, "Failed to update priority of remembered routing policy rule, ignoring: %m"); -+ } else if (!m->manage_foreign_routes) - log_routing_policy_rule_debug(tmp, "Ignoring received foreign", NULL, m); - else { - log_routing_policy_rule_debug(tmp, "Remembering foreign", NULL, m); -@@ -1155,11 +1237,19 @@ int config_parse_routing_policy_rule_priority( - if (r < 0) - return log_oom(); - -+ if (isempty(rvalue)) { -+ n->priority = 0; -+ n->priority_set = false; -+ TAKE_PTR(n); -+ return 0; -+ } -+ - r = safe_atou32(rvalue, &n->priority); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse RPDB rule priority, ignoring: %s", rvalue); - return 0; - } -+ n->priority_set = true; - - TAKE_PTR(n); - return 0; -diff --git a/src/network/networkd-routing-policy-rule.h b/src/network/networkd-routing-policy-rule.h -index aed37b00d2..557048c3f4 100644 ---- a/src/network/networkd-routing-policy-rule.h -+++ b/src/network/networkd-routing-policy-rule.h -@@ -20,6 +20,7 @@ typedef struct RoutingPolicyRule { - NetworkConfigSection *section; - - bool invert_rule; -+ bool priority_set; - - uint8_t tos; - uint8_t type; -diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py -index 0eb2fdf87e..4a2af0c500 100755 ---- a/test/test-network/systemd-networkd-tests.py -+++ b/test/test-network/systemd-networkd-tests.py -@@ -3644,7 +3644,7 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities): - - output = check_output('ip rule list table 100') - print(output) -- self.assertIn('0: from all to 8.8.8.8 lookup 100', output) -+ self.assertIn('from all to 8.8.8.8 lookup 100', output) - - class NetworkdLLDPTests(unittest.TestCase, Utilities): - links = ['veth99'] --- -2.33.0 - diff --git a/backport-network-fix-configuring-of-CAN-devices.patch b/backport-network-fix-configuring-of-CAN-devices.patch deleted file mode 100644 index 0558913cd8035f2ccd2617837aacd668b2b642ba..0000000000000000000000000000000000000000 --- a/backport-network-fix-configuring-of-CAN-devices.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9bf50758426a3d8dd4b40e28c960e920d41444ba Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 12 Aug 2021 13:39:53 +0900 -Subject: [PATCH] network: fix configuring of CAN devices - -Fix a bug introduced by 7558f9e717381eef0ddc8ddfb5a754ea4b0f3e6c. - -Fixes #20428. - -(cherry picked from commit 1e8cce8f1e61e01db844d518b7051b6ce69867fd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9bf50758426a3d8dd4b40e28c960e920d41444ba ---- - src/network/networkd-setlink.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index 10c312c480..13c4cedd10 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -229,10 +229,14 @@ static int link_configure( - - log_link_debug(link, "Setting %s", set_link_operation_to_string(op)); - -- if (IN_SET(op, SET_LINK_BOND, SET_LINK_CAN)) { -+ if (op == SET_LINK_BOND) { - r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_NEWLINK, link->master_ifindex); - if (r < 0) - return log_link_debug_errno(link, r, "Could not allocate RTM_NEWLINK message: %m"); -+ } else if (op == SET_LINK_CAN) { -+ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_NEWLINK, link->ifindex); -+ if (r < 0) -+ return log_link_debug_errno(link, r, "Could not allocate RTM_NEWLINK message: %m"); - } else { - r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); - if (r < 0) --- -2.33.0 - diff --git a/backport-network-fix-handling-of-network-interface-renaming.patch b/backport-network-fix-handling-of-network-interface-renaming.patch deleted file mode 100644 index f7eddd03812c6a377565b320d0653c92b6cd01c5..0000000000000000000000000000000000000000 --- a/backport-network-fix-handling-of-network-interface-renaming.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 6ee3390c978dca7a590a4c16d4d620984e60fa96 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 10 Sep 2021 08:09:56 +0900 -Subject: [PATCH] network: fix handling of network interface renaming - -Fixes #20657. - -(cherry picked from commit 160203e974945ce520fe8f569458634ef898c61c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6ee3390c978dca7a590a4c16d4d620984e60fa96 ---- - src/network/networkd-link.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index d58b700050..20675f2306 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -1404,17 +1404,21 @@ static int link_initialized(Link *link, sd_device *device) { - assert(link); - assert(device); - -- if (link->state != LINK_STATE_PENDING) -- return 0; -+ /* Always replace with the new sd_device object. As the sysname (and possibly other properties -+ * or sysattrs) may be outdated. */ -+ sd_device_ref(device); -+ sd_device_unref(link->sd_device); -+ link->sd_device = device; - -- if (link->sd_device) -+ /* Do not ignore unamanaged state case here. If an interface is renamed after being once -+ * configured, and the corresponding .network file has Name= in [Match] section, then the -+ * interface may be already in unmanaged state. See #20657. */ -+ if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED)) - return 0; - - log_link_debug(link, "udev initialized link"); - link_set_state(link, LINK_STATE_INITIALIZED); - -- link->sd_device = sd_device_ref(device); -- - /* udev has initialized the link, but we don't know if we have yet - * processed the NEWLINK messages with the latest state. Do a GETLINK, - * when it returns we know that the pending NEWLINKs have already been --- -2.33.0 - diff --git a/backport-network-fix-logic-for-checking-gateway-address-is-re.patch b/backport-network-fix-logic-for-checking-gateway-address-is-re.patch deleted file mode 100644 index 3c5a1f66bc59265be81a91051cf836702b26448d..0000000000000000000000000000000000000000 --- a/backport-network-fix-logic-for-checking-gateway-address-is-re.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 2bd5bbbd39d5c825ed520e8282840b76b8f7fc79 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 21 Aug 2021 03:51:39 +0900 -Subject: [PATCH] network: fix logic for checking gateway address is ready - -This fixes the followings: -- The corresponding route or address to the gateway address must be in - the same link. -- IPv6 link local address is not necessary to be reachable. - -Fixes an issue reported in https://github.com/systemd/systemd/issues/8686#issuecomment-902562324. - -(cherry picked from commit 3333350a0e1917395d3654731ca985ea668bca9b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2bd5bbbd39d5c825ed520e8282840b76b8f7fc79 ---- - src/network/networkd-nexthop.c | 7 +--- - src/network/networkd-route.c | 72 ++++++++++++++++++++-------------- - src/network/networkd-route.h | 2 +- - 3 files changed, 44 insertions(+), 37 deletions(-) - -diff --git a/src/network/networkd-nexthop.c b/src/network/networkd-nexthop.c -index a52e5dcb16..c5cba88f46 100644 ---- a/src/network/networkd-nexthop.c -+++ b/src/network/networkd-nexthop.c -@@ -791,12 +791,7 @@ static bool nexthop_is_ready_to_configure(Link *link, const NextHop *nexthop) { - } - } - -- if (nexthop->onlink <= 0 && -- in_addr_is_set(nexthop->family, &nexthop->gw) && -- !manager_address_is_reachable(link->manager, nexthop->family, &nexthop->gw)) -- return false; -- -- return true; -+ return gateway_is_ready(link, nexthop->onlink, nexthop->family, &nexthop->gw); - } - - int request_process_nexthop(Request *req) { -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 068915616e..b7852f6eec 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -753,6 +753,8 @@ static bool prefix_route_address_is_reachable(const Address *a, int family, cons - - if (a->family != family) - return false; -+ if (!address_is_ready(a)) -+ return false; - if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE)) - return false; - if (in_addr_is_set(a->family, &a->in_addr_peer)) -@@ -766,37 +768,34 @@ static bool prefix_route_address_is_reachable(const Address *a, int family, cons - FAMILY_ADDRESS_SIZE(family) * 8) > 0; - } - --bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { -- Link *link; -+static bool link_address_is_reachable(Link *link, int family, const union in_addr_union *address) { -+ Route *route; - -- assert(manager); -+ assert(link); -+ assert(link->manager); - assert(IN_SET(family, AF_INET, AF_INET6)); - assert(address); - -- HASHMAP_FOREACH(link, manager->links_by_index) { -- Route *route; - -- SET_FOREACH(route, link->routes) -- if (route_address_is_reachable(route, family, address)) -- return true; -- SET_FOREACH(route, link->routes_foreign) -- if (route_address_is_reachable(route, family, address)) -- return true; -- } -+ SET_FOREACH(route, link->routes) -+ if (route_address_is_reachable(route, family, address)) -+ return true; -+ SET_FOREACH(route, link->routes_foreign) -+ if (route_address_is_reachable(route, family, address)) -+ return true; - - /* If we do not manage foreign routes, then there may exist a prefix route we do not know, - * which was created on configuring an address. Hence, also check the addresses. */ -- if (!manager->manage_foreign_routes) -- HASHMAP_FOREACH(link, manager->links_by_index) { -- Address *a; -- -- SET_FOREACH(a, link->addresses) -- if (prefix_route_address_is_reachable(a, family, address)) -- return true; -- SET_FOREACH(a, link->addresses_foreign) -- if (prefix_route_address_is_reachable(a, family, address)) -- return true; -- } -+ if (!link->manager->manage_foreign_routes) { -+ Address *a; -+ -+ SET_FOREACH(a, link->addresses) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ SET_FOREACH(a, link->addresses_foreign) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ } - - return false; - } -@@ -1692,6 +1691,22 @@ int link_request_static_routes(Link *link, bool only_ipv4) { - return 0; - } - -+bool gateway_is_ready(Link *link, int onlink, int family, const union in_addr_union *gw) { -+ assert(link); -+ assert(gw); -+ -+ if (onlink > 0) -+ return true; -+ -+ if (!in_addr_is_set(family, gw)) -+ return true; -+ -+ if (family == AF_INET6 && in6_addr_is_link_local(&gw->in6)) -+ return true; -+ -+ return link_address_is_reachable(link, family, gw); -+} -+ - static int route_is_ready_to_configure(const Route *route, Link *link) { - MultipathRoute *m; - NextHop *nh = NULL; -@@ -1735,19 +1750,13 @@ static int route_is_ready_to_configure(const Route *route, Link *link) { - return r; - } - -- if (route->gateway_onlink <= 0 && -- in_addr_is_set(route->gw_family, &route->gw) > 0 && -- !manager_address_is_reachable(link->manager, route->gw_family, &route->gw)) -+ if (!gateway_is_ready(link, route->gateway_onlink, route->gw_family, &route->gw)) - return false; - - ORDERED_SET_FOREACH(m, route->multipath_routes) { - union in_addr_union a = m->gateway.address; - Link *l = NULL; - -- if (route->gateway_onlink <= 0 && -- !manager_address_is_reachable(link->manager, m->gateway.family, &a)) -- return false; -- - if (m->ifname) { - if (link_get_by_name(link->manager, m->ifname, &l) < 0) - return false; -@@ -1759,6 +1768,9 @@ static int route_is_ready_to_configure(const Route *route, Link *link) { - } - if (l && !link_is_ready_to_configure(l, true)) - return false; -+ -+ if (!gateway_is_ready(l ?: link, route->gateway_onlink, m->gateway.family, &a)) -+ return false; - } - - return true; -diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h -index 2d262819ad..235a91f08d 100644 ---- a/src/network/networkd-route.h -+++ b/src/network/networkd-route.h -@@ -78,8 +78,8 @@ int route_configure_handler_internal(sd_netlink *rtnl, sd_netlink_message *m, Li - int route_remove(const Route *route, Manager *manager, Link *link); - - int link_has_route(Link *link, const Route *route); --bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address); - int manager_find_uplink(Manager *m, int family, Link *exclude, Link **ret); -+bool gateway_is_ready(Link *link, int onlink, int family, const union in_addr_union *gw); - - int link_drop_routes(Link *link); - int link_drop_foreign_routes(Link *link); --- -2.33.0 - diff --git a/backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch b/backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch deleted file mode 100644 index d40fbba9cab258719fdb23c53f46ef8606941ee0..0000000000000000000000000000000000000000 --- a/backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch +++ /dev/null @@ -1,32 +0,0 @@ -From fc88dc07544978b1bda9c192481a07d43d384f81 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 7 Sep 2021 21:46:50 +0900 -Subject: [PATCH] network: fix wrong flag: manage_foreign_routes -> - manage_foreign_rules - -Fixes a bug in d94dfe7053d49fa62c4bfc07b7f3fc2227c10aff. - -(cherry picked from commit 771a36439e955906290afc16a6fb3b10401892cf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fc88dc07544978b1bda9c192481a07d43d384f81 ---- - src/network/networkd-routing-policy-rule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c -index 03ccbd8e85..b7e0fd779d 100644 ---- a/src/network/networkd-routing-policy-rule.c -+++ b/src/network/networkd-routing-policy-rule.c -@@ -1115,7 +1115,7 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man - r = routing_policy_rule_update_priority(rule, tmp->priority); - if (r < 0) - log_warning_errno(r, "Failed to update priority of remembered routing policy rule, ignoring: %m"); -- } else if (!m->manage_foreign_routes) -+ } else if (!m->manage_foreign_rules) - log_routing_policy_rule_debug(tmp, "Ignoring received foreign", NULL, m); - else { - log_routing_policy_rule_debug(tmp, "Remembering foreign", NULL, m); --- -2.33.0 - diff --git a/backport-network-ignore-errors-on-setting-bridge-config.patch b/backport-network-ignore-errors-on-setting-bridge-config.patch deleted file mode 100644 index 33d26bd8a9e37ba344ff6c3f7e713f7f303284e4..0000000000000000000000000000000000000000 --- a/backport-network-ignore-errors-on-setting-bridge-config.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0c136b86d6c32445c6b503c87ba5fa348f34e22b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 13:53:21 +0900 -Subject: [PATCH] network: ignore errors on setting bridge config - -For some setups, kernel refuses to set bridge configs with -EOPNOTSUPP. -See kernel's rtnl_bridge_setlink() in net/core/rtnetlink.c. - -Fixes #20373. - -(cherry picked from commit 1171f3f030319155914c2bb90655f46653f88cbf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0c136b86d6c32445c6b503c87ba5fa348f34e22b ---- - src/network/networkd-setlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index fa1dd9b3ba..8130bb6bcc 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -124,7 +124,7 @@ static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Link * - } - - static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ true, NULL); - } - - static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { --- -2.33.0 - diff --git a/backport-network-ignore-errors-on-unsetting-master-ifindex.patch b/backport-network-ignore-errors-on-unsetting-master-ifindex.patch deleted file mode 100644 index 1090eca78bebd626c99b59fb38e40a7e59041e35..0000000000000000000000000000000000000000 --- a/backport-network-ignore-errors-on-unsetting-master-ifindex.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 090378dcb1de5ca66900503210e85d63075fa70a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 5 Aug 2021 00:10:52 +0900 -Subject: [PATCH] network: ignore errors on unsetting master ifindex - -Fixes #20241. - -(cherry picked from commit c347a98272bd1b81682c266b9720fad107b96ab0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/090378dcb1de5ca66900503210e85d63075fa70a ---- - src/network/networkd-setlink.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index 8130bb6bcc..10c312c480 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -95,9 +95,16 @@ static int set_link_handler_internal( - return 1; - - on_error: -- if (op == SET_LINK_FLAGS) { -+ switch (op) { -+ case SET_LINK_FLAGS: - assert(link->set_flags_messages > 0); - link->set_flags_messages--; -+ break; -+ case SET_LINK_MASTER: -+ link->master_set = true; -+ break; -+ default: -+ break; - } - - return 0; -@@ -183,6 +190,11 @@ static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link - return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ false, get_link_master_handler); - } - -+static int link_unset_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -+ /* Some devices do not support setting master ifindex. Let's ignore error on unsetting master ifindex. */ -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ true, get_link_master_handler); -+} -+ - static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - -@@ -745,10 +757,14 @@ int link_request_to_set_mac(Link *link, bool allow_retry) { - - int link_request_to_set_master(Link *link) { - assert(link); -+ assert(link->network); - - link->master_set = false; - -- return link_request_set_link(link, SET_LINK_MASTER, link_set_master_handler, NULL); -+ if (link->network->batadv || link->network->bond || link->network->bridge || link->network->vrf) -+ return link_request_set_link(link, SET_LINK_MASTER, link_set_master_handler, NULL); -+ else -+ return link_request_set_link(link, SET_LINK_MASTER, link_unset_master_handler, NULL); - } - - int link_request_to_set_mtu(Link *link, uint32_t mtu) { --- -2.33.0 - diff --git a/backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch b/backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch deleted file mode 100644 index 7dd72a957700388f9c56e8d51834fd2aed21bb42..0000000000000000000000000000000000000000 --- a/backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 133354a3b9fc7b88fb143f241cfc4565b943ae87 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alvin=20=C5=A0ipraga?= -Date: Tue, 31 Aug 2021 14:17:33 +0200 -Subject: [PATCH] network: print Ethernet Link-Layer DHCP client ID with - leading 0's - -This is a small cosmetic change. - -Before: - - Offered DHCP leases: 192.168.0.183 (to 0:9:a7:36:bc:89) - -After: - - Offered DHCP leases: 192.168.0.183 (to 00:09:a7:36:bc:89) - -(cherry picked from commit 8e664ab6ecc9c420d2151f14b36824aecc76d8ac) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/133354a3b9fc7b88fb143f241cfc4565b943ae87 ---- - src/libsystemd-network/sd-dhcp-client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index dc8ff19d1a..030b50cf2a 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -192,7 +192,7 @@ int sd_dhcp_client_id_to_string(const void *data, size_t len, char **ret) { - if (len != sizeof_field(sd_dhcp_client_id, eth)) - return -EINVAL; - -- r = asprintf(&t, "%x:%x:%x:%x:%x:%x", -+ r = asprintf(&t, "%02x:%02x:%02x:%02x:%02x:%02x", - client_id->eth.haddr[0], - client_id->eth.haddr[1], - client_id->eth.haddr[2], --- -2.33.0 - diff --git a/backport-network-route-fix-possible-overflow-in-conversion-us.patch b/backport-network-route-fix-possible-overflow-in-conversion-us.patch deleted file mode 100644 index ea7bb019f7f755527ff34274ed6b011f1539a63b..0000000000000000000000000000000000000000 --- a/backport-network-route-fix-possible-overflow-in-conversion-us.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7a9b38919302e98cebc2c6233fd09d0c07ae41dc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 15 Oct 2021 10:06:25 +0900 -Subject: [PATCH] network: route: fix possible overflow in conversion usec_t -> - uint32_t - -(cherry picked from commit ff43dddab7260c9220eaea2a545514772c0e581f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7a9b38919302e98cebc2c6233fd09d0c07ae41dc ---- - src/network/networkd-route.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 791fd64c39..eeba31c45d 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -1537,7 +1537,7 @@ static int route_configure( - - if (route->lifetime != USEC_INFINITY && kernel_route_expiration_supported()) { - r = sd_netlink_message_append_u32(req, RTA_EXPIRES, -- DIV_ROUND_UP(usec_sub_unsigned(route->lifetime, now(clock_boottime_or_monotonic())), USEC_PER_SEC)); -+ MIN(DIV_ROUND_UP(usec_sub_unsigned(route->lifetime, now(clock_boottime_or_monotonic())), USEC_PER_SEC), UINT32_MAX)); - if (r < 0) - return log_link_error_errno(link, r, "Could not append RTA_EXPIRES attribute: %m"); - } --- -2.33.0 - diff --git a/backport-network-use-address_equal-route_equal-to-compare-add.patch b/backport-network-use-address_equal-route_equal-to-compare-add.patch deleted file mode 100644 index 4232212ea1b3a3461c3703b034a7dd4e274f2bc2..0000000000000000000000000000000000000000 --- a/backport-network-use-address_equal-route_equal-to-compare-add.patch +++ /dev/null @@ -1,68 +0,0 @@ -From ea4d7828fe525201ffb98ff2a31fde8a12e0a4c4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 13:14:03 +0900 -Subject: [PATCH] network: use address_equal()/route_equal() to compare - addresses or routes configured by NDisc - -Fixes #20244. - -(cherry picked from commit 10e417b3eac03c1bcd0b5f3d5c24291ac644e164) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ea4d7828fe525201ffb98ff2a31fde8a12e0a4c4 ---- - src/network/networkd-address.c | 2 +- - src/network/networkd-route.c | 4 ++-- - src/network/networkd-route.h | 1 + - 3 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 35305aff99..6b2230b725 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -165,7 +165,7 @@ Address *address_free(Address *address) { - set_remove(address->link->dhcp6_pd_addresses, address); - set_remove(address->link->dhcp6_pd_addresses_old, address); - SET_FOREACH(n, address->link->ndisc_addresses) -- if (n->address == address) -+ if (address_equal(n->address, address)) - free(set_remove(address->link->ndisc_addresses, n)); - - if (address->family == AF_INET6 && -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 7b36b48141..77a93beca9 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -279,7 +279,7 @@ Route *route_free(Route *route) { - set_remove(route->link->dhcp6_pd_routes, route); - set_remove(route->link->dhcp6_pd_routes_old, route); - SET_FOREACH(n, route->link->ndisc_routes) -- if (n->route == route) -+ if (route_equal(n->route, route)) - free(set_remove(route->link->ndisc_routes, n)); - } - -@@ -435,7 +435,7 @@ DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( - route_compare_func, - route_free); - --static bool route_equal(const Route *r1, const Route *r2) { -+bool route_equal(const Route *r1, const Route *r2) { - if (r1 == r2) - return true; - -diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h -index fa0b3ba0fc..2d262819ad 100644 ---- a/src/network/networkd-route.h -+++ b/src/network/networkd-route.h -@@ -66,6 +66,7 @@ typedef struct Route { - - void route_hash_func(const Route *route, struct siphash *state); - int route_compare_func(const Route *a, const Route *b); -+bool route_equal(const Route *r1, const Route *r2); - extern const struct hash_ops route_hash_ops; - - int route_new(Route **ret); --- -2.33.0 - diff --git a/backport-network-use-monotonic-instead-of-boot-time-to-handle.patch b/backport-network-use-monotonic-instead-of-boot-time-to-handle.patch deleted file mode 100644 index 8c8e824c3af4c3651364ad8e23d7eabd75363386..0000000000000000000000000000000000000000 --- a/backport-network-use-monotonic-instead-of-boot-time-to-handle.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 171daf2dc084fab16c0696b139b1af3f0ab9d9f0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 6 Aug 2021 19:37:16 +0900 -Subject: [PATCH] network: use monotonic instead of boot time to handle address - creation/update timestamp - -Follow-up for 25db3aeaf32ba95bad5e765720ebc23c8ef77a99 and 899034ba8167bd16e802cfbea29a9ee85dee5be5. - -Fixes another issue in #20244. - -(cherry picked from commit 5865dc1493e5519549d24fef23a2ce5c812eca32) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/171daf2dc084fab16c0696b139b1af3f0ab9d9f0 ---- - src/network/networkd-ndisc.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c -index efc4707855..e3705bfed5 100644 ---- a/src/network/networkd-ndisc.c -+++ b/src/network/networkd-ndisc.c -@@ -765,7 +765,9 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r - assert(link); - assert(rt); - -- r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); -+ /* Do not use clock_boottime_or_monotonic() here, as the kernel internally manages cstamp and -+ * tstamp with jiffies, and it is not increased while the system is suspended. */ -+ r = sd_ndisc_router_get_timestamp(rt, CLOCK_MONOTONIC, &time_now); - if (r < 0) - return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); - --- -2.33.0 - diff --git a/backport-networkd-Include-linux-netdevice.h-header.patch b/backport-networkd-Include-linux-netdevice.h-header.patch deleted file mode 100644 index 4be2aeddbe0f92e644f2d5bda024d13d93973263..0000000000000000000000000000000000000000 --- a/backport-networkd-Include-linux-netdevice.h-header.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 898949f71513da918c4aa94a0681fbc6b868e00f Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 26 Jul 2021 10:58:46 -0700 -Subject: [PATCH] networkd: Include linux/netdevice.h header -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This header provides definitions for NET_NAME_UNKNOWN Ã¥nd NET_NAME_ENUM -Fixes build issue found with non-glibc systems - -../git/src/network/networkd-link.c:1203:52: error: 'NET_NAME_UNKNOWN' undeclared (first use in this function) - -Signed-off-by: Khem Raj -(cherry picked from commit 2a0d07d6a0d5be63c6c10cb0789412f584858ec1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/898949f71513da918c4aa94a0681fbc6b868e00f ---- - src/network/networkd-link.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index c1ab14ebec..9421ce1aa6 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - #include - #include - --- -2.33.0 - diff --git a/backport-nspawn-fix-type-to-pass-to-connect.patch b/backport-nspawn-fix-type-to-pass-to-connect.patch deleted file mode 100644 index a9f689ef0d6740f3e491ac9dd89458a4ec278410..0000000000000000000000000000000000000000 --- a/backport-nspawn-fix-type-to-pass-to-connect.patch +++ /dev/null @@ -1,34 +0,0 @@ -From caa0827ca920617dc54e62be1ff8422ad9ce2d3a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 1 Sep 2021 14:41:37 +0200 -Subject: [PATCH] nspawn: fix type to pass to connect() - -It expects a generic "struct sockaddr", not a "struct sockaddr_un". -Pass the right member of the union. - -Not sure why gcc/llvm never complained about this... - -(cherry picked from commit 32b9736a230d47b73babcc5cfa27d672bb721bd0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/caa0827ca920617dc54e62be1ff8422ad9ce2d3a ---- - src/nspawn/nspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 04685fecba..575b9da447 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -5354,7 +5354,7 @@ static int cant_be_in_netns(void) { - if (fd < 0) - return log_error_errno(errno, "Failed to allocate udev control socket: %m"); - -- if (connect(fd, &sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) { -+ if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) { - - if (errno == ENOENT || ERRNO_IS_DISCONNECT(errno)) - return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), --- -2.33.0 - diff --git a/backport-nspawn-guard-acl_free-with-a-NULL-check.patch b/backport-nspawn-guard-acl_free-with-a-NULL-check.patch deleted file mode 100644 index 585e12ec9761985b2166ac688673c52c426cdfea..0000000000000000000000000000000000000000 --- a/backport-nspawn-guard-acl_free-with-a-NULL-check.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 1d0921354ab975910c44ac0d646661323bca8717 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 6 Jan 2023 12:30:36 +0100 -Subject: [PATCH] nspawn: guard acl_free() with a NULL check - -Inspired by #25957 there's one other place where we don't guard -acl_free() calls with a NULL check. - -Fix that. - -(cherry picked from commit 34680637e838415204850f77c93ca6ca219abaf1) -(cherry picked from commit 4dabf90526d4573144a51bdd87c1203b25265b33) -(cherry picked from commit d8b4ac7a1783a29435cb3dfee3dfdee37c1b1ac8) -(cherry picked from commit 3a9fe8e7687ed3b2b563c6b2237d2b62a79f79e6) ---- - src/nspawn/nspawn-patch-uid.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/nspawn/nspawn-patch-uid.c b/src/nspawn/nspawn-patch-uid.c -index 785332e091..321caf066b 100644 ---- a/src/nspawn/nspawn-patch-uid.c -+++ b/src/nspawn/nspawn-patch-uid.c -@@ -189,7 +189,9 @@ static int patch_acls(int fd, const char *name, const struct stat *st, uid_t shi - - if (S_ISDIR(st->st_mode)) { - acl_free(acl); -- acl_free(shifted); -+ -+ if (shifted) -+ acl_free(shifted); - - acl = shifted = NULL; - --- -2.27.0 - diff --git a/backport-nss-drop-dummy-setup_logging-helpers.patch b/backport-nss-drop-dummy-setup_logging-helpers.patch deleted file mode 100644 index f2e296d686d71e46595d3f182ea51a1dfce964e8..0000000000000000000000000000000000000000 --- a/backport-nss-drop-dummy-setup_logging-helpers.patch +++ /dev/null @@ -1,61 +0,0 @@ -From da98ffd65aa29ee968a4f4379f5c8e06bf2d58f4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 11 Jan 2022 13:23:27 +0100 -Subject: [PATCH] nss: drop dummy setup_logging() helpers - -log_parse_environment() stopped being a macro in 9fdee66f2d9. -As reported by @bauen1 in https://github.com/systemd/systemd/issues/22020, -the comment was out of date. - -(cherry picked from commit 56a5f4969b96529c82ec8cc08db4fa8e9c61e7b9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/da98ffd65aa29ee968a4f4379f5c8e06bf2d58f4 ---- - src/nss-mymachines/nss-mymachines.c | 7 +------ - src/nss-systemd/nss-systemd.c | 7 +------ - 2 files changed, 2 insertions(+), 12 deletions(-) - -diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c -index 44715bb3e5..781fd48d72 100644 ---- a/src/nss-mymachines/nss-mymachines.c -+++ b/src/nss-mymachines/nss-mymachines.c -@@ -22,14 +22,9 @@ - #include "signal-util.h" - #include "string-util.h" - --static void setup_logging(void) { -- /* We need a dummy function because log_parse_environment is a macro. */ -- log_parse_environment(); --} -- - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, setup_logging) == 0); -+ assert_se(pthread_once(&once, log_parse_environment) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 36486b96e3..c6c00c40e6 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -116,14 +116,9 @@ static GetentData getsgent_data = { - .mutex = PTHREAD_MUTEX_INITIALIZER, - }; - --static void setup_logging(void) { -- /* We need a dummy function because log_parse_environment is a macro. */ -- log_parse_environment(); --} -- - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, setup_logging) == 0); -+ assert_se(pthread_once(&once, log_parse_environment) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ --- -2.33.0 - diff --git a/backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch b/backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch deleted file mode 100644 index a7007ab3a1122dce61ff73b5e5d022a6f2ec9996..0000000000000000000000000000000000000000 --- a/backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 05189e8c961c6b4ac8ef79c8911cb56965a5034f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 09:13:00 +0900 -Subject: [PATCH] nss-myhostname: do not apply non-zero offset to null pointer - -Fixes https://github.com/systemd/systemd/issues/21935#issuecomment-1003216503. - -(cherry picked from commit 92e9df9ca031b9b04487a46afd986ab3122183fd) -(cherry picked from commit a473bfb4332ad6b0a0894135c4de0f8cc324d378) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/05189e8c961c6b4ac8ef79c8911cb56965a5034f ---- - src/nss-myhostname/nss-myhostname.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c -index 3536c5fc83..67b1554d27 100644 ---- a/src/nss-myhostname/nss-myhostname.c -+++ b/src/nss-myhostname/nss-myhostname.c -@@ -39,10 +39,8 @@ enum nss_status _nss_myhostname_gethostbyname4_r( - const char *canonical = NULL; - int n_addresses = 0; - uint32_t local_address_ipv4; -- struct local_address *a; - size_t l, idx, ms; - char *r_name; -- unsigned n; - - PROTECT_ERRNO; - BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); -@@ -136,7 +134,9 @@ enum nss_status _nss_myhostname_gethostbyname4_r( - } - - /* Fourth, fill actual addresses in, but in backwards order */ -- for (a = addresses + n_addresses - 1, n = 0; (int) n < n_addresses; n++, a--) { -+ for (int i = n_addresses; i > 0; i--) { -+ struct local_address *a = addresses + i - 1; -+ - r_tuple = (struct gaih_addrtuple*) (buffer + idx); - r_tuple->next = r_tuple_prev; - r_tuple->name = r_name; --- -2.33.0 - diff --git a/backport-nss-only-read-logging-config-from-environment-variab.patch b/backport-nss-only-read-logging-config-from-environment-variab.patch deleted file mode 100644 index 45ed5e5cb194f10a5dc3f52c642ef2b4d54f140c..0000000000000000000000000000000000000000 --- a/backport-nss-only-read-logging-config-from-environment-variab.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 9e29d13926b62c10d931d287b30b7874872bfe39 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 11 Jan 2022 13:36:39 +0100 -Subject: [PATCH] nss: only read logging config from environment variables - -log_parse_environment() uses should_parse_proc_cmdline() to determine whether -it should parse settings from the kernel command line. But the checks that -should_parse_proc_cmdline() apply to the whole process, and we could get a positive -answer also when log_parse_environment() was called from one of the nss modules. -In case of nss-modules, we don't want to look at the kernel command line. - -log_parse_environment_variables() that only looks at the environment variables -is split out and used in the nss modules. - -Fixes #22020. - -(cherry picked from commit a7d15a24659770b0fa9f4cd26fc7bbb17765cbb7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9e29d13926b62c10d931d287b30b7874872bfe39 ---- - src/basic/log.c | 16 ++++++++++------ - src/basic/log.h | 1 + - src/nss-mymachines/nss-mymachines.c | 2 +- - src/nss-resolve/nss-resolve.c | 2 +- - src/nss-systemd/nss-systemd.c | 2 +- - 5 files changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/basic/log.c b/src/basic/log.c -index fb183ea9e7..1d68b49963 100644 ---- a/src/basic/log.c -+++ b/src/basic/log.c -@@ -1189,14 +1189,9 @@ static bool should_parse_proc_cmdline(void) { - return getpid_cached() == p; - } - --void log_parse_environment(void) { -+void log_parse_environment_variables(void) { - const char *e; - -- /* Do not call from library code. */ -- -- if (should_parse_proc_cmdline()) -- (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); -- - e = getenv("SYSTEMD_LOG_TARGET"); - if (e && log_set_target_from_string(e) < 0) - log_warning("Failed to parse log target '%s'. Ignoring.", e); -@@ -1222,6 +1217,15 @@ void log_parse_environment(void) { - log_warning("Failed to parse log tid '%s'. Ignoring.", e); - } - -+void log_parse_environment(void) { -+ /* Do not call from library code. */ -+ -+ if (should_parse_proc_cmdline()) -+ (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); -+ -+ log_parse_environment_variables(); -+} -+ - LogTarget log_get_target(void) { - return log_target; - } -diff --git a/src/basic/log.h b/src/basic/log.h -index 8bfae8e0e5..3dbd01a75d 100644 ---- a/src/basic/log.h -+++ b/src/basic/log.h -@@ -69,6 +69,7 @@ int log_open(void); - void log_close(void); - void log_forget_fds(void); - -+void log_parse_environment_variables(void); - void log_parse_environment(void); - - int log_dispatch_internal( -diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c -index 781fd48d72..c64e79bdff 100644 ---- a/src/nss-mymachines/nss-mymachines.c -+++ b/src/nss-mymachines/nss-mymachines.c -@@ -24,7 +24,7 @@ - - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, log_parse_environment) == 0); -+ assert_se(pthread_once(&once, log_parse_environment_variables) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ -diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c -index 4f54973202..dd2e5206e2 100644 ---- a/src/nss-resolve/nss-resolve.c -+++ b/src/nss-resolve/nss-resolve.c -@@ -22,7 +22,7 @@ - static JsonDispatchFlags json_dispatch_flags = 0; - - static void setup_logging(void) { -- log_parse_environment(); -+ log_parse_environment_variables(); - - if (DEBUG_LOGGING) - json_dispatch_flags = JSON_LOG; -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index c6c00c40e6..e87f1d31b3 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -118,7 +118,7 @@ static GetentData getsgent_data = { - - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, log_parse_environment) == 0); -+ assert_se(pthread_once(&once, log_parse_environment_variables) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ --- -2.33.0 - diff --git a/backport-nss-systemd-ensure-returned-strings-point-into-provi.patch b/backport-nss-systemd-ensure-returned-strings-point-into-provi.patch deleted file mode 100644 index 4165a9c152179dbac7cd758e46828c23b21f6885..0000000000000000000000000000000000000000 --- a/backport-nss-systemd-ensure-returned-strings-point-into-provi.patch +++ /dev/null @@ -1,350 +0,0 @@ -From 055ba736e12255cf79acc81aac382344129d03c5 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro -Date: Wed, 8 Sep 2021 16:51:16 -0500 -Subject: [PATCH] nss-systemd: ensure returned strings point into provided - buffer - -Jamie Bainbridge found an issue where glib's g_get_user_database_entry() -may crash after doing: - -``` -error = getpwnam_r (logname, &pwd, buffer, bufsize, &pw); -// ... -pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]); -``` - -in order to uppercase the first letter of the user's real name. This is -a glib bug, because there is a different codepath that gets the pwd from -vanilla getpwnam instead of getpwnam_r as shown here. When the pwd -struct is returned by getpwnam, its fields point to static data owned by -glibc/NSS, and so it must not be modified by the caller. After much -debugging, Jamie Bainbridge has fixed this in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 -by making a copy of the data before modifying it, and that resolves all -problems for glib. Yay! - -However, glib is crashing even when getpwnam_r is used instead of -getpwnam! According to getpwnam_r(3), the strings in the pwd struct are -supposed to be pointers into the buffer passed by the caller, so glib -should be able to safely edit it directly in this case, so long as it -doesn't try to increase the size of any of the strings. - -Problem is various functions throughout nss-systemd.c return synthesized -records declared at the top of the file. These records are returned -directly and so contain pointers to static strings owned by -libsystemd-nss. systemd must instead copy all the strings into the -provided buffer. - -This crash is reproducible if nss-systemd is listed first on the passwd -line in /etc/nsswitch.conf, and the application looks up one of the -synthesized user accounts "root" or "nobody", and finally the -application attempts to edit one of the strings in the returned struct. -All our synthesized records for the other struct types have the same -problem, so this commit fixes them all at once. - -Fixes #20679 - -(cherry picked from commit 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/055ba736e12255cf79acc81aac382344129d03c5 ---- - src/nss-systemd/nss-systemd.c | 204 ++++++++++++++++++++++++++++------ - 1 file changed, 168 insertions(+), 36 deletions(-) - -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 1b0866109a..1840a0d508 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -2,6 +2,7 @@ - - #include - #include -+#include - - #include "env-util.h" - #include "errno-util.h" -@@ -139,6 +140,155 @@ NSS_GRENT_PROTOTYPES(systemd); - NSS_SGENT_PROTOTYPES(systemd); - NSS_INITGROUPS_PROTOTYPE(systemd); - -+/* Since our NSS functions implement reentrant glibc APIs, we have to guarantee -+ * all the string pointers we return point into the buffer provided by the -+ * caller, not into our own static memory. */ -+ -+static enum nss_status copy_synthesized_passwd( -+ struct passwd *dest, -+ const struct passwd *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->pw_name); -+ assert(src->pw_passwd); -+ assert(src->pw_gecos); -+ assert(src->pw_dir); -+ assert(src->pw_shell); -+ -+ required = strlen(src->pw_name) + 1; -+ required += strlen(src->pw_passwd) + 1; -+ required += strlen(src->pw_gecos) + 1; -+ required += strlen(src->pw_dir) + 1; -+ required += strlen(src->pw_shell) + 1; -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->pw_name = buffer; -+ dest->pw_passwd = stpcpy(dest->pw_name, src->pw_name) + 1; -+ dest->pw_gecos = stpcpy(dest->pw_passwd, src->pw_passwd) + 1; -+ dest->pw_dir = stpcpy(dest->pw_gecos, src->pw_gecos) + 1; -+ dest->pw_shell = stpcpy(dest->pw_dir, src->pw_dir) + 1; -+ strcpy(dest->pw_shell, src->pw_shell); -+ -+ return NSS_STATUS_SUCCESS; -+} -+ -+static enum nss_status copy_synthesized_spwd( -+ struct spwd *dest, -+ const struct spwd *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->sp_namp); -+ assert(src->sp_pwdp); -+ -+ required = strlen(src->sp_namp) + 1; -+ required += strlen(src->sp_pwdp) + 1; -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->sp_namp = buffer; -+ dest->sp_pwdp = stpcpy(dest->sp_namp, src->sp_namp) + 1; -+ strcpy(dest->sp_pwdp, src->sp_pwdp); -+ -+ return NSS_STATUS_SUCCESS; -+} -+ -+static enum nss_status copy_synthesized_group( -+ struct group *dest, -+ const struct group *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->gr_name); -+ assert(src->gr_passwd); -+ assert(src->gr_mem); -+ assert(!*src->gr_mem); /* Our synthesized records' gr_mem is always just NULL... */ -+ -+ required = strlen(src->gr_name) + 1; -+ required += strlen(src->gr_passwd) + 1; -+ required += 1; /* ...but that NULL still needs to be stored into the buffer! */ -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->gr_name = buffer; -+ dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; -+ dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; -+ *dest->gr_mem = NULL; -+ -+ return NSS_STATUS_SUCCESS; -+} -+ -+static enum nss_status copy_synthesized_sgrp( -+ struct sgrp *dest, -+ const struct sgrp *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->sg_namp); -+ assert(src->sg_passwd); -+ -+ required = strlen(src->sg_namp) + 1; -+ required += strlen(src->sg_passwd) + 1; -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->sg_namp = buffer; -+ dest->sg_passwd = stpcpy(dest->sg_namp, src->sg_namp) + 1; -+ strcpy(dest->sg_passwd, src->sg_passwd); -+ -+ return NSS_STATUS_SUCCESS; -+} -+ - enum nss_status _nss_systemd_getpwnam_r( - const char *name, - struct passwd *pwd, -@@ -164,17 +314,14 @@ enum nss_status _nss_systemd_getpwnam_r( - /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_passwd.pw_name)) { -- *pwd = root_passwd; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_passwd.pw_name)) -+ return copy_synthesized_passwd(pwd, &root_passwd, buffer, buflen, errnop); - - if (streq(name, nobody_passwd.pw_name)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *pwd = nobody_passwd; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_passwd(pwd, &nobody_passwd, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_passwd.pw_name, nobody_passwd.pw_name)) -@@ -211,17 +358,14 @@ enum nss_status _nss_systemd_getpwuid_r( - /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (uid == root_passwd.pw_uid) { -- *pwd = root_passwd; -- return NSS_STATUS_SUCCESS; -- } -+ if (uid == root_passwd.pw_uid) -+ return copy_synthesized_passwd(pwd, &root_passwd, buffer, buflen, errnop); - - if (uid == nobody_passwd.pw_uid) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *pwd = nobody_passwd; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_passwd(pwd, &nobody_passwd, buffer, buflen, errnop); - } - - } else if (uid == root_passwd.pw_uid || uid == nobody_passwd.pw_uid) -@@ -259,17 +403,14 @@ enum nss_status _nss_systemd_getspnam_r( - /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_spwd.sp_namp)) { -- *spwd = root_spwd; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_spwd.sp_namp)) -+ return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop); - - if (streq(name, nobody_spwd.sp_namp)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *spwd = nobody_spwd; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_spwd(spwd, &nobody_spwd, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_spwd.sp_namp, nobody_spwd.sp_namp)) -@@ -309,17 +450,14 @@ enum nss_status _nss_systemd_getgrnam_r( - /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_group.gr_name)) { -- *gr = root_group; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_group.gr_name)) -+ return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); - - if (streq(name, nobody_group.gr_name)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *gr = nobody_group; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_group(gr, &nobody_group, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_group.gr_name, nobody_group.gr_name)) -@@ -356,17 +494,14 @@ enum nss_status _nss_systemd_getgrgid_r( - /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (gid == root_group.gr_gid) { -- *gr = root_group; -- return NSS_STATUS_SUCCESS; -- } -+ if (gid == root_group.gr_gid) -+ return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); - - if (gid == nobody_group.gr_gid) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *gr = nobody_group; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_group(gr, &nobody_group, buffer, buflen, errnop); - } - - } else if (gid == root_group.gr_gid || gid == nobody_group.gr_gid) -@@ -404,17 +539,14 @@ enum nss_status _nss_systemd_getsgnam_r( - /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_sgrp.sg_namp)) { -- *sgrp = root_sgrp; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_sgrp.sg_namp)) -+ return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop); - - if (streq(name, nobody_sgrp.sg_namp)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *sgrp = nobody_sgrp; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_sgrp(sgrp, &nobody_sgrp, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_sgrp.sg_namp, nobody_sgrp.sg_namp)) --- -2.33.0 - diff --git a/backport-nss-systemd-fix-alignment-of-gr_mem.patch b/backport-nss-systemd-fix-alignment-of-gr_mem.patch deleted file mode 100644 index fca306bb81359ad65caea009d0d95fdcf3903f2f..0000000000000000000000000000000000000000 --- a/backport-nss-systemd-fix-alignment-of-gr_mem.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 649e83bb995eb067cce3e70f50e5d3ab54c9d47d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 06:59:42 +0900 -Subject: [PATCH] nss-systemd: fix alignment of gr_mem - -Follow-up for 1e65eb8f9b7d567462030b2e625998d77677e636. - -Fixes #21935. - -(cherry picked from commit 420a35c1fadfb4d67be6316436233d98b5688de5) -(cherry picked from commit 9c8bc0451ab2393f3b9b689e46e1b05e9f6dad35) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/649e83bb995eb067cce3e70f50e5d3ab54c9d47d ---- - src/nss-systemd/nss-systemd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 7aea3652c4..36486b96e3 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -238,7 +238,7 @@ static enum nss_status copy_synthesized_group( - required += strlen(src->gr_passwd) + 1; - required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ - -- if (buflen < required) { -+ if (buflen < ALIGN(required)) { - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } -@@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( - /* String fields point into the user-provided buffer */ - dest->gr_name = buffer; - dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; -- dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; -+ dest->gr_mem = ALIGN_PTR(stpcpy(dest->gr_passwd, src->gr_passwd) + 1); - *dest->gr_mem = NULL; - - return NSS_STATUS_SUCCESS; --- -2.33.0 - diff --git a/backport-nss-systemd-fix-required-buffer-size-calculation.patch b/backport-nss-systemd-fix-required-buffer-size-calculation.patch deleted file mode 100644 index fa0220ffcf1db0499358ad97ee977b2100630501..0000000000000000000000000000000000000000 --- a/backport-nss-systemd-fix-required-buffer-size-calculation.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5f78618a44a21197e727cd1c62da5aa8bf7e0610 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 00:31:51 +0900 -Subject: [PATCH] nss-systemd: fix required buffer size calculation - -This also fixes the pointer assigned to the gr_mem element of struct group. - -Fixes a bug introduced by 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534. - -Fixes #21935. - -(cherry picked from commit 1e65eb8f9b7d567462030b2e625998d77677e636) -(cherry picked from commit 17227e81ab8a9bdfac679d450ed35434435a6ff8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f78618a44a21197e727cd1c62da5aa8bf7e0610 ---- - src/nss-systemd/nss-systemd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 1840a0d508..7aea3652c4 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -236,7 +236,7 @@ static enum nss_status copy_synthesized_group( - - required = strlen(src->gr_name) + 1; - required += strlen(src->gr_passwd) + 1; -- required += 1; /* ...but that NULL still needs to be stored into the buffer! */ -+ required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ - - if (buflen < required) { - *errnop = ERANGE; -@@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( - /* String fields point into the user-provided buffer */ - dest->gr_name = buffer; - dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; -- dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; -+ dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; - *dest->gr_mem = NULL; - - return NSS_STATUS_SUCCESS; --- -2.33.0 - diff --git a/backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch b/backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch deleted file mode 100644 index ebee8776d2f01d5df3c6f4feb275c42c8f171232..0000000000000000000000000000000000000000 --- a/backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 84313bc5a262e87f49d176db169e1562d7060b33 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro -Date: Wed, 8 Sep 2021 13:42:16 -0500 -Subject: [PATCH] nss-systemd: pack pw_passwd result into supplied buffer - -getpwnam_r() guarantees that the strings in the struct passwd that it -returns are pointers into the buffer allocated by the application and -passed to getpwnam_r(). This means applications may choose to modify the -strings in place, as long as the length of the strings is not increased. -So it's wrong for us to return a static string here, we really do have -to copy it into the application-provided buffer like we do for all the -other strings. - -This is only a theoretical problem since it would be very weird for an -application to modify the pw_passwd field, but I spotted this when -investigating a similar crash caused by glib editing a different field. -See also: - -https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 -(cherry picked from commit 92b264676ccd79c89da270aabc1ec466fa18cd0d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84313bc5a262e87f49d176db169e1562d7060b33 ---- - src/nss-systemd/userdb-glue.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c -index a55790f641..c865ff0d82 100644 ---- a/src/nss-systemd/userdb-glue.c -+++ b/src/nss-systemd/userdb-glue.c -@@ -35,6 +35,8 @@ int nss_pack_user_record( - assert(hr->user_name); - required = strlen(hr->user_name) + 1; - -+ required += 2; /* strlen(PASSWORD_SEE_SHADOW) + 1 */ -+ - assert_se(rn = user_record_real_name(hr)); - required += strlen(rn) + 1; - -@@ -51,12 +53,12 @@ int nss_pack_user_record( - .pw_name = buffer, - .pw_uid = hr->uid, - .pw_gid = user_record_gid(hr), -- .pw_passwd = (char*) PASSWORD_SEE_SHADOW, - }; - - assert(buffer); - -- pwd->pw_gecos = stpcpy(pwd->pw_name, hr->user_name) + 1; -+ pwd->pw_passwd = stpcpy(pwd->pw_name, hr->user_name) + 1; -+ pwd->pw_gecos = stpcpy(pwd->pw_passwd, PASSWORD_SEE_SHADOW) + 1; - pwd->pw_dir = stpcpy(pwd->pw_gecos, rn) + 1; - pwd->pw_shell = stpcpy(pwd->pw_dir, hd) + 1; - strcpy(pwd->pw_shell, shell); --- -2.33.0 - diff --git a/backport-oomd-fix-race-with-path-unavailability-when-killing-.patch b/backport-oomd-fix-race-with-path-unavailability-when-killing-.patch deleted file mode 100644 index 095f7e7e109b67e21572348d9a91e7607531ccd3..0000000000000000000000000000000000000000 --- a/backport-oomd-fix-race-with-path-unavailability-when-killing-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 1656ad6fd17e5be6504785bf94495437bcf453cb Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Wed, 19 Jan 2022 10:40:46 -0800 -Subject: [PATCH] oomd: fix race with path unavailability when killing cgroups - -There can be a situation where systemd-oomd would kill all of the processes -in a cgroup, pid1 would clean up that cgroup, and systemd-oomd would get -ENODEV trying to iterate the cgroup a final time to ensure it was empty. -systemd-oomd sees this as an error and immediately picks a new candidate even -though pressure may have recovered. To counter this, check and handle -path unavailability errnos specially. - -Fixes: #22030 -(cherry picked from commit 2ee209466bb51f39ae9df7fec4d5594ce8cfa3f0) -(cherry picked from commit 0456e3aaaae7c21a037f4d3c758463c3ba4d167c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1656ad6fd17e5be6504785bf94495437bcf453cb ---- - src/oom/oomd-util.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c -index b2a48acb1f..503ede9a9f 100644 ---- a/src/oom/oomd-util.c -+++ b/src/oom/oomd-util.c -@@ -196,7 +196,14 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { - r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); - else - r = cg_kill(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); -- if (r < 0) -+ -+ /* The cgroup could have been cleaned up after we have sent SIGKILL to all of the processes, but before -+ * we could do one last iteration of cgroup.procs to check. Or the service unit could have exited and -+ * was removed between picking candidates and coming into this function. In either case, let's log -+ * about it let the caller decide what to do once they know how many PIDs were killed. */ -+ if (IN_SET(r, -ENOENT, -ENODEV)) -+ log_debug_errno(r, "Error when sending SIGKILL to processes in cgroup path %s, ignoring: %m", path); -+ else if (r < 0) - return r; - - r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); --- -2.33.0 - diff --git a/backport-oomd-handle-situations-when-no-cgroups-are-killed.patch b/backport-oomd-handle-situations-when-no-cgroups-are-killed.patch deleted file mode 100644 index e8064128a93c0d06926910bc43fa54e576ba02ff..0000000000000000000000000000000000000000 --- a/backport-oomd-handle-situations-when-no-cgroups-are-killed.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 07b5c382361a310b3ec1fa6ccfcfc99fb4fc1ee0 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Wed, 19 Jan 2022 13:26:01 -0800 -Subject: [PATCH] oomd: handle situations when no cgroups are killed - -Currently if systemd-oomd doesn't kill anything in a selected cgroup, it -selects a new candidate immediately. But if a selected cgroup wasn't killed, -it is likely due to it disappearing or getting cleaned up between the time -it was selected as a candidate and getting sent SIGKILL(s). We should handle -it as though systemd-oomd did perform a kill so that it will check -swap/pressure again before it tries to select a new candidate. - -(cherry picked from commit 914d4e99f43761f1ce77b520850cf096aa5196cd) -(cherry picked from commit c4d89cd602b94ab3baac746395c797ec4da43679) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/07b5c382361a310b3ec1fa6ccfcfc99fb4fc1ee0 ---- - src/oom/oomd-manager.c | 10 +++++++--- - src/oom/oomd-util.c | 11 +++++------ - 2 files changed, 12 insertions(+), 9 deletions(-) - -diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c -index 9cae0c9c8a..727206d0b3 100644 ---- a/src/oom/oomd-manager.c -+++ b/src/oom/oomd-manager.c -@@ -364,7 +364,7 @@ static int monitor_swap_contexts_handler(sd_event_source *s, uint64_t usec, void - if (r < 0) - log_notice_errno(r, "Failed to kill any cgroup(s) based on swap: %m"); - else { -- if (selected) -+ if (selected && r > 0) - log_notice("Killed %s due to memory used (%"PRIu64") / total (%"PRIu64") and " - "swap used (%"PRIu64") / total (%"PRIu64") being more than " - PERMYRIAD_AS_PERCENT_FORMAT_STR, -@@ -475,9 +475,13 @@ static int monitor_memory_pressure_contexts_handler(sd_event_source *s, uint64_t - if (r < 0) - log_notice_errno(r, "Failed to kill any cgroup(s) under %s based on pressure: %m", t->path); - else { -- /* Don't act on all the high pressure cgroups at once; return as soon as we kill one */ -+ /* Don't act on all the high pressure cgroups at once; return as soon as we kill one. -+ * If r == 0 then it means there were not eligible candidates, the candidate cgroup -+ * disappeared, or the candidate cgroup has no processes by the time we tried to kill -+ * it. In either case, go through the event loop again and select a new candidate if -+ * pressure is still high. */ - m->mem_pressure_post_action_delay_start = usec_now; -- if (selected) -+ if (selected && r > 0) - log_notice("Killed %s due to memory pressure for %s being %lu.%02lu%% > %lu.%02lu%%" - " for > %s with reclaim activity", - selected, t->path, -diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c -index 503ede9a9f..5867d2946c 100644 ---- a/src/oom/oomd-util.c -+++ b/src/oom/oomd-util.c -@@ -206,6 +206,9 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { - else if (r < 0) - return r; - -+ if (set_isempty(pids_killed)) -+ log_debug("Nothing killed when attempting to kill %s", path); -+ - r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); - if (r < 0) - log_debug_errno(r, "Failed to set user.oomd_kill on kill: %m"); -@@ -231,8 +234,6 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char - continue; - - r = oomd_cgroup_kill(sorted[i]->path, true, dry_run); -- if (r == 0) -- continue; /* We didn't find anything to kill */ - if (r == -ENOMEM) - return r; /* Treat oom as a hard error */ - if (r < 0) { -@@ -245,7 +246,7 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char - if (!selected) - return -ENOMEM; - *ret_selected = selected; -- return 1; -+ return r; - } - - return ret; -@@ -271,8 +272,6 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, - continue; - - r = oomd_cgroup_kill(sorted[i]->path, true, dry_run); -- if (r == 0) -- continue; /* We didn't find anything to kill */ - if (r == -ENOMEM) - return r; /* Treat oom as a hard error */ - if (r < 0) { -@@ -285,7 +284,7 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, - if (!selected) - return -ENOMEM; - *ret_selected = selected; -- return 1; -+ return r; - } - - return ret; --- -2.33.0 - diff --git a/backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch b/backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch deleted file mode 100644 index 33be9f8a281cee3e9137434b1603d9595b2b0097..0000000000000000000000000000000000000000 --- a/backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0b982442694ff69e873349459b83b421abc60d52 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 15:03:44 +0200 -Subject: [PATCH] openssl-util: use EVP API to get RSA bits - -(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0b982442694ff69e873349459b83b421abc60d52 ---- - src/shared/openssl-util.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c -index bb47ae5e87..bd728e6c7c 100644 ---- a/src/shared/openssl-util.c -+++ b/src/shared/openssl-util.c -@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size( - size_t *ret_suitable_key_size) { - - size_t suitable_key_size; -- const RSA *rsa; - int bits; - - assert_se(pkey); -@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size( - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) - return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key."); - -- rsa = EVP_PKEY_get0_RSA(pkey); -- if (!rsa) -- return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate."); -- -- bits = RSA_bits(rsa); -+ bits = EVP_PKEY_bits(pkey); - log_debug("Bits in RSA key: %i", bits); - - /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only --- -2.33.0 - diff --git a/backport-packit-build-on-and-use-Fedora-35-spec-file.patch b/backport-packit-build-on-and-use-Fedora-35-spec-file.patch deleted file mode 100644 index 2ecdaab26ef7e1866d8f46d235a1f563ea937f15..0000000000000000000000000000000000000000 --- a/backport-packit-build-on-and-use-Fedora-35-spec-file.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 4d2e39342352fce3969064e58e366753e7002f46 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 15 Feb 2022 01:21:01 +0000 -Subject: [PATCH] packit: build on and use Fedora 35 spec file - -It's targeted to the v249 branch, while the rawhide one follows -the newest upstream release, and the command line options are not -compatible - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4d2e39342352fce3969064e58e366753e7002f46 ---- - .packit.yml | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index ee47f8954e..fb2cb5a7c3 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -16,8 +16,8 @@ upstream_tag_template: "v{version}" - - actions: - post-upstream-clone: -- # Use the Fedora Rawhide specfile -- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" -+ # Use the Fedora 35 specfile -+ - "git clone --branch f35 https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" - # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - - "rm -fv .packit_rpm/sources" - # Drop backported patches from the specfile, but keep the downstream-only ones -@@ -31,14 +31,12 @@ actions: - # [0] https://github.com/mesonbuild/meson/issues/7360 - # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' -- # cryptolib is supported from v250 and newer, remove it -- - 'sed -i "/-Dcryptolib=openssl/d" .packit_rpm/systemd.spec' - - jobs: - - job: copr_build - trigger: pull_request - metadata: - targets: -- - fedora-rawhide-aarch64 -- - fedora-rawhide-i386 -- - fedora-rawhide-x86_64 -+ - fedora-35-aarch64 -+ - fedora-35-i386 -+ - fedora-35-x86_64 --- -2.33.0 - diff --git a/backport-packit-drop-unnumbered-patches-as-well.patch b/backport-packit-drop-unnumbered-patches-as-well.patch deleted file mode 100644 index e353d65ea699db90093707c2ca2a9f01c8841472..0000000000000000000000000000000000000000 --- a/backport-packit-drop-unnumbered-patches-as-well.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d566e288f2fb1935261d36c0c35effc4489da5e6 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 17 Feb 2022 14:02:04 +0100 -Subject: [PATCH] packit: drop unnumbered patches as well - -(cherry picked from commit 729c6b6af8e3cef259b80746f7f7f10cc63d309f) -(cherry picked from commit 477b85f43871c78fce053ebbd9592bf71d49dd30) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d566e288f2fb1935261d36c0c35effc4489da5e6 ---- - .packit.yml | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index fb2cb5a7c3..3a47c6a6a1 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -21,9 +21,9 @@ actions: - # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - - "rm -fv .packit_rpm/sources" - # Drop backported patches from the specfile, but keep the downstream-only ones -- # - Patch0000-0499: backported patches from upstream -+ # - Patch(0000-0499): backported patches from upstream - # - Patch0500-9999: downstream-only patches -- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" -+ - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" - # Build the RPM with --werror. Even though --werror doesn't work in all - # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the - # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). --- -2.33.0 - diff --git a/backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch b/backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch deleted file mode 100644 index 3d0099a6fbfb4e8117155eb598e8c450daa7cd28..0000000000000000000000000000000000000000 --- a/backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8815d340e508f0456bb56e9858c6cea3390a6143 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 15 Feb 2022 01:21:01 +0000 -Subject: [PATCH] packit: remove unsupported -Dcryptolib=openssl option - -Introduced later, so it breaks the build on v249-stable - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8815d340e508f0456bb56e9858c6cea3390a6143 ---- - .packit.yml | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/.packit.yml b/.packit.yml -index 4545e30e08..ee47f8954e 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -31,6 +31,8 @@ actions: - # [0] https://github.com/mesonbuild/meson/issues/7360 - # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' -+ # cryptolib is supported from v250 and newer, remove it -+ - 'sed -i "/-Dcryptolib=openssl/d" .packit_rpm/systemd.spec' - - jobs: - - job: copr_build --- -2.33.0 - diff --git a/backport-path-util-make-find_executable-work-without-proc-mou.patch b/backport-path-util-make-find_executable-work-without-proc-mou.patch deleted file mode 100644 index 94a4d0aec71cb11dfbc59b7512e9e62c0284b013..0000000000000000000000000000000000000000 --- a/backport-path-util-make-find_executable-work-without-proc-mou.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 727d0b55f46468d6171f4a326bd3139bab3c93ab Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 23 Aug 2021 06:16:48 +0900 -Subject: [PATCH] path-util: make find_executable() work without /proc mounted - -Follow-up for 888f65ace6296ed61285d31db846babf1c11885e. - -Hopefully fixes #20514. - -(cherry picked from commit 93413acd3ef3a637a0f31a1d133b103e1dc81fd6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/727d0b55f46468d6171f4a326bd3139bab3c93ab ---- - src/basic/path-util.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/basic/path-util.c b/src/basic/path-util.c -index e5afb5f5f5..13d71ed1b6 100644 ---- a/src/basic/path-util.c -+++ b/src/basic/path-util.c -@@ -628,7 +628,11 @@ static int check_x_access(const char *path, int *ret_fd) { - return r; - - r = access_fd(fd, X_OK); -- if (r < 0) -+ if (r == -ENOSYS) { -+ /* /proc is not mounted. Fallback to access(). */ -+ if (access(path, X_OK) < 0) -+ return -errno; -+ } else if (r < 0) - return r; - - if (ret_fd) --- -2.33.0 - diff --git a/backport-pid1-fix-segv-triggered-by-status-query.patch b/backport-pid1-fix-segv-triggered-by-status-query.patch deleted file mode 100644 index 72431a4e1f1130ed7814fafe232375e36c3eedf0..0000000000000000000000000000000000000000 --- a/backport-pid1-fix-segv-triggered-by-status-query.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0aadfe4937045efd5a7a53a176d05db7dc937435 Mon Sep 17 00:00:00 2001 -From: Robin Humble -Date: Wed, 1 Feb 2023 23:36:48 +1100 -Subject: [PATCH] pid1: fix segv triggered by status query (#26279) - -If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL. -If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL) -which segfaults pid 1. - -This is triggered by eg. "systemctl status crond" in RHEL9 if - -/etc/systemd/system/crond.service - -> /ram/etc/systemd/system/crond.service - -> /usr/lib/systemd/system/.crond.service.blah.blah - -> /usr/lib/systemd/system/crond.service - -(cherry picked from commit 19cfda9fc3c60de21a362ebb56bcb9f4a9855e85) -(cherry picked from commit 015b0ca9286471c05fe88cfa277dd82e20537ba8) -(cherry picked from commit 9a906fae890904284fe91e29b6bdcb64429fecba) -(cherry picked from commit a2dc9e3be9a8895edcba10f4c0d8d703b435c18b) ---- - src/shared/install.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/install.c b/src/shared/install.c -index 4bf868f8e9..f038665dea 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -1609,7 +1609,7 @@ static int install_info_traverse( - } - - r = install_info_follow(c, i, paths->root_dir, flags, false); -- if (r == -EXDEV) { -+ if (r == -EXDEV && i->symlink_target) { - _cleanup_free_ char *buffer = NULL; - const char *bn; - --- -2.27.0 - diff --git a/backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch b/backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch deleted file mode 100644 index e8ecbb568694ca7b9176877a3dbaae7f18dca34d..0000000000000000000000000000000000000000 --- a/backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 1daa382a7f9e55d11f7b59b144a9963688169843 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 17 Feb 2022 14:40:25 +0100 -Subject: [PATCH] pid1: lookup owning PID of BusName= name of services - asynchronously - -A first step of removing blocking calls to the D-Bus broker from PID 1. -There's a lot more to got (i.e. grep src/core/ for sd_bus_creds -basically), but it's a start. - -Removing blocking calls to D-Bus broker deals systematicallly with -deadlocks caused by dbus-daemon blocking on synchronous IPC calls back -to PID1 (e.g. Varlink calls through nss-systemd). Bugs such as #15316. - -Also-see: https://github.com/systemd/systemd/pull/22038#issuecomment-1042958390 -(cherry picked from commit e39eb045a502d599e6cd3fda7a46020dd438d018) -(cherry picked from commit cf390149cb25248169c482e315a1a7ff02eaf956) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1daa382a7f9e55d11f7b59b144a9963688169843 ---- - src/core/service.c | 91 ++++++++++++++++++++++++++++++++++++---------- - src/core/service.h | 2 + - 2 files changed, 74 insertions(+), 19 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 5f56217904..f6eb46cb54 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -398,6 +398,8 @@ static void service_done(Unit *u) { - s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source); - s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source); - -+ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); -+ - service_release_resources(u); - } - -@@ -4216,6 +4218,60 @@ static int service_get_timeout(Unit *u, usec_t *timeout) { - return 1; - } - -+static bool pick_up_pid_from_bus_name(Service *s) { -+ assert(s); -+ -+ /* If the service is running but we have no main PID yet, get it from the owner of the D-Bus name */ -+ -+ return !pid_is_valid(s->main_pid) && -+ IN_SET(s->state, -+ SERVICE_START, -+ SERVICE_START_POST, -+ SERVICE_RUNNING, -+ SERVICE_RELOAD); -+} -+ -+static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, sd_bus_error *ret_error) { -+ const sd_bus_error *e; -+ Unit *u = userdata; -+ uint32_t pid; -+ Service *s; -+ int r; -+ -+ assert(reply); -+ assert(u); -+ -+ s = SERVICE(u); -+ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); -+ -+ if (!s->bus_name || !pick_up_pid_from_bus_name(s)) -+ return 1; -+ -+ e = sd_bus_message_get_error(reply); -+ if (e) { -+ r = sd_bus_error_get_errno(e); -+ log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r)); -+ return 1; -+ } -+ -+ r = sd_bus_message_read(reply, "u", &pid); -+ if (r < 0) { -+ bus_log_parse_error(r); -+ return 1; -+ } -+ -+ if (!pid_is_valid(pid)) { -+ log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID"); -+ return 1; -+ } -+ -+ log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, (pid_t) pid); -+ -+ service_set_main_pid(s, pid); -+ unit_watch_pid(UNIT(s), pid, false); -+ return 1; -+} -+ - static void service_bus_name_owner_change(Unit *u, const char *new_owner) { - - Service *s = SERVICE(u); -@@ -4246,28 +4302,25 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) { - else if (s->state == SERVICE_START && new_owner) - service_enter_start_post(s); - -- } else if (new_owner && -- s->main_pid <= 0 && -- IN_SET(s->state, -- SERVICE_START, -- SERVICE_START_POST, -- SERVICE_RUNNING, -- SERVICE_RELOAD)) { -- -- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; -- pid_t pid; -+ } else if (new_owner && pick_up_pid_from_bus_name(s)) { - - /* Try to acquire PID from bus service */ - -- r = sd_bus_get_name_creds(u->manager->api_bus, s->bus_name, SD_BUS_CREDS_PID, &creds); -- if (r >= 0) -- r = sd_bus_creds_get_pid(creds, &pid); -- if (r >= 0) { -- log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, pid); -- -- service_set_main_pid(s, pid); -- unit_watch_pid(UNIT(s), pid, false); -- } -+ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); -+ -+ r = sd_bus_call_method_async( -+ u->manager->api_bus, -+ &s->bus_name_pid_lookup_slot, -+ "org.freedesktop.DBus", -+ "/org/freedesktop/DBus", -+ "org.freedesktop.DBus", -+ "GetConnectionUnixProcessID", -+ bus_name_pid_lookup_callback, -+ s, -+ "s", -+ s->bus_name); -+ if (r < 0) -+ log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m"); - } - } - -diff --git a/src/core/service.h b/src/core/service.h -index 6d931c3d5e..6c47c91f85 100644 ---- a/src/core/service.h -+++ b/src/core/service.h -@@ -185,6 +185,8 @@ struct Service { - NotifyAccess notify_access; - NotifyState notify_state; - -+ sd_bus_slot *bus_name_pid_lookup_slot; -+ - sd_event_source *exec_fd_event_source; - - ServiceFDStore *fd_store; --- -2.33.0 - diff --git a/backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch b/backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch deleted file mode 100644 index f1da3dd00415c2e8f46f70d9762fcca50905b233..0000000000000000000000000000000000000000 --- a/backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ac4b463b6d8da420c2b12af4408d0d583280a6d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 12:37:51 +0100 -Subject: [PATCH] pid1: pass PAM_DATA_SILENT to pam_end() in child - -Fixes: #22318 -(cherry picked from commit 7feb2b5737ad110eb3985e8e9d8189f18d1c5147) -(cherry picked from commit 9c560d201527ee064ae11784d6538ae544926181) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9ac4b463b6d8da420c2b12af4408d0d583280a6d ---- - src/core/execute.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 2f2de4d9cf..04c0513453 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1323,7 +1323,9 @@ static int setup_pam( - ret = 0; - - child_finish: -- pam_end(handle, pam_code | flags); -+ /* NB: pam_end() when called in child processes should set PAM_DATA_SILENT to let the module -+ * know about this. See pam_end(3) */ -+ (void) pam_end(handle, pam_code | flags | PAM_DATA_SILENT); - _exit(ret); - } - -@@ -1358,7 +1360,7 @@ fail: - if (close_session) - pam_code = pam_close_session(handle, flags); - -- pam_end(handle, pam_code | flags); -+ (void) pam_end(handle, pam_code | flags); - } - - strv_free(e); --- -2.33.0 - diff --git a/backport-pid1-propagate-the-original-command-line-when-reexec.patch b/backport-pid1-propagate-the-original-command-line-when-reexec.patch deleted file mode 100644 index e995700b9ac7a26b4ab0cf37a0ef6c17da8a5e9b..0000000000000000000000000000000000000000 --- a/backport-pid1-propagate-the-original-command-line-when-reexec.patch +++ /dev/null @@ -1,156 +0,0 @@ -From f3af6ba86c1128ccf6d6f896f70c22f9645a51c5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 08:21:46 +0200 -Subject: [PATCH] pid1: propagate the original command line when reexecuting - -When we reexec the manager in a container, we lose configuration settings on -the kernel command line: - - $ systemd-nspawn -M rawhide -b systemd.status-unit-format=name systemd.show-status=yes - ... - # tr '\0' ' ' -Date: Thu, 17 Feb 2022 14:49:54 +0100 -Subject: [PATCH] pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for - dbus-daemon -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There's currently a deadlock between PID 1 and dbus-daemon: in some -cases dbus-daemon will do NSS lookups (which are blocking) at the same -time PID 1 synchronously blocks on some call to dbus-daemon. Let's break -that by setting SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon, -which will disable synchronously blocking varlink calls from nss-systemd -to PID 1. - -In the long run we should fix this differently: remove all synchronous -calls to dbus-daemon from PID 1. This is not trivial however: so far we -had the rule that synchronous calls from PID 1 to the dbus broker are OK -as long as they only go to interfaces implemented by the broke itself -rather than services reachable through it. Given that the relationship -between PID 1 and dbus is kinda special anyway, this was considered -acceptable for the sake of simplicity, since we quite often need -metadata about bus peers from the broker, and the asynchronous logic -would substantially complicate even the simplest method handlers. - -This mostly reworks the existing code that sets SYSTEMD_NSS_BYPASS_BUS= -(which is a similar hack to deal with deadlocks between nss-systemd and -dbus-daemon itself) to set SYSTEMD_NSS_DYNAMIC_BYPASS=1 instead. No code -was checking SYSTEMD_NSS_BYPASS_BUS= anymore anyway, and it used to -solve a similar problem, hence it's an obvious piece of code to rework -like this. - -Issue originally tracked down by Lukas Märdian. This patch is inspired -and closely based on his patch: - - https://github.com/systemd/systemd/pull/22038 - -Fixes: #15316 -Co-authored-by: Lukas Märdian -(cherry picked from commit de90700f36f2126528f7ce92df0b5b5d5e277558) -(cherry picked from commit 367041af816d48d4852140f98fd0ba78ed83f9e4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0863a55ae95fe6bf7312b7a864d07a9e3fbee563 ---- - src/core/execute.c | 10 +++++----- - src/core/execute.h | 26 +++++++++++++------------- - src/core/service.c | 2 +- - 3 files changed, 19 insertions(+), 19 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 28efe5c36f..37f63a9378 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1828,11 +1828,11 @@ static int build_environment( - our_env[n_env++] = x; - } - -- /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic -- * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but -- * check the database directly. */ -- if (p->flags & EXEC_NSS_BYPASS_BUS) { -- x = strdup("SYSTEMD_NSS_BYPASS_BUS=1"); -+ /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use blocking -+ * Varlink calls back to us for look up dynamic users in PID 1. Break the deadlock between D-Bus and -+ * PID 1 by disabling use of PID1' NSS interface for looking up dynamic users. */ -+ if (p->flags & EXEC_NSS_DYNAMIC_BYPASS) { -+ x = strdup("SYSTEMD_NSS_DYNAMIC_BYPASS=1"); - if (!x) - return -ENOMEM; - our_env[n_env++] = x; -diff --git a/src/core/execute.h b/src/core/execute.h -index 4c7a5b874f..47349a69a2 100644 ---- a/src/core/execute.h -+++ b/src/core/execute.h -@@ -343,21 +343,21 @@ static inline bool exec_context_with_rootfs(const ExecContext *c) { - } - - typedef enum ExecFlags { -- EXEC_APPLY_SANDBOXING = 1 << 0, -- EXEC_APPLY_CHROOT = 1 << 1, -- EXEC_APPLY_TTY_STDIN = 1 << 2, -- EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ -- EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ -- EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ -- EXEC_CGROUP_DELEGATE = 1 << 6, -- EXEC_IS_CONTROL = 1 << 7, -- EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ -- EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ -+ EXEC_APPLY_SANDBOXING = 1 << 0, -+ EXEC_APPLY_CHROOT = 1 << 1, -+ EXEC_APPLY_TTY_STDIN = 1 << 2, -+ EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ -+ EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ -+ EXEC_NSS_DYNAMIC_BYPASS = 1 << 5, /* Set the SYSTEMD_NSS_DYNAMIC_BYPASS environment variable, to disable nss-systemd blocking on PID 1, for use by dbus-daemon */ -+ EXEC_CGROUP_DELEGATE = 1 << 6, -+ EXEC_IS_CONTROL = 1 << 7, -+ EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ -+ EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ - - /* The following are not used by execute.c, but by consumers internally */ -- EXEC_PASS_FDS = 1 << 10, -- EXEC_SETENV_RESULT = 1 << 11, -- EXEC_SET_WATCHDOG = 1 << 12, -+ EXEC_PASS_FDS = 1 << 10, -+ EXEC_SETENV_RESULT = 1 << 11, -+ EXEC_SET_WATCHDOG = 1 << 12, - } ExecFlags; - - /* Parameters for a specific invocation of a command. This structure is put together right before a command is -diff --git a/src/core/service.c b/src/core/service.c -index f6eb46cb54..a480edc439 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -1573,7 +1573,7 @@ static int service_spawn( - return -ENOMEM; - - /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */ -- SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS, -+ SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS, - MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE)); - - strv_free_and_replace(exec_params.environment, final_env); --- -2.33.0 - diff --git a/backport-pid1-watch-bus-name-always-when-we-have-it.patch b/backport-pid1-watch-bus-name-always-when-we-have-it.patch deleted file mode 100644 index f9b816d6c6d439d0034da729ce7185749ccaa8e4..0000000000000000000000000000000000000000 --- a/backport-pid1-watch-bus-name-always-when-we-have-it.patch +++ /dev/null @@ -1,57 +0,0 @@ -From b301230a6ce52989053b12324fcaef0d45610ee6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 17 Feb 2022 17:23:48 +0100 -Subject: [PATCH] pid1: watch bus name always when we have it - -Previously we'd only watch configured service bus names if Type=dbus was -set. Let's also watch it for other types. This is useful to pick up the -main PID of such a service. In fact the code to pick it up was already -in place, alas it didn't do anything given the signal was never received -for it. Fix that. - -(It's also useful for debugging) - -(cherry picked from commit 1e8b312e5a22538f91defb89cf2997e09e106297) -(cherry picked from commit a51e540b278827c0fc59760b9c77cd42cbddc0d2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b301230a6ce52989053b12324fcaef0d45610ee6 ---- - src/core/service.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 7b90822f68..5f56217904 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -685,17 +685,19 @@ static int service_setup_bus_name(Service *s) { - assert(s); - - /* If s->bus_name is not set, then the unit will be refused by service_verify() later. */ -- if (s->type != SERVICE_DBUS || !s->bus_name) -+ if (!s->bus_name) - return 0; - -- r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -- if (r < 0) -- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); -+ if (s->type == SERVICE_DBUS) { -+ r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); - -- /* We always want to be ordered against dbus.socket if both are in the transaction. */ -- r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -- if (r < 0) -- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); -+ /* We always want to be ordered against dbus.socket if both are in the transaction. */ -+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); -+ } - - r = unit_watch_bus_name(UNIT(s), s->bus_name); - if (r == -EEXIST) --- -2.33.0 - diff --git a/backport-policy-files-adjust-landing-page-link.patch b/backport-policy-files-adjust-landing-page-link.patch deleted file mode 100644 index 40cdc7fc95a214eb35966dbd0a4a608fd78360a1..0000000000000000000000000000000000000000 --- a/backport-policy-files-adjust-landing-page-link.patch +++ /dev/null @@ -1,170 +0,0 @@ -From de0d375e38df25b9fe333d64f9880751aea46e6b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 12 Jan 2022 10:42:22 +0100 -Subject: [PATCH] policy files: adjust landing page link - -(cherry picked from commit d6e2c1ab7158d52425d3cb72459c5624db12368c) -(cherry picked from commit 944d8d9050b96e690054224e796254dfc18e6681) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/de0d375e38df25b9fe333d64f9880751aea46e6b ---- - src/core/org.freedesktop.systemd1.policy.in | 2 +- - src/home/org.freedesktop.home1.policy | 2 +- - src/hostname/org.freedesktop.hostname1.policy | 2 +- - src/import/org.freedesktop.import1.policy | 2 +- - src/locale/org.freedesktop.locale1.policy | 2 +- - src/login/org.freedesktop.login1.policy | 2 +- - src/machine/org.freedesktop.machine1.policy | 2 +- - src/network/org.freedesktop.network1.policy | 2 +- - src/portable/org.freedesktop.portable1.policy | 2 +- - src/resolve/org.freedesktop.resolve1.policy | 2 +- - src/timedate/org.freedesktop.timedate1.policy | 2 +- - 11 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/src/core/org.freedesktop.systemd1.policy.in b/src/core/org.freedesktop.systemd1.policy.in -index 74721c516f..f34b2d5bf0 100644 ---- a/src/core/org.freedesktop.systemd1.policy.in -+++ b/src/core/org.freedesktop.systemd1.policy.in -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Send passphrase back to system -diff --git a/src/home/org.freedesktop.home1.policy b/src/home/org.freedesktop.home1.policy -index 10ad7c283a..71253e04e9 100644 ---- a/src/home/org.freedesktop.home1.policy -+++ b/src/home/org.freedesktop.home1.policy -@@ -7,7 +7,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Create a home area -diff --git a/src/hostname/org.freedesktop.hostname1.policy b/src/hostname/org.freedesktop.hostname1.policy -index 7d28c395cf..dacea0ff0a 100644 ---- a/src/hostname/org.freedesktop.hostname1.policy -+++ b/src/hostname/org.freedesktop.hostname1.policy -@@ -14,7 +14,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set hostname -diff --git a/src/import/org.freedesktop.import1.policy b/src/import/org.freedesktop.import1.policy -index 9736816e33..e88a6e8ae6 100644 ---- a/src/import/org.freedesktop.import1.policy -+++ b/src/import/org.freedesktop.import1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Import a VM or container image -diff --git a/src/locale/org.freedesktop.locale1.policy b/src/locale/org.freedesktop.locale1.policy -index f12ca0970a..ed98c4aa09 100644 ---- a/src/locale/org.freedesktop.locale1.policy -+++ b/src/locale/org.freedesktop.locale1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set system locale -diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy -index 80ebb39f30..df906b0e73 100644 ---- a/src/login/org.freedesktop.login1.policy -+++ b/src/login/org.freedesktop.login1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Allow applications to inhibit system shutdown -diff --git a/src/machine/org.freedesktop.machine1.policy b/src/machine/org.freedesktop.machine1.policy -index ddf5ec05c6..5e43cb6e24 100644 ---- a/src/machine/org.freedesktop.machine1.policy -+++ b/src/machine/org.freedesktop.machine1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Log into a local container -diff --git a/src/network/org.freedesktop.network1.policy b/src/network/org.freedesktop.network1.policy -index 9e27f728bc..c39f20655d 100644 ---- a/src/network/org.freedesktop.network1.policy -+++ b/src/network/org.freedesktop.network1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set NTP servers -diff --git a/src/portable/org.freedesktop.portable1.policy b/src/portable/org.freedesktop.portable1.policy -index 17e22b0155..09f9028dc5 100644 ---- a/src/portable/org.freedesktop.portable1.policy -+++ b/src/portable/org.freedesktop.portable1.policy -@@ -7,7 +7,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Inspect a portable service image -diff --git a/src/resolve/org.freedesktop.resolve1.policy b/src/resolve/org.freedesktop.resolve1.policy -index 08615ec6a4..2408bb9e38 100644 ---- a/src/resolve/org.freedesktop.resolve1.policy -+++ b/src/resolve/org.freedesktop.resolve1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Register a DNS-SD service -diff --git a/src/timedate/org.freedesktop.timedate1.policy b/src/timedate/org.freedesktop.timedate1.policy -index c4e71b0753..4a770c08e6 100644 ---- a/src/timedate/org.freedesktop.timedate1.policy -+++ b/src/timedate/org.freedesktop.timedate1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set system time --- -2.33.0 - diff --git a/backport-portable-add-flag-to-return-extension-releases-in-Ge.patch b/backport-portable-add-flag-to-return-extension-releases-in-Ge.patch deleted file mode 100644 index 7cc7fd5193526f4246b0db373df1e3f7a3118b25..0000000000000000000000000000000000000000 --- a/backport-portable-add-flag-to-return-extension-releases-in-Ge.patch +++ /dev/null @@ -1,493 +0,0 @@ -From e31e2b84cf5afff73b793dd335600265dca1ca7e Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 25 Jan 2022 15:49:22 +0000 -Subject: [PATCH] portable: add flag to return extension-releases in - GetImageMetadataWithExtensions - -Return the name of each extension and the associated extension-release -file, and pretty-print them in 'portablectl inspect', if a new flag -is passed. - -$ portablectl inspect --extension app2 --extension app0 minimal app0 app1 -(Matching unit files with prefixes 'app0', 'app1'.) -Image: - /run/portables/minimal.raw -Portable Service: - n/a -Operating System: - Debian GNU/Linux 10 (buster) -Extension: - /run/portables/app2.raw - Extension Scope: - n/a - Extension Compatibility Level: - n/a - Portable Service: - n/a - Portable Prefixes: - n/a - Operating System: - n/a (debian 10) -Extension: - /run/portables/app0.raw - Extension Scope: - n/a - Extension Compatibility Level: - n/a - Portable Service: - n/a - Portable Prefixes: - n/a - Operating System: - n/a (debian 10) -Unit files: - app0.service - -(cherry picked from commit e3f7ed944ae750a40685c52349f3cc850db0876e) -(cherry picked from commit a87fdd2af22128bce621508315ed5126a8d11f45) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e31e2b84cf5afff73b793dd335600265dca1ca7e ---- - man/org.freedesktop.portable1.xml | 10 ++- - src/portable/portable.c | 99 ++++++++++++++++++++---------- - src/portable/portable.h | 15 ++--- - src/portable/portablectl.c | 78 ++++++++++++++++++++++- - src/portable/portabled-image-bus.c | 38 ++++++++++-- - test/units/testsuite-29.sh | 3 + - 6 files changed, 199 insertions(+), 44 deletions(-) - -diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml -index 53c960206e..053f2a5434 100644 ---- a/man/org.freedesktop.portable1.xml -+++ b/man/org.freedesktop.portable1.xml -@@ -187,7 +187,15 @@ node /org/freedesktop/portable1 { - This method is a superset of GetImageMetadata() with the addition of - a list of extensions as input parameter, which were overlaid on top of the main - image via AttachImageWithExtensions(). -- The flag parameter is currently unused and reserved for future purposes. -+ The flag parameter can be used to request that, before the units, the path of -+ each extension and an array of bytes with the content of the respective extension-release file -+ are sent. One such structure will be sent for each extension named in the input arguments. The -+ flag value to enable this functionality is defined as follows: -+ -+ -+#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) -+ -+ - - GetImageState() retrieves the image state as one of the following - strings: -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 8c5e5b6821..23fe6bf926 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -533,13 +533,14 @@ static int extract_image_and_extensions( - bool validate_sysext, - Image **ret_image, - OrderedHashmap **ret_extension_images, -+ OrderedHashmap **ret_extension_releases, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files, - sd_bus_error *error) { - - _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; -- _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(image_unrefp) Image *image = NULL; - Image *ext; -@@ -561,6 +562,12 @@ static int extract_image_and_extensions( - if (!extension_images) - return -ENOMEM; - -+ if (ret_extension_releases) { -+ extension_releases = ordered_hashmap_new(&portable_metadata_hash_ops); -+ if (!extension_releases) -+ return -ENOMEM; -+ } -+ - STRV_FOREACH(p, extension_image_paths) { - _cleanup_(image_unrefp) Image *new = NULL; - -@@ -600,6 +607,7 @@ static int extract_image_and_extensions( - _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; - _cleanup_strv_free_ char **extension_release = NULL; -+ _cleanup_close_ int extension_release_fd = -1; - _cleanup_fclose_ FILE *f = NULL; - - r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); -@@ -610,10 +618,15 @@ static int extract_image_and_extensions( - if (r < 0) - return r; - -- if (!validate_sysext) -+ if (!validate_sysext && !ret_extension_releases) - continue; - -- r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); -+ /* We need to keep the fd valid, to return the PortableMetadata to the caller. */ -+ extension_release_fd = fd_reopen(extension_release_meta->fd, O_CLOEXEC); -+ if (extension_release_fd < 0) -+ return extension_release_fd; -+ -+ r = take_fdopen_unlocked(&extension_release_fd, "r", &f); - if (r < 0) - return r; - -@@ -621,15 +634,28 @@ static int extract_image_and_extensions( - if (r < 0) - return r; - -- r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -- if (r == 0) -- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -- if (r < 0) -- return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -+ if (validate_sysext) { -+ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -+ if (r == 0) -+ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -+ if (r < 0) -+ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -+ } -+ -+ if (ret_extension_releases) { -+ r = ordered_hashmap_put(extension_releases, ext->name, extension_release_meta); -+ if (r < 0) -+ return r; -+ TAKE_PTR(extension_release_meta); -+ } - } - -- *ret_image = TAKE_PTR(image); -- *ret_extension_images = TAKE_PTR(extension_images); -+ if (ret_image) -+ *ret_image = TAKE_PTR(image); -+ if (ret_extension_images) -+ *ret_extension_images = TAKE_PTR(extension_images); -+ if (ret_extension_releases) -+ *ret_extension_releases = TAKE_PTR(extension_releases); - if (ret_os_release) - *ret_os_release = TAKE_PTR(os_release); - if (ret_unit_files) -@@ -643,24 +669,29 @@ int portable_extract( - char **matches, - char **extension_image_paths, - PortableMetadata **ret_os_release, -+ OrderedHashmap **ret_extension_releases, - Hashmap **ret_unit_files, - sd_bus_error *error) { - - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; -- _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(image_unrefp) Image *image = NULL; - int r; - -- r = extract_image_and_extensions(name_or_path, -- matches, -- extension_image_paths, -- /* validate_sysext= */ false, -- &image, -- &extension_images, -- &os_release, -- &unit_files, -- error); -+ assert(name_or_path); -+ -+ r = extract_image_and_extensions( -+ name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ false, -+ &image, -+ &extension_images, -+ &extension_releases, -+ &os_release, -+ &unit_files, -+ error); - if (r < 0) - return r; - -@@ -677,8 +708,12 @@ int portable_extract( - isempty(extensions) ? "" : extensions); - } - -- *ret_os_release = TAKE_PTR(os_release); -- *ret_unit_files = TAKE_PTR(unit_files); -+ if (ret_os_release) -+ *ret_os_release = TAKE_PTR(os_release); -+ if (ret_extension_releases) -+ *ret_extension_releases = TAKE_PTR(extension_releases); -+ if (ret_unit_files) -+ *ret_unit_files = TAKE_PTR(unit_files); - - return 0; - } -@@ -1225,15 +1260,17 @@ int portable_attach( - PortableMetadata *item; - int r; - -- r = extract_image_and_extensions(name_or_path, -- matches, -- extension_image_paths, -- /* validate_sysext= */ true, -- &image, -- &extension_images, -- /* os_release= */ NULL, -- &unit_files, -- error); -+ r = extract_image_and_extensions( -+ name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ true, -+ &image, -+ &extension_images, -+ /* extension_releases= */ NULL, -+ /* os_release= */ NULL, -+ &unit_files, -+ error); - if (r < 0) - return r; - -diff --git a/src/portable/portable.h b/src/portable/portable.h -index 94144287ae..ce55f050a2 100644 ---- a/src/portable/portable.h -+++ b/src/portable/portable.h -@@ -20,13 +20,14 @@ typedef struct PortableMetadata { - #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) - - typedef enum PortableFlags { -- PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ -- PORTABLE_PREFER_COPY = 1 << 1, -- PORTABLE_PREFER_SYMLINK = 1 << 2, -- PORTABLE_REATTACH = 1 << 3, -- _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, -+ PORTABLE_RUNTIME = 1 << 0, -+ PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ -+ PORTABLE_PREFER_COPY = 1 << 2, -+ PORTABLE_PREFER_SYMLINK = 1 << 3, -+ PORTABLE_REATTACH = 1 << 4, -+ _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, - _PORTABLE_TYPE_MAX, -- _PORTABLE_TYPE_INVALID = -EINVAL, -+ _PORTABLE_TYPE_INVALID = -EINVAL, - } PortableFlags; - - /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno -@@ -64,7 +65,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(PortableMetadata*, portable_metadata_unref); - - int portable_metadata_hashmap_to_sorted_array(Hashmap *unit_files, PortableMetadata ***ret); - --int portable_extract(const char *image, char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, Hashmap **ret_unit_files, sd_bus_error *error); -+int portable_extract(const char *image, char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, OrderedHashmap **ret_extension_releases, Hashmap **ret_unit_files, sd_bus_error *error); - - int portable_attach(sd_bus *bus, const char *name_or_path, char **matches, const char *profile, char **extension_images, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); - int portable_detach(sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); -diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c -index 2d8079ad97..af5e78c998 100644 ---- a/src/portable/portablectl.c -+++ b/src/portable/portablectl.c -@@ -259,8 +259,8 @@ static int maybe_reload(sd_bus **bus) { - static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -+ PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; - const char *method; -- uint64_t flags = 0; - int r; - - assert(bus); -@@ -365,6 +365,74 @@ static int inspect_image(int argc, char *argv[], void *userdata) { - if (r < 0) - return bus_log_parse_error(r); - -+ /* If we specified any extensions, we'll first get back exactly the -+ * paths (and extension-release content) for each one of the arguments. */ -+ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -+ const char *name; -+ -+ r = sd_bus_message_enter_container(reply, 'e', "say"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; -+ -+ r = sd_bus_message_read(reply, "s", &name); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ r = sd_bus_message_read_array(reply, 'y', &data, &sz); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ if (arg_cat) { -+ if (nl) -+ fputc('\n', stdout); -+ -+ printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); -+ fwrite(data, sz, 1, stdout); -+ fflush(stdout); -+ nl = true; -+ } else { -+ _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, -+ *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ f = fmemopen_unlocked((void*) data, sz, "re"); -+ if (!f) -+ return log_error_errno(errno, "Failed to open extension-release buffer: %m"); -+ -+ r = parse_env_file(f, name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_SCOPE", &sysext_scope, -+ "SYSEXT_LEVEL", &sysext_level, -+ "PORTABLE_PRETTY_NAME", &pretty_portable, -+ "PORTABLE_PREFIXES", &portable_prefixes, -+ "PRETTY_NAME", &pretty_os); -+ if (r < 0) -+ return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); -+ -+ printf("Extension:\n\t%s\n" -+ "\tExtension Scope:\n\t\t%s\n" -+ "\tExtension Compatibility Level:\n\t\t%s\n" -+ "\tPortable Service:\n\t\t%s\n" -+ "\tPortable Prefixes:\n\t\t%s\n" -+ "\tOperating System:\n\t\t%s (%s %s)\n", -+ name, -+ strna(sysext_scope), -+ strna(sysext_level), -+ strna(pretty_portable), -+ strna(portable_prefixes), -+ strna(pretty_os), -+ strna(id), -+ strna(version_id)); -+ } -+ -+ r = sd_bus_message_exit_container(reply); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ } -+ - for (;;) { - const char *name; - -@@ -699,6 +767,14 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) { - if (r < 0) - return bus_log_parse_error(r); - -+ /* If we specified any extensions, we'll first get back exactly the -+ * paths (and extension-release content) for each one of the arguments. */ -+ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -+ r = sd_bus_message_skip(reply, "{say}"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ } -+ - for (;;) { - const char *name; - -diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c -index 23c6e2633a..3e6310f23e 100644 ---- a/src/portable/portabled-image-bus.c -+++ b/src/portable/portabled-image-bus.c -@@ -102,13 +102,13 @@ int bus_image_common_get_metadata( - Image *image, - sd_bus_error *error) { - -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_releases = NULL; - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_strv_free_ char **matches = NULL, **extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ PortableMetadata **sorted = NULL; -- /* Unused for now, but added to the DBUS methods for future-proofing */ -- uint64_t input_flags = 0; -+ PortableFlags flags = 0; - size_t i; - int r; - -@@ -133,14 +133,17 @@ int bus_image_common_get_metadata( - - if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || - sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { -+ uint64_t input_flags = 0; -+ - r = sd_bus_message_read(message, "t", &input_flags); - if (r < 0) - return r; -- /* Let clients know that this version doesn't support any flags */ -- if (input_flags != 0) -+ -+ if ((input_flags & ~_PORTABLE_MASK_PUBLIC) != 0) - return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, - "Invalid 'flags' parameter '%" PRIu64 "'", - input_flags); -+ flags |= input_flags; - } - - r = bus_image_acquire(m, -@@ -161,6 +164,7 @@ int bus_image_common_get_metadata( - matches, - extension_images, - &os_release, -+ &extension_releases, - &unit_files, - error); - if (r < 0) -@@ -186,6 +190,32 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - -+ /* If it was requested, also send back the extension path and the content -+ * of each extension-release file. Behind a flag, as it's an incompatible -+ * change. */ -+ if (FLAGS_SET(flags, PORTABLE_INSPECT_EXTENSION_RELEASES)) { -+ PortableMetadata *extension_release; -+ -+ ORDERED_HASHMAP_FOREACH(extension_release, extension_releases) { -+ -+ r = sd_bus_message_open_container(reply, 'e', "say"); -+ if (r < 0) -+ return r; -+ -+ r = sd_bus_message_append(reply, "s", extension_release->image_path); -+ if (r < 0) -+ return r; -+ -+ r = append_fd(reply, extension_release); -+ if (r < 0) -+ return r; -+ -+ r = sd_bus_message_close_container(reply); -+ if (r < 0) -+ return r; -+ } -+ } -+ - for (i = 0; i < hashmap_size(unit_files); i++) { - - r = sd_bus_message_open_container(reply, 'e', "say"); -diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh -index 34fa730514..ca09f321b7 100755 ---- a/test/units/testsuite-29.sh -+++ b/test/units/testsuite-29.sh -@@ -80,6 +80,9 @@ systemctl is-active app1.service - portablectl "${ARGS[@]}" reattach --now --runtime --extension ${app1} ${root} app1 - - systemctl is-active app1.service -+portablectl inspect --cat --extension ${app1} ${root} app1 | grep -F "MARKER=1" -+portablectl inspect --cat --extension ${app1} ${root} app1 | grep -F "Extension Release: /usr/share/app1.raw" -+portablectl inspect --cat --extension ${app1} ${root} app1 | grep -F "ExecStart=/opt/script1.sh" - - portablectl detach --now --runtime --extension ${app1} ${root} app1 - --- -2.33.0 - diff --git a/backport-portable-add-return-parameter-to-GetImageMetadataWit.patch b/backport-portable-add-return-parameter-to-GetImageMetadataWit.patch deleted file mode 100644 index 224ccf487abc67e764992014075db88533ec558e..0000000000000000000000000000000000000000 --- a/backport-portable-add-return-parameter-to-GetImageMetadataWit.patch +++ /dev/null @@ -1,393 +0,0 @@ -From 594b9adc847c4b759d1e51559fceb617015f8575 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 3 Mar 2022 16:26:36 +0100 -Subject: [PATCH] portable: add return parameter to - GetImageMetadataWithExtensions - -The complaint was that the output array was used for two kinds of data, and the -input flag decided whether this extra data should be included. The flag is -removed, and instead the old method is changed to include the data always as -a separate parameter. - -This breaks backward compatibility, but the old method is effectively broken -and does not appear to be used yet, at least in open source code, by -searching on codesearch.debian.net and github.com. - -Fixes #22404. - -Co-authored-by: Luca Boccassi -(cherry picked from commit 087a799f64560bb0379b8a99ebbd9ca84804e4c3) -(cherry picked from commit 00b5aa8d741ad17f6b8f5f03d901b038e3a27d04) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/594b9adc847c4b759d1e51559fceb617015f8575 ---- - man/org.freedesktop.portable1.xml | 21 ++--- - src/portable/portable.h | 13 ++- - src/portable/portablectl.c | 142 +++++++++++++++-------------- - src/portable/portabled-bus.c | 1 + - src/portable/portabled-image-bus.c | 30 +++--- - 5 files changed, 110 insertions(+), 97 deletions(-) - -diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml -index 053f2a5434..8f960cc28d 100644 ---- a/man/org.freedesktop.portable1.xml -+++ b/man/org.freedesktop.portable1.xml -@@ -54,6 +54,7 @@ node /org/freedesktop/portable1 { - in t flags, - out s image, - out ay os_release, -+ out a{say} extensions, - out a{say} units); - GetImageState(in s image, - out s state); -@@ -183,19 +184,12 @@ node /org/freedesktop/portable1 { - and a list of portable units contained in the image, in the form of a string (unit name) and - an array of bytes with the content. - -- GetImageMetadataWithExtensions() retrieves metadata associated with an image. -- This method is a superset of GetImageMetadata() with the addition of -- a list of extensions as input parameter, which were overlaid on top of the main -- image via AttachImageWithExtensions(). -- The flag parameter can be used to request that, before the units, the path of -- each extension and an array of bytes with the content of the respective extension-release file -- are sent. One such structure will be sent for each extension named in the input arguments. The -- flag value to enable this functionality is defined as follows: -- -- --#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) -- -- -+ GetImageMetadataWithExtensions() retrieves metadata associated with an -+ image. This method is a superset of GetImageMetadata() with the addition of a list -+ of extensions as input parameter, which were overlaid on top of the main image via -+ AttachImageWithExtensions(). The path of each extension and an array of bytes with -+ the content of the respective extension-release file are returned, one such structure for each -+ extension named in the input arguments. - - GetImageState() retrieves the image state as one of the following - strings: -@@ -340,6 +334,7 @@ node /org/freedesktop/portable1 { - in t flags, - out s image, - out ay os_release, -+ out a{say} extensions, - out a{say} units); - GetState(out s state); - Attach(in as matches, -diff --git a/src/portable/portable.h b/src/portable/portable.h -index ce55f050a2..a1abf60dc7 100644 ---- a/src/portable/portable.h -+++ b/src/portable/portable.h -@@ -20,14 +20,13 @@ typedef struct PortableMetadata { - #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) - - typedef enum PortableFlags { -- PORTABLE_RUNTIME = 1 << 0, -- PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ -- PORTABLE_PREFER_COPY = 1 << 2, -- PORTABLE_PREFER_SYMLINK = 1 << 3, -- PORTABLE_REATTACH = 1 << 4, -- _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, -+ PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ -+ PORTABLE_PREFER_COPY = 1 << 1, -+ PORTABLE_PREFER_SYMLINK = 1 << 2, -+ PORTABLE_REATTACH = 1 << 3, -+ _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, - _PORTABLE_TYPE_MAX, -- _PORTABLE_TYPE_INVALID = -EINVAL, -+ _PORTABLE_TYPE_INVALID = -EINVAL, - } PortableFlags; - - /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno -diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c -index 827d7a7b4a..21048baeb5 100644 ---- a/src/portable/portablectl.c -+++ b/src/portable/portablectl.c -@@ -259,7 +259,7 @@ static int maybe_reload(sd_bus **bus) { - static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -- PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; -+ uint64_t flags = 0; - const char *method; - int r; - -@@ -361,71 +361,78 @@ static int inspect_image(int argc, char *argv[], void *userdata) { - strna(pretty_os)); - } - -- r = sd_bus_message_enter_container(reply, 'a', "{say}"); -- if (r < 0) -- return bus_log_parse_error(r); -- -- /* If we specified any extensions, we'll first get back exactly the -- * paths (and extension-release content) for each one of the arguments. */ -- for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -- const char *name; -+ if (!strv_isempty(arg_extension_images)) { -+ /* If we specified any extensions, we'll first get back exactly the paths (and -+ * extension-release content) for each one of the arguments. */ - -- r = sd_bus_message_enter_container(reply, 'e', "say"); -+ r = sd_bus_message_enter_container(reply, 'a', "{say}"); - if (r < 0) - return bus_log_parse_error(r); -- if (r == 0) -- break; - -- r = sd_bus_message_read(reply, "s", &name); -- if (r < 0) -- return bus_log_parse_error(r); -+ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -+ const char *name; - -- r = sd_bus_message_read_array(reply, 'y', &data, &sz); -- if (r < 0) -- return bus_log_parse_error(r); -+ r = sd_bus_message_enter_container(reply, 'e', "say"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; - -- if (arg_cat) { -- if (nl) -- fputc('\n', stdout); -+ r = sd_bus_message_read(reply, "s", &name); -+ if (r < 0) -+ return bus_log_parse_error(r); - -- printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); -- fwrite(data, sz, 1, stdout); -- fflush(stdout); -- nl = true; -- } else { -- _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, -- *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; -- _cleanup_fclose_ FILE *f = NULL; -- -- f = fmemopen_unlocked((void*) data, sz, "re"); -- if (!f) -- return log_error_errno(errno, "Failed to open extension-release buffer: %m"); -- -- r = parse_env_file(f, name, -- "ID", &id, -- "VERSION_ID", &version_id, -- "SYSEXT_SCOPE", &sysext_scope, -- "SYSEXT_LEVEL", &sysext_level, -- "PORTABLE_PRETTY_NAME", &pretty_portable, -- "PORTABLE_PREFIXES", &portable_prefixes, -- "PRETTY_NAME", &pretty_os); -+ r = sd_bus_message_read_array(reply, 'y', &data, &sz); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ if (arg_cat) { -+ if (nl) -+ fputc('\n', stdout); -+ -+ printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); -+ fwrite(data, sz, 1, stdout); -+ fflush(stdout); -+ nl = true; -+ } else { -+ _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, -+ *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ f = fmemopen_unlocked((void*) data, sz, "re"); -+ if (!f) -+ return log_error_errno(errno, "Failed to open extension-release buffer: %m"); -+ -+ r = parse_env_file(f, name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_SCOPE", &sysext_scope, -+ "SYSEXT_LEVEL", &sysext_level, -+ "PORTABLE_PRETTY_NAME", &pretty_portable, -+ "PORTABLE_PREFIXES", &portable_prefixes, -+ "PRETTY_NAME", &pretty_os); -+ if (r < 0) -+ return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); -+ -+ printf("Extension:\n\t%s\n" -+ "\tExtension Scope:\n\t\t%s\n" -+ "\tExtension Compatibility Level:\n\t\t%s\n" -+ "\tPortable Service:\n\t\t%s\n" -+ "\tPortable Prefixes:\n\t\t%s\n" -+ "\tOperating System:\n\t\t%s (%s %s)\n", -+ name, -+ strna(sysext_scope), -+ strna(sysext_level), -+ strna(pretty_portable), -+ strna(portable_prefixes), -+ strna(pretty_os), -+ strna(id), -+ strna(version_id)); -+ } -+ -+ r = sd_bus_message_exit_container(reply); - if (r < 0) -- return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); -- -- printf("Extension:\n\t%s\n" -- "\tExtension Scope:\n\t\t%s\n" -- "\tExtension Compatibility Level:\n\t\t%s\n" -- "\tPortable Service:\n\t\t%s\n" -- "\tPortable Prefixes:\n\t\t%s\n" -- "\tOperating System:\n\t\t%s (%s %s)\n", -- name, -- strna(sysext_scope), -- strna(sysext_level), -- strna(pretty_portable), -- strna(portable_prefixes), -- strna(pretty_os), -- strna(id), -- strna(version_id)); -+ return bus_log_parse_error(r); - } - - r = sd_bus_message_exit_container(reply); -@@ -433,6 +440,10 @@ static int inspect_image(int argc, char *argv[], void *userdata) { - return bus_log_parse_error(r); - } - -+ r = sd_bus_message_enter_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ - for (;;) { - const char *name; - -@@ -763,18 +774,17 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) { - if (r < 0) - return bus_log_parse_error(r); - -- r = sd_bus_message_enter_container(reply, 'a', "{say}"); -- if (r < 0) -- return bus_log_parse_error(r); -- -- /* If we specified any extensions, we'll first get back exactly the -- * paths (and extension-release content) for each one of the arguments. */ -- for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -- r = sd_bus_message_skip(reply, "{say}"); -+ /* If we specified any extensions, we'll first an array of extension-release metadata. */ -+ if (!strv_isempty(arg_extension_images)) { -+ r = sd_bus_message_skip(reply, "a{say}"); - if (r < 0) - return bus_log_parse_error(r); - } - -+ r = sd_bus_message_enter_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ - for (;;) { - const char *name; - -diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c -index 5b992d9df8..db71057bb3 100644 ---- a/src/portable/portabled-bus.c -+++ b/src/portable/portabled-bus.c -@@ -420,6 +420,7 @@ const sd_bus_vtable manager_vtable[] = { - "t", flags), - SD_BUS_RESULT("s", image, - "ay", os_release, -+ "a{say}", extensions, - "a{say}", units), - method_get_image_metadata, - SD_BUS_VTABLE_UNPRIVILEGED), -diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c -index 964035ec15..d538a4786f 100644 ---- a/src/portable/portabled-image-bus.c -+++ b/src/portable/portabled-image-bus.c -@@ -108,7 +108,6 @@ int bus_image_common_get_metadata( - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ PortableMetadata **sorted = NULL; -- PortableFlags flags = 0; - int r; - - assert(name_or_path || image); -@@ -119,8 +118,10 @@ int bus_image_common_get_metadata( - m = image->userdata; - } - -- if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || -- sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { -+ bool have_exti = sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || -+ sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions"); -+ -+ if (have_exti) { - r = sd_bus_message_read_strv(message, &extension_images); - if (r < 0) - return r; -@@ -130,8 +131,7 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - -- if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || -- sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { -+ if (have_exti) { - uint64_t input_flags = 0; - - r = sd_bus_message_read(message, "t", &input_flags); -@@ -142,7 +142,6 @@ int bus_image_common_get_metadata( - return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, - "Invalid 'flags' parameter '%" PRIu64 "'", - input_flags); -- flags |= input_flags; - } - - r = bus_image_acquire(m, -@@ -185,16 +184,16 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - -- r = sd_bus_message_open_container(reply, 'a', "{say}"); -- if (r < 0) -- return r; -- - /* If it was requested, also send back the extension path and the content - * of each extension-release file. Behind a flag, as it's an incompatible - * change. */ -- if (FLAGS_SET(flags, PORTABLE_INSPECT_EXTENSION_RELEASES)) { -+ if (have_exti) { - PortableMetadata *extension_release; - -+ r = sd_bus_message_open_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return r; -+ - ORDERED_HASHMAP_FOREACH(extension_release, extension_releases) { - - r = sd_bus_message_open_container(reply, 'e', "say"); -@@ -213,8 +212,16 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - } -+ -+ r = sd_bus_message_close_container(reply); -+ if (r < 0) -+ return r; - } - -+ r = sd_bus_message_open_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return r; -+ - for (size_t i = 0; i < hashmap_size(unit_files); i++) { - - r = sd_bus_message_open_container(reply, 'e', "say"); -@@ -866,6 +873,7 @@ const sd_bus_vtable image_vtable[] = { - "t", flags), - SD_BUS_RESULT("s", image, - "ay", os_release, -+ "a{say}", extensions, - "a{say}", units), - bus_image_method_get_metadata, - SD_BUS_VTABLE_UNPRIVILEGED), --- -2.33.0 - diff --git a/backport-portable-inline-one-variable-declaration.patch b/backport-portable-inline-one-variable-declaration.patch deleted file mode 100644 index 5b6ffda4719912cccd36bb1f8f36370f744eedb2..0000000000000000000000000000000000000000 --- a/backport-portable-inline-one-variable-declaration.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f1f790658be65ba281d101d651f853701a829250 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 3 Mar 2022 19:13:20 +0100 -Subject: [PATCH] portable: inline one variable declaration - -(cherry picked from commit 90e3f3581dd578a23aec9f63ca846babfe4fcaa0) -(cherry picked from commit 06d466a05c69e39058f109700c8a6c10bd4c2c89) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f1f790658be65ba281d101d651f853701a829250 ---- - src/portable/portabled-image-bus.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c -index 3e6310f23e..964035ec15 100644 ---- a/src/portable/portabled-image-bus.c -+++ b/src/portable/portabled-image-bus.c -@@ -109,7 +109,6 @@ int bus_image_common_get_metadata( - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ PortableMetadata **sorted = NULL; - PortableFlags flags = 0; -- size_t i; - int r; - - assert(name_or_path || image); -@@ -216,7 +215,7 @@ int bus_image_common_get_metadata( - } - } - -- for (i = 0; i < hashmap_size(unit_files); i++) { -+ for (size_t i = 0; i < hashmap_size(unit_files); i++) { - - r = sd_bus_message_open_container(reply, 'e', "say"); - if (r < 0) --- -2.33.0 - diff --git a/backport-portable-move-profile-search-helper-to-path-lookup.patch b/backport-portable-move-profile-search-helper-to-path-lookup.patch deleted file mode 100644 index 5b90cbd3c19edc3988333ae6fb0fed01737f1ab0..0000000000000000000000000000000000000000 --- a/backport-portable-move-profile-search-helper-to-path-lookup.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 494652d95c620f0191f5c7c8f30956e9e98dd62b Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Fri, 26 Nov 2021 17:50:34 +0000 -Subject: [PATCH] portable: move profile search helper to path-lookup - -Will be used in systemd-analyze later - -(cherry picked from commit 13c02e7bd54e4420c392bd76c0fcf1846c10f99c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/494652d95c620f0191f5c7c8f30956e9e98dd62b ---- - src/basic/path-lookup.c | 28 ++++++++++++++++++++++++++++ - src/basic/path-lookup.h | 3 +++ - src/portable/portable.c | 33 ++------------------------------- - 3 files changed, 33 insertions(+), 31 deletions(-) - -diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 05eb17d66c..83adf4767e 100644 ---- a/src/basic/path-lookup.c -+++ b/src/basic/path-lookup.c -@@ -8,6 +8,7 @@ - #include "fs-util.h" - #include "log.h" - #include "macro.h" -+#include "nulstr-util.h" - #include "path-lookup.h" - #include "path-util.h" - #include "stat-util.h" -@@ -864,3 +865,30 @@ char **env_generator_binary_paths(bool is_system) { - - return TAKE_PTR(paths); - } -+ -+int find_portable_profile(const char *name, const char *unit, char **ret_path) { -+ const char *p, *dot; -+ -+ assert(name); -+ assert(ret_path); -+ -+ assert_se(dot = strrchr(unit, '.')); -+ -+ NULSTR_FOREACH(p, PORTABLE_PROFILE_DIRS) { -+ _cleanup_free_ char *joined = NULL; -+ -+ joined = strjoin(p, "/", name, "/", dot + 1, ".conf"); -+ if (!joined) -+ return -ENOMEM; -+ -+ if (laccess(joined, F_OK) >= 0) { -+ *ret_path = TAKE_PTR(joined); -+ return 0; -+ } -+ -+ if (errno != ENOENT) -+ return -errno; -+ } -+ -+ return -ENOENT; -+} -diff --git a/src/basic/path-lookup.h b/src/basic/path-lookup.h -index 088bb9b57c..af85dc7b4f 100644 ---- a/src/basic/path-lookup.h -+++ b/src/basic/path-lookup.h -@@ -72,3 +72,6 @@ char **env_generator_binary_paths(bool is_system); - - #define NETWORK_DIRS ((const char* const*) CONF_PATHS_STRV("systemd/network")) - #define NETWORK_DIRS_NULSTR CONF_PATHS_NULSTR("systemd/network") -+ -+#define PORTABLE_PROFILE_DIRS CONF_PATHS_NULSTR("systemd/portable/profile") -+int find_portable_profile(const char *name, const char *unit, char **ret_path); -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 02f4a692b0..8c5e5b6821 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -37,8 +37,6 @@ - #include "tmpfile-util.h" - #include "user-util.h" - --static const char profile_dirs[] = CONF_PATHS_NULSTR("systemd/portable/profile"); -- - /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was - * dropped there by the portable service logic and b) for which image it was dropped there. */ - #define PORTABLE_DROPIN_MARKER_BEGIN "# Drop-in created for image '" -@@ -967,33 +965,6 @@ static int install_chroot_dropin( - return 0; - } - --static int find_profile(const char *name, const char *unit, char **ret) { -- const char *p, *dot; -- -- assert(name); -- assert(ret); -- -- assert_se(dot = strrchr(unit, '.')); -- -- NULSTR_FOREACH(p, profile_dirs) { -- _cleanup_free_ char *joined = NULL; -- -- joined = strjoin(p, "/", name, "/", dot + 1, ".conf"); -- if (!joined) -- return -ENOMEM; -- -- if (laccess(joined, F_OK) >= 0) { -- *ret = TAKE_PTR(joined); -- return 0; -- } -- -- if (errno != ENOENT) -- return -errno; -- } -- -- return -ENOENT; --} -- - static int install_profile_dropin( - const char *image_path, - const PortableMetadata *m, -@@ -1014,7 +985,7 @@ static int install_profile_dropin( - if (!profile) - return 0; - -- r = find_profile(profile, m->name, &from); -+ r = find_portable_profile(profile, m->name, &from); - if (r < 0) { - if (r != -ENOENT) - return log_debug_errno(errno, "Profile '%s' is not accessible: %m", profile); -@@ -1731,7 +1702,7 @@ int portable_get_state( - int portable_get_profiles(char ***ret) { - assert(ret); - -- return conf_files_list_nulstr(ret, NULL, NULL, CONF_FILES_DIRECTORY|CONF_FILES_BASENAME|CONF_FILES_FILTER_MASKED, profile_dirs); -+ return conf_files_list_nulstr(ret, NULL, NULL, CONF_FILES_DIRECTORY|CONF_FILES_BASENAME|CONF_FILES_FILTER_MASKED, PORTABLE_PROFILE_DIRS); - } - - static const char* const portable_change_type_table[_PORTABLE_CHANGE_TYPE_MAX] = { --- -2.33.0 - diff --git a/backport-portablectl-reorder-if-branches-to-match-previous-co.patch b/backport-portablectl-reorder-if-branches-to-match-previous-co.patch deleted file mode 100644 index 3298903e49adb05dd5ab932ce9e5c9cbe610631b..0000000000000000000000000000000000000000 --- a/backport-portablectl-reorder-if-branches-to-match-previous-co.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b57a0605dd294c00ed34d7bad08a9c33f9810a2d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 3 Mar 2022 18:56:06 +0100 -Subject: [PATCH] portablectl: reorder if branches to match previous - conditional in the same function - -One is a ternary op, the other an normal conditional, but they should still use -the same order of branches. - -(cherry picked from commit 573e33de078956ded078653ef3f90f93469b4dbf) -(cherry picked from commit 7856dc310906cb8b09d27b7175b322129bd619b6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b57a0605dd294c00ed34d7bad08a9c33f9810a2d ---- - src/portable/portablectl.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c -index af5e78c998..827d7a7b4a 100644 ---- a/src/portable/portablectl.c -+++ b/src/portable/portablectl.c -@@ -927,12 +927,13 @@ static int detach_image(int argc, char *argv[], void *userdata) { - if (r < 0) - return r; - -- if (!strv_isempty(arg_extension_images)) { -+ if (strv_isempty(arg_extension_images)) -+ r = sd_bus_message_append(m, "b", arg_runtime); -+ else { - uint64_t flags = arg_runtime ? PORTABLE_RUNTIME : 0; - - r = sd_bus_message_append(m, "t", flags); -- } else -- r = sd_bus_message_append(m, "b", arg_runtime); -+ } - if (r < 0) - return bus_log_create_error(r); - --- -2.33.0 - diff --git a/backport-portabled-error-out-if-there-are-no-units-only-after.patch b/backport-portabled-error-out-if-there-are-no-units-only-after.patch deleted file mode 100644 index fc8fe1cfc9d455c90017d81ade96484ecbb07c44..0000000000000000000000000000000000000000 --- a/backport-portabled-error-out-if-there-are-no-units-only-after.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 6ea63e538eaa13e1efacd33e4ade2cd096b818e0 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 18 Aug 2021 16:37:13 +0100 -Subject: [PATCH] portabled: error out if there are no units only after parsing - all images - -It's ok if the OS image doesn't have matching units, if we find them -in the extensions. Tidies up the parsing logic a bit. - -(cherry picked from commit 7bf5ec4538cd4c77979dd9d09d9e9429a0a3535c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6ea63e538eaa13e1efacd33e4ade2cd096b818e0 ---- - src/portable/portable.c | 29 ++++++++++++++++++++++++++--- - 1 file changed, 26 insertions(+), 3 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 5ecbeec2de..8550becded 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -504,9 +504,6 @@ static int portable_extract_by_path( - if (extract_os_release && !os_release) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image '%s' lacks os-release data, refusing.", path); - -- if (!extract_os_release && hashmap_isempty(unit_files)) -- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Couldn't find any matching unit files in image '%s', refusing.", path); -- - if (ret_unit_files) - *ret_unit_files = TAKE_PTR(unit_files); - -@@ -573,6 +570,19 @@ int portable_extract( - return r; - } - -+ if (hashmap_isempty(unit_files)) { -+ _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); -+ if (!extensions) -+ return -ENOMEM; -+ -+ return sd_bus_error_setf(error, -+ SD_BUS_ERROR_INVALID_ARGS, -+ "Couldn't find any matching unit files in image '%s%s%s', refusing.", -+ image->path, -+ isempty(extensions) ? "" : "' or any of its extensions '", -+ isempty(extensions) ? "" : extensions); -+ } -+ - *ret_os_release = TAKE_PTR(os_release); - *ret_unit_files = TAKE_PTR(unit_files); - -@@ -1189,6 +1199,19 @@ int portable_attach( - return r; - } - -+ if (hashmap_isempty(unit_files)) { -+ _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); -+ if (!extensions) -+ return -ENOMEM; -+ -+ return sd_bus_error_setf(error, -+ SD_BUS_ERROR_INVALID_ARGS, -+ "Couldn't find any matching unit files in image '%s%s%s', refusing.", -+ image->path, -+ isempty(extensions) ? "" : "' or any of its extensions '", -+ isempty(extensions) ? "" : extensions); -+ } -+ - r = lookup_paths_init(&paths, UNIT_FILE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, NULL); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-portabled-refactor-extraction-validation-into-a-comm.patch b/backport-portabled-refactor-extraction-validation-into-a-comm.patch deleted file mode 100644 index 9534602a5ea48eef9d2b643f8df58f2146e19189..0000000000000000000000000000000000000000 --- a/backport-portabled-refactor-extraction-validation-into-a-comm.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 04934ab329767b4a1fde60438f769f9eb055fd9d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Mon, 6 Sep 2021 13:19:47 +0100 -Subject: [PATCH] portabled: refactor extraction/validation into a common - helper - -(cherry picked from commit 9ff61565be1efe5cc962964cde1af2278e554e9e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/04934ab329767b4a1fde60438f769f9eb055fd9d ---- - src/portable/portable.c | 169 ++++++++++++++++++++++------------------ - 1 file changed, 92 insertions(+), 77 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 765aedf852..02f4a692b0 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -528,14 +528,18 @@ static int portable_extract_by_path( - return 0; - } - --int portable_extract( -+static int extract_image_and_extensions( - const char *name_or_path, - char **matches, - char **extension_image_paths, -+ bool validate_sysext, -+ Image **ret_image, -+ OrderedHashmap **ret_extension_images, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files, - sd_bus_error *error) { - -+ _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; -@@ -544,6 +548,9 @@ int portable_extract( - int r; - - assert(name_or_path); -+ assert(matches); -+ assert(ret_image); -+ assert(ret_extension_images); - - r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); - if (r < 0) -@@ -574,17 +581,91 @@ int portable_extract( - if (r < 0) - return r; - -+ /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata -+ * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ -+ if (validate_sysext) { -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ r = take_fdopen_unlocked(&os_release->fd, "r", &f); -+ if (r < 0) -+ return r; -+ -+ r = parse_env_file(f, os_release->name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_LEVEL", &sysext_level); -+ if (r < 0) -+ return r; -+ } -+ - ORDERED_HASHMAP_FOREACH(ext, extension_images) { -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; -+ _cleanup_strv_free_ char **extension_release = NULL; -+ _cleanup_fclose_ FILE *f = NULL; - -- r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, NULL, &extra_unit_files, error); -+ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); - if (r < 0) - return r; -+ - r = hashmap_move(unit_files, extra_unit_files); - if (r < 0) - return r; -+ -+ if (!validate_sysext) -+ continue; -+ -+ r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); -+ if (r < 0) -+ return r; -+ -+ r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); -+ if (r < 0) -+ return r; -+ -+ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -+ if (r == 0) -+ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -+ if (r < 0) -+ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); - } - -+ *ret_image = TAKE_PTR(image); -+ *ret_extension_images = TAKE_PTR(extension_images); -+ if (ret_os_release) -+ *ret_os_release = TAKE_PTR(os_release); -+ if (ret_unit_files) -+ *ret_unit_files = TAKE_PTR(unit_files); -+ -+ return 0; -+} -+ -+int portable_extract( -+ const char *name_or_path, -+ char **matches, -+ char **extension_image_paths, -+ PortableMetadata **ret_os_release, -+ Hashmap **ret_unit_files, -+ sd_bus_error *error) { -+ -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; -+ _cleanup_hashmap_free_ Hashmap *unit_files = NULL; -+ _cleanup_(image_unrefp) Image *image = NULL; -+ int r; -+ -+ r = extract_image_and_extensions(name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ false, -+ &image, -+ &extension_images, -+ &os_release, -+ &unit_files, -+ error); -+ if (r < 0) -+ return r; -+ - if (hashmap_isempty(unit_files)) { - _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); - if (!extensions) -@@ -1166,91 +1247,25 @@ int portable_attach( - size_t *n_changes, - sd_bus_error *error) { - -- _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; -- _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(lookup_paths_free) LookupPaths paths = {}; - _cleanup_(image_unrefp) Image *image = NULL; - PortableMetadata *item; -- Image *ext; -- char **p; - int r; - -- assert(name_or_path); -- -- r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); -- if (r < 0) -- return r; -- if (!strv_isempty(extension_image_paths)) { -- extension_images = ordered_hashmap_new(&image_hash_ops); -- if (!extension_images) -- return -ENOMEM; -- -- STRV_FOREACH(p, extension_image_paths) { -- _cleanup_(image_unrefp) Image *new = NULL; -- -- r = image_find_harder(IMAGE_PORTABLE, *p, NULL, &new); -- if (r < 0) -- return r; -- -- r = ordered_hashmap_put(extension_images, new->name, new); -- if (r < 0) -- return r; -- TAKE_PTR(new); -- } -- } -- -- r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); -+ r = extract_image_and_extensions(name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ true, -+ &image, -+ &extension_images, -+ /* os_release= */ NULL, -+ &unit_files, -+ error); - if (r < 0) - return r; - -- /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata -- * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ -- if (os_release) { -- _cleanup_fclose_ FILE *f = NULL; -- -- r = take_fdopen_unlocked(&os_release->fd, "r", &f); -- if (r < 0) -- return r; -- -- r = parse_env_file(f, os_release->name, -- "ID", &id, -- "VERSION_ID", &version_id, -- "SYSEXT_LEVEL", &sysext_level); -- if (r < 0) -- return r; -- } -- -- ORDERED_HASHMAP_FOREACH(ext, extension_images) { -- _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; -- _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; -- _cleanup_strv_free_ char **extension_release = NULL; -- _cleanup_fclose_ FILE *f = NULL; -- -- r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); -- if (r < 0) -- return r; -- -- r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); -- if (r < 0) -- return r; -- -- r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); -- if (r < 0) -- return r; -- -- r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -- if (r == 0) -- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -- if (r < 0) -- return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -- -- r = hashmap_move(unit_files, extra_unit_files); -- if (r < 0) -- return r; -- } -- - if (hashmap_isempty(unit_files)) { - _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); - if (!extensions) --- -2.33.0 - diff --git a/backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch b/backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch deleted file mode 100644 index e3787da2237a7bac8985a188385ff7d3fb97bdbd..0000000000000000000000000000000000000000 --- a/backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 5453257f8caebbcfe880601de27853f2d51acbb7 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 4 Aug 2021 15:00:06 +0100 -Subject: [PATCH] portabled: validate SYSEXT_LEVEL when attaching - -When attaching a portable service with extensions, immediately validate -that the os-release and extension-release metadata values match, rather -than letting it fail when the units are started - -(cherry picked from commit 239ac0c7f72c30cab2e84d395d064c3b7384ff84) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5453257f8caebbcfe880601de27853f2d51acbb7 ---- - src/portable/portable.c | 88 ++++++++++++++++++++++++++++++++--------- - src/portable/portable.h | 1 + - 2 files changed, 71 insertions(+), 18 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 8550becded..765aedf852 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -11,8 +11,10 @@ - #include "dirent-util.h" - #include "discover-image.h" - #include "dissect-image.h" -+#include "env-file.h" - #include "errno-list.h" - #include "escape.h" -+#include "extension-release.h" - #include "fd-util.h" - #include "fileio.h" - #include "fs-util.h" -@@ -232,6 +234,8 @@ DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops, char, - static int extract_now( - const char *where, - char **matches, -+ const char *image_name, -+ bool path_is_extension, - int socket_fd, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files) { -@@ -241,6 +245,7 @@ static int extract_now( - _cleanup_(lookup_paths_free) LookupPaths paths = {}; - _cleanup_close_ int os_release_fd = -1; - _cleanup_free_ char *os_release_path = NULL; -+ const char *os_release_id; - char **i; - int r; - -@@ -255,19 +260,27 @@ static int extract_now( - - assert(where); - -- /* First, find /etc/os-release and send it upstream (or just save it). */ -- r = open_os_release(where, &os_release_path, &os_release_fd); -+ /* First, find os-release/extension-release and send it upstream (or just save it). */ -+ if (path_is_extension) { -+ os_release_id = strjoina("/usr/lib/extension-release.d/extension-release.", image_name); -+ r = open_extension_release(where, image_name, &os_release_path, &os_release_fd); -+ } else { -+ os_release_id = "/etc/os-release"; -+ r = open_os_release(where, &os_release_path, &os_release_fd); -+ } - if (r < 0) -- log_debug_errno(r, "Couldn't acquire os-release file, ignoring: %m"); -+ log_debug_errno(r, -+ "Couldn't acquire %s file, ignoring: %m", -+ path_is_extension ? "extension-release " : "os-release"); - else { - if (socket_fd >= 0) { -- r = send_item(socket_fd, "/etc/os-release", os_release_fd); -+ r = send_item(socket_fd, os_release_id, os_release_fd); - if (r < 0) - return log_debug_errno(r, "Failed to send os-release file: %m"); - } - - if (ret_os_release) { -- os_release = portable_metadata_new("/etc/os-release", NULL, os_release_fd); -+ os_release = portable_metadata_new(os_release_id, NULL, os_release_fd); - if (!os_release) - return -ENOMEM; - -@@ -353,7 +366,7 @@ static int extract_now( - - static int portable_extract_by_path( - const char *path, -- bool extract_os_release, -+ bool path_is_extension, - char **matches, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files, -@@ -371,7 +384,7 @@ static int portable_extract_by_path( - /* We can't turn this into a loop-back block device, and this returns EISDIR? Then this is a directory - * tree and not a raw device. It's easy then. */ - -- r = extract_now(path, matches, -1, &os_release, &unit_files); -+ r = extract_now(path, matches, NULL, path_is_extension, -1, &os_release, &unit_files); - if (r < 0) - return r; - -@@ -428,7 +441,7 @@ static int portable_extract_by_path( - - seq[0] = safe_close(seq[0]); - -- if (!extract_os_release) -+ if (path_is_extension) - flags |= DISSECT_IMAGE_VALIDATE_OS_EXT; - else - flags |= DISSECT_IMAGE_VALIDATE_OS; -@@ -439,7 +452,7 @@ static int portable_extract_by_path( - goto child_finish; - } - -- r = extract_now(tmpdir, matches, seq[1], NULL, NULL); -+ r = extract_now(tmpdir, matches, m->image_name, path_is_extension, seq[1], NULL, NULL); - - child_finish: - _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); -@@ -485,7 +498,7 @@ static int portable_extract_by_path( - - add = NULL; - -- } else if (PORTABLE_METADATA_IS_OS_RELEASE(add)) { -+ } else if (PORTABLE_METADATA_IS_OS_RELEASE(add) || PORTABLE_METADATA_IS_EXTENSION_RELEASE(add)) { - - assert(!os_release); - os_release = TAKE_PTR(add); -@@ -499,10 +512,12 @@ static int portable_extract_by_path( - child = 0; - } - -- /* When the portable image is layered, the image with units will not -- * have a full filesystem, so no os-release - it will be in the root layer */ -- if (extract_os_release && !os_release) -- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image '%s' lacks os-release data, refusing.", path); -+ if (!os_release) -+ return sd_bus_error_setf(error, -+ SD_BUS_ERROR_INVALID_ARGS, -+ "Image '%s' lacks %s data, refusing.", -+ path, -+ path_is_extension ? "extension-release" : "os-release"); - - if (ret_unit_files) - *ret_unit_files = TAKE_PTR(unit_files); -@@ -555,14 +570,14 @@ int portable_extract( - } - } - -- r = portable_extract_by_path(image->path, true, matches, &os_release, &unit_files, error); -+ r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); - if (r < 0) - return r; - - ORDERED_HASHMAP_FOREACH(ext, extension_images) { - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; - -- r = portable_extract_by_path(ext->path, false, matches, NULL, &extra_unit_files, error); -+ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, NULL, &extra_unit_files, error); - if (r < 0) - return r; - r = hashmap_move(unit_files, extra_unit_files); -@@ -1151,6 +1166,8 @@ int portable_attach( - size_t *n_changes, - sd_bus_error *error) { - -+ _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(lookup_paths_free) LookupPaths paths = {}; -@@ -1184,16 +1201,51 @@ int portable_attach( - } - } - -- r = portable_extract_by_path(image->path, true, matches, NULL, &unit_files, error); -+ r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); - if (r < 0) - return r; - -+ /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata -+ * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ -+ if (os_release) { -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ r = take_fdopen_unlocked(&os_release->fd, "r", &f); -+ if (r < 0) -+ return r; -+ -+ r = parse_env_file(f, os_release->name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_LEVEL", &sysext_level); -+ if (r < 0) -+ return r; -+ } -+ - ORDERED_HASHMAP_FOREACH(ext, extension_images) { -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; -+ _cleanup_strv_free_ char **extension_release = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); -+ if (r < 0) -+ return r; - -- r = portable_extract_by_path(ext->path, false, matches, NULL, &extra_unit_files, error); -+ r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); - if (r < 0) - return r; -+ -+ r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); -+ if (r < 0) -+ return r; -+ -+ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -+ if (r == 0) -+ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -+ if (r < 0) -+ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -+ - r = hashmap_move(unit_files, extra_unit_files); - if (r < 0) - return r; -diff --git a/src/portable/portable.h b/src/portable/portable.h -index dd080edf4e..94144287ae 100644 ---- a/src/portable/portable.h -+++ b/src/portable/portable.h -@@ -16,6 +16,7 @@ typedef struct PortableMetadata { - } PortableMetadata; - - #define PORTABLE_METADATA_IS_OS_RELEASE(m) (streq((m)->name, "/etc/os-release")) -+#define PORTABLE_METADATA_IS_EXTENSION_RELEASE(m) (startswith((m)->name, "/usr/lib/extension-release.d/extension-release.")) - #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) - - typedef enum PortableFlags { --- -2.33.0 - diff --git a/backport-process-util-wait-for-processes-we-killed-even-if-ki.patch b/backport-process-util-wait-for-processes-we-killed-even-if-ki.patch deleted file mode 100644 index 4250b701ed4b943b837e6726eccbe93dcb55ea1c..0000000000000000000000000000000000000000 --- a/backport-process-util-wait-for-processes-we-killed-even-if-ki.patch +++ /dev/null @@ -1,46 +0,0 @@ -From deda69dad784f9c4367533555ff4d7bf6308c0ff Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 3 Nov 2021 15:54:28 +0100 -Subject: [PATCH] process-util: wait for processes we killed even if killing - failed - -The processes might be zombies in which case killing will fail, but -reaping them still matters. - -(cherry picked from commit 2c1612100daae9cef1b71c06ae4c4ec5f9378f09) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/deda69dad784f9c4367533555ff4d7bf6308c0ff ---- - src/basic/process-util.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 14259ea8df..461bbfe9a5 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -858,8 +858,8 @@ int wait_for_terminate_with_timeout(pid_t pid, usec_t timeout) { - void sigkill_wait(pid_t pid) { - assert(pid > 1); - -- if (kill(pid, SIGKILL) >= 0) -- (void) wait_for_terminate(pid, NULL); -+ (void) kill(pid, SIGKILL); -+ (void) wait_for_terminate(pid, NULL); - } - - void sigkill_waitp(pid_t *pid) { -@@ -876,8 +876,8 @@ void sigkill_waitp(pid_t *pid) { - void sigterm_wait(pid_t pid) { - assert(pid > 1); - -- if (kill_and_sigcont(pid, SIGTERM) >= 0) -- (void) wait_for_terminate(pid, NULL); -+ (void) kill_and_sigcont(pid, SIGTERM); -+ (void) wait_for_terminate(pid, NULL); - } - - int kill_and_sigcont(pid_t pid, int sig) { --- -2.33.0 - diff --git a/backport-random-util-use-ssize_t-for-getrandom-return-value.patch b/backport-random-util-use-ssize_t-for-getrandom-return-value.patch deleted file mode 100644 index df5788543ba5ce8a08eb047556b45a19def4a38e..0000000000000000000000000000000000000000 --- a/backport-random-util-use-ssize_t-for-getrandom-return-value.patch +++ /dev/null @@ -1,81 +0,0 @@ -From a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Fri, 24 Dec 2021 19:20:36 -0500 -Subject: [PATCH] random-util: use ssize_t for getrandom return value - -This matches the prototype provided by glibc. - -(cherry picked from commit 289b41aae7356b7a6c72ff4a3476193a084ff33f) -(cherry picked from commit 4d889024ef5ba1edc5d967a010a2551e0826e5d7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a ---- - src/basic/missing_syscall.h | 3 ++- - src/basic/random-util.c | 16 ++++++++-------- - 2 files changed, 10 insertions(+), 9 deletions(-) - -diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h -index 9e3a165857..279c5911bd 100644 ---- a/src/basic/missing_syscall.h -+++ b/src/basic/missing_syscall.h -@@ -57,7 +57,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) { - /* ======================================================================= */ - - #if !HAVE_GETRANDOM --static inline int missing_getrandom(void *buffer, size_t count, unsigned flags) { -+/* glibc says getrandom() returns ssize_t */ -+static inline ssize_t missing_getrandom(void *buffer, size_t count, unsigned flags) { - # ifdef __NR_getrandom - return syscall(__NR_getrandom, buffer, count, flags); - # else -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index c2be962355..e117330857 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -161,7 +161,6 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - static int have_syscall = -1; - _cleanup_close_ int fd = -1; - bool got_some = false; -- int r; - - /* Gathers some high-quality randomness from the kernel (or potentially mid-quality randomness from - * the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't block, unless the RANDOM_BLOCK -@@ -220,18 +219,19 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - if (have_syscall != 0 && !HAS_FEATURE_MEMORY_SANITIZER) { - - for (;;) { -- r = getrandom(p, n, -+ ssize_t l; -+ l = getrandom(p, n, - (FLAGS_SET(flags, RANDOM_BLOCK) ? 0 : GRND_NONBLOCK) | - (FLAGS_SET(flags, RANDOM_ALLOW_INSECURE) ? GRND_INSECURE : 0)); -- if (r > 0) { -+ if (l > 0) { - have_syscall = true; - -- if ((size_t) r == n) -+ if ((size_t) l == n) - return 0; /* Yay, success! */ - -- assert((size_t) r < n); -- p = (uint8_t*) p + r; -- n -= r; -+ assert((size_t) l < n); -+ p = (uint8_t*) p + l; -+ n -= l; - - if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { - /* Fill in the remaining bytes using pseudo-random values */ -@@ -248,7 +248,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - /* Fill in the rest with /dev/urandom */ - break; - -- } else if (r == 0) { -+ } else if (l == 0) { - have_syscall = true; - return -EIO; - --- -2.33.0 - diff --git a/backport-repart-use-real-disk-start-end-for-bar-production.patch b/backport-repart-use-real-disk-start-end-for-bar-production.patch deleted file mode 100644 index 5c323084a1acf6844df08bc1bcb30729a5a86d09..0000000000000000000000000000000000000000 --- a/backport-repart-use-real-disk-start-end-for-bar-production.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0c3c3db042a24d11da7accf777029fbaf8db5a29 Mon Sep 17 00:00:00 2001 -From: Tom Yan -Date: Mon, 20 Dec 2021 01:30:38 +0800 -Subject: [PATCH] repart: use real disk start/end for bar production - -Partitions are not always within our aligned scope. Bar printing -involves foreign partitions as well. - -Fixes #21817. - -(cherry picked from commit d8daed09f37bc9f8ecb9268a4e371f65aec8b24a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0c3c3db042a24d11da7accf777029fbaf8db5a29 ---- - src/partition/repart.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 7602ac6aa8..9f0fe9e10d 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -2103,16 +2103,14 @@ static void context_bar_char_process_partition( - from = p->offset; - to = from + p->new_size; - -- assert(context->end >= context->start); -- total = context->end - context->start; -+ assert(context->total > 0); -+ total = context->total; - -- assert(from >= context->start); -- assert(from <= context->end); -- x = (from - context->start) * n / total; -+ assert(from <= total); -+ x = from * n / total; - -- assert(to >= context->start); -- assert(to <= context->end); -- y = (to - context->start) * n / total; -+ assert(to <= total); -+ y = to * n / total; - - assert(x <= y); - assert(y <= n); --- -2.33.0 - diff --git a/backport-repart-use-right-error-variable.patch b/backport-repart-use-right-error-variable.patch deleted file mode 100644 index 620cde1b753e837aca8dc2ab74ef43a462830613..0000000000000000000000000000000000000000 --- a/backport-repart-use-right-error-variable.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b57f76bff912de738a8da8feceb298160bebab26 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 5 Oct 2021 14:10:27 +0200 -Subject: [PATCH] repart: use right error variable - -(cherry picked from commit 8ac04a65477b59c9143b635c0c0daa5152d9b466) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b57f76bff912de738a8da8feceb298160bebab26 ---- - src/partition/repart.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 851c68cc4b..3c80d1380a 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -2784,7 +2784,7 @@ static int context_copy_blocks(Context *context) { - return log_error_errno(r, "Failed to copy in data from '%s': %m", p->copy_blocks_path); - - if (fsync(target_fd) < 0) -- return log_error_errno(r, "Failed to synchronize copied data blocks: %m"); -+ return log_error_errno(errno, "Failed to synchronize copied data blocks: %m"); - - if (p->encrypt != ENCRYPT_OFF) { - encrypted_dev_fd = safe_close(encrypted_dev_fd); -@@ -3060,7 +3060,7 @@ static int context_mkfs(Context *context) { - - if (p->encrypt != ENCRYPT_OFF) { - if (fsync(encrypted_dev_fd) < 0) -- return log_error_errno(r, "Failed to synchronize LUKS volume: %m"); -+ return log_error_errno(errno, "Failed to synchronize LUKS volume: %m"); - encrypted_dev_fd = safe_close(encrypted_dev_fd); - - r = deactivate_luks(cd, encrypted); --- -2.33.0 - diff --git a/backport-resolvconf-compat-make-u-operation-a-NOP.patch b/backport-resolvconf-compat-make-u-operation-a-NOP.patch deleted file mode 100644 index 2b371f25dcc49a7ffa8379745909264b902eca6e..0000000000000000000000000000000000000000 --- a/backport-resolvconf-compat-make-u-operation-a-NOP.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 4fe53426991e829c0add9378d91f3677a23076fd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 10:48:24 +0200 -Subject: [PATCH] resolvconf-compat: make "-u" operation a NOP - -According to the various man pages of "resolvconf" the -u switch is for: - -"-u Just run the update scripts (if updating is enabled)." - -"-u Force resolvconf to update all its subscribers. resolvconf does not - update the subscribers when adding a resolv.conf that matches what - it already has for that interface." - -We have no "subscribers", we ourselves are the only "subscriber" we -support. Hence it's probably better to ignore such a request and make it -a NOP, then to fail. - -Fixes: #20748 -(cherry picked from commit bee07a399572e0d60600c040a84099ecb418ed33) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4fe53426991e829c0add9378d91f3677a23076fd ---- - src/resolve/resolvconf-compat.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/resolve/resolvconf-compat.c b/src/resolve/resolvconf-compat.c -index 93ded6d564..991c62e21d 100644 ---- a/src/resolve/resolvconf-compat.c -+++ b/src/resolve/resolvconf-compat.c -@@ -39,8 +39,8 @@ static int resolvconf_help(void) { - "This is a compatibility alias for the resolvectl(1) tool, providing native\n" - "command line compatibility with the resolvconf(8) tool of various Linux\n" - "distributions and BSD systems. Some options supported by other implementations\n" -- "are not supported and are ignored: -m, -p. Various options supported by other\n" -- "implementations are not supported and will cause the invocation to fail: -u,\n" -+ "are not supported and are ignored: -m, -p, -u. Various options supported by other\n" -+ "implementations are not supported and will cause the invocation to fail:\n" - "-I, -i, -l, -R, -r, -v, -V, --enable-updates, --disable-updates,\n" - "--updates-are-enabled.\n" - "\nSee the %2$s for details.\n", -@@ -171,8 +171,11 @@ int resolvconf_parse_argv(int argc, char *argv[]) { - log_debug("Switch -%c ignored.", c); - break; - -- /* Everybody else can agree on the existence of -u but we don't support it. */ -+ /* -u supposedly should "update all subscribers". We have no subscribers, hence let's make -+ this a NOP, and exit immediately, cleanly. */ - case 'u': -+ log_info("Switch -%c ignored.", c); -+ return 0; - - /* The following options are openresolv inventions we don't support. */ - case 'I': --- -2.33.0 - diff --git a/backport-resolve-add-reference-of-the-original-bus-message-to.patch b/backport-resolve-add-reference-of-the-original-bus-message-to.patch deleted file mode 100644 index 578c244dae9d9119eb72190cf49e62cf12c8d463..0000000000000000000000000000000000000000 --- a/backport-resolve-add-reference-of-the-original-bus-message-to.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 965e8b5a691d05b32ecadbe1d4d00de2200492c2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 11 Feb 2022 09:43:16 +0900 -Subject: [PATCH] resolve: add reference of the original bus message to the aux - queries - -Otherwise, the error in aux queries cannot be replied. - -Fixes #22477. - -(cherry picked from commit 08275791d85a1852e79951212f6cbbc727db789a) -(cherry picked from commit 919d398668d2baa1873e61f7f502fac910a9d606) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/965e8b5a691d05b32ecadbe1d4d00de2200492c2 ---- - src/resolve/resolved-bus.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c -index ed06895ed9..61d4b50c5b 100644 ---- a/src/resolve/resolved-bus.c -+++ b/src/resolve/resolved-bus.c -@@ -1137,6 +1137,7 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin - if (r < 0) - return r; - -+ aux->bus_request = sd_bus_message_ref(q->bus_request); - aux->request_family = q->request_family; - aux->complete = resolve_service_hostname_complete; - --- -2.33.0 - diff --git a/backport-resolve-drop-never-matched-condition.patch b/backport-resolve-drop-never-matched-condition.patch deleted file mode 100644 index 2144bf3226aeaa48edbbaf8dbfe23ebf53ec301c..0000000000000000000000000000000000000000 --- a/backport-resolve-drop-never-matched-condition.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7b99795c46d4cd61501a31364894f13ac3a9e60d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 07:49:40 +0900 -Subject: [PATCH] resolve: drop never matched condition - -As dns_scope_good_domain() does not return negative errno. - -(cherry picked from commit 830f50ab1e03fa7ee262876ed42023d10e89688d) -(cherry picked from commit 499115dbc3408f9a85160099e114bbaf0bacfe84) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b99795c46d4cd61501a31364894f13ac3a9e60d ---- - src/resolve/resolved-dns-query.c | 12 ++---------- - 1 file changed, 2 insertions(+), 10 deletions(-) - -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 192bfd3bf5..4d15240e25 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -743,11 +743,7 @@ int dns_query_go(DnsQuery *q) { - continue; - - match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -- if (match < 0) { -- log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); -- continue; -- } -- -+ assert(match >= 0); - if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one - * that matches this well */ - found = match; -@@ -779,11 +775,7 @@ int dns_query_go(DnsQuery *q) { - continue; - - match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -- if (match < 0) { -- log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); -- continue; -- } -- -+ assert(match >= 0); - if (match < found) - continue; - --- -2.33.0 - diff --git a/backport-resolve-fix-assertion-triggered-when-r-0.patch b/backport-resolve-fix-assertion-triggered-when-r-0.patch deleted file mode 100644 index 61fabd1e551816315a54b3a3c099033e0e09750c..0000000000000000000000000000000000000000 --- a/backport-resolve-fix-assertion-triggered-when-r-0.patch +++ /dev/null @@ -1,35 +0,0 @@ -From bfa7063dac7173858ddddda7c49eda95a9dd89bf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 20 Jan 2022 05:24:31 +0900 -Subject: [PATCH] resolve: fix assertion triggered when r == 0 - -Fixes #22178. - -(cherry picked from commit 98b1eb711cfc70776fefd3d4ec437a6a4f9aeff2) -(cherry picked from commit 740dd39e070b3b827cbac37df2a40d61bd9cdb89) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bfa7063dac7173858ddddda7c49eda95a9dd89bf ---- - src/resolve/resolved-etc-hosts.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-etc-hosts.c b/src/resolve/resolved-etc-hosts.c -index 9af3a27bb1..a8da6c3d88 100644 ---- a/src/resolve/resolved-etc-hosts.c -+++ b/src/resolve/resolved-etc-hosts.c -@@ -109,7 +109,10 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) { - - r = dns_name_is_valid_ldh(name); - if (r <= 0) { -- log_warning_errno(r, "/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); -+ if (r < 0) -+ log_warning_errno(r, "/etc/hosts:%u: Failed to check the validity of hostname \"%s\", ignoring: %m", nr, name); -+ else -+ log_warning("/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); - continue; - } - --- -2.33.0 - diff --git a/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch b/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch deleted file mode 100644 index eef6c0e1301e798ba6f2d8c99746c4a4abe49a83..0000000000000000000000000000000000000000 --- a/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c285d500d0fe356f74f34846bc2ac0e25fe6ae42 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 8 Jul 2022 22:00:58 +0900 -Subject: [PATCH] resolve: fix heap-buffer-overflow reported by ASAN with - strict_string_checks=1 - -Fixes #23942. - -(cherry picked from commit beeab352de413e1c04de0a67ee36525fcf6e99dd) -(cherry picked from commit feb244676baa246e660b713544c2cb8766c25b34) -(cherry picked from commit 63c0ce2346cb70a2959bd539541119866223a619) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c285d500d0fe356f74f34846bc2ac0e25fe6ae42 ---- - src/resolve/resolved-dns-packet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c -index b37f57fe67..c4cfbf7820 100644 ---- a/src/resolve/resolved-dns-packet.c -+++ b/src/resolve/resolved-dns-packet.c -@@ -1393,7 +1393,7 @@ int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) { - if (memchr(d, 0, c)) - return -EBADMSG; - -- t = strndup(d, c); -+ t = memdup_suffix0(d, c); - if (!t) - return -ENOMEM; - --- -2.27.0 - diff --git a/backport-resolve-fix-possible-memleak.patch b/backport-resolve-fix-possible-memleak.patch deleted file mode 100644 index cc0955b09215f86e9f2805efac71cb004229314c..0000000000000000000000000000000000000000 --- a/backport-resolve-fix-possible-memleak.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 11f8123bbf36801ec436dc77d42a8e253eed1fb7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 5 Feb 2022 22:03:19 +0900 -Subject: [PATCH] resolve: fix possible memleak - -Fortunately, unlike the issue fixed in the previous commit, the memleak -should be superficial and not become apparent, as the queries handled -here are managed by the stub stream, and will be freed when the stream -is closed. - -Just for safety, and slightly reducing the runtime memory usage by the -stub stream. - -(cherry picked from commit fe8c5ce615ee2123f17b1f0b3728c439e19e4b5b) -(cherry picked from commit 4dbc210124b4303ecadb6cdb28a4a4c821e1150b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/11f8123bbf36801ec436dc77d42a8e253eed1fb7 ---- - src/resolve/resolved-dns-stub.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c -index 49da916576..8040db70f9 100644 ---- a/src/resolve/resolved-dns-stub.c -+++ b/src/resolve/resolved-dns-stub.c -@@ -755,8 +755,10 @@ static void dns_stub_query_complete(DnsQuery *q) { - * packet doesn't answer our question. In that case let's restart the query, - * now with the redirected question. We'll */ - r = dns_query_go(q); -- if (r < 0) -+ if (r < 0) { - log_debug_errno(r, "Failed to restart query: %m"); -+ dns_query_free(q); -+ } - - return; - } --- -2.33.0 - diff --git a/backport-resolve-fix-potential-memleak-and-use-after-free.patch b/backport-resolve-fix-potential-memleak-and-use-after-free.patch deleted file mode 100644 index 1cc6f9b0e3cbf89ea2f5519085f9563bf357a70f..0000000000000000000000000000000000000000 --- a/backport-resolve-fix-potential-memleak-and-use-after-free.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8baf04a6588bd392f606a3d55b0711cdd00b4b80 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 5 Feb 2022 21:37:01 +0900 -Subject: [PATCH] resolve: fix potential memleak and use-after-free - -When stub stream is closed early, then queries associated to the stream -are freed. Previously, the timer event source for queries may not be -disabled, hence may be triggered with already freed query. -See also dns_stub_stream_complete(). - -Note that we usually not set NULL or zero when freeing simple objects. -But, here DnsQuery is large and complicated object, and the element may -be referenced in subsequent freeing process in the future. Hence, for -safety, let's set NULL to the pointer. - -(cherry picked from commit 73bfd7be042cc63e7649242b377ad494bf74ea4b) -(cherry picked from commit d82bd80cf4e7659906a502735b20a45964b55a88) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8baf04a6588bd392f606a3d55b0711cdd00b4b80 ---- - src/resolve/resolved-dns-query.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 7f341986d9..6d372395fe 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -381,6 +381,8 @@ DnsQuery *dns_query_free(DnsQuery *q) { - if (!q) - return NULL; - -+ q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source); -+ - while (q->auxiliary_queries) - dns_query_free(q->auxiliary_queries); - --- -2.33.0 - diff --git a/backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch b/backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch deleted file mode 100644 index dc34ed50c33bb04448e2c22a5b16ce6466ebedeb..0000000000000000000000000000000000000000 --- a/backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 8cc818cdc726c8185387b413e8a2f31e00d7c185 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 07:50:30 +0900 -Subject: [PATCH] resolve: make dns_scope_good_domain() take DnsQuery* - -(cherry picked from commit 176a9a2cca47f7c1553d96f7dd51c2193a269dbc) -(cherry picked from commit 54ab65f5f3da22985126dc3ae846a777d6b555a9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8cc818cdc726c8185387b413e8a2f31e00d7c185 ---- - src/resolve/resolved-dns-query.c | 14 ++------------ - src/resolve/resolved-dns-scope.c | 21 +++++++++++++++++---- - src/resolve/resolved-dns-scope.h | 4 ++-- - 3 files changed, 21 insertions(+), 18 deletions(-) - -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 4d15240e25..24cd7cddf5 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -736,13 +736,8 @@ int dns_query_go(DnsQuery *q) { - - LIST_FOREACH(scopes, s, q->manager->dns_scopes) { - DnsScopeMatch match; -- const char *name; - -- name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); -- if (!name) -- continue; -- -- match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -+ match = dns_scope_good_domain(s, q); - assert(match >= 0); - if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one - * that matches this well */ -@@ -768,13 +763,8 @@ int dns_query_go(DnsQuery *q) { - - LIST_FOREACH(scopes, s, first->scopes_next) { - DnsScopeMatch match; -- const char *name; -- -- name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); -- if (!name) -- continue; - -- match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -+ match = dns_scope_good_domain(s, q); - assert(match >= 0); - if (match < found) - continue; -diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c -index 2546d0d4da..47edba6bc3 100644 ---- a/src/resolve/resolved-dns-scope.c -+++ b/src/resolve/resolved-dns-scope.c -@@ -584,11 +584,13 @@ static DnsScopeMatch match_subnet_reverse_lookups( - - DnsScopeMatch dns_scope_good_domain( - DnsScope *s, -- int ifindex, -- uint64_t flags, -- const char *domain) { -+ DnsQuery *q) { - -+ DnsQuestion *question; - DnsSearchDomain *d; -+ const char *domain; -+ uint64_t flags; -+ int ifindex; - - /* This returns the following return values: - * -@@ -602,7 +604,18 @@ DnsScopeMatch dns_scope_good_domain( - */ - - assert(s); -- assert(domain); -+ assert(q); -+ -+ question = dns_query_question_for_protocol(q, s->protocol); -+ if (!question) -+ return DNS_SCOPE_NO; -+ -+ domain = dns_question_first_name(question); -+ if (!domain) -+ return DNS_SCOPE_NO; -+ -+ ifindex = q->ifindex; -+ flags = q->flags; - - /* Checks if the specified domain is something to look up on this scope. Note that this accepts - * non-qualified hostnames, i.e. those without any search path suffixed. */ -diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h -index a2b9546b38..1f9d22b7d1 100644 ---- a/src/resolve/resolved-dns-scope.h -+++ b/src/resolve/resolved-dns-scope.h -@@ -10,7 +10,7 @@ typedef struct DnsScope DnsScope; - #include "resolved-dns-cache.h" - #include "resolved-dns-dnssec.h" - #include "resolved-dns-packet.h" -- -+#include "resolved-dns-query.h" - #include "resolved-dns-search-domain.h" - #include "resolved-dns-server.h" - #include "resolved-dns-stream.h" -@@ -76,7 +76,7 @@ int dns_scope_emit_udp(DnsScope *s, int fd, int af, DnsPacket *p); - int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *address, DnsServer *server, uint16_t port, union sockaddr_union *ret_socket_address); - int dns_scope_socket_udp(DnsScope *s, DnsServer *server); - --DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain); -+DnsScopeMatch dns_scope_good_domain(DnsScope *s, DnsQuery *q); - bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key); - - DnsServer *dns_scope_get_dns_server(DnsScope *s); --- -2.33.0 - diff --git a/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch b/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch deleted file mode 100644 index 1a9209cd923df16eea43fbf04ac4d96a7f7e68a4..0000000000000000000000000000000000000000 --- a/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9b1f4d855aa7b16b425545fdd888dbef918d1daa Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 4 Jul 2022 11:23:33 +0900 -Subject: [PATCH] resolve: mdns_packet_extract_matching_rrs() may return 0 - -Fixes the following assertion: - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa ---- -Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa ---- - -(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad) -(cherry picked from commit 0070302b3cdc1350bf7bfd5d032dbea420f4ed40) -(cherry picked from commit 30d24c8df600545d1878a868bcd409e65479af77) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa ---- - src/resolve/resolved-mdns.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c -index 24241249b1..8c8ee81da1 100644 ---- a/src/resolve/resolved-mdns.c -+++ b/src/resolve/resolved-mdns.c -@@ -165,8 +165,6 @@ static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p - if (r < 0) - return r; - -- assert(r > 0); -- - if (proposed_rrs_cmp(remote, r, our, size) > 0) - return 1; - --- -2.27.0 - diff --git a/backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch b/backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch deleted file mode 100644 index 033898af29ef770e1e2789551aae5088b9a997ed..0000000000000000000000000000000000000000 --- a/backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 63590abb5dd48fbcc8c0dfc5dfc1ee088382d5f7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 11 Feb 2022 09:49:13 +0900 -Subject: [PATCH] resolve: refuse AF_UNSPEC when resolving address - -Fixes #22480. - -(cherry picked from commit 0234f0c0531682e7f28a4ef51852c102c6e97267) -(cherry picked from commit 084c88983eaecbf23e113db5a7ee11f94b60472b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/63590abb5dd48fbcc8c0dfc5dfc1ee088382d5f7 ---- - src/resolve/resolved-varlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c -index 6f4ab425ef..9a61b19e61 100644 ---- a/src/resolve/resolved-varlink.c -+++ b/src/resolve/resolved-varlink.c -@@ -484,7 +484,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var - if (p.ifindex < 0) - return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex")); - -- if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6)) -+ if (!IN_SET(p.family, AF_INET, AF_INET6)) - return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family")); - - if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size) --- -2.33.0 - diff --git a/backport-resolve-remove-server-large-level.patch b/backport-resolve-remove-server-large-level.patch deleted file mode 100644 index d51cfd9b7f511666cfcd9f60afe8635ce6912281..0000000000000000000000000000000000000000 --- a/backport-resolve-remove-server-large-level.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 0bc9811acfd2535bf8a7a16a3903a2c22df206c9 Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Fri, 20 Aug 2021 14:44:35 -0400 -Subject: [PATCH] resolve: remove server 'large' level - -This removes the DNS_SERVER_FEATURE_LEVEL_LARGE, and sets the EDNS0 -advertised max packet size as if always in 'large' mode. - -Without this, we always send out EDNS0 opts that limit response sizes -to 512 bytes, thus the remote server will never send anything larger -and will always truncate responses larger than 512 bytes, forcing us -to drop from EDNS0 down to TCP, even though one of the primary benefits -of EDNS0 is larger packet sizes. - -Fixes: #20993 -(cherry picked from commit 526fce97afe130f71dba3bd4646196bbb1188b82) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0bc9811acfd2535bf8a7a16a3903a2c22df206c9 ---- - src/resolve/resolved-dns-server.c | 63 +++++++++++-------------------- - src/resolve/resolved-dns-server.h | 3 +- - 2 files changed, 24 insertions(+), 42 deletions(-) - -diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c -index 58a1376708..a21148d288 100644 ---- a/src/resolve/resolved-dns-server.c -+++ b/src/resolve/resolved-dns-server.c -@@ -282,11 +282,6 @@ void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLeve - if (s->packet_bad_opt && level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) - level = DNS_SERVER_FEATURE_LEVEL_EDNS0 - 1; - -- /* Even if we successfully receive a reply to a request announcing support for large packets, that -- * does not mean we can necessarily receive large packets. */ -- if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) -- level = DNS_SERVER_FEATURE_LEVEL_LARGE - 1; -- - dns_server_verified(s, level); - - /* Remember the size of the largest UDP packet fragment we received from a server, we know that we -@@ -429,7 +424,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { - * better than EDNS0, hence don't even try. */ - if (dns_server_get_dnssec_mode(s) != DNSSEC_NO) - best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ? -- DNS_SERVER_FEATURE_LEVEL_LARGE : -+ DNS_SERVER_FEATURE_LEVEL_DO : - DNS_SERVER_FEATURE_LEVEL_TLS_DO; - else - best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ? -@@ -597,7 +592,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { - } - - int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level) { -- size_t packet_size; -+ size_t packet_size, udp_size; - bool edns_do; - int r; - -@@ -616,40 +611,29 @@ int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeature - - edns_do = level >= DNS_SERVER_FEATURE_LEVEL_DO; - -- if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) { -- size_t udp_size; -- -- /* In large mode, advertise the local MTU, in order to avoid fragmentation (for security -- * reasons) – except if we are talking to localhost (where the security considerations don't -- * matter). If we see fragmentation, lower the reported size to the largest fragment, to -- * avoid it. */ -- -- udp_size = udp_header_size(server->family); -- -- if (in_addr_is_localhost(server->family, &server->address) > 0) -- packet_size = 65536 - udp_size; /* force linux loopback MTU if localhost address */ -- else { -- /* Use the MTU pointing to the server, subtract the IP/UDP header size */ -- packet_size = LESS_BY(dns_server_get_mtu(server), udp_size); -+ udp_size = udp_header_size(server->family); - -- /* On the Internet we want to avoid fragmentation for security reasons. If we saw -- * fragmented packets, the above was too large, let's clamp it to the largest -- * fragment we saw */ -- if (server->packet_fragmented) -- packet_size = MIN(server->received_udp_fragment_max, packet_size); -- -- /* Let's not pick ridiculously large sizes, i.e. not more than 4K. No one appears -- * to ever use such large sized on the Internet IRL, hence let's not either. */ -- packet_size = MIN(packet_size, 4096U); -- } -+ if (in_addr_is_localhost(server->family, &server->address) > 0) -+ packet_size = 65536 - udp_size; /* force linux loopback MTU if localhost address */ -+ else { -+ /* Use the MTU pointing to the server, subtract the IP/UDP header size */ -+ packet_size = LESS_BY(dns_server_get_mtu(server), udp_size); -+ -+ /* On the Internet we want to avoid fragmentation for security reasons. If we saw -+ * fragmented packets, the above was too large, let's clamp it to the largest -+ * fragment we saw */ -+ if (server->packet_fragmented) -+ packet_size = MIN(server->received_udp_fragment_max, packet_size); -+ -+ /* Let's not pick ridiculously large sizes, i.e. not more than 4K. No one appears -+ * to ever use such large sized on the Internet IRL, hence let's not either. */ -+ packet_size = MIN(packet_size, 4096U); -+ } - -- /* Strictly speaking we quite possibly can receive larger datagrams than the MTU (since the -- * MTU is for egress, not for ingress), but more often than not the value is symmetric, and -- * we want something that does the right thing in the majority of cases, and not just in the -- * theoretical edge case. */ -- } else -- /* In non-large mode, let's advertise the size of the largest fragment we ever managed to accept. */ -- packet_size = server->received_udp_fragment_max; -+ /* Strictly speaking we quite possibly can receive larger datagrams than the MTU (since the -+ * MTU is for egress, not for ingress), but more often than not the value is symmetric, and -+ * we want something that does the right thing in the majority of cases, and not just in the -+ * theoretical edge case. */ - - /* Safety clamp, never advertise less than 512 or more than 65535 */ - packet_size = CLAMP(packet_size, -@@ -1097,7 +1081,6 @@ static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVE - [DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0", - [DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN] = "TLS+EDNS0", - [DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO", -- [DNS_SERVER_FEATURE_LEVEL_LARGE] = "UDP+EDNS0+DO+LARGE", - [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+D0", - }; - DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel); -diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h -index fe0eaee49c..be9efb0a79 100644 ---- a/src/resolve/resolved-dns-server.h -+++ b/src/resolve/resolved-dns-server.h -@@ -32,7 +32,6 @@ typedef enum DnsServerFeatureLevel { - DNS_SERVER_FEATURE_LEVEL_EDNS0, - DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, - DNS_SERVER_FEATURE_LEVEL_DO, -- DNS_SERVER_FEATURE_LEVEL_LARGE, - DNS_SERVER_FEATURE_LEVEL_TLS_DO, - _DNS_SERVER_FEATURE_LEVEL_MAX, - _DNS_SERVER_FEATURE_LEVEL_INVALID = -EINVAL, -@@ -43,7 +42,7 @@ typedef enum DnsServerFeatureLevel { - #define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0) - #define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO) - #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) --#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO, DNS_SERVER_FEATURE_LEVEL_LARGE) -+#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO) - - const char* dns_server_feature_level_to_string(int i) _const_; - int dns_server_feature_level_from_string(const char *s) _pure_; --- -2.33.0 - diff --git a/backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch b/backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch deleted file mode 100644 index 69ebd7500add42cc3d95c7e084119995cd09a56d..0000000000000000000000000000000000000000 --- a/backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 76016b82c683bcb15c155a8ab7ca45004894c134 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 4 Feb 2022 12:05:33 +0900 -Subject: [PATCH] resolve: synthesize empty domain only when A and/or AAAA key - is requested - -Follow-up for 3b2ac14ac45bef01cf489c3231b868936866444b (#22231). - -Before this commit. ---- -$ dig -t SRV '.' - -; <<>> DiG 9.16.24-RH <<>> -t SRV . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16836 -;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN SRV - -;; Query time: 1 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Fri Feb 04 12:01:09 JST 2022 -;; MSG SIZE rcvd: 28 ---- - -After this commit. ---- -$ dig -t SRV '.' - -; <<>> DiG 9.16.24-RH <<>> -t SRV . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19861 -;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN SRV - -;; AUTHORITY SECTION: -. 86394 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022020302 1800 900 604800 86400 - -;; Query time: 20 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Fri Feb 04 12:00:12 JST 2022 -;; MSG SIZE rcvd: 103 ---- - -Fixes #22401. - -(cherry picked from commit 30fa3aa1fa56d9a1a4f3a26c0bc02253d44dfa0f) -(cherry picked from commit d57147ef5698c50e02e5e74df8d0936230032cfe) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/76016b82c683bcb15c155a8ab7ca45004894c134 ---- - src/resolve/resolved-dns-scope.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c -index 47edba6bc3..360ceecdb7 100644 ---- a/src/resolve/resolved-dns-scope.c -+++ b/src/resolve/resolved-dns-scope.c -@@ -626,10 +626,6 @@ DnsScopeMatch dns_scope_good_domain( - if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) - return DNS_SCOPE_NO; - -- /* Never resolve empty name. */ -- if (dns_name_is_empty(domain)) -- return DNS_SCOPE_NO; -- - /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on - * synthesized RRs for these. */ - if (is_localhost(domain) || -@@ -658,6 +654,22 @@ DnsScopeMatch dns_scope_good_domain( - DnsScopeMatch m; - int n_best = -1; - -+ if (dns_name_is_empty(domain)) { -+ DnsResourceKey *t; -+ bool found = false; -+ -+ /* Refuse empty name if only A and/or AAAA records are requested. */ -+ -+ DNS_QUESTION_FOREACH(t, question) -+ if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA)) { -+ found = true; -+ break; -+ } -+ -+ if (!found) -+ return DNS_SCOPE_NO; -+ } -+ - /* Never route things to scopes that lack DNS servers */ - if (!dns_scope_get_dns_server(s)) - return DNS_SCOPE_NO; --- -2.33.0 - diff --git a/backport-resolve-synthesize-empty-name.patch b/backport-resolve-synthesize-empty-name.patch deleted file mode 100644 index 165d41104c1cba1f423ee0e55d2ddb1a8053c283..0000000000000000000000000000000000000000 --- a/backport-resolve-synthesize-empty-name.patch +++ /dev/null @@ -1,97 +0,0 @@ -From d3331adc66af4e69f7bdc378c1c591dd27703bf2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 24 Jan 2022 06:07:33 +0900 -Subject: [PATCH] resolve: synthesize empty name - -Do not return any error for empty name. Just returns empty answer. - -Before: ---- -$ dig . - -; <<>> DiG 9.16.24-RH <<>> . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617 -;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN A - -;; Query time: 0 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Mon Jan 24 05:49:30 JST 2022 -;; MSG SIZE rcvd: 28 ---- - -After: ---- -$ dig . - -; <<>> DiG 9.16.24-RH <<>> . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957 -;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN A - -;; Query time: 1 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Mon Jan 24 06:05:02 JST 2022 -;; MSG SIZE rcvd: 28 ---- - -Replaces #22197. - -Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854). - -(cherry picked from commit 3b2ac14ac45bef01cf489c3231b868936866444b) -(cherry picked from commit 0fd3ccca64402eaec9535d0288d888f7fcacb9b8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d3331adc66af4e69f7bdc378c1c591dd27703bf2 ---- - src/resolve/resolved-dns-scope.c | 4 ++++ - src/resolve/resolved-dns-synthesize.c | 5 ++++- - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c -index 178482727c..2546d0d4da 100644 ---- a/src/resolve/resolved-dns-scope.c -+++ b/src/resolve/resolved-dns-scope.c -@@ -613,6 +613,10 @@ DnsScopeMatch dns_scope_good_domain( - if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) - return DNS_SCOPE_NO; - -+ /* Never resolve empty name. */ -+ if (dns_name_is_empty(domain)) -+ return DNS_SCOPE_NO; -+ - /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on - * synthesized RRs for these. */ - if (is_localhost(domain) || -diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c -index ef1423f441..ea239e686d 100644 ---- a/src/resolve/resolved-dns-synthesize.c -+++ b/src/resolve/resolved-dns-synthesize.c -@@ -394,7 +394,10 @@ int dns_synthesize_answer( - - name = dns_resource_key_name(key); - -- if (is_localhost(name)) { -+ if (dns_name_is_empty(name)) { -+ /* Do nothing. */ -+ -+ } else if (is_localhost(name)) { - - r = synthesize_localhost_rr(m, key, ifindex, &answer); - if (r < 0) --- -2.33.0 - diff --git a/backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch b/backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch deleted file mode 100644 index 8478b2733a9047de3a691c637025bb4f6db7ae25..0000000000000000000000000000000000000000 --- a/backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a3d2c2b669149fe7e1bfdfa0c72c39653bef2e4c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 24 Jan 2022 06:36:53 +0900 -Subject: [PATCH] resolve: synthesize null address, IPv4 broadcast address, or - invalid domain - -These are filtered in `dns_scope_good_domain()`, but not synthesized. - -Fixes #22229. - -(cherry picked from commit 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c) -(cherry picked from commit 89b439ee00e3fbee47cda3f790cbf320538cae7f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a3d2c2b669149fe7e1bfdfa0c72c39653bef2e4c ---- - src/resolve/resolved-dns-synthesize.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c -index ea239e686d..0914515fdf 100644 ---- a/src/resolve/resolved-dns-synthesize.c -+++ b/src/resolve/resolved-dns-synthesize.c -@@ -397,6 +397,14 @@ int dns_synthesize_answer( - if (dns_name_is_empty(name)) { - /* Do nothing. */ - -+ } else if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || -+ dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || -+ dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0 || -+ dns_name_endswith(name, "invalid") > 0) { -+ -+ nxdomain = true; -+ continue; -+ - } else if (is_localhost(name)) { - - r = synthesize_localhost_rr(m, key, ifindex, &answer); --- -2.33.0 - diff --git a/backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch b/backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch deleted file mode 100644 index e56b3525ffca8425183d17a84ef7c74974e41e51..0000000000000000000000000000000000000000 --- a/backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch +++ /dev/null @@ -1,563 +0,0 @@ -From 87f33d6a03d8c25393ad6472fcad5b69bb60aa6b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 5 Feb 2022 22:04:42 +0900 -Subject: [PATCH] resolve: use _cleanup_ attribute for freeing DnsQuery - -(cherry picked from commit c704288c473fa08820566fdb16c38726d24db026) -(cherry picked from commit 0533d1aab61b6a797d07c4c861acf5e87f8191e8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/87f33d6a03d8c25393ad6472fcad5b69bb60aa6b ---- - src/resolve/resolved-bus.c | 112 +++++++++++++++----------------- - src/resolve/resolved-dns-stub.c | 27 +++----- - src/resolve/resolved-varlink.c | 38 +++++------ - 3 files changed, 79 insertions(+), 98 deletions(-) - -diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c -index 78d1acf5e0..ed06895ed9 100644 ---- a/src/resolve/resolved-bus.c -+++ b/src/resolve/resolved-bus.c -@@ -179,9 +179,10 @@ static int append_address(sd_bus_message *reply, DnsResourceRecord *rr, int ifin - return 0; - } - --static void bus_method_resolve_hostname_complete(DnsQuery *q) { -+static void bus_method_resolve_hostname_complete(DnsQuery *query) { - _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - _cleanup_free_ char *normalized = NULL; - DnsQuestion *question; - DnsResourceRecord *rr; -@@ -202,8 +203,11 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - r = sd_bus_message_new_method_return(q->bus_request, &reply); - if (r < 0) -@@ -264,8 +268,6 @@ finish: - log_error_errno(r, "Failed to send hostname reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int validate_and_mangle_flags( -@@ -403,11 +405,11 @@ void bus_client_log(sd_bus_message *m, const char *what) { - - static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m = userdata; - const char *hostname; - int family, ifindex; - uint64_t flags; -- DnsQuery *q; - int r; - - assert(message); -@@ -459,21 +461,19 @@ static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - --static void bus_method_resolve_address_complete(DnsQuery *q) { -+static void bus_method_resolve_address_complete(DnsQuery *query) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsQuestion *question; - DnsResourceRecord *rr; - unsigned added = 0; -@@ -493,8 +493,11 @@ static void bus_method_resolve_address_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - r = sd_bus_message_new_method_return(q->bus_request, &reply); - if (r < 0) -@@ -550,17 +553,15 @@ finish: - log_error_errno(r, "Failed to send address reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int bus_method_resolve_address(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m = userdata; - union in_addr_union a; - int family, ifindex; - uint64_t flags; -- DnsQuery *q; - int r; - - assert(message); -@@ -604,17 +605,14 @@ static int bus_method_resolve_address(sd_bus_message *message, void *userdata, s - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int ifindex) { -@@ -645,8 +643,9 @@ static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int i - return sd_bus_message_close_container(m); - } - --static void bus_method_resolve_record_complete(DnsQuery *q) { -+static void bus_method_resolve_record_complete(DnsQuery *query) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsResourceRecord *rr; - DnsQuestion *question; - unsigned added = 0; -@@ -667,8 +666,11 @@ static void bus_method_resolve_record_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - r = sd_bus_message_new_method_return(q->bus_request, &reply); - if (r < 0) -@@ -714,19 +716,17 @@ finish: - log_error_errno(r, "Failed to send record reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; - _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m = userdata; - uint16_t class, type; - const char *name; - int r, ifindex; - uint64_t flags; -- DnsQuery *q; - - assert(message); - assert(m); -@@ -782,17 +782,14 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - static int append_srv(DnsQuery *q, sd_bus_message *reply, DnsResourceRecord *rr) { -@@ -952,10 +949,11 @@ static int append_txt(sd_bus_message *reply, DnsResourceRecord *rr) { - return 1; - } - --static void resolve_service_all_complete(DnsQuery *q) { -+static void resolve_service_all_complete(DnsQuery *query) { - _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsQuestion *question; - DnsResourceRecord *rr; - unsigned added = 0; -@@ -964,8 +962,10 @@ static void resolve_service_all_complete(DnsQuery *q) { - - assert(q); - -- if (q->block_all_complete > 0) -+ if (q->block_all_complete > 0) { -+ TAKE_PTR(q); - return; -+ } - - if ((q->flags & SD_RESOLVED_NO_ADDRESS) == 0) { - DnsQuery *bad = NULL; -@@ -977,6 +977,7 @@ static void resolve_service_all_complete(DnsQuery *q) { - - case DNS_TRANSACTION_PENDING: - /* If an auxiliary query is still pending, let's wait */ -+ TAKE_PTR(q); - return; - - case DNS_TRANSACTION_SUCCESS: -@@ -1093,8 +1094,6 @@ finish: - log_error_errno(r, "Failed to send service reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static void resolve_service_hostname_complete(DnsQuery *q) { -@@ -1119,7 +1118,7 @@ static void resolve_service_hostname_complete(DnsQuery *q) { - - static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifindex) { - _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; -- DnsQuery *aux; -+ _cleanup_(dns_query_freep) DnsQuery *aux = NULL; - int r; - - assert(q); -@@ -1142,32 +1141,27 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin - aux->complete = resolve_service_hostname_complete; - - r = dns_query_make_auxiliary(aux, q); -- if (r == -EAGAIN) { -+ if (r == -EAGAIN) - /* Too many auxiliary lookups? If so, don't complain, - * let's just not add this one, we already have more - * than enough */ -- -- dns_query_free(aux); - return 0; -- } - if (r < 0) -- goto fail; -+ return r; - - /* Note that auxiliary queries do not track the original bus - * client, only the primary request does that. */ - - r = dns_query_go(aux); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(aux); - return 1; -- --fail: -- dns_query_free(aux); -- return r; - } - --static void bus_method_resolve_service_complete(DnsQuery *q) { -+static void bus_method_resolve_service_complete(DnsQuery *query) { -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - bool has_root_domain = false; - DnsResourceRecord *rr; - DnsQuestion *question; -@@ -1188,8 +1182,11 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - question = dns_query_question_for_protocol(q, q->answer_protocol); - -@@ -1237,7 +1234,7 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { - } - - /* Maybe we are already finished? check now... */ -- resolve_service_all_complete(q); -+ resolve_service_all_complete(TAKE_PTR(q)); - return; - - finish: -@@ -1245,17 +1242,15 @@ finish: - log_error_errno(r, "Failed to send service reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int bus_method_resolve_service(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - const char *name, *type, *domain; - Manager *m = userdata; - int family, ifindex; - uint64_t flags; -- DnsQuery *q; - int r; - - assert(message); -@@ -1316,17 +1311,14 @@ static int bus_method_resolve_service(sd_bus_message *message, void *userdata, s - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - int bus_dns_server_append(sd_bus_message *reply, DnsServer *s, bool with_ifindex, bool extended) { -diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c -index 8040db70f9..400e741031 100644 ---- a/src/resolve/resolved-dns-stub.c -+++ b/src/resolve/resolved-dns-stub.c -@@ -684,7 +684,8 @@ static int dns_stub_patch_bypass_reply_packet( - return 0; - } - --static void dns_stub_query_complete(DnsQuery *q) { -+static void dns_stub_query_complete(DnsQuery *query) { -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - int r; - - assert(q); -@@ -705,7 +706,6 @@ static void dns_stub_query_complete(DnsQuery *q) { - else - (void) dns_stub_send(q->manager, q->stub_listener_extra, q->request_stream, q->request_packet, reply); - -- dns_query_free(q); - return; - } - } -@@ -717,11 +717,8 @@ static void dns_stub_query_complete(DnsQuery *q) { - q, - dns_query_question_for_protocol(q, DNS_PROTOCOL_DNS), - dns_stub_reply_with_edns0_do(q)); -- if (r < 0) { -- log_debug_errno(r, "Failed to assign sections: %m"); -- dns_query_free(q); -- return; -- } -+ if (r < 0) -+ return (void) log_debug_errno(r, "Failed to assign sections: %m"); - - switch (q->state) { - -@@ -755,11 +752,10 @@ static void dns_stub_query_complete(DnsQuery *q) { - * packet doesn't answer our question. In that case let's restart the query, - * now with the redirected question. We'll */ - r = dns_query_go(q); -- if (r < 0) { -- log_debug_errno(r, "Failed to restart query: %m"); -- dns_query_free(q); -- } -+ if (r < 0) -+ return (void) log_debug_errno(r, "Failed to restart query: %m"); - -+ TAKE_PTR(q); - return; - } - -@@ -767,11 +763,8 @@ static void dns_stub_query_complete(DnsQuery *q) { - q, - dns_query_question_for_protocol(q, DNS_PROTOCOL_DNS), - dns_stub_reply_with_edns0_do(q)); -- if (r < 0) { -- log_debug_errno(r, "Failed to assign sections: %m"); -- dns_query_free(q); -- return; -- } -+ if (r < 0) -+ return (void) log_debug_errno(r, "Failed to assign sections: %m"); - - if (cname_result == DNS_QUERY_MATCH) /* A match? Then we are done, let's return what we got */ - break; -@@ -817,8 +810,6 @@ static void dns_stub_query_complete(DnsQuery *q) { - default: - assert_not_reached("Impossible state"); - } -- -- dns_query_free(q); - } - - static int dns_stub_stream_complete(DnsStream *s, int error) { -diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c -index 27d8c8967e..6f4ab425ef 100644 ---- a/src/resolve/resolved-varlink.c -+++ b/src/resolve/resolved-varlink.c -@@ -143,9 +143,10 @@ static bool validate_and_mangle_flags( - return true; - } - --static void vl_method_resolve_hostname_complete(DnsQuery *q) { -+static void vl_method_resolve_hostname_complete(DnsQuery *query) { - _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; - _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - _cleanup_free_ char *normalized = NULL; - DnsResourceRecord *rr; - DnsQuestion *question; -@@ -165,8 +166,11 @@ static void vl_method_resolve_hostname_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - question = dns_query_question_for_protocol(q, q->answer_protocol); - -@@ -228,8 +232,6 @@ finish: - log_error_errno(r, "Failed to send hostname reply: %m"); - r = varlink_error_errno(q->varlink_request, r); - } -- -- dns_query_free(q); - } - - static int parse_as_address(Varlink *link, LookupParameters *p) { -@@ -284,7 +286,7 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va - _cleanup_(lookup_parameters_destroy) LookupParameters p = { - .family = AF_UNSPEC, - }; -- DnsQuery *q; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m; - int r; - -@@ -338,13 +340,10 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -@@ -382,8 +381,9 @@ static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDis - return 0; - } - --static void vl_method_resolve_address_complete(DnsQuery *q) { -+static void vl_method_resolve_address_complete(DnsQuery *query) { - _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsQuestion *question; - DnsResourceRecord *rr; - int ifindex, r; -@@ -402,8 +402,11 @@ static void vl_method_resolve_address_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - question = dns_query_question_for_protocol(q, q->answer_protocol); - -@@ -447,8 +450,6 @@ finish: - log_error_errno(r, "Failed to send address reply: %m"); - r = varlink_error_errno(q->varlink_request, r); - } -- -- dns_query_free(q); - } - - static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { -@@ -464,7 +465,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var - _cleanup_(lookup_parameters_destroy) LookupParameters p = { - .family = AF_UNSPEC, - }; -- DnsQuery *q; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m; - int r; - -@@ -509,13 +510,10 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - int manager_varlink_init(Manager *m) { --- -2.33.0 - diff --git a/backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch b/backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch deleted file mode 100644 index 9a7efbc5ced27f08951d703d082735c03ced9afb..0000000000000000000000000000000000000000 --- a/backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5421863a16f19ba6a85214bb17986d6015b298b3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jack=20D=C3=A4hn?= -Date: Tue, 3 Aug 2021 08:07:05 +0200 -Subject: [PATCH] resolved: Don't omit AD bit in reply if DO is set in the - query - -Set the AD bit in the response if the data is authenticated and AD or DO is set in the query, as suggested by section 5.8 of RFC6840. - -Fixes #20332 - -(cherry picked from commit b553abd8aed0f6fbff9973882fb08c3aec1d9400) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5421863a16f19ba6a85214bb17986d6015b298b3 ---- - src/resolve/resolved-dns-stub.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c -index 5b9d32f001..49da916576 100644 ---- a/src/resolve/resolved-dns-stub.c -+++ b/src/resolve/resolved-dns-stub.c -@@ -585,7 +585,7 @@ static int dns_stub_send_reply( - DNS_PACKET_RD(q->request_packet), - !!q->request_packet->opt, - edns0_do, -- DNS_PACKET_AD(q->request_packet) && dns_query_fully_authenticated(q), -+ (DNS_PACKET_AD(q->request_packet) || DNS_PACKET_DO(q->request_packet)) && dns_query_fully_authenticated(q), - DNS_PACKET_CD(q->request_packet), - q->stub_listener_extra ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX, - dns_packet_has_nsid_request(q->request_packet) > 0 && !q->stub_listener_extra); -@@ -627,7 +627,7 @@ static int dns_stub_send_failure( - DNS_PACKET_RD(p), - !!p->opt, - DNS_PACKET_DO(p), -- DNS_PACKET_AD(p) && authenticated, -+ (DNS_PACKET_AD(p) || DNS_PACKET_DO(p)) && authenticated, - DNS_PACKET_CD(p), - l ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX, - dns_packet_has_nsid_request(p) > 0 && !l); --- -2.33.0 - diff --git a/backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch b/backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch deleted file mode 100644 index f80a934fa683242cab748a6503e8dca3b8c315a4..0000000000000000000000000000000000000000 --- a/backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch +++ /dev/null @@ -1,109 +0,0 @@ -From e4f6e956abdca1b7f538845dae79e5afb708e2df Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 18:29:17 +0100 -Subject: [PATCH] resolved: clean up manager_write_resolv_conf() a bit - -Let's downgrade log messages which are not fatal for the service to -LOG_WARNING. - -And let's simplify clean-up by using _cleanup_(unlink_and_freep). - -(cherry picked from commit e2ef1e9aea24d89d1e92fa4675ddc330029b48bf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e4f6e956abdca1b7f538845dae79e5afb708e2df ---- - src/resolve/resolved-resolv-conf.c | 41 +++++++++++------------------- - 1 file changed, 15 insertions(+), 26 deletions(-) - -diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c -index d5a77605a8..100894d6b2 100644 ---- a/src/resolve/resolved-resolv-conf.c -+++ b/src/resolve/resolved-resolv-conf.c -@@ -330,7 +330,7 @@ static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet - - int manager_write_resolv_conf(Manager *m) { - _cleanup_ordered_set_free_ OrderedSet *dns = NULL, *domains = NULL; -- _cleanup_free_ char *temp_path_uplink = NULL, *temp_path_stub = NULL; -+ _cleanup_(unlink_and_freep) char *temp_path_uplink = NULL, *temp_path_stub = NULL; - _cleanup_fclose_ FILE *f_uplink = NULL, *f_stub = NULL; - int r; - -@@ -342,60 +342,49 @@ int manager_write_resolv_conf(Manager *m) { - /* Add the full list to a set, to filter out duplicates */ - r = manager_compile_dns_servers(m, &dns); - if (r < 0) -- return log_warning_errno(r, "Failed to compile list of DNS servers: %m"); -+ return log_warning_errno(r, "Failed to compile list of DNS servers, ignoring: %m"); - - r = manager_compile_search_domains(m, &domains, false); - if (r < 0) -- return log_warning_errno(r, "Failed to compile list of search domains: %m"); -+ return log_warning_errno(r, "Failed to compile list of search domains, ignoring: %m"); - - r = fopen_temporary_label(PRIVATE_UPLINK_RESOLV_CONF, PRIVATE_UPLINK_RESOLV_CONF, &f_uplink, &temp_path_uplink); - if (r < 0) -- return log_warning_errno(r, "Failed to open new %s for writing: %m", PRIVATE_UPLINK_RESOLV_CONF); -+ return log_warning_errno(r, "Failed to open new %s for writing, ignoring: %m", PRIVATE_UPLINK_RESOLV_CONF); - - (void) fchmod(fileno(f_uplink), 0644); - - r = write_uplink_resolv_conf_contents(f_uplink, dns, domains); -- if (r < 0) { -- log_error_errno(r, "Failed to write new %s: %m", PRIVATE_UPLINK_RESOLV_CONF); -- goto fail; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to write new %s, ignoring: %m", PRIVATE_UPLINK_RESOLV_CONF); - - if (m->dns_stub_listener_mode != DNS_STUB_LISTENER_NO) { - r = fopen_temporary_label(PRIVATE_STUB_RESOLV_CONF, PRIVATE_STUB_RESOLV_CONF, &f_stub, &temp_path_stub); -- if (r < 0) { -- log_warning_errno(r, "Failed to open new %s for writing: %m", PRIVATE_STUB_RESOLV_CONF); -- goto fail; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to open new %s for writing, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - - (void) fchmod(fileno(f_stub), 0644); - - r = write_stub_resolv_conf_contents(f_stub, dns, domains); -- if (r < 0) { -- log_error_errno(r, "Failed to write new %s: %m", PRIVATE_STUB_RESOLV_CONF); -- goto fail; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to write new %s, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - - r = conservative_rename(temp_path_stub, PRIVATE_STUB_RESOLV_CONF); - if (r < 0) -- log_error_errno(r, "Failed to move new %s into place: %m", PRIVATE_STUB_RESOLV_CONF); -+ log_warning_errno(r, "Failed to move new %s into place, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - -+ temp_path_stub = mfree(temp_path_stub); /* free the string explicitly, so that we don't unlink anymore */ - } else { - r = symlink_atomic_label(basename(PRIVATE_UPLINK_RESOLV_CONF), PRIVATE_STUB_RESOLV_CONF); - if (r < 0) -- log_error_errno(r, "Failed to symlink %s: %m", PRIVATE_STUB_RESOLV_CONF); -+ log_warning_errno(r, "Failed to symlink %s, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - } - - r = conservative_rename(temp_path_uplink, PRIVATE_UPLINK_RESOLV_CONF); - if (r < 0) -- log_error_errno(r, "Failed to move new %s into place: %m", PRIVATE_UPLINK_RESOLV_CONF); -- -- fail: -- if (r < 0) { -- /* Something went wrong, perform cleanup... */ -- (void) unlink(temp_path_uplink); -- (void) unlink(temp_path_stub); -- } -+ log_warning_errno(r, "Failed to move new %s into place: %m", PRIVATE_UPLINK_RESOLV_CONF); - -+ temp_path_uplink = mfree(temp_path_uplink); /* free the string explicitly, so that we don't unlink anymore */ - return r; - } - --- -2.33.0 - diff --git a/backport-resolved-fix-ResolveService-hostname-handling.patch b/backport-resolved-fix-ResolveService-hostname-handling.patch deleted file mode 100644 index f7c33d4a21e43012733ce02f326e153d7ff603a8..0000000000000000000000000000000000000000 --- a/backport-resolved-fix-ResolveService-hostname-handling.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 70f465cb5d10b7bcd7bd7c326756d542e59c0e0b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 14:37:54 +0100 -Subject: [PATCH] resolved: fix ResolveService() hostname handling - -Let's eat up special returns of dns_query_process_cname_many() when -storing hostname resolution results. - -The rest of the code assumes only == 0 means success and != 0 means -error, but so far > 0 also could mean success, let's fix that. - -Fixes: #21365 #21140 - -(This was originally broken in 1db8e6d1db0880de240e5598e28d24d708479434) - -(cherry picked from commit 5a78106ad92d3f122f7ac653eecf767f0a8948cf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/70f465cb5d10b7bcd7bd7c326756d542e59c0e0b ---- - src/resolve/resolved-bus.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c -index 7226200f00..78d1acf5e0 100644 ---- a/src/resolve/resolved-bus.c -+++ b/src/resolve/resolved-bus.c -@@ -1005,6 +1005,7 @@ static void resolve_service_all_complete(DnsQuery *q) { - goto finish; - } - -+ assert(bad->auxiliary_result < 0); - r = bad->auxiliary_result; - goto finish; - } -@@ -1112,7 +1113,7 @@ static void resolve_service_hostname_complete(DnsQuery *q) { - return; - - /* This auxiliary lookup is finished or failed, let's see if all are finished now. */ -- q->auxiliary_result = r; -+ q->auxiliary_result = r < 0 ? r : 0; - resolve_service_all_complete(q->auxiliary_for); - } - --- -2.33.0 - diff --git a/backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch b/backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch deleted file mode 100644 index ff70e3f9a52a105426365830526aec739d486847..0000000000000000000000000000000000000000 --- a/backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 018c8e8f67b699c5e5aadb73a3ddf3b8009a741a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 16:14:07 +0100 -Subject: [PATCH] resolved: make sure we don't hit an assert when dealing with - incomplete DNSSD service definitions - -Fixes: #21142 -(cherry picked from commit 8cf9898a964693b8a3c40b502af0377ede746f4d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/018c8e8f67b699c5e5aadb73a3ddf3b8009a741a ---- - src/resolve/resolved-dns-zone.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c -index b86b325144..6b3f5f707d 100644 ---- a/src/resolve/resolved-dns-zone.c -+++ b/src/resolve/resolved-dns-zone.c -@@ -94,7 +94,9 @@ void dns_zone_remove_rr(DnsZone *z, DnsResourceRecord *rr) { - DnsZoneItem *i; - - assert(z); -- assert(rr); -+ -+ if (!rr) -+ return; - - i = dns_zone_get(z, rr); - if (i) --- -2.33.0 - diff --git a/backport-resolved-properly-signal-transient-errors-back-to-NS.patch b/backport-resolved-properly-signal-transient-errors-back-to-NS.patch deleted file mode 100644 index 700839c6f438e552b148d943fc3d0a5073a59d3d..0000000000000000000000000000000000000000 --- a/backport-resolved-properly-signal-transient-errors-back-to-NS.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 7ab91cb307eb0a518f4a956674a108221538fc88 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 15:17:34 +0100 -Subject: [PATCH] resolved: properly signal transient errors back to NSS stack - -NSS mostly knows four error cases: SUCCESS, NOTFOUND, UNAVAIL, TRYAGAIN, -and they can all be used in nsswitch.conf to route requests. - -So far nss-resolve would return SUCCESS + NOTFOUND + UNAVAIL. Let's also -return TRYAGAIN in some cases, specifically the ones where we are -currntly unable to resolve a request but likely could later. i.e. -errors caused by networking issues or such. - -Fixes: #20786 -(cherry picked from commit ae78529fc75027b3487b64e0d22a572fd9c8ffeb) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7ab91cb307eb0a518f4a956674a108221538fc88 ---- - src/nss-resolve/nss-resolve.c | 55 +++++++++++++++++++++++++++++------ - 1 file changed, 46 insertions(+), 9 deletions(-) - -diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c -index e2a29475a2..4f54973202 100644 ---- a/src/nss-resolve/nss-resolve.c -+++ b/src/nss-resolve/nss-resolve.c -@@ -41,6 +41,9 @@ NSS_GETHOSTBYNAME_PROTOTYPES(resolve); - NSS_GETHOSTBYADDR_PROTOTYPES(resolve); - - static bool error_shall_fallback(const char *error_id) { -+ /* The Varlink errors where we shall signal "please fallback" back to the NSS stack, so that some -+ * fallback module can be loaded. (These are mostly all Varlink-internal errors, as apparently we -+ * then were unable to even do IPC with systemd-resolved.) */ - return STR_IN_SET(error_id, - VARLINK_ERROR_DISCONNECTED, - VARLINK_ERROR_TIMEOUT, -@@ -50,6 +53,16 @@ static bool error_shall_fallback(const char *error_id) { - VARLINK_ERROR_METHOD_NOT_IMPLEMENTED); - } - -+static bool error_shall_try_again(const char *error_id) { -+ /* The Varlink errors where we shall signal "can't answer now but might be able to later" back to the -+ * NSS stack. These are all errors that indicate lack of configuration or network problems. */ -+ return STR_IN_SET(error_id, -+ "io.systemd.Resolve.NoNameServers", -+ "io.systemd.Resolve.QueryTimedOut", -+ "io.systemd.Resolve.MaxAttemptsReached", -+ "io.systemd.Resolve.NetworkDown"); -+} -+ - static int connect_to_resolved(Varlink **ret) { - _cleanup_(varlink_unrefp) Varlink *link = NULL; - int r; -@@ -242,9 +255,11 @@ enum nss_status _nss_resolve_gethostbyname4_r( - if (r < 0) - goto fail; - if (!isempty(error_id)) { -- if (!error_shall_fallback(error_id)) -- goto not_found; -- goto fail; -+ if (error_shall_try_again(error_id)) -+ goto try_again; -+ if (error_shall_fallback(error_id)) -+ goto fail; -+ goto not_found; - } - - r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, NULL, json_dispatch_flags, &p); -@@ -341,6 +356,12 @@ fail: - not_found: - *h_errnop = HOST_NOT_FOUND; - return NSS_STATUS_NOTFOUND; -+ -+try_again: -+ UNPROTECT_ERRNO; -+ *errnop = -r; -+ *h_errnop = TRY_AGAIN; -+ return NSS_STATUS_TRYAGAIN; - } - - enum nss_status _nss_resolve_gethostbyname3_r( -@@ -390,9 +411,11 @@ enum nss_status _nss_resolve_gethostbyname3_r( - if (r < 0) - goto fail; - if (!isempty(error_id)) { -- if (!error_shall_fallback(error_id)) -- goto not_found; -- goto fail; -+ if (error_shall_try_again(error_id)) -+ goto try_again; -+ if (error_shall_fallback(error_id)) -+ goto fail; -+ goto not_found; - } - - r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, NULL, json_dispatch_flags, &p); -@@ -508,6 +531,12 @@ fail: - not_found: - *h_errnop = HOST_NOT_FOUND; - return NSS_STATUS_NOTFOUND; -+ -+try_again: -+ UNPROTECT_ERRNO; -+ *errnop = -r; -+ *h_errnop = TRY_AGAIN; -+ return NSS_STATUS_TRYAGAIN; - } - - typedef struct ResolveAddressReply { -@@ -594,9 +623,11 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( - if (r < 0) - goto fail; - if (!isempty(error_id)) { -- if (!error_shall_fallback(error_id)) -- goto not_found; -- goto fail; -+ if (error_shall_try_again(error_id)) -+ goto try_again; -+ if (error_shall_fallback(error_id)) -+ goto fail; -+ goto not_found; - } - - r = json_dispatch(rparams, resolve_address_reply_dispatch_table, NULL, json_dispatch_flags, &p); -@@ -694,6 +725,12 @@ fail: - not_found: - *h_errnop = HOST_NOT_FOUND; - return NSS_STATUS_NOTFOUND; -+ -+try_again: -+ UNPROTECT_ERRNO; -+ *errnop = -r; -+ *h_errnop = TRY_AGAIN; -+ return NSS_STATUS_TRYAGAIN; - } - - NSS_GETHOSTBYNAME_FALLBACKS(resolve); --- -2.33.0 - diff --git a/backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch b/backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch deleted file mode 100644 index ff081de33ff5b9fa26ceb484867f64f57b15193d..0000000000000000000000000000000000000000 --- a/backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 8280bec34df8e35592f4a4a549127471a9199231 Mon Sep 17 00:00:00 2001 -From: Steven Siloti -Date: Sun, 11 Jul 2021 11:05:26 -0700 -Subject: [PATCH] resolved: retry on SERVFAIL before downgrading feature level - -The SERVFAIL RCODE can be generated for many reasons which may not be related -to lack of feature support. For example, the Stubby resolver generates -SERVFAIL when a request times out. Such transient failures can cause -unnecessary downgrades to both the transaction and the server's feature level. -The consequences of this are especially severe if the server is in DNSSEC -strict mode. In this case repeated downgrades eventually cause the server to -stop resolving entirely with the error "incompatible-server". - -To avoid unnecessary downgrades the request should be retried once with the -current level before the transaction's feature level is downgraded. - -(cherry picked from commit 8a33aa199dc1cea14494469ac9d7d08dc6721df1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8280bec34df8e35592f4a4a549127471a9199231 ---- - src/resolve/resolved-dns-server.c | 3 +- - src/resolve/resolved-dns-transaction.c | 43 +++++++++++++++++--------- - 2 files changed, 29 insertions(+), 17 deletions(-) - -diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c -index e7a4bce71a..58a1376708 100644 ---- a/src/resolve/resolved-dns-server.c -+++ b/src/resolve/resolved-dns-server.c -@@ -362,9 +362,8 @@ void dns_server_packet_rcode_downgrade(DnsServer *s, DnsServerFeatureLevel level - if (s->possible_feature_level > level) { - s->possible_feature_level = level; - dns_server_reset_counters(s); -+ log_debug("Downgrading transaction feature level fixed an RCODE error, downgrading server %s too.", strna(dns_server_string_full(s))); - } -- -- log_debug("Downgrading transaction feature level fixed an RCODE error, downgrading server %s too.", strna(dns_server_string_full(s))); - } - - void dns_server_packet_invalid(DnsServer *s, DnsServerFeatureLevel level) { -diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c -index 9535a7ba4c..cf10c5c359 100644 ---- a/src/resolve/resolved-dns-transaction.c -+++ b/src/resolve/resolved-dns-transaction.c -@@ -1142,22 +1142,35 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt - break; - } - -- /* Reduce this feature level by one and try again. */ -- switch (t->current_feature_level) { -- case DNS_SERVER_FEATURE_LEVEL_TLS_DO: -- t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; -- break; -- case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: -- /* Skip plain TLS when TLS is not supported */ -- t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; -- break; -- default: -- t->clamp_feature_level_servfail = t->current_feature_level - 1; -- } -+ /* SERVFAIL can happen for many reasons and may be transient. -+ * To avoid unnecessary downgrades retry once with the initial level. -+ * Check for clamp_feature_level_servfail having an invalid value as a sign that this is the -+ * first attempt to downgrade. If so, clamp to the current value so that the transaction -+ * is retried without actually downgrading. If the next try also fails we will downgrade by -+ * hitting the else branch below. */ -+ if (DNS_PACKET_RCODE(p) == DNS_RCODE_SERVFAIL && -+ t->clamp_feature_level_servfail < 0) { -+ t->clamp_feature_level_servfail = t->current_feature_level; -+ log_debug("Server returned error %s, retrying transaction.", -+ dns_rcode_to_string(DNS_PACKET_RCODE(p))); -+ } else { -+ /* Reduce this feature level by one and try again. */ -+ switch (t->current_feature_level) { -+ case DNS_SERVER_FEATURE_LEVEL_TLS_DO: -+ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; -+ break; -+ case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: -+ /* Skip plain TLS when TLS is not supported */ -+ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; -+ break; -+ default: -+ t->clamp_feature_level_servfail = t->current_feature_level - 1; -+ } - -- log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", -- dns_rcode_to_string(DNS_PACKET_RCODE(p)), -- dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); -+ log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", -+ dns_rcode_to_string(DNS_PACKET_RCODE(p)), -+ dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); -+ } - - dns_transaction_retry(t, false /* use the same server */); - return; --- -2.33.0 - diff --git a/backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch b/backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch deleted file mode 100644 index 6c2d00f3125e268e644a1eef393b5147a873ea18..0000000000000000000000000000000000000000 --- a/backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b2804757c8520b5cc133d9a3078f6fbec4a69cb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 27 Sep 2021 14:28:16 +0200 -Subject: [PATCH] resolved: suppress writing DNS server info into - /etc/resolv.conf for non-standard UDP ports - -glibc doesn't support this, hence don#t generate it. - -Fixes: #20836 -(cherry picked from commit a50dadf2fd7413bbfc26af7e2ad2900b3e06af82) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2b2804757c8520b5cc133d9a3078f6fbec4a69cb ---- - src/resolve/resolved-resolv-conf.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c -index dd02d368e9..d5a77605a8 100644 ---- a/src/resolve/resolved-resolv-conf.c -+++ b/src/resolve/resolved-resolv-conf.c -@@ -216,6 +216,13 @@ static void write_resolv_conf_server(DnsServer *s, FILE *f, unsigned *count) { - return; - } - -+ /* resolv.conf simply doesn't support any other ports than 53, hence there's nothing much we can -+ * do — we have to suppress these entries */ -+ if (dns_server_port(s) != 53) { -+ log_debug("DNS server %s with non-standard UDP port number, suppressing from generated resolv.conf.", dns_server_string(s)); -+ return; -+ } -+ - /* Check if the scope this DNS server belongs to is suitable as 'default' route for lookups; resolv.conf does - * not have a syntax to express that, so it must not appear as a global name server to avoid routing unrelated - * domains to it (which is a privacy violation, will most probably fail anyway, and adds unnecessary load) */ --- -2.33.0 - diff --git a/backport-revert-delete-initrd-usr-fs-target.patch b/backport-revert-delete-initrd-usr-fs-target.patch deleted file mode 100644 index 15deec132c978e29f82f00e5f14b65bb97c6b0b7..0000000000000000000000000000000000000000 --- a/backport-revert-delete-initrd-usr-fs-target.patch +++ /dev/null @@ -1,237 +0,0 @@ -From 29a24ab28e9790680348b1ffab653a321fa49a67 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 26 Mar 2021 22:40:40 +0100 -Subject: [PATCH] fstab-generator: if usr= is specified, mount it to - /sysusr/usr/ first. - - This reverts 29a24ab28e9790680348b1ffab653a321fa49a67 - -Reason: In systemd 249, at initrd stage, /usr fs will be mounted on /sysroot, or on /sysusr. -This will cause sysroot.mount to be run ahead of time. But at this time, the lvm of extra file directory is inactive, -This will make the crashed system have to wait 5 minutes. So we revert the commit, and don't mount sysroot in advance. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/29a24ab28e9790680348b1ffab653a321fa49a67 ---- - src/basic/special.h | 1 - - src/fstab-generator/fstab-generator.c | 90 ++++---------------------- - units/initrd-usr-fs.target | 17 ----- - units/initrd.target | 4 +- - units/meson.build | 1 - - units/systemd-repart.service.in | 2 +- - units/systemd-volatile-root.service.in | 2 +- - 7 files changed, 17 insertions(+), 100 deletions(-) - delete mode 100644 units/initrd-usr-fs.target - -diff --git a/src/basic/special.h b/src/basic/special.h -index 78f22f1..8b01df8 100644 ---- a/src/basic/special.h -+++ b/src/basic/special.h -@@ -37,7 +37,6 @@ - #define SPECIAL_INITRD_FS_TARGET "initrd-fs.target" - #define SPECIAL_INITRD_ROOT_DEVICE_TARGET "initrd-root-device.target" - #define SPECIAL_INITRD_ROOT_FS_TARGET "initrd-root-fs.target" --#define SPECIAL_INITRD_USR_FS_TARGET "initrd-usr-fs.target" - #define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */ - #define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target" - #define SPECIAL_SWAP_TARGET "swap.target" -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index a4e3ea5..54bfbc2 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -758,10 +758,6 @@ static int add_sysroot_mount(void) { - static int add_sysroot_usr_mount(void) { - _cleanup_free_ char *what = NULL; - const char *opts; -- int r; -- -- /* Returns 0 if we didn't do anything, > 0 if we either generated a unit for the /usr/ mount, or we -- * know for sure something else did */ - - if (!arg_usr_what && !arg_usr_fstype && !arg_usr_options) - return 0; -@@ -785,23 +781,8 @@ static int add_sysroot_usr_mount(void) { - return log_oom(); - } - -- if (isempty(arg_usr_what)) { -- log_debug("Could not find a usr= entry on the kernel command line."); -+ if (!arg_usr_what) - return 0; -- } -- -- if (streq(arg_usr_what, "gpt-auto")) { -- /* This is handled by the gpt-auto generator */ -- log_debug("Skipping /usr/ directory handling, as gpt-auto was requested."); -- return 1; /* systemd-gpt-auto-generator will generate a unit for this, hence report that a -- * unit file is being created for the host /usr/ mount. */ -- } -- -- if (path_equal(arg_usr_what, "/dev/nfs")) { -- /* This is handled by the initrd (if at all supported, that is) */ -- log_debug("Skipping /usr/ directory handling, as /dev/nfs was requested."); -- return 1; /* As above, report that NFS code will create the unit */ -- } - - what = fstab_node_to_udev_node(arg_usr_what); - if (!what) -@@ -814,62 +795,17 @@ static int add_sysroot_usr_mount(void) { - else - opts = arg_usr_options; - -- /* When mounting /usr from the initrd, we add an extra level of indirection: we first mount the /usr/ -- * partition to /sysusr/usr/, and then afterwards bind mount that to /sysroot/usr/. We do this so -- * that we can cover for systems that initially only have a /usr/ around and where the root fs needs -- * to be synthesized, based on configuration included in /usr/, e.g. systemd-repart. Software like -- * this should order itself after initrd-usr-fs.target and before initrd-fs.target; and it should -- * look into both /sysusr/ and /sysroot/ for the configuration data to apply. */ -- -- log_debug("Found entry what=%s where=/sysusr/usr type=%s opts=%s", what, strna(arg_usr_fstype), strempty(opts)); -- -- r = add_mount(arg_dest, -- what, -- "/sysusr/usr", -- NULL, -- arg_usr_fstype, -- opts, -- is_device_path(what) ? 1 : 0, /* passno */ -- 0, -- SPECIAL_INITRD_USR_FS_TARGET, -- "/proc/cmdline"); -- if (r < 0) -- return r; -- -- log_debug("Synthesizing entry what=/sysusr/usr where=/sysrootr/usr opts=bind"); -- -- r = add_mount(arg_dest, -- "/sysusr/usr", -- "/sysroot/usr", -- NULL, -- NULL, -- "bind", -- 0, -- 0, -- SPECIAL_INITRD_FS_TARGET, -- "/proc/cmdline"); -- if (r < 0) -- return r; -- -- return 1; --} -- --static int add_sysroot_usr_mount_or_fallback(void) { -- int r; -- -- r = add_sysroot_usr_mount(); -- if (r != 0) -- return r; -- -- /* OK, so we didn't write anything out for /sysusr/usr/ nor /sysroot/usr/. In this case, let's make -- * sure that initrd-usr-fs.target is at least ordered after sysroot.mount so that services that order -- * themselves get the guarantee that /usr/ is definitely mounted somewhere. */ -- -- return generator_add_symlink( -- arg_dest, -- SPECIAL_INITRD_USR_FS_TARGET, -- "requires", -- "sysroot.mount"); -+ log_debug("Found entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype)); -+ return add_mount(arg_dest, -+ what, -+ "/sysroot/usr", -+ NULL, -+ arg_usr_fstype, -+ opts, -+ is_device_path(what) ? 1 : 0, /* passno */ -+ 0, -+ SPECIAL_INITRD_FS_TARGET, -+ "/proc/cmdline"); - } - - static int add_volatile_root(void) { -@@ -1031,7 +967,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late) - if (in_initrd()) { - r = add_sysroot_mount(); - -- r2 = add_sysroot_usr_mount_or_fallback(); -+ r2 = add_sysroot_usr_mount(); - - r3 = add_volatile_root(); - } else -diff --git a/units/initrd-usr-fs.target b/units/initrd-usr-fs.target -deleted file mode 100644 -index 7219655..0000000 ---- a/units/initrd-usr-fs.target -+++ /dev/null -@@ -1,17 +0,0 @@ --# SPDX-License-Identifier: LGPL-2.1-or-later --# --# This file is part of systemd. --# --# systemd is free software; you can redistribute it and/or modify it --# under the terms of the GNU Lesser General Public License as published by --# the Free Software Foundation; either version 2.1 of the License, or --# (at your option) any later version. -- --[Unit] --Description=Initrd /usr File System --Documentation=man:systemd.special(7) --AssertPathExists=/etc/initrd-release --OnFailure=emergency.target --OnFailureJobMode=replace-irreversibly --DefaultDependencies=no --Conflicts=shutdown.target -diff --git a/units/initrd.target b/units/initrd.target -index fc8fbff..655158a 100644 ---- a/units/initrd.target -+++ b/units/initrd.target -@@ -14,6 +14,6 @@ OnFailure=emergency.target - OnFailureJobMode=replace-irreversibly - AssertPathExists=/etc/initrd-release - Requires=basic.target --Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target initrd-parse-etc.service --After=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target basic.target rescue.service rescue.target -+Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service -+After=initrd-root-fs.target initrd-root-device.target initrd-fs.target basic.target rescue.service rescue.target - AllowIsolate=yes -diff --git a/units/meson.build b/units/meson.build -index df6741b..31fedf5 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -38,7 +38,6 @@ units = [ - ['initrd-switch-root.service', 'ENABLE_INITRD'], - ['initrd-switch-root.target', 'ENABLE_INITRD'], - ['initrd-udevadm-cleanup-db.service', 'ENABLE_INITRD'], -- ['initrd-usr-fs.target', 'ENABLE_INITRD'], - ['initrd.target', 'ENABLE_INITRD'], - ['kexec.target', ''], - ['ldconfig.service', 'ENABLE_LDCONFIG', -diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in -index 92e0a9b..f39a990 100644 ---- a/units/systemd-repart.service.in -+++ b/units/systemd-repart.service.in -@@ -12,7 +12,7 @@ Description=Repartition Root Disk - Documentation=man:systemd-repart.service(8) - DefaultDependencies=no - Conflicts=shutdown.target --After=initrd-usr-fs.target -+After=sysroot.mount - Before=initrd-root-fs.target shutdown.target - ConditionVirtualization=!container - ConditionDirectoryNotEmpty=|/usr/lib/repart.d -diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in -index 5a0ec89..37eb23c 100644 ---- a/units/systemd-volatile-root.service.in -+++ b/units/systemd-volatile-root.service.in -@@ -12,7 +12,7 @@ Description=Enforce Volatile Root File Systems - Documentation=man:systemd-volatile-root.service(8) - DefaultDependencies=no - Conflicts=shutdown.target --After=sysroot.mount sysroot-usr.mount systemd-repart.service -+After=sysroot.mount systemd-repart.service - Before=initrd-root-fs.target shutdown.target - AssertPathExists=/etc/initrd-release - --- -2.33.0 - diff --git a/backport-revert-units-add-ProtectClock-yes.patch b/backport-revert-units-add-ProtectClock-yes.patch deleted file mode 100644 index 2612b28cf4b5c051eae74939cd5a0b9a97c523f0..0000000000000000000000000000000000000000 --- a/backport-revert-units-add-ProtectClock-yes.patch +++ /dev/null @@ -1,46 +0,0 @@ -From cabc1c6d7adae658a2966a4b02a6faabb803e92b Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Thu, 2 Apr 2020 21:18:11 +0300 -Subject: [PATCH] units: add ProtectClock=yes - -Add `ProtectClock=yes` to systemd units. Since it implies certain -`DeviceAllow=` rules, make sure that the units have `DeviceAllow=` rules so -they are still able to access other devices. Exclude timesyncd and timedated. - -=== -Conflict:this only revert systemd-udevd.service.in -Reference:https://github.com/systemd/systemd/commit/cabc1c6d7adae658a2966a4b02a6faabb803e92b - -When DeviceAllow is configured, devices.deny will first be set to "a", and -then devices.allow be set based on DeviceAllow, which makes devices.list -between these two steps is not reliable. Only revert systemd-udevd.service.in -because udevd can fork subprocess to execute udev rules, which may affect user -process. ---- - units/systemd-udevd.service.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index 7b6354a..30746c1 100644 ---- a/units/systemd-udevd.service.in -+++ b/units/systemd-udevd.service.in -@@ -17,8 +17,6 @@ ConditionPathIsReadWrite=/sys - - [Service] - Delegate=pids --DeviceAllow=block-* rwm --DeviceAllow=char-* rwm - Type=notify - # Note that udev will reset the value internally for its workers - OOMScoreAdjust=-1000 -@@ -30,7 +28,6 @@ ExecReload=udevadm control --reload --timeout 0 - KillMode=mixed - TasksMax=infinity - PrivateMounts=yes --ProtectClock=yes - ProtectHostname=yes - MemoryDenyWriteExecute=yes - RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 --- -2.23.0 - diff --git a/backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch b/backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch deleted file mode 100644 index f1318d9eefacac9f2cf07fd70002a2520d20316d..0000000000000000000000000000000000000000 --- a/backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch +++ /dev/null @@ -1,70 +0,0 @@ -From fb999b918462361fefa435f86884f81edff503c5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 30 Aug 2021 13:21:55 +0200 -Subject: [PATCH] run/mount/systemctl: don't fork off PolicyKit/ask-pw agent - when in --user mode - -When we are in --user mode there's no point in doing PolicyKit/ask-pw -because both of these systems are only used by system-level services. -Let's disable the two agents for that automaticlly hence. - -Prompted by: #20576 - -(cherry picked from commit 966f3a246c8c804d8a9c9d393f03c5c3fe0dd393) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fb999b918462361fefa435f86884f81edff503c5 ---- - src/mount/mount-tool.c | 3 +++ - src/run/run.c | 4 ++++ - src/systemctl/systemctl.c | 5 +++++ - 3 files changed, 12 insertions(+) - -diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c -index c213c905a1..70b4c5a765 100644 ---- a/src/mount/mount-tool.c -+++ b/src/mount/mount-tool.c -@@ -332,6 +332,9 @@ static int parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option"); - } - -+ if (arg_user) -+ arg_ask_password = false; -+ - if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Execution in user context is not supported on non-local systems."); -diff --git a/src/run/run.c b/src/run/run.c -index 38de0322e0..1c83e36e4e 100644 ---- a/src/run/run.c -+++ b/src/run/run.c -@@ -506,6 +506,10 @@ static int parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option"); - } - -+ /* If we are talking to the per-user instance PolicyKit isn't going to help */ -+ if (arg_user) -+ arg_ask_password = false; -+ - with_trigger = !!arg_path_property || !!arg_socket_property || arg_with_timer; - - /* currently, only single trigger (path, socket, timer) unit can be created simultaneously */ -diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 4cc723aab5..2f6f58127c 100644 ---- a/src/systemctl/systemctl.c -+++ b/src/systemctl/systemctl.c -@@ -925,6 +925,11 @@ static int systemctl_parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option"); - } - -+ /* If we are in --user mode, there's no point in talking to PolicyKit or the infra to query system -+ * passwords */ -+ if (arg_scope != UNIT_FILE_SYSTEM) -+ arg_ask_password = false; -+ - if (arg_transport == BUS_TRANSPORT_REMOTE && arg_scope != UNIT_FILE_SYSTEM) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Cannot access user instance remotely."); --- -2.33.0 - diff --git a/backport-scope-count-successful-cgroup-additions-when-delegat.patch b/backport-scope-count-successful-cgroup-additions-when-delegat.patch deleted file mode 100644 index 6393e0f270319e7617176bfd0cf0456b9464e49a..0000000000000000000000000000000000000000 --- a/backport-scope-count-successful-cgroup-additions-when-delegat.patch +++ /dev/null @@ -1,51 +0,0 @@ -From be509064edba9863521a77a4a20a6e1a0971693e Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Wed, 10 Nov 2021 22:46:35 +0100 -Subject: [PATCH] scope: count successful cgroup additions when delegating via - D-Bus - -Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse -activation of scopes if no PIDs to add are left") all "systemd-run --scope ---user" calls fail because cgroup attachments delegated to the system instance -are not counted towards successful additions. Fix this by incrementing the -return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to -what happens when cg_attach() succeeds directly. - -Note that this can *not* distinguish the case when -unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all -processes to attach are gone in the meantime, unlike the checks that commit -8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is -because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal -unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include -the number of successfully attached processes and is always NULL on success. - -Fixes: #21297 - -(cherry picked from commit c65417a01121301fdf7f8514ee7663d287af3a72) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/be509064edba9863521a77a4a20a6e1a0971693e ---- - src/core/cgroup.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 51936b7d1d..79e10ca3c0 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2188,8 +2188,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); - if (z < 0) - log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); -- else -+ else { -+ if (ret >= 0) -+ ret++; /* Count successful additions */ - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ -+ } - } - - if (ret >= 0) --- -2.33.0 - diff --git a/backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch b/backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch deleted file mode 100644 index 54b281492203ecefce8c8bda3b196ced45b45eb4..0000000000000000000000000000000000000000 --- a/backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 7ecb1b82d9b55a081d81b2802695fd21293ce029 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 27 Oct 2021 23:17:50 +0200 -Subject: [PATCH] scope: refuse activation of scopes if no PIDs to add are left - -If all processes we are supposed to add are gone by the time we are -ready to do so, let's fail. - -THis is heavily based on Cunlong Li's work, who thankfully tracked this -down. - -Replaces: #20577 -(cherry picked from commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7ecb1b82d9b55a081d81b2802695fd21293ce029 ---- - src/core/cgroup.c | 3 ++- - src/core/scope.c | 6 ++++++ - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 1551d57e90..51936b7d1d 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2196,7 +2196,8 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - ret = r; /* Remember first error */ - - continue; -- } -+ } else if (ret >= 0) -+ ret++; /* Count successful additions */ - - r = cg_all_unified(); - if (r < 0) -diff --git a/src/core/scope.c b/src/core/scope.c -index af6311bb5f..fd4367dbed 100644 ---- a/src/core/scope.c -+++ b/src/core/scope.c -@@ -374,6 +374,12 @@ static int scope_start(Unit *u) { - scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); - return r; - } -+ if (r == 0) { -+ log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing: %m"); -+ scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); -+ return -ECHILD; -+ } -+ log_unit_debug(u, "%i %s added to scope's control group.", r, r == 1 ? "process" : "processes"); - - s->result = SCOPE_SUCCESS; - --- -2.33.0 - diff --git a/backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch b/backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch deleted file mode 100644 index 7d2d34fbb23e79db5013bc083d904d33d07c0c4c..0000000000000000000000000000000000000000 --- a/backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 9442b2f78f17309bb1c2bca0df735728b03ee732 Mon Sep 17 00:00:00 2001 -From: Wenchao Hao -Date: Sun, 28 Aug 2022 16:44:56 +0800 -Subject: [PATCH] scsi_id: retry inquiry ioctl if host_byte is - DID_TRANSPORT_DISRUPTED - -The inquiry is issued to kernel via ioctl, kernelspace would set -this inquiry command's retry count to 0 which means the command -would not be retried in kernel space even if the LLDs returned -a status which need to be retried. So we should take the retry -in user space. ---- - src/udev/scsi_id/scsi_serial.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/udev/scsi_id/scsi_serial.c b/src/udev/scsi_id/scsi_serial.c -index cfc13feced..992d1cf25b 100644 ---- a/src/udev/scsi_id/scsi_serial.c -+++ b/src/udev/scsi_id/scsi_serial.c -@@ -69,6 +69,7 @@ static const char hex_str[]="0123456789abcdef"; - #define DID_NO_CONNECT 0x01 /* Unable to connect before timeout */ - #define DID_BUS_BUSY 0x02 /* Bus remain busy until timeout */ - #define DID_TIME_OUT 0x03 /* Timed out for some other reason */ -+#define DID_TRANSPORT_DISRUPTED 0x0e /* Transport disrupted and should retry */ - #define DRIVER_TIMEOUT 0x06 - #define DRIVER_SENSE 0x08 /* Sense_buffer has been set */ - -@@ -79,6 +80,7 @@ static const char hex_str[]="0123456789abcdef"; - #define SG_ERR_CAT_TIMEOUT 3 - #define SG_ERR_CAT_RECOVERED 4 /* Successful command after recovered err */ - #define SG_ERR_CAT_NOTSUPPORTED 5 /* Illegal / unsupported command */ -+#define SG_ERR_CAT_RETRY 6 /* Command should be retried */ - #define SG_ERR_CAT_SENSE 98 /* Something else in the sense buffer */ - #define SG_ERR_CAT_OTHER 99 /* Some other error/warning */ - -@@ -126,6 +128,8 @@ static int sg_err_category_new(int scsi_status, int msg_status, int - if (host_status) { - if (IN_SET(host_status, DID_NO_CONNECT, DID_BUS_BUSY, DID_TIME_OUT)) - return SG_ERR_CAT_TIMEOUT; -+ if (host_status == DID_TRANSPORT_DISRUPTED) -+ return SG_ERR_CAT_RETRY; - } - if (driver_status) { - if (driver_status == DRIVER_TIMEOUT) -@@ -332,6 +336,8 @@ resend: - case SG_ERR_CAT_RECOVERED: - retval = 0; - break; -+ case SG_ERR_CAT_RETRY: -+ break; - - default: - if (dev_scsi->use_sg == 4) --- -2.27.0 - diff --git a/backport-sd-boot-Fix-possible-null-pointer-dereference.patch b/backport-sd-boot-Fix-possible-null-pointer-dereference.patch deleted file mode 100644 index 4e9aec9755d731db118cf07a9cb6e3eedb40e307..0000000000000000000000000000000000000000 --- a/backport-sd-boot-Fix-possible-null-pointer-dereference.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 872d101c2308e07c523fd6ca84bd774447f05b7e Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Wed, 11 Aug 2021 14:59:46 +0200 -Subject: [PATCH] sd-boot: Fix possible null pointer dereference - -Auto entries are showing garbage for the version in print_status() -because StrDuplicate does not expect null pointers. - -(cherry picked from commit b52fafb26d90b77cfc259fcbdab3c95a571bacb1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/872d101c2308e07c523fd6ca84bd774447f05b7e ---- - src/boot/efi/boot.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 3249171ec1..13940a6df7 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -1724,7 +1724,7 @@ static ConfigEntry *config_entry_add_loader( - *entry = (ConfigEntry) { - .type = type, - .title = StrDuplicate(title), -- .version = StrDuplicate(version), -+ .version = version ? StrDuplicate(version) : NULL, - .device = device, - .loader = StrDuplicate(loader), - .id = StrDuplicate(id), --- -2.33.0 - diff --git a/backport-sd-boot-Rework-console-input-handling.patch b/backport-sd-boot-Rework-console-input-handling.patch deleted file mode 100644 index 263eb2a56603aab342b098477eee5b349a460c85..0000000000000000000000000000000000000000 --- a/backport-sd-boot-Rework-console-input-handling.patch +++ /dev/null @@ -1,323 +0,0 @@ -From 9e47ea7c98d1f4e0a75edb5d1590e5742f253317 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Wed, 11 Aug 2021 14:59:46 +0200 -Subject: [PATCH] sd-boot: Rework console input handling - -Fixes: #15847 -Probably fixes: #19191 - -(cherry picked from commit e98d271e57f3d0356e444b6ea2d48836ee2769b0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9e47ea7c98d1f4e0a75edb5d1590e5742f253317 ---- - src/boot/efi/boot.c | 55 +++++++--------------- - src/boot/efi/console.c | 102 +++++++++++++++++++++++++++++------------ - src/boot/efi/console.h | 2 +- - 3 files changed, 91 insertions(+), 68 deletions(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 54d704f0d1..b4f3b9605a 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -134,7 +134,7 @@ static BOOLEAN line_edit( - uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, print); - uefi_call_wrapper(ST->ConOut->SetCursorPosition, 3, ST->ConOut, cursor, y_pos); - -- err = console_key_read(&key, TRUE); -+ err = console_key_read(&key, 0); - if (EFI_ERROR(err)) - continue; - -@@ -387,7 +387,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - Print(L"OsIndicationsSupported: %d\n", indvar); - - Print(L"\n--- press key ---\n\n"); -- console_key_read(&key, TRUE); -+ console_key_read(&key, 0); - - Print(L"timeout: %u\n", config->timeout_sec); - if (config->timeout_sec_efivar >= 0) -@@ -432,7 +432,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - Print(L"LoaderEntryDefault: %s\n", defaultstr); - - Print(L"\n--- press key ---\n\n"); -- console_key_read(&key, TRUE); -+ console_key_read(&key, 0); - - for (UINTN i = 0; i < config->entry_count; i++) { - ConfigEntry *entry; -@@ -482,7 +482,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - entry->path, entry->next_name); - - Print(L"\n--- press key ---\n\n"); -- console_key_read(&key, TRUE); -+ console_key_read(&key, 0); - } - - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); -@@ -509,11 +509,10 @@ static BOOLEAN menu_run( - UINTN y_max; - CHAR16 *status; - CHAR16 *clearline; -- INTN timeout_remain; -+ UINTN timeout_remain = config->timeout_sec; - INT16 idx; - BOOLEAN exit = FALSE; - BOOLEAN run = TRUE; -- BOOLEAN wait = FALSE; - - graphics_mode(FALSE); - uefi_call_wrapper(ST->ConIn->Reset, 2, ST->ConIn, FALSE); -@@ -538,12 +537,6 @@ static BOOLEAN menu_run( - y_max = 25; - } - -- /* we check 10 times per second for a keystroke */ -- if (config->timeout_sec > 0) -- timeout_remain = config->timeout_sec * 10; -- else -- timeout_remain = -1; -- - idx_highlight = config->idx_default; - idx_highlight_prev = 0; - -@@ -643,7 +636,7 @@ static BOOLEAN menu_run( - - if (timeout_remain > 0) { - FreePool(status); -- status = PoolPrint(L"Boot in %d sec.", (timeout_remain + 5) / 10); -+ status = PoolPrint(L"Boot in %d s.", timeout_remain); - } - - /* print status at last line of screen */ -@@ -664,27 +657,18 @@ static BOOLEAN menu_run( - uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, clearline+1 + x + len); - } - -- err = console_key_read(&key, wait); -- if (EFI_ERROR(err)) { -- /* timeout reached */ -+ err = console_key_read(&key, timeout_remain > 0 ? 1000 * 1000 : 0); -+ if (err == EFI_TIMEOUT) { -+ timeout_remain--; - if (timeout_remain == 0) { - exit = TRUE; - break; - } - -- /* sleep and update status */ -- if (timeout_remain > 0) { -- uefi_call_wrapper(BS->Stall, 1, 100 * 1000); -- timeout_remain--; -- continue; -- } -- -- /* timeout disabled, wait for next key */ -- wait = TRUE; -+ /* update status */ - continue; -- } -- -- timeout_remain = -1; -+ } else -+ timeout_remain = 0; - - /* clear status after keystroke */ - if (status) { -@@ -787,7 +771,7 @@ static BOOLEAN menu_run( - config->timeout_sec_efivar, - EFI_VARIABLE_NON_VOLATILE); - if (config->timeout_sec_efivar > 0) -- status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); -+ status = PoolPrint(L"Menu timeout set to %d s.", config->timeout_sec_efivar); - else - status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); - } else if (config->timeout_sec_efivar <= 0){ -@@ -795,7 +779,7 @@ static BOOLEAN menu_run( - efivar_set( - LOADER_GUID, L"LoaderConfigTimeout", NULL, EFI_VARIABLE_NON_VOLATILE); - if (config->timeout_sec_config > 0) -- status = PoolPrint(L"Menu timeout of %d sec is defined by configuration file.", -+ status = PoolPrint(L"Menu timeout of %d s is defined by configuration file.", - config->timeout_sec_config); - else - status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); -@@ -813,7 +797,7 @@ static BOOLEAN menu_run( - config->timeout_sec_efivar, - EFI_VARIABLE_NON_VOLATILE); - if (config->timeout_sec_efivar > 0) -- status = PoolPrint(L"Menu timeout set to %d sec.", -+ status = PoolPrint(L"Menu timeout set to %d s.", - config->timeout_sec_efivar); - else - status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); -@@ -2369,13 +2353,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - else { - UINT64 key; - -- err = console_key_read(&key, FALSE); -- -- if (err == EFI_NOT_READY) { -- uefi_call_wrapper(BS->Stall, 1, 100 * 1000); -- err = console_key_read(&key, FALSE); -- } -- -+ /* Block up to 100ms to give firmware time to get input working. */ -+ err = console_key_read(&key, 100 * 1000); - if (!EFI_ERROR(err)) { - INT16 idx; - -diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c -index 83619d2147..369c549daf 100644 ---- a/src/boot/efi/console.c -+++ b/src/boot/efi/console.c -@@ -11,61 +11,105 @@ - - #define EFI_SIMPLE_TEXT_INPUT_EX_GUID &(EFI_GUID) EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID - --EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait) { -+static inline void EventClosep(EFI_EVENT *event) { -+ if (!*event) -+ return; -+ -+ uefi_call_wrapper(BS->CloseEvent, 1, *event); -+} -+ -+/* -+ * Reading input from the console sounds like an easy task to do, but thanks to broken -+ * firmware it is actually a nightmare. -+ * -+ * There is a ConIn and TextInputEx API for this. Ideally we want to use TextInputEx, -+ * because that gives us Ctrl/Alt/Shift key state information. Unfortunately, it is not -+ * always available and sometimes just non-functional. -+ * -+ * On the other hand we have ConIn, where some firmware likes to just freeze on us -+ * if we call ReadKeyStroke on it. -+ * -+ * Therefore, we use WaitForEvent on both ConIn and TextInputEx (if available) along -+ * with a timer event. The timer ensures there is no need to call into functions -+ * that might freeze on us, while still allowing us to show a timeout counter. -+ */ -+EFI_STATUS console_key_read(UINT64 *key, UINT64 timeout_usec) { - static EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *TextInputEx; - static BOOLEAN checked; - UINTN index; - EFI_INPUT_KEY k; - EFI_STATUS err; -+ _cleanup_(EventClosep) EFI_EVENT timer = NULL; -+ EFI_EVENT events[3] = { ST->ConIn->WaitForKey }; -+ UINTN n_events = 1; - - if (!checked) { - err = LibLocateProtocol(EFI_SIMPLE_TEXT_INPUT_EX_GUID, (VOID **)&TextInputEx); -- if (EFI_ERROR(err)) -+ if (EFI_ERROR(err) || -+ uefi_call_wrapper(BS->CheckEvent, 1, TextInputEx->WaitForKeyEx) == EFI_INVALID_PARAMETER) -+ /* If WaitForKeyEx fails here, the firmware pretends it talks this -+ * protocol, but it really doesn't. */ - TextInputEx = NULL; -+ else -+ events[n_events++] = TextInputEx->WaitForKeyEx; - - checked = TRUE; - } - -- /* wait until key is pressed */ -- if (wait) -- uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &index); -+ if (timeout_usec > 0) { -+ err = uefi_call_wrapper(BS->CreateEvent, 5, EVT_TIMER, 0, NULL, NULL, &timer); -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error creating timer event: %r", err); -+ -+ /* SetTimer expects 100ns units for some reason. */ -+ err = uefi_call_wrapper(BS->SetTimer, 3, timer, TimerRelative, timeout_usec * 10); -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error arming timer event: %r", err); - -- if (TextInputEx) { -+ events[n_events++] = timer; -+ } -+ -+ err = uefi_call_wrapper(BS->WaitForEvent, 3, n_events, events, &index); -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error waiting for events: %r", err); -+ -+ if (timeout_usec > 0 && timer == events[index]) -+ return EFI_TIMEOUT; -+ -+ /* TextInputEx might be ready too even if ConIn got to signal first. */ -+ if (TextInputEx && !EFI_ERROR(uefi_call_wrapper(BS->CheckEvent, 1, TextInputEx->WaitForKeyEx))) { - EFI_KEY_DATA keydata; - UINT64 keypress; -+ UINT32 shift = 0; - - err = uefi_call_wrapper(TextInputEx->ReadKeyStrokeEx, 2, TextInputEx, &keydata); -- if (!EFI_ERROR(err)) { -- UINT32 shift = 0; -- -- /* do not distinguish between left and right keys */ -- if (keydata.KeyState.KeyShiftState & EFI_SHIFT_STATE_VALID) { -- if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED)) -- shift |= EFI_CONTROL_PRESSED; -- if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED)) -- shift |= EFI_ALT_PRESSED; -- }; -- -- /* 32 bit modifier keys + 16 bit scan code + 16 bit unicode */ -- keypress = KEYPRESS(shift, keydata.Key.ScanCode, keydata.Key.UnicodeChar); -- if (keypress > 0) { -- *key = keypress; -- return 0; -- } -+ if (EFI_ERROR(err)) -+ return err; -+ -+ /* do not distinguish between left and right keys */ -+ if (keydata.KeyState.KeyShiftState & EFI_SHIFT_STATE_VALID) { -+ if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED)) -+ shift |= EFI_CONTROL_PRESSED; -+ if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED)) -+ shift |= EFI_ALT_PRESSED; -+ }; -+ -+ /* 32 bit modifier keys + 16 bit scan code + 16 bit unicode */ -+ keypress = KEYPRESS(shift, keydata.Key.ScanCode, keydata.Key.UnicodeChar); -+ if (keypress > 0) { -+ *key = keypress; -+ return EFI_SUCCESS; - } -+ -+ return EFI_NOT_READY; - } - -- /* fallback for firmware which does not support SimpleTextInputExProtocol -- * -- * This is also called in case ReadKeyStrokeEx did not return a key, because -- * some broken firmwares offer SimpleTextInputExProtocol, but never actually -- * handle any key. */ - err = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &k); - if (EFI_ERROR(err)) - return err; - - *key = KEYPRESS(0, k.ScanCode, k.UnicodeChar); -- return 0; -+ return EFI_SUCCESS; - } - - static EFI_STATUS change_mode(UINTN mode) { -diff --git a/src/boot/efi/console.h b/src/boot/efi/console.h -index 2c69af552a..23848a9c58 100644 ---- a/src/boot/efi/console.h -+++ b/src/boot/efi/console.h -@@ -16,5 +16,5 @@ enum console_mode_change_type { - CONSOLE_MODE_MAX, - }; - --EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait); -+EFI_STATUS console_key_read(UINT64 *key, UINT64 timeout_usec); - EFI_STATUS console_set_mode(UINTN *mode, enum console_mode_change_type how); --- -2.33.0 - diff --git a/backport-sd-boot-Unify-error-handling.patch b/backport-sd-boot-Unify-error-handling.patch deleted file mode 100644 index d6147b6f26beb9c1179a9ba4217684b272dab6ad..0000000000000000000000000000000000000000 --- a/backport-sd-boot-Unify-error-handling.patch +++ /dev/null @@ -1,404 +0,0 @@ -From 218c0839b24853899d2ea15cb2973ab0d56a7f31 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Wed, 11 Aug 2021 14:59:46 +0200 -Subject: [PATCH] sd-boot: Unify error handling - -log_error_stall() and log_error_status_stall() will ensure the user has -a chance to catch an error message by stalling and also forcing a -lightred/black color on it. Also, convert several Print() calls to it -since they are actually error messages. - -(cherry picked from commit 8aba0eec499b762657f528988c2f093ac490620d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/218c0839b24853899d2ea15cb2973ab0d56a7f31 ---- - src/boot/efi/boot.c | 62 ++++++++++---------------------- - src/boot/efi/random-seed.c | 73 +++++++++++++------------------------- - src/boot/efi/stub.c | 24 ++++--------- - src/boot/efi/util.c | 17 +++++++-- - src/boot/efi/util.h | 9 +++++ - 5 files changed, 75 insertions(+), 110 deletions(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 13940a6df7..54d704f0d1 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -527,7 +527,7 @@ static BOOLEAN menu_run( - err = console_set_mode(&config->console_mode, config->console_mode_change); - if (EFI_ERROR(err)) { - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); -- Print(L"Error switching console mode to %ld: %r.\r", (UINT64)config->console_mode, err); -+ log_error_stall(L"Error switching console mode to %lu: %r", (UINT64)config->console_mode, err); - } - } else - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); -@@ -1221,8 +1221,7 @@ static VOID config_entry_bump_counters( - break; - - if (r != EFI_BUFFER_TOO_SMALL || file_info_size * 2 < file_info_size) { -- Print(L"\nFailed to get file info for '%s': %r\n", old_path, r); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Failed to get file info for '%s': %r", old_path, r); - return; - } - -@@ -1234,8 +1233,7 @@ static VOID config_entry_bump_counters( - StrCpy(file_info->FileName, entry->next_name); - r = uefi_call_wrapper(handle->SetInfo, 4, handle, &EfiFileInfoGuid, file_info_size, file_info); - if (EFI_ERROR(r)) { -- Print(L"\nFailed to rename '%s' to '%s', ignoring: %r\n", old_path, entry->next_name, r); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Failed to rename '%s' to '%s', ignoring: %r", old_path, entry->next_name, r); - return; - } - -@@ -2165,18 +2163,12 @@ static EFI_STATUS image_start( - EFI_STATUS err; - - path = FileDevicePath(entry->device, entry->loader); -- if (!path) { -- Print(L"Error getting device path."); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return EFI_INVALID_PARAMETER; -- } -+ if (!path) -+ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Error getting device path."); - - err = uefi_call_wrapper(BS->LoadImage, 6, FALSE, parent_image, path, NULL, 0, &image); -- if (EFI_ERROR(err)) { -- Print(L"Error loading %s: %r", entry->loader, err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error loading %s: %r", entry->loader, err); - - if (config->options_edit) - options = config->options_edit; -@@ -2190,8 +2182,7 @@ static EFI_STATUS image_start( - err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, - parent_image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); - if (EFI_ERROR(err)) { -- Print(L"Error getting LoadedImageProtocol handle: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Error getting LoadedImageProtocol handle: %r", err); - goto out_unload; - } - loaded_image->LoadOptions = options; -@@ -2202,10 +2193,8 @@ static EFI_STATUS image_start( - err = tpm_log_event(SD_TPM_PCR, - (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions, - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); -- if (EFI_ERROR(err)) { -- Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 200 * 1000); -- } -+ if (EFI_ERROR(err)) -+ log_error_stall(L"Unable to add image options measurement: %r", err); - #endif - } - -@@ -2231,9 +2220,7 @@ static EFI_STATUS reboot_into_firmware(VOID) { - return err; - - err = uefi_call_wrapper(RT->ResetSystem, 4, EfiResetCold, EFI_SUCCESS, 0, NULL); -- Print(L"Error calling ResetSystem: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ return log_error_status_stall(err, L"Error calling ResetSystem: %r", err); - } - - static VOID config_free(Config *config) { -@@ -2305,30 +2292,21 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - - err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, - image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); -- if (EFI_ERROR(err)) { -- Print(L"Error getting a LoadedImageProtocol handle: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error getting a LoadedImageProtocol handle: %r", err); - - /* export the device path this image is started from */ - if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) - efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); - - root_dir = LibOpenRoot(loaded_image->DeviceHandle); -- if (!root_dir) { -- Print(L"Unable to open root directory."); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return EFI_LOAD_ERROR; -- } -+ if (!root_dir) -+ return log_error_status_stall(EFI_LOAD_ERROR, L"Unable to open root directory.", EFI_LOAD_ERROR); - - if (secure_boot_enabled() && shim_loaded()) { - err = security_policy_install(); -- if (EFI_ERROR(err)) { -- Print(L"Error installing security policy: %r ", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error installing security policy: %r", err); - } - - /* the filesystem path to this image, to prevent adding ourselves to the menu */ -@@ -2367,8 +2345,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - } - - if (config.entry_count == 0) { -- Print(L"No loader found. Configuration files in \\loader\\entries\\*.conf are needed."); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"No loader found. Configuration files in \\loader\\entries\\*.conf are needed."); - goto out; - } - -@@ -2440,8 +2417,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - err = image_start(image, &config, entry); - if (EFI_ERROR(err)) { - graphics_mode(FALSE); -- Print(L"\nFailed to execute %s (%s): %r\n", entry->title, entry->loader, err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Failed to execute %s (%s): %r", entry->title, entry->loader, err); - goto out; - } - -diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c -index 3e179851b0..939daf3e41 100644 ---- a/src/boot/efi/random-seed.c -+++ b/src/boot/efi/random-seed.c -@@ -35,10 +35,8 @@ static EFI_STATUS acquire_rng(UINTN size, VOID **ret) { - return log_oom(); - - err = uefi_call_wrapper(rng->GetRNG, 3, rng, NULL, size, data); -- if (EFI_ERROR(err)) { -- Print(L"Failed to acquire RNG data: %r\n", err); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to acquire RNG data: %r", err); - - *ret = TAKE_PTR(data); - return EFI_SUCCESS; -@@ -149,14 +147,12 @@ static EFI_STATUS acquire_system_token(VOID **ret, UINTN *ret_size) { - err = efivar_get_raw(LOADER_GUID, L"LoaderSystemToken", &data, &size); - if (EFI_ERROR(err)) { - if (err != EFI_NOT_FOUND) -- Print(L"Failed to read LoaderSystemToken EFI variable: %r", err); -+ log_error_stall(L"Failed to read LoaderSystemToken EFI variable: %r", err); - return err; - } - -- if (size <= 0) { -- Print(L"System token too short, ignoring."); -- return EFI_NOT_FOUND; -- } -+ if (size <= 0) -+ return log_error_status_stall(EFI_NOT_FOUND, L"System token too short, ignoring."); - - *ret = TAKE_PTR(data); - *ret_size = size; -@@ -209,8 +205,7 @@ static VOID validate_sha256(void) { - sha256_finish_ctx(&hash, result); - - if (CompareMem(result, array[i].hash, HASH_VALUE_SIZE) != 0) { -- Print(L"SHA256 failed validation.\n"); -- uefi_call_wrapper(BS->Stall, 1, 120 * 1000 * 1000); -+ log_error_stall(L"SHA256 failed validation."); - return; - } - } -@@ -246,7 +241,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, (CHAR16*) L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL); - if (EFI_ERROR(err)) { - if (err != EFI_NOT_FOUND && err != EFI_WRITE_PROTECTED) -- Print(L"Failed to open random seed file: %r\n", err); -+ log_error_stall(L"Failed to open random seed file: %r", err); - return err; - } - -@@ -255,15 +250,11 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - return log_oom(); - - size = info->FileSize; -- if (size < RANDOM_MAX_SIZE_MIN) { -- Print(L"Random seed file is too short?\n"); -- return EFI_INVALID_PARAMETER; -- } -+ if (size < RANDOM_MAX_SIZE_MIN) -+ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Random seed file is too short."); - -- if (size > RANDOM_MAX_SIZE_MAX) { -- Print(L"Random seed file is too large?\n"); -- return EFI_INVALID_PARAMETER; -- } -+ if (size > RANDOM_MAX_SIZE_MAX) -+ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Random seed file is too large."); - - seed = AllocatePool(size); - if (!seed) -@@ -271,20 +262,14 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - - rsize = size; - err = uefi_call_wrapper(handle->Read, 3, handle, &rsize, seed); -- if (EFI_ERROR(err)) { -- Print(L"Failed to read random seed file: %r\n", err); -- return err; -- } -- if (rsize != size) { -- Print(L"Short read on random seed file\n"); -- return EFI_PROTOCOL_ERROR; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to read random seed file: %r", err); -+ if (rsize != size) -+ return log_error_status_stall(EFI_PROTOCOL_ERROR, L"Short read on random seed file."); - - err = uefi_call_wrapper(handle->SetPosition, 2, handle, 0); -- if (EFI_ERROR(err)) { -- Print(L"Failed to seek to beginning of random seed file: %r\n", err); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to seek to beginning of random seed file: %r", err); - - /* Request some random data from the UEFI RNG. We don't need this to work safely, but it's a good - * idea to use it because it helps us for cases where users mistakenly include a random seed in -@@ -299,27 +284,19 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - /* Update the random seed on disk before we use it */ - wsize = size; - err = uefi_call_wrapper(handle->Write, 3, handle, &wsize, new_seed); -- if (EFI_ERROR(err)) { -- Print(L"Failed to write random seed file: %r\n", err); -- return err; -- } -- if (wsize != size) { -- Print(L"Short write on random seed file\n"); -- return EFI_PROTOCOL_ERROR; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to write random seed file: %r", err); -+ if (wsize != size) -+ return log_error_status_stall(EFI_PROTOCOL_ERROR, L"Short write on random seed file."); - - err = uefi_call_wrapper(handle->Flush, 1, handle); -- if (EFI_ERROR(err)) { -- Print(L"Failed to flush random seed file: %r\n"); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to flush random seed file: %r", err); - - /* We are good to go */ - err = efivar_set_raw(LOADER_GUID, L"LoaderRandomSeed", for_kernel, size, 0); -- if (EFI_ERROR(err)) { -- Print(L"Failed to write random seed to EFI variable: %r\n", err); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to write random seed to EFI variable: %r", err); - - return EFI_SUCCESS; - } -diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c -index 082fe91c9e..82da1d3ec4 100644 ---- a/src/boot/efi/stub.c -+++ b/src/boot/efi/stub.c -@@ -36,18 +36,12 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - - err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, - image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); -- if (EFI_ERROR(err)) { -- Print(L"Error getting a LoadedImageProtocol handle: %r ", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error getting a LoadedImageProtocol handle: %r", err); - - err = pe_memory_locate_sections(loaded_image->ImageBase, sections, addrs, offs, szs); -- if (EFI_ERROR(err)) { -- Print(L"Unable to locate embedded .linux section: %r ", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Unable to locate embedded .linux section: %r", err); - - if (szs[0] > 0) - cmdline = (CHAR8 *)(loaded_image->ImageBase) + addrs[0]; -@@ -72,10 +66,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - err = tpm_log_event(SD_TPM_PCR, - (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions, - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); -- if (EFI_ERROR(err)) { -- Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 200 * 1000); -- } -+ if (EFI_ERROR(err)) -+ log_error_stall(L"Unable to add image options measurement: %r", err); - #endif - } - -@@ -126,7 +118,5 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - (UINTN)loaded_image->ImageBase + addrs[2], szs[2]); - - graphics_mode(FALSE); -- Print(L"Execution of embedded linux image failed: %r\n", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ return log_error_status_stall(err, L"Execution of embedded linux image failed: %r", err); - } -diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c -index 6f4e5933d3..aee076060b 100644 ---- a/src/boot/efi/util.c -+++ b/src/boot/efi/util.c -@@ -411,8 +411,21 @@ EFI_STATUS file_read(EFI_FILE_HANDLE dir, const CHAR16 *name, UINTN off, UINTN s - return err; - } - -+VOID log_error_stall(const CHAR16 *fmt, ...) { -+ va_list args; -+ -+ uefi_call_wrapper(ST->ConOut->SetAttribute, 2, ST->ConOut, EFI_LIGHTRED|EFI_BACKGROUND_BLACK); -+ -+ Print(L"\n"); -+ va_start(args, fmt); -+ VPrint(fmt, args); -+ va_end(args); -+ Print(L"\n"); -+ -+ uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+} -+ - EFI_STATUS log_oom(void) { -- Print(L"Out of memory."); -- (void) uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Out of memory."); - return EFI_OUT_OF_RESOURCES; - } -diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h -index 1a42b01033..d3bf848a95 100644 ---- a/src/boot/efi/util.h -+++ b/src/boot/efi/util.h -@@ -74,4 +74,13 @@ static inline void FileHandleClosep(EFI_FILE_HANDLE *handle) { - #define UINT64_MAX ((UINT64) -1) - #endif - -+VOID log_error_stall(const CHAR16 *fmt, ...); - EFI_STATUS log_oom(void); -+ -+/* This works just like log_error_errno() from userspace, but requires you -+ * to provide err a second time if you want to use %r in the message! */ -+#define log_error_status_stall(err, fmt, ...) \ -+ ({ \ -+ log_error_stall(fmt, ##__VA_ARGS__); \ -+ err; \ -+ }) --- -2.33.0 - diff --git a/backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch b/backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch deleted file mode 100644 index 526768d07d0ea0033b4ebfb9401fe054d19385f9..0000000000000000000000000000000000000000 --- a/backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 93597655ac3b1ecc8411e6b1249ab6ce631e87e2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:02:50 +0200 -Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host - -UIDs don't work well over ssh, but locally or with containers they are OK. -In particular, user@.service uses UIDs as identifiers, and it's nice to be -able to copy&paste that UID for interaction with the user's managers. - -(cherry picked from commit 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/93597655ac3b1ecc8411e6b1249ab6ce631e87e2 ---- - src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index ab8d4e4a60..e85a409871 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -39,6 +39,7 @@ - #include "parse-util.h" - #include "path-util.h" - #include "process-util.h" -+#include "stdio-util.h" - #include "string-util.h" - #include "strv.h" - #include "user-util.h" -@@ -1616,7 +1617,7 @@ static int user_and_machine_valid(const char *user_and_machine) { - if (!user) - return -ENOMEM; - -- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) -+ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) - return false; - - h++; -@@ -1647,17 +1648,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { - - /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this - * would connect to. */ -- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) -+ uid_t uid = geteuid(); -+ -+ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) - return true; - -- /* Otherwise, we have to figure our user name, and compare things with that. */ -- un = getusername_malloc(); -- if (!un) -- return -ENOMEM; -+ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ -+ char buf[DECIMAL_STR_MAX(uid_t)]; -+ xsprintf(buf, UID_FMT, uid); -+ -+ f = startswith(user_and_machine, buf); -+ if (!f) { -+ un = getusername_malloc(); -+ if (!un) -+ return -ENOMEM; - -- f = startswith(user_and_machine, un); -- if (!f) -- return false; -+ f = startswith(user_and_machine, un); -+ if (!f) -+ return false; -+ } - - return STR_IN_SET(f, "@", "@.host"); - } --- -2.33.0 - diff --git a/backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch b/backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch deleted file mode 100644 index a7d756b0c2d0bdc4cfaeaafbc89945096947a109..0000000000000000000000000000000000000000 --- a/backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch +++ /dev/null @@ -1,34 +0,0 @@ -From bc3d5f31bf8af840d3f4c1f66ea5d7ec6dcfcb1b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 14 Jul 2022 10:53:54 +0900 -Subject: [PATCH] sd-bus: do not pass NULL when received message with invalid - type - -Fixes #24003. - -(cherry picked from commit 3f0dbb0f0c4e3c0013fa5fe54441ca7f969555a7) -(cherry picked from commit e56bfc8a417d1877c25b943b75cd73163246fbf2) -(cherry picked from commit a6aa5b2f7262ba67acfddd6dfa304144639a9ca4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bc3d5f31bf8af840d3f4c1f66ea5d7ec6dcfcb1b ---- - src/libsystemd/sd-bus/sd-bus.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index e85a409871..7a58c560d5 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -48,7 +48,7 @@ - do { \ - sd_bus_message *_mm = (m); \ - log_debug("Got message type=%s sender=%s destination=%s path=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " signature=%s error-name=%s error-message=%s", \ -- bus_message_type_to_string(_mm->header->type), \ -+ strna(bus_message_type_to_string(_mm->header->type)), \ - strna(sd_bus_message_get_sender(_mm)), \ - strna(sd_bus_message_get_destination(_mm)), \ - strna(sd_bus_message_get_path(_mm)), \ --- -2.27.0 - diff --git a/backport-sd-bus-fix-buffer-overflow.patch b/backport-sd-bus-fix-buffer-overflow.patch deleted file mode 100644 index d08ebc26d76c5aee7a80a65da7c5c080494cc930..0000000000000000000000000000000000000000 --- a/backport-sd-bus-fix-buffer-overflow.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 1a4f4051c3f41b7750dbc904bb4768413bc8bd58 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 27 May 2022 04:23:10 +0900 -Subject: [PATCH] sd-bus: fix buffer overflow - -Fixes #23486. - -(cherry picked from commit 89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e) -(cherry picked from commit a5c4e29b2ca83b0956ea4635e1db7b02ae007d55) -(cherry picked from commit a5b0338e896338774226a3bd8a56f63555c7b9ce) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/1a4f4051c3f41b7750dbc904bb4768413bc8bd58 ---- - src/libsystemd/sd-bus/bus-message.c | 30 ++++++++++++++---- - test/fuzz/fuzz-bus-message/issue-23486-case-1 | Bin 0 -> 32 bytes - test/fuzz/fuzz-bus-message/issue-23486-case-2 | Bin 0 -> 16 bytes - test/fuzz/fuzz-bus-message/issue-23486-case-3 | Bin 0 -> 16 bytes - 4 files changed, 23 insertions(+), 7 deletions(-) - create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-1 - create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-2 - create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-3 - -diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c -index 20f7396c74..d74a351e29 100644 ---- a/src/libsystemd/sd-bus/bus-message.c -+++ b/src/libsystemd/sd-bus/bus-message.c -@@ -428,7 +428,7 @@ int bus_message_from_header( - - _cleanup_free_ sd_bus_message *m = NULL; - struct bus_header *h; -- size_t a, label_sz; -+ size_t a, label_sz = 0; /* avoid false maybe-uninitialized warning */ - - assert(bus); - assert(header || header_accessible <= 0); -@@ -506,7 +506,10 @@ int bus_message_from_header( - m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size); - m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size); - -- if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size) -+ assert(message_size >= sizeof(struct bus_header)); -+ if (m->fields_size > message_size - sizeof(struct bus_header) || -+ ALIGN8(m->fields_size) > message_size - sizeof(struct bus_header) || -+ m->body_size != message_size - sizeof(struct bus_header) - ALIGN8(m->fields_size)) - return -EBADMSG; - } - -@@ -3062,15 +3065,21 @@ void bus_body_part_unmap(struct bus_body_part *part) { - return; - } - --static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { -+static int buffer_peek(const void *p, size_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { - size_t k, start, end; - - assert(rindex); - assert(align > 0); - -- start = ALIGN_TO((size_t) *rindex, align); -- end = start + nbytes; -+ start = ALIGN_TO(*rindex, align); -+ if (start > sz) -+ return -EBADMSG; -+ -+ /* Avoid overflow below */ -+ if (nbytes > SIZE_MAX - start) -+ return -EBADMSG; - -+ end = start + nbytes; - if (end > sz) - return -EBADMSG; - -@@ -3273,10 +3282,17 @@ static int message_peek_body( - assert(rindex); - assert(align > 0); - -- start = ALIGN_TO((size_t) *rindex, align); -+ start = ALIGN_TO(*rindex, align); -+ if (start > m->user_body_size) -+ return -EBADMSG; -+ - padding = start - *rindex; -- end = start + nbytes; - -+ /* Avoid overflow below */ -+ if (nbytes > SIZE_MAX - start) -+ return -EBADMSG; -+ -+ end = start + nbytes; - if (end > m->user_body_size) - return -EBADMSG; - -diff --git a/test/fuzz/fuzz-bus-message/issue-23486-case-1 b/test/fuzz/fuzz-bus-message/issue-23486-case-1 -new file mode 100644 -index 0000000000000000000000000000000000000000..fe8338b42ba6af6c080aa92aa619e05a6e6e1cc8 -GIT binary patch -literal 32 -gcmd1dVrFCj0xbpQd;uUW! -Date: Wed, 21 Jul 2021 11:10:36 +0200 -Subject: [PATCH] sd-bus: fix missing initializer in SD_BUS_VTABLE_END (#20253) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When two fields were added to the vtable.x.start struct, no initializers -for these were added to SD_BUS_VTABLE_END which also (ab)used that -struct (albeit sneakily by using non-designated initialization). - -While C tolerates this, C++ prohibits these missing initializers, and -both g++ and clang++ will complain when using -Wextra. - -This patch gives SD_BUS_VTABLE_END its own case in the union and -clarifies its initialization. - -I tested the behaviour of g++ 10.2 and clang 11 in various cases. Both will warn -(-Wmissing-field-initializers, implied by -Wextra) if you provide initializers for some -but not all fields of a struct. Declaring x.end as empty struct or using an empty initializer -{} to initialize the union or one of its members is valid C++ but not C, although both gcc -and clang accept it without warning (even at -Wall -Wextra -std=c90/c++11) unless you -use -pedantic (which requires -std=c99/c++2a to support designated initializers). - -Interestingly, .x = { .start = { 0, 0, NULL } } is the only initializer I found for the union -(among candidates for SD_BUS_VTABLE_END) where gcc doesn't zero-fill it entirely -when allocated on stack, it looked like it did in all other cases (I only examined this on -32-bit arm). clang always seems to initialize all bytes of the union. - -[zjs: test case: -$ cat vtable-test.cc -#include "sd-bus.h" - -const sd_bus_vtable vtable[] = { - SD_BUS_VTABLE_END -}; - -$ g++ -I src/systemd/ -Wall -Wmissing-field-initializers -c vtable-test.cc -vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::::::features’ [-Wmissing-field-initializers] - 5 | }; - | ^ -vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::::::vtable_format_reference’ [-Wmissing-field-initializers] - -$ clang++ -I src/systemd/ -Wmissing-field-initializers -c vtable-test.cc -vtable-test.cc:4:4: warning: missing field 'features' initializer [-Wmissing-field-initializers] - SD_BUS_VTABLE_END - ^ -src/systemd/sd-bus-vtable.h:188:28: note: expanded from macro 'SD_BUS_VTABLE_END' - .x = { { 0 } }, \ - ^ -1 warning generated. - -Both warnings are gone with the patch.] - -(cherry picked from commit 654eaa403070d3c897454a5190603fda4071c3ff) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cdaf655f73bb3be10d47ab6f00d71a8d0b1a81e3 ---- - src/systemd/sd-bus-vtable.h | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/systemd/sd-bus-vtable.h b/src/systemd/sd-bus-vtable.h -index 75f8848360..35c942b16c 100644 ---- a/src/systemd/sd-bus-vtable.h -+++ b/src/systemd/sd-bus-vtable.h -@@ -75,6 +75,9 @@ struct sd_bus_vtable { - uint64_t features; - const unsigned *vtable_format_reference; - } start; -+ struct { -+ size_t reserved; -+ } end; - struct { - const char *member; - const char *signature; -@@ -185,7 +188,11 @@ struct sd_bus_vtable { - { \ - .type = _SD_BUS_VTABLE_END, \ - .flags = 0, \ -- .x = { { 0 } }, \ -+ .x = { \ -+ .end = { \ -+ .reserved = 0, \ -+ }, \ -+ }, \ - } - - #define _SD_ECHO(X) X --- -2.33.0 - diff --git a/backport-sd-bus-print-debugging-information-if-bus_container_.patch b/backport-sd-bus-print-debugging-information-if-bus_container_.patch deleted file mode 100644 index 2c046d95a0425451400942a673cf0ee08fdd8cbf..0000000000000000000000000000000000000000 --- a/backport-sd-bus-print-debugging-information-if-bus_container_.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 4358cbc8076352e7946956f5d71bf7c80d7f2e43 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:01:03 +0200 -Subject: [PATCH] sd-bus: print debugging information if - bus_container_connect_socket() fails - -We would return the errno, but there are many steps, and without some -debugging info it's hard to figure out what exactly failed. - -(cherry picked from commit 0c201ca945c64e97ba4961ded13ce38a63200468) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4358cbc8076352e7946956f5d71bf7c80d7f2e43 ---- - src/libsystemd/sd-bus/bus-container.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/libsystemd/sd-bus/bus-container.c b/src/libsystemd/sd-bus/bus-container.c -index b11ebb3f65..1159af46cd 100644 ---- a/src/libsystemd/sd-bus/bus-container.c -+++ b/src/libsystemd/sd-bus/bus-container.c -@@ -37,11 +37,11 @@ int bus_container_connect_socket(sd_bus *b) { - - r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd); - if (r < 0) -- return r; -+ return log_debug_errno(r, "Failed to open namespace of PID "PID_FMT": %m", b->nspid); - - b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); - if (b->input_fd < 0) -- return -errno; -+ return log_debug_errno(errno, "Failed to create a socket: %m"); - - b->input_fd = fd_move_above_stdio(b->input_fd); - -@@ -50,12 +50,12 @@ int bus_container_connect_socket(sd_bus *b) { - bus_socket_setup(b); - - if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0) -- return -errno; -+ return log_debug_errno(errno, "Failed to create a socket pair: %m"); - - r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, - pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child); - if (r < 0) -- return r; -+ return log_debug_errno(r, "Failed to create namespace for (sd-buscntr): %m"); - if (r == 0) { - pair[0] = safe_close(pair[0]); - -@@ -80,20 +80,22 @@ int bus_container_connect_socket(sd_bus *b) { - - n = read(pair[0], &error_buf, sizeof(error_buf)); - if (n < 0) -- return -errno; -+ return log_debug_errno(errno, "Failed to read error status from (sd-buscntr): %m"); - - if (n > 0) { - if (n != sizeof(error_buf)) -- return -EIO; -+ return log_debug_errno(SYNTHETIC_ERRNO(EIO), -+ "Read error status of unexpected length %zd from (sd-buscntr): %m", n); - - if (error_buf < 0) -- return -EIO; -+ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), -+ "Got unexpected error status from (sd-buscntr): %m"); - - if (error_buf == EINPROGRESS) - return 1; - - if (error_buf > 0) -- return -error_buf; -+ return log_debug_errno(error_buf, "Got error from (sd-buscntr): %m"); - } - - return bus_socket_start_auth(b); --- -2.33.0 - diff --git a/backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch b/backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch deleted file mode 100644 index 333e9e31e8ced539d912f919c204fce5893c900c..0000000000000000000000000000000000000000 --- a/backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a221143c6de4917bb6653f5aa134ce8be3c90f6c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 16:36:49 +0200 -Subject: [PATCH] sd-bus: print quoted commandline when in bus_socket_exec() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The arguments are where the interesting part is: -src/libsystemd/sd-bus/bus-socket.c:965: sd-bus: starting bus with systemd-run... -↓ -src/libsystemd/sd-bus/bus-socket.c:972: sd-bus: starting bus with systemd-run -M.host -PGq --wait -pUser=1000 -pPAMName=login systemd-stdio-bridge "-punix:path=\${XDG_RUNTIME_DIR}/bus" - -(cherry picked from commit 87fa2e21dd7a30d25ccda2df6b8446a82637b059) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a221143c6de4917bb6653f5aa134ce8be3c90f6c ---- - src/libsystemd/sd-bus/bus-socket.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c -index 09eb49c37f..42c5f175d3 100644 ---- a/src/libsystemd/sd-bus/bus-socket.c -+++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -12,6 +12,7 @@ - #include "bus-internal.h" - #include "bus-message.h" - #include "bus-socket.h" -+#include "escape.h" - #include "fd-util.h" - #include "format-util.h" - #include "fs-util.h" -@@ -962,8 +963,17 @@ int bus_socket_exec(sd_bus *b) { - assert(b->exec_path); - assert(b->busexec_pid == 0); - -- log_debug("sd-bus: starting bus%s%s with %s...", -- b->description ? " " : "", strempty(b->description), b->exec_path); -+ if (DEBUG_LOGGING) { -+ _cleanup_free_ char *line = NULL; -+ -+ if (b->exec_argv) -+ line = quote_command_line(b->exec_argv); -+ -+ log_debug("sd-bus: starting bus%s%s with %s%s", -+ b->description ? " " : "", strempty(b->description), -+ line ?: b->exec_path, -+ b->exec_argv && !line ? "…" : ""); -+ } - - r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s); - if (r < 0) -@@ -984,10 +994,8 @@ int bus_socket_exec(sd_bus *b) { - - if (b->exec_argv) - execvp(b->exec_path, b->exec_argv); -- else { -- const char *argv[] = { b->exec_path, NULL }; -- execvp(b->exec_path, (char**) argv); -- } -+ else -+ execvp(b->exec_path, STRV_MAKE(b->exec_path)); - - _exit(EXIT_FAILURE); - } --- -2.33.0 - diff --git a/backport-sd-device-introduce-device_has_devlink.patch b/backport-sd-device-introduce-device_has_devlink.patch deleted file mode 100644 index 147314c2c7eff9d890a780e75aa8c52fe629eaa1..0000000000000000000000000000000000000000 --- a/backport-sd-device-introduce-device_has_devlink.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8ada2c1b5922110d961aa82e6d712f6eed696afe Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:22:15 +0900 -Subject: [PATCH] sd-device: introduce device_has_devlink() - -(cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/8ada2c1b5922110d961aa82e6d712f6eed696afe ---- - src/libsystemd/sd-device/device-private.h | 1 + - src/libsystemd/sd-device/sd-device.c | 7 +++++++ - 2 files changed, 8 insertions(+) - -diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h -index fe268d7f2f..9bb5eff208 100644 ---- a/src/libsystemd/sd-device/device-private.h -+++ b/src/libsystemd/sd-device/device-private.h -@@ -32,6 +32,7 @@ void device_set_db_persist(sd_device *device); - void device_set_devlink_priority(sd_device *device, int priority); - int device_ensure_usec_initialized(sd_device *device, sd_device *device_old); - int device_add_devlink(sd_device *device, const char *devlink); -+bool device_has_devlink(sd_device *device, const char *devlink); - int device_add_property(sd_device *device, const char *property, const char *value); - int device_add_tag(sd_device *device, const char *tag, bool both); - void device_remove_tag(sd_device *device, const char *tag); -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 3f2cce5bba..418a5b10bd 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -1195,6 +1195,13 @@ int device_add_devlink(sd_device *device, const char *devlink) { - return 0; - } - -+bool device_has_devlink(sd_device *device, const char *devlink) { -+ assert(device); -+ assert(devlink); -+ -+ return set_contains(device->devlinks, devlink); -+} -+ - static int device_add_property_internal_from_string(sd_device *device, const char *str) { - _cleanup_free_ char *key = NULL; - char *value; --- -2.33.0 - diff --git a/backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch b/backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch deleted file mode 100644 index 78173f3d6d781668b14c20b2e714e125bbab2a0b..0000000000000000000000000000000000000000 --- a/backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b1b19cfdd22892ecc11e27206c3eab138c719e13 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 12 Aug 2022 04:19:27 +0900 -Subject: [PATCH] sd-device-monitor: actually refuse to send invalid devices - -Fixes an issue introduced by 9e79123884a36ce095b98d1c0fe247dddf02dbec. - -(cherry picked from commit 8bb4989906a1659b0f6adfa03dc7585e294a392b) -(cherry picked from commit 6e1acfe81823b67b6b830d3ae8d0f0184eab8b2f) -(cherry picked from commit b48a17f13fb85145c17ee1dd3beb450d1dcc4b08) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b1b19cfdd22892ecc11e27206c3eab138c719e13 ---- - src/libsystemd/sd-device/device-monitor.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c -index 2cb35951de..d7c6c69640 100644 ---- a/src/libsystemd/sd-device/device-monitor.c -+++ b/src/libsystemd/sd-device/device-monitor.c -@@ -577,8 +577,8 @@ int device_monitor_send_device( - if (r < 0) - return log_device_debug_errno(device, r, "sd-device-monitor: Failed to get device properties: %m"); - if (blen < 32) -- log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), -- "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); -+ return log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), -+ "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); - - /* fill in versioned header */ - r = sd_device_get_subsystem(device, &val); --- -2.27.0 - diff --git a/backport-sd-device-monitor-update-log-message-to-clarify-the-.patch b/backport-sd-device-monitor-update-log-message-to-clarify-the-.patch deleted file mode 100644 index c07f7387d8aaba9ee9129acb6f720168d3034493..0000000000000000000000000000000000000000 --- a/backport-sd-device-monitor-update-log-message-to-clarify-the-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 82b2135bf0512c11f7f21f9d0689e8ea5b4a2529 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 13 Oct 2021 12:57:40 +0900 -Subject: [PATCH] sd-device-monitor: update log message to clarify the error - will be ignored - -(cherry picked from commit 6b652c03a47aa28898dffd408543c06670e3450d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/82b2135bf0512c11f7f21f9d0689e8ea5b4a2529 ---- - src/libsystemd/sd-device/device-monitor.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c -index b485e3e2b6..2cb35951de 100644 ---- a/src/libsystemd/sd-device/device-monitor.c -+++ b/src/libsystemd/sd-device/device-monitor.c -@@ -178,7 +178,7 @@ int device_monitor_new_full(sd_device_monitor **ret, MonitorNetlinkGroup group, - - netns = ioctl(m->sock, SIOCGSKNS); - if (netns < 0) -- log_debug_errno(errno, "sd-device-monitor: Unable to get network namespace of udev netlink socket, unable to determine if we are in host netns: %m"); -+ log_debug_errno(errno, "sd-device-monitor: Unable to get network namespace of udev netlink socket, unable to determine if we are in host netns, ignoring: %m"); - else { - struct stat a, b; - -@@ -191,9 +191,9 @@ int device_monitor_new_full(sd_device_monitor **ret, MonitorNetlinkGroup group, - if (ERRNO_IS_PRIVILEGE(errno)) - /* If we can't access PID1's netns info due to permissions, it's fine, this is a - * safety check only after all. */ -- log_debug_errno(errno, "sd-device-monitor: No permission to stat PID1's netns, unable to determine if we are in host netns: %m"); -+ log_debug_errno(errno, "sd-device-monitor: No permission to stat PID1's netns, unable to determine if we are in host netns, ignoring: %m"); - else -- log_debug_errno(errno, "sd-device-monitor: Failed to stat PID1's netns: %m"); -+ log_debug_errno(errno, "sd-device-monitor: Failed to stat PID1's netns, ignoring: %m"); - - } else if (a.st_dev != b.st_dev || a.st_ino != b.st_ino) - log_debug("sd-device-monitor: Netlink socket we listen on is not from host netns, we won't see device events."); --- -2.33.0 - diff --git a/backport-sd-device-silence-gcc-warning-with-newest-gcc.patch b/backport-sd-device-silence-gcc-warning-with-newest-gcc.patch deleted file mode 100644 index 6aef517e4cb5a3b3d777e5b1e72686692aaacfc4..0000000000000000000000000000000000000000 --- a/backport-sd-device-silence-gcc-warning-with-newest-gcc.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e05023045edd4a0e20b60e81f9fa54f08636d660 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 15 Jan 2022 13:38:30 +0100 -Subject: [PATCH] sd-device: silence gcc warning with newest gcc - -(cherry picked from commit 376ee2c312b87951028a0adff96b1052f32475fa) -(cherry picked from commit 18aff8c85720606e05826045b6799d19a7dcf08a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e05023045edd4a0e20b60e81f9fa54f08636d660 ---- - src/libsystemd/sd-device/sd-device.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 388128bf33..45261588a8 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -1370,7 +1370,7 @@ int device_read_db_internal_filename(sd_device *device, const char *filename) { - _cleanup_free_ char *db = NULL; - const char *value; - size_t db_len; -- char key; -+ char key = '\0'; /* Unnecessary initialization to appease gcc-12.0.0-0.4.fc36 */ - int r; - - enum { --- -2.33.0 - diff --git a/backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch b/backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch deleted file mode 100644 index 7c37251bcbc07e8c44fcd1072b13cbe7efbcd871..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch +++ /dev/null @@ -1,51 +0,0 @@ -From aaf7afb05cdbfbec6d06798b698689bdfe1a50ac Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sat, 29 Jan 2022 03:16:40 +0000 -Subject: [PATCH] sd-dhcp-lease: fix a memory leak in - dhcp_lease_parse_search_domains - -================================================================= -==81071==ERROR: LeakSanitizer: detected memory leaks - -Direct leak of 16 byte(s) in 1 object(s) allocated from: - #0 0x51245c in __interceptor_reallocarray (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51245c) - #1 0x7f01440c67e6 in strv_push /home/vagrant/systemd/build/../src/basic/strv.c:435:13 - #2 0x7f01440ca9e1 in strv_consume /home/vagrant/systemd/build/../src/basic/strv.c:506:13 - #3 0x7f01440ca9e1 in strv_extend /home/vagrant/systemd/build/../src/basic/strv.c:558:16 - #4 0x5806e3 in dhcp_lease_parse_search_domains /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:900:21 - #5 0x57c1be in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:727:21 - #6 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33 - #7 0x571c6a in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:376:13 - #8 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13 - #9 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:74:16 - #10 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379) - #11 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f) - #12 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade) - #13 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86) - #14 0x7f0142fff55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) - -(cherry picked from commit 9591c0a8b3496d0e5cbbfe7c75161ba80089c143) -(cherry picked from commit 7dc0f80588f371a62a56a75bf27eab2c515becf3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/aaf7afb05cdbfbec6d06798b698689bdfe1a50ac ---- - src/libsystemd-network/sd-dhcp-lease.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 75aa0c3d2c..ccfd66caa3 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -815,7 +815,7 @@ int dhcp_lease_parse_search_domains(const uint8_t *option, size_t len, char ***d - pos = next_chunk; - } - -- *domains = TAKE_PTR(names); -+ strv_free_and_replace(*domains, names); - - return cnt; - } --- -2.33.0 - diff --git a/backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch b/backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch deleted file mode 100644 index 8b270d422dab5ad961e5ffb0e076a507066e3fea..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c95ae2ba0093742292671fd30a63af15f1b63bc6 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sat, 29 Jan 2022 02:08:39 +0000 -Subject: [PATCH] sd-dhcp-lease: fix an infinite loop found by the fuzzer - -(cherry picked from commit 86b06c666be8b7afb45541d35aa4d0ecb38056d1) -(cherry picked from commit 426807c54b9500b806eaaf50d32c7c936510706c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c95ae2ba0093742292671fd30a63af15f1b63bc6 ---- - src/libsystemd-network/sd-dhcp-lease.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 9a0d7f6fea..75aa0c3d2c 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -463,10 +463,8 @@ static int lease_parse_routes( - - route->option = SD_DHCP_OPTION_STATIC_ROUTE; - r = in4_addr_default_prefixlen((struct in_addr*) option, &route->dst_prefixlen); -- if (r < 0) { -- log_debug("Failed to determine destination prefix length from class based IP, ignoring"); -- continue; -- } -+ if (r < 0) -+ return -EINVAL; - - assert_se(lease_parse_be32(option, 4, &addr.s_addr) >= 0); - route->dst_addr = inet_makeaddr(inet_netof(addr), 0); --- -2.33.0 - diff --git a/backport-sd-dhcp-lease-fix-memleak.patch b/backport-sd-dhcp-lease-fix-memleak.patch deleted file mode 100644 index 9408663edb18bb4a6f9aee2574ce789cfaf40213..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp-lease-fix-memleak.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e2b7a7e3d285180ef04087cd5f821b42cb128c31 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 31 Jan 2022 05:19:09 +0900 -Subject: [PATCH] sd-dhcp-lease: fix memleak - -Fixes https://github.com/systemd/systemd/pull/22294#issuecomment-1024840811. - -(cherry picked from commit 06cf04dff4dd6c69e527913ad137616c23861270) -(cherry picked from commit ae95ca27bee2bef5bf53002873a254f1a0fe8b81) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e2b7a7e3d285180ef04087cd5f821b42cb128c31 ---- - src/libsystemd-network/sd-dhcp-lease.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index ccfd66caa3..421ca6f306 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -1024,6 +1024,18 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { - return 0; - } - -+static char **private_options_free(char **options) { -+ if (!options) -+ return NULL; -+ -+ for (unsigned i = 0; i < SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1; i++) -+ free(options[i]); -+ -+ return mfree(options); -+} -+ -+DEFINE_TRIVIAL_CLEANUP_FUNC(char**, private_options_free); -+ - int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { - _cleanup_(sd_dhcp_lease_unrefp) sd_dhcp_lease *lease = NULL; - _cleanup_free_ char -@@ -1046,8 +1058,8 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { - *vendor_specific_hex = NULL, - *lifetime = NULL, - *t1 = NULL, -- *t2 = NULL, -- *options[SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1] = {}; -+ *t2 = NULL; -+ _cleanup_(private_options_freep) char **options = NULL; - - int r, i; - -@@ -1058,6 +1070,10 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { - if (r < 0) - return r; - -+ options = new0(char*, SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1); -+ if (!options) -+ return -ENOMEM; -+ - r = parse_env_file(NULL, lease_file, - "ADDRESS", &address, - "ROUTER", &router, --- -2.33.0 - diff --git a/backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch b/backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch deleted file mode 100644 index 37921e05d054751c2d912c28408cfe3c31a2a794..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch +++ /dev/null @@ -1,29 +0,0 @@ -From bb320989bf7580f46a4867c361be1ee02eccc678 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 11 Aug 2021 16:20:35 +0900 -Subject: [PATCH] sd-dhcp-server: fix possible double-free or use-after-free - -(cherry picked from commit 3dc8fb0eb8dd4b7dd802aa69cfe5b2c8f760f561) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bb320989bf7580f46a4867c361be1ee02eccc678 ---- - src/libsystemd-network/sd-dhcp-server.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index e2ea79f584..9ae884b0fc 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -1107,7 +1107,7 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz - - if (server->bound_leases[pool_offset] == existing_lease) { - server->bound_leases[pool_offset] = NULL; -- hashmap_remove(server->leases_by_client_id, existing_lease); -+ hashmap_remove(server->leases_by_client_id, &existing_lease->client_id); - dhcp_lease_free(existing_lease); - - if (server->callback) --- -2.33.0 - diff --git a/backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch b/backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch deleted file mode 100644 index a11eccdbb29d653e46260686381d51dafd9cfb10..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 28 Jan 2022 11:53:49 +0900 -Subject: [PATCH] sd-dhcp-server: refuse too large packet to send - -Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134. - -(cherry picked from commit 71df50a9734f7006bc1ac8be59ca81c797b39c35) -(cherry picked from commit 530a18d49361ade6d3f09abb78f8f901753a4cda) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c ---- - src/libsystemd-network/sd-dhcp-server.c | 3 +++ - ...z-dhcp-server-relay-message-4972399731277824 | Bin 0 -> 65508 bytes - 2 files changed, 3 insertions(+) - create mode 100644 test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 3f4af8440e..0b3904c02a 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -296,6 +296,9 @@ static int dhcp_server_send_unicast_raw(sd_dhcp_server *server, - - memcpy(&link.ll.sll_addr, &packet->dhcp.chaddr, ETH_ALEN); - -+ if (len > UINT16_MAX) -+ return -EOVERFLOW; -+ - dhcp_packet_append_ip_headers(packet, server->address, DHCP_PORT_SERVER, - packet->dhcp.yiaddr, - DHCP_PORT_CLIENT, len, -1); -diff --git a/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 b/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 -new file mode 100644 -index 0000000000000000000000000000000000000000..e902b6989b419428fa0114c973b148fbe583c871 -GIT binary patch -literal 65508 -zcmeHQO^Xyq7_QnGHe|g?!~_DVcn}G3nRRFO0}pY$Wa3jnmhk?a_5|05v50Z;< -z1A(xFv7AqGrXhzLPhg%F5=s4Qd=bvy4)*Yw9z -zZ$0%^b-mR?(XdwPvQk6J$<0WqDAFTJX*r;pPQLo0xf(^0?8x@Xn?A1uE5-~N`~Nl~ -zhtGuH?fz))UzyNS`-2uF0t}NYi=vLRRHC7)k&K;Yz -z5Ai&kd6AE?nV$zJxnc|PGo`*nj-Oq&D@#{5M^dG4&m4&|K2!Qgx7vgvHRjv;6O>OP -zUKu6u`sm=g5t$Yx617$MQ9b$PF0TP{AgERfP$atKe_n^KxF=V`K1)576{ilF@5puC -zUqzev0zUJ7f5_^t62;#O#n6SqfJ487Kt2DI6?y7t&sLu%Kf`1BR?lRv#!%W7m|djw+iBtgIV@ -zAghzr$?9bFfkJ?+PFC-L09l=^K2V%STb-=lfzxQKlhw)U-Lm@RWM#ZMFDmP5j=b>cA*6fKJ?Xv!0;GG=eYbQk6IRLUFCGE1dIwJH&WJxyn-G1L -zQ`uROo&^dv!<8lsm3>o`eSdXoY`ivhU}}1@HZ@V1tWH(NsQraUfZD$)+TV*SgLmmz -zPWczf+ui-vuVF>X!?_nVTm6fgdlI({>;CfAWAD!q9ezz*As)zMDD~dRD=Ly*^>?%R -z{-LHl$HCyE^mLtD$gQU-pOE_Ku0NfF(ti!yTI^EtuK0vtKEIs*mb7GdmX&!Gll-qb -z=a1hlH4zJZ0mhD*s=k45zdAa)pU+=wyrx=I2(?RT2P0ya5}$cf2HUM -zIQk;1iv>bf&qe^8MxVsM>|}Madf^cutE0Mt)5+>N2mm0mI#7U+)eFyQ9DyOL+p0=d -z&qn|N^@r6*v=;r74VTLC^{}^qOXXzZMOOE)a9o|XdL9D(V|5{PxAGrZJ(Hd~C6d)M -z5hAOT)oH7DK!B_c1cGn`Mi>2EAz3}e>Vvc%Y3jC@_2+c}2afE^5MKv-4>)j?i5a^XWOcH72L#CKKp+Thbb{A0EgKv1qzUU8ZcwNHg+4ZTbhZ~w(6F?bSnnn -zv!2P~1iwm^Ge(Np&Z3pAEEAQ;hQIGb0|s11RtE}@ezJNdN3}^Lt7n3akK#)jbr+{1?PH2gbp|IWU|9sOPFA;l4cnFFqGXu}03dct -z1Fw_S$?AnifUHhd?|=XflhuI&gsfh8PNS_(R<~7^wt7AS0Eny(6d+`EvU=eWAgkM| -zn$KyR7yy9C>OcWPRxdoK^<=AGR`1{&YgUG3x~)-IQpta&OG|QdxBC!Eqk%m3LnvC? -zU(6ywWX1*fxYzBYC#EmnJ$3qc$xqW#^7Rxsi@ejfQ+e&lwLPuO>bP|N_wpOR``O= -zqMO=~2sB@?6&(RzdpT`FI5hM163shM8qK>v>|}Madf^cutE0M#ZM>~ny%#$@FRwAu -zk8l%d#fw5bDWdCer#O6O$y`~w=Xy5PwQG&lhl_K^W&;VX4@Kj8>Q%AdupUF7!WO3R -z{JOcS4!g6@%MIo#TkCDp9e8L`-YMu$3$_ -zaOZxQvn`eOK-`d<+VS|`eLFJbpiRT4lOy?4>V_X!)LM2vw5OIxEY^)t?!n%Hcv>f`=W!aRkE7ml1O_NT$m&Aef`c80 -zvxtz@3x@z%-B#6jpg2srvbbRK7g-$uk=20$gse_hFFXQdbz4=*>iGx&AhJ48fRNP- -z&uJWiA*SXo8BS2QSRh6vXf&iBy%Ui|(>7aHi!9A00o^9~h -z<{8Bgix(dOws~yxIv{|T1^a9R8WiUMptohP;6HhCB$y_Nj3%X4rt414eRIEidqLx#7$K}Yv%4A%QOlz5w -ms+1UNDFta4jrEG`)UNv3W$G~9mo9->FvVI#b}H<0Wd8%4hT`V{ - -literal 0 -HcmV?d00001 - --- -2.33.0 - diff --git a/backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch b/backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch deleted file mode 100644 index ac227f2b7a5470bee052c116ebca6ae35a5f82dc..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 96acfde5aae2017e1cad042b51f179ad20aba38d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 28 Jan 2022 02:14:47 +0900 -Subject: [PATCH] sd-dhcp-server: rename server_send_nak() -> - server_send_nak_or_ignore() - -And logs error in the function. - -(cherry picked from commit eb5bff9c9de2bd218f5ac431e3aead4b5747ecd9) -(cherry picked from commit 7f36fb25d5c6681dbabb067a9fb083bfad37a804) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/96acfde5aae2017e1cad042b51f179ad20aba38d ---- - src/libsystemd-network/sd-dhcp-server.c | 29 ++++++++++++++----------- - 1 file changed, 16 insertions(+), 13 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 070f4ec1c2..d594aeb7cd 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -583,16 +583,28 @@ static int server_send_offer_or_ack( - return 0; - } - --static int server_send_nak(sd_dhcp_server *server, DHCPRequest *req) { -+static int server_send_nak_or_ignore(sd_dhcp_server *server, bool init_reboot, DHCPRequest *req) { - _cleanup_free_ DHCPPacket *packet = NULL; - size_t offset; - int r; - -+ /* When a request is refused, RFC 2131, section 4.3.2 mentioned we should send NAK when the -+ * client is in INITREBOOT. If the client is in other state, there is nothing mentioned in the -+ * RFC whether we should send NAK or not. Hence, let's silently ignore the request. */ -+ -+ if (!init_reboot) -+ return 0; -+ - r = server_message_init(server, &packet, DHCP_NAK, &offset, req); - if (r < 0) -- return r; -+ return log_dhcp_server_errno(server, r, "Failed to create NAK message: %m"); -+ -+ r = dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); -+ if (r < 0) -+ return log_dhcp_server_errno(server, r, "Could not send NAK message: %m"); - -- return dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); -+ log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); -+ return DHCP_NAK; - } - - static int server_send_forcerenew(sd_dhcp_server *server, be32_t address, -@@ -1079,18 +1091,9 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz - server->callback(server, SD_DHCP_SERVER_EVENT_LEASE_CHANGED, server->callback_userdata); - - return DHCP_ACK; -- -- } else if (init_reboot) { -- r = server_send_nak(server, req); -- if (r < 0) -- /* this only fails on critical errors */ -- return log_dhcp_server_errno(server, r, "Could not send nak: %m"); -- -- log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); -- return DHCP_NAK; - } - -- break; -+ return server_send_nak_or_ignore(server, init_reboot, req); - } - - case DHCP_RELEASE: { --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch b/backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch deleted file mode 100644 index 496d3eeb3136e3ea9c96aedbbe4abc40f705d2c2..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch +++ /dev/null @@ -1,50 +0,0 @@ -From e444192a850854e5bc45673b29ba03e5a87a2297 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 Aug 2021 21:39:27 +0900 -Subject: [PATCH] sd-dhcp6-client: cirtainly adjust T1 and T2 - -This fixes a bug introduced by 99f1d3fc5043b33dea5faa88f7015a487965333f. -Note that in the information requesting mode, the lease has neither -addresses nor PD prefixes. - -(cherry picked from commit de949e911ee15d1c9daaf5ba5a3cff806fb2b514) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e444192a850854e5bc45673b29ba03e5a87a2297 ---- - src/libsystemd-network/sd-dhcp6-client.c | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index afeb346944..f99c12620b 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1328,17 +1328,16 @@ static int client_parse_message( - dhcp6_message_type_to_string(message->type)); - return -EINVAL; - } -+ } - -- } else { -- if (lease->ia.addresses) { -- lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1); -- lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2); -- } -+ if (lease->ia.addresses) { -+ lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1); -+ lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2); -+ } - -- if (lease->pd.addresses) { -- lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1); -- lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2); -- } -+ if (lease->pd.addresses) { -+ lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1); -+ lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2); - } - - client->information_refresh_time_usec = MAX(irt, IRT_MINIMUM); --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-constify-one-argument.patch b/backport-sd-dhcp6-client-constify-one-argument.patch deleted file mode 100644 index 3bd2d1481d65845de1e398762ab1b0d379f56ef4..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-constify-one-argument.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d3f99205f84172f6f9e41061a5aa9414eccf3571 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Sep 2021 14:57:29 +0900 -Subject: [PATCH] sd-dhcp6-client: constify one argument - -(cherry picked from commit dc95e21d33708e807d3e5872af428383aac3f9b7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d3f99205f84172f6f9e41061a5aa9414eccf3571 ---- - src/libsystemd-network/dhcp6-internal.h | 2 +- - src/libsystemd-network/dhcp6-option.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index 35cafc96ec..96d7de8cae 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -105,7 +105,7 @@ int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, - size_t *optlen, uint8_t **optvalue); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); --int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, -+int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count); - int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, - char ***str_arr); -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 34d7e997dd..0709cfd4fd 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -707,7 +707,7 @@ int dhcp6_option_parse_ia( - return 1; - } - --int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, -+int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count) { - - if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0) --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-constify-several-arguments.patch b/backport-sd-dhcp6-client-constify-several-arguments.patch deleted file mode 100644 index e799b0b7990352439d464f2b4e32adb755dbcc17..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-constify-several-arguments.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 9dcf9e12a68640f413d52f48d1d9786c4c71e073 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 13:34:14 +0900 -Subject: [PATCH] sd-dhcp6-client: constify several arguments - -(cherry picked from commit 3f8227bf830cc2b87ea9bce5394a71c186d12956) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9dcf9e12a68640f413d52f48d1d9786c4c71e073 ---- - src/libsystemd-network/dhcp6-lease-internal.h | 10 ++++------ - src/libsystemd-network/sd-dhcp6-lease.c | 12 +++++------- - 2 files changed, 9 insertions(+), 13 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h -index 391b4f1fa9..41b43ba7a4 100644 ---- a/src/libsystemd-network/dhcp6-lease-internal.h -+++ b/src/libsystemd-network/dhcp6-lease-internal.h -@@ -50,12 +50,10 @@ int dhcp6_lease_get_rapid_commit(sd_dhcp6_lease *lease, bool *rapid_commit); - int dhcp6_lease_get_iaid(sd_dhcp6_lease *lease, be32_t *iaid); - int dhcp6_lease_get_pd_iaid(sd_dhcp6_lease *lease, be32_t *iaid); - --int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen); --int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval, -- size_t optlen); --int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen); --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, -- size_t optlen) ; -+int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); -+int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); -+int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); -+int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; - int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - - int dhcp6_lease_new(sd_dhcp6_lease **ret); -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 9c77b146c7..8378971422 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -193,7 +193,7 @@ void sd_dhcp6_lease_reset_pd_prefix_iter(sd_dhcp6_lease *lease) { - lease->prefix_iter = lease->pd.addresses; - } - --int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -+int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -@@ -215,8 +215,7 @@ int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs) - return -ENOENT; - } - --int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval, -- size_t optlen) { -+int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - int r; - char **domains; - -@@ -248,7 +247,7 @@ int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains) { - return -ENOENT; - } - --int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -+int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - int r; - - assert_return(lease, -EINVAL); -@@ -295,7 +294,7 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - return 0; - } - --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -+int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -@@ -335,8 +334,7 @@ int sd_dhcp6_lease_get_ntp_fqdn(sd_dhcp6_lease *lease, char ***ntp_fqdn) { - return -ENOENT; - } - --int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, -- size_t optlen) { -+int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - int r; - char *fqdn; - --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch b/backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch deleted file mode 100644 index a544e4d339bce00f07932fbf44b1a54da88fd852..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 4b05527fe35de9602cdcd68a9812d67cd0892e00 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 15:00:43 +0900 -Subject: [PATCH] sd-dhcp6-client: do not merge NTP and SNTP options - -Previously, SNTP option is ignored when it appears after NTP option(s), -but merged later NTP options when it appears first. -This makes split the NTP and SNTP addresses, and use SNTP addresses only -when no NTP option is provided. - -(cherry picked from commit e693e969614062fea1746399cf5cff4c09526c6a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4b05527fe35de9602cdcd68a9812d67cd0892e00 ---- - src/libsystemd-network/dhcp6-lease-internal.h | 4 ++- - src/libsystemd-network/sd-dhcp6-client.c | 2 +- - src/libsystemd-network/sd-dhcp6-lease.c | 26 ++++++++++--------- - src/libsystemd-network/test-dhcp6-client.c | 3 +-- - 4 files changed, 19 insertions(+), 16 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h -index 41b43ba7a4..dbcb6d040f 100644 ---- a/src/libsystemd-network/dhcp6-lease-internal.h -+++ b/src/libsystemd-network/dhcp6-lease-internal.h -@@ -33,6 +33,8 @@ struct sd_dhcp6_lease { - size_t ntp_count; - char **ntp_fqdn; - size_t ntp_fqdn_count; -+ struct in6_addr *sntp; -+ size_t sntp_count; - char *fqdn; - }; - -@@ -53,7 +55,7 @@ int dhcp6_lease_get_pd_iaid(sd_dhcp6_lease *lease, be32_t *iaid); - int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; -+int dhcp6_lease_add_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; - int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - - int dhcp6_lease_new(sd_dhcp6_lease **ret); -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index efbf7d7df3..a31dd16c01 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1265,7 +1265,7 @@ static int client_parse_message( - break; - - case SD_DHCP6_OPTION_SNTP_SERVERS: -- r = dhcp6_lease_set_sntp(lease, optval, optlen); -+ r = dhcp6_lease_add_sntp(lease, optval, optlen); - if (r < 0) - return r; - -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 4804f0941a..e424aa15b6 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -294,31 +294,32 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t opt - return 0; - } - --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { -+int dhcp6_lease_add_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - - if (optlen == 0) - return 0; - -- if (lease->ntp || lease->ntp_fqdn) -- return -EEXIST; -- -- /* Using deprecated SNTP information */ -- -- return dhcp6_option_parse_addresses(optval, optlen, &lease->ntp, &lease->ntp_count); -+ /* SNTP option is defined in RFC4075, and deprecated by RFC5908. */ -+ return dhcp6_option_parse_addresses(optval, optlen, &lease->sntp, &lease->sntp_count); - } - --int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, -- const struct in6_addr **addrs) { -+int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, const struct in6_addr **ret) { - assert_return(lease, -EINVAL); -- assert_return(addrs, -EINVAL); -+ assert_return(ret, -EINVAL); - -- if (lease->ntp_count) { -- *addrs = lease->ntp; -+ if (lease->ntp) { -+ *ret = lease->ntp; - return lease->ntp_count; - } - -+ if (lease->sntp && !lease->ntp_fqdn) { -+ /* Fallback to the deprecated SNTP option. */ -+ *ret = lease->sntp; -+ return lease->sntp_count; -+ } -+ - return -ENOENT; - } - -@@ -377,6 +378,7 @@ static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) { - strv_free(lease->domains); - free(lease->ntp); - strv_free(lease->ntp_fqdn); -+ free(lease->sntp); - - return mfree(lease); - } -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index b22297dcd5..429687562c 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -521,8 +521,7 @@ static int test_advertise_option(sd_event *e) { - - case SD_DHCP6_OPTION_SNTP_SERVERS: - assert_se(optlen == 16); -- assert_se(dhcp6_lease_set_sntp(lease, optval, -- optlen) >= 0); -+ assert_se(dhcp6_lease_add_sntp(lease, optval, optlen) >= 0); - break; - - default: --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch b/backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch deleted file mode 100644 index d49a7b63e9795cca1e372b8838179f051e63cd86..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch +++ /dev/null @@ -1,154 +0,0 @@ -From b8a852e515002e5e312dd99b964bb17b9ca8fc1d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 01:24:52 +0900 -Subject: [PATCH] sd-dhcp6-client: fix buffer size calculation in - dhcp6_option_parse_ip6addrs() - -GREEDY_REALLOC() takes number of elements, not buffer size. - -This also rename dhcp6_option_parse_ip6addrs() to -dhcp6_option_parse_addresses(). - -(cherry picked from commit ad3c84204c76e03a0b9b761563f6cd8907515014) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b8a852e515002e5e312dd99b964bb17b9ca8fc1d ---- - src/libsystemd-network/dhcp6-internal.h | 7 ++++-- - src/libsystemd-network/dhcp6-option.c | 22 +++++++++++------- - src/libsystemd-network/sd-dhcp6-lease.c | 30 +++++-------------------- - 3 files changed, 24 insertions(+), 35 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index 8d083d3858..e555557914 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -111,8 +111,11 @@ int dhcp6_option_parse( - const uint8_t **ret_option_data); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); --int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, -- struct in6_addr **addrs, size_t count); -+int dhcp6_option_parse_addresses( -+ const uint8_t *optval, -+ size_t optlen, -+ struct in6_addr **addrs, -+ size_t *count); - int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, - char ***str_arr); - int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char **str); -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 781d391c0c..8f763de133 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -699,20 +699,26 @@ int dhcp6_option_parse_ia( - return 1; - } - --int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, -- struct in6_addr **addrs, size_t count) { -+int dhcp6_option_parse_addresses( -+ const uint8_t *optval, -+ size_t optlen, -+ struct in6_addr **addrs, -+ size_t *count) { -+ -+ assert(optval); -+ assert(addrs); -+ assert(count); - - if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0) -- return -EINVAL; -+ return -EBADMSG; - -- if (!GREEDY_REALLOC(*addrs, count * sizeof(struct in6_addr) + optlen)) -+ if (!GREEDY_REALLOC(*addrs, *count + optlen / sizeof(struct in6_addr))) - return -ENOMEM; - -- memcpy(*addrs + count, optval, optlen); -+ memcpy(*addrs + *count, optval, optlen); -+ *count += optlen / sizeof(struct in6_addr); - -- count += optlen / sizeof(struct in6_addr); -- -- return count; -+ return 0; - } - - static int parse_domain(const uint8_t **data, uint16_t *len, char **out_domain) { -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 6375a22537..9c77b146c7 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -194,22 +194,13 @@ void sd_dhcp6_lease_reset_pd_prefix_iter(sd_dhcp6_lease *lease) { - } - - int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -- int r; -- - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -- if (!optlen) -+ if (optlen == 0) - return 0; - -- r = dhcp6_option_parse_ip6addrs(optval, optlen, &lease->dns, -- lease->dns_count); -- if (r < 0) -- return r; -- -- lease->dns_count = r; -- -- return 0; -+ return dhcp6_option_parse_addresses(optval, optlen, &lease->dns, &lease->dns_count); - } - - int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs) { -@@ -281,12 +272,10 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - if (sublen != 16) - return 0; - -- r = dhcp6_option_parse_ip6addrs(subval, sublen, &lease->ntp, lease->ntp_count); -+ r = dhcp6_option_parse_addresses(subval, sublen, &lease->ntp, &lease->ntp_count); - if (r < 0) - return r; - -- lease->ntp_count = r; -- - break; - - case DHCP6_NTP_SUBOPTION_SRV_FQDN: { -@@ -307,12 +296,10 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - } - - int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -- int r; -- - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -- if (!optlen) -+ if (optlen == 0) - return 0; - - if (lease->ntp || lease->ntp_fqdn) -@@ -320,14 +307,7 @@ int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) - - /* Using deprecated SNTP information */ - -- r = dhcp6_option_parse_ip6addrs(optval, optlen, &lease->ntp, -- lease->ntp_count); -- if (r < 0) -- return r; -- -- lease->ntp_count = r; -- -- return 0; -+ return dhcp6_option_parse_addresses(optval, optlen, &lease->ntp, &lease->ntp_count); - } - - int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch b/backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch deleted file mode 100644 index 5b175e4b5e49e69345f1e310bfdccec4da0bb855..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 1c71cba86be4818c1546d5f84fde5138f737e180 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 Aug 2021 21:36:04 +0900 -Subject: [PATCH] sd-dhcp6-client: fix copy-and-paste mistake - -Fix bug introduced by b47fb949b338a8e77be789542fffb8c86da79284. - -(cherry picked from commit 0c42b613485978eb82d7aff7ed426b8a8bb327af) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1c71cba86be4818c1546d5f84fde5138f737e180 ---- - src/libsystemd-network/sd-dhcp6-client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index e8c47f429a..afeb346944 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1219,7 +1219,7 @@ static int client_parse_message( - - if (lease->ia.addresses) { - lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1)); -- lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t1)); -+ lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2)); - } - - break; --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-fix-error-handling.patch b/backport-sd-dhcp6-client-fix-error-handling.patch deleted file mode 100644 index 437f5767e4b93a08fe0f4a8c90e10b7fe2165018..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-fix-error-handling.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c766dc2f77ed15e41de70e5e5f03dc4650fa55de Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 30 Nov 2021 17:58:40 +0900 -Subject: [PATCH] sd-dhcp6-client: fix error handling - -(cherry picked from commit 97e80ee4a86d4097fda78a01d8b64ad2085008f3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c766dc2f77ed15e41de70e5e5f03dc4650fa55de ---- - src/libsystemd-network/sd-dhcp6-client.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index a31dd16c01..1acca301b4 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1424,10 +1424,10 @@ static int client_receive_message( - len = recv(fd, message, buflen, 0); - if (len < 0) { - /* see comment above for why we shouldn't error out on ENETDOWN. */ -- if (IN_SET(errno, EAGAIN, EINTR, ENETDOWN)) -+ if (IN_SET(len, -EAGAIN, -EINTR, -ENETDOWN)) - return 0; - -- return log_dhcp6_client_errno(client, errno, "Could not receive message from UDP socket: %m"); -+ return log_dhcp6_client_errno(client, len, "Could not receive message from UDP socket: %m"); - - } - if ((size_t) len < sizeof(DHCP6Message)) { --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch b/backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch deleted file mode 100644 index ca540bee42c7cf8a1c2f70a9af9fd8b039b4af93..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 5193b40cebe30e6297ba8d1e8cf888ab25cea2ae Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 22 Sep 2021 10:35:56 +0300 -Subject: [PATCH] sd-dhcp6-client: ignore IAs whose IAID do not match client's - IAID - -But do not refuse whole message. - -(cherry picked from commit 469fd57f181e2a8d93f01662418ca998e1239ea5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5193b40cebe30e6297ba8d1e8cf888ab25cea2ae ---- - src/libsystemd-network/dhcp6-internal.h | 2 +- - src/libsystemd-network/dhcp6-option.c | 36 ++++++++++++++++++-- - src/libsystemd-network/sd-dhcp6-client.c | 29 +++------------- - src/libsystemd-network/test-dhcp6-client.c | 39 ++++++++++++++-------- - 4 files changed, 64 insertions(+), 42 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index f0f814957f..35cafc96ec 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -104,7 +104,7 @@ int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHash - int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, - size_t *optlen, uint8_t **optvalue); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); --int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_status_code); -+int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); - int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count); - int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 97ef03a2d2..34d7e997dd 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -509,7 +509,13 @@ static int dhcp6_option_parse_pdprefix(sd_dhcp6_client *client, DHCP6Option *opt - return 0; - } - --int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_status_code) { -+int dhcp6_option_parse_ia( -+ sd_dhcp6_client *client, -+ DHCP6Option *iaoption, -+ be32_t iaid, -+ DHCP6IA *ia, -+ uint16_t *ret_status_code) { -+ - uint32_t lt_t1, lt_t2, lt_valid = 0, lt_min = UINT32_MAX; - uint16_t iatype, optlen; - size_t iaaddr_offset; -@@ -529,6 +535,14 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I - if (len < DHCP6_OPTION_IA_NA_LEN) - return -ENOBUFS; - -+ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, -+ * but not necessary to ignore or refuse the whole message. */ -+ if (((const struct ia_na*) iaoption->data)->id != iaid) -+ /* ENOANO indicates the option should be ignored. */ -+ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), -+ "Received an IA_NA option with a different IAID " -+ "from the one chosen by the client, ignoring."); -+ - iaaddr_offset = DHCP6_OPTION_IA_NA_LEN; - memcpy(&ia->ia_na, iaoption->data, sizeof(ia->ia_na)); - -@@ -547,6 +561,14 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I - if (len < sizeof(ia->ia_pd)) - return -ENOBUFS; - -+ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, -+ * but not necessary to ignore or refuse the whole message. */ -+ if (((const struct ia_pd*) iaoption->data)->id != iaid) -+ /* ENOANO indicates the option should be ignored. */ -+ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), -+ "Received an IA_PD option with a different IAID " -+ "from the one chosen by the client, ignoring."); -+ - iaaddr_offset = sizeof(ia->ia_pd); - memcpy(&ia->ia_pd, iaoption->data, sizeof(ia->ia_pd)); - -@@ -564,13 +586,21 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I - if (len < DHCP6_OPTION_IA_TA_LEN) - return -ENOBUFS; - -+ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, -+ * but not necessary to ignore or refuse the whole message. */ -+ if (((const struct ia_ta*) iaoption->data)->id != iaid) -+ /* ENOANO indicates the option should be ignored. */ -+ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), -+ "Received an IA_TA option with a different IAID " -+ "from the one chosen by the client, ignoring."); -+ - iaaddr_offset = DHCP6_OPTION_IA_TA_LEN; -- memcpy(&ia->ia_ta.id, iaoption->data, sizeof(ia->ia_ta)); -+ memcpy(&ia->ia_ta, iaoption->data, sizeof(ia->ia_ta)); - - break; - - default: -- return -ENOMSG; -+ return -EINVAL; - } - - ia->type = iatype; -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index f99c12620b..efbf7d7df3 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1119,7 +1119,6 @@ static int client_parse_message( - while (pos < len) { - DHCP6Option *option = (DHCP6Option *) &message->options[pos]; - uint16_t optcode, optlen; -- be32_t iaid_lease; - int status; - uint8_t *optval; - -@@ -1198,8 +1197,8 @@ static int client_parse_message( - break; - } - -- r = dhcp6_option_parse_ia(client, option, &lease->ia, &ia_na_status); -- if (r < 0 && r != -ENOMSG) -+ r = dhcp6_option_parse_ia(client, option, client->ia_pd.ia_na.id, &lease->ia, &ia_na_status); -+ if (r < 0 && r != -ENOANO) - return r; - - if (ia_na_status == DHCP6_STATUS_NO_ADDRS_AVAIL) { -@@ -1207,16 +1206,6 @@ static int client_parse_message( - continue; - } - -- r = dhcp6_lease_get_iaid(lease, &iaid_lease); -- if (r < 0) -- return r; -- -- if (client->ia_na.ia_na.id != iaid_lease) { -- log_dhcp6_client(client, "%s has wrong IAID for IA NA", -- dhcp6_message_type_to_string(message->type)); -- return -EINVAL; -- } -- - if (lease->ia.addresses) { - lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1)); - lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2)); -@@ -1231,8 +1220,8 @@ static int client_parse_message( - break; - } - -- r = dhcp6_option_parse_ia(client, option, &lease->pd, &ia_pd_status); -- if (r < 0 && r != -ENOMSG) -+ r = dhcp6_option_parse_ia(client, option, client->ia_pd.ia_pd.id, &lease->pd, &ia_pd_status); -+ if (r < 0 && r != -ENOANO) - return r; - - if (ia_pd_status == DHCP6_STATUS_NO_PREFIX_AVAIL) { -@@ -1240,16 +1229,6 @@ static int client_parse_message( - continue; - } - -- r = dhcp6_lease_get_pd_iaid(lease, &iaid_lease); -- if (r < 0) -- return r; -- -- if (client->ia_pd.ia_pd.id != iaid_lease) { -- log_dhcp6_client(client, "%s has wrong IAID for IA PD", -- dhcp6_message_type_to_string(message->type)); -- return -EINVAL; -- } -- - if (lease->pd.addresses) { - lt_t1 = MIN(lt_t1, be32toh(lease->pd.ia_pd.lifetime_t1)); - lt_t2 = MIN(lt_t2, be32toh(lease->pd.ia_pd.lifetime_t2)); -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index a72c13684d..5e3b191595 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -287,25 +287,31 @@ static int test_option_status(sd_event *e) { - }; - DHCP6Option *option; - DHCP6IA ia, pd; -+ be32_t iaid; - int r = 0; - - log_debug("/* %s */", __func__); - -+ memcpy(&iaid, option1 + 4, sizeof(iaid)); -+ - zero(ia); - option = (DHCP6Option *)option1; - assert_se(sizeof(option1) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, 0, &ia, NULL); -+ assert_se(r == -ENOANO); -+ -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r == 0); - assert_se(ia.addresses == NULL); - - option->len = htobe16(17); -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r == -ENOBUFS); - assert_se(ia.addresses == NULL); - - option->len = htobe16(sizeof(DHCP6Option)); -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r == -ENOBUFS); - assert_se(ia.addresses == NULL); - -@@ -313,7 +319,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option2; - assert_se(sizeof(option2) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r >= 0); - assert_se(ia.addresses == NULL); - -@@ -321,7 +327,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option3; - assert_se(sizeof(option3) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r >= 0); - assert_se(ia.addresses != NULL); - dhcp6_lease_free_ia(&ia); -@@ -330,7 +336,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option4; - assert_se(sizeof(option4) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &pd, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &pd, NULL); - assert_se(r >= 0); - assert_se(pd.addresses != NULL); - assert_se(memcmp(&pd.ia_pd.id, &option4[4], 4) == 0); -@@ -342,7 +348,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option5; - assert_se(sizeof(option5) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &pd, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &pd, NULL); - assert_se(r >= 0); - assert_se(pd.addresses != NULL); - dhcp6_lease_free_ia(&pd); -@@ -447,13 +453,14 @@ static int test_advertise_option(sd_event *e) { - opt_clientid = true; - break; - -- case SD_DHCP6_OPTION_IA_NA: -+ case SD_DHCP6_OPTION_IA_NA: { -+ be32_t iaid = htobe32(0x0ecfa37d); -+ - assert_se(optlen == 94); - assert_se(optval == &msg_advertise[26]); - assert_se(!memcmp(optval, &msg_advertise[26], optlen)); - -- val = htobe32(0x0ecfa37d); -- assert_se(!memcmp(optval, &val, sizeof(val))); -+ assert_se(!memcmp(optval, &iaid, sizeof(val))); - - val = htobe32(80); - assert_se(!memcmp(optval + 4, &val, sizeof(val))); -@@ -461,10 +468,10 @@ static int test_advertise_option(sd_event *e) { - val = htobe32(120); - assert_se(!memcmp(optval + 8, &val, sizeof(val))); - -- assert_se(dhcp6_option_parse_ia(NULL, option, &lease->ia, NULL) >= 0); -+ assert_se(dhcp6_option_parse_ia(NULL, option, iaid, &lease->ia, NULL) >= 0); - - break; -- -+ } - case SD_DHCP6_OPTION_SERVERID: - assert_se(optlen == 14); - assert_se(optval == &msg_advertise[179]); -@@ -598,6 +605,8 @@ static void test_client_solicit_cb(sd_dhcp6_client *client, int event, - static int test_client_send_reply(DHCP6Message *request) { - DHCP6Message reply; - -+ log_debug("/* %s */", __func__); -+ - reply.transaction_id = request->transaction_id; - reply.type = DHCP6_REPLY; - -@@ -658,7 +667,7 @@ static int test_client_verify_request(DHCP6Message *request, size_t len) { - assert_se(!memcmp(optval + 8, &val, sizeof(val))); - - /* Then, this should refuse all addresses. */ -- assert_se(dhcp6_option_parse_ia(NULL, option, &lease->ia, NULL) >= 0); -+ assert_se(dhcp6_option_parse_ia(NULL, option, test_iaid, &lease->ia, NULL) >= 0); - - break; - -@@ -704,6 +713,8 @@ static int test_client_verify_request(DHCP6Message *request, size_t len) { - static int test_client_send_advertise(DHCP6Message *solicit) { - DHCP6Message advertise; - -+ log_debug("/* %s */", __func__); -+ - advertise.transaction_id = solicit->transaction_id; - advertise.type = DHCP6_ADVERTISE; - -@@ -899,6 +910,8 @@ int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address, - IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT; - DHCP6Message *message; - -+ log_debug("/* %s */", __func__); -+ - assert_se(s == test_dhcp_fd[0]); - assert_se(server_address); - assert_se(packet); --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch b/backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch deleted file mode 100644 index 6ef421914ed0ed3400cd089a00ab7378a0ea3ff1..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f160a20a6bf995617cf8a22466638755f9a07813 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 23:45:13 +0900 -Subject: [PATCH] sd-dhcp6-client: make dhcp6_lease_free() accepts NULL - -(cherry picked from commit 5cf67bb4072f149d0404398bfc359b068312ba28) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f160a20a6bf995617cf8a22466638755f9a07813 ---- - src/libsystemd-network/sd-dhcp6-lease.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 8378971422..4804f0941a 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -366,20 +366,18 @@ int sd_dhcp6_lease_get_fqdn(sd_dhcp6_lease *lease, const char **fqdn) { - } - - static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) { -- assert(lease); -+ if (!lease) -+ return NULL; - - free(lease->serverid); - dhcp6_lease_free_ia(&lease->ia); - dhcp6_lease_free_ia(&lease->pd); -- - free(lease->dns); - free(lease->fqdn); -- -- lease->domains = strv_free(lease->domains); -- -+ strv_free(lease->domains); - free(lease->ntp); -+ strv_free(lease->ntp_fqdn); - -- lease->ntp_fqdn = strv_free(lease->ntp_fqdn); - return mfree(lease); - } - --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch b/backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch deleted file mode 100644 index e9b9c03724436f37254998ef5a233907e9101976..0000000000000000000000000000000000000000 --- a/backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch +++ /dev/null @@ -1,275 +0,0 @@ -From 1cc074167fd29c6c8c9dc5d7fd6c38e4dd91ca71 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Sep 2021 14:58:28 +0900 -Subject: [PATCH] sd-dhcp6-client: modernize dhcp6_option_parse() - -- merge dhcp6_option_parse() with option_parse_hdr(). -- do not assign/update any values on error. -- use assert() instead of assert_return(), as the assertions cannot - be triggered by a library user. - -(cherry picked from commit b89a3758e92894162e3c2dcb594a55acff3274d5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1cc074167fd29c6c8c9dc5d7fd6c38e4dd91ca71 ---- - src/libsystemd-network/dhcp6-internal.h | 10 +++- - src/libsystemd-network/dhcp6-option.c | 60 ++++++++++------------ - src/libsystemd-network/sd-dhcp6-lease.c | 37 ++++++------- - src/libsystemd-network/test-dhcp6-client.c | 50 +++++++++--------- - 4 files changed, 76 insertions(+), 81 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index 96d7de8cae..8d083d3858 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -101,8 +101,14 @@ int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn); - int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *user_class); - int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *user_class); - int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHashmap *vendor_options); --int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, -- size_t *optlen, uint8_t **optvalue); -+ -+int dhcp6_option_parse( -+ const uint8_t *buf, -+ size_t buflen, -+ size_t *offset, -+ uint16_t *ret_option_code, -+ size_t *ret_option_data_len, -+ const uint8_t **ret_option_data); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); - int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 0709cfd4fd..781d391c0c 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -370,47 +370,39 @@ int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const - return dhcp6_option_append(buf, buflen, SD_DHCP6_OPTION_VENDOR_CLASS, total, p); - } - --static int option_parse_hdr(uint8_t **buf, size_t *buflen, uint16_t *optcode, size_t *optlen) { -- DHCP6Option *option = (DHCP6Option*) *buf; -- uint16_t len; -- -- assert_return(buf, -EINVAL); -- assert_return(optcode, -EINVAL); -- assert_return(optlen, -EINVAL); -- -- if (*buflen < offsetof(DHCP6Option, data)) -- return -ENOMSG; -- -- len = be16toh(option->len); -- -- if (len > *buflen) -- return -ENOMSG; -- -- *optcode = be16toh(option->code); -- *optlen = len; -+int dhcp6_option_parse( -+ const uint8_t *buf, -+ size_t buflen, -+ size_t *offset, -+ uint16_t *ret_option_code, -+ size_t *ret_option_data_len, -+ const uint8_t **ret_option_data) { - -- *buf += 4; -- *buflen -= 4; -+ const DHCP6Option *option; -+ size_t len; - -- return 0; --} -+ assert(buf); -+ assert(offset); -+ assert(ret_option_code); -+ assert(ret_option_data_len); -+ assert(ret_option_data); - --int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, -- size_t *optlen, uint8_t **optvalue) { -- int r; -+ if (buflen < offsetof(DHCP6Option, data)) -+ return -EBADMSG; - -- assert_return(buf && buflen && optcode && optlen && optvalue, -EINVAL); -+ if (*offset >= buflen - offsetof(DHCP6Option, data)) -+ return -EBADMSG; - -- r = option_parse_hdr(buf, buflen, optcode, optlen); -- if (r < 0) -- return r; -+ option = (const DHCP6Option*) (buf + *offset); -+ len = be16toh(option->len); - -- if (*optlen > *buflen) -- return -ENOBUFS; -+ if (len > buflen - offsetof(DHCP6Option, data) - *offset) -+ return -EBADMSG; - -- *optvalue = *buf; -- *buflen -= *optlen; -- *buf += *optlen; -+ *offset += offsetof(DHCP6Option, data) + len; -+ *ret_option_code = be16toh(option->code); -+ *ret_option_data_len = len; -+ *ret_option_data = option->data; - - return 0; - } -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 9082185bca..6375a22537 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -259,9 +259,6 @@ int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains) { - - int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - int r; -- uint16_t subopt; -- size_t sublen; -- uint8_t *subval; - - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); -@@ -269,10 +266,14 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - lease->ntp = mfree(lease->ntp); - lease->ntp_count = 0; - -- while ((r = dhcp6_option_parse(&optval, &optlen, &subopt, &sublen, -- &subval)) >= 0) { -- int s; -- char **servers; -+ for (size_t offset = 0; offset < optlen;) { -+ const uint8_t *subval; -+ size_t sublen; -+ uint16_t subopt; -+ -+ r = dhcp6_option_parse(optval, optlen, &offset, &subopt, &sublen, &subval); -+ if (r < 0) -+ return r; - - switch(subopt) { - case DHCP6_NTP_SUBOPTION_SRV_ADDR: -@@ -280,19 +281,18 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - if (sublen != 16) - return 0; - -- s = dhcp6_option_parse_ip6addrs(subval, sublen, -- &lease->ntp, -- lease->ntp_count); -- if (s < 0) -- return s; -+ r = dhcp6_option_parse_ip6addrs(subval, sublen, &lease->ntp, lease->ntp_count); -+ if (r < 0) -+ return r; - -- lease->ntp_count = s; -+ lease->ntp_count = r; - - break; - -- case DHCP6_NTP_SUBOPTION_SRV_FQDN: -- r = dhcp6_option_parse_domainname_list(subval, sublen, -- &servers); -+ case DHCP6_NTP_SUBOPTION_SRV_FQDN: { -+ char **servers; -+ -+ r = dhcp6_option_parse_domainname_list(subval, sublen, &servers); - if (r < 0) - return 0; - -@@ -300,12 +300,9 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - lease->ntp_fqdn_count = r; - - break; -- } -+ }} - } - -- if (r != -ENOMSG) -- return r; -- - return 0; - } - -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index 5e3b191595..5d1f709f11 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -170,47 +170,47 @@ static int test_option(sd_event *e) { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 'B', 'A', 'R', - }; -+ size_t offset, pos, optlen, outlen = sizeof(result); -+ const uint8_t *optval; - uint16_t optcode; -- size_t optlen; -- uint8_t *optval, *buf, *out; -- size_t zero = 0, pos = 3; -- size_t buflen = sizeof(packet), outlen = sizeof(result); -+ uint8_t *out; - - log_debug("/* %s */", __func__); - -- assert_se(buflen == outlen); -+ assert_se(sizeof(packet) == sizeof(result)); - -- assert_se(dhcp6_option_parse(&buf, &zero, &optcode, &optlen, -- &optval) == -ENOMSG); -+ offset = 0; -+ assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); - -- buflen -= 3; -- buf = &packet[3]; -- outlen -= 3; -- out = &result[3]; -+ offset = 3; -+ assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); -+ -+ offset = 3; -+ assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); - -- assert_se(dhcp6_option_parse(&buf, &buflen, &optcode, &optlen, -- &optval) >= 0); -- pos += 4 + optlen; -- assert_se(buf == &packet[pos]); - assert_se(optcode == SD_DHCP6_OPTION_ORO); - assert_se(optlen == 7); -- assert_se(buflen + pos == sizeof(packet)); -+ assert_se(optval == packet + 7); -+ -+ pos = 3; -+ outlen -= 3; -+ out = &result[3]; - -- assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, -- optval) >= 0); -+ assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); -+ -+ pos += 4 + optlen; - assert_se(out == &result[pos]); - assert_se(*out == 0x00); - -- assert_se(dhcp6_option_parse(&buf, &buflen, &optcode, &optlen, -- &optval) >= 0); -- pos += 4 + optlen; -- assert_se(buf == &packet[pos]); -+ assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); -+ - assert_se(optcode == SD_DHCP6_OPTION_VENDOR_CLASS); - assert_se(optlen == 9); -- assert_se(buflen + pos == sizeof(packet)); -+ assert_se(optval == packet + 18); -+ -+ assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); - -- assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, -- optval) >= 0); -+ pos += 4 + optlen; - assert_se(out == &result[pos]); - assert_se(*out == 'B'); - --- -2.33.0 - diff --git a/backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch b/backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch deleted file mode 100644 index caec0efdd3efe711491f8178ce3437f480a739cc..0000000000000000000000000000000000000000 --- a/backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 439a271943aa182002e5fb64f1a216415e556472 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 9 Nov 2021 00:11:38 +0100 -Subject: [PATCH] sd-event: don't destroy inotify data structures from inotify - event handler - -This fixes a bad memory access when we destroy an inotify source handler -from the handler itself, and thus destroy the associated inotify_data -structures. - -Fixes: #20177 -(cherry picked from commit 53baf2efa420cab6c4b1904c9a0c46a0c4ec80a1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/439a271943aa182002e5fb64f1a216415e556472 ---- - src/libsystemd/sd-event/event-source.h | 5 ++++ - src/libsystemd/sd-event/sd-event.c | 40 +++++++++++++++++++++++--- - 2 files changed, 41 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h -index d2dc21470e..7a0f14ecce 100644 ---- a/src/libsystemd/sd-event/event-source.h -+++ b/src/libsystemd/sd-event/event-source.h -@@ -214,6 +214,11 @@ struct inotify_data { - * the events locally if they can't be coalesced). */ - unsigned n_pending; - -+ /* If this counter is non-zero, don't GC the inotify data object even if not used to watch any inode -+ * anymore. This is useful to pin the object for a bit longer, after the last event source needing it -+ * is gone. */ -+ unsigned n_busy; -+ - /* A linked list of all inotify objects with data already read, that still need processing. We keep this list - * to make it efficient to figure out what inotify objects to process data on next. */ - LIST_FIELDS(struct inotify_data, buffered); -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 99c0acfa54..3b4d938546 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -1820,6 +1820,29 @@ static void event_free_inode_data( - free(d); - } - -+static void event_gc_inotify_data( -+ sd_event *e, -+ struct inotify_data *d) { -+ -+ assert(e); -+ -+ /* GCs the inotify data object if we don't need it anymore. That's the case if we don't want to watch -+ * any inode with it anymore, which in turn happens if no event source of this priority is interested -+ * in any inode any longer. That said, we maintain an extra busy counter: if non-zero we'll delay GC -+ * (under the expectation that the GC is called again once the counter is decremented). */ -+ -+ if (!d) -+ return; -+ -+ if (!hashmap_isempty(d->inodes)) -+ return; -+ -+ if (d->n_busy > 0) -+ return; -+ -+ event_free_inotify_data(e, d); -+} -+ - static void event_gc_inode_data( - sd_event *e, - struct inode_data *d) { -@@ -1837,8 +1860,7 @@ static void event_gc_inode_data( - inotify_data = d->inotify_data; - event_free_inode_data(e, d); - -- if (inotify_data && hashmap_isempty(inotify_data->inodes)) -- event_free_inotify_data(e, inotify_data); -+ event_gc_inotify_data(e, inotify_data); - } - - static int event_make_inode_data( -@@ -3556,13 +3578,23 @@ static int source_dispatch(sd_event_source *s) { - sz = offsetof(struct inotify_event, name) + d->buffer.ev.len; - assert(d->buffer_filled >= sz); - -+ /* If the inotify callback destroys the event source then this likely means we don't need to -+ * watch the inode anymore, and thus also won't need the inotify object anymore. But if we'd -+ * free it immediately, then we couldn't drop the event from the inotify event queue without -+ * memory corruption anymore, as below. Hence, let's not free it immediately, but mark it -+ * "busy" with a counter (which will ensure it's not GC'ed away prematurely). Let's then -+ * explicitly GC it after we are done dropping the inotify event from the buffer. */ -+ d->n_busy++; - r = s->inotify.callback(s, &d->buffer.ev, s->userdata); -+ d->n_busy--; - -- /* When no event is pending anymore on this inotify object, then let's drop the event from the -- * buffer. */ -+ /* When no event is pending anymore on this inotify object, then let's drop the event from -+ * the inotify event queue buffer. */ - if (d->n_pending == 0) - event_inotify_data_drop(e, d, sz); - -+ /* Now we don't want to access 'd' anymore, it's OK to GC now. */ -+ event_gc_inotify_data(e, d); - break; - } - --- -2.33.0 - diff --git a/backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch b/backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch deleted file mode 100644 index aef1bcea0730474376583a61da0c9a0bccc9ba4d..0000000000000000000000000000000000000000 --- a/backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3aa1cf93ad9eff91e8d26fb4628ac33b620b6b28 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 6 Jan 2023 11:27:17 +0100 -Subject: [PATCH] sd-event: don't mistake USEC_INFINITY passed in for overflow - -Let's pass USEC_INFINITY from sd_event_source_set_time_relative() to -sd_event_source_set_time() instead of raising EOVERFLOW. - -We should raise EOVERFLOW only if your addition fails, but not if the -input already is USEC_INFINITY, since it's an entirely valid operation -to have an infinite time-out, and we should support that. - -(cherry picked from commit ef8591951aefccb668201f24aa481aa6cda834da) -(cherry picked from commit 9769d84fe51573b4f2d5cb8f76664e886c7daf88) -(cherry picked from commit 5fe49d0fb88b779d5096713627ce54757bff70b2) -(cherry picked from commit 33036c403225ad0c88c9e5a9058aea69ff6ed9bc) ---- - src/libsystemd/sd-event/sd-event.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 4ba7151050..19e7680687 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -2611,6 +2611,9 @@ _public_ int sd_event_source_set_time_relative(sd_event_source *s, uint64_t usec - assert_return(s, -EINVAL); - assert_return(EVENT_SOURCE_IS_TIME(s->type), -EDOM); - -+ if (usec == USEC_INFINITY) -+ return sd_event_source_set_time(s, USEC_INFINITY); -+ - r = sd_event_now(s->event, event_source_type_to_clock(s->type), &t); - if (r < 0) - return r; --- -2.27.0 - diff --git a/backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch b/backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch deleted file mode 100644 index fb953ee2bc01159137b9f884be3d8a75d29af3bc..0000000000000000000000000000000000000000 --- a/backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b369b5884d52e5fd5fde0de78323d16a969df9d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 19 Dec 2022 14:36:08 +0100 -Subject: [PATCH] sd-event: never pass negative errnos as signalfd to signalfd - -We treat any negative value as "invalid fd", but signalfd only -accepts -1. - -(cherry picked from commit cbff793ffb280d9d11e5d7b1dc3964276491bee8) -(cherry picked from commit 54c840ea58c578060e941f754a4fed2931483820) -(cherry picked from commit 4178457f0ec07452f856894988e5490bbc91cc36) -(cherry picked from commit 0accce1b1c5d67e4183cb67f0bbbaaf7fc50c9f6) ---- - src/libsystemd/sd-event/sd-event.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 20ffd38eff..4ba7151050 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -649,7 +649,9 @@ static int event_make_signal_data( - ss_copy = d->sigset; - assert_se(sigaddset(&ss_copy, sig) >= 0); - -- r = signalfd(d->fd, &ss_copy, SFD_NONBLOCK|SFD_CLOEXEC); -+ r = signalfd(d->fd >= 0 ? d->fd : -1, /* the first arg must be -1 or a valid signalfd */ -+ &ss_copy, -+ SFD_NONBLOCK|SFD_CLOEXEC); - if (r < 0) { - r = -errno; - goto fail; --- -2.27.0 - diff --git a/backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch b/backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch deleted file mode 100644 index 8f600cc75807159c1c8c7e4a71c4c91282cb1368..0000000000000000000000000000000000000000 --- a/backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a93ddddd00860bda05df72cfd5b80be9b3a93023 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 8 Sep 2021 15:42:11 +0200 -Subject: [PATCH] sd-event: take ref on event loop object before dispatching - event sources - -Idea is that all public APIs should take reference on objects that get -exposed to user-provided callbacks. We take the reference as a -protection from callbacks dropping it. We used to do this also here in -sd_event_loop(). However, in cleanup portion of f814c871e6 this was -accidentally dropped. - -(cherry picked from commit 9f6ef467818f902fe5369c8e37a39a3901bdcf4f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a93ddddd00860bda05df72cfd5b80be9b3a93023 ---- - src/libsystemd/sd-event/sd-event.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index e9199deb41..99c0acfa54 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -4154,7 +4154,7 @@ _public_ int sd_event_loop(sd_event *e) { - assert_return(!event_pid_changed(e), -ECHILD); - assert_return(e->state == SD_EVENT_INITIAL, -EBUSY); - -- _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = NULL; -+ _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = sd_event_ref(e); - - while (e->state != SD_EVENT_FINISHED) { - r = sd_event_run(e, UINT64_MAX); --- -2.33.0 - diff --git a/backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch b/backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch deleted file mode 100644 index fc300e1c800b381acc20a30607d58bd23d70a7df..0000000000000000000000000000000000000000 --- a/backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 2f5b486edfdb6dc3d5465fe7569c19560208813c Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Sep 2021 15:08:46 +0100 -Subject: [PATCH] sd-journal: Don't compare hashes from different journal files - -In sd_journal_enumerate_fields(), we check if we've already handled -a field by checking if we can find it in any of the already processed -journal files. We do this by calling -journal_file_find_field_object_with_hash(), which compares the size, -payload and hash of the given field against all fields in a journal file, -trying to find a match. However, since we now use per file hash functions, -hashes for the same fields will differ between different journal files, -meaning we'll never find an actual match. - -To fix the issue(), let's use journal_file_find_field_object() when one -or more of the files we're comparing is using per file keyed hashes. -journal_file_find_field_object() only takes the field payload and size -as arguments and calculates the hash itself using the hash function from -the journal file we're searching in. - -(cherry picked from commit 27bf0ab76e13611dce10210f2a22fb5fba05adbb) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2f5b486edfdb6dc3d5465fe7569c19560208813c ---- - src/libsystemd/sd-journal/sd-journal.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 5728c537bc..a2fbc1b037 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -3158,7 +3158,11 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) { - if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0) - continue; - -- r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, le64toh(o->field.hash), NULL, NULL); -+ if (!JOURNAL_HEADER_KEYED_HASH(f->header) && !JOURNAL_HEADER_KEYED_HASH(of->header)) -+ r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, -+ le64toh(o->field.hash), NULL, NULL); -+ else -+ r = journal_file_find_field_object(of, o->field.payload, sz, NULL, NULL); - if (r < 0) - return r; - if (r > 0) { --- -2.33.0 - diff --git a/backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch b/backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch deleted file mode 100644 index cccaf5d1ecbc7dae95de2fb33d995aad7235a614..0000000000000000000000000000000000000000 --- a/backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 99ae9b83b42abbe54c059ae964b737b64ae17df9 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 15 Sep 2021 13:05:46 +0100 -Subject: [PATCH] sd-journal: Ignore data threshold if set to zero in - sd_journal_enumerate_fields() - -According to the documentation, Setting the data threshold to zero disables the -data threshold alltogether. Let's make sure we actually implement this behaviour -in sd_journal_enumerate_fields() by only applying the data threshold if it exceeds -zero. - -(cherry picked from commit adbd80f51088058d55e703abe0ac11476cfe0ba4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/99ae9b83b42abbe54c059ae964b737b64ae17df9 ---- - src/libsystemd/sd-journal/sd-journal.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index a2fbc1b037..b3240177cb 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -3178,7 +3178,7 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) { - if (memchr(o->field.payload, 0, sz)) - return -EBADMSG; - -- if (sz > j->data_threshold) -+ if (j->data_threshold > 0 && sz > j->data_threshold) - sz = j->data_threshold; - - if (!GREEDY_REALLOC(j->fields_buffer, sz + 1)) --- -2.33.0 - diff --git a/backport-sd-journal-fix-segfault-when-match_new-fails.patch b/backport-sd-journal-fix-segfault-when-match_new-fails.patch deleted file mode 100644 index 27bf8c1ae3a54abbb8b2eced4218c50802541423..0000000000000000000000000000000000000000 --- a/backport-sd-journal-fix-segfault-when-match_new-fails.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4bf497c3814e2f612cb055b838a656e6e14c0ed0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Dec 2021 21:45:29 +0900 -Subject: [PATCH] sd-journal: fix segfault when match_new() fails - -Fixes #21867. - -(cherry picked from commit 39dfc0de05238410e2cd4d7c0176a3f3994cc563) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4bf497c3814e2f612cb055b838a656e6e14c0ed0 ---- - src/libsystemd/sd-journal/sd-journal.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 63b8f0dc7b..dd28b8008f 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -211,7 +211,7 @@ static Match *match_new(Match *p, MatchType t) { - return m; - } - --static void match_free(Match *m) { -+static Match *match_free(Match *m) { - assert(m); - - while (m->matches) -@@ -221,14 +221,14 @@ static void match_free(Match *m) { - LIST_REMOVE(matches, m->parent->matches, m); - - free(m->data); -- free(m); -+ return mfree(m); - } - --static void match_free_if_empty(Match *m) { -+static Match *match_free_if_empty(Match *m) { - if (!m || m->matches) -- return; -+ return m; - -- match_free(m); -+ return match_free(m); - } - - _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { -@@ -323,9 +323,9 @@ _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) - fail: - match_free(m); - match_free_if_empty(add_here); -- match_free_if_empty(j->level2); -- match_free_if_empty(j->level1); -- match_free_if_empty(j->level0); -+ j->level2 = match_free_if_empty(j->level2); -+ j->level1 = match_free_if_empty(j->level1); -+ j->level0 = match_free_if_empty(j->level0); - - return -ENOMEM; - } --- -2.33.0 - diff --git a/backport-sd-journal-free-incomplete-match-on-failure.patch b/backport-sd-journal-free-incomplete-match-on-failure.patch deleted file mode 100644 index 9b083e639b2a076495c3858a7de2c4bf6693a561..0000000000000000000000000000000000000000 --- a/backport-sd-journal-free-incomplete-match-on-failure.patch +++ /dev/null @@ -1,37 +0,0 @@ -From cd9b726453398bef20c66f30a454eb503f7bcb72 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Dec 2021 21:35:29 +0900 -Subject: [PATCH] sd-journal: free incomplete match on failure - -(cherry picked from commit 418cce628cf28d4feaeda60241cf9781f8afbf1c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cd9b726453398bef20c66f30a454eb503f7bcb72 ---- - src/libsystemd/sd-journal/sd-journal.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 71875a4dc8..63b8f0dc7b 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -232,7 +232,7 @@ static void match_free_if_empty(Match *m) { - } - - _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { -- Match *l3, *l4, *add_here = NULL, *m; -+ Match *l3, *l4, *add_here = NULL, *m = NULL; - uint64_t hash; - - assert_return(j, -EINVAL); -@@ -321,6 +321,7 @@ _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) - return 0; - - fail: -+ match_free(m); - match_free_if_empty(add_here); - match_free_if_empty(j->level2); - match_free_if_empty(j->level1); --- -2.33.0 - diff --git a/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch b/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch deleted file mode 100644 index fbc2b69db83c90b29f5a700d6bb959e60d82c5a2..0000000000000000000000000000000000000000 --- a/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5e069e405a73ff5a406598436fe21d6dabbb281c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 May 2022 16:05:04 +0900 -Subject: [PATCH] sd-lldp: use memcpy_safe() as the buffer size may be zero - -(cherry picked from commit 87bd4b79e692f384c2190c9b3824df4853333018) ---- - src/libsystemd-network/lldp-neighbor.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c -index 372bc2ef93..bc98235ce1 100644 ---- a/src/libsystemd-network/lldp-neighbor.c -+++ b/src/libsystemd-network/lldp-neighbor.c -@@ -652,7 +652,8 @@ int sd_lldp_neighbor_from_raw(sd_lldp_neighbor **ret, const void *raw, size_t ra - if (!n) - return -ENOMEM; - -- memcpy(LLDP_NEIGHBOR_RAW(n), raw, raw_size); -+ memcpy_safe(LLDP_NEIGHBOR_RAW(n), raw, raw_size); -+ - r = lldp_neighbor_parse(n); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-sd-netlink-always-append-new-bridge-FDB-entries.patch b/backport-sd-netlink-always-append-new-bridge-FDB-entries.patch deleted file mode 100644 index 28959a9a37146631f29ed1787f35a55d6eb04abd..0000000000000000000000000000000000000000 --- a/backport-sd-netlink-always-append-new-bridge-FDB-entries.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f65dedbb8f3bd8a0ec69a02f63f62f339a791423 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 18:16:44 +0900 -Subject: [PATCH] sd-netlink: always append new bridge FDB entries - -This partially reverts 192a9d95ea3e058afd824d38a9cea16ad0a84a57 (#19432). - -Fixes #20305. - -(cherry picked from commit 74c1ab841fbad9d4f237c819577fcd1d46a072b6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f65dedbb8f3bd8a0ec69a02f63f62f339a791423 ---- - src/libsystemd/sd-netlink/rtnl-message.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c -index e771b95e08..7f83bf58b3 100644 ---- a/src/libsystemd/sd-netlink/rtnl-message.c -+++ b/src/libsystemd/sd-netlink/rtnl-message.c -@@ -443,8 +443,12 @@ int sd_rtnl_message_new_neigh(sd_netlink *rtnl, sd_netlink_message **ret, uint16 - if (r < 0) - return r; - -- if (nlmsg_type == RTM_NEWNEIGH) -- (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_REPLACE; -+ if (nlmsg_type == RTM_NEWNEIGH) { -+ if (ndm_family == AF_BRIDGE) -+ (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND; -+ else -+ (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_REPLACE; -+ } - - ndm = NLMSG_DATA((*ret)->hdr); - --- -2.33.0 - diff --git a/backport-seccomp-Always-install-filters-for-native-architectu.patch b/backport-seccomp-Always-install-filters-for-native-architectu.patch deleted file mode 100644 index 91671e69f649a071f2b19bac1675b90c368589fc..0000000000000000000000000000000000000000 --- a/backport-seccomp-Always-install-filters-for-native-architectu.patch +++ /dev/null @@ -1,64 +0,0 @@ -From ba8bce7b562f9ef83a4de697eae2f97cf1806e3d Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Fri, 17 Sep 2021 13:05:32 +0200 -Subject: [PATCH] seccomp: Always install filters for native architecture - -The commit 6597686865ff ("seccomp: don't install filters for archs that -can't use syscalls") introduced a regression where filters may not be -installed for the "native" architecture. This means that setting -SystemCallArchitectures=native for a unit effectively disables the -SystemCallFilter= and SystemCallLog= options. - -Conceptually, we have two filter stages: - 1. architecture used for syscall (SystemCallArchitectures=) - 2. syscall + architecture combination (SystemCallFilter=) - -The above commit tried to optimize the filter generation by skipping the -second level filtering when it is not required. - -However, systemd will never fully block the "native" architecture using -the first level filter. This makes the code a lot simpler, as systemd -can execve() the target binary using its own architecture. And, it -should be perfectly fine as the "native" architecture will always be the -one with the most restrictive seccomp filtering. - -Said differently, the bug arises because (on x86_64): - 1. x86_64 is permitted by libseccomp already - 2. native != x86_64 - 3. the loop wants to block x86_64 because the permitted set only - contains "native" (i.e. "native" != "x86_64") - 4. x86_64 is marked as blocked in seccomp_local_archs - -Thereby we have an inconsistency, where it is marked as blocked in the -seccomp_local_archs array but it is allowed by libseccomp. i.e. we will -skip generating filter stage 2 without having stage 1 in place. - -The fix is simple, we just skip the native architecture when looping -seccomp_local_archs. This way the inconsistency cannot happen. - -(cherry picked from commit f833df38488ea40fc3d601ccefd64cfa3fce8bb4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ba8bce7b562f9ef83a4de697eae2f97cf1806e3d ---- - src/shared/seccomp-util.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 631ca5dd34..31d6b542c0 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -1789,6 +1789,10 @@ int seccomp_restrict_archs(Set *archs) { - for (unsigned i = 0; seccomp_local_archs[i] != SECCOMP_LOCAL_ARCH_END; ++i) { - uint32_t arch = seccomp_local_archs[i]; - -+ /* See above comment, our "native" architecture is never blocked. */ -+ if (arch == seccomp_arch_native()) -+ continue; -+ - /* That architecture might have already been blocked by a previous call to seccomp_restrict_archs. */ - if (arch == SECCOMP_LOCAL_ARCH_BLOCKED) - continue; --- -2.33.0 - diff --git a/backport-seccomp-drop-getrandom-from-system-service.patch b/backport-seccomp-drop-getrandom-from-system-service.patch deleted file mode 100644 index ae771d088b5a84aa3ff79dfbd98158b745dbed21..0000000000000000000000000000000000000000 --- a/backport-seccomp-drop-getrandom-from-system-service.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9eb9b07c404be8d59a800c70593809a69f0d0e55 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 27 Jul 2021 17:10:21 +0200 -Subject: [PATCH] seccomp: drop getrandom() from @system-service - -It's included in @default now, since -14f4b1b568907350d023d1429c1aa4aaa8925f22, and since @system-service -pulls that in we can drop it from @system-service. - -Follow-up for #20191 - -(cherry picked from commit 67347f37407489a68e12da8f75b78ae1d1168de9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9eb9b07c404be8d59a800c70593809a69f0d0e55 ---- - src/shared/seccomp-util.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index cad0af89f2..703d5a939c 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -859,7 +859,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "get_mempolicy\0" - "getcpu\0" - "getpriority\0" -- "getrandom\0" - "ioctl\0" - "ioprio_get\0" - "kcmp\0" --- -2.33.0 - diff --git a/backport-seccomp-move-arch_prctl-to-default.patch b/backport-seccomp-move-arch_prctl-to-default.patch deleted file mode 100644 index 4a305c4a0ba24f36d482798d2dd127394110a230..0000000000000000000000000000000000000000 --- a/backport-seccomp-move-arch_prctl-to-default.patch +++ /dev/null @@ -1,54 +0,0 @@ -From cf6d1dcc93ad7caedaa139d3c0377f7524fe1013 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Jan 2022 15:23:55 +0100 -Subject: [PATCH] seccomp: move arch_prctl to @default - -It was reported as used by the linker: - -> [It is] called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start. -> My local call stack (with LTO): -> -> #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2) -> #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2) -> #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2) -> #3 _start (/usr/lib64/ld-linux-x86-64.so.2) -> -> Looking through the source, I think it's this (links for glibc 2.34): -> - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features. -> - Then init_cpu_features calls get_cet_status. -> - At last, get_cet_status invokes arch_prctl. - -Fixes #22033. - -(cherry picked from commit 5f02870a74aa3a758115cc9bd6d68f239caf8453) -(cherry picked from commit d08f6ff204c8525f7533875128468afb8be60ae0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cf6d1dcc93ad7caedaa139d3c0377f7524fe1013 ---- - src/shared/seccomp-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 2d73354e1a..ccfa4cc56a 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -283,6 +283,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - .name = "@default", - .help = "System calls that are always permitted", - .value = -+ "arch_prctl\0" /* Used during platform-specific initialization by ld-linux.so. */ - "brk\0" - "cacheflush\0" - "clock_getres\0" -@@ -712,7 +713,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - .name = "@process", - .help = "Process control, execution, namespacing operations", - .value = -- "arch_prctl\0" - "capget\0" /* Able to query arbitrary processes */ - "clone\0" - "clone3\0" --- -2.33.0 - diff --git a/backport-seccomp-move-mprotect-to-default.patch b/backport-seccomp-move-mprotect-to-default.patch deleted file mode 100644 index 05be12fff3ca311c3ea6ce2fe13d5b30bcd418ec..0000000000000000000000000000000000000000 --- a/backport-seccomp-move-mprotect-to-default.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 13 Nov 2021 16:08:25 +0100 -Subject: [PATCH] seccomp: move mprotect to @default - -With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early -init with a restrictive syscall filter that does not include @system-service. -I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4: - -Author: Florian Weimer -Date: Mon May 10 10:31:41 2021 +0200 - - nptl: Move changing of stack permissions into ld.so - - All the stack lists are now in _rtld_global, so it is possible - to change stack permissions directly from there, instead of - calling into libpthread to do the change. - -It seems that this call will now be very widely used, so let's just move it to -default to avoid too many failures. - -(cherry picked from commit 4728625490b70ac4a686b1655c08ad3fe7b97359) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f ---- - src/shared/seccomp-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 31d6b542c0..2d73354e1a 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -324,6 +324,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "membarrier\0" - "mmap\0" - "mmap2\0" -+ "mprotect\0" - "munmap\0" - "nanosleep\0" - "pause\0" -@@ -864,7 +865,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "ioprio_get\0" - "kcmp\0" - "madvise\0" -- "mprotect\0" - "mremap\0" - "name_to_handle_at\0" - "oldolduname\0" --- -2.33.0 - diff --git a/backport-seccomp-move-sched_getaffinity-from-system-service-t.patch b/backport-seccomp-move-sched_getaffinity-from-system-service-t.patch deleted file mode 100644 index 32e96e97002039637cb9385a13fd963fc1f476f5..0000000000000000000000000000000000000000 --- a/backport-seccomp-move-sched_getaffinity-from-system-service-t.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 77681242c8c6d7693814b8245e9096e43faa21be Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 27 Jul 2021 17:11:09 +0200 -Subject: [PATCH] seccomp: move sched_getaffinity() from @system-service to - @default - -See: https://github.com/systemd/systemd/pull/20191#issuecomment-881982739 - -In general, we shouldn't blanket move syscalls like this into @default, -given that glibc actually does have fallbacks, afaics. However, as -long as the syscalls are "read-only" and thus benign, I figure it's a -safe thing to do. But we should probably stick to a "if in doubt, don't" -rule, and put these syscalls in @system-service as default, but not into -@default. - -I think in the real world @system-service is the sensible group people -should use, and not @default actually. - -(cherry picked from commit 7df660e45682af5c40a236abe1bdc5ddcf3b3533) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/77681242c8c6d7693814b8245e9096e43faa21be ---- - src/shared/seccomp-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 703d5a939c..631ca5dd34 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -331,6 +331,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "restart_syscall\0" - "rseq\0" - "rt_sigreturn\0" -+ "sched_getaffinity\0" - "sched_yield\0" - "set_robust_list\0" - "set_thread_area\0" -@@ -874,7 +875,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "remap_file_pages\0" - "sched_get_priority_max\0" - "sched_get_priority_min\0" -- "sched_getaffinity\0" - "sched_getattr\0" - "sched_getparam\0" - "sched_getscheduler\0" --- -2.33.0 - diff --git a/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch b/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch deleted file mode 100644 index bd18b74a9529f49460790150a7d38afcc1a7356d..0000000000000000000000000000000000000000 --- a/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 412b89a6e8055f2c8c9db4b6b847f081e00461ff Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 6 May 2022 17:36:47 +0200 -Subject: [PATCH] shared/bootspec: avoid crashing on config without a value - -(cherry picked from commit b6bd2562ebb01b48cdb55a970d9daa1799b59876) ---- - src/shared/bootspec.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c -index 0076092c2a..9e2b2899bd 100644 ---- a/src/shared/bootspec.c -+++ b/src/shared/bootspec.c -@@ -124,6 +124,13 @@ static int boot_entry_load( - continue; - } - -+ if (isempty(p)) { -+ /* Some fields can reasonably have an empty value. In other cases warn. */ -+ if (!STR_IN_SET(field, "options", "devicetree-overlay")) -+ log_warning("%s:%u: Field %s without value", tmp.path, line, field); -+ continue; -+ } -+ - if (streq(field, "title")) - r = free_and_strdup(&tmp.title, p); - else if (streq(field, "version")) --- -2.33.0 - diff --git a/backport-shared-condition-avoid-nss-lookup-in-PID1.patch b/backport-shared-condition-avoid-nss-lookup-in-PID1.patch deleted file mode 100644 index 273f8b8d7cf36006c7c3c7d1056fcc8164f5f78f..0000000000000000000000000000000000000000 --- a/backport-shared-condition-avoid-nss-lookup-in-PID1.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 03101b5186a43b893165f44726f4865702005d8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Oct 2022 17:34:53 +0200 -Subject: [PATCH] shared/condition: avoid nss lookup in PID1 - -PID 1 is not allowed to do nss lookups because this may take a long time or -even deadlock. - -While at it, the comparisons are reordered to do the "easy" comparisons which -only require a string comparison first. Delay parsing of the UID until it is -really necessary. The result is the same, because we know that "root" and -"nobody" parse as valid. - -(cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1) -(cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5) -(cherry picked from commit 4ddeea92faf69291449af95dc9ba6440ad06ec1b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/03101b5186a43b893165f44726f4865702005d8e ---- - src/shared/condition.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index b0520566ed..ed7de273bf 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -373,31 +373,36 @@ static int condition_test_cpus(Condition *c, char **env) { - static int condition_test_user(Condition *c, char **env) { - uid_t id; - int r; -- _cleanup_free_ char *username = NULL; -- const char *u; - - assert(c); - assert(c->parameter); - assert(c->type == CONDITION_USER); - -+ /* Do the quick&easy comparisons first, and only parse the UID later. */ -+ if (streq(c->parameter, "root")) -+ return getuid() == 0 || geteuid() == 0; -+ if (streq(c->parameter, NOBODY_USER_NAME)) -+ return getuid() == UID_NOBODY || geteuid() == UID_NOBODY; -+ if (streq(c->parameter, "@system")) -+ return uid_is_system(getuid()) || uid_is_system(geteuid()); -+ - r = parse_uid(c->parameter, &id); - if (r >= 0) - return id == getuid() || id == geteuid(); - -- if (streq("@system", c->parameter)) -- return uid_is_system(getuid()) || uid_is_system(geteuid()); -+ if (getpid_cached() == 1) /* We already checked for "root" above, and we know that -+ * PID 1 is running as root, hence we know it cannot match. */ -+ return false; - -- username = getusername_malloc(); -+ /* getusername_malloc() may do an nss lookup, which is not allowed in PID 1. */ -+ _cleanup_free_ char *username = getusername_malloc(); - if (!username) - return -ENOMEM; - - if (streq(username, c->parameter)) - return 1; - -- if (getpid_cached() == 1) -- return streq(c->parameter, "root"); -- -- u = c->parameter; -+ const char *u = c->parameter; - r = get_user_creds(&u, &id, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING); - if (r < 0) - return 0; --- -2.27.0 - diff --git a/backport-shared-format-table-allocate-buffer-of-sufficient-si.patch b/backport-shared-format-table-allocate-buffer-of-sufficient-si.patch deleted file mode 100644 index ebe05afadd1e218dd54ddcce724d26df5374a4cb..0000000000000000000000000000000000000000 --- a/backport-shared-format-table-allocate-buffer-of-sufficient-si.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e6407ca25852dadec355df2e6fdc92d1f189bceb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 5 Jul 2021 21:29:11 +0200 -Subject: [PATCH] shared/format-table: allocate buffer of sufficient size - -(cherry picked from commit 6dc57047ff0f1f9e98938ffb172dae06e6868b94) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e6407ca25852dadec355df2e6fdc92d1f189bceb ---- - src/shared/format-table.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/format-table.c b/src/shared/format-table.c -index c4c3439541..4c4e4593d8 100644 ---- a/src/shared/format-table.c -+++ b/src/shared/format-table.c -@@ -1409,7 +1409,7 @@ static const char *table_data_format(Table *t, TableData *d, bool avoid_uppercas - _cleanup_free_ char *p = NULL; - char *ret; - -- p = new(char, FORMAT_TIMESTAMP_MAX); -+ p = new(char, d->type == TABLE_TIMESTAMP_RELATIVE ? FORMAT_TIMESTAMP_RELATIVE_MAX : FORMAT_TIMESTAMP_MAX); - if (!p) - return NULL; - -@@ -1418,7 +1418,7 @@ static const char *table_data_format(Table *t, TableData *d, bool avoid_uppercas - else if (d->type == TABLE_TIMESTAMP_UTC) - ret = format_timestamp_style(p, FORMAT_TIMESTAMP_MAX, d->timestamp, TIMESTAMP_UTC); - else -- ret = format_timestamp_relative(p, FORMAT_TIMESTAMP_MAX, d->timestamp); -+ ret = format_timestamp_relative(p, FORMAT_TIMESTAMP_RELATIVE_MAX, d->timestamp); - if (!ret) - return "n/a"; - --- -2.33.0 - diff --git a/backport-shared-json-fix-memory-leak-on-failed-normalization.patch b/backport-shared-json-fix-memory-leak-on-failed-normalization.patch deleted file mode 100644 index f7fd5ef59aa05c08adf16b52b96cf915a8ea9def..0000000000000000000000000000000000000000 --- a/backport-shared-json-fix-memory-leak-on-failed-normalization.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c1dbf637d7f5588a19b5d9ea812fee2e68a6dcfa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 9 May 2022 14:28:36 +0200 -Subject: [PATCH] shared/json: fix memory leak on failed normalization - -We need to increase the counter immediately after taking the ref, -otherwise we may not unref it properly if we fail before incrementing. - -(cherry picked from commit 7e4be6a5845f983a299932d4ccb2c4349cf8dd52) ---- - src/shared/json.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/shared/json.c b/src/shared/json.c -index dff95eda26..711aa36c87 100644 ---- a/src/shared/json.c -+++ b/src/shared/json.c -@@ -4680,10 +4680,11 @@ int json_variant_normalize(JsonVariant **v) { - if (!a) - return -ENOMEM; - -- for (i = 0; i < m; i++) { -+ for (i = 0; i < m; ) { - a[i] = json_variant_ref(json_variant_by_index(*v, i)); -+ i++; - -- r = json_variant_normalize(a + i); -+ r = json_variant_normalize(&a[i-1]); - if (r < 0) - goto finish; - } --- -2.33.0 - diff --git a/backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch b/backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch deleted file mode 100644 index b9e39caa5958d7a3ddd60cdb6a5dde01232dc138..0000000000000000000000000000000000000000 --- a/backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 20c776c5e92201e01d4bfbea4ecbc4df758bcf09 Mon Sep 17 00:00:00 2001 -From: Egor -Date: Sun, 3 Oct 2021 03:42:50 +0300 -Subject: [PATCH] sleep: don't skip resume device with low priority/available - space - -this fixes hibernation when there's a higher priority swap preceding -the resume swap in /proc/swaps. - -fixes #19486 - -(cherry picked from commit 936a7cb66a0b423e75ceef87f02537067ad17002) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/20c776c5e92201e01d4bfbea4ecbc4df758bcf09 ---- - src/shared/sleep-config.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c -index dbaecb3a0f..8ec3d09a58 100644 ---- a/src/shared/sleep-config.c -+++ b/src/shared/sleep-config.c -@@ -392,15 +392,17 @@ int find_hibernate_location(HibernateLocation **ret_hibernate_location) { - } - - /* prefer resume device or highest priority swap with most remaining space */ -- if (hibernate_location && swap->priority < hibernate_location->swap->priority) { -- log_debug("%s: ignoring device with lower priority", swap->device); -- continue; -- } -- if (hibernate_location && -- (swap->priority == hibernate_location->swap->priority -- && swap->size - swap->used < hibernate_location->swap->size - hibernate_location->swap->used)) { -- log_debug("%s: ignoring device with lower usable space", swap->device); -- continue; -+ if (sys_resume == 0) { -+ if (hibernate_location && swap->priority < hibernate_location->swap->priority) { -+ log_debug("%s: ignoring device with lower priority", swap->device); -+ continue; -+ } -+ if (hibernate_location && -+ (swap->priority == hibernate_location->swap->priority -+ && swap->size - swap->used < hibernate_location->swap->size - hibernate_location->swap->used)) { -+ log_debug("%s: ignoring device with lower usable space", swap->device); -+ continue; -+ } - } - - dev_t swap_device; --- -2.33.0 - diff --git a/backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch b/backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch deleted file mode 100644 index 30628d74bff99c39d5b73c14fed539878696a3b0..0000000000000000000000000000000000000000 --- a/backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch +++ /dev/null @@ -1,94 +0,0 @@ -From d36785cdd845710028ab033f85493572f15cab23 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 20:50:49 +0900 -Subject: [PATCH] socket-util: introduce CMSG_SPACE_TIMEVAL/TIMESPEC macro to - support additional 64bit timeval or timespec - -Fixes #20482 and #20564. - -(cherry picked from commit 9365e296fe281da45797af89a97627e872fc019d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d36785cdd845710028ab033f85493572f15cab23 ---- - src/basic/socket-util.h | 22 ++++++++++++++++++++++ - src/journal/journald-server.c | 2 +- - src/libsystemd-network/icmp6-util.c | 2 +- - src/timesync/timesyncd-manager.c | 2 +- - 4 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h -index f92e425fd6..09e606614c 100644 ---- a/src/basic/socket-util.h -+++ b/src/basic/socket-util.h -@@ -277,6 +277,28 @@ static inline int getsockopt_int(int fd, int level, int optname, int *ret) { - int socket_bind_to_ifname(int fd, const char *ifname); - int socket_bind_to_ifindex(int fd, int ifindex); - -+/* Define a 64bit version of timeval/timespec in any case, even on 32bit userspace. */ -+struct timeval_large { -+ uint64_t tvl_sec, tvl_usec; -+}; -+struct timespec_large { -+ uint64_t tvl_sec, tvl_nsec; -+}; -+ -+/* glibc duplicates timespec/timeval on certain 32bit archs, once in 32bit and once in 64bit. -+ * See __convert_scm_timestamps() in glibc source code. Hence, we need additional buffer space for them -+ * to prevent from recvmsg_safe() returning -EXFULL. */ -+#define CMSG_SPACE_TIMEVAL \ -+ ((sizeof(struct timeval) == sizeof(struct timeval_large)) ? \ -+ CMSG_SPACE(sizeof(struct timeval)) : \ -+ CMSG_SPACE(sizeof(struct timeval)) + \ -+ CMSG_SPACE(sizeof(struct timeval_large))) -+#define CMSG_SPACE_TIMESPEC \ -+ ((sizeof(struct timespec) == sizeof(struct timespec_large)) ? \ -+ CMSG_SPACE(sizeof(struct timespec)) : \ -+ CMSG_SPACE(sizeof(struct timespec)) + \ -+ CMSG_SPACE(sizeof(struct timespec_large))) -+ - ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags); - - int socket_get_family(int fd, int *ret); -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index a0695ec519..abd52f7c14 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -1277,7 +1277,7 @@ int server_process_datagram( - * identical to NAME_MAX. For now we use that, but this should be updated one day when the final - * limit is known. */ - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + -- CMSG_SPACE(sizeof(struct timeval)) + -+ CMSG_SPACE_TIMEVAL + - CMSG_SPACE(sizeof(int)) + /* fd */ - CMSG_SPACE(NAME_MAX) /* selinux label */) control; - -diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c -index 0b8c3e4cc3..823be0f275 100644 ---- a/src/libsystemd-network/icmp6-util.c -+++ b/src/libsystemd-network/icmp6-util.c -@@ -149,7 +149,7 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, - triple_timestamp *ret_timestamp) { - - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */ -- CMSG_SPACE(sizeof(struct timeval))) control; -+ CMSG_SPACE_TIMEVAL) control; - struct iovec iov = {}; - union sockaddr_union sa = {}; - struct msghdr msg = { -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index 9d874cfc8a..eae14e8fb2 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -412,7 +412,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - .iov_base = &ntpmsg, - .iov_len = sizeof(ntpmsg), - }; -- CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timespec))) control; -+ CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control; - union sockaddr_union server_addr; - struct msghdr msghdr = { - .msg_iov = &iov, --- -2.33.0 - diff --git a/backport-src-boot-efi-linux-fix-linux_exec-prototype.patch b/backport-src-boot-efi-linux-fix-linux_exec-prototype.patch deleted file mode 100644 index be174329c50045b05f2431ab08f0a2785c485198..0000000000000000000000000000000000000000 --- a/backport-src-boot-efi-linux-fix-linux_exec-prototype.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a825ced57fa8533ba54fec4c4476400e122ddbc3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= - -Date: Thu, 19 Aug 2021 12:21:12 +0200 -Subject: [PATCH] src/boot/efi/linux: fix linux_exec prototype - -Callers to linux_exec() are actually passing an EFI_HANDLE, not a pointer to -it. linux_efi_handover(), which is called by linux_exec(), also expects an -EFI_HANDLE. - -(cherry picked from commit d48f9174cf211a235193963a06b3d28537fc6529) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a825ced57fa8533ba54fec4c4476400e122ddbc3 ---- - src/boot/efi/linux.c | 2 +- - src/boot/efi/linux.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c -index 4d44671315..b5d6120493 100644 ---- a/src/boot/efi/linux.c -+++ b/src/boot/efi/linux.c -@@ -25,7 +25,7 @@ static VOID linux_efi_handover(EFI_HANDLE image, struct boot_params *params) { - handover(image, ST, params); - } - --EFI_STATUS linux_exec(EFI_HANDLE *image, -+EFI_STATUS linux_exec(EFI_HANDLE image, - CHAR8 *cmdline, UINTN cmdline_len, - UINTN linux_addr, - UINTN initrd_addr, UINTN initrd_size) { -diff --git a/src/boot/efi/linux.h b/src/boot/efi/linux.h -index 09be2de27b..53270e16b3 100644 ---- a/src/boot/efi/linux.h -+++ b/src/boot/efi/linux.h -@@ -83,7 +83,7 @@ struct boot_params { - UINT8 _pad9[276]; - } __attribute__((packed)); - --EFI_STATUS linux_exec(EFI_HANDLE *image, -+EFI_STATUS linux_exec(EFI_HANDLE image, - CHAR8 *cmdline, UINTN cmdline_size, - UINTN linux_addr, - UINTN initrd_addr, UINTN initrd_size); --- -2.33.0 - diff --git a/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch b/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch deleted file mode 100644 index 489088fa67b2b7bab565fda856d868ec11d1394a..0000000000000000000000000000000000000000 --- a/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch +++ /dev/null @@ -1,85 +0,0 @@ -From ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 13 Jul 2022 23:43:36 +0200 -Subject: [PATCH] stat-util: replace is_dir() + is_dir_fd() by single - is_dir_full() call - -This new call can execute both of the old operations, but also do -generic fstatat() like behaviour. - -(cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d) -(cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b) -(cherry picked from commit a77b81f1240ff7e0ea5d084d61875e1bdefc075d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 ---- - src/basic/stat-util.c | 20 ++++++-------------- - src/basic/stat-util.h | 9 +++++++-- - 2 files changed, 13 insertions(+), 16 deletions(-) - -diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c -index 56f7652cec..652cfd1485 100644 ---- a/src/basic/stat-util.c -+++ b/src/basic/stat-util.c -@@ -31,31 +31,23 @@ int is_symlink(const char *path) { - return !!S_ISLNK(info.st_mode); - } - --int is_dir(const char* path, bool follow) { -+int is_dir_full(int atfd, const char* path, bool follow) { - struct stat st; - int r; - -- assert(path); -+ assert(atfd >= 0 || atfd == AT_FDCWD); -+ assert(atfd >= 0 || path); - -- if (follow) -- r = stat(path, &st); -+ if (path) -+ r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW); - else -- r = lstat(path, &st); -+ r = fstat(atfd, &st); - if (r < 0) - return -errno; - - return !!S_ISDIR(st.st_mode); - } - --int is_dir_fd(int fd) { -- struct stat st; -- -- if (fstat(fd, &st) < 0) -- return -errno; -- -- return !!S_ISDIR(st.st_mode); --} -- - int is_device_node(const char *path) { - struct stat info; - -diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h -index a566114f7c..f9a24c8775 100644 ---- a/src/basic/stat-util.h -+++ b/src/basic/stat-util.h -@@ -13,8 +13,13 @@ - #include "missing_stat.h" - - int is_symlink(const char *path); --int is_dir(const char *path, bool follow); --int is_dir_fd(int fd); -+int is_dir_full(int atfd, const char *fname, bool follow); -+static inline int is_dir(const char *path, bool follow) { -+ return is_dir_full(AT_FDCWD, path, follow); -+} -+static inline int is_dir_fd(int fd) { -+ return is_dir_full(fd, NULL, false); -+} - int is_device_node(const char *path); - - int dir_is_empty_at(int dir_fd, const char *path); --- -2.27.0 - diff --git a/backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch b/backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch deleted file mode 100644 index 687df80e897ea392bdab7b85d8b71d29f8538f76..0000000000000000000000000000000000000000 --- a/backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From e1e32516f98a1f39ce763545de9a8664526d0b8a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 21 Oct 2021 18:07:06 +0200 -Subject: [PATCH] stat-util: specify O_DIRECTORY when reopening dir in - dir_is_empty_at() - -That way we can fail earlier if the specified fd is not actually a -directory. - -(Also, it's not exactly according to standards to open things without -either O_RDONLY/O_RDWR...) - -(cherry picked from commit b9d06522631a22d242374dc44a74c3b6459e3cb3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e1e32516f98a1f39ce763545de9a8664526d0b8a ---- - src/basic/stat-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c -index 72a7e4a48b..56f7652cec 100644 ---- a/src/basic/stat-util.c -+++ b/src/basic/stat-util.c -@@ -79,7 +79,7 @@ int dir_is_empty_at(int dir_fd, const char *path) { - } else { - /* Note that DUPing is not enough, as the internal pointer - * would still be shared and moved by FOREACH_DIRENT. */ -- fd = fd_reopen(dir_fd, O_CLOEXEC); -+ fd = fd_reopen(dir_fd, O_RDONLY|O_DIRECTORY|O_CLOEXEC); - if (fd < 0) - return fd; - } --- -2.33.0 - diff --git a/backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch b/backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch deleted file mode 100644 index 6f491d56b341571ac49110658387d42a532c85fc..0000000000000000000000000000000000000000 --- a/backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 316382fb90c7018b5309bacf66c5f18488c2a3c4 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Mon, 12 Dec 2022 16:21:30 +0100 -Subject: [PATCH] swap: tell swapon to reinitialize swap if needed - -If the page size of a swap space doesn't match the page size of the -currently running kernel, swapon will fail. Let's instruct it to -reinitialize the swap space instead. - -(cherry picked from commit cc137d53e36da5e57b060be5e621864f572b2cac) -(cherry picked from commit a0ac79bce9255cf33b0f208b18d888f0f700133c) -(cherry picked from commit 8be5a12c7170ed7e7b4303c16573e463ef997e23) -(cherry picked from commit f8201271fdaef4e3a68efac8a21e9f195e4e4a6b) ---- - src/core/swap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/swap.c b/src/core/swap.c -index 3843b19500..83e77d24ae 100644 ---- a/src/core/swap.c -+++ b/src/core/swap.c -@@ -836,7 +836,7 @@ static void swap_enter_activating(Swap *s) { - } - } - -- r = exec_command_set(s->control_command, "/sbin/swapon", NULL); -+ r = exec_command_set(s->control_command, "/sbin/swapon", "--fixpgsz", NULL); - if (r < 0) - goto fail; - --- -2.27.0 - diff --git a/backport-syscalls-update-syscall-definitions.patch b/backport-syscalls-update-syscall-definitions.patch deleted file mode 100644 index 78f80cf404aa9207e49b8cdecd812f17c1bd86a6..0000000000000000000000000000000000000000 --- a/backport-syscalls-update-syscall-definitions.patch +++ /dev/null @@ -1,853 +0,0 @@ -From f551941e5d7a39312903625d473e1d527358f0e1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 3 Jan 2022 03:48:10 +0900 -Subject: [PATCH] syscalls: update syscall definitions - -(cherry picked from commit 0c718b1a67cd0d3512eafeb4659458694bf3865b) -(cherry picked from commit 7e338876577cb328632ce3e7753c0130b54dd7a2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f551941e5d7a39312903625d473e1d527358f0e1 ---- - src/basic/syscalls-alpha.txt | 6 ++++-- - src/basic/syscalls-arc.txt | 6 ++++-- - src/basic/syscalls-arm.txt | 6 ++++-- - src/basic/syscalls-arm64.txt | 6 ++++-- - src/basic/syscalls-i386.txt | 6 ++++-- - src/basic/syscalls-ia64.txt | 6 ++++-- - src/basic/syscalls-m68k.txt | 6 ++++-- - src/basic/syscalls-mips64.txt | 6 ++++-- - src/basic/syscalls-mips64n32.txt | 6 ++++-- - src/basic/syscalls-mipso32.txt | 6 ++++-- - src/basic/syscalls-powerpc.txt | 6 ++++-- - src/basic/syscalls-powerpc64.txt | 6 ++++-- - src/basic/syscalls-riscv32.txt | 8 +++++--- - src/basic/syscalls-riscv64.txt | 6 ++++-- - src/basic/syscalls-s390.txt | 6 ++++-- - src/basic/syscalls-s390x.txt | 6 ++++-- - src/basic/syscalls-sparc.txt | 6 ++++-- - src/basic/syscalls-x86_64.txt | 6 ++++-- - 18 files changed, 73 insertions(+), 37 deletions(-) - -diff --git a/src/basic/syscalls-alpha.txt b/src/basic/syscalls-alpha.txt -index 3bcc357075..5aef86b09e 100644 ---- a/src/basic/syscalls-alpha.txt -+++ b/src/basic/syscalls-alpha.txt -@@ -106,6 +106,7 @@ ftruncate 130 - ftruncate64 - futex 394 - futex_time64 -+futex_waitv 559 - futimesat 454 - get_kernel_syms 309 - get_mempolicy 430 -@@ -203,6 +204,7 @@ madvise 75 - mbind 429 - membarrier 517 - memfd_create 512 -+memfd_secret - memory_ordering - migrate_pages 449 - mincore 375 -@@ -374,7 +376,6 @@ pciconfig_read 345 - pciconfig_write 346 - perf_event_open 493 - perfctr --perfmonctl - personality 324 - pidfd_getfd 548 - pidfd_open 544 -@@ -394,6 +395,7 @@ preadv 490 - preadv2 520 - prlimit64 496 - process_madvise 550 -+process_mrelease 558 - process_vm_readv 504 - process_vm_writev 505 - pselect6 463 -@@ -404,7 +406,7 @@ pwritev 491 - pwritev2 521 - query_module 347 - quotactl 148 --quotactl_path -+quotactl_fd 553 - read 3 - readahead 379 - readdir -diff --git a/src/basic/syscalls-arc.txt b/src/basic/syscalls-arc.txt -index e4204fa0f2..f275f104bf 100644 ---- a/src/basic/syscalls-arc.txt -+++ b/src/basic/syscalls-arc.txt -@@ -106,6 +106,7 @@ ftruncate - ftruncate64 46 - futex 98 - futex_time64 422 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 72 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-arm.txt b/src/basic/syscalls-arm.txt -index a4847a18b3..9037b28384 100644 ---- a/src/basic/syscalls-arm.txt -+++ b/src/basic/syscalls-arm.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 240 - futex_time64 422 -+futex_waitv 449 - futimesat 326 - get_kernel_syms - get_mempolicy 320 -@@ -203,6 +204,7 @@ madvise 220 - mbind 319 - membarrier 389 - memfd_create 385 -+memfd_secret - memory_ordering - migrate_pages 400 - mincore 219 -@@ -374,7 +376,6 @@ pciconfig_read 272 - pciconfig_write 273 - perf_event_open 364 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 361 - preadv2 392 - prlimit64 369 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 376 - process_vm_writev 377 - pselect6 335 -@@ -404,7 +406,7 @@ pwritev 362 - pwritev2 393 - query_module - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 225 - readdir -diff --git a/src/basic/syscalls-arm64.txt b/src/basic/syscalls-arm64.txt -index ef76ffa96f..e91d7cfca4 100644 ---- a/src/basic/syscalls-arm64.txt -+++ b/src/basic/syscalls-arm64.txt -@@ -106,6 +106,7 @@ ftruncate 46 - ftruncate64 - futex 98 - futex_time64 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret 447 - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 72 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-i386.txt b/src/basic/syscalls-i386.txt -index baacb9b7a3..6b57d6f05d 100644 ---- a/src/basic/syscalls-i386.txt -+++ b/src/basic/syscalls-i386.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 240 - futex_time64 422 -+futex_waitv 449 - futimesat 299 - get_kernel_syms 130 - get_mempolicy 275 -@@ -203,6 +204,7 @@ madvise 219 - mbind 274 - membarrier 375 - memfd_create 356 -+memfd_secret 447 - memory_ordering - migrate_pages 294 - mincore 218 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 336 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 333 - preadv2 378 - prlimit64 340 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 347 - process_vm_writev 348 - pselect6 308 -@@ -404,7 +406,7 @@ pwritev 334 - pwritev2 379 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 225 - readdir 89 -diff --git a/src/basic/syscalls-ia64.txt b/src/basic/syscalls-ia64.txt -index c37ea6f88f..3d646f6d17 100644 ---- a/src/basic/syscalls-ia64.txt -+++ b/src/basic/syscalls-ia64.txt -@@ -106,6 +106,7 @@ ftruncate 1098 - ftruncate64 - futex 1230 - futex_time64 -+futex_waitv 1473 - futimesat 1285 - get_kernel_syms - get_mempolicy 1260 -@@ -203,6 +204,7 @@ madvise 1209 - mbind 1259 - membarrier 1344 - memfd_create 1340 -+memfd_secret - memory_ordering - migrate_pages 1280 - mincore 1208 -@@ -374,7 +376,6 @@ pciconfig_read 1173 - pciconfig_write 1174 - perf_event_open 1352 - perfctr --perfmonctl 1175 - personality 1140 - pidfd_getfd 1462 - pidfd_open 1458 -@@ -394,6 +395,7 @@ preadv 1319 - preadv2 1348 - prlimit64 1325 - process_madvise 1464 -+process_mrelease 1472 - process_vm_readv 1332 - process_vm_writev 1333 - pselect6 1294 -@@ -404,7 +406,7 @@ pwritev 1320 - pwritev2 1349 - query_module - quotactl 1137 --quotactl_path -+quotactl_fd 1467 - read 1026 - readahead 1216 - readdir -diff --git a/src/basic/syscalls-m68k.txt b/src/basic/syscalls-m68k.txt -index 7522b82e1f..ef7295db2f 100644 ---- a/src/basic/syscalls-m68k.txt -+++ b/src/basic/syscalls-m68k.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 235 - futex_time64 422 -+futex_waitv 449 - futimesat 292 - get_kernel_syms 130 - get_mempolicy 269 -@@ -203,6 +204,7 @@ madvise 238 - mbind 268 - membarrier 374 - memfd_create 353 -+memfd_secret - memory_ordering - migrate_pages 287 - mincore 237 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 332 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 329 - preadv2 377 - prlimit64 339 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 345 - process_vm_writev 346 - pselect6 301 -@@ -404,7 +406,7 @@ pwritev 330 - pwritev2 378 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 240 - readdir 89 -diff --git a/src/basic/syscalls-mips64.txt b/src/basic/syscalls-mips64.txt -index 6b85975eea..1f7ff567be 100644 ---- a/src/basic/syscalls-mips64.txt -+++ b/src/basic/syscalls-mips64.txt -@@ -106,6 +106,7 @@ ftruncate 5075 - ftruncate64 - futex 5194 - futex_time64 -+futex_waitv 5449 - futimesat 5251 - get_kernel_syms 5170 - get_mempolicy 5228 -@@ -203,6 +204,7 @@ madvise 5027 - mbind 5227 - membarrier 5318 - memfd_create 5314 -+memfd_secret - memory_ordering - migrate_pages 5246 - mincore 5026 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 5292 - perfctr --perfmonctl - personality 5132 - pidfd_getfd 5438 - pidfd_open 5434 -@@ -394,6 +395,7 @@ preadv 5289 - preadv2 5321 - prlimit64 5297 - process_madvise 5440 -+process_mrelease 5448 - process_vm_readv 5304 - process_vm_writev 5305 - pselect6 5260 -@@ -404,7 +406,7 @@ pwritev 5290 - pwritev2 5322 - query_module 5171 - quotactl 5172 --quotactl_path -+quotactl_fd 5443 - read 5000 - readahead 5179 - readdir -diff --git a/src/basic/syscalls-mips64n32.txt b/src/basic/syscalls-mips64n32.txt -index a4c12cc442..7e1ad9637d 100644 ---- a/src/basic/syscalls-mips64n32.txt -+++ b/src/basic/syscalls-mips64n32.txt -@@ -106,6 +106,7 @@ ftruncate 6075 - ftruncate64 - futex 6194 - futex_time64 6422 -+futex_waitv 6449 - futimesat 6255 - get_kernel_syms 6170 - get_mempolicy 6232 -@@ -203,6 +204,7 @@ madvise 6027 - mbind 6231 - membarrier 6322 - memfd_create 6318 -+memfd_secret - memory_ordering - migrate_pages 6250 - mincore 6026 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 6296 - perfctr --perfmonctl - personality 6132 - pidfd_getfd 6438 - pidfd_open 6434 -@@ -394,6 +395,7 @@ preadv 6293 - preadv2 6325 - prlimit64 6302 - process_madvise 6440 -+process_mrelease 6448 - process_vm_readv 6309 - process_vm_writev 6310 - pselect6 6264 -@@ -404,7 +406,7 @@ pwritev 6294 - pwritev2 6326 - query_module 6171 - quotactl 6172 --quotactl_path -+quotactl_fd 6443 - read 6000 - readahead 6179 - readdir -diff --git a/src/basic/syscalls-mipso32.txt b/src/basic/syscalls-mipso32.txt -index fcebabab11..c0c262fd1a 100644 ---- a/src/basic/syscalls-mipso32.txt -+++ b/src/basic/syscalls-mipso32.txt -@@ -106,6 +106,7 @@ ftruncate 4093 - ftruncate64 4212 - futex 4238 - futex_time64 4422 -+futex_waitv 4449 - futimesat 4292 - get_kernel_syms 4130 - get_mempolicy 4269 -@@ -203,6 +204,7 @@ madvise 4218 - mbind 4268 - membarrier 4358 - memfd_create 4354 -+memfd_secret - memory_ordering - migrate_pages 4287 - mincore 4217 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 4333 - perfctr --perfmonctl - personality 4136 - pidfd_getfd 4438 - pidfd_open 4434 -@@ -394,6 +395,7 @@ preadv 4330 - preadv2 4361 - prlimit64 4338 - process_madvise 4440 -+process_mrelease 4448 - process_vm_readv 4345 - process_vm_writev 4346 - pselect6 4301 -@@ -404,7 +406,7 @@ pwritev 4331 - pwritev2 4362 - query_module 4187 - quotactl 4131 --quotactl_path -+quotactl_fd 4443 - read 4003 - readahead 4223 - readdir 4089 -diff --git a/src/basic/syscalls-powerpc.txt b/src/basic/syscalls-powerpc.txt -index 3185562726..2f085161e1 100644 ---- a/src/basic/syscalls-powerpc.txt -+++ b/src/basic/syscalls-powerpc.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 221 - futex_time64 422 -+futex_waitv 449 - futimesat 290 - get_kernel_syms 130 - get_mempolicy 260 -@@ -203,6 +204,7 @@ madvise 205 - mbind 259 - membarrier 365 - memfd_create 360 -+memfd_secret - memory_ordering - migrate_pages 258 - mincore 206 -@@ -374,7 +376,6 @@ pciconfig_read 198 - pciconfig_write 199 - perf_event_open 319 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 320 - preadv2 380 - prlimit64 325 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 351 - process_vm_writev 352 - pselect6 280 -@@ -404,7 +406,7 @@ pwritev 321 - pwritev2 381 - query_module 166 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 191 - readdir 89 -diff --git a/src/basic/syscalls-powerpc64.txt b/src/basic/syscalls-powerpc64.txt -index e940737781..85e53422ee 100644 ---- a/src/basic/syscalls-powerpc64.txt -+++ b/src/basic/syscalls-powerpc64.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 - futex 221 - futex_time64 -+futex_waitv 449 - futimesat 290 - get_kernel_syms 130 - get_mempolicy 260 -@@ -203,6 +204,7 @@ madvise 205 - mbind 259 - membarrier 365 - memfd_create 360 -+memfd_secret - memory_ordering - migrate_pages 258 - mincore 206 -@@ -374,7 +376,6 @@ pciconfig_read 198 - pciconfig_write 199 - perf_event_open 319 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 320 - preadv2 380 - prlimit64 325 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 351 - process_vm_writev 352 - pselect6 280 -@@ -404,7 +406,7 @@ pwritev 321 - pwritev2 381 - query_module 166 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 191 - readdir 89 -diff --git a/src/basic/syscalls-riscv32.txt b/src/basic/syscalls-riscv32.txt -index 8fe0d5ea88..013e38189b 100644 ---- a/src/basic/syscalls-riscv32.txt -+++ b/src/basic/syscalls-riscv32.txt -@@ -40,7 +40,7 @@ clock_settime - clock_settime64 404 - clone 220 - clone2 --clone3 -+clone3 435 - close 57 - close_range 436 - connect 203 -@@ -106,6 +106,7 @@ ftruncate - ftruncate64 46 - futex - futex_time64 422 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-riscv64.txt b/src/basic/syscalls-riscv64.txt -index e021ea79b4..104a2d9dfa 100644 ---- a/src/basic/syscalls-riscv64.txt -+++ b/src/basic/syscalls-riscv64.txt -@@ -106,6 +106,7 @@ ftruncate 46 - ftruncate64 - futex 98 - futex_time64 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 72 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-s390.txt b/src/basic/syscalls-s390.txt -index 5d3b73e6c0..a25093c7be 100644 ---- a/src/basic/syscalls-s390.txt -+++ b/src/basic/syscalls-s390.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 238 - futex_time64 422 -+futex_waitv 449 - futimesat 292 - get_kernel_syms 130 - get_mempolicy 269 -@@ -203,6 +204,7 @@ madvise 219 - mbind 268 - membarrier 356 - memfd_create 350 -+memfd_secret - memory_ordering - migrate_pages 287 - mincore 218 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 331 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 328 - preadv2 376 - prlimit64 334 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 340 - process_vm_writev 341 - pselect6 301 -@@ -404,7 +406,7 @@ pwritev 329 - pwritev2 377 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 222 - readdir 89 -diff --git a/src/basic/syscalls-s390x.txt b/src/basic/syscalls-s390x.txt -index 62a2ea4fae..b4b798f9df 100644 ---- a/src/basic/syscalls-s390x.txt -+++ b/src/basic/syscalls-s390x.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 - futex 238 - futex_time64 -+futex_waitv 449 - futimesat 292 - get_kernel_syms 130 - get_mempolicy 269 -@@ -203,6 +204,7 @@ madvise 219 - mbind 268 - membarrier 356 - memfd_create 350 -+memfd_secret - memory_ordering - migrate_pages 287 - mincore 218 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 331 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 328 - preadv2 376 - prlimit64 334 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 340 - process_vm_writev 341 - pselect6 301 -@@ -404,7 +406,7 @@ pwritev 329 - pwritev2 377 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 222 - readdir 89 -diff --git a/src/basic/syscalls-sparc.txt b/src/basic/syscalls-sparc.txt -index fe41bf97e8..a382e75c24 100644 ---- a/src/basic/syscalls-sparc.txt -+++ b/src/basic/syscalls-sparc.txt -@@ -106,6 +106,7 @@ ftruncate 130 - ftruncate64 84 - futex 142 - futex_time64 422 -+futex_waitv 449 - futimesat 288 - get_kernel_syms 223 - get_mempolicy 304 -@@ -203,6 +204,7 @@ madvise 75 - mbind 303 - membarrier 351 - memfd_create 348 -+memfd_secret - memory_ordering - migrate_pages 302 - mincore 78 -@@ -374,7 +376,6 @@ pciconfig_read 148 - pciconfig_write 149 - perf_event_open 327 - perfctr 18 --perfmonctl - personality 191 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 324 - preadv2 358 - prlimit64 331 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 338 - process_vm_writev 339 - pselect6 297 -@@ -404,7 +406,7 @@ pwritev 325 - pwritev2 359 - query_module 184 - quotactl 165 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 205 - readdir 204 -diff --git a/src/basic/syscalls-x86_64.txt b/src/basic/syscalls-x86_64.txt -index d2ac17ab46..5bc9c58a2a 100644 ---- a/src/basic/syscalls-x86_64.txt -+++ b/src/basic/syscalls-x86_64.txt -@@ -106,6 +106,7 @@ ftruncate 77 - ftruncate64 - futex 202 - futex_time64 -+futex_waitv 449 - futimesat 261 - get_kernel_syms 177 - get_mempolicy 239 -@@ -203,6 +204,7 @@ madvise 28 - mbind 237 - membarrier 324 - memfd_create 319 -+memfd_secret 447 - memory_ordering - migrate_pages 256 - mincore 27 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 298 - perfctr --perfmonctl - personality 135 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 295 - preadv2 327 - prlimit64 302 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 310 - process_vm_writev 311 - pselect6 270 -@@ -404,7 +406,7 @@ pwritev 296 - pwritev2 328 - query_module 178 - quotactl 179 --quotactl_path -+quotactl_fd 443 - read 0 - readahead 187 - readdir --- -2.33.0 - diff --git a/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch b/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch deleted file mode 100644 index fa24a29e390f18a6c4694ab7dc16c380a979cd63..0000000000000000000000000000000000000000 --- a/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6100e1dded709f681aca0cf913095e2591a54e33 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 21 May 2022 03:03:21 +0900 -Subject: [PATCH] sysext: refuse empty release ID to avoid triggering assertion - -Otherwise, the assertion in extension_release_validate() will be -triggered. - -(cherry picked from commit 30e29edf4c0bb025aa7dc03c415b727fddf996ac) ---- - src/sysext/sysext.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c -index 60789e0f2c..4245bf1760 100644 ---- a/src/sysext/sysext.c -+++ b/src/sysext/sysext.c -@@ -483,6 +483,10 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { - "SYSEXT_LEVEL", &host_os_release_sysext_level); - if (r < 0) - return log_error_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(arg_root)); -+ if (isempty(host_os_release_id)) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", -+ empty_to_root(arg_root)); - - /* Let's now mount all images */ - HASHMAP_FOREACH(img, images) { --- -2.33.0 - diff --git a/backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch b/backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch deleted file mode 100644 index f5ca58dfa58800146c7d93e77e3a2151dba2ec41..0000000000000000000000000000000000000000 --- a/backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9370cf015e54e2201227c27271506e63ad8c3e1d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 19 Jan 2022 00:27:45 +0000 -Subject: [PATCH] sysext: use LO_FLAGS_PARTSCAN when opening image - -Jan 17 12:34:59 myguest1 (sd-sysext)[486]: Device '/var/lib/extensions/myext.raw' is loopback block device with partition scanning turned off, please turn it on. - -Fixes https://github.com/systemd/systemd/issues/22146 - -(cherry picked from commit 70a5c6dce0872b3bb0a39be250adde86a0c8f35c) -(cherry picked from commit 4ef7122f3c3328aa01e1ed187a793e7b1595ee87) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9370cf015e54e2201227c27271506e63ad8c3e1d ---- - src/sysext/sysext.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c -index 572e4007fe..bcd87ab152 100644 ---- a/src/sysext/sysext.c -+++ b/src/sysext/sysext.c -@@ -2,6 +2,7 @@ - - #include - #include -+#include - #include - #include - -@@ -523,7 +524,11 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { - if (verity_settings.data_path) - flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; - -- r = loop_device_make_by_path(img->path, O_RDONLY, 0, &d); -+ r = loop_device_make_by_path( -+ img->path, -+ O_RDONLY, -+ FLAGS_SET(flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN, -+ &d); - if (r < 0) - return log_error_errno(r, "Failed to set up loopback device for %s: %m", img->path); - --- -2.33.0 - diff --git a/backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch b/backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch deleted file mode 100644 index 16b6a658aa75b2f12ae0bc6b5d5797ccd60e30ed..0000000000000000000000000000000000000000 --- a/backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch +++ /dev/null @@ -1,111 +0,0 @@ -From f8e994d928fc1636f7aefc6dd9ee8374c7cc63f3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 28 Jul 2021 12:57:10 +0200 -Subject: [PATCH] systemctl: allow set-property to be called with a glob - pattern -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We call "systemctl set-property … Markers=+needs-restart" and this should -also work for globs, e.g. "user@*.service" or "syncthing@*.service". - -https://bugzilla.redhat.com/show_bug.cgi?id=1986258 -(cherry picked from commit 23a0ffa59f9cb26c4b016c9fd1a3a70da2607f61) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f8e994d928fc1636f7aefc6dd9ee8374c7cc63f3 ---- - src/systemctl/systemctl-set-property.c | 53 ++++++++++++++++---------- - 1 file changed, 33 insertions(+), 20 deletions(-) - -diff --git a/src/systemctl/systemctl-set-property.c b/src/systemctl/systemctl-set-property.c -index 183a7b6a8a..5739bac070 100644 ---- a/src/systemctl/systemctl-set-property.c -+++ b/src/systemctl/systemctl-set-property.c -@@ -6,33 +6,20 @@ - #include "systemctl-util.h" - #include "systemctl.h" - --int set_property(int argc, char *argv[], void *userdata) { -- _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; -+static int set_property_one(sd_bus *bus, const char *name, char **properties) { - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -- _cleanup_free_ char *n = NULL; -- UnitType t; -- sd_bus *bus; -+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; - int r; - -- r = acquire_bus(BUS_MANAGER, &bus); -- if (r < 0) -- return r; -- -- polkit_agent_open_maybe(); -- - r = bus_message_new_method_call(bus, &m, bus_systemd_mgr, "SetUnitProperties"); - if (r < 0) - return bus_log_create_error(r); - -- r = unit_name_mangle(argv[1], arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN, &n); -- if (r < 0) -- return log_error_errno(r, "Failed to mangle unit name: %m"); -- -- t = unit_name_to_type(n); -+ UnitType t = unit_name_to_type(name); - if (t < 0) -- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid unit type: %s", n); -+ return log_error_errno(t, "Invalid unit type: %s", name); - -- r = sd_bus_message_append(m, "sb", n, arg_runtime); -+ r = sd_bus_message_append(m, "sb", name, arg_runtime); - if (r < 0) - return bus_log_create_error(r); - -@@ -40,7 +27,7 @@ int set_property(int argc, char *argv[], void *userdata) { - if (r < 0) - return bus_log_create_error(r); - -- r = bus_append_unit_property_assignment_many(m, t, strv_skip(argv, 2)); -+ r = bus_append_unit_property_assignment_many(m, t, properties); - if (r < 0) - return r; - -@@ -50,7 +37,33 @@ int set_property(int argc, char *argv[], void *userdata) { - - r = sd_bus_call(bus, m, 0, &error, NULL); - if (r < 0) -- return log_error_errno(r, "Failed to set unit properties on %s: %s", n, bus_error_message(&error, r)); -+ return log_error_errno(r, "Failed to set unit properties on %s: %s", -+ name, bus_error_message(&error, r)); - - return 0; - } -+ -+int set_property(int argc, char *argv[], void *userdata) { -+ sd_bus *bus; -+ _cleanup_strv_free_ char **names = NULL; -+ char **name; -+ int r, k; -+ -+ r = acquire_bus(BUS_MANAGER, &bus); -+ if (r < 0) -+ return r; -+ -+ polkit_agent_open_maybe(); -+ -+ r = expand_unit_names(bus, STRV_MAKE(argv[1]), NULL, &names, NULL); -+ if (r < 0) -+ return log_error_errno(r, "Failed to expand '%s' into names: %m", argv[1]); -+ -+ r = 0; -+ STRV_FOREACH(name, names) { -+ k = set_property_one(bus, *name, strv_skip(argv, 2)); -+ if (k < 0 && r >= 0) -+ r = k; -+ } -+ return r; -+} --- -2.33.0 - diff --git a/backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch b/backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch deleted file mode 100644 index f88beaa955a8c7868311985e8063ebc295ec362c..0000000000000000000000000000000000000000 --- a/backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 99a6dc51727e6c26cf43566de481272773cb1a91 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 18 Feb 2022 23:09:18 +0100 -Subject: [PATCH] systemctl: make `--timestamp=` affect the `show` verb as well - -Currently the `--timestamp=` option has no effect on timestamps shown by -`systemctl show`, let's fix that. - -Spotted in #22567. - -Before: -``` -$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= -ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET -StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET -InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET -ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET -ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET -InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET -ConditionTimestamp=Sat 2021-12-11 15:25:57 CET -AssertTimestamp=Sat 2021-12-11 15:25:57 CET -``` - -After: -``` -$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= -ExecMainStartTimestamp=Sat 2021-12-11 14:25:57.177848 UTC -StateChangeTimestamp=Sat 2021-12-11 14:25:57.196714 UTC -InactiveExitTimestamp=Sat 2021-12-11 14:25:57.177871 UTC -ActiveEnterTimestamp=Sat 2021-12-11 14:25:57.196714 UTC -ActiveExitTimestamp=Sat 2021-12-11 14:25:57.144677 UTC -InactiveEnterTimestamp=Sat 2021-12-11 14:25:57.176331 UTC -ConditionTimestamp=Sat 2021-12-11 14:25:57.176980 UTC -AssertTimestamp=Sat 2021-12-11 14:25:57.176980 UTC - -``` - -(cherry picked from commit a59e5c625da5a6e0c46e493d55f2f4212e9457ca) -(cherry picked from commit e59c381e2321ae9e476c550d5a3d43a1fd0493ac) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/99a6dc51727e6c26cf43566de481272773cb1a91 ---- - src/systemctl/systemctl-show.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index dd99bc5323..5b6ee3c518 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1006,6 +1006,22 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - } - break; - -+ case SD_BUS_TYPE_UINT64: -+ if (endswith(name, "Timestamp")) { -+ char timestamp_str[FORMAT_TIMESTAMP_MAX] = "n/a"; -+ uint64_t timestamp; -+ -+ r = sd_bus_message_read_basic(m, bus_type, ×tamp); -+ if (r < 0) -+ return r; -+ -+ (void) format_timestamp_style(timestamp_str, sizeof(timestamp_str), timestamp, arg_timestamp_style); -+ bus_print_property_value(name, expected_value, flags, timestamp_str); -+ -+ return 1; -+ } -+ break; -+ - case SD_BUS_TYPE_STRUCT: - - if (contents[0] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) { --- -2.33.0 - diff --git a/backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch b/backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch deleted file mode 100644 index 49abf23381c012702b8f338f70bd2b665ddec26a..0000000000000000000000000000000000000000 --- a/backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 08693ce568f0967046b669fcd99ba0939a1df86d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 28 Oct 2021 16:47:40 +0200 -Subject: [PATCH] systemctl: only fall back to local cgroup display if we talk - to local systemd - -Otherwise we likely show rubbish because even in local containers we -nowadays have cgroup namespacing, hence we likely can't access the -cgroup tree from the host at the same place as inside the container. - -(cherry picked from commit 35ac0260db7b896604d156e9638ad15700083508) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08693ce568f0967046b669fcd99ba0939a1df86d ---- - src/systemctl/systemctl-show.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 290a501c52..dd99bc5323 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -741,7 +741,7 @@ static void print_status_info( - c = 0; - - r = unit_show_processes(bus, i->id, i->control_group, prefix, c, get_output_flags(), &error); -- if (r == -EBADR) { -+ if (r == -EBADR && arg_transport == BUS_TRANSPORT_LOCAL) { - unsigned k = 0; - pid_t extra[2]; - --- -2.33.0 - diff --git a/backport-systemctl-pretty-print-ExtensionImages-property.patch b/backport-systemctl-pretty-print-ExtensionImages-property.patch deleted file mode 100644 index 9d51284188226c24ab7f229754e5ada3cb71e021..0000000000000000000000000000000000000000 --- a/backport-systemctl-pretty-print-ExtensionImages-property.patch +++ /dev/null @@ -1,85 +0,0 @@ -From c4967b69610a75375cdcaafc9a9816ffddaeec38 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 26 Oct 2021 22:55:30 +0100 -Subject: [PATCH] systemctl: pretty-print ExtensionImages property - -Complex type, so without explicit support 'systemctl show' just prints [unprintable] - -(cherry picked from commit 60c16c5cf3458199646cbda9dfe7763b6ba8b62f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c4967b69610a75375cdcaafc9a9816ffddaeec38 ---- - src/systemctl/systemctl-show.c | 56 ++++++++++++++++++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 1f524626bf..3bc9fd4920 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1694,6 +1694,62 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - - return 1; - -+ } else if (streq(name, "ExtensionImages")) { -+ _cleanup_free_ char *paths = NULL; -+ -+ r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sba(ss))"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ for (;;) { -+ _cleanup_free_ char *str = NULL; -+ const char *source, *partition, *mount_options; -+ int ignore_enoent; -+ -+ r = sd_bus_message_enter_container(m, 'r', "sba(ss)"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; -+ -+ r = sd_bus_message_read(m, "sb", &source, &ignore_enoent); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ str = strjoin(ignore_enoent ? "-" : "", source); -+ if (!str) -+ return log_oom(); -+ -+ r = sd_bus_message_enter_container(m, 'a', "(ss)"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ while ((r = sd_bus_message_read(m, "(ss)", &partition, &mount_options)) > 0) -+ if (!strextend_with_separator(&str, ":", partition, mount_options)) -+ return log_oom(); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ if (!strextend_with_separator(&paths, " ", str)) -+ return log_oom(); -+ -+ r = sd_bus_message_exit_container(m); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ r = sd_bus_message_exit_container(m); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ } -+ -+ r = sd_bus_message_exit_container(m); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ bus_print_property_value(name, expected_value, flags, paths); -+ -+ return 1; -+ - } else if (streq(name, "BPFProgram")) { - const char *a, *p; - --- -2.33.0 - diff --git a/backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch b/backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch deleted file mode 100644 index be2136845bfc84710c5d1a0a6b98ef0a0883c008..0000000000000000000000000000000000000000 --- a/backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 486412ad3bba4f1306597302cf66cc4858126243 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 12 Jul 2021 12:32:39 +0200 -Subject: [PATCH] systemctl: show error when help for unknown unit is requested - -Fixes #20189. We would only log at debug level and return failure, which looks -like a noop for the user. - -('help' accepts multiple arguments and will show multiple concatenated man -pages in that case. Actually, it will also show multiple concatenated man pages -if the Documentation= setting lists multiple pages. I don't think it's very -terribly useful, but, meh, I don't think we can do much better. If a user -requests a help for a two services, one known and one unknown, there'll now be -a line in the output. It's not very user friendly, but not exactly wrong too.) - -(cherry picked from commit 75312ada5324d8adae3f3a0ed97f0acfc8b8bde5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/486412ad3bba4f1306597302cf66cc4858126243 ---- - src/systemctl/systemctl-show.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 470ff617d6..1f524626bf 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1915,7 +1915,7 @@ static int show_one( - return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r)); - - if (unit && streq_ptr(info.load_state, "not-found") && streq_ptr(info.active_state, "inactive")) { -- log_full(show_mode == SYSTEMCTL_SHOW_STATUS ? LOG_ERR : LOG_DEBUG, -+ log_full(show_mode == SYSTEMCTL_SHOW_PROPERTIES ? LOG_DEBUG : LOG_ERR, - "Unit %s could not be found.", unit); - - if (show_mode == SYSTEMCTL_SHOW_STATUS) --- -2.33.0 - diff --git a/backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch b/backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch deleted file mode 100644 index e6ca843ee69d3ac42ee66742a0a511a64dbadb18..0000000000000000000000000000000000000000 --- a/backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1f332abc9f82c653d40e5f3e42b761dca88d31ed Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 27 Oct 2021 11:17:02 +0100 -Subject: [PATCH] systemctl: small fixes for MountImages pretty printing - -(cherry picked from commit 8ec6108c0bdb5ab2e05bc20ab41ad6653805fd00) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1f332abc9f82c653d40e5f3e42b761dca88d31ed ---- - src/systemctl/systemctl-show.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 3bc9fd4920..290a501c52 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1649,11 +1649,13 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - - r = sd_bus_message_enter_container(m, 'r', "ssba(ss)"); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; - - r = sd_bus_message_read(m, "ssb", &source, &destination, &ignore_enoent); -- if (r <= 0) -- break; -+ if (r < 0) -+ return bus_log_parse_error(r); - - str = strjoin(ignore_enoent ? "-" : "", - source, -@@ -1664,27 +1666,25 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - - r = sd_bus_message_enter_container(m, 'a', "(ss)"); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - - while ((r = sd_bus_message_read(m, "(ss)", &partition, &mount_options)) > 0) -- if (!strextend_with_separator(&str, ":", partition, ":", mount_options)) -+ if (!strextend_with_separator(&str, ":", partition, mount_options)) - return log_oom(); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - - if (!strextend_with_separator(&paths, " ", str)) - return log_oom(); - - r = sd_bus_message_exit_container(m); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - - r = sd_bus_message_exit_container(m); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - } -- if (r < 0) -- return bus_log_parse_error(r); - - r = sd_bus_message_exit_container(m); - if (r < 0) --- -2.33.0 - diff --git a/backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch b/backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch deleted file mode 100644 index 77dcb738746a3edd88f87decd7b70df1b2bd00c0..0000000000000000000000000000000000000000 --- a/backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2d8f28adf58c58d99c19da9d53c6c66a9b952ce4 Mon Sep 17 00:00:00 2001 -From: Maanya Goenka -Date: Tue, 10 Aug 2021 14:30:46 -0700 -Subject: [PATCH] systemd-analyze: parse ip_filters_custom_egress correctly - -Fixed bug in original assignment of security_info variable: ip_filters_custom_egress. - -(cherry picked from commit 3da57008e743643d45d3dc05eacac1a4623539a4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2d8f28adf58c58d99c19da9d53c6c66a9b952ce4 ---- - src/analyze/analyze-security.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c -index f20606c17c..309e9a81b5 100644 ---- a/src/analyze/analyze-security.c -+++ b/src/analyze/analyze-security.c -@@ -1910,7 +1910,7 @@ static int property_read_ip_filters( - if (streq(member, "IPIngressFilterPath")) - info->ip_filters_custom_ingress = !strv_isempty(l); - else if (streq(member, "IPEgressFilterPath")) -- info->ip_filters_custom_ingress = !strv_isempty(l); -+ info->ip_filters_custom_egress = !strv_isempty(l); - - return 0; - } --- -2.33.0 - diff --git a/backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch b/backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch deleted file mode 100644 index 7f7b236a0763e8abc934851dbca722995e7e96bb..0000000000000000000000000000000000000000 --- a/backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 8ece102d314cfe92aaa7a7afc853b6921da941c4 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 30 Dec 2021 00:54:32 +0000 -Subject: [PATCH] systemd-run: ensure error logs suggest to use '--user' when - appropriate - -Before: - -$ systemd-run --service-type=notify --user false -Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code. -See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details. - -After: - -$ systemd-run --service-type=notify --user false -Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code. -See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details. - -Fixes https://github.com/systemd/systemd/issues/21933 - -(cherry picked from commit 466f2351bbb5c0fdc9f153e35506570e59b14c5f) -(cherry picked from commit b59615dc76cf82bd1fca301220ee0b7961cbcacd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8ece102d314cfe92aaa7a7afc853b6921da941c4 ---- - src/run/run.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/run/run.c b/src/run/run.c -index 9a7e1efaca..c858bf793d 100644 ---- a/src/run/run.c -+++ b/src/run/run.c -@@ -1228,7 +1228,7 @@ static int start_transient_service( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); - if (r < 0) - return r; - } -@@ -1473,7 +1473,7 @@ static int start_transient_scope(sd_bus *bus) { - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); - if (r < 0) - return r; - -@@ -1693,7 +1693,7 @@ static int start_transient_trigger( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-sysusers-add-fsync-for-passwd-24324.patch b/backport-sysusers-add-fsync-for-passwd-24324.patch deleted file mode 100644 index be5bec5cf1322d8b700aa069eb69b6dd1d5acf5a..0000000000000000000000000000000000000000 --- a/backport-sysusers-add-fsync-for-passwd-24324.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3982142116871b3eead4d5833d898f077e7942d4 Mon Sep 17 00:00:00 2001 -From: Avram Lubkin -Date: Tue, 16 Aug 2022 08:51:21 -0400 -Subject: [PATCH] sysusers: add fsync for passwd (#24324) - -https://github.com/systemd/systemd/pull/6636 added `fsync()` when -temporary shadow, group, and gshadow files are created, but it was -not added for passwd. As far as I can tell, this seems to have been -an oversight. I'm seeing real world issues where a blank /etc/passwd -file is being created if a machine loses power early in the boot process. - -(cherry picked from commit 19193b489841a7bcccda7122ac0849cf6efe59fd) -(cherry picked from commit 9f2f3911539c453037aecd51f875dfd75ed04113) -(cherry picked from commit 7ca021b87e92a4e775af22c04a2ab2bf404ae313) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3982142116871b3eead4d5833d898f077e7942d4 ---- - src/sysusers/sysusers.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index 669efe4a1d..055eb6775e 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -487,7 +487,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char - break; - } - -- r = fflush_and_check(passwd); -+ r = fflush_sync_and_check(passwd); - if (r < 0) - return log_debug_errno(r, "Failed to flush %s: %m", passwd_tmp); - --- -2.27.0 - diff --git a/backport-sysusers-use-filename-if-proc-is-not-mounted.patch b/backport-sysusers-use-filename-if-proc-is-not-mounted.patch deleted file mode 100644 index 8b5196fb077dbfd047f11c18a77d41b539dfd496..0000000000000000000000000000000000000000 --- a/backport-sysusers-use-filename-if-proc-is-not-mounted.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f78a48840205339157b186b7c8e576a3c690f6d9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 00:11:01 +0900 -Subject: [PATCH] sysusers: use filename if /proc is not mounted - -During system install, /proc may not be mounted yet. - -Fixes RHBZ#2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=2036217). - -(cherry picked from commit b78d7f246899687a1697cdcebe93d8512c5e7c4b) -(cherry picked from commit 747b4f1ff8aac3a1b800b0a7ac0edef4af34da70) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f78a48840205339157b186b7c8e576a3c690f6d9 ---- - src/sysusers/sysusers.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index a18634d254..669efe4a1d 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -267,7 +267,7 @@ static int make_backup(const char *target, const char *x) { - - /* Copy over the access mask. Don't fail on chmod() or chown(). If it stays owned by us and/or - * unreadable by others, then it isn't too bad... */ -- r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid); -+ r = fchmod_and_chown_with_fallback(fileno(dst), dst_tmp, st.st_mode & 07777, st.st_uid, st.st_gid); - if (r < 0) - log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup); - --- -2.33.0 - diff --git a/backport-temporarily-disable-test-seccomp.patch b/backport-temporarily-disable-test-seccomp.patch index 2aca22171b75d39d1efdfb230d6c55f4bfb42669..6af53ba24901a79e17ffea724b102d52cf45cdeb 100644 --- a/backport-temporarily-disable-test-seccomp.patch +++ b/backport-temporarily-disable-test-seccomp.patch @@ -4,40 +4,21 @@ Date: Tue, 22 Feb 2022 20:33:40 +0800 Subject: [PATCH] temporarily disable test-seccomp --- - src/test/test-seccomp.c | 23 +--------------------- - 1 file changed, 1 insertion(+), 22 deletions(-) + src/test/test-seccomp.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 023c4b6..8d23ab5 100644 +index 2d06098..a95deb8 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c -@@ -1154,26 +1154,5 @@ static void test_restrict_suid_sgid(void) { +@@ -1199,4 +1199,6 @@ TEST(restrict_suid_sgid) { + assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); } - int main(int argc, char *argv[]) { -- test_setup_logging(LOG_DEBUG); -- -- test_parse_syscall_and_errno(); -- test_seccomp_arch_to_string(); -- test_architecture_table(); -- test_syscall_filter_set_find(); -- test_filter_sets(); -- test_filter_sets_ordered(); -- test_restrict_namespace(); -- test_protect_sysctl(); -- test_protect_syslog(); -- test_restrict_address_families(); -- test_restrict_realtime(); -- test_memory_deny_write_execute_mmap(); -- test_memory_deny_write_execute_shmat(); -- test_restrict_archs(); -- test_load_syscall_filter_set_raw(); -- test_native_syscalls_filtered(); -- test_lock_personality(); -- test_restrict_suid_sgid(); -- -- return 0; +-DEFINE_TEST_MAIN(LOG_DEBUG); ++int main(int argc, char *argv[]) { + return 77; - } ++} -- -2.30.0 +2.33.0 + diff --git a/backport-test-Check-that-native-architecture-is-always-filter.patch b/backport-test-Check-that-native-architecture-is-always-filter.patch deleted file mode 100644 index e031198070e51590d67ab5ba16c97aef6230bdfa..0000000000000000000000000000000000000000 --- a/backport-test-Check-that-native-architecture-is-always-filter.patch +++ /dev/null @@ -1,95 +0,0 @@ -From ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Fri, 17 Sep 2021 14:00:39 +0200 -Subject: [PATCH] test: Check that "native" architecture is always filtered - -(cherry picked from commit 08bf703cc1511817cdf67543c3b166dc8831ba8c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c ---- - src/test/test-seccomp.c | 61 +++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) - -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 023c4b6e0e..dc3088d4b0 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -890,6 +890,66 @@ static void test_load_syscall_filter_set_raw(void) { - assert_se(wait_for_terminate_and_check("syscallrawseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); - } - -+static void test_native_syscalls_filtered(void) { -+ pid_t pid; -+ -+ log_info("/* %s */", __func__); -+ -+ if (!is_seccomp_available()) { -+ log_notice("Seccomp not available, skipping %s", __func__); -+ return; -+ } -+ if (!have_seccomp_privs()) { -+ log_notice("Not privileged, skipping %s", __func__); -+ return; -+ } -+ -+ pid = fork(); -+ assert_se(pid >= 0); -+ -+ if (pid == 0) { -+ _cleanup_set_free_ Set *arch_s = NULL; -+ _cleanup_hashmap_free_ Hashmap *s = NULL; -+ -+ /* Passing "native" or an empty set is equivalent, just do both here. */ -+ assert_se(arch_s = set_new(NULL)); -+ assert_se(seccomp_restrict_archs(arch_s) >= 0); -+ assert_se(set_put(arch_s, SCMP_ARCH_NATIVE) >= 0); -+ assert_se(seccomp_restrict_archs(arch_s) >= 0); -+ -+ assert_se(access("/", F_OK) >= 0); -+ assert_se(poll(NULL, 0, 0) == 0); -+ -+ assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, NULL, scmp_act_kill_process(), true) >= 0); -+ assert_se(access("/", F_OK) >= 0); -+ assert_se(poll(NULL, 0, 0) == 0); -+ -+ assert_se(s = hashmap_new(NULL)); -+#if defined __NR_access && __NR_access >= 0 -+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); -+ log_debug("has access()"); -+#endif -+#if defined __NR_faccessat && __NR_faccessat >= 0 -+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); -+ log_debug("has faccessat()"); -+#endif -+#if defined __NR_faccessat2 && __NR_faccessat2 >= 0 -+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat2 + 1), INT_TO_PTR(-1)) >= 0); -+ log_debug("has faccessat2()"); -+#endif -+ -+ assert_se(!hashmap_isempty(s)); -+ assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN), true) >= 0); -+ -+ assert_se(access("/", F_OK) < 0); -+ assert_se(errno == EUCLEAN); -+ -+ _exit(EXIT_SUCCESS); -+ } -+ -+ assert_se(wait_for_terminate_and_check("nativeseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); -+} -+ - static void test_lock_personality(void) { - unsigned long current; - pid_t pid; -@@ -1171,6 +1231,7 @@ int main(int argc, char *argv[]) { - test_memory_deny_write_execute_shmat(); - test_restrict_archs(); - test_load_syscall_filter_set_raw(); -+ test_native_syscalls_filtered(); - test_lock_personality(); - test_restrict_suid_sgid(); - --- -2.33.0 - diff --git a/backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch b/backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch deleted file mode 100644 index c6dbd6221b739340eac8540c48c0cc0b5b15b135..0000000000000000000000000000000000000000 --- a/backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch +++ /dev/null @@ -1,210 +0,0 @@ -From 5f882cc3ab32636d9242effb2cefad20d92d2ec2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Nov 2022 21:52:19 +0900 -Subject: [PATCH] test: add test case for sysv-generator and invalid dependency - ---- - test/units/assert.sh | 58 +++++++++++++++++++ - test/units/testsuite-26.sh | 116 ++++++++++++++++++++++++++++++++++++- - 2 files changed, 172 insertions(+), 2 deletions(-) - create mode 100755 test/units/assert.sh - -diff --git a/test/units/assert.sh b/test/units/assert.sh -new file mode 100755 -index 0000000..2f4d93a ---- /dev/null -+++ b/test/units/assert.sh -@@ -0,0 +1,58 @@ -+#!/usr/bin/env bash -+# SPDX-License-Identifier: LGPL-2.1-or-later -+ -+# utility functions for shell tests -+ -+assert_true() {( -+ set +ex -+ -+ local rc -+ -+ "$@" -+ rc=$? -+ if [[ $rc -ne 0 ]]; then -+ echo "FAIL: command '$*' failed with exit code $rc" >&2 -+ exit 1 -+ fi -+)} -+ -+ -+assert_eq() {( -+ set +ex -+ -+ if [[ "${1?}" != "${2?}" ]]; then -+ echo "FAIL: expected: '$2' actual: '$1'" >&2 -+ exit 1 -+ fi -+)} -+ -+assert_in() {( -+ set +ex -+ -+ if ! [[ "${2?}" =~ ${1?} ]]; then -+ echo "FAIL: '$1' not found in:" >&2 -+ echo "$2" >&2 -+ exit 1 -+ fi -+)} -+ -+assert_not_in() {( -+ set +ex -+ -+ if [[ "${2?}" =~ ${1?} ]]; then -+ echo "FAIL: '$1' found in:" >&2 -+ echo "$2" >&2 -+ exit 1 -+ fi -+)} -+ -+assert_rc() {( -+ set +ex -+ -+ local rc exp="${1?}" -+ -+ shift -+ "$@" -+ rc=$? -+ assert_eq "$rc" "$exp" -+)} -diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh -index 7982099..fe6b63b 100755 ---- a/test/units/testsuite-26.sh -+++ b/test/units/testsuite-26.sh -@@ -2,6 +2,11 @@ - set -eux - set -o pipefail - -+# shellcheck source=test/units/assert.sh -+. "$(dirname "$0")"/assert.sh -+ -+: >/failed -+ - # Make sure PATH is set - systemctl show-environment | grep -q '^PATH=' - -@@ -26,6 +31,113 @@ systemctl show-environment | grep '^FOO=$' && exit 1 - systemctl show-environment | grep '^PATH=.*testaddition$' && exit 1 - systemctl show-environment | grep -q '^PATH=' - --echo OK >/testok -+# test for sysv-generator (issue #24990) -+if [[ -x /usr/lib/systemd/system-generators/systemd-sysv-generator ]]; then -+ # This is configurable via -Dsysvinit-path=, but we can't get the value -+ # at runtime, so let's just support the two most common paths for now. -+ [[ -d /etc/rc.d/init.d ]] && SYSVINIT_PATH="/etc/rc.d/init.d" || SYSVINIT_PATH="/etc/init.d" -+ -+ # invalid dependency -+ cat >"${SYSVINIT_PATH:?}/issue-24990" <<\EOF -+#!/bin/bash -+ -+### BEGIN INIT INFO -+# Provides:test1 test2 -+# Required-Start:test1 $remote_fs $network -+# Required-Stop:test1 $remote_fs $network -+# Description:Test -+# Short-Description: Test -+### END INIT INFO -+ -+case "$1" in -+ start) -+ echo "Starting issue-24990.service" -+ sleep 1000 & -+ ;; -+ stop) -+ echo "Stopping issue-24990.service" -+ sleep 10 & -+ ;; -+ *) -+ echo "Usage: service test {start|stop|restart|status}" -+ ;; -+esac -+EOF -+ -+ chmod +x "$SYSVINIT_PATH/issue-24990" -+ systemctl daemon-reload -+ [[ -L /run/systemd/generator.late/test1.service ]] -+ [[ -L /run/systemd/generator.late/test2.service ]] -+ assert_eq "$(readlink -f /run/systemd/generator.late/test1.service)" "/run/systemd/generator.late/issue-24990.service" -+ assert_eq "$(readlink -f /run/systemd/generator.late/test2.service)" "/run/systemd/generator.late/issue-24990.service" -+ output=$(systemctl cat issue-24990) -+ assert_in "SourcePath=$SYSVINIT_PATH/issue-24990" "$output" -+ assert_in "Description=LSB: Test" "$output" -+ assert_in "After=test1.service" "$output" -+ assert_in "After=remote-fs.target" "$output" -+ assert_in "After=network-online.target" "$output" -+ assert_in "Wants=network-online.target" "$output" -+ assert_in "ExecStart=$SYSVINIT_PATH/issue-24990 start" "$output" -+ assert_in "ExecStop=$SYSVINIT_PATH/issue-24990 stop" "$output" -+ systemctl status issue-24990 || : -+ systemctl show issue-24990 -+ assert_not_in "issue-24990.service" "$(systemctl show --property=After --value)" -+ assert_not_in "issue-24990.service" "$(systemctl show --property=Before --value)" -+ -+ if ! systemctl is-active network-online.target; then -+ systemctl start network-online.target -+ fi -+ -+ systemctl restart issue-24990 -+ systemctl stop issue-24990 -+ -+ # valid dependency -+ cat >"$SYSVINIT_PATH/issue-24990" <<\EOF -+#!/bin/bash -+ -+### BEGIN INIT INFO -+# Provides:test1 test2 -+# Required-Start:$remote_fs -+# Required-Stop:$remote_fs -+# Description:Test -+# Short-Description: Test -+### END INIT INFO -+ -+case "$1" in -+ start) -+ echo "Starting issue-24990.service" -+ sleep 1000 & -+ ;; -+ stop) -+ echo "Stopping issue-24990.service" -+ sleep 10 & -+ ;; -+ *) -+ echo "Usage: service test {start|stop|restart|status}" -+ ;; -+esac -+EOF -+ -+ chmod +x "$SYSVINIT_PATH/issue-24990" -+ systemctl daemon-reload -+ [[ -L /run/systemd/generator.late/test1.service ]] -+ [[ -L /run/systemd/generator.late/test2.service ]] -+ assert_eq "$(readlink -f /run/systemd/generator.late/test1.service)" "/run/systemd/generator.late/issue-24990.service" -+ assert_eq "$(readlink -f /run/systemd/generator.late/test2.service)" "/run/systemd/generator.late/issue-24990.service" -+ output=$(systemctl cat issue-24990) -+ assert_in "SourcePath=$SYSVINIT_PATH/issue-24990" "$output" -+ assert_in "Description=LSB: Test" "$output" -+ assert_in "After=remote-fs.target" "$output" -+ assert_in "ExecStart=$SYSVINIT_PATH/issue-24990 start" "$output" -+ assert_in "ExecStop=$SYSVINIT_PATH/issue-24990 stop" "$output" -+ systemctl status issue-24990 || : -+ systemctl show issue-24990 -+ assert_not_in "issue-24990.service" "$(systemctl show --property=After --value)" -+ assert_not_in "issue-24990.service" "$(systemctl show --property=Before --value)" -+ -+ systemctl restart issue-24990 -+ systemctl stop issue-24990 -+fi - --exit 0 -+touch /testok -+rm /failed --- -2.27.0 - diff --git a/backport-test-add-tests-for-reading-unaligned-data.patch b/backport-test-add-tests-for-reading-unaligned-data.patch deleted file mode 100644 index ed29eb82831cda7573c640b0239b483b6538e94e..0000000000000000000000000000000000000000 --- a/backport-test-add-tests-for-reading-unaligned-data.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 61ca9b34258e4786d9a8e68b9b28c4e794a65d1f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 28 Sep 2021 00:48:59 +0900 -Subject: [PATCH] test: add tests for reading unaligned data - -(cherry picked from commit e620104956dff64244c0e73e86c3138c0b13b875) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/61ca9b34258e4786d9a8e68b9b28c4e794a65d1f ---- - src/libsystemd-network/test-dhcp6-client.c | 29 ++++++++++++++++------ - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index 5d1f709f11..b22297dcd5 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -156,7 +156,7 @@ static int test_parse_domain(sd_event *e) { - - static int test_option(sd_event *e) { - uint8_t packet[] = { -- 'F', 'O', 'O', -+ 'F', 'O', 'O', 'H', 'O', 'G', 'E', - 0x00, SD_DHCP6_OPTION_ORO, 0x00, 0x07, - 'A', 'B', 'C', 'D', 'E', 'F', 'G', - 0x00, SD_DHCP6_OPTION_VENDOR_CLASS, 0x00, 0x09, -@@ -164,12 +164,13 @@ static int test_option(sd_event *e) { - 'B', 'A', 'R', - }; - uint8_t result[] = { -- 'F', 'O', 'O', -+ 'F', 'O', 'O', 'H', 'O', 'G', 'E', - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 'B', 'A', 'R', - }; -+ _cleanup_free_ uint8_t *buf = NULL; - size_t offset, pos, optlen, outlen = sizeof(result); - const uint8_t *optval; - uint16_t optcode; -@@ -185,16 +186,28 @@ static int test_option(sd_event *e) { - offset = 3; - assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); - -- offset = 3; -+ /* Tests for reading unaligned data. */ -+ assert_se(buf = new(uint8_t, sizeof(packet))); -+ for (size_t i = 0; i <= 7; i++) { -+ memcpy(buf, packet + i, sizeof(packet) - i); -+ offset = 7 - i; -+ assert_se(dhcp6_option_parse(buf, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); -+ -+ assert_se(optcode == SD_DHCP6_OPTION_ORO); -+ assert_se(optlen == 7); -+ assert_se(optval == buf + 11 - i); -+ } -+ -+ offset = 7; - assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); - - assert_se(optcode == SD_DHCP6_OPTION_ORO); - assert_se(optlen == 7); -- assert_se(optval == packet + 7); -+ assert_se(optval == packet + 11); - -- pos = 3; -- outlen -= 3; -- out = &result[3]; -+ pos = 7; -+ outlen -= 7; -+ out = &result[pos]; - - assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); - -@@ -206,7 +219,7 @@ static int test_option(sd_event *e) { - - assert_se(optcode == SD_DHCP6_OPTION_VENDOR_CLASS); - assert_se(optlen == 9); -- assert_se(optval == packet + 18); -+ assert_se(optval == packet + 22); - - assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); - --- -2.33.0 - diff --git a/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch b/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch deleted file mode 100644 index 36080c78e4388e739a3714247717b5970f009269..0000000000000000000000000000000000000000 --- a/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 1fb7f8e15e19fbe61230b70203b0c35fca54f0a0 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 25 May 2022 17:39:14 +0200 -Subject: [PATCH] test: cover initrd->sysroot transition in TEST-24 - -This should cover cases regarding devices with `OPTIONS+="db_persist"` -during initrd->sysroot transition. - -See: - * https://github.com/systemd/systemd/issues/23429 - * https://github.com/systemd/systemd/pull/23218 - * https://github.com/systemd/systemd/pull/23489 - * https://bugzilla.redhat.com/show_bug.cgi?id=2087225 ---- - test/TEST-24-CRYPTSETUP/test.sh | 61 ++++++++++++++++----------------- - 1 file changed, 29 insertions(+), 32 deletions(-) - -diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh -index 2c13126..a52848b 100755 ---- a/test/TEST-24-CRYPTSETUP/test.sh -+++ b/test/TEST-24-CRYPTSETUP/test.sh -@@ -9,6 +9,13 @@ TEST_FORCE_NEWIMAGE=1 - # shellcheck source=test/test-functions - . "${TEST_BASE_DIR:?}/test-functions" - -+PART_UUID="deadbeef-dead-dead-beef-000000000000" -+DM_NAME="test24_varcrypt" -+# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on -+# the rootfs and we would get a (harmless) error when trying to mount it after -+# switching root (since rootfs is already mounted) -+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" -+ - check_result_qemu() { - local ret=1 - -@@ -16,12 +23,12 @@ check_result_qemu() { - [[ -e "${initdir:?}/testok" ]] && ret=0 - [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" - -- cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" -- mount /dev/mapper/varcrypt "$initdir/var" -+ cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" -+ mount "/dev/mapper/$DM_NAME" "$initdir/var" - save_journal "$initdir/var/log/journal" - _umount_dir "$initdir/var" - _umount_dir "$initdir" -- cryptsetup luksClose /dev/mapper/varcrypt -+ cryptsetup luksClose "/dev/mapper/$DM_NAME" - - [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" - echo "${JOURNAL_LIST:-No journals were saved}" -@@ -34,39 +41,29 @@ test_create_image() { - create_empty_image_rootdir - - echo -n test >"${TESTDIR:?}/keyfile" -- cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" -- cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" -- mkfs.ext4 -L var /dev/mapper/varcrypt -+ cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" -+ cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" -+ mkfs.ext4 -L var "/dev/mapper/$DM_NAME" - mkdir -p "${initdir:?}/var" -- mount /dev/mapper/varcrypt "$initdir/var" -- -- # Create what will eventually be our root filesystem onto an overlay -- ( -- LOG_LEVEL=5 -- # shellcheck source=/dev/null -- source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) -- # shellcheck source=/dev/null -- source <(udevadm info --export --query=env --name="${LOOPDEV}p2") -- -- setup_basic_environment -- mask_supporting_services -- -- install_dmevent -- generate_module_dependencies -- cat >"$initdir/etc/crypttab" <"$initdir/etc/varkey" -- ddebug <"$initdir/etc/crypttab" -+ mount "/dev/mapper/$DM_NAME" "$initdir/var" -+ -+ LOG_LEVEL=5 -+ -+ setup_basic_environment -+ mask_supporting_services -+ -+ install_dmevent -+ generate_module_dependencies -+ -+ echo -n test >"$initdir/etc/varkey" - -- cat >>"$initdir/etc/fstab" <>"$initdir/etc/fstab" <> "$initdir/etc/systemd/journald.conf" -- ) -+ # Forward journal messages to the console, so we have something -+ # to investigate even if we fail to mount the encrypted /var -+ echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" - } - - cleanup_root_var() { --- -2.33.0 - diff --git a/backport-test-do-not-use-alloca-in-function-call.patch b/backport-test-do-not-use-alloca-in-function-call.patch deleted file mode 100644 index 3cf5457f1a4c1a632d646eae0f7c0c96ff61f847..0000000000000000000000000000000000000000 --- a/backport-test-do-not-use-alloca-in-function-call.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5f326b0388d4b0a7fcab8cedca255e93a6e311f4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 24 Oct 2021 00:16:57 +0900 -Subject: [PATCH] test: do not use alloca() in function call - -(cherry picked from commit 4150584e63562616e16242f7b1016c0e642fb59e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f326b0388d4b0a7fcab8cedca255e93a6e311f4 ---- - src/test/test-path.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-path.c b/src/test/test-path.c -index 490fb136a7..88457d177f 100644 ---- a/src/test/test-path.c -+++ b/src/test/test-path.c -@@ -306,7 +306,7 @@ static void test_path_unit(Manager *m) { - } - - static void test_path_directorynotempty(Manager *m) { -- const char *test_path = "/tmp/test-path_directorynotempty/"; -+ const char *test_file, *test_path = "/tmp/test-path_directorynotempty/"; - Unit *unit = NULL; - Path *path = NULL; - Service *service = NULL; -@@ -328,7 +328,8 @@ static void test_path_directorynotempty(Manager *m) { - assert_se(access(test_path, F_OK) < 0); - - assert_se(mkdir_p(test_path, 0755) >= 0); -- assert_se(touch(strjoina(test_path, "test_file")) >= 0); -+ test_file = strjoina(test_path, "test_file"); -+ assert_se(touch(test_file) >= 0); - if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0) - return; - --- -2.33.0 - diff --git a/backport-test-fileio-test-read_virtual_file-with-more-files-f.patch b/backport-test-fileio-test-read_virtual_file-with-more-files-f.patch deleted file mode 100644 index c1b91219ca189213a71a4f6b65eb7e9198f1c231..0000000000000000000000000000000000000000 --- a/backport-test-fileio-test-read_virtual_file-with-more-files-f.patch +++ /dev/null @@ -1,53 +0,0 @@ -From dd6cb364bcc58b390671d4ee2ed7b30f4a5dced8 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 16 Sep 2021 11:31:52 +0200 -Subject: [PATCH] test-fileio: test read_virtual_file() with more files from - /proc - -i.e. let's pick some files we know are too large, or where struct stat's -.st_size is zero even though non-empty, and test read_virtual_file() -with that, to ensure things are handled sensibly. Goal is to ensure all -three major codepaths in read_virtual_file() are tested. - -Prompted-by: #20743 -(cherry picked from commit f3b751220bb842ce22a4f607d817f481f0961d40) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/dd6cb364bcc58b390671d4ee2ed7b30f4a5dced8 ---- - src/test/test-fileio.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c -index 321b544448..c8d5bf6914 100644 ---- a/src/test/test-fileio.c -+++ b/src/test/test-fileio.c -@@ -1028,7 +1028,11 @@ static void test_read_virtual_file(size_t max_size) { - FOREACH_STRING(filename, - "/proc/1/cmdline", - "/etc/nsswitch.conf", -- "/sys/kernel/uevent_seqnum") { -+ "/sys/kernel/uevent_seqnum", -+ "/proc/kcore", -+ "/proc/kallsyms", -+ "/proc/self/exe", -+ "/proc/self/pagemap") { - - _cleanup_free_ char *buf = NULL; - size_t size = 0; -@@ -1036,7 +1040,11 @@ static void test_read_virtual_file(size_t max_size) { - r = read_virtual_file(filename, max_size, &buf, &size); - if (r < 0) { - log_info_errno(r, "read_virtual_file(\"%s\", %zu): %m", filename, max_size); -- assert_se(ERRNO_IS_PRIVILEGE(r) || r == -ENOENT); -+ assert_se(ERRNO_IS_PRIVILEGE(r) || /* /proc/kcore is not accessible to unpriv */ -+ IN_SET(r, -+ -ENOENT, /* Some of the files might be absent */ -+ -EINVAL, /* too small reads from /proc/self/pagemap trigger EINVAL */ -+ -EFBIG)); /* /proc/kcore and /proc/self/pagemap should be too large */ - } else - log_info("read_virtual_file(\"%s\", %zu): %s (%zu bytes)", filename, max_size, r ? "non-truncated" : "truncated", size); - } --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-catalog.patch b/backport-test-fix-file-descriptor-leak-in-test-catalog.patch deleted file mode 100644 index cb8f7b0836ce6c0fa520513dc14dd271cbda450f..0000000000000000000000000000000000000000 --- a/backport-test-fix-file-descriptor-leak-in-test-catalog.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 4ad43ef47147039b63a1a86c08087c7ced97d10c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:11:51 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-catalog - -Fixes an issue reported in #22576. - -(cherry picked from commit 62d4b3b36e9aba9e605ba042a75c374155b6e18b) -(cherry picked from commit 92b86911c0c877e6b61d06dfe3ad20046e10d8e8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4ad43ef47147039b63a1a86c08087c7ced97d10c ---- - src/libsystemd/sd-journal/test-catalog.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/test-catalog.c b/src/libsystemd/sd-journal/test-catalog.c -index 316c3b1634..ad06221175 100644 ---- a/src/libsystemd/sd-journal/test-catalog.c -+++ b/src/libsystemd/sd-journal/test-catalog.c -@@ -196,6 +196,7 @@ static void test_catalog_file_lang(void) { - - int main(int argc, char *argv[]) { - _cleanup_(unlink_tempfilep) char database[] = "/tmp/test-catalog.XXXXXX"; -+ _cleanup_close_ int fd = -1; - _cleanup_free_ char *text = NULL; - int r; - -@@ -218,7 +219,7 @@ int main(int argc, char *argv[]) { - test_catalog_import_merge(); - test_catalog_import_merge_no_body(); - -- assert_se(mkostemp_safe(database) >= 0); -+ assert_se((fd = mkostemp_safe(database)) >= 0); - - test_catalog_update(database); - --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-fs-util.patch b/backport-test-fix-file-descriptor-leak-in-test-fs-util.patch deleted file mode 100644 index f9e1cd1543bc8e5e7374b73e237659982042939a..0000000000000000000000000000000000000000 --- a/backport-test-fix-file-descriptor-leak-in-test-fs-util.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 4a247759a008f0a80f03a80c78efcde2e23e5ae5 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:42:22 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-fs-util - -Fixes an issue reported in #22576. - -(cherry picked from commit 19962747ca86a25e7102c536380bb2e9d7cfee9a) -(cherry picked from commit cfe1cd0a066b29e5508b4a2c388fd919fd5e0c9f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4a247759a008f0a80f03a80c78efcde2e23e5ae5 ---- - src/test/test-fs-util.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c -index a24558f25b..98ce3d96ef 100644 ---- a/src/test/test-fs-util.c -+++ b/src/test/test-fs-util.c -@@ -27,10 +27,11 @@ static const char *arg_test_dir = NULL; - - static void test_chase_symlinks(void) { - _cleanup_free_ char *result = NULL; -+ _cleanup_close_ int pfd = -1; - char *temp; - const char *top, *p, *pslash, *q, *qslash; - struct stat st; -- int r, pfd; -+ int r; - - log_info("/* %s */", __func__); - -@@ -318,6 +319,7 @@ static void test_chase_symlinks(void) { - assert_se(fstat(pfd, &st) >= 0); - assert_se(S_ISLNK(st.st_mode)); - result = mfree(result); -+ pfd = safe_close(pfd); - - /* s1 -> s2 -> nonexistent */ - q = strjoina(temp, "/s1"); -@@ -331,6 +333,7 @@ static void test_chase_symlinks(void) { - assert_se(fstat(pfd, &st) >= 0); - assert_se(S_ISLNK(st.st_mode)); - result = mfree(result); -+ pfd = safe_close(pfd); - - /* Test CHASE_STEP */ - --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch b/backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch deleted file mode 100644 index 7cb7219aeae6dbd8f6f1a21725f2ecc05e8bc46a..0000000000000000000000000000000000000000 --- a/backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 95def20d81c030e36046770f55840191ff98c91a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:38:15 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-oomd-util - -Fixes an issue reported in #22576. - -(cherry picked from commit 282696ce52471f5e3c963b9d98dbc89fba3a1fba) -(cherry picked from commit 55ec995341e6a2d554bc69a1eddb097d21d8084f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/95def20d81c030e36046770f55840191ff98c91a ---- - src/oom/test-oomd-util.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index a152387a26..2c2ee114b1 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -5,6 +5,7 @@ - #include "alloc-util.h" - #include "cgroup-setup.h" - #include "cgroup-util.h" -+#include "fd-util.h" - #include "fileio.h" - #include "fs-util.h" - #include "oomd-util.h" -@@ -13,6 +14,7 @@ - #include "string-util.h" - #include "strv.h" - #include "tests.h" -+#include "tmpfile-util.h" - - static int fork_and_sleep(unsigned sleep_min) { - usec_t n, timeout, ts; -@@ -244,12 +246,13 @@ static void test_oomd_update_cgroup_contexts_between_hashmaps(void) { - - static void test_oomd_system_context_acquire(void) { - _cleanup_(unlink_tempfilep) char path[] = "/oomdgetsysctxtestXXXXXX"; -+ _cleanup_close_ int fd = -1; - OomdSystemContext ctx; - - if (geteuid() != 0) - return (void) log_tests_skipped("not root"); - -- assert_se(mkstemp(path)); -+ assert_se((fd = mkostemp_safe(path)) >= 0); - - assert_se(oomd_system_context_acquire("/verylikelynonexistentpath", &ctx) == -ENOENT); - --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-psi-util.patch b/backport-test-fix-file-descriptor-leak-in-test-psi-util.patch deleted file mode 100644 index 5d6bcb9970888645e8dab0d21487d13812c94715..0000000000000000000000000000000000000000 --- a/backport-test-fix-file-descriptor-leak-in-test-psi-util.patch +++ /dev/null @@ -1,47 +0,0 @@ -From eb760f4875afd75c433961c0a9bf00b1883e5d35 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:46:41 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-psi-util - -Fixes an issue reported in #22576. - -(cherry picked from commit be99883e131ef422f8278ec1d099520996a78bb0) -(cherry picked from commit 81d3e2abff5f4234e06ceb6590d0c9939d8d97b4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/eb760f4875afd75c433961c0a9bf00b1883e5d35 ---- - src/test/test-psi-util.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-psi-util.c b/src/test/test-psi-util.c -index c636cf255b..026f6aa1ab 100644 ---- a/src/test/test-psi-util.c -+++ b/src/test/test-psi-util.c -@@ -3,19 +3,22 @@ - #include - - #include "alloc-util.h" -+#include "fd-util.h" - #include "fileio.h" - #include "fs-util.h" - #include "psi-util.h" - #include "tests.h" -+#include "tmpfile-util.h" - - static void test_read_mem_pressure(void) { - _cleanup_(unlink_tempfilep) char path[] = "/tmp/pressurereadtestXXXXXX"; -+ _cleanup_close_ int fd = -1; - ResourcePressure rp; - - if (geteuid() != 0) - return (void) log_tests_skipped("not root"); - -- assert_se(mkstemp(path)); -+ assert_se((fd = mkostemp_safe(path)) >= 0); - - assert_se(read_resource_pressure("/verylikelynonexistentpath", PRESSURE_TYPE_SOME, &rp) < 0); - assert_se(read_resource_pressure(path, PRESSURE_TYPE_SOME, &rp) < 0); --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch b/backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch deleted file mode 100644 index cdcf73ba0a5a2e163d4639dbf6a0adea170ffa9a..0000000000000000000000000000000000000000 --- a/backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 40e43b290473aac1737f64b84194c5fc6b8210cf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:44:58 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-tmpfiles.c - -Also fixes a typo in assertion. - -Fixes an issure reported in #22576. - -(cherry picked from commit 1da5325d19dee654326e5fa2f61262e5e0a40fff) -(cherry picked from commit d9189c31117e159f7bae9233863aa88a02159e14) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/40e43b290473aac1737f64b84194c5fc6b8210cf ---- - src/test/test-tmpfiles.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-tmpfiles.c b/src/test/test-tmpfiles.c -index 4c3389af8c..0ac2b7f599 100644 ---- a/src/test/test-tmpfiles.c -+++ b/src/test/test-tmpfiles.c -@@ -37,7 +37,7 @@ int main(int argc, char** argv) { - assert_se(endswith(ans, " (deleted)")); - - fd2 = mkostemp_safe(pattern); -- assert_se(fd >= 0); -+ assert_se(fd2 >= 0); - assert_se(unlink(pattern) == 0); - - assert_se(asprintf(&cmd2, "ls -l /proc/"PID_FMT"/fd/%d", getpid_cached(), fd2) > 0); -@@ -49,6 +49,7 @@ int main(int argc, char** argv) { - pattern = strjoina(p, "/tmpfiles-test"); - assert_se(tempfn_random(pattern, NULL, &d) >= 0); - -+ fd = safe_close(fd); - fd = open_tmpfile_linkable(d, O_RDWR|O_CLOEXEC, &tmp); - assert_se(fd >= 0); - assert_se(write(fd, "foobar\n", 7) == 7); --- -2.33.0 - diff --git a/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch b/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch deleted file mode 100644 index 82412cc78c391f92eff26869736ed96643f5941b..0000000000000000000000000000000000000000 --- a/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch +++ /dev/null @@ -1,66 +0,0 @@ -From b22d90e59438481b421b1eb2449e6efdfb7f2118 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 26 May 2022 13:19:11 +0200 -Subject: [PATCH] test: generate a custom initrd for TEST-24 if $INITRD is - unset - -Co-Authored-By: Yu Watanabe ---- - test/TEST-24-CRYPTSETUP/test.sh | 24 ++++++++++++++++++++++++ - test/test-functions | 5 +++++ - 2 files changed, 29 insertions(+) - -diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh -index a52848b..c18f4aa 100755 ---- a/test/TEST-24-CRYPTSETUP/test.sh -+++ b/test/TEST-24-CRYPTSETUP/test.sh -@@ -64,6 +64,30 @@ EOF - # Forward journal messages to the console, so we have something - # to investigate even if we fail to mount the encrypted /var - echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" -+ -+ # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt -+ # support -+ if [[ -z "$INITRD" ]]; then -+ INITRD="${TESTDIR:?}/initrd.img" -+ dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'" -+ -+ if command -v dracut >/dev/null; then -+ dracut --force --verbose --add crypt "$INITRD" -+ elif command -v mkinitcpio >/dev/null; then -+ mkinitcpio --addhooks sd-encrypt --generate "$INITRD" -+ elif command -v mkinitramfs >/dev/null; then -+ # The cryptroot hook is provided by the cryptsetup-initramfs package -+ if ! dpkg-query -s cryptsetup-initramfs; then -+ derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd" -+ return 1 -+ fi -+ -+ mkinitramfs -o "$INITRD" -+ else -+ dfatal "Unrecognized initrd generator, can't continue" -+ return 1 -+ fi -+ fi - } - - cleanup_root_var() { -diff --git a/test/test-functions b/test/test-functions -index bef87ca..0239bbc 100644 ---- a/test/test-functions -+++ b/test/test-functions -@@ -325,6 +325,11 @@ qemu_min_version() { - # Return 0 if QEMU did run (then you must check the result state/logs for actual - # success), or 1 if QEMU is not available. - run_qemu() { -+ # If the test provided its own initrd, use it (e.g. TEST-24) -+ if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then -+ INITRD="$TESTDIR/initrd.img" -+ fi -+ - if [ -f /etc/machine-id ]; then - read -r MACHINE_ID -Date: Fri, 26 Nov 2021 09:40:51 +0100 -Subject: [PATCH] test-journal-flush: allow testing against specific files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ->=0 → ==0 because sd_journal_open* are documented to return 0. - -(cherry picked from commit 0fa167cd58b5a4ffe16a332131df70bf77edddbe) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bb29932a4172810357597175a62cb4c8cbd1087c ---- - src/libsystemd/sd-journal/test-journal-flush.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-journal/test-journal-flush.c b/src/libsystemd/sd-journal/test-journal-flush.c -index dad277dd66..aa814225dd 100644 ---- a/src/libsystemd/sd-journal/test-journal-flush.c -+++ b/src/libsystemd/sd-journal/test-journal-flush.c -@@ -29,8 +29,11 @@ int main(int argc, char *argv[]) { - r = journal_file_open(-1, fn, O_CREAT|O_RDWR, 0644, false, 0, false, NULL, NULL, NULL, NULL, &new_journal); - assert_se(r >= 0); - -- r = sd_journal_open(&j, 0); -- assert_se(r >= 0); -+ if (argc > 1) -+ r = sd_journal_open_files(&j, (const char **) strv_skip(argv, 1), 0); -+ else -+ r = sd_journal_open(&j, 0); -+ assert_se(r == 0); - - sd_journal_set_data_threshold(j, 0); - --- -2.33.0 - diff --git a/backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch b/backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch deleted file mode 100644 index 4e3edc65ebf31c6811e02a9cee52a9d342502056..0000000000000000000000000000000000000000 --- a/backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0d98afa9548873669531fb3f8aa0f1ab56455411 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 26 Nov 2021 09:46:02 +0100 -Subject: [PATCH] test-journal-flush: do not croak on corrupted input files - -We would fail if the input file was corrupted: -build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~ -journal_file_copy_entry failed: Bad message -Assertion 'r >= 0' failed at src/libsystemd/sd-journal/test-journal-flush.c:55, function main(). Aborting. -[1] 619472 IOT instruction (core dumped) build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~ - -Let's skip some "reasonable" errors. - -Fixes #17963. - -(cherry picked from commit b4046d55570ff0e23d16f7e2912e7ef0a55b25d8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0d98afa9548873669531fb3f8aa0f1ab56455411 ---- - src/libsystemd/sd-journal/test-journal-flush.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-journal/test-journal-flush.c b/src/libsystemd/sd-journal/test-journal-flush.c -index aa814225dd..c6fb65791e 100644 ---- a/src/libsystemd/sd-journal/test-journal-flush.c -+++ b/src/libsystemd/sd-journal/test-journal-flush.c -@@ -51,8 +51,11 @@ int main(int argc, char *argv[]) { - - r = journal_file_copy_entry(f, new_journal, o, f->current_offset); - if (r < 0) -- log_error_errno(r, "journal_file_copy_entry failed: %m"); -- assert_se(r >= 0); -+ log_warning_errno(r, "journal_file_copy_entry failed: %m"); -+ assert_se(r >= 0 || -+ IN_SET(r, -EBADMSG, /* corrupted file */ -+ -EPROTONOSUPPORT, /* unsupported compression */ -+ -EIO)); /* file rotated */ - - if (++n >= 10000) - break; --- -2.33.0 - diff --git a/backport-test-journal-send-close-fd-opend-by-syslog.patch b/backport-test-journal-send-close-fd-opend-by-syslog.patch deleted file mode 100644 index 9ca6330716e7d864662d0d7fea27a3a88e8d1fba..0000000000000000000000000000000000000000 --- a/backport-test-journal-send-close-fd-opend-by-syslog.patch +++ /dev/null @@ -1,34 +0,0 @@ -From e1cc12ee2ba089bc126764be509b6b0ed8e8a68b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 01:52:29 +0900 -Subject: [PATCH] test-journal-send: close fd opend by syslog() - -Fixes an issue reported in #22576. - -(cherry picked from commit 9048a6ccf3bd4f6794fc1ac9a838e1a0bfbcabf1) -(cherry picked from commit 4d24a369908f9915757632fa196deda14c172f9e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e1cc12ee2ba089bc126764be509b6b0ed8e8a68b ---- - src/libsystemd/sd-journal/test-journal-send.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c -index 75bd8e7b85..b6644e65c1 100644 ---- a/src/libsystemd/sd-journal/test-journal-send.c -+++ b/src/libsystemd/sd-journal/test-journal-send.c -@@ -90,6 +90,10 @@ static void test_journal_send(void) { - assert_se(sd_journal_sendv(graph2, 1) == 0); - assert_se(sd_journal_sendv(message1, 1) == 0); - assert_se(sd_journal_sendv(message2, 1) == 0); -+ -+ /* The above syslog() opens a fd which is stored in libc, and the valgrind reports the fd is -+ * leaked when we do not call closelog(). */ -+ closelog(); - } - - int main(int argc, char *argv[]) { --- -2.33.0 - diff --git a/backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch b/backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch deleted file mode 100644 index 544a1f681c2f10e9023c23bba4d9875a5f3095c4..0000000000000000000000000000000000000000 --- a/backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch +++ /dev/null @@ -1,32 +0,0 @@ -From bb0bb8afe78c699a1334fdd7df78d71427596d2e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 20:23:58 +0900 -Subject: [PATCH] test-oomd-util: fix conditional jump on uninitialised value - -Fixes #22577. - -(cherry picked from commit a6d6a51d83fae32212e1780e71b16517a4df9a57) -(cherry picked from commit b10cc2de7dc6ac8d7d72d576100dd3a37ddb588a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bb0bb8afe78c699a1334fdd7df78d71427596d2e ---- - src/oom/test-oomd-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index 02034c1293..a152387a26 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -283,7 +283,7 @@ static void test_oomd_system_context_acquire(void) { - static void test_oomd_pressure_above(void) { - _cleanup_hashmap_free_ Hashmap *h1 = NULL, *h2 = NULL; - _cleanup_set_free_ Set *t1 = NULL, *t2 = NULL, *t3 = NULL; -- OomdCGroupContext ctx[2], *c; -+ OomdCGroupContext ctx[2] = {}, *c; - loadavg_t threshold; - - assert_se(store_loadavg_fixed_point(80, 0, &threshold) == 0); --- -2.33.0 - diff --git a/backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch b/backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch deleted file mode 100644 index 51ab68268ab334ff942011c78daec25ee96ffc9c..0000000000000000000000000000000000000000 --- a/backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 38787a985396277058a20ac0c6f66fd1377d0737 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 11 Sep 2021 20:37:50 +0900 -Subject: [PATCH] test-oomd-util: skip tests if cgroup memory controller is not - available - -Fixes #20593 and #20655. - -(cherry picked from commit 8b2e22579a6549ab8423858819703fc142862bcb) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/38787a985396277058a20ac0c6f66fd1377d0737 ---- - src/oom/test-oomd-util.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index 776c65820e..29f2c54ab1 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -90,6 +90,7 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { - _cleanup_free_ char *cgroup = NULL; - ManagedOOMPreference root_pref; - OomdCGroupContext *c1, *c2; -+ CGroupMask mask; - bool test_xattrs; - int root_xattrs, r; - -@@ -102,6 +103,11 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { - if (cg_all_unified() <= 0) - return (void) log_tests_skipped("cgroups are not running in unified mode"); - -+ assert_se(cg_mask_supported(&mask) >= 0); -+ -+ if (!FLAGS_SET(mask, CGROUP_MASK_MEMORY)) -+ return (void) log_tests_skipped("cgroup memory controller is not available"); -+ - assert_se(cg_pid_get_path(NULL, 0, &cgroup) >= 0); - - /* If we don't have permissions to set xattrs we're likely in a userns or missing capabilities --- -2.33.0 - diff --git a/backport-test-oomd-util-style-fixlets.patch b/backport-test-oomd-util-style-fixlets.patch deleted file mode 100644 index 55f80c202fd3e0a429d50fc548a48c7a46c8a17f..0000000000000000000000000000000000000000 --- a/backport-test-oomd-util-style-fixlets.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 76b5fae410a2434e8fadab07700d1480566e8ddd Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 20:21:45 +0900 -Subject: [PATCH] test-oomd-util: style fixlets - -(cherry picked from commit d9fe39b24a0a5464c83c7a754752ca21dbd2578f) -(cherry picked from commit 1343c2efd5401aa52f7790fff4ad7e2d70173f01) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/76b5fae410a2434e8fadab07700d1480566e8ddd ---- - src/oom/test-oomd-util.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index 29f2c54ab1..02034c1293 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -300,12 +300,11 @@ static void test_oomd_pressure_above(void) { - assert_se(store_loadavg_fixed_point(1, 11, &(ctx[1].memory_pressure.avg300)) == 0); - ctx[1].mem_pressure_limit = threshold; - -- - /* High memory pressure */ - assert_se(h1 = hashmap_new(&string_hash_ops)); - assert_se(hashmap_put(h1, "/herp.slice", &ctx[0]) >= 0); - assert_se(oomd_pressure_above(h1, 0 /* duration */, &t1) == 1); -- assert_se(set_contains(t1, &ctx[0]) == true); -+ assert_se(set_contains(t1, &ctx[0])); - assert_se(c = hashmap_get(h1, "/herp.slice")); - assert_se(c->mem_pressure_limit_hit_start > 0); - -@@ -313,14 +312,14 @@ static void test_oomd_pressure_above(void) { - assert_se(h2 = hashmap_new(&string_hash_ops)); - assert_se(hashmap_put(h2, "/derp.slice", &ctx[1]) >= 0); - assert_se(oomd_pressure_above(h2, 0 /* duration */, &t2) == 0); -- assert_se(t2 == NULL); -+ assert_se(!t2); - assert_se(c = hashmap_get(h2, "/derp.slice")); - assert_se(c->mem_pressure_limit_hit_start == 0); - - /* High memory pressure w/ multiple cgroups */ - assert_se(hashmap_put(h1, "/derp.slice", &ctx[1]) >= 0); - assert_se(oomd_pressure_above(h1, 0 /* duration */, &t3) == 1); -- assert_se(set_contains(t3, &ctx[0]) == true); -+ assert_se(set_contains(t3, &ctx[0])); - assert_se(set_size(t3) == 1); - assert_se(c = hashmap_get(h1, "/herp.slice")); - assert_se(c->mem_pressure_limit_hit_start > 0); --- -2.33.0 - diff --git a/backport-test-store-the-key-on-a-separate-device.patch b/backport-test-store-the-key-on-a-separate-device.patch deleted file mode 100644 index 8272b45a949662a1a989c7bff102c7cceb86b3da..0000000000000000000000000000000000000000 --- a/backport-test-store-the-key-on-a-separate-device.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 6b70d3cf81088ee9226cd691bbccc4ebf4764065 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 26 May 2022 14:52:52 +0200 -Subject: [PATCH] test: store the key on a separate device - ---- - test/TEST-24-CRYPTSETUP/test.sh | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh -index bdf630d912..b81b811654 100755 ---- a/test/TEST-24-CRYPTSETUP/test.sh -+++ b/test/TEST-24-CRYPTSETUP/test.sh -@@ -12,10 +12,8 @@ TEST_FORCE_NEWIMAGE=1 - - PART_UUID="deadbeef-dead-dead-beef-000000000000" - DM_NAME="test24_varcrypt" --# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on --# the rootfs and we would get a (harmless) error when trying to mount it after --# switching root (since rootfs is already mounted) --KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" -+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev" -+QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img" - - check_result_qemu() { - local ret=1 -@@ -57,7 +55,13 @@ test_create_image() { - install_dmevent - generate_module_dependencies - -- echo -n test >"$initdir/etc/varkey" -+ # Create a keydev -+ dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16 -+ mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img" -+ mkdir -p "$STATEDIR/keydev" -+ mount "$STATEDIR/keydev.img" "$STATEDIR/keydev" -+ echo -n test >"$STATEDIR/keydev/keyfile" -+ umount "$STATEDIR/keydev" - - cat >>"$initdir/etc/fstab" < -Date: Thu, 30 Sep 2021 14:14:19 +0200 -Subject: [PATCH] test: use a less restrictive portable profile when running w/ - sanitizers - -Since f833df3 we now actually use the seccomp rules defined in portable -profiles. However, the default one is too restrictive for sanitizers, as -it blocks certain syscall required by LSan. Mitigate this by using the -'trusted' profile when running TEST-29-PORTABLE under sanitizers. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9dbdd33ffa824934962ebe61d03a9f727a1c416c ---- - test/units/testsuite-29.sh | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh -index 3408e6d71a..549fc2663c 100755 ---- a/test/units/testsuite-29.sh -+++ b/test/units/testsuite-29.sh -@@ -4,9 +4,16 @@ - set -eux - set -o pipefail - -+ARGS=() -+if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then -+ # If we're running under sanitizers, we need to use a less restrictive -+ # profile, otherwise LSan syscall would get blocked by seccomp -+ ARGS+=(--profile=trusted) -+fi -+ - export SYSTEMD_LOG_LEVEL=debug - --portablectl attach --now --runtime /usr/share/minimal_0.raw app0 -+portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw app0 - - systemctl is-active app0.service - systemctl is-active app0-foo.service -@@ -16,7 +23,7 @@ systemctl is-active app0-bar.service && exit 1 - set -e - set -o pipefail - --portablectl reattach --now --runtime /usr/share/minimal_1.raw app0 -+portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw app0 - - systemctl is-active app0.service - systemctl is-active app0-bar.service -@@ -37,7 +44,7 @@ portablectl list | grep -q -F "No images." - unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw - unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw - --portablectl attach --copy=symlink --now --runtime /tmp/minimal_0 app0 -+portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 app0 - - systemctl is-active app0.service - systemctl is-active app0-foo.service -@@ -47,7 +54,7 @@ systemctl is-active app0-bar.service && exit 1 - set -e - set -o pipefail - --portablectl reattach --now --enable --runtime /tmp/minimal_1 app0 -+portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 app0 - - systemctl is-active app0.service - systemctl is-active app0-bar.service -@@ -66,11 +73,11 @@ portablectl list | grep -q -F "No images." - root="/usr/share/minimal_0.raw" - app1="/usr/share/app1.raw" - --portablectl attach --now --runtime --extension ${app1} ${root} app1 -+portablectl "${ARGS[@]}" attach --now --runtime --extension ${app1} ${root} app1 - - systemctl is-active app1.service - --portablectl reattach --now --runtime --extension ${app1} ${root} app1 -+portablectl "${ARGS[@]}" reattach --now --runtime --extension ${app1} ${root} app1 - - systemctl is-active app1.service - -@@ -83,7 +90,7 @@ mount ${app1} /tmp/app1 - mount ${root} /tmp/rootdir - mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay - --portablectl attach --copy=symlink --now --runtime /tmp/overlay app1 -+portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/overlay app1 - - systemctl is-active app1.service - --- -2.33.0 - diff --git a/backport-test-watchdog-mark-as-unsafe.patch b/backport-test-watchdog-mark-as-unsafe.patch deleted file mode 100644 index 7012938b5c00247813b3750b3faa98d0cc1c32bf..0000000000000000000000000000000000000000 --- a/backport-test-watchdog-mark-as-unsafe.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7f7ad0e691eb2a05e7f319be8d098af760258dcd Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Tue, 4 Jan 2022 23:43:10 -0500 -Subject: [PATCH] test-watchdog: mark as unsafe - -If something goes wrong with this test it may result in an unsafe -system restart. Let's avoid running it automatically. - -See https://github.com/systemd/systemd/issues/22001. - -(cherry picked from commit 70652c2a6fa9c06c7faac62f41c72e2e4eaa9340) -(cherry picked from commit 4c0ed19c520a8944f68f613edc3acbd0471dcc81) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7f7ad0e691eb2a05e7f319be8d098af760258dcd ---- - src/test/meson.build | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/test/meson.build b/src/test/meson.build -index 64dbb82002..a327a1f8f9 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -521,7 +521,8 @@ tests += [ - [], - core_includes, '', 'manual'], - -- [['src/test/test-watchdog.c']], -+ [['src/test/test-watchdog.c'], -+ [], [], [], '', 'unsafe'], - - [['src/test/test-sched-prio.c'], - [libcore, --- -2.33.0 - diff --git a/backport-tests-add-test-case-for-UMask-BindPaths-combination.patch b/backport-tests-add-test-case-for-UMask-BindPaths-combination.patch deleted file mode 100644 index 463c48dd204246d6807f3b7e4eff71a0902f35dc..0000000000000000000000000000000000000000 --- a/backport-tests-add-test-case-for-UMask-BindPaths-combination.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ae53f4b5e48860b473c4d05958486a77f84ecc6d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 13:41:59 +0100 -Subject: [PATCH] tests: add test case for UMask=+BindPaths= combination - -Inspired by the test case described in #19899 - -(cherry picked from commit 875afa02fabe1dad5aa3d1e9bff89d493a369fd0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ae53f4b5e48860b473c4d05958486a77f84ecc6d ---- - src/test/test-execute.c | 5 +++++ - test/test-execute/exec-umask-namespace.service | 12 ++++++++++++ - 2 files changed, 17 insertions(+) - create mode 100644 test/test-execute/exec-umask-namespace.service - -diff --git a/src/test/test-execute.c b/src/test/test-execute.c -index 1119ad4acf..88e1b30095 100644 ---- a/src/test/test-execute.c -+++ b/src/test/test-execute.c -@@ -828,6 +828,10 @@ static void test_exec_condition(Manager *m) { - test_service(m, "exec-condition-skip.service", SERVICE_SKIP_CONDITION); - } - -+static void test_exec_umask_namespace(Manager *m) { -+ test(m, "exec-umask-namespace.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED); -+} -+ - typedef struct test_entry { - test_function_t f; - const char *name; -@@ -904,6 +908,7 @@ int main(int argc, char *argv[]) { - entry(test_exec_dynamicuser), - entry(test_exec_specifier), - entry(test_exec_systemcallfilter_system), -+ entry(test_exec_umask_namespace), - {}, - }; - int r; -diff --git a/test/test-execute/exec-umask-namespace.service b/test/test-execute/exec-umask-namespace.service -new file mode 100644 -index 0000000000..8419c86c9a ---- /dev/null -+++ b/test/test-execute/exec-umask-namespace.service -@@ -0,0 +1,12 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+[Unit] -+Description=Test for UMask= + namespacing -+ -+[Service] -+ExecStart=/bin/ls -lahd /tmp/subdir -+Type=oneshot -+User=65534 -+Group=65534 -+TemporaryFileSystem=/tmp:ro -+BindPaths=/etc:/tmp/subdir/subsub -+UMask=0007 --- -2.33.0 - diff --git a/backport-timedatectl-fix-a-memory-leak.patch b/backport-timedatectl-fix-a-memory-leak.patch deleted file mode 100644 index ec1ad780896810f607742c0835b874c59ba71675..0000000000000000000000000000000000000000 --- a/backport-timedatectl-fix-a-memory-leak.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 71d2356edffafe8c40797c64f6fb82a8885d1da9 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Wed, 4 May 2022 11:35:19 +0000 -Subject: [PATCH] timedatectl: fix a memory leak - -``` -timedatectl list-timezones --no-pager -... -==164329==ERROR: LeakSanitizer: detected memory leaks - -Direct leak of 8192 byte(s) in 1 object(s) allocated from: - #0 0x7fe8a74b6f8c in reallocarray (/lib64/libasan.so.6+0xaef8c) - #1 0x7fe8a63485dc in strv_push ../src/basic/strv.c:419 - #2 0x7fe8a6349419 in strv_consume ../src/basic/strv.c:490 - #3 0x7fe8a634958d in strv_extend ../src/basic/strv.c:542 - #4 0x7fe8a643d787 in bus_message_read_strv_extend ../src/libsystemd/sd-bus/bus-message.c:5606 - #5 0x7fe8a643db9d in sd_bus_message_read_strv ../src/libsystemd/sd-bus/bus-message.c:5628 - #6 0x4085fb in list_timezones ../src/timedate/timedatectl.c:314 - #7 0x7fe8a61ef3e1 in dispatch_verb ../src/shared/verbs.c:103 - #8 0x410f91 in timedatectl_main ../src/timedate/timedatectl.c:1025 - #9 0x41111c in run ../src/timedate/timedatectl.c:1043 - #10 0x411242 in main ../src/timedate/timedatectl.c:1046 - #11 0x7fe8a489df1f in __libc_start_call_main (/lib64/libc.so.6+0x40f1f) -``` - -(cherry picked from commit a2e37d52312806b1847800df2358e61276cda052) ---- - src/timedate/timedatectl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c -index 75ca6195da..31909064cf 100644 ---- a/src/timedate/timedatectl.c -+++ b/src/timedate/timedatectl.c -@@ -304,7 +304,7 @@ static int list_timezones(int argc, char **argv, void *userdata) { - sd_bus *bus = userdata; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - int r; -- char** zones; -+ _cleanup_strv_free_ char **zones = NULL; - - r = bus_call_method(bus, bus_timedate, "ListTimezones", &error, &reply, NULL); - if (r < 0) --- -2.33.0 - diff --git a/backport-timesync-check-cmsg-length.patch b/backport-timesync-check-cmsg-length.patch deleted file mode 100644 index 90a32603c32ba36b999942e04f8369df3a3ac840..0000000000000000000000000000000000000000 --- a/backport-timesync-check-cmsg-length.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 4e9f1d0a28cc29d1f010b05d74898f222d757cc8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 20:55:44 +0900 -Subject: [PATCH] timesync: check cmsg length - -(cherry picked from commit 37df6d9b8d3a8b34bec5346766ab8093c0f0fc26) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4e9f1d0a28cc29d1f010b05d74898f222d757cc8 ---- - src/timesync/timesyncd-manager.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index eae14e8fb2..648e804105 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -467,6 +467,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - - switch (cmsg->cmsg_type) { - case SCM_TIMESTAMPNS: -+ assert(cmsg->cmsg_len == CMSG_LEN(sizeof(struct timespec))); -+ - recv_time = (struct timespec *) CMSG_DATA(cmsg); - break; - } --- -2.33.0 - diff --git a/backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch b/backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch deleted file mode 100644 index aef7fe98f381ee046056a49e84261c511fd112f2..0000000000000000000000000000000000000000 --- a/backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch +++ /dev/null @@ -1,45 +0,0 @@ -From dac54d1aa759255144d9937361289bde57d64118 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 Aug 2021 08:40:11 +0900 -Subject: [PATCH] timesync: fix wrong type for receiving timestamp in - nanoseconds - -Fixes #20482. - -(cherry picked from commit 6f96bdc58746b1698bf8b3430a6c638f8949daec) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/dac54d1aa759255144d9937361289bde57d64118 ---- - src/test/test-sizeof.c | 2 ++ - src/timesync/timesyncd-manager.c | 2 +- - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c -index 3c9dc180fa..e36bee4e8f 100644 ---- a/src/test/test-sizeof.c -+++ b/src/test/test-sizeof.c -@@ -89,5 +89,7 @@ int main(void) { - printf("big_enum2_pos → %zu\n", sizeof(big_enum2_pos)); - printf("big_enum2_neg → %zu\n", sizeof(big_enum2_neg)); - -+ printf("timeval: %zu\n", sizeof(struct timeval)); -+ printf("timespec: %zu\n", sizeof(struct timespec)); - return 0; - } -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index cb5d42b1d3..9d874cfc8a 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -412,7 +412,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - .iov_base = &ntpmsg, - .iov_len = sizeof(ntpmsg), - }; -- CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timeval))) control; -+ CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timespec))) control; - union sockaddr_union server_addr; - struct msghdr msghdr = { - .msg_iov = &iov, --- -2.33.0 - diff --git a/backport-tmpfiles-avoid-null-free-for-acl-attributes.patch b/backport-tmpfiles-avoid-null-free-for-acl-attributes.patch deleted file mode 100644 index c7cddb339d425be160c6df589fcc68c2dcf96286..0000000000000000000000000000000000000000 --- a/backport-tmpfiles-avoid-null-free-for-acl-attributes.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 85e06ba8753e767d9f28550bf9f6b0d2e971b296 Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Fri, 6 Jan 2023 10:58:32 +0000 -Subject: [PATCH] tmpfiles: avoid null free() for acl attributes - -When built with ACL support, we might be processing a tmpfiles -entry where there's no cause for us to call parse_acls_from_arg, -then we get to the end of parse_line without having ever populated -i.{acl_access, acl_default}. - -Then we pass a null pointer into acl_free(). - -From UBSAN w/ GCC 13.0.0_pre20230101: -``` -$ systemd-tmpfiles --clean -/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer - #0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44 - #1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855 - #2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158 - #3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897 - #4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985 - #5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157 - #6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218 - #7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289) - #8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344) - #9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900) -``` - -(cherry picked from commit 9f804ab04d566ff745849e1c4ced680a0447cf76) -(cherry picked from commit a11a949c43def70ec5d3f57f561884c3f652603e) -(cherry picked from commit 455193605d22a171c0f9b599a105be9ac18f433f) -(cherry picked from commit 0e711b7c06fc8b1290adcd38b4bb8faaa49ab764) ---- - src/tmpfiles/tmpfiles.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 1bfb1cbe16..461dfe5a5f 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -2683,8 +2683,11 @@ static void item_free_contents(Item *i) { - strv_free(i->xattrs); - - #if HAVE_ACL -- acl_free(i->acl_access); -- acl_free(i->acl_default); -+ if (i->acl_access) -+ acl_free(i->acl_access); -+ -+ if (i->acl_default) -+ acl_free(i->acl_default); - #endif - } - --- -2.27.0 - diff --git a/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch b/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch deleted file mode 100644 index d7b65377fbe45aad763de7d22466211a94975f16..0000000000000000000000000000000000000000 --- a/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 675dd1039c69ff28ce9c7e617fcede80e998b3e9 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 13 Jul 2022 23:44:45 +0200 -Subject: [PATCH] tmpfiles: check the directory we were supposed to create, not - its parent - -This current code checks the wrong directory. This was broken in -4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous -code incorrectly. - -(cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe) -(cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb) -(cherry picked from commit 8b674cf43f1ba8137da3a90c67826f13c865838c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/675dd1039c69ff28ce9c7e617fcede80e998b3e9 ---- - src/tmpfiles/tmpfiles.c | 17 +++++++---------- - 1 file changed, 7 insertions(+), 10 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 7e85c50634..1bfb1cbe16 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -1666,15 +1666,12 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub - r = btrfs_is_subvol(empty_to_root(arg_root)) > 0; - } - if (!r) -- /* Don't create a subvolume unless the root directory is -- * one, too. We do this under the assumption that if the -- * root directory is just a plain directory (i.e. very -- * light-weight), we shouldn't try to split it up into -- * subvolumes (i.e. more heavy-weight). Thus, chroot() -- * environments and suchlike will get a full brtfs -- * subvolume set up below their tree only if they -- * specifically set up a btrfs subvolume for the root -- * dir too. */ -+ /* Don't create a subvolume unless the root directory is one, too. We do this under -+ * the assumption that if the root directory is just a plain directory (i.e. very -+ * light-weight), we shouldn't try to split it up into subvolumes (i.e. more -+ * heavy-weight). Thus, chroot() environments and suchlike will get a full brtfs -+ * subvolume set up below their tree only if they specifically set up a btrfs -+ * subvolume for the root dir too. */ - - subvol = false; - else { -@@ -1694,7 +1691,7 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub - if (!IN_SET(r, -EEXIST, -EROFS)) - return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path); - -- k = is_dir_fd(pfd); -+ k = is_dir_full(pfd, basename(path), /* follow= */ false); - if (k == -ENOENT && r == -EROFS) - return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path); - if (k < 0) --- -2.27.0 - diff --git a/backport-tpm-util-fix-TPM-parameter-handling.patch b/backport-tpm-util-fix-TPM-parameter-handling.patch deleted file mode 100644 index 8ea2e6b9e2f88416efba80498946ff40e6db3570..0000000000000000000000000000000000000000 --- a/backport-tpm-util-fix-TPM-parameter-handling.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 966a8cd270e017928389aa1c3966551b301da5e7 Mon Sep 17 00:00:00 2001 -From: Anatol Pomozov -Date: Fri, 10 Sep 2021 11:52:55 -0700 -Subject: [PATCH] tpm-util: fix TPM parameter handling - -cryptenroll allows to specify a custom TPM driver separated from -parameters with colon e.g. `systemd-cryptenroll --tpm2-device=swtpm:` -tells to load swtpm tss driver and use it as a device. - -Unfortunately it does not work, swtpm driver init() fails with - -``` -debug:tcti:src/tss2-tcti/tcti-swtpm.c:570:Tss2_Tcti_Swtpm_Init() Dup'd conf string to: 0x562f91cbc000 -debug:tcti:src/util/key-value-parse.c:85:parse_key_value_string() parsing key/value: swtpm: -WARNING:tcti:src/util/key-value-parse.c:50:parse_key_value() key / value string is invalid -Failed to initialize TCTI context: tcti:A parameter has a bad value -``` - -It turns out that cryptenroll suppose to use the driver name internally -and strip it before passing the rest of parameters to init() function. -Without doing it swtpm receives incorrect key-value property and gets -confused. - -Fix it by passing the correct parameter (without driver name) to the -init() function. - -Fixes #20708 - -(cherry picked from commit 8889564a8da574e4b956e2b6ced34354dee54cd7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/966a8cd270e017928389aa1c3966551b301da5e7 ---- - src/shared/tpm2-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index df6d2eef58..56a7fe622e 100644 ---- a/src/shared/tpm2-util.c -+++ b/src/shared/tpm2-util.c -@@ -182,7 +182,7 @@ static int tpm2_init(const char *device, struct tpm2_context *ret) { - if (!tcti) - return log_oom(); - -- rc = info->init(tcti, &sz, device); -+ rc = info->init(tcti, &sz, param); - if (rc != TPM2_RC_SUCCESS) - return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), - "Failed to initialize TCTI context: %s", sym_Tss2_RC_Decode(rc)); --- -2.33.0 - diff --git a/backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch b/backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch deleted file mode 100644 index 800c91a933e90f1f729bd9d470192795827d1ed1..0000000000000000000000000000000000000000 --- a/backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch +++ /dev/null @@ -1,546 +0,0 @@ -From e3516e4fdce54f62819bbb18a9fcdd843544d354 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 15 Sep 2021 10:56:21 +0200 -Subject: [PATCH] tree-wide: mark set-but-not-used variables as unused to make - LLVM happy - -LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which -trips over some intentionally set-but-not-used variables or variables -attached to cleanup handlers with side effects (`_cleanup_umask_`, -`_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.): - -``` -../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable] - _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; - ^ - 1 error generated. -``` - -(cherry picked from commit d7ac09520be8f0d3d94df3dd4fd8a6e7404c0174) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e3516e4fdce54f62819bbb18a9fcdd843544d354 ---- - src/basic/process-util.c | 2 +- - src/basic/unit-file.c | 3 ++- - src/core/manager.c | 4 ++-- - src/cryptsetup/cryptsetup.c | 2 +- - src/home/homed.c | 2 +- - src/initctl/initctl.c | 2 +- - src/journal-remote/journal-remote-main.c | 2 +- - src/journal-remote/journal-remote.c | 2 +- - src/journal-remote/journal-upload.c | 2 +- - src/journal/journald-server.c | 2 +- - src/libsystemd-network/sd-dhcp-server.c | 6 ++++-- - src/libsystemd/sd-device/sd-device.c | 9 ++++++--- - src/libsystemd/sd-journal/test-catalog.c | 2 +- - src/login/logind-core.c | 2 +- - src/login/logind-session.c | 2 +- - src/login/logind.c | 2 +- - src/network/networkd-dhcp-common.c | 6 ++++-- - src/network/networkd.c | 2 +- - src/network/wait-online/wait-online.c | 2 +- - src/nss-systemd/userdb-glue.c | 4 ++-- - src/oom/oomd-manager.c | 2 +- - src/oom/oomd.c | 2 +- - src/resolve/resolved-dns-cache.c | 2 +- - src/resolve/resolved-dns-query.c | 2 +- - src/resolve/resolved.c | 2 +- - src/shared/barrier.c | 2 +- - src/shared/utmp-wtmp.c | 8 ++++---- - src/timesync/timesyncd.c | 2 +- - src/tty-ask-password-agent/tty-ask-password-agent.c | 3 ++- - src/udev/udevd.c | 3 ++- - src/userdb/userdbd.c | 2 +- - 31 files changed, 50 insertions(+), 40 deletions(-) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 461bbfe9a5..b76ca6f7c5 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -1278,7 +1278,7 @@ int safe_fork_full( - - pid_t original_pid, pid; - sigset_t saved_ss, ss; -- _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; -+ _unused_ _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; - bool block_signals = false, block_all = false; - int prio, r; - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index 0d58b1c4fe..d1e997ec9f 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -286,7 +286,8 @@ int unit_file_build_name_map( - - FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; -- _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; -+ _unused_ _cleanup_free_ char *_filename_free = NULL; -+ _cleanup_free_ char *simplified = NULL; - const char *suffix, *dst = NULL; - bool valid_unit_name; - -diff --git a/src/core/manager.c b/src/core/manager.c -index 34891a8754..abc63a71af 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1731,7 +1731,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - - { - /* This block is (optionally) done with the reloading counter bumped */ -- _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; -+ _unused_ _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; - - /* If we will deserialize make sure that during enumeration this is already known, so we increase the - * counter here already */ -@@ -3770,7 +3770,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - } - - int manager_reload(Manager *m) { -- _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; -+ _unused_ _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; - _cleanup_fdset_free_ FDSet *fds = NULL; - _cleanup_fclose_ FILE *f = NULL; - int r; -diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c -index 0fa41b8360..440f17d017 100644 ---- a/src/cryptsetup/cryptsetup.c -+++ b/src/cryptsetup/cryptsetup.c -@@ -1482,7 +1482,7 @@ static int run(int argc, char *argv[]) { - verb = argv[1]; - - if (streq(verb, "attach")) { -- _cleanup_(remove_and_erasep) const char *destroy_key_file = NULL; -+ _unused_ _cleanup_(remove_and_erasep) const char *destroy_key_file = NULL; - _cleanup_(erase_and_freep) void *key_data = NULL; - const char *volume, *source, *key_file, *options; - crypt_status_info status; -diff --git a/src/home/homed.c b/src/home/homed.c -index 807d25e273..579c289a68 100644 ---- a/src/home/homed.c -+++ b/src/home/homed.c -@@ -14,7 +14,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r; - - log_setup(); -diff --git a/src/initctl/initctl.c b/src/initctl/initctl.c -index c48fef16ef..a48a8570c4 100644 ---- a/src/initctl/initctl.c -+++ b/src/initctl/initctl.c -@@ -311,7 +311,7 @@ static int process_event(Server *s, struct epoll_event *ev) { - - static int run(int argc, char *argv[]) { - _cleanup_(server_done) Server server = { .epoll_fd = -1 }; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r, n; - - if (argc > 1) -diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c -index 9ff31763da..b46b4fc08e 100644 ---- a/src/journal-remote/journal-remote-main.c -+++ b/src/journal-remote/journal-remote-main.c -@@ -1099,7 +1099,7 @@ static int load_certificates(char **key, char **cert, char **trust) { - - static int run(int argc, char **argv) { - _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - _cleanup_(erase_and_freep) char *key = NULL; - _cleanup_free_ char *cert = NULL, *trust = NULL; - int r; -diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c -index 6e5aebdc48..f530ba3c7e 100644 ---- a/src/journal-remote/journal-remote.c -+++ b/src/journal-remote/journal-remote.c -@@ -272,7 +272,7 @@ int journal_remote_add_source(RemoteServer *s, int fd, char* name, bool own_name - - int journal_remote_add_raw_socket(RemoteServer *s, int fd) { - int r; -- _cleanup_close_ int fd_ = fd; -+ _unused_ _cleanup_close_ int fd_ = fd; - char name[STRLEN("raw-socket-") + DECIMAL_STR_MAX(int) + 1]; - - assert(fd >= 0); -diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c -index 2a38d206ea..37660b925a 100644 ---- a/src/journal-remote/journal-upload.c -+++ b/src/journal-remote/journal-upload.c -@@ -820,7 +820,7 @@ static int open_journal(sd_journal **j) { - - static int run(int argc, char **argv) { - _cleanup_(destroy_uploader) Uploader u = {}; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - bool use_journal; - int r; - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 2d1d9e66d7..a212079758 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -910,7 +910,7 @@ static void dispatch_message_real( - pid_t object_pid) { - - char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)]; -- _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; -+ _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; - uid_t journal_uid; - ClientContext *o; - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 0b3904c02a..070f4ec1c2 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -1004,7 +1004,8 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz - /* verify that the requested address is from the pool, and either - owned by the current client or free */ - if (pool_offset >= 0 && static_lease) { -- _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL, *old_lease = NULL; -+ _unused_ _cleanup_(dhcp_lease_freep) DHCPLease *old_lease = NULL; -+ _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL; - usec_t time_now, expiration; - - r = sd_event_now(server->event, clock_boottime_or_monotonic(), &time_now); -@@ -1482,7 +1483,8 @@ int sd_dhcp_server_set_static_lease( - uint8_t *client_id, - size_t client_id_size) { - -- _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL, *old = NULL; -+ _unused_ _cleanup_(dhcp_lease_freep) DHCPLease *old = NULL; -+ _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL; - DHCPClientId c; - int r; - -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 45261588a8..3f2cce5bba 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -94,7 +94,8 @@ int device_add_property_aux(sd_device *device, const char *key, const char *valu - properties = &device->properties; - - if (value) { -- _cleanup_free_ char *new_key = NULL, *new_value = NULL, *old_key = NULL, *old_value = NULL; -+ _unused_ _cleanup_free_ char *old_value = NULL; -+ _cleanup_free_ char *new_key = NULL, *new_value = NULL, *old_key = NULL; - int r; - - r = ordered_hashmap_ensure_allocated(properties, &string_hash_ops_free_free); -@@ -119,7 +120,8 @@ int device_add_property_aux(sd_device *device, const char *key, const char *valu - TAKE_PTR(new_key); - TAKE_PTR(new_value); - } else { -- _cleanup_free_ char *old_key = NULL, *old_value = NULL; -+ _unused_ _cleanup_free_ char *old_value = NULL; -+ _cleanup_free_ char *old_key = NULL; - - old_value = ordered_hashmap_remove2(*properties, key, (void**) &old_key); - } -@@ -1920,7 +1922,8 @@ _public_ int sd_device_get_trigger_uuid(sd_device *device, sd_id128_t *ret) { - } - - static int device_cache_sysattr_value(sd_device *device, const char *key, char *value) { -- _cleanup_free_ char *new_key = NULL, *old_value = NULL; -+ _unused_ _cleanup_free_ char *old_value = NULL; -+ _cleanup_free_ char *new_key = NULL; - int r; - - assert(device); -diff --git a/src/libsystemd/sd-journal/test-catalog.c b/src/libsystemd/sd-journal/test-catalog.c -index 982fec0d8d..316c3b1634 100644 ---- a/src/libsystemd/sd-journal/test-catalog.c -+++ b/src/libsystemd/sd-journal/test-catalog.c -@@ -53,7 +53,7 @@ static void test_catalog_import_invalid(void) { - } - - static void test_catalog_import_badid(void) { -- _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL; -+ _unused_ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL; - const char *input = - "-- 0027229ca0644181a76c4e92458afaff dededededededededededededededede\n" \ - "Subject: message\n" \ -diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index e08929e52a..a9792fd5e4 100644 ---- a/src/login/logind-core.c -+++ b/src/login/logind-core.c -@@ -689,7 +689,7 @@ bool manager_all_buttons_ignored(Manager *m) { - int manager_read_utmp(Manager *m) { - #if ENABLE_UTMP - int r; -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - - assert(m); - -diff --git a/src/login/logind-session.c b/src/login/logind-session.c -index 3f09750ec9..cde2b5e8bb 100644 ---- a/src/login/logind-session.c -+++ b/src/login/logind-session.c -@@ -1323,7 +1323,7 @@ bool session_is_controller(Session *s, const char *sender) { - } - - static void session_release_controller(Session *s, bool notify) { -- _cleanup_free_ char *name = NULL; -+ _unused_ _cleanup_free_ char *name = NULL; - SessionDevice *sd; - - if (!s->controller) -diff --git a/src/login/logind.c b/src/login/logind.c -index ec52a57acb..b642da6eaa 100644 ---- a/src/login/logind.c -+++ b/src/login/logind.c -@@ -1155,7 +1155,7 @@ static int manager_run(Manager *m) { - - static int run(int argc, char *argv[]) { - _cleanup_(manager_unrefp) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - int r; - - log_set_facility(LOG_AUTH); -diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c -index 249d780887..02cef0fbfc 100644 ---- a/src/network/networkd-dhcp-common.c -+++ b/src/network/networkd-dhcp-common.c -@@ -631,8 +631,10 @@ int config_parse_dhcp_send_option( - void *data, - void *userdata) { - -- _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt4 = NULL, *old4 = NULL; -- _cleanup_(sd_dhcp6_option_unrefp) sd_dhcp6_option *opt6 = NULL, *old6 = NULL; -+ _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt4 = NULL; -+ _cleanup_(sd_dhcp6_option_unrefp) sd_dhcp6_option *opt6 = NULL; -+ _unused_ _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *old4 = NULL; -+ _unused_ _cleanup_(sd_dhcp6_option_unrefp) sd_dhcp6_option *old6 = NULL; - uint32_t uint32_data, enterprise_identifier = 0; - _cleanup_free_ char *word = NULL, *q = NULL; - OrderedHashmap **options = data; -diff --git a/src/network/networkd.c b/src/network/networkd.c -index 48f6061b1f..ff3380c82c 100644 ---- a/src/network/networkd.c -+++ b/src/network/networkd.c -@@ -19,7 +19,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - int r; - - log_setup(); -diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c -index 1b24b6f1a6..3ce29ac679 100644 ---- a/src/network/wait-online/wait-online.c -+++ b/src/network/wait-online/wait-online.c -@@ -195,7 +195,7 @@ static int parse_argv(int argc, char *argv[]) { - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - int r; - - log_setup(); -diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c -index c865ff0d82..002e6925f9 100644 ---- a/src/nss-systemd/userdb-glue.c -+++ b/src/nss-systemd/userdb-glue.c -@@ -303,7 +303,7 @@ enum nss_status userdb_getgrnam( - } - - if (!g) { -- _cleanup_(_nss_systemd_unblockp) bool blocked = false; -+ _unused_ _cleanup_(_nss_systemd_unblockp) bool blocked = false; - - if (strv_isempty(members)) - return NSS_STATUS_NOTFOUND; -@@ -365,7 +365,7 @@ enum nss_status userdb_getgrgid( - } - - if (!g) { -- _cleanup_(_nss_systemd_unblockp) bool blocked = false; -+ _unused_ _cleanup_(_nss_systemd_unblockp) bool blocked = false; - - /* So, quite possibly we have to extend an existing group record with additional members. But - * to do this we need to know the group name first. The group didn't exist via non-NSS -diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c -index 727206d0b3..891b0acacb 100644 ---- a/src/oom/oomd-manager.c -+++ b/src/oom/oomd-manager.c -@@ -387,7 +387,7 @@ static void clear_candidate_hashmapp(Manager **m) { - static int monitor_memory_pressure_contexts_handler(sd_event_source *s, uint64_t usec, void *userdata) { - /* Don't want to use stale candidate data. Setting this will clear the candidate hashmap on return unless we - * update the candidate data (in which case clear_candidates will be NULL). */ -- _cleanup_(clear_candidate_hashmapp) Manager *clear_candidates = userdata; -+ _unused_ _cleanup_(clear_candidate_hashmapp) Manager *clear_candidates = userdata; - _cleanup_set_free_ Set *targets = NULL; - bool in_post_action_delay = false; - Manager *m = userdata; -diff --git a/src/oom/oomd.c b/src/oom/oomd.c -index deb7b094d5..e13a1b35e5 100644 ---- a/src/oom/oomd.c -+++ b/src/oom/oomd.c -@@ -116,7 +116,7 @@ static int parse_argv(int argc, char *argv[]) { - } - - static int run(int argc, char *argv[]) { -- _cleanup_(notify_on_cleanup) const char *notify_msg = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_msg = NULL; - _cleanup_(manager_freep) Manager *m = NULL; - _cleanup_free_ char *swap = NULL; - unsigned long long s = 0; -diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c -index f73ead872d..c2fca1fabe 100644 ---- a/src/resolve/resolved-dns-cache.c -+++ b/src/resolve/resolved-dns-cache.c -@@ -274,7 +274,7 @@ static int dns_cache_link_item(DnsCache *c, DnsCacheItem *i) { - - first = hashmap_get(c->by_key, i->key); - if (first) { -- _cleanup_(dns_resource_key_unrefp) DnsResourceKey *k = NULL; -+ _unused_ _cleanup_(dns_resource_key_unrefp) DnsResourceKey *k = NULL; - - /* Keep a reference to the original key, while we manipulate the list. */ - k = dns_resource_key_ref(first->key); -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 6d372395fe..192bfd3bf5 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -165,7 +165,7 @@ static int dns_query_candidate_add_transaction( - } - - static int dns_query_candidate_go(DnsQueryCandidate *c) { -- _cleanup_(dns_query_candidate_unrefp) DnsQueryCandidate *keep_c = NULL; -+ _unused_ _cleanup_(dns_query_candidate_unrefp) DnsQueryCandidate *keep_c = NULL; - DnsTransaction *t; - int r; - unsigned n = 0; -diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index aabaa266e9..85ab917c4f 100644 ---- a/src/resolve/resolved.c -+++ b/src/resolve/resolved.c -@@ -23,7 +23,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r; - - log_setup(); -diff --git a/src/shared/barrier.c b/src/shared/barrier.c -index 2864c1b8f9..87061f55d7 100644 ---- a/src/shared/barrier.c -+++ b/src/shared/barrier.c -@@ -90,7 +90,7 @@ - * Returns: 0 on success, negative error code on failure. - */ - int barrier_create(Barrier *b) { -- _cleanup_(barrier_destroyp) Barrier *staging = b; -+ _unused_ _cleanup_(barrier_destroyp) Barrier *staging = b; - int r; - - assert(b); -diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c -index 784aad2943..d529498fad 100644 ---- a/src/shared/utmp-wtmp.c -+++ b/src/shared/utmp-wtmp.c -@@ -25,7 +25,7 @@ - #include "utmp-wtmp.h" - - int utmp_get_runlevel(int *runlevel, int *previous) { -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - struct utmpx *found, lookup = { .ut_type = RUN_LVL }; - const char *e; - -@@ -87,7 +87,7 @@ static void init_entry(struct utmpx *store, usec_t t) { - } - - static int write_entry_utmp(const struct utmpx *store) { -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - - assert(store); - -@@ -215,7 +215,7 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line - } - - int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) { -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - struct utmpx lookup = { - .ut_type = INIT_PROCESS /* looks for DEAD_PROCESS, LOGIN_PROCESS, USER_PROCESS, too */ - }, store, store_wtmp, *found; -@@ -340,7 +340,7 @@ int utmp_wall( - bool (*match_tty)(const char *tty, void *userdata), - void *userdata) { - -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - _cleanup_free_ char *text = NULL, *hn = NULL, *un = NULL, *stdin_tty = NULL; - char date[FORMAT_TIMESTAMP_MAX]; - struct utmpx *u; -diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c -index e6a2b06687..8d43e55583 100644 ---- a/src/timesync/timesyncd.c -+++ b/src/timesync/timesyncd.c -@@ -90,7 +90,7 @@ settime: - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - const char *user = "systemd-timesync"; - uid_t uid, uid_current; - gid_t gid; -diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c -index 59b144972b..25d69180c5 100644 ---- a/src/tty-ask-password-agent/tty-ask-password-agent.c -+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c -@@ -338,7 +338,8 @@ static int process_and_watch_password_files(bool watch) { - _FD_MAX - }; - -- _cleanup_close_ int notify = -1, signal_fd = -1, tty_block_fd = -1; -+ _unused_ _cleanup_close_ int tty_block_fd = -1; -+ _cleanup_close_ int notify = -1, signal_fd = -1; - struct pollfd pollfd[_FD_MAX]; - sigset_t mask; - int r; -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 13ac7c83b5..8808c5cf95 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1092,7 +1092,8 @@ static int on_ctrl_msg(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, co - manager_reload(manager); - break; - case UDEV_CTRL_SET_ENV: { -- _cleanup_free_ char *key = NULL, *val = NULL, *old_key = NULL, *old_val = NULL; -+ _unused_ _cleanup_free_ char *old_val = NULL; -+ _cleanup_free_ char *key = NULL, *val = NULL, *old_key = NULL; - const char *eq; - - eq = strchr(value->buf, '='); -diff --git a/src/userdb/userdbd.c b/src/userdb/userdbd.c -index d469411eb8..0c321bf411 100644 ---- a/src/userdb/userdbd.c -+++ b/src/userdb/userdbd.c -@@ -24,7 +24,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r; - - log_setup(); --- -2.33.0 - diff --git a/backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch b/backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch deleted file mode 100644 index 52a9aadcc00e765e67945a270a40b3ae76565d4f..0000000000000000000000000000000000000000 --- a/backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch +++ /dev/null @@ -1,158 +0,0 @@ -From e53bfae86dfb909e0a2eb179328b61f4ed723639 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 8 Nov 2021 23:07:51 +0100 -Subject: [PATCH] tree-wide: use sd_event_source_disable_unref() where we can - -(cherry picked from commit 4f538d7b221de5707c1ff422e6e34be795535397) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e53bfae86dfb909e0a2eb179328b61f4ed723639 ---- - src/journal/journald-stream.c | 7 +---- - src/libsystemd/sd-bus/sd-bus.c | 37 +++++--------------------- - src/libsystemd/sd-resolve/sd-resolve.c | 6 +---- - src/shared/varlink.c | 10 ++----- - 4 files changed, 10 insertions(+), 50 deletions(-) - -diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c -index c6720b6b13..ee0fd27f2e 100644 ---- a/src/journal/journald-stream.c -+++ b/src/journal/journald-stream.c -@@ -108,7 +108,6 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { - return NULL; - - if (s->server) { -- - if (s->context) - client_context_release(s->server, s->context); - -@@ -122,11 +121,7 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { - (void) server_start_or_stop_idle_timer(s->server); /* Maybe we are idle now? */ - } - -- if (s->event_source) { -- sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF); -- s->event_source = sd_event_source_unref(s->event_source); -- } -- -+ sd_event_source_disable_unref(s->event_source); - safe_close(s->fd); - free(s->label); - free(s->identifier); -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index a32e2f5e20..79c24fe703 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -62,7 +62,6 @@ - - static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec); - static void bus_detach_io_events(sd_bus *b); --static void bus_detach_inotify_event(sd_bus *b); - - static thread_local sd_bus *default_system_bus = NULL; - static thread_local sd_bus *default_user_bus = NULL; -@@ -139,7 +138,7 @@ void bus_close_io_fds(sd_bus *b) { - void bus_close_inotify_fd(sd_bus *b) { - assert(b); - -- bus_detach_inotify_event(b); -+ b->inotify_event_source = sd_event_source_disable_unref(b->inotify_event_source); - - b->inotify_fd = safe_close(b->inotify_fd); - b->inotify_watches = mfree(b->inotify_watches); -@@ -3738,15 +3737,8 @@ int bus_attach_io_events(sd_bus *bus) { - static void bus_detach_io_events(sd_bus *bus) { - assert(bus); - -- if (bus->input_io_event_source) { -- sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF); -- bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source); -- } -- -- if (bus->output_io_event_source) { -- sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF); -- bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source); -- } -+ bus->input_io_event_source = sd_event_source_disable_unref(bus->input_io_event_source); -+ bus->output_io_event_source = sd_event_source_disable_unref(bus->output_io_event_source); - } - - int bus_attach_inotify_event(sd_bus *bus) { -@@ -3778,15 +3770,6 @@ int bus_attach_inotify_event(sd_bus *bus) { - return 0; - } - --static void bus_detach_inotify_event(sd_bus *bus) { -- assert(bus); -- -- if (bus->inotify_event_source) { -- sd_event_source_set_enabled(bus->inotify_event_source, SD_EVENT_OFF); -- bus->inotify_event_source = sd_event_source_unref(bus->inotify_event_source); -- } --} -- - _public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) { - int r; - -@@ -3851,17 +3834,9 @@ _public_ int sd_bus_detach_event(sd_bus *bus) { - return 0; - - bus_detach_io_events(bus); -- bus_detach_inotify_event(bus); -- -- if (bus->time_event_source) { -- sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF); -- bus->time_event_source = sd_event_source_unref(bus->time_event_source); -- } -- -- if (bus->quit_event_source) { -- sd_event_source_set_enabled(bus->quit_event_source, SD_EVENT_OFF); -- bus->quit_event_source = sd_event_source_unref(bus->quit_event_source); -- } -+ bus->inotify_event_source = sd_event_source_disable_unref(bus->inotify_event_source); -+ bus->time_event_source = sd_event_source_disable_unref(bus->time_event_source); -+ bus->quit_event_source = sd_event_source_disable_unref(bus->quit_event_source); - - bus->event = sd_event_unref(bus->event); - return 1; -diff --git a/src/libsystemd/sd-resolve/sd-resolve.c b/src/libsystemd/sd-resolve/sd-resolve.c -index ee973c0692..073b658d3f 100644 ---- a/src/libsystemd/sd-resolve/sd-resolve.c -+++ b/src/libsystemd/sd-resolve/sd-resolve.c -@@ -1285,11 +1285,7 @@ _public_ int sd_resolve_detach_event(sd_resolve *resolve) { - if (!resolve->event) - return 0; - -- if (resolve->event_source) { -- sd_event_source_set_enabled(resolve->event_source, SD_EVENT_OFF); -- resolve->event_source = sd_event_source_unref(resolve->event_source); -- } -- -+ resolve->event_source = sd_event_source_disable_unref(resolve->event_source); - resolve->event = sd_event_unref(resolve->event); - return 1; - } -diff --git a/src/shared/varlink.c b/src/shared/varlink.c -index a57475b5ba..ec062f3da4 100644 ---- a/src/shared/varlink.c -+++ b/src/shared/varlink.c -@@ -2364,14 +2364,8 @@ int varlink_server_detach_event(VarlinkServer *s) { - - assert_return(s, -EINVAL); - -- LIST_FOREACH(sockets, ss, s->sockets) { -- -- if (!ss->event_source) -- continue; -- -- (void) sd_event_source_set_enabled(ss->event_source, SD_EVENT_OFF); -- ss->event_source = sd_event_source_unref(ss->event_source); -- } -+ LIST_FOREACH(sockets, ss, s->sockets) -+ ss->event_source = sd_event_source_disable_unref(ss->event_source); - - sd_event_unref(s->event); - return 0; --- -2.33.0 - diff --git a/backport-udev-add-usec_add-at-one-more-place.patch b/backport-udev-add-usec_add-at-one-more-place.patch deleted file mode 100644 index 703185609e78c8b92edc40d2530eb207907ef659..0000000000000000000000000000000000000000 --- a/backport-udev-add-usec_add-at-one-more-place.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 92fd70addf25d4f301ba43ca3e6ede96d9564295 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:41:20 +0900 -Subject: [PATCH] udev: add usec_add() at one more place - -Reference:https://github.com/systemd/systemd/commit/92fd70addf25d4f301ba43ca3e6ede96d9564295 -Conflict:NA - ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 279b409..2179825 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -893,7 +893,7 @@ static int event_queue_start(Manager *manager) { - assert_se(sd_event_now(manager->event, CLOCK_MONOTONIC, &usec) >= 0); - /* check for changed config, every 3 seconds at most */ - if (manager->last_usec == 0 || -- usec - manager->last_usec > 3 * USEC_PER_SEC) { -+ usec > usec_add(manager->last_usec, 3 * USEC_PER_SEC)) { - if (udev_rules_check_timestamp(manager->rules) || - udev_builtin_validate()) - manager_reload(manager); --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch b/backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch deleted file mode 100644 index 5013b29ed6cd90ab74b47dd212e4fdff1ba68964..0000000000000000000000000000000000000000 --- a/backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch +++ /dev/null @@ -1,350 +0,0 @@ -From e0d61dac3324abc90f61014a98b1bc5a9a1f60ae Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Jun 2021 19:18:56 +0900 -Subject: [PATCH] udev: also rename struct udev_ctrl -> UdevCtrl - -Reference:https://github.com/systemd/systemd/commit/e0d61dac3324abc90f61014a98b1bc5a9a1f60ae -Conflict:NA - ---- - src/udev/udev-ctrl.c | 52 ++++++++++++++++++------------------ - src/udev/udev-ctrl.h | 54 +++++++++++++++++++------------------- - src/udev/udevadm-control.c | 2 +- - src/udev/udevadm-settle.c | 2 +- - src/udev/udevadm-trigger.c | 2 +- - src/udev/udevd.c | 4 +-- - 6 files changed, 58 insertions(+), 58 deletions(-) - -diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c -index 3d563547190c..00279ba3d87d 100644 ---- a/src/udev/udev-ctrl.c -+++ b/src/udev/udev-ctrl.c -@@ -23,14 +23,14 @@ - /* wire protocol magic must match */ - #define UDEV_CTRL_MAGIC 0xdead1dea - --struct udev_ctrl_msg_wire { -+typedef struct UdevCtrlMessageWire { - char version[16]; - unsigned magic; -- enum udev_ctrl_msg_type type; -- union udev_ctrl_msg_value value; --}; -+ UdevCtrlMessageType type; -+ UdevCtrlMessageValue value; -+} UdevCtrlMessageWire; - --struct udev_ctrl { -+struct UdevCtrl { - unsigned n_ref; - int sock; - int sock_connect; -@@ -47,9 +47,9 @@ struct udev_ctrl { - void *userdata; - }; - --int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd) { -+int udev_ctrl_new_from_fd(UdevCtrl **ret, int fd) { - _cleanup_close_ int sock = -1; -- struct udev_ctrl *uctrl; -+ UdevCtrl *uctrl; - - assert(ret); - -@@ -59,11 +59,11 @@ int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd) { - return log_error_errno(errno, "Failed to create socket: %m"); - } - -- uctrl = new(struct udev_ctrl, 1); -+ uctrl = new(UdevCtrl, 1); - if (!uctrl) - return -ENOMEM; - -- *uctrl = (struct udev_ctrl) { -+ *uctrl = (UdevCtrl) { - .n_ref = 1, - .sock = fd >= 0 ? fd : TAKE_FD(sock), - .sock_connect = -1, -@@ -81,7 +81,7 @@ int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd) { - return 0; - } - --int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl) { -+int udev_ctrl_enable_receiving(UdevCtrl *uctrl) { - int r; - - assert(uctrl); -@@ -107,7 +107,7 @@ int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl) { - return 0; - } - --static void udev_ctrl_disconnect(struct udev_ctrl *uctrl) { -+static void udev_ctrl_disconnect(UdevCtrl *uctrl) { - if (!uctrl) - return; - -@@ -115,7 +115,7 @@ static void udev_ctrl_disconnect(struct udev_ctrl *uctrl) { - uctrl->sock_connect = safe_close(uctrl->sock_connect); - } - --static struct udev_ctrl *udev_ctrl_free(struct udev_ctrl *uctrl) { -+static UdevCtrl *udev_ctrl_free(UdevCtrl *uctrl) { - assert(uctrl); - - udev_ctrl_disconnect(uctrl); -@@ -127,9 +127,9 @@ static struct udev_ctrl *udev_ctrl_free(struct udev_ctrl *uctrl) { - return mfree(uctrl); - } - --DEFINE_TRIVIAL_REF_UNREF_FUNC(struct udev_ctrl, udev_ctrl, udev_ctrl_free); -+DEFINE_TRIVIAL_REF_UNREF_FUNC(UdevCtrl, udev_ctrl, udev_ctrl_free); - --int udev_ctrl_cleanup(struct udev_ctrl *uctrl) { -+int udev_ctrl_cleanup(UdevCtrl *uctrl) { - if (!uctrl) - return 0; - if (uctrl->cleanup_socket) -@@ -137,7 +137,7 @@ int udev_ctrl_cleanup(struct udev_ctrl *uctrl) { - return 0; - } - --int udev_ctrl_attach_event(struct udev_ctrl *uctrl, sd_event *event) { -+int udev_ctrl_attach_event(UdevCtrl *uctrl, sd_event *event) { - int r; - - assert_return(uctrl, -EINVAL); -@@ -154,25 +154,25 @@ int udev_ctrl_attach_event(struct udev_ctrl *uctrl, sd_event *event) { - return 0; - } - --sd_event_source *udev_ctrl_get_event_source(struct udev_ctrl *uctrl) { -+sd_event_source *udev_ctrl_get_event_source(UdevCtrl *uctrl) { - assert(uctrl); - - return uctrl->event_source; - } - --static void udev_ctrl_disconnect_and_listen_again(struct udev_ctrl *uctrl) { -+static void udev_ctrl_disconnect_and_listen_again(UdevCtrl *uctrl) { - udev_ctrl_disconnect(uctrl); - udev_ctrl_unref(uctrl); - (void) sd_event_source_set_enabled(uctrl->event_source, SD_EVENT_ON); - /* We don't return NULL here because uctrl is not freed */ - } - --DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct udev_ctrl*, udev_ctrl_disconnect_and_listen_again, NULL); -+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(UdevCtrl*, udev_ctrl_disconnect_and_listen_again, NULL); - - static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { -- _cleanup_(udev_ctrl_disconnect_and_listen_againp) struct udev_ctrl *uctrl = NULL; -- struct udev_ctrl_msg_wire msg_wire; -- struct iovec iov = IOVEC_MAKE(&msg_wire, sizeof(struct udev_ctrl_msg_wire)); -+ _cleanup_(udev_ctrl_disconnect_and_listen_againp) UdevCtrl *uctrl = NULL; -+ UdevCtrlMessageWire msg_wire; -+ struct iovec iov = IOVEC_MAKE(&msg_wire, sizeof(UdevCtrlMessageWire)); - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control; - struct msghdr smsg = { - .msg_iov = &iov, -@@ -235,7 +235,7 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32 - } - - static int udev_ctrl_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { -- struct udev_ctrl *uctrl = userdata; -+ UdevCtrl *uctrl = userdata; - _cleanup_close_ int sock = -1; - struct ucred ucred; - int r; -@@ -282,7 +282,7 @@ static int udev_ctrl_event_handler(sd_event_source *s, int fd, uint32_t revents, - return 0; - } - --int udev_ctrl_start(struct udev_ctrl *uctrl, udev_ctrl_handler_t callback, void *userdata) { -+int udev_ctrl_start(UdevCtrl *uctrl, udev_ctrl_handler_t callback, void *userdata) { - int r; - - assert(uctrl); -@@ -309,8 +309,8 @@ int udev_ctrl_start(struct udev_ctrl *uctrl, udev_ctrl_handler_t callback, void - return 0; - } - --int udev_ctrl_send(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, int intval, const char *buf) { -- struct udev_ctrl_msg_wire ctrl_msg_wire = { -+int udev_ctrl_send(UdevCtrl *uctrl, UdevCtrlMessageType type, int intval, const char *buf) { -+ UdevCtrlMessageWire ctrl_msg_wire = { - .version = "udev-" STRINGIFY(PROJECT_VERSION), - .magic = UDEV_CTRL_MAGIC, - .type = type, -@@ -339,7 +339,7 @@ int udev_ctrl_send(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, int in - return 0; - } - --int udev_ctrl_wait(struct udev_ctrl *uctrl, usec_t timeout) { -+int udev_ctrl_wait(UdevCtrl *uctrl, usec_t timeout) { - _cleanup_(sd_event_source_unrefp) sd_event_source *source_io = NULL, *source_timeout = NULL; - int r; - -diff --git a/src/udev/udev-ctrl.h b/src/udev/udev-ctrl.h -index 680fbf7bff1d..ca80c2aa4e0d 100644 ---- a/src/udev/udev-ctrl.h -+++ b/src/udev/udev-ctrl.h -@@ -6,9 +6,9 @@ - #include "macro.h" - #include "time-util.h" - --struct udev_ctrl; -+typedef struct UdevCtrl UdevCtrl; - --enum udev_ctrl_msg_type { -+typedef enum UdevCtrlMessageType { - _UDEV_CTRL_END_MESSAGES, - UDEV_CTRL_SET_LOG_LEVEL, - UDEV_CTRL_STOP_EXEC_QUEUE, -@@ -18,62 +18,62 @@ enum udev_ctrl_msg_type { - UDEV_CTRL_SET_CHILDREN_MAX, - UDEV_CTRL_PING, - UDEV_CTRL_EXIT, --}; -+} UdevCtrlMessageType; - --union udev_ctrl_msg_value { -+typedef union UdevCtrlMessageValue { - int intval; - char buf[256]; --}; -+} UdevCtrlMessageValue; - --typedef int (*udev_ctrl_handler_t)(struct udev_ctrl *udev_ctrl, enum udev_ctrl_msg_type type, -- const union udev_ctrl_msg_value *value, void *userdata); -+typedef int (*udev_ctrl_handler_t)(UdevCtrl *udev_ctrl, UdevCtrlMessageType type, -+ const UdevCtrlMessageValue *value, void *userdata); - --int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd); --static inline int udev_ctrl_new(struct udev_ctrl **ret) { -+int udev_ctrl_new_from_fd(UdevCtrl **ret, int fd); -+static inline int udev_ctrl_new(UdevCtrl **ret) { - return udev_ctrl_new_from_fd(ret, -1); - } - --int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl); --struct udev_ctrl *udev_ctrl_ref(struct udev_ctrl *uctrl); --struct udev_ctrl *udev_ctrl_unref(struct udev_ctrl *uctrl); --int udev_ctrl_cleanup(struct udev_ctrl *uctrl); --int udev_ctrl_attach_event(struct udev_ctrl *uctrl, sd_event *event); --int udev_ctrl_start(struct udev_ctrl *uctrl, udev_ctrl_handler_t callback, void *userdata); --sd_event_source *udev_ctrl_get_event_source(struct udev_ctrl *uctrl); -+int udev_ctrl_enable_receiving(UdevCtrl *uctrl); -+UdevCtrl *udev_ctrl_ref(UdevCtrl *uctrl); -+UdevCtrl *udev_ctrl_unref(UdevCtrl *uctrl); -+int udev_ctrl_cleanup(UdevCtrl *uctrl); -+int udev_ctrl_attach_event(UdevCtrl *uctrl, sd_event *event); -+int udev_ctrl_start(UdevCtrl *uctrl, udev_ctrl_handler_t callback, void *userdata); -+sd_event_source *udev_ctrl_get_event_source(UdevCtrl *uctrl); - --int udev_ctrl_wait(struct udev_ctrl *uctrl, usec_t timeout); -+int udev_ctrl_wait(UdevCtrl *uctrl, usec_t timeout); - --int udev_ctrl_send(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, int intval, const char *buf); --static inline int udev_ctrl_send_set_log_level(struct udev_ctrl *uctrl, int priority) { -+int udev_ctrl_send(UdevCtrl *uctrl, UdevCtrlMessageType type, int intval, const char *buf); -+static inline int udev_ctrl_send_set_log_level(UdevCtrl *uctrl, int priority) { - return udev_ctrl_send(uctrl, UDEV_CTRL_SET_LOG_LEVEL, priority, NULL); - } - --static inline int udev_ctrl_send_stop_exec_queue(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_stop_exec_queue(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_STOP_EXEC_QUEUE, 0, NULL); - } - --static inline int udev_ctrl_send_start_exec_queue(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_start_exec_queue(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_START_EXEC_QUEUE, 0, NULL); - } - --static inline int udev_ctrl_send_reload(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_reload(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_RELOAD, 0, NULL); - } - --static inline int udev_ctrl_send_set_env(struct udev_ctrl *uctrl, const char *key) { -+static inline int udev_ctrl_send_set_env(UdevCtrl *uctrl, const char *key) { - return udev_ctrl_send(uctrl, UDEV_CTRL_SET_ENV, 0, key); - } - --static inline int udev_ctrl_send_set_children_max(struct udev_ctrl *uctrl, int count) { -+static inline int udev_ctrl_send_set_children_max(UdevCtrl *uctrl, int count) { - return udev_ctrl_send(uctrl, UDEV_CTRL_SET_CHILDREN_MAX, count, NULL); - } - --static inline int udev_ctrl_send_ping(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_ping(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_PING, 0, NULL); - } - --static inline int udev_ctrl_send_exit(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_exit(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_EXIT, 0, NULL); - } - --DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_ctrl*, udev_ctrl_unref); -+DEFINE_TRIVIAL_CLEANUP_FUNC(UdevCtrl*, udev_ctrl_unref); -diff --git a/src/udev/udevadm-control.c b/src/udev/udevadm-control.c -index 20820dd64723..06c61e5c07c6 100644 ---- a/src/udev/udevadm-control.c -+++ b/src/udev/udevadm-control.c -@@ -48,7 +48,7 @@ static int help(void) { - } - - int control_main(int argc, char *argv[], void *userdata) { -- _cleanup_(udev_ctrl_unrefp) struct udev_ctrl *uctrl = NULL; -+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL; - usec_t timeout = 60 * USEC_PER_SEC; - int c, r; - -diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c -index 84b4f9ca4588..6da9439bd28a 100644 ---- a/src/udev/udevadm-settle.c -+++ b/src/udev/udevadm-settle.c -@@ -176,7 +176,7 @@ int settle_main(int argc, char *argv[], void *userdata) { - - /* guarantee that the udev daemon isn't pre-processing */ - if (getuid() == 0) { -- _cleanup_(udev_ctrl_unrefp) struct udev_ctrl *uctrl = NULL; -+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL; - - if (udev_ctrl_new(&uctrl) >= 0) { - r = udev_ctrl_send_ping(uctrl); -diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c -index 8acf3d9b1189..a24073fb7341 100644 ---- a/src/udev/udevadm-trigger.c -+++ b/src/udev/udevadm-trigger.c -@@ -421,7 +421,7 @@ int trigger_main(int argc, char *argv[], void *userdata) { - } - - if (ping) { -- _cleanup_(udev_ctrl_unrefp) struct udev_ctrl *uctrl = NULL; -+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL; - - r = udev_ctrl_new(&uctrl); - if (r < 0) -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 6baedd2f2e69..a35b095dd141 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -94,7 +94,7 @@ typedef struct Manager { - sd_netlink *rtnl; - - sd_device_monitor *monitor; -- struct udev_ctrl *ctrl; -+ UdevCtrl *ctrl; - int worker_watch[2]; - - /* used by udev-watch */ -@@ -1067,7 +1067,7 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - } - - /* receive the udevd message from userspace */ --static int on_ctrl_msg(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, const union udev_ctrl_msg_value *value, void *userdata) { -+static int on_ctrl_msg(UdevCtrl *uctrl, UdevCtrlMessageType type, const UdevCtrlMessageValue *value, void *userdata) { - Manager *manager = userdata; - int r; - diff --git a/backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch b/backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch deleted file mode 100644 index 9790e2d4b651f82335f4b5feac0bf2e143205657..0000000000000000000000000000000000000000 --- a/backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 82a5de9fd289e1d9b109528bcdddb74534e1a4bf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:56:58 +0900 -Subject: [PATCH] udev: assume block device is not locked when a new event is - queued - -Then, hopefully, previously requeued events are processed earlier. - -Reference:https://github.com/systemd/systemd/commit/82a5de9fd289e1d9b109528bcdddb74534e1a4bf -Conflict:adaption - ---- - src/udev/udevd.c | 40 +++++++++++++++++++++++++++++++++++++++- - 1 file changed, 39 insertions(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index eebb2f8..e0f70cc 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1033,6 +1033,40 @@ static int event_requeue(Event *event) { - return 0; - } - -+static int event_queue_assume_block_device_unlocked(Manager *manager, sd_device *dev) { -+ const char *devname; -+ Event * event; -+ int r; -+ -+ /* When a new event for a block device is queued or we get an inotify event, assume that the -+ * device is not locked anymore. The assumption may not be true, but that should not cause any -+ * issues, as in that case events will be requeued soon. */ -+ -+ r = device_get_block_device(dev, &devname); -+ if (r <= 0) -+ return r; -+ -+ LIST_FOREACH(event, event, manager->events) { -+ const char *event_devname; -+ -+ if (event->state != EVENT_QUEUED) -+ continue; -+ -+ if (event->retry_again_next_usec == 0) -+ continue; -+ -+ if (device_get_block_device(event->dev, &event_devname) <= 0) -+ continue; -+ -+ if (!streq(devname, event_devname)) -+ continue; -+ -+ event->retry_again_next_usec = 0; -+ } -+ -+ return 0; -+} -+ - static int event_queue_insert(Manager *manager, sd_device *dev) { - sd_device_action_t action; - uint64_t seqnum; -@@ -1095,6 +1129,8 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - return 1; - } - -+ (void) event_queue_assume_block_device_unlocked(manager, dev); -+ - /* we have fresh events, try to schedule them */ - event_queue_start(manager); - -@@ -1426,8 +1462,10 @@ static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userda - continue; - - log_device_debug(dev, "Inotify event: %x for %s", e->mask, devnode); -- if (e->mask & IN_CLOSE_WRITE) -+ if (e->mask & IN_CLOSE_WRITE) { -+ (void) event_queue_assume_block_device_unlocked(manager, dev); - (void) synthesize_change(dev); -+ } - - /* Do not handle IN_IGNORED here. It should be handled by worker in 'remove' uevent; - * udev_event_execute_rules() -> event_execute_rules_on_remove() -> udev_watch_end(). */ diff --git a/backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch b/backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch deleted file mode 100644 index ad64bd42bdc38b1f33881abc744686f17287c1e1..0000000000000000000000000000000000000000 --- a/backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2d40f02ee4317233365f53c85234be3af6b000a6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:57:15 +0900 -Subject: [PATCH] udev: assume there is no blocker when failed to check event - dependencies - -Previously, if udevd failed to resolve event dependency, the event is -ignored and libudev listeners did not receive the event. This is -inconsistent with the case when a worker failed to process a event, -in that case, the original uevent sent by the kernel is broadcasted to -listeners. - -Reference:https://github.com/systemd/systemd/commit/2d40f02ee4317233365f53c85234be3af6b000a6 -Conflict:NA - ---- - src/udev/udevd.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index f1f864a4610c..8c690357b8d3 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -951,24 +951,21 @@ static int event_queue_start(Manager *manager) { - - /* do not start event if parent or child event is still running or queued */ - r = event_is_blocked(event); -+ if (r > 0) -+ continue; - if (r < 0) { - sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; - - (void) sd_device_get_action(event->dev, &a); - log_device_warning_errno(event->dev, r, -- "Failed to check event dependency, " -- "skipping event (SEQNUM=%"PRIu64", ACTION=%s)", -+ "Failed to check dependencies for event (SEQNUM=%"PRIu64", ACTION=%s), " -+ "assuming there is no blocking event, ignoring: %m", - event->seqnum, - strna(device_action_to_string(a))); -- -- event_free(event); -- return r; - } -- if (r > 0) -- continue; - - r = event_run(event); -- if (r <= 0) -+ if (r <= 0) /* 0 means there are no idle workers. Let's escape from the loop. */ - return r; - } - - \ No newline at end of file diff --git a/backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch b/backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch deleted file mode 100644 index 387daa88afc166dc3bb0c25302391af13218566e..0000000000000000000000000000000000000000 --- a/backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch +++ /dev/null @@ -1,69 +0,0 @@ -From c6cdd3489f2abfd0a868ad5d8d42b166d7eec33f Mon Sep 17 00:00:00 2001 -From: Peter Hutterer -Date: Wed, 23 Feb 2022 09:12:43 +1000 -Subject: [PATCH] udev-builtin-input_id: don't label absolute mice as pointing - sticks - -The Getac UX10 tablet exposes a "CUST0000:00 0EEF:C002 Mouse" device -with BTN_LEFT/RIGHT and ABS_X/Y on the i2c bus. This causes the builtin -to incorrectly label it as pointing stick (all i2c mice are -tagged as ID_INPUT_POINTING_STICK, see 3d7ac1c655ec4). - -Fix this by adding a separate variable for absolute pointing -devices like the VMmouse USB mouse or this Getac tablet - this way we -skip the pointing stick check. - -See https://gitlab.freedesktop.org/libinput/libinput/-/issues/743 -for recordings. - -(cherry picked from commit 8ac9ec4d5c210825759d515422d3e66c20615fc1) -(cherry picked from commit ea5701eb64ff40f915567ae4088ffb7efc0f4155) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c6cdd3489f2abfd0a868ad5d8d42b166d7eec33f ---- - src/udev/udev-builtin-input_id.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-builtin-input_id.c b/src/udev/udev-builtin-input_id.c -index dda53b6da0..f62dffbc58 100644 ---- a/src/udev/udev-builtin-input_id.c -+++ b/src/udev/udev-builtin-input_id.c -@@ -168,6 +168,7 @@ static bool test_pointers(sd_device *dev, - bool finger_but_no_pen = false; - bool has_mouse_button = false; - bool is_mouse = false; -+ bool is_abs_mouse = false; - bool is_touchpad = false; - bool is_touchscreen = false; - bool is_tablet = false; -@@ -232,7 +233,7 @@ static bool test_pointers(sd_device *dev, - else if (has_mouse_button) - /* This path is taken by VMware's USB mouse, which has - * absolute axes, but no touch/pressure button. */ -- is_mouse = true; -+ is_abs_mouse = true; - else if (has_touch || is_direct) - is_touchscreen = true; - else if (has_joystick_axes_or_buttons) -@@ -264,7 +265,7 @@ static bool test_pointers(sd_device *dev, - - if (is_pointing_stick) - udev_builtin_add_property(dev, test, "ID_INPUT_POINTINGSTICK", "1"); -- if (is_mouse) -+ if (is_mouse || is_abs_mouse) - udev_builtin_add_property(dev, test, "ID_INPUT_MOUSE", "1"); - if (is_touchpad) - udev_builtin_add_property(dev, test, "ID_INPUT_TOUCHPAD", "1"); -@@ -277,7 +278,7 @@ static bool test_pointers(sd_device *dev, - if (is_tablet_pad) - udev_builtin_add_property(dev, test, "ID_INPUT_TABLET_PAD", "1"); - -- return is_tablet || is_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; -+ return is_tablet || is_mouse || is_abs_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; - } - - /* key like devices */ --- -2.33.0 - diff --git a/backport-udev-cdrom_id-check-last-track-info.patch b/backport-udev-cdrom_id-check-last-track-info.patch deleted file mode 100644 index 04ced42291ebe713c260c2bd28fa7061bc8af6a1..0000000000000000000000000000000000000000 --- a/backport-udev-cdrom_id-check-last-track-info.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c3fcff52912b0323e11f535fce151dc758f111e6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 14 Aug 2022 06:00:10 +0900 -Subject: [PATCH] udev/cdrom_id: check last track info - -Fixes off-by-one issue. - -Fixes #24306. - -(cherry picked from commit 628998ecfa0d39b38874e1aecdb28022f80f3269) -(cherry picked from commit c67a388aeffcdc27ff280f01b7939005f7a9c8e9) ---- - src/udev/cdrom_id/cdrom_id.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c -index cdb66bb3b7..964eb6988e 100644 ---- a/src/udev/cdrom_id/cdrom_id.c -+++ b/src/udev/cdrom_id/cdrom_id.c -@@ -704,7 +704,7 @@ static int cd_media_toc(Context *c) { - /* Take care to not iterate beyond the last valid track as specified in - * the TOC, but also avoid going beyond the TOC length, just in case - * the last track number is invalidly large */ -- for (size_t i = 4; i + 8 < len && num_tracks > 0; i += 8, --num_tracks) { -+ for (size_t i = 4; i + 8 <= len && num_tracks > 0; i += 8, --num_tracks) { - bool is_data_track; - uint32_t block; - --- -2.33.0 - diff --git a/backport-udev-certainly-restart-event-for-previously-locked-device.patch b/backport-udev-certainly-restart-event-for-previously-locked-device.patch deleted file mode 100644 index 83682e4a63171c1a5d212cd2647e1be248aa04ee..0000000000000000000000000000000000000000 --- a/backport-udev-certainly-restart-event-for-previously-locked-device.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 4f294ffdf18ab9f187400dbbab593a980e60be89 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 26 Aug 2022 00:16:17 +0900 -Subject: [PATCH] udev: certainly restart event for previously locked device - -If udevd receives a uevent for a locked block device, then the event -is requeued. However, the queued event will be processed only when at -least one sd_event_source is processed. Hence, if udevd has no event -under processing, or receives no new uevent, etc., then the requeued -event will be never processed. - -Follow-up for 400e3d21f8cae53a8ba9f9567f244fbf6f3e076c. - -Fixes #24439. - -Reference:https://github.com/systemd/systemd/commit/4f294ffdf18ab9f187400dbbab593a980e60be89 -Conflict:adaption because previous commits in https://github.com/systemd/systemd/pull/23088 are not introduced - ---- - src/udev/udevd.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index a979d43..b15a9d4 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -129,8 +129,11 @@ typedef struct Event { - sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; -+ -+ /* Used when the device is locked by another program. */ - usec_t retry_again_next_usec; - usec_t retry_again_timeout_usec; -+ sd_event_source *retry_event_source; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -172,6 +175,7 @@ static Event *event_free(Event *event) { - LIST_REMOVE(event, event->manager->events, event); - sd_device_unref(event->dev); - -+ sd_event_source_unref(event->retry_event_source); - sd_event_source_unref(event->timeout_warning_event); - sd_event_source_unref(event->timeout_event); - -@@ -749,6 +753,8 @@ static int event_run(Event *event) { - - log_device_uevent(event->dev, "Device ready for processing"); - -+ (void) event_source_disable(event->retry_event_source); -+ - manager = event->manager; - HASHMAP_FOREACH(worker, manager->workers) { - if (worker->state != WORKER_IDLE) -@@ -995,6 +1001,11 @@ static int event_queue_start(Manager *manager) { - return 0; - } - -+static int on_event_retry(sd_event_source *s, uint64_t usec, void *userdata) { -+ /* This does nothing. The on_post() callback will start the event if there exists an idle worker. */ -+ return 1; -+} -+ - static int event_requeue(Event *event) { - usec_t now_usec; - int r; -@@ -1025,6 +1036,15 @@ static int event_requeue(Event *event) { - if (event->retry_again_timeout_usec == 0) - event->retry_again_timeout_usec = usec_add(now_usec, EVENT_RETRY_TIMEOUT_USEC); - -+ r = event_reset_time_relative(event->manager->event, &event->retry_event_source, -+ CLOCK_MONOTONIC, EVENT_RETRY_INTERVAL_USEC, 0, -+ on_event_retry, NULL, -+ 0, "retry-event", true); -+ if (r < 0) -+ return log_device_warning_errno(event->dev, r, "Failed to reset timer event source for retrying event, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m", -+ event->seqnum, strna(device_action_to_string(event->action))); -+ - if (event->worker && event->worker->event == event) - event->worker->event = NULL; - event->worker = NULL; --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch b/backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch deleted file mode 100644 index 7a122ff4eeed14486b6fbf62745899b003fee6da..0000000000000000000000000000000000000000 --- a/backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 044ac33c35ab1aeb35fc8b84462a9549cbbac294 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 16:57:32 +0900 -Subject: [PATCH] udev: do not try to find blocker again when no blocker found - previously - -Reference:https://github.com/systemd/systemd/commit/044ac33c35ab1aeb35fc8b84462a9549cbbac294 -Conflict:NA - ---- - src/udev/udevd.c | 45 +++++++++++++++++++++++++++++++++++---------- - 1 file changed, 35 insertions(+), 10 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 20bd556..be2c3ee 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -783,6 +783,35 @@ static int event_is_blocked(Event *event) { - - /* lookup event for identical, parent, child device */ - -+ assert(event); -+ assert(event->manager); -+ assert(event->blocker_seqnum <= event->seqnum); -+ -+ if (event->blocker_seqnum == event->seqnum) -+ /* we have checked previously and no blocker found */ -+ return false; -+ -+ LIST_FOREACH(event, loop_event, event->manager->events) { -+ /* we already found a later event, earlier cannot block us, no need to check again */ -+ if (loop_event->seqnum < event->blocker_seqnum) -+ continue; -+ -+ /* event we checked earlier still exists, no need to check again */ -+ if (loop_event->seqnum == event->blocker_seqnum) -+ return true; -+ -+ /* found ourself, no later event can block us */ -+ if (loop_event->seqnum >= event->seqnum) -+ goto no_blocker; -+ -+ /* found event we have not checked */ -+ break; -+ } -+ -+ assert(loop_event); -+ assert(loop_event->seqnum > event->blocker_seqnum && -+ loop_event->seqnum < event->seqnum); -+ - r = sd_device_get_subsystem(event->dev, &subsystem); - if (r < 0) - return r; -@@ -808,21 +837,13 @@ static int event_is_blocked(Event *event) { - return r; - - /* check if queue contains events we depend on */ -- LIST_FOREACH(event, loop_event, event->manager->events) { -+ LIST_FOREACH(event, loop_event, loop_event) { - size_t loop_devpath_len, common; - const char *loop_devpath; - -- /* we already found a later event, earlier cannot block us, no need to check again */ -- if (loop_event->seqnum < event->blocker_seqnum) -- continue; -- -- /* event we checked earlier still exists, no need to check again */ -- if (loop_event->seqnum == event->blocker_seqnum) -- return true; -- - /* found ourself, no later event can block us */ - if (loop_event->seqnum >= event->seqnum) -- return false; -+ goto no_blocker; - - /* check major/minor */ - if (major(devnum) != 0) { -@@ -882,6 +903,10 @@ static int event_is_blocked(Event *event) { - - event->blocker_seqnum = loop_event->seqnum; - return true; -+ -+no_blocker: -+ event->blocker_seqnum = event->seqnum; -+ return false; - } - - static int event_queue_start(Manager *manager) { --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch b/backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch deleted file mode 100644 index b89df06664af0bbdc3371a390fa6dafef3adf57d..0000000000000000000000000000000000000000 --- a/backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 5f4bca9dccdd9e9a888587c6224b08ae5fbe3bdb Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:51:34 +0900 -Subject: [PATCH] udev: do not try to process events if there is no free worker - -Reference:https://github.com/systemd/systemd/commit/5f4bca9dccdd9e9a888587c6224b08ae5fbe3bdb -Conflict:NA - ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 7f41336..e99c2c0 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -927,7 +927,7 @@ static int event_queue_start(Manager *manager) { - continue; - - r = event_run(event); -- if (r < 0) -+ if (r <= 0) - return r; - } - --- -2.33.0 - diff --git a/backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch b/backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch deleted file mode 100644 index 33a4b1bc375cd298ed82a24b580c107ec73c39ee..0000000000000000000000000000000000000000 --- a/backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 214ea3a26e9cc5dda8530a45a71b052e75a250a4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 24 Oct 2021 20:43:34 +0900 -Subject: [PATCH] udev: do not try to rename interface if it is already up - -See dev_change_name() in kernel's net/core/dev.c. - -Fixes #21105. - -(cherry picked from commit 6681eb021a0b56ef0dc849e3b358a515ece16482) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/214ea3a26e9cc5dda8530a45a71b052e75a250a4 ---- - src/udev/udev-event.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index b28089be71..9854270b27 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -828,6 +828,7 @@ int udev_event_spawn(UdevEvent *event, - static int rename_netif(UdevEvent *event) { - sd_device *dev = event->dev; - const char *oldname; -+ unsigned flags; - int ifindex, r; - - if (!event->name) -@@ -855,6 +856,16 @@ static int rename_netif(UdevEvent *event) { - return 0; - } - -+ r = rtnl_get_link_info(&event->rtnl, ifindex, NULL, &flags); -+ if (r < 0) -+ return log_device_warning_errno(dev, r, "Failed to get link flags: %m"); -+ -+ if (FLAGS_SET(flags, IFF_UP)) { -+ log_device_info(dev, "Network interface '%s' is already up, refusing to rename to '%s'.", -+ oldname, event->name); -+ return 0; -+ } -+ - /* Set ID_RENAMING boolean property here, and drop it in the corresponding move uevent later. */ - r = device_add_property(dev, "ID_RENAMING", "1"); - if (r < 0) --- -2.33.0 - diff --git a/backport-udev-drop-unnecessary-calls-of-event_queue_start.patch b/backport-udev-drop-unnecessary-calls-of-event_queue_start.patch deleted file mode 100644 index d9766dbca993fe92c6df10014509d3800d89fa6b..0000000000000000000000000000000000000000 --- a/backport-udev-drop-unnecessary-calls-of-event_queue_start.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 5fab6b7b18d0158c005a5bcf096face23377af72 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 26 Aug 2022 00:34:15 +0900 -Subject: [PATCH] udev: drop unnecessary calls of event_queue_start() - -As the subsequent call of on_post() will call it if necessary. - -This also drop unnecessary call of event_source_disable() for killing -idle workers, as the event source is disabled in event_queue_start(). - -Reference:https://github.com/systemd/systemd/commit/5fab6b7b18d0158c005a5bcf096face23377af72 -Conflict:adaption - ---- - src/udev/udevd.c | 21 --------------------- - 1 file changed, 21 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index b15a9d4..75e2086 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1151,9 +1151,6 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - - (void) event_queue_assume_block_device_unlocked(manager, dev); - -- /* we have fresh events, try to schedule them */ -- event_queue_start(manager); -- - return 1; - } - -@@ -1220,9 +1217,6 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - event_free(worker->event); - } - -- /* we have free workers, try to schedule events */ -- event_queue_start(manager); -- - return 1; - } - -@@ -1456,10 +1450,6 @@ static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userda - - assert(manager); - -- r = event_source_disable(manager->kill_workers_event); -- if (r < 0) -- log_warning_errno(r, "Failed to disable event source for cleaning up idle workers, ignoring: %m"); -- - l = read(fd, &buffer, sizeof(buffer)); - if (l < 0) { - if (IN_SET(errno, EAGAIN, EINTR)) -@@ -1516,7 +1506,6 @@ static int on_sighup(sd_event_source *s, const struct signalfd_siginfo *si, void - - static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { - Manager *manager = userdata; -- int r; - - assert(manager); - -@@ -1565,16 +1554,6 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - worker_free(worker); - } - -- /* we can start new workers, try to schedule events */ -- event_queue_start(manager); -- -- /* Disable unnecessary cleanup event */ -- if (hashmap_isempty(manager->workers)) { -- r = event_source_disable(manager->kill_workers_event); -- if (r < 0) -- log_warning_errno(r, "Failed to disable event source for cleaning up idle workers, ignoring: %m"); -- } -- - return 1; - } - --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch b/backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch deleted file mode 100644 index 3a33f7048f223e8326b199bf19b7d00eb2313ad0..0000000000000000000000000000000000000000 --- a/backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch +++ /dev/null @@ -1,85 +0,0 @@ -From c9473aaa5b69c47edab365b46abee6e9ab5b18dc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 01:13:39 +0900 -Subject: [PATCH] udev: drop unnecessary clone of received sd-device object - -As the sd-device object received through sd-device-monitor is sealed, -so the corresponding udev database or uevent file will not be read. - -Reference:https://github.com/systemd/systemd/commit/c9473aaa5b69c47edab365b46abee6e9ab5b18dc -Conflict:adaption - ---- - src/udev/udevd.c | 21 ++++----------------- - 1 file changed, 4 insertions(+), 17 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 108142e9c619..05397df7a429 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -124,7 +124,6 @@ typedef struct Event { - EventState state; - - sd_device *dev; -- sd_device *dev_kernel; /* clone of originally received device */ - - uint64_t seqnum; - uint64_t blocker_seqnum; -@@ -163,7 +162,6 @@ static Event *event_free(Event *event) { - - LIST_REMOVE(event, event->manager->events, event); - sd_device_unref(event->dev); -- sd_device_unref(event->dev_kernel); - - sd_event_source_unref(event->timeout_warning_event); - sd_event_source_unref(event->timeout_event); -@@ -973,9 +971,8 @@ static int event_queue_start(Manager *manager) { - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { -- _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- Event *event; - uint64_t seqnum; -+ Event *event; - int r; - - assert(manager); -@@ -989,15 +986,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -- /* Save original device to restore the state on failures. */ -- r = device_shallow_clone(dev, &clone); -- if (r < 0) -- return r; -- -- r = device_copy_properties(clone, dev); -- if (r < 0) -- return r; -- - event = new(Event, 1); - if (!event) - return -ENOMEM; -@@ -1005,7 +993,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - *event = (Event) { - .manager = manager, - .dev = sd_device_ref(dev), -- .dev_kernel = TAKE_PTR(clone), - .seqnum = seqnum, - .state = EVENT_QUEUED, - }; -@@ -1440,10 +1427,10 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_tag_index(worker->event->dev, NULL, false); - - if (manager->monitor) { -- /* Forward kernel event unchanged */ -- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); -+ /* Forward kernel event to libudev listeners */ -+ r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev); - if (r < 0) -- log_device_warning_errno(worker->event->dev_kernel, r, -+ log_device_warning_errno(worker->event->dev, r, - "Failed to broadcast failed event to libudev listeners, ignoring: %m"); - } - } - \ No newline at end of file diff --git a/backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch b/backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch deleted file mode 100644 index b8c6fbe3f4d398faf918324ff04eb1e7fb8fef02..0000000000000000000000000000000000000000 --- a/backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 400e3d21f8cae53a8ba9f9567f244fbf6f3e076c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 19 Aug 2022 21:25:03 +0900 -Subject: [PATCH] udev: fix inversed inequality for timeout of retrying event - -Follow-up for 5d354e525a56955ae7f68062e283dda85ab07794. - -Reference:https://github.com/systemd/systemd/commit/400e3d21f8cae53a8ba9f9567f244fbf6f3e076c -Conflict:NA - ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index a6926bbfb71d..01162bc7b601 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -898,7 +898,7 @@ static int event_is_blocked(Event *event) { - if (r < 0) - return r; - -- if (event->retry_again_next_usec <= now_usec) -+ if (event->retry_again_next_usec > now_usec) - return true; - } - diff --git a/backport-udev-fix-potential-memleak.patch b/backport-udev-fix-potential-memleak.patch deleted file mode 100644 index 27c77fd151951b1727ce3627a174561eaeb77d2d..0000000000000000000000000000000000000000 --- a/backport-udev-fix-potential-memleak.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f4a8e2c2115fc901e588a1672f129e7e3371f5d7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 27 Aug 2021 17:27:26 +0900 -Subject: [PATCH] udev: fix potential memleak - -(cherry picked from commit 4154524d47d24bcee3ebfed939912a847ebeb1b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f4a8e2c2115fc901e588a1672f129e7e3371f5d7 ---- - src/udev/udev-builtin-net_id.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c -index 92917852ba..2699a8929f 100644 ---- a/src/udev/udev-builtin-net_id.c -+++ b/src/udev/udev-builtin-net_id.c -@@ -103,7 +103,6 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn - _cleanup_(sd_device_unrefp) sd_device *physfn_pcidev = NULL; - const char *physfn_link_file, *syspath; - _cleanup_free_ char *physfn_pci_syspath = NULL; -- _cleanup_free_ char *virtfn_pci_syspath = NULL; - struct dirent *dent; - _cleanup_closedir_ DIR *dir = NULL; - char suffix[ALTIFNAMSIZ]; -@@ -134,7 +133,7 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn - return -errno; - - FOREACH_DIRENT_ALL(dent, dir, break) { -- _cleanup_free_ char *virtfn_link_file = NULL; -+ _cleanup_free_ char *virtfn_link_file = NULL, *virtfn_pci_syspath = NULL; - - if (!startswith(dent->d_name, "virtfn")) - continue; --- -2.33.0 - diff --git a/backport-udev-introduce-device_broadcast_helper_function.patch b/backport-udev-introduce-device_broadcast_helper_function.patch deleted file mode 100644 index 661dd74736968c1443e388db7eeddeec7a4b1978..0000000000000000000000000000000000000000 --- a/backport-udev-introduce-device_broadcast_helper_function.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c17ab900cbb47f0c136b141bb83557f112501707 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:33:55 +0900 -Subject: [PATCH] udev: introduce device_broadcast() helper function - -Reference:https://github.com/systemd/systemd/commit/c17ab900cbb47f0c136b141bb83557f112501707 -Conflict:NA - ---- - src/udev/udevd.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 05397df7a429..53728c9f7971 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -344,6 +344,21 @@ static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userda - return 1; - } - -+static void device_broadcast(sd_device_monitor *monitor, sd_device *dev) { -+ int r; -+ -+ assert(dev); -+ -+ /* On exit, manager->monitor is already NULL. */ -+ if (!monitor) -+ return; -+ -+ r = device_monitor_send_device(monitor, NULL, dev); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to broadcast event to libudev listeners, ignoring: %m"); -+} -+ - static int worker_send_message(int fd) { - WorkerMessage message = {}; - -@@ -558,9 +573,7 @@ static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device * - log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); - - /* send processed event back to libudev listeners */ -- r = device_monitor_send_device(monitor, NULL, dev); -- if (r < 0) -- log_device_warning_errno(dev, r, "Failed to send device, ignoring: %m"); -+ device_broadcast(monitor, dev); - } - - /* send udevd the result of the event execution */ -@@ -1426,13 +1439,8 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_delete_db(worker->event->dev); - device_tag_index(worker->event->dev, NULL, false); - -- if (manager->monitor) { -- /* Forward kernel event to libudev listeners */ -- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev); -- if (r < 0) -- log_device_warning_errno(worker->event->dev, r, -- "Failed to broadcast failed event to libudev listeners, ignoring: %m"); -- } -+ /* Forward kernel event to libudev listeners */ -+ device_broadcast(manager->monitor, worker->event->dev); - } - - worker_free(worker); - \ No newline at end of file diff --git a/backport-udev-make-event_free-return-NULL.patch b/backport-udev-make-event_free-return-NULL.patch deleted file mode 100644 index 662e6b765077a518c0b57ead8e6f35ba2ddd0d90..0000000000000000000000000000000000000000 --- a/backport-udev-make-event_free-return-NULL.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 5393c52897ff5b57686c867fcab77f9740f4af24 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:21:27 +0900 -Subject: [PATCH] udev: make event_free() return NULL - -Reference:https://github.com/systemd/systemd/commit/5393c52897ff5b57686c867fcab77f9740f4af24.patch -Conflict:NA ---- - src/udev/udevd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 34a5c9d5d8ee..bb7c0eabe420 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -152,9 +152,9 @@ typedef struct Worker { - typedef struct WorkerMessage { - } WorkerMessage; - --static void event_free(Event *event) { -+static Event *event_free(Event *event) { - if (!event) -- return; -+ return NULL; - - assert(event->manager); - -@@ -174,7 +174,7 @@ static void event_free(Event *event) { - if (unlink("/run/udev/queue") < 0 && errno != ENOENT) - log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); - -- free(event); -+ return mfree(event); - } - - static void event_queue_cleanup(Manager *manager, EventState match_state) { diff --git a/backport-udev-make-event_queue_start-return-negative-errno-on-error.patch b/backport-udev-make-event_queue_start-return-negative-errno-on-error.patch deleted file mode 100644 index 73ee2f73eb673d4230ad843b5fe80d55ddfaf0d3..0000000000000000000000000000000000000000 --- a/backport-udev-make-event_queue_start-return-negative-errno-on-error.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 0744e74c526814e28f2fbcea128f40ed36341fcd Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:29:02 +0900 -Subject: [PATCH] udev: make event_queue_start() return negative errno on error - -Reference:https://github.com/systemd/systemd/commit/0744e74c526814e28f2fbcea128f40ed36341fcd -Conflict:NA - ---- - src/udev/udevd.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 1b1b126..279b409 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -879,7 +879,7 @@ set_delaying_seqnum: - return true; - } - --static void event_queue_start(Manager *manager) { -+static int event_queue_start(Manager *manager) { - Event *event; - usec_t usec; - int r; -@@ -888,7 +888,7 @@ static void event_queue_start(Manager *manager) { - - if (LIST_IS_EMPTY(manager->events) || - manager->exit || manager->stop_exec_queue) -- return; -+ return 0; - - assert_se(sd_event_now(manager->event, CLOCK_MONOTONIC, &usec) >= 0); - /* check for changed config, every 3 seconds at most */ -@@ -909,10 +909,8 @@ static void event_queue_start(Manager *manager) { - - if (!manager->rules) { - r = udev_rules_load(&manager->rules, arg_resolve_name_timing); -- if (r < 0) { -- log_warning_errno(r, "Failed to read udev rules: %m"); -- return; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to read udev rules: %m"); - } - - LIST_FOREACH(event, event, manager->events) { -@@ -925,6 +923,8 @@ static void event_queue_start(Manager *manager) { - - event_run(manager, event); - } -+ -+ return 0; - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-move-several-functions.patch b/backport-udev-move-several-functions.patch deleted file mode 100644 index 7d69b04d48e4ea54a76afd32f276e354a3472b03..0000000000000000000000000000000000000000 --- a/backport-udev-move-several-functions.patch +++ /dev/null @@ -1,544 +0,0 @@ -From 419ec631358c8bf7013db01ae42763e6971d8765 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:14:59 +0900 -Subject: [PATCH] udev: move several functions - -No functional chage. - -Reference:https://github.com/systemd/systemd/commit/419ec631358c8bf7013db01ae42763e6971d8765 -Conflict:adaption - ---- - src/udev/udevd.c | 434 +++++++++++++++++++++++------------------------ - 1 file changed, 216 insertions(+), 218 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 9c9487f..018809e 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -134,8 +134,6 @@ typedef struct Event { - LIST_FIELDS(Event, event); - } Event; - --static void event_queue_cleanup(Manager *manager, EventState match_state); -- - typedef enum WorkerState { - WORKER_UNDEF, - WORKER_RUNNING, -@@ -181,6 +179,17 @@ static void event_free(Event *event) { - free(event); - } - -+static void event_queue_cleanup(Manager *manager, EventState match_state) { -+ Event *event, *tmp; -+ -+ LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -+ if (match_state != EVENT_UNDEF && match_state != event->state) -+ continue; -+ -+ event_free(event); -+ } -+} -+ - static Worker *worker_free(Worker *worker) { - if (!worker) - return NULL; -@@ -197,6 +206,48 @@ static Worker *worker_free(Worker *worker) { - DEFINE_TRIVIAL_CLEANUP_FUNC(Worker*, worker_free); - DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(worker_hash_op, void, trivial_hash_func, trivial_compare_func, Worker, worker_free); - -+static void manager_clear_for_worker(Manager *manager) { -+ assert(manager); -+ -+ manager->inotify_event = sd_event_source_unref(manager->inotify_event); -+ manager->kill_workers_event = sd_event_source_unref(manager->kill_workers_event); -+ -+ manager->event = sd_event_unref(manager->event); -+ -+ manager->workers = hashmap_free(manager->workers); -+ event_queue_cleanup(manager, EVENT_UNDEF); -+ -+ manager->monitor = sd_device_monitor_unref(manager->monitor); -+ manager->ctrl = udev_ctrl_unref(manager->ctrl); -+ -+ manager->worker_watch[READ_END] = safe_close(manager->worker_watch[READ_END]); -+} -+ -+static Manager* manager_free(Manager *manager) { -+ if (!manager) -+ return NULL; -+ -+ udev_builtin_exit(); -+ -+ if (manager->pid == getpid_cached()) -+ udev_ctrl_cleanup(manager->ctrl); -+ -+ manager_clear_for_worker(manager); -+ -+ sd_netlink_unref(manager->rtnl); -+ -+ hashmap_free_free_free(manager->properties); -+ udev_rules_free(manager->rules); -+ -+ safe_close(manager->inotify_fd); -+ safe_close_pair(manager->worker_watch); -+ -+ free(manager->cgroup); -+ return mfree(manager); -+} -+ -+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); -+ - static int worker_new(Worker **ret, Manager *manager, sd_device_monitor *worker_monitor, pid_t pid) { - _cleanup_(worker_freep) Worker *worker = NULL; - int r; -@@ -228,97 +279,75 @@ static int worker_new(Worker **ret, Manager *manager, sd_device_monitor *worker_ - return 0; - } - --static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { -- Event *event = userdata; -- -- assert(event); -- assert(event->worker); -- -- kill_and_sigcont(event->worker->pid, arg_timeout_signal); -- event->worker->state = WORKER_KILLED; -- -- log_device_error(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" killed", event->worker->pid, event->seqnum); -- -- return 1; --} -+static void manager_kill_workers(Manager *manager, bool force) { -+ Worker *worker; - --static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) { -- Event *event = userdata; -+ assert(manager); - -- assert(event); -- assert(event->worker); -+ HASHMAP_FOREACH(worker, manager->workers) { -+ if (worker->state == WORKER_KILLED) -+ continue; - -- log_device_warning(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" is taking a long time", event->worker->pid, event->seqnum); -+ if (worker->state == WORKER_RUNNING && !force) { -+ worker->state = WORKER_KILLING; -+ continue; -+ } - -- return 1; -+ worker->state = WORKER_KILLED; -+ (void) kill(worker->pid, SIGTERM); -+ } - } - --static void worker_attach_event(Worker *worker, Event *event) { -- sd_event *e; -- -- assert(worker); -- assert(worker->manager); -- assert(event); -- assert(!event->worker); -- assert(!worker->event); -- -- worker->state = WORKER_RUNNING; -- worker->event = event; -- event->state = EVENT_RUNNING; -- event->worker = worker; -- -- e = worker->manager->event; -+static void manager_exit(Manager *manager) { -+ assert(manager); - -- (void) sd_event_add_time_relative(e, &event->timeout_warning_event, CLOCK_MONOTONIC, -- udev_warn_timeout(arg_event_timeout_usec), USEC_PER_SEC, -- on_event_timeout_warning, event); -+ manager->exit = true; - -- (void) sd_event_add_time_relative(e, &event->timeout_event, CLOCK_MONOTONIC, -- arg_event_timeout_usec, USEC_PER_SEC, -- on_event_timeout, event); --} -+ sd_notify(false, -+ "STOPPING=1\n" -+ "STATUS=Starting shutdown..."); - --static void manager_clear_for_worker(Manager *manager) { -- assert(manager); -+ /* close sources of new events and discard buffered events */ -+ manager->ctrl = udev_ctrl_unref(manager->ctrl); - - manager->inotify_event = sd_event_source_unref(manager->inotify_event); -- manager->kill_workers_event = sd_event_source_unref(manager->kill_workers_event); -- -- manager->event = sd_event_unref(manager->event); -- -- manager->workers = hashmap_free(manager->workers); -- event_queue_cleanup(manager, EVENT_UNDEF); -+ manager->inotify_fd = safe_close(manager->inotify_fd); - - manager->monitor = sd_device_monitor_unref(manager->monitor); -- manager->ctrl = udev_ctrl_unref(manager->ctrl); - -- manager->worker_watch[READ_END] = safe_close(manager->worker_watch[READ_END]); -+ /* discard queued events and kill workers */ -+ event_queue_cleanup(manager, EVENT_QUEUED); -+ manager_kill_workers(manager, true); - } - --static Manager* manager_free(Manager *manager) { -- if (!manager) -- return NULL; -+/* reload requested, HUP signal received, rules changed, builtin changed */ -+static void manager_reload(Manager *manager) { - -- udev_builtin_exit(); -+ assert(manager); - -- if (manager->pid == getpid_cached()) -- udev_ctrl_cleanup(manager->ctrl); -+ sd_notify(false, -+ "RELOADING=1\n" -+ "STATUS=Flushing configuration..."); - -- manager_clear_for_worker(manager); -+ manager_kill_workers(manager, false); -+ manager->rules = udev_rules_free(manager->rules); -+ udev_builtin_exit(); - -- sd_netlink_unref(manager->rtnl); -+ sd_notifyf(false, -+ "READY=1\n" -+ "STATUS=Processing with %u children at max", arg_children_max); -+} - -- hashmap_free_free_free(manager->properties); -- udev_rules_free(manager->rules); -+static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userdata) { -+ Manager *manager = userdata; - -- safe_close(manager->inotify_fd); -- safe_close_pair(manager->worker_watch); -+ assert(manager); - -- free(manager->cgroup); -- return mfree(manager); --} -+ log_debug("Cleanup idle workers"); -+ manager_kill_workers(manager, false); - --DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); -+ return 1; -+} - - static int worker_send_message(int fd) { - WorkerMessage message = {}; -@@ -597,6 +626,56 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device - return 0; - } - -+static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { -+ Event *event = userdata; -+ -+ assert(event); -+ assert(event->worker); -+ -+ kill_and_sigcont(event->worker->pid, arg_timeout_signal); -+ event->worker->state = WORKER_KILLED; -+ -+ log_device_error(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" killed", event->worker->pid, event->seqnum); -+ -+ return 1; -+} -+ -+static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) { -+ Event *event = userdata; -+ -+ assert(event); -+ assert(event->worker); -+ -+ log_device_warning(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" is taking a long time", event->worker->pid, event->seqnum); -+ -+ return 1; -+} -+ -+static void worker_attach_event(Worker *worker, Event *event) { -+ sd_event *e; -+ -+ assert(worker); -+ assert(worker->manager); -+ assert(event); -+ assert(!event->worker); -+ assert(!worker->event); -+ -+ worker->state = WORKER_RUNNING; -+ worker->event = event; -+ event->state = EVENT_RUNNING; -+ event->worker = worker; -+ -+ e = worker->manager->event; -+ -+ (void) sd_event_add_time_relative(e, &event->timeout_warning_event, CLOCK_MONOTONIC, -+ udev_warn_timeout(arg_event_timeout_usec), USEC_PER_SEC, -+ on_event_timeout_warning, event); -+ -+ (void) sd_event_add_time_relative(e, &event->timeout_event, CLOCK_MONOTONIC, -+ arg_event_timeout_usec, USEC_PER_SEC, -+ on_event_timeout, event); -+} -+ - static int worker_spawn(Manager *manager, Event *event) { - _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *worker_monitor = NULL; - Worker *worker; -@@ -689,76 +768,6 @@ static void event_run(Manager *manager, Event *event) { - worker_spawn(manager, event); - } - --static int event_queue_insert(Manager *manager, sd_device *dev) { -- _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- Event *event; -- uint64_t seqnum; -- int r; -- -- assert(manager); -- assert(dev); -- -- /* only one process can add events to the queue */ -- assert(manager->pid == getpid_cached()); -- -- /* We only accepts devices received by device monitor. */ -- r = sd_device_get_seqnum(dev, &seqnum); -- if (r < 0) -- return r; -- -- /* Save original device to restore the state on failures. */ -- r = device_shallow_clone(dev, &clone); -- if (r < 0) -- return r; -- -- r = device_copy_properties(clone, dev); -- if (r < 0) -- return r; -- -- event = new(Event, 1); -- if (!event) -- return -ENOMEM; -- -- *event = (Event) { -- .manager = manager, -- .dev = sd_device_ref(dev), -- .dev_kernel = TAKE_PTR(clone), -- .seqnum = seqnum, -- .state = EVENT_QUEUED, -- }; -- -- if (LIST_IS_EMPTY(manager->events)) { -- r = touch("/run/udev/queue"); -- if (r < 0) -- log_warning_errno(r, "Failed to touch /run/udev/queue: %m"); -- } -- -- LIST_APPEND(event, manager->events, event); -- -- log_device_uevent(dev, "Device is queued"); -- -- return 0; --} -- --static void manager_kill_workers(Manager *manager, bool force) { -- Worker *worker; -- -- assert(manager); -- -- HASHMAP_FOREACH(worker, manager->workers) { -- if (worker->state == WORKER_KILLED) -- continue; -- -- if (worker->state == WORKER_RUNNING && !force) { -- worker->state = WORKER_KILLING; -- continue; -- } -- -- worker->state = WORKER_KILLED; -- (void) kill(worker->pid, SIGTERM); -- } --} -- - /* lookup event for identical, parent, child device */ - static int is_device_busy(Manager *manager, Event *event) { - const char *subsystem, *devpath, *devpath_old = NULL; -@@ -870,57 +879,6 @@ set_delaying_seqnum: - return true; - } - --static void manager_exit(Manager *manager) { -- assert(manager); -- -- manager->exit = true; -- -- sd_notify(false, -- "STOPPING=1\n" -- "STATUS=Starting shutdown..."); -- -- /* close sources of new events and discard buffered events */ -- manager->ctrl = udev_ctrl_unref(manager->ctrl); -- -- manager->inotify_event = sd_event_source_unref(manager->inotify_event); -- manager->inotify_fd = safe_close(manager->inotify_fd); -- -- manager->monitor = sd_device_monitor_unref(manager->monitor); -- -- /* discard queued events and kill workers */ -- event_queue_cleanup(manager, EVENT_QUEUED); -- manager_kill_workers(manager, true); --} -- --/* reload requested, HUP signal received, rules changed, builtin changed */ --static void manager_reload(Manager *manager) { -- -- assert(manager); -- -- sd_notify(false, -- "RELOADING=1\n" -- "STATUS=Flushing configuration..."); -- -- manager_kill_workers(manager, false); -- manager->rules = udev_rules_free(manager->rules); -- udev_builtin_exit(); -- -- sd_notifyf(false, -- "READY=1\n" -- "STATUS=Processing with %u children at max", arg_children_max); --} -- --static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userdata) { -- Manager *manager = userdata; -- -- assert(manager); -- -- log_debug("Cleanup idle workers"); -- manager_kill_workers(manager, false); -- -- return 1; --} -- - static void event_queue_start(Manager *manager) { - Event *event; - usec_t usec; -@@ -969,15 +927,77 @@ static void event_queue_start(Manager *manager) { - } - } - --static void event_queue_cleanup(Manager *manager, EventState match_state) { -- Event *event, *tmp; -+static int event_queue_insert(Manager *manager, sd_device *dev) { -+ _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -+ Event *event; -+ uint64_t seqnum; -+ int r; - -- LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -- if (match_state != EVENT_UNDEF && match_state != event->state) -- continue; -+ assert(manager); -+ assert(dev); - -- event_free(event); -+ /* only one process can add events to the queue */ -+ assert(manager->pid == getpid_cached()); -+ -+ /* We only accepts devices received by device monitor. */ -+ r = sd_device_get_seqnum(dev, &seqnum); -+ if (r < 0) -+ return r; -+ -+ /* Save original device to restore the state on failures. */ -+ r = device_shallow_clone(dev, &clone); -+ if (r < 0) -+ return r; -+ -+ r = device_copy_properties(clone, dev); -+ if (r < 0) -+ return r; -+ -+ event = new(Event, 1); -+ if (!event) -+ return -ENOMEM; -+ -+ *event = (Event) { -+ .manager = manager, -+ .dev = sd_device_ref(dev), -+ .dev_kernel = TAKE_PTR(clone), -+ .seqnum = seqnum, -+ .state = EVENT_QUEUED, -+ }; -+ -+ if (LIST_IS_EMPTY(manager->events)) { -+ r = touch("/run/udev/queue"); -+ if (r < 0) -+ log_warning_errno(r, "Failed to touch /run/udev/queue: %m"); -+ } -+ -+ LIST_APPEND(event, manager->events, event); -+ -+ log_device_uevent(dev, "Device is queued"); -+ -+ return 0; -+} -+ -+static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) { -+ Manager *manager = userdata; -+ int r; -+ -+ assert(manager); -+ -+ DEVICE_TRACE_POINT(kernel_uevent_received, dev); -+ -+ device_ensure_usec_initialized(dev, NULL); -+ -+ r = event_queue_insert(manager, dev); -+ if (r < 0) { -+ log_device_error_errno(dev, r, "Failed to insert device into event queue: %m"); -+ return 1; - } -+ -+ /* we have fresh events, try to schedule them */ -+ event_queue_start(manager); -+ -+ return 1; - } - - static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdata) { -@@ -1047,28 +1067,6 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - return 1; - } - --static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) { -- Manager *manager = userdata; -- int r; -- -- assert(manager); -- -- DEVICE_TRACE_POINT(kernel_uevent_received, dev); -- -- device_ensure_usec_initialized(dev, NULL); -- -- r = event_queue_insert(manager, dev); -- if (r < 0) { -- log_device_error_errno(dev, r, "Failed to insert device into event queue: %m"); -- return 1; -- } -- -- /* we have fresh events, try to schedule them */ -- event_queue_start(manager); -- -- return 1; --} -- - /* receive the udevd message from userspace */ - static int on_ctrl_msg(UdevCtrl *uctrl, UdevCtrlMessageType type, const UdevCtrlMessageValue *value, void *userdata) { - Manager *manager = userdata; --- -2.33.0 diff --git a/backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch b/backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch deleted file mode 100644 index e4d4930d13a1b8c336c3afd175b9a5c72d41954f..0000000000000000000000000000000000000000 --- a/backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch +++ /dev/null @@ -1,64 +0,0 @@ -From fca1dafcc29f123aadfd8a2bc5ebfc2468284a6a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:34:48 +0900 -Subject: [PATCH] udev-node: add random delay on conflict in updating device - node symlink - -To make multiple workers not update the same device node symlink -simultaneously. - -(cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/fca1dafcc29f123aadfd8a2bc5ebfc2468284a6a ---- - src/udev/udev-node.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 2e7df899e4..d8edf39aec 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -20,12 +20,14 @@ - #include "mkdir.h" - #include "parse-util.h" - #include "path-util.h" -+#include "random-util.h" - #include "selinux-util.h" - #include "smack-util.h" - #include "stat-util.h" - #include "stdio-util.h" - #include "string-util.h" - #include "strxcpyx.h" -+#include "time-util.h" - #include "udev-node.h" - #include "user-util.h" - -@@ -33,6 +35,8 @@ - #define LINK_UPDATE_MAX_RETRIES 128 - #define CREATE_STACK_LINK_MAX_RETRIES 128 - #define UPDATE_TIMESTAMP_MAX_RETRIES 128 -+#define MAX_RANDOM_DELAY (250 * USEC_PER_MSEC) -+#define MIN_RANDOM_DELAY ( 50 * USEC_PER_MSEC) - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -447,6 +451,15 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -+ if (i > 0) { -+ char buf[FORMAT_TIMESPAN_MAX]; -+ usec_t delay = MIN_RANDOM_DELAY + random_u64_range(MAX_RANDOM_DELAY - MIN_RANDOM_DELAY); -+ -+ log_device_debug(dev, "Directory %s was updated, retrying to update devlink %s after %s.", -+ dirname, slink, format_timespan(buf, sizeof(buf), delay, USEC_PER_MSEC)); -+ (void) usleep(delay); -+ } -+ - if (stat(dirname, &st1) < 0 && errno != ENOENT) - return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); - --- -2.33.0 - diff --git a/backport-udev-node-always-atomically-create-symlink-to-device.patch b/backport-udev-node-always-atomically-create-symlink-to-device.patch deleted file mode 100644 index 6121dfc42b52f3f56a37585eb252e6221c13092e..0000000000000000000000000000000000000000 --- a/backport-udev-node-always-atomically-create-symlink-to-device.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 0116618b67980eeb8d82d09050087ed245630efe Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 02:20:33 +0900 -Subject: [PATCH] udev-node: always atomically create symlink to device node - -By the previous commit, it is not necessary to distinguish if the devlink -already exists. Also, I cannot find any significant advantages of the -previous complecated logic, that is, first try to create directly, and then -fallback to atomically creation. Moreover, such logic increases the chance -of conflicts between multiple udev workers. - -This makes devlinks always created atomically. Hopefully, this reduces the -conflicts between the workers. - -(cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/0116618b67980eeb8d82d09050087ed245630efe ---- - src/udev/udev-node.c | 42 +++++++++--------------------------------- - 1 file changed, 9 insertions(+), 33 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 1a34ea8128..46c04fe00b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -71,6 +71,13 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - assert(node); - assert(slink); - -+ if (lstat(slink, &stats) >= 0) { -+ if (!S_ISLNK(stats.st_mode)) -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -+ "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); -+ } else if (errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); -+ - r = path_extract_directory(slink, &slink_dirname); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get parent directory of '%s': %m", slink); -@@ -80,41 +87,11 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get relative path from '%s' to '%s': %m", slink, node); - -- if (lstat(slink, &stats) >= 0) { -- _cleanup_free_ char *buf = NULL; -- -- if (!S_ISLNK(stats.st_mode)) -- return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -- "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); -- -- if (readlink_malloc(slink, &buf) >= 0 && -- path_equal(target, buf)) { -- /* preserve link with correct target, do not replace node of other device */ -- log_device_debug(dev, "Preserve already existing symlink '%s' to '%s'", slink, target); -- -- (void) label_fix(slink, LABEL_IGNORE_ENOENT); -- (void) utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW); -- -- return 0; -- } -- } else if (errno == ENOENT) { -- log_device_debug(dev, "Creating symlink '%s' to '%s'", slink, target); -- -- r = create_symlink(target, slink); -- if (r >= 0) -- return 0; -- -- log_device_debug_errno(dev, r, "Failed to create symlink '%s' to '%s', trying to replace '%s': %m", slink, target, slink); -- } else -- return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); -- -- log_device_debug(dev, "Atomically replace '%s'", slink); -- - r = device_get_device_id(dev, &id); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -- slink_tmp = strjoina(slink, ".tmp-", id); - -+ slink_tmp = strjoina(slink, ".tmp-", id); - (void) unlink(slink_tmp); - - r = create_symlink(target, slink_tmp); -@@ -127,8 +104,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - return r; - } - -- /* Tell caller that we replaced already existing symlink. */ -- return 1; -+ return 0; - } - - static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) { --- -2.33.0 - diff --git a/backport-udev-node-always-update-timestamp-of-stack-directory.patch b/backport-udev-node-always-update-timestamp-of-stack-directory.patch deleted file mode 100644 index 9fc0e72f6af8ea5b656b354a226c00dc8e97ac1a..0000000000000000000000000000000000000000 --- a/backport-udev-node-always-update-timestamp-of-stack-directory.patch +++ /dev/null @@ -1,150 +0,0 @@ -From bd4714982537b5fc08b82ccd5f20522231dd5bee Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 12:57:40 +0900 -Subject: [PATCH] udev-node: always update timestamp of stack directory - -Please see the comments in the code. - -(cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/bd4714982537b5fc08b82ccd5f20522231dd5bee ---- - src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 87 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 5d6aae0bd4..0de848da19 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -32,6 +32,7 @@ - #define CREATE_LINK_MAX_RETRIES 128 - #define LINK_UPDATE_MAX_RETRIES 128 - #define CREATE_STACK_LINK_MAX_RETRIES 128 -+#define UPDATE_TIMESTAMP_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -285,9 +286,60 @@ toolong: - return size - 1; - } - -+static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) { -+ assert(path); -+ assert(prev); -+ -+ /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may -+ * not be changed. Why? Let's consider the following situation. For simplicity, let's assume -+ * there exist three udev workers (A, B, and C) and all of them calls link_update() for the -+ * same devlink simultaneously. -+ * -+ * 1. B creates/removes a symlink in the stack directory. -+ * 2. A calls the first stat() in the loop of link_update(). -+ * 3. A calls link_find_prioritized(). -+ * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -+ * 5. B and C finish link_update(). -+ * 6. A creates/removes devlink according to the outdated result in the step 3. -+ * 7. A calls the second stat() in the loop of link_update(). -+ * -+ * If these 7 steps are processed in this order within a short time period that kernel's timer -+ * does not increase, then even if the contents in the stack directory is changed, the results -+ * of two stat() called by A shows the same timestamp, and A cannot detect the change. -+ * -+ * By calling this function after creating/removing symlinks in the stack directory, the -+ * timestamp of the stack directory is always increased at least in the above step 5, so A can -+ * detect the update. */ -+ -+ if ((prev->st_mode & S_IFMT) == 0) -+ return 0; /* Does not exist, or previous stat() failed. */ -+ -+ for (unsigned i = 0; i < UPDATE_TIMESTAMP_MAX_RETRIES; i++) { -+ struct stat st; -+ -+ if (stat(path, &st) < 0) -+ return -errno; -+ -+ if (!stat_inode_unmodified(prev, &st)) -+ return 0; -+ -+ log_device_debug(dev, -+ "%s is modified, but its timestamp is not changed, " -+ "updating timestamp after 10ms.", -+ path); -+ -+ (void) usleep(10 * USEC_PER_MSEC); -+ if (utimensat(AT_FDCWD, path, NULL, 0) < 0) -+ return -errno; -+ } -+ -+ return -ELOOP; -+} -+ - static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { - _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; - const char *devname, *id; -+ struct stat st = {}; - int priority, r; - - assert(dev); -@@ -302,10 +354,31 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - return log_oom_debug(); - - if (!add) { -- if (unlink(filename) < 0 && errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ bool unlink_failed = false; -+ -+ if (stat(dirname, &st) < 0) { -+ if (errno == ENOENT) -+ return 0; /* The stack directory is already removed. That's OK. */ -+ log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); -+ } -+ -+ if (unlink(filename) < 0) { -+ unlink_failed = true; -+ if (errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ } -+ -+ if (rmdir(dirname) >= 0 || errno == ENOENT) -+ return 0; -+ -+ if (unlink_failed) -+ return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ -+ -+ /* The symlink was removed. Check if the timestamp of directory is changed. */ -+ r = update_timestamp(dev, dirname, &st); -+ if (r < 0 && r != -ENOENT) -+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); - -- (void) rmdir(dirname); - return 0; - } - -@@ -335,12 +408,23 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); - -+ if (stat(dirname, &st) < 0) { -+ if (errno == ENOENT) -+ continue; -+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -+ } -+ - if (symlink(data, filename) < 0) { - if (errno == ENOENT) - continue; - return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); - } - -+ /* The symlink was created. Check if the timestamp of directory is changed. */ -+ r = update_timestamp(dev, dirname, &st); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); -+ - return 0; - } - --- -2.33.0 - diff --git a/backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch b/backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch deleted file mode 100644 index 26a4cb07e1612d7664b727e4883d8eaa4359c7a0..0000000000000000000000000000000000000000 --- a/backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch +++ /dev/null @@ -1,38 +0,0 @@ -From c9fce59c8f0c471a7a474c6a20cdc340fc53a48d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 2 Sep 2021 06:58:59 +0900 -Subject: [PATCH] udev-node: assume no new claim to a symlink if - /run/udev/links is not updated - -During creating a symlink to a device node, if another device node which -requests the same symlink is added/removed, `stat_inode_unmodified()` -should always detects that. We do not need to continue the loop -unconditionally. - -(cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/c9fce59c8f0c471a7a474c6a20cdc340fc53a48d ---- - src/udev/udev-node.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 0de848da19..1a34ea8128 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -491,11 +491,6 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - r = node_symlink(dev, target, slink); - if (r < 0) - return r; -- if (r == 1) -- /* We have replaced already existing symlink, possibly there is some other device trying -- * to claim the same symlink. Let's do one more iteration to give us a chance to fix -- * the error if other device actually claims the symlink with higher priority. */ -- continue; - - /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ - if ((st1.st_mode & S_IFMT) != 0) { --- -2.33.0 - diff --git a/backport-udev-node-check-stack-directory-change-even-if-devli.patch b/backport-udev-node-check-stack-directory-change-even-if-devli.patch deleted file mode 100644 index 270df9a9c06934e922e6fa3018011830162266a1..0000000000000000000000000000000000000000 --- a/backport-udev-node-check-stack-directory-change-even-if-devli.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 982d13d4cfd1513bdbd74ceb8b256bad5cf679d5 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:44:26 +0900 -Subject: [PATCH] udev-node: check stack directory change even if devlink is - removed - -Otherwise, when multiple device additions and removals occur -simultaneously, symlink to unexisting devnode may be created. - -Hopefully fixes #19946. - -(cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/982d13d4cfd1513bdbd74ceb8b256bad5cf679d5 ---- - src/udev/udev-node.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 46c04fe00b..28e6e8df94 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -468,15 +468,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - if (r < 0) - return r; - -- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ -- if ((st1.st_mode & S_IFMT) != 0) { -- r = stat(dirname, &st2); -- if (r < 0 && errno != ENOENT) -- return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -- -- if (stat_inode_unmodified(&st1, &st2)) -- break; -- } -+ if (stat(dirname, &st2) < 0 && errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -+ -+ if (((st1.st_mode & S_IFMT) == 0 && (st2.st_mode & S_IFMT) == 0) || -+ stat_inode_unmodified(&st1, &st2)) -+ return 0; - } - - return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; --- -2.33.0 - diff --git a/backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch b/backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch deleted file mode 100644 index b5a2475f51aae6e740c4a691a32ec49b1ba4fe9f..0000000000000000000000000000000000000000 --- a/backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4a0c4d21ca03ffb37da3b5203988156644e13c5e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Sep 2021 16:14:27 +0900 -Subject: [PATCH] udev-node: do not ignore unexpected errors on removing - symlink in stack directory - -Only acceptable error here is -ENOENT. - -(cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/4a0c4d21ca03ffb37da3b5203988156644e13c5e ---- - src/udev/udev-node.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 4e4a45bbe9..d9309efa25 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -334,25 +334,30 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - return log_oom_debug(); - - if (!add) { -- bool unlink_failed = false; -+ int unlink_error = 0, stat_error = 0; - - if (stat(dirname, &st) < 0) { - if (errno == ENOENT) - return 0; /* The stack directory is already removed. That's OK. */ -- log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); -+ stat_error = -errno; - } - -- if (unlink(filename) < 0) { -- unlink_failed = true; -- if (errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -- } -+ if (unlink(filename) < 0) -+ unlink_error = -errno; - - if (rmdir(dirname) >= 0 || errno == ENOENT) - return 0; - -- if (unlink_failed) -- return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ -+ if (unlink_error < 0) { -+ if (unlink_error == -ENOENT) -+ return 0; -+ -+ /* If we failed to remove the symlink, then there is almost nothing we can do. */ -+ return log_device_debug_errno(dev, unlink_error, "Failed to remove %s: %m", filename); -+ } -+ -+ if (stat_error < 0) -+ return log_device_debug_errno(dev, stat_error, "Failed to stat %s: %m", dirname); - - /* The symlink was removed. Check if the timestamp of directory is changed. */ - r = update_timestamp(dev, dirname, &st); --- -2.33.0 - diff --git a/backport-udev-node-drop-redundant-trial-of-devlink-creation.patch b/backport-udev-node-drop-redundant-trial-of-devlink-creation.patch deleted file mode 100644 index ea31b432b11205fad011b012a0502e9862f5961f..0000000000000000000000000000000000000000 --- a/backport-udev-node-drop-redundant-trial-of-devlink-creation.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1df2313e201c39907653a99335b7d21db092fcbc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:29:42 +0900 -Subject: [PATCH] udev-node: drop redundant trial of devlink creation - -Previously, the devlink was created based on the priority saved in udev -database. So, we needed to reevaluate devlinks after database is saved. - -But now the priority is stored in the symlink under /run/udev/links, and -the loop of devlink creation is controlled with the timestamp of the -directory. So, the double evaluation is not necessary anymore. - -(cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/1df2313e201c39907653a99335b7d21db092fcbc ---- - src/udev/udev-event.c | 5 +---- - src/udev/udev-node.c | 12 ++++-------- - 2 files changed, 5 insertions(+), 12 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 8320e96fe2..56fe0a43a7 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -1071,10 +1071,7 @@ int udev_event_execute_rules( - - device_set_is_initialized(dev); - -- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database, -- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure -- * symlinks point to devices that claim them with the highest priority. */ -- return update_devnode(event); -+ return 0; - } - - void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec, int timeout_signal) { -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index d8edf39aec..52816c72fd 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -416,7 +416,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *slink = NULL, *dirname = NULL; - const char *slink_name; - char name_enc[NAME_MAX+1]; -- int i, r, retries; -+ int r; - - assert(dev); - assert(slink_in); -@@ -443,11 +443,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - if (r < 0) - return r; - -- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink -- * will be fixed in the second invocation. */ -- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1; -- -- for (i = 0; i < retries; i++) { -+ for (unsigned i = 0; i < LINK_UPDATE_MAX_RETRIES; i++) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -@@ -473,7 +469,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - log_device_debug_errno(dev, errno, "Failed to remove '%s', ignoring: %m", slink); - - (void) rmdir_parents(slink, "/dev"); -- break; -+ return 0; - } - - r = node_symlink(dev, target, slink); -@@ -488,7 +484,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return 0; - } - -- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; -+ return -ELOOP; - } - - static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { --- -2.33.0 - diff --git a/backport-udev-node-save-information-about-device-node-and-pri.patch b/backport-udev-node-save-information-about-device-node-and-pri.patch deleted file mode 100644 index bd74ab8b1f8038cdd5010376386f58d50304b30d..0000000000000000000000000000000000000000 --- a/backport-udev-node-save-information-about-device-node-and-pri.patch +++ /dev/null @@ -1,254 +0,0 @@ -From 56c7e4c0873feba9809d4638d64132a61b43f995 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:16:21 +0900 -Subject: [PATCH] udev-node: save information about device node and priority in - symlink - -Previously, we only store device IDs in /run/udev/links, and when -creating/removing device node symlink, we create sd_device object -corresponds to the IDs and read device node and priority from the -object. That requires parsing uevent and udev database files. - -This makes link_find_prioritized() get the most prioritzed device node -without parsing the files. - -(cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/56c7e4c0873feba9809d4638d64132a61b43f995 ---- - src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++------------- - 1 file changed, 121 insertions(+), 51 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 4496a2bd9b..5d6aae0bd4 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -18,6 +18,7 @@ - #include "fs-util.h" - #include "hexdecoct.h" - #include "mkdir.h" -+#include "parse-util.h" - #include "path-util.h" - #include "selinux-util.h" - #include "smack-util.h" -@@ -28,9 +29,9 @@ - #include "udev-node.h" - #include "user-util.h" - --#define CREATE_LINK_MAX_RETRIES 128 --#define LINK_UPDATE_MAX_RETRIES 128 --#define TOUCH_FILE_MAX_RETRIES 128 -+#define CREATE_LINK_MAX_RETRIES 128 -+#define LINK_UPDATE_MAX_RETRIES 128 -+#define CREATE_STACK_LINK_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -175,39 +176,67 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, - return r; - - FOREACH_DIRENT_ALL(dent, dir, break) { -- _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL; -- const char *devnode; -- int db_prio = 0; -+ _cleanup_free_ char *path = NULL, *buf = NULL; -+ int tmp_prio; - -- if (dent->d_name[0] == '\0') -- break; - if (dent->d_name[0] == '.') - continue; - -- log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir); -- -- /* did we find ourself? */ -+ /* skip ourself */ - if (streq(dent->d_name, id)) - continue; - -- if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0) -- continue; -+ path = path_join(stackdir, dent->d_name); -+ if (!path) -+ return -ENOMEM; - -- if (sd_device_get_devname(dev_db, &devnode) < 0) -- continue; -+ if (readlink_malloc(path, &buf) >= 0) { -+ char *devnode; - -- if (device_get_devlink_priority(dev_db, &db_prio) < 0) -- continue; -+ /* New format. The devnode and priority can be obtained from symlink. */ - -- if (target && db_prio <= priority) -- continue; -+ devnode = strchr(buf, ':'); -+ if (!devnode || devnode == buf) -+ continue; - -- log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir); -+ *(devnode++) = '\0'; -+ if (!path_startswith(devnode, "/dev")) -+ continue; - -- r = free_and_strdup(&target, devnode); -- if (r < 0) -- return r; -- priority = db_prio; -+ if (safe_atoi(buf, &tmp_prio) < 0) -+ continue; -+ -+ if (target && tmp_prio <= priority) -+ continue; -+ -+ r = free_and_strdup(&target, devnode); -+ if (r < 0) -+ return r; -+ } else { -+ _cleanup_(sd_device_unrefp) sd_device *tmp_dev = NULL; -+ const char *devnode; -+ -+ /* Old format. The devnode and priority must be obtained from uevent and -+ * udev database files. */ -+ -+ if (sd_device_new_from_device_id(&tmp_dev, dent->d_name) < 0) -+ continue; -+ -+ if (device_get_devlink_priority(tmp_dev, &tmp_prio) < 0) -+ continue; -+ -+ if (target && tmp_prio <= priority) -+ continue; -+ -+ if (sd_device_get_devname(tmp_dev, &devnode) < 0) -+ continue; -+ -+ r = free_and_strdup(&target, devnode); -+ if (r < 0) -+ return r; -+ } -+ -+ priority = tmp_prio; - } - - *ret = TAKE_PTR(target); -@@ -256,10 +285,72 @@ toolong: - return size - 1; - } - -+static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { -+ _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; -+ const char *devname, *id; -+ int priority, r; -+ -+ assert(dev); -+ assert(dirname); -+ -+ r = device_get_device_id(dev, &id); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -+ -+ filename = path_join(dirname, id); -+ if (!filename) -+ return log_oom_debug(); -+ -+ if (!add) { -+ if (unlink(filename) < 0 && errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ -+ (void) rmdir(dirname); -+ return 0; -+ } -+ -+ r = sd_device_get_devname(dev, &devname); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device node: %m"); -+ -+ r = device_get_devlink_priority(dev, &priority); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get priority of device node symlink: %m"); -+ -+ if (asprintf(&data, "%i:%s", priority, devname) < 0) -+ return log_oom_debug(); -+ -+ if (readlink_malloc(filename, &buf) >= 0 && streq(buf, data)) -+ return 0; -+ -+ if (unlink(filename) < 0 && errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ -+ for (unsigned j = 0; j < CREATE_STACK_LINK_MAX_RETRIES; j++) { -+ /* This may fail with -ENOENT when the parent directory is removed during -+ * creating the file by another udevd worker. */ -+ r = mkdir_p(dirname, 0755); -+ if (r == -ENOENT) -+ continue; -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); -+ -+ if (symlink(data, filename) < 0) { -+ if (errno == ENOENT) -+ continue; -+ return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); -+ } -+ -+ return 0; -+ } -+ -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ELOOP), "Failed to create symbolic link %s: %m", filename); -+} -+ - /* manage "stack of names" with possibly specified device priorities */ - static int link_update(sd_device *dev, const char *slink_in, bool add) { -- _cleanup_free_ char *slink = NULL, *filename = NULL, *dirname = NULL; -- const char *slink_name, *id; -+ _cleanup_free_ char *slink = NULL, *dirname = NULL; -+ const char *slink_name; - char name_enc[NAME_MAX+1]; - int i, r, retries; - -@@ -279,35 +370,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), - "Invalid symbolic link of device node: %s", slink); - -- r = device_get_device_id(dev, &id); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -- - (void) udev_node_escape_path(slink_name, name_enc, sizeof(name_enc)); -- dirname = path_join("/run/udev/links/", name_enc); -+ dirname = path_join("/run/udev/links", name_enc); - if (!dirname) - return log_oom_debug(); - -- filename = path_join(dirname, id); -- if (!filename) -- return log_oom_debug(); -- -- if (!add) { -- if (unlink(filename) < 0 && errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -- -- (void) rmdir(dirname); -- } else { -- for (unsigned j = 0; j < TOUCH_FILE_MAX_RETRIES; j++) { -- /* This may fail with -ENOENT when the parent directory is removed during -- * creating the file by another udevd worker. */ -- r = touch_file(filename, /* parents= */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444); -- if (r != -ENOENT) -- break; -- } -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to create %s: %m", filename); -- } -+ r = update_stack_directory(dev, dirname, add); -+ if (r < 0) -+ return r; - - /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink - * will be fixed in the second invocation. */ --- -2.33.0 - diff --git a/backport-udev-node-shorten-code-a-bit-and-update-log-message.patch b/backport-udev-node-shorten-code-a-bit-and-update-log-message.patch deleted file mode 100644 index 44608eee977f7e1e220bed48eb05f754b4434edb..0000000000000000000000000000000000000000 --- a/backport-udev-node-shorten-code-a-bit-and-update-log-message.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f27b7c3d26bf90cad9348e7c31a2db4eb3cac42e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 2 Sep 2021 08:23:35 +0900 -Subject: [PATCH] udev-node: shorten code a bit and update log message - -(cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/f27b7c3d26bf90cad9348e7c31a2db4eb3cac42e ---- - src/udev/udev-node.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 28e6e8df94..2e7df899e4 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -447,13 +447,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -- r = stat(dirname, &st1); -- if (r < 0 && errno != ENOENT) -+ if (stat(dirname, &st1) < 0 && errno != ENOENT) - return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); - - r = link_find_prioritized(dev, add, dirname, &target); - if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to determine highest priority for symlink '%s': %m", slink); -+ return log_device_debug_errno(dev, r, "Failed to determine device node with the highest priority for '%s': %m", slink); - if (r == 0) { - log_device_debug(dev, "No reference left for '%s', removing", slink); - --- -2.33.0 - diff --git a/backport-udev-node-simplify-the-example-of-race.patch b/backport-udev-node-simplify-the-example-of-race.patch deleted file mode 100644 index d7736ee77ab96f20737e0356b3ba2183af0ee06e..0000000000000000000000000000000000000000 --- a/backport-udev-node-simplify-the-example-of-race.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 76e4e1df71fc26acd2aa2ef2d599da3cdd95a014 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Sep 2021 16:05:51 +0900 -Subject: [PATCH] udev-node: simplify the example of race - -(cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/76e4e1df71fc26acd2aa2ef2d599da3cdd95a014 ---- - src/udev/udev-node.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 52816c72fd..4e4a45bbe9 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -272,14 +272,14 @@ static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) - - /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may - * not be changed. Why? Let's consider the following situation. For simplicity, let's assume -- * there exist three udev workers (A, B, and C) and all of them calls link_update() for the -- * same devlink simultaneously. -+ * there exist two udev workers (A and B) and all of them calls link_update() for the same -+ * devlink simultaneously. - * -- * 1. B creates/removes a symlink in the stack directory. -+ * 1. A creates/removes a symlink in the stack directory. - * 2. A calls the first stat() in the loop of link_update(). - * 3. A calls link_find_prioritized(). -- * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -- * 5. B and C finish link_update(). -+ * 4. B creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -+ * 5. B finishes link_update(). - * 6. A creates/removes devlink according to the outdated result in the step 3. - * 7. A calls the second stat() in the loop of link_update(). - * --- -2.33.0 - diff --git a/backport-udev-node-split-out-permission-handling-from-udev_no.patch b/backport-udev-node-split-out-permission-handling-from-udev_no.patch deleted file mode 100644 index 7d79c3f4cece70c5959186e18096d44ab342e56a..0000000000000000000000000000000000000000 --- a/backport-udev-node-split-out-permission-handling-from-udev_no.patch +++ /dev/null @@ -1,309 +0,0 @@ -From 7534eb17595810512574e930eb114b49ec1d3675 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:24:15 +0900 -Subject: [PATCH] udev-node: split out permission handling from udev_node_add() - -And then merge udev_node_add() and udev_node_update_old_links(). - -(cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/7534eb17595810512574e930eb114b49ec1d3675 ---- - src/udev/udev-event.c | 9 +- - src/udev/udev-node.c | 204 +++++++++++++++++++----------------------- - src/udev/udev-node.h | 12 ++- - 3 files changed, 106 insertions(+), 119 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 9854270b27..8320e96fe2 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -906,9 +906,6 @@ static int update_devnode(UdevEvent *event) { - if (r < 0) - return log_device_error_errno(dev, r, "Failed to get devnum: %m"); - -- /* remove/update possible left-over symlinks from old database entry */ -- (void) udev_node_update_old_links(dev, event->dev_db_clone); -- - if (!uid_is_valid(event->uid)) { - r = device_get_devnode_uid(dev, &event->uid); - if (r < 0 && r != -ENOENT) -@@ -932,7 +929,11 @@ static int update_devnode(UdevEvent *event) { - - bool apply_mac = device_for_action(dev, SD_DEVICE_ADD); - -- return udev_node_add(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); -+ r = udev_node_apply_permissions(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); -+ if (r < 0) -+ return log_device_error_errno(dev, r, "Failed to apply devnode permissions: %m"); -+ -+ return udev_node_update(dev, event->dev_db_clone); - } - - static int event_execute_rules_on_remove( -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 9e52906571..7cc9ee3670 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -356,45 +356,117 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; - } - --int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { -- const char *name; -+static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { -+ const char *subsystem; -+ dev_t devnum; -+ int r; -+ -+ assert(dev); -+ assert(ret); -+ -+ r = sd_device_get_subsystem(dev, &subsystem); -+ if (r < 0) -+ return r; -+ -+ r = sd_device_get_devnum(dev, &devnum); -+ if (r < 0) -+ return r; -+ -+ return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); -+} -+ -+int udev_node_update(sd_device *dev, sd_device *dev_old) { -+ _cleanup_free_ char *filename = NULL; -+ const char *devnode, *devlink; - int r; - - assert(dev); - assert(dev_old); - -- /* update possible left-over symlinks */ -- FOREACH_DEVICE_DEVLINK(dev_old, name) { -- const char *name_current; -- bool found = false; -+ r = sd_device_get_devname(dev, &devnode); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); - -- /* check if old link name still belongs to this device */ -- FOREACH_DEVICE_DEVLINK(dev, name_current) -- if (streq(name, name_current)) { -- found = true; -- break; -- } -+ if (DEBUG_LOGGING) { -+ const char *id = NULL; - -- if (found) -+ (void) device_get_device_id(dev, &id); -+ log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); -+ } -+ -+ /* update possible left-over symlinks */ -+ FOREACH_DEVICE_DEVLINK(dev_old, devlink) { -+ /* check if old link name still belongs to this device */ -+ if (device_has_devlink(dev, devlink)) - continue; - - log_device_debug(dev, -- "Updating old device symlink '%s', which is no longer belonging to this device.", -- name); -+ "Removing/updating old device symlink '%s', which is no longer belonging to this device.", -+ devlink); - -- r = link_update(dev, name, false); -+ r = link_update(dev, devlink, /* add = */ false); - if (r < 0) - log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- name); -+ "Failed to remove/update device symlink '%s', ignoring: %m", -+ devlink); - } - -+ /* create/update symlinks, add symlinks to name index */ -+ FOREACH_DEVICE_DEVLINK(dev, devlink) { -+ r = link_update(dev, devlink, /* add = */ true); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to create/update device symlink '%s', ignoring: %m", -+ devlink); -+ } -+ -+ r = device_get_devpath_by_devnum(dev, &filename); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -+ -+ /* always add /dev/{block,char}/$major:$minor */ -+ r = node_symlink(dev, devnode, filename); -+ if (r < 0) -+ return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); -+ -+ return 0; -+} -+ -+int udev_node_remove(sd_device *dev) { -+ _cleanup_free_ char *filename = NULL; -+ const char *devlink; -+ int r; -+ -+ assert(dev); -+ -+ /* remove/update symlinks, remove symlinks from name index */ -+ FOREACH_DEVICE_DEVLINK(dev, devlink) { -+ r = link_update(dev, devlink, /* add = */ false); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to remove/update device symlink '%s', ignoring: %m", -+ devlink); -+ } -+ -+ r = device_get_devpath_by_devnum(dev, &filename); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -+ -+ /* remove /dev/{block,char}/$major:$minor */ -+ if (unlink(filename) < 0 && errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); -+ - return 0; - } - --static int node_permissions_apply(sd_device *dev, bool apply_mac, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list) { -+int udev_node_apply_permissions( -+ sd_device *dev, -+ bool apply_mac, -+ mode_t mode, -+ uid_t uid, -+ gid_t gid, -+ OrderedHashmap *seclabel_list) { -+ - const char *devnode, *subsystem, *id = NULL; - bool apply_mode, apply_uid, apply_gid; - _cleanup_close_ int node_fd = -1; -@@ -511,95 +583,5 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - if (r < 0) - log_device_debug_errno(dev, r, "Failed to adjust timestamp of node %s: %m", devnode); - -- return r; --} -- --static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) { -- const char *subsystem; -- dev_t devnum; -- int r; -- -- assert(ret); -- -- r = sd_device_get_subsystem(dev, &subsystem); -- if (r < 0) -- return r; -- -- r = sd_device_get_devnum(dev, &devnum); -- if (r < 0) -- return r; -- -- return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); --} -- --int udev_node_add(sd_device *dev, bool apply, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list) { -- const char *devnode, *devlink; -- _cleanup_free_ char *filename = NULL; -- int r; -- -- assert(dev); -- -- r = sd_device_get_devname(dev, &devnode); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); -- -- if (DEBUG_LOGGING) { -- const char *id = NULL; -- -- (void) device_get_device_id(dev, &id); -- log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); -- } -- -- r = node_permissions_apply(dev, apply, mode, uid, gid, seclabel_list); -- if (r < 0) -- return r; -- -- /* create/update symlinks, add symlinks to name index */ -- FOREACH_DEVICE_DEVLINK(dev, devlink) { -- r = link_update(dev, devlink, true); -- if (r < 0) -- log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- devlink); -- } -- -- r = xsprintf_dev_num_path_from_sd_device(dev, &filename); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -- -- /* always add /dev/{block,char}/$major:$minor */ -- r = node_symlink(dev, devnode, filename); -- if (r < 0) -- return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); -- -- return 0; --} -- --int udev_node_remove(sd_device *dev) { -- _cleanup_free_ char *filename = NULL; -- const char *devlink; -- int r; -- -- assert(dev); -- -- /* remove/update symlinks, remove symlinks from name index */ -- FOREACH_DEVICE_DEVLINK(dev, devlink) { -- r = link_update(dev, devlink, false); -- if (r < 0) -- log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- devlink); -- } -- -- r = xsprintf_dev_num_path_from_sd_device(dev, &filename); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -- -- /* remove /dev/{block,char}/$major:$minor */ -- if (unlink(filename) < 0 && errno != ENOENT) -- return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); -- - return 0; - } -diff --git a/src/udev/udev-node.h b/src/udev/udev-node.h -index 2349f9c471..a34af77146 100644 ---- a/src/udev/udev-node.h -+++ b/src/udev/udev-node.h -@@ -8,10 +8,14 @@ - - #include "hashmap.h" - --int udev_node_add(sd_device *dev, bool apply, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list); -+int udev_node_apply_permissions( -+ sd_device *dev, -+ bool apply_mac, -+ mode_t mode, -+ uid_t uid, -+ gid_t gid, -+ OrderedHashmap *seclabel_list); - int udev_node_remove(sd_device *dev); --int udev_node_update_old_links(sd_device *dev, sd_device *dev_old); -+int udev_node_update(sd_device *dev, sd_device *dev_old); - - size_t udev_node_escape_path(const char *src, char *dest, size_t size); --- -2.33.0 - diff --git a/backport-udev-node-stack-directory-must-exist-when-adding-dev.patch b/backport-udev-node-stack-directory-must-exist-when-adding-dev.patch deleted file mode 100644 index f1c6fe815ee2a09cd3516cd6188cddf0adf87a44..0000000000000000000000000000000000000000 --- a/backport-udev-node-stack-directory-must-exist-when-adding-dev.patch +++ /dev/null @@ -1,40 +0,0 @@ -From f16172aeb2349dab0f73a4651f31cd025faab6b7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:14:42 +0900 -Subject: [PATCH] udev-node: stack directory must exist when adding device node - symlink - -(cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/f16172aeb2349dab0f73a4651f31cd025faab6b7 ---- - src/udev/udev-node.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 7cc9ee3670..4496a2bd9b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -161,12 +161,13 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, - - dir = opendir(stackdir); - if (!dir) { -- if (errno == ENOENT) { -- *ret = TAKE_PTR(target); -- return !!*ret; -- } -+ if (add) /* The stack directory must exist. */ -+ return -errno; -+ if (errno != ENOENT) -+ return -errno; - -- return -errno; -+ *ret = NULL; -+ return 0; - } - - r = device_get_device_id(dev, &id); --- -2.33.0 - diff --git a/backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch b/backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch deleted file mode 100644 index 0a465d388c0616576cbc53ad07e95eb036a8ae9a..0000000000000000000000000000000000000000 --- a/backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ef400c3878ad23aa02bd5bb47f089bdef49e9d8c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:40:58 +0900 -Subject: [PATCH] udev: only ignore ENOENT or friends which suggest the block - device is not exist - -The ENOENT, ENXIO, and ENODEV error can happen easily when a block -device appears and soon removed. So, it is reasonable to ignore the -error. But other errors should not occur here, and hence let's handle -them as critical. - -Reference:https://github.com/systemd/systemd/commit/ef400c3878ad23aa02bd5bb47f089bdef49e9d8c -Conflict:NA - ---- - src/udev/udevd.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 8389c39f652f..f1f864a4610c 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -399,8 +399,10 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - fd = open(val, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK); - if (fd < 0) { -- log_device_debug_errno(dev, errno, "Failed to open '%s', ignoring: %m", val); -- return 0; -+ bool ignore = ERRNO_IS_DEVICE_ABSENT(errno); -+ -+ log_device_debug_errno(dev, errno, "Failed to open '%s'%s: %m", val, ignore ? ", ignoring" : ""); -+ return ignore ? 0 : -errno; - } - - if (flock(fd, LOCK_SH|LOCK_NB) < 0) - \ No newline at end of file diff --git a/backport-udev-propagate-error-on-spawning-a-worker.patch b/backport-udev-propagate-error-on-spawning-a-worker.patch deleted file mode 100644 index 73cddc477677a902980dcfd837b990e185724ec5..0000000000000000000000000000000000000000 --- a/backport-udev-propagate-error-on-spawning-a-worker.patch +++ /dev/null @@ -1,89 +0,0 @@ -From f2a5412bf286cabc047dc96395c2dae978e722b4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:47:34 +0900 -Subject: [PATCH] udev: propagate error on spawning a worker - -Reference:https://github.com/systemd/systemd/commit/f2a5412bf286cabc047dc96395c2dae978e722b4 -Conflict:NA - ---- - src/udev/udevd.c | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 2179825..7f41336 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -720,16 +720,18 @@ static int worker_spawn(Manager *manager, Event *event) { - return 0; - } - --static void event_run(Manager *manager, Event *event) { -+static int event_run(Event *event) { - static bool log_children_max_reached = true; -+ Manager *manager; - Worker *worker; - int r; - -- assert(manager); - assert(event); -+ assert(event->manager); - - log_device_uevent(event->dev, "Device ready for processing"); - -+ manager = event->manager; - HASHMAP_FOREACH(worker, manager->workers) { - if (worker->state != WORKER_IDLE) - continue; -@@ -743,29 +745,32 @@ static void event_run(Manager *manager, Event *event) { - continue; - } - worker_attach_event(worker, event); -- return; -+ return 1; /* event is now processing. */ - } - - if (hashmap_size(manager->workers) >= arg_children_max) { -- - /* Avoid spamming the debug logs if the limit is already reached and - * many events still need to be processed */ - if (log_children_max_reached && arg_children_max > 1) { - log_debug("Maximum number (%u) of children reached.", hashmap_size(manager->workers)); - log_children_max_reached = false; - } -- return; -+ return 0; /* no free worker */ - } - - /* Re-enable the debug message for the next batch of events */ - log_children_max_reached = true; - - /* fork with up-to-date SELinux label database, so the child inherits the up-to-date db -- and, until the next SELinux policy changes, we safe further reloads in future children */ -+ * and, until the next SELinux policy changes, we safe further reloads in future children */ - mac_selinux_maybe_reload(); - - /* start new worker and pass initial device */ -- worker_spawn(manager, event); -+ r = worker_spawn(manager, event); -+ if (r < 0) -+ return r; -+ -+ return 1; /* event is now processing. */ - } - - /* lookup event for identical, parent, child device */ -@@ -921,7 +926,9 @@ static int event_queue_start(Manager *manager) { - if (is_device_busy(manager, event) != 0) - continue; - -- event_run(manager, event); -+ r = event_run(event); -+ if (r < 0) -+ return r; - } - - return 0; --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-remove-run-udev-queue-in-on_post.patch b/backport-udev-remove-run-udev-queue-in-on_post.patch deleted file mode 100644 index fed83aee395042207d9f9719fa32949e73070c66..0000000000000000000000000000000000000000 --- a/backport-udev-remove-run-udev-queue-in-on_post.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4029328014be9350ca9fc0774ad936c8b5e50ff2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 13 Mar 2022 21:22:57 +0900 -Subject: [PATCH] udev: remove /run/udev/queue in on_post() - -When the last queued event is processed, information about subsequent -events may be already queued in the netlink socket of sd-device-monitor. -In that case, previously we once removed /run/udev/queue and touch the -file soon later, and `udevadm settle` mistakenly considered all events -are processed. - -To mitigate such situation, this makes /run/udev/queue removed in on_post(). - -Reference:https://github.com/systemd/systemd/commit/4029328014be9350ca9fc0774ad936c8b5e50ff2 -Conflict:NA - ---- - src/udev/udevd.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 6bb9eeb4bb37..8389c39f652f 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -171,12 +171,6 @@ static Event *event_free(Event *event) { - if (event->worker) - event->worker->event = NULL; - -- /* only clean up the queue from the process that created it */ -- if (LIST_IS_EMPTY(event->manager->events) && -- event->manager->pid == getpid_cached()) -- if (unlink("/run/udev/queue") < 0 && errno != ENOENT) -- log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); -- - return mfree(event); - } - -@@ -1480,7 +1474,13 @@ static int on_post(sd_event_source *s, void *userdata) { - if (!LIST_IS_EMPTY(manager->events)) - return 1; - -- /* There are no pending events. Let's cleanup idle process. */ -+ /* There are no queued events. Let's remove /run/udev/queue and clean up the idle processes. */ -+ -+ if (unlink("/run/udev/queue") < 0) { -+ if (errno != ENOENT) -+ log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); -+ } else -+ log_debug("No events are queued, removing /run/udev/queue."); - - if (!hashmap_isempty(manager->workers)) { - /* There are idle workers */ - \ No newline at end of file diff --git a/backport-udev-rename-is_device_busy-event_is_blocked.patch b/backport-udev-rename-is_device_busy-event_is_blocked.patch deleted file mode 100644 index dde6b338373a5a6a79f844c1cb6be046c37c7a02..0000000000000000000000000000000000000000 --- a/backport-udev-rename-is_device_busy-event_is_blocked.patch +++ /dev/null @@ -1,141 +0,0 @@ -From a1fa99d84124cdcd4a306113ebe4febc1251c41c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 16:14:01 +0900 -Subject: [PATCH] udev: rename is_device_busy() -> event_is_blocked() - -Also this rename delaying_seqnum -> blocker_seqnum. - -Reference:https://github.com/systemd/systemd/commit/a1fa99d84124cdcd4a306113ebe4febc1251c41c -Conflict:NA - ---- - src/udev/udevd.c | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index e99c2c0..20bd556 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -126,7 +126,7 @@ typedef struct Event { - sd_device *dev_kernel; /* clone of originally received device */ - - uint64_t seqnum; -- uint64_t delaying_seqnum; -+ uint64_t blocker_seqnum; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -773,8 +773,7 @@ static int event_run(Event *event) { - return 1; /* event is now processing. */ - } - --/* lookup event for identical, parent, child device */ --static int is_device_busy(Manager *manager, Event *event) { -+static int event_is_blocked(Event *event) { - const char *subsystem, *devpath, *devpath_old = NULL; - dev_t devnum = makedev(0, 0); - Event *loop_event; -@@ -782,6 +781,8 @@ static int is_device_busy(Manager *manager, Event *event) { - int r, ifindex = 0; - bool is_block; - -+ /* lookup event for identical, parent, child device */ -+ - r = sd_device_get_subsystem(event->dev, &subsystem); - if (r < 0) - return r; -@@ -807,21 +808,21 @@ static int is_device_busy(Manager *manager, Event *event) { - return r; - - /* check if queue contains events we depend on */ -- LIST_FOREACH(event, loop_event, manager->events) { -+ LIST_FOREACH(event, loop_event, event->manager->events) { - size_t loop_devpath_len, common; - const char *loop_devpath; - - /* we already found a later event, earlier cannot block us, no need to check again */ -- if (loop_event->seqnum < event->delaying_seqnum) -+ if (loop_event->seqnum < event->blocker_seqnum) - continue; - - /* event we checked earlier still exists, no need to check again */ -- if (loop_event->seqnum == event->delaying_seqnum) -+ if (loop_event->seqnum == event->blocker_seqnum) - return true; - - /* found ourself, no later event can block us */ - if (loop_event->seqnum >= event->seqnum) -- break; -+ return false; - - /* check major/minor */ - if (major(devnum) != 0) { -@@ -833,7 +834,7 @@ static int is_device_busy(Manager *manager, Event *event) { - - if (sd_device_get_devnum(loop_event->dev, &d) >= 0 && - devnum == d && is_block == streq(s, "block")) -- goto set_delaying_seqnum; -+ break; - } - - /* check network device ifindex */ -@@ -842,7 +843,7 @@ static int is_device_busy(Manager *manager, Event *event) { - - if (sd_device_get_ifindex(loop_event->dev, &i) >= 0 && - ifindex == i) -- goto set_delaying_seqnum; -+ break; - } - - if (sd_device_get_devpath(loop_event->dev, &loop_devpath) < 0) -@@ -850,7 +851,7 @@ static int is_device_busy(Manager *manager, Event *event) { - - /* check our old name */ - if (devpath_old && streq(devpath_old, loop_devpath)) -- goto set_delaying_seqnum; -+ break; - - loop_devpath_len = strlen(loop_devpath); - -@@ -863,24 +864,23 @@ static int is_device_busy(Manager *manager, Event *event) { - - /* identical device event found */ - if (devpath_len == loop_devpath_len) -- goto set_delaying_seqnum; -+ break; - - /* parent device event found */ - if (devpath[common] == '/') -- goto set_delaying_seqnum; -+ break; - - /* child device event found */ - if (loop_devpath[common] == '/') -- goto set_delaying_seqnum; -+ break; - } - -- return false; -+ assert(loop_event); - --set_delaying_seqnum: - log_device_debug(event->dev, "SEQNUM=%" PRIu64 " blocked by SEQNUM=%" PRIu64, - event->seqnum, loop_event->seqnum); - -- event->delaying_seqnum = loop_event->seqnum; -+ event->blocker_seqnum = loop_event->seqnum; - return true; - } - -@@ -923,7 +923,7 @@ static int event_queue_start(Manager *manager) { - continue; - - /* do not start event if parent or child event is still running */ -- if (is_device_busy(manager, event) != 0) -+ if (event_is_blocked(event) != 0) - continue; - - r = event_run(event); --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch b/backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch deleted file mode 100644 index eb573d7488ce19347e6d7a5f9f7f257823b56407..0000000000000000000000000000000000000000 --- a/backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch +++ /dev/null @@ -1,302 +0,0 @@ -From d9239923c1de3f10f1598567e8bebcb798c4bd27 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Jun 2021 19:05:39 +0900 -Subject: [PATCH] udev: rename type name e.g. struct worker -> Worker - ---- - src/udev/udevd.c | 97 +++++++++++++++++++++++++----------------------- - 1 file changed, 50 insertions(+), 47 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 5a4657de14..6baedd2f2e 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -77,10 +77,13 @@ static usec_t arg_event_timeout_usec = 180 * USEC_PER_SEC; - static int arg_timeout_signal = SIGKILL; - static bool arg_blockdev_read_only = false; - -+typedef struct Event Event; -+typedef struct Worker Worker; -+ - typedef struct Manager { - sd_event *event; - Hashmap *workers; -- LIST_HEAD(struct event, events); -+ LIST_HEAD(Event, events); - const char *cgroup; - pid_t pid; /* the process that originally allocated the manager object */ - int log_level; -@@ -106,16 +109,16 @@ typedef struct Manager { - bool exit; - } Manager; - --enum event_state { -+typedef enum EventState { - EVENT_UNDEF, - EVENT_QUEUED, - EVENT_RUNNING, --}; -+} EventState; - --struct event { -+typedef struct Event { - Manager *manager; -- struct worker *worker; -- enum event_state state; -+ Worker *worker; -+ EventState state; - - sd_device *dev; - sd_device *dev_kernel; /* clone of originally received device */ -@@ -126,32 +129,32 @@ struct event { - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; - -- LIST_FIELDS(struct event, event); --}; -+ LIST_FIELDS(Event, event); -+} Event; - --static void event_queue_cleanup(Manager *manager, enum event_state type); -+static void event_queue_cleanup(Manager *manager, EventState match_state); - --enum worker_state { -+typedef enum WorkerState { - WORKER_UNDEF, - WORKER_RUNNING, - WORKER_IDLE, - WORKER_KILLED, - WORKER_KILLING, --}; -+} WorkerState; - --struct worker { -+typedef struct Worker { - Manager *manager; - pid_t pid; - sd_device_monitor *monitor; -- enum worker_state state; -- struct event *event; --}; -+ WorkerState state; -+ Event *event; -+} Worker; - - /* passed from worker to main process */ --struct worker_message { --}; -+typedef struct WorkerMessage { -+} WorkerMessage; - --static void event_free(struct event *event) { -+static void event_free(Event *event) { - if (!event) - return; - -@@ -176,7 +179,7 @@ static void event_free(struct event *event) { - free(event); - } - --static struct worker* worker_free(struct worker *worker) { -+static Worker *worker_free(Worker *worker) { - if (!worker) - return NULL; - -@@ -189,11 +192,11 @@ static struct worker* worker_free(struct worker *worker) { - return mfree(worker); - } - --DEFINE_TRIVIAL_CLEANUP_FUNC(struct worker *, worker_free); --DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(worker_hash_op, void, trivial_hash_func, trivial_compare_func, struct worker, worker_free); -+DEFINE_TRIVIAL_CLEANUP_FUNC(Worker*, worker_free); -+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(worker_hash_op, void, trivial_hash_func, trivial_compare_func, Worker, worker_free); - --static int worker_new(struct worker **ret, Manager *manager, sd_device_monitor *worker_monitor, pid_t pid) { -- _cleanup_(worker_freep) struct worker *worker = NULL; -+static int worker_new(Worker **ret, Manager *manager, sd_device_monitor *worker_monitor, pid_t pid) { -+ _cleanup_(worker_freep) Worker *worker = NULL; - int r; - - assert(ret); -@@ -204,11 +207,11 @@ static int worker_new(struct worker **ret, Manager *manager, sd_device_monitor * - /* close monitor, but keep address around */ - device_monitor_disconnect(worker_monitor); - -- worker = new(struct worker, 1); -+ worker = new(Worker, 1); - if (!worker) - return -ENOMEM; - -- *worker = (struct worker) { -+ *worker = (Worker) { - .manager = manager, - .monitor = sd_device_monitor_ref(worker_monitor), - .pid = pid, -@@ -224,7 +227,7 @@ static int worker_new(struct worker **ret, Manager *manager, sd_device_monitor * - } - - static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { -- struct event *event = userdata; -+ Event *event = userdata; - - assert(event); - assert(event->worker); -@@ -238,7 +241,7 @@ static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { - } - - static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) { -- struct event *event = userdata; -+ Event *event = userdata; - - assert(event); - assert(event->worker); -@@ -248,7 +251,7 @@ static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *use - return 1; - } - --static void worker_attach_event(struct worker *worker, struct event *event) { -+static void worker_attach_event(Worker *worker, Event *event) { - sd_event *e; - - assert(worker); -@@ -315,7 +318,7 @@ static Manager* manager_free(Manager *manager) { - DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); - - static int worker_send_message(int fd) { -- struct worker_message message = {}; -+ WorkerMessage message = {}; - - return loop_write(fd, &message, sizeof(message), false); - } -@@ -591,9 +594,9 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device - return 0; - } - --static int worker_spawn(Manager *manager, struct event *event) { -+static int worker_spawn(Manager *manager, Event *event) { - _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *worker_monitor = NULL; -- struct worker *worker; -+ Worker *worker; - pid_t pid; - int r; - -@@ -635,9 +638,9 @@ static int worker_spawn(Manager *manager, struct event *event) { - return 0; - } - --static void event_run(Manager *manager, struct event *event) { -+static void event_run(Manager *manager, Event *event) { - static bool log_children_max_reached = true; -- struct worker *worker; -+ Worker *worker; - int r; - - assert(manager); -@@ -685,7 +688,7 @@ static void event_run(Manager *manager, struct event *event) { - - static int event_queue_insert(Manager *manager, sd_device *dev) { - _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- struct event *event; -+ Event *event; - uint64_t seqnum; - int r; - -@@ -709,11 +712,11 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -- event = new(struct event, 1); -+ event = new(Event, 1); - if (!event) - return -ENOMEM; - -- *event = (struct event) { -+ *event = (Event) { - .manager = manager, - .dev = sd_device_ref(dev), - .dev_kernel = TAKE_PTR(clone), -@@ -735,7 +738,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - } - - static void manager_kill_workers(Manager *manager, bool force) { -- struct worker *worker; -+ Worker *worker; - - assert(manager); - -@@ -754,10 +757,10 @@ static void manager_kill_workers(Manager *manager, bool force) { - } - - /* lookup event for identical, parent, child device */ --static int is_device_busy(Manager *manager, struct event *event) { -+static int is_device_busy(Manager *manager, Event *event) { - const char *subsystem, *devpath, *devpath_old = NULL; - dev_t devnum = makedev(0, 0); -- struct event *loop_event; -+ Event *loop_event; - size_t devpath_len; - int r, ifindex = 0; - bool is_block; -@@ -916,7 +919,7 @@ static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userda - } - - static void event_queue_start(Manager *manager) { -- struct event *event; -+ Event *event; - usec_t usec; - int r; - -@@ -963,11 +966,11 @@ static void event_queue_start(Manager *manager) { - } - } - --static void event_queue_cleanup(Manager *manager, enum event_state match_type) { -- struct event *event, *tmp; -+static void event_queue_cleanup(Manager *manager, EventState match_state) { -+ Event *event, *tmp; - - LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -- if (match_type != EVENT_UNDEF && match_type != event->state) -+ if (match_state != EVENT_UNDEF && match_state != event->state) - continue; - - event_free(event); -@@ -980,7 +983,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - assert(manager); - - for (;;) { -- struct worker_message msg; -+ WorkerMessage msg; - struct iovec iovec = { - .iov_base = &msg, - .iov_len = sizeof(msg), -@@ -994,7 +997,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - }; - ssize_t size; - struct ucred *ucred; -- struct worker *worker; -+ Worker *worker; - - size = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT); - if (size == -EINTR) -@@ -1007,7 +1010,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - - cmsg_close_all(&msghdr); - -- if (size != sizeof(struct worker_message)) { -+ if (size != sizeof(WorkerMessage)) { - log_warning("Ignoring worker message with invalid size %zi bytes", size); - continue; - } -@@ -1357,7 +1360,7 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - for (;;) { - pid_t pid; - int status; -- struct worker *worker; -+ Worker *worker; - - pid = waitpid(-1, &status, WNOHANG); - if (pid <= 0) --- -2.27.0 - diff --git a/backport-udev-requeue-event-when-the-corresponding-block-device-is.patch b/backport-udev-requeue-event-when-the-corresponding-block-device-is.patch deleted file mode 100644 index b193b03f2279a2aca6f5c12e5ed0d2ae0d6b35a7..0000000000000000000000000000000000000000 --- a/backport-udev-requeue-event-when-the-corresponding-block-device-is.patch +++ /dev/null @@ -1,288 +0,0 @@ -From 5d354e525a56955ae7f68062e283dda85ab07794 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Mar 2022 13:50:06 +0900 -Subject: [PATCH] udev: requeue event when the corresponding block device is - locked by another process - -Previously, if a block device is locked by another process, then the -corresponding worker skip to process the corresponding event, and does -not broadcast the uevent to libudev listners. This causes several issues: - -- During a period of a device being locked by a process, if a user trigger - an event with `udevadm trigger --settle`, then it never returned. - -- When there is a delay between close and unlock in a process, then the - synthesized events triggered by inotify may not be processed. This can - happens easily by wrapping mkfs with flock. This causes severe issues - e.g. new devlinks are not created, or old devlinks are not removed. - -This commit makes events are requeued with a tiny delay when the corresponding -block devices are locked by other processes. With this way, the triggered -uevent may be delayed but is always processed by udevd. Hence, the above -issues can be solved. Also, it is not necessary to watch a block device -unconditionally when it is already locked. Hence, the logic is dropped. - -Reference:https://github.com/systemd/systemd/commit/5d354e525a56955ae7f68062e283dda85ab07794 -Conflict:adaption - ---- - src/udev/udevd.c | 154 +++++++++++++++++++++++++++++------------------ - 1 file changed, 97 insertions(+), 57 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index d153b03a38e1..973727375b67 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -70,6 +70,8 @@ - #include "version.h" - - #define WORKER_NUM_MAX 2048U -+#define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) -+#define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) - - static bool arg_debug = false; - static int arg_daemonize = false; -@@ -128,6 +130,8 @@ typedef struct Event { - sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; -+ usec_t retry_again_next_usec; -+ usec_t retry_again_timeout_usec; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -152,8 +156,13 @@ typedef struct Worker { - } Worker; - - /* passed from worker to main process */ --typedef struct WorkerMessage { --} WorkerMessage; -+typedef enum EventResult { -+ EVENT_RESULT_SUCCESS, -+ EVENT_RESULT_FAILED, -+ EVENT_RESULT_TRY_AGAIN, /* when the block device is locked by another process. */ -+ _EVENT_RESULT_MAX, -+ _EVENT_RESULT_INVALID = -EINVAL, -+} EventResult; - - static Event *event_free(Event *event) { - if (!event) -@@ -360,10 +369,11 @@ static void device_broadcast(sd_device_monitor *monitor, sd_device *dev) { - "Failed to broadcast event to libudev listeners, ignoring: %m"); - } - --static int worker_send_message(int fd) { -- WorkerMessage message = {}; -+static int worker_send_result(Manager *manager, EventResult result) { -+ assert(manager); -+ assert(manager->worker_watch[WRITE_END] >= 0); - -- return loop_write(fd, &message, sizeof(message), false); -+ return loop_write(manager->worker_watch[WRITE_END], &result, sizeof(result), false); - } - - static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -@@ -490,44 +500,12 @@ static int worker_process_device(Manager *manager, sd_device *dev) { - if (!udev_event) - return -ENOMEM; - -+ /* If this is a block device and the device is locked currently via the BSD advisory locks, -+ * someone else is using it exclusively. We don't run our udev rules now to not interfere. -+ * Instead of processing the event, we requeue the event and will try again after a delay. -+ * -+ * The user-facing side of this: https://systemd.io/BLOCK_DEVICE_LOCKING */ - r = worker_lock_block_device(dev, &fd_lock); -- if (r == -EAGAIN) { -- /* So this is a block device and the device is locked currently via the BSD advisory locks — -- * someone else is exclusively using it. This means we don't run our udev rules now, to not -- * interfere. However we want to know when the device is unlocked again, and retrigger the -- * device again then, so that the rules are run eventually. For that we use IN_CLOSE_WRITE -- * inotify watches (which isn't exactly the same as waiting for the BSD locks to release, but -- * not totally off, as long as unlock+close() is done together, as it usually is). -- * -- * (The user-facing side of this: https://systemd.io/BLOCK_DEVICE_LOCKING) -- * -- * There's a bit of a chicken and egg problem here for this however: inotify watching is -- * supposed to be enabled via an option set via udev rules (OPTIONS+="watch"). If we skip the -- * udev rules here however (as we just said we do), we would thus never see that specific -- * udev rule, and thus never turn on inotify watching. But in order to catch up eventually -- * and run them we we need the inotify watching: hence a classic chicken and egg problem. -- * -- * Our way out here: if we see the block device locked, unconditionally watch the device via -- * inotify, regardless of any explicit request via OPTIONS+="watch". Thus, a device that is -- * currently locked via the BSD file locks will be treated as if we ran a single udev rule -- * only for it: the one that turns on inotify watching for it. If we eventually see the -- * inotify IN_CLOSE_WRITE event, and then run the rules after all and we then realize that -- * this wasn't actually requested (i.e. no OPTIONS+="watch" set) we'll simply turn off the -- * watching again (see below). Effectively this means: inotify watching is now enabled either -- * a) when the udev rules say so, or b) while the device is locked. -- * -- * Worst case scenario hence: in the (unlikely) case someone locked the device and we clash -- * with that we might do inotify watching for a brief moment for a device where we actually -- * weren't supposed to. But that shouldn't be too bad, in particular as BSD locks being taken -- * on a block device is kinda an indication that the inotify logic is desired too, to some -- * degree — they go hand-in-hand after all. */ -- -- log_device_debug(dev, "Block device is currently locked, installing watch to wait until the lock is released."); -- (void) udev_watch_begin(manager->inotify_fd, dev); -- -- /* Now the watch is installed, let's lock the device again, maybe in the meantime things changed */ -- r = worker_lock_block_device(dev, &fd_lock); -- } - if (r < 0) - return r; - -@@ -560,25 +538,29 @@ static int worker_process_device(Manager *manager, sd_device *dev) { - - static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device *dev, void *userdata) { - Manager *manager = userdata; -+ EventResult result; - int r; - - assert(dev); - assert(manager); - - r = worker_process_device(manager, dev); -- if (r == -EAGAIN) -- /* if we couldn't acquire the flock(), then proceed quietly */ -- log_device_debug_errno(dev, r, "Device currently locked, not processing."); -- else { -- if (r < 0) -- log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); -+ if (r == -EAGAIN) { -+ /* if we couldn't acquire the flock(), then requeue the event */ -+ result = EVENT_RESULT_TRY_AGAIN; -+ log_device_debug_errno(dev, r, "Block device is currently locked, requeueing the event."); -+ } else if (r < 0) { -+ result = EVENT_RESULT_FAILED; -+ log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); -+ } else -+ result = EVENT_RESULT_SUCCESS; - -+ if (result != EVENT_RESULT_TRY_AGAIN) - /* send processed event back to libudev listeners */ - device_broadcast(monitor, dev); -- } - - /* send udevd the result of the event execution */ -- r = worker_send_message(manager->worker_watch[WRITE_END]); -+ r = worker_send_result(manager, result); - if (r < 0) - log_device_warning_errno(dev, r, "Failed to send signal to main daemon, ignoring: %m"); - -@@ -794,6 +776,17 @@ static int event_is_blocked(Event *event) { - assert(event->manager); - assert(event->blocker_seqnum <= event->seqnum); - -+ if (event->retry_again_next_usec > 0) { -+ usec_t now_usec; -+ -+ r = sd_event_now(event->manager->event, clock_boottime_or_monotonic(), &now_usec); -+ if (r < 0) -+ return r; -+ -+ if (event->retry_again_next_usec <= now_usec) -+ return true; -+ } -+ - if (event->blocker_seqnum == event->seqnum) - /* we have checked previously and no blocker found */ - return false; -@@ -980,6 +973,44 @@ static int event_queue_start(Manager *manager) { - return 0; - } - -+static int event_requeue(Event *event) { -+ usec_t now_usec; -+ int r; -+ -+ assert(event); -+ assert(event->manager); -+ assert(event->manager->event); -+ -+ event->timeout_warning_event = sd_event_source_disable_unref(event->timeout_warning_event); -+ event->timeout_event = sd_event_source_disable_unref(event->timeout_event); -+ -+ /* add a short delay to suppress busy loop */ -+ r = sd_event_now(event->manager->event, clock_boottime_or_monotonic(), &now_usec); -+ if (r < 0) -+ return log_device_warning_errno(event->dev, r, -+ "Failed to get current time, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m", -+ event->seqnum, strna(device_action_to_string(event->action))); -+ -+ if (event->retry_again_timeout_usec > 0 && event->retry_again_timeout_usec <= now_usec) -+ return log_device_warning_errno(event->dev, SYNTHETIC_ERRNO(ETIMEDOUT), -+ "The underlying block device is locked by a process more than %s, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s).", -+ format_timespan((char[FORMAT_TIMESPAN_MAX]){}, FORMAT_TIMESPAN_MAX, EVENT_RETRY_TIMEOUT_USEC, USEC_PER_MINUTE), -+ event->seqnum, strna(device_action_to_string(event->action))); -+ -+ event->retry_again_next_usec = usec_add(now_usec, EVENT_RETRY_INTERVAL_USEC); -+ if (event->retry_again_timeout_usec == 0) -+ event->retry_again_timeout_usec = usec_add(now_usec, EVENT_RETRY_TIMEOUT_USEC); -+ -+ if (event->worker && event->worker->event == event) -+ event->worker->event = NULL; -+ event->worker = NULL; -+ -+ event->state = EVENT_QUEUED; -+ return 0; -+} -+ - static int event_queue_insert(Manager *manager, sd_device *dev) { - sd_device_action_t action; - uint64_t seqnum; -@@ -1054,11 +1085,8 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - assert(manager); - - for (;;) { -- WorkerMessage msg; -- struct iovec iovec = { -- .iov_base = &msg, -- .iov_len = sizeof(msg), -- }; -+ EventResult result; -+ struct iovec iovec = IOVEC_MAKE(&result, sizeof(result)); - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control; - struct msghdr msghdr = { - .msg_iov = &iovec, -@@ -1081,7 +1109,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - - cmsg_close_all(&msghdr); - -- if (size != sizeof(WorkerMessage)) { -+ if (size != sizeof(EventResult)) { - log_warning("Ignoring worker message with invalid size %zi bytes", size); - continue; - } -@@ -1106,6 +1134,11 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - worker->state = WORKER_IDLE; - - /* worker returned */ -+ if (result == EVENT_RESULT_TRY_AGAIN && -+ event_requeue(worker->event) < 0) -+ device_broadcast(manager->monitor, worker->event->dev); -+ -+ /* When event_requeue() succeeds, worker->event is NULL, and event_free() handles NULL gracefully. */ - event_free(worker->event); - } - -@@ -1467,8 +1500,15 @@ static int on_post(sd_event_source *s, void *userdata) { - - assert(manager); - -- if (!LIST_IS_EMPTY(manager->events)) -+ if (!LIST_IS_EMPTY(manager->events)) { -+ /* Try to process pending events if idle workers exist. Why is this necessary? -+ * When a worker finished an event and became idle, even if there was a pending event, -+ * the corresponding device might have been locked and the processing of the event -+ * delayed for a while, preventing the worker from processing the event immediately. -+ * Now, the device may be unlocked. Let's try again! */ -+ event_queue_start(manager); - return 1; -+ } - - /* There are no queued events. Let's remove /run/udev/queue and clean up the idle processes. */ - - \ No newline at end of file diff --git a/backport-udev-run-the-main-process-workers-and-spawned-comman.patch b/backport-udev-run-the-main-process-workers-and-spawned-comman.patch deleted file mode 100644 index bc39fd9d421662efc7bfa3056ab59313ff0dd9f5..0000000000000000000000000000000000000000 --- a/backport-udev-run-the-main-process-workers-and-spawned-comman.patch +++ /dev/null @@ -1,176 +0,0 @@ -From a1f4fd387603673a79a84ca4e5ce25b439b85fe6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Mar 2022 20:46:49 +0900 -Subject: [PATCH] udev: run the main process, workers, and spawned commands in - /udev subcgroup - -And enable cgroup delegation for udevd. -Then, processes invoked through ExecReload= are assigned .control -subcgroup, and they are not killed by cg_kill(). - -Fixes #16867 and #22686. ---- - src/udev/udevd.c | 76 ++++++++++++++++++++++++++-------- - units/systemd-udevd.service.in | 1 + - 2 files changed, 59 insertions(+), 18 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 8380d674c5..c6f6d945c8 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -28,6 +28,7 @@ - #include "sd-event.h" - - #include "alloc-util.h" -+#include "cgroup-setup.h" - #include "cgroup-util.h" - #include "cpu-set-util.h" - #include "dev-setup.h" -@@ -48,6 +49,7 @@ - #include "mkdir.h" - #include "netlink-util.h" - #include "parse-util.h" -+#include "path-util.h" - #include "pretty-print.h" - #include "proc-cmdline.h" - #include "process-util.h" -@@ -85,7 +87,7 @@ typedef struct Manager { - sd_event *event; - Hashmap *workers; - LIST_HEAD(Event, events); -- const char *cgroup; -+ char *cgroup; - pid_t pid; /* the process that originally allocated the manager object */ - int log_level; - -@@ -238,6 +240,7 @@ static Manager* manager_free(Manager *manager) { - safe_close(manager->inotify_fd); - safe_close_pair(manager->worker_watch); - -+ free(manager->cgroup); - return mfree(manager); - } - -@@ -1722,12 +1725,63 @@ static int parse_argv(int argc, char *argv[]) { - return 1; - } - --static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cgroup) { -+static int create_subcgroup(char **ret) { -+ _cleanup_free_ char *cgroup = NULL, *subcgroup = NULL; -+ int r; -+ -+ if (getppid() != 1) -+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not invoked by PID1."); -+ -+ r = sd_booted(); -+ if (r < 0) -+ return log_debug_errno(r, "Failed to check if systemd is running: %m"); -+ if (r == 0) -+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "systemd is not running."); -+ -+ /* Get our own cgroup, we regularly kill everything udev has left behind. -+ * We only do this on systemd systems, and only if we are directly spawned -+ * by PID1. Otherwise we are not guaranteed to have a dedicated cgroup. */ -+ -+ r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup); -+ if (r < 0) { -+ if (IN_SET(r, -ENOENT, -ENOMEDIUM)) -+ return log_debug_errno(r, "Dedicated cgroup not found: %m"); -+ return log_debug_errno(r, "Failed to get cgroup: %m"); -+ } -+ -+ r = cg_get_xattr_bool(SYSTEMD_CGROUP_CONTROLLER, cgroup, "trusted.delegate"); -+ if (IN_SET(r, 0, -ENODATA)) -+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "The cgroup %s is not delegated to us.", cgroup); -+ if (r < 0) -+ return log_debug_errno(r, "Failed to read trusted.delegate attribute: %m"); -+ -+ /* We are invoked with our own delegated cgroup tree, let's move us one level down, so that we -+ * don't collide with the "no processes in inner nodes" rule of cgroups, when the service -+ * manager invokes the ExecReload= job in the .control/ subcgroup. */ -+ -+ subcgroup = path_join(cgroup, "/udev"); -+ if (!subcgroup) -+ return log_oom_debug(); -+ -+ r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, subcgroup, 0); -+ if (r < 0) -+ return log_debug_errno(r, "Failed to create %s subcgroup: %m", subcgroup); -+ -+ log_debug("Created %s subcgroup.", subcgroup); -+ if (ret) -+ *ret = TAKE_PTR(subcgroup); -+ return 0; -+} -+ -+static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent) { - _cleanup_(manager_freep) Manager *manager = NULL; -+ _cleanup_free_ char *cgroup = NULL; - int r; - - assert(ret); - -+ (void) create_subcgroup(&cgroup); -+ - manager = new(Manager, 1); - if (!manager) - return log_oom(); -@@ -1735,7 +1789,7 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg - *manager = (Manager) { - .inotify_fd = -1, - .worker_watch = { -1, -1 }, -- .cgroup = cgroup, -+ .cgroup = TAKE_PTR(cgroup), - }; - - r = udev_ctrl_new_from_fd(&manager->ctrl, fd_ctrl); -@@ -1880,7 +1934,6 @@ static int main_loop(Manager *manager) { - } - - int run_udevd(int argc, char *argv[]) { -- _cleanup_free_ char *cgroup = NULL; - _cleanup_(manager_freep) Manager *manager = NULL; - int fd_ctrl = -1, fd_uevent = -1; - int r; -@@ -1937,24 +1990,11 @@ int run_udevd(int argc, char *argv[]) { - if (r < 0 && r != -EEXIST) - return log_error_errno(r, "Failed to create /run/udev: %m"); - -- if (getppid() == 1 && sd_booted() > 0) { -- /* Get our own cgroup, we regularly kill everything udev has left behind. -- * We only do this on systemd systems, and only if we are directly spawned -- * by PID1. Otherwise we are not guaranteed to have a dedicated cgroup. */ -- r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup); -- if (r < 0) { -- if (IN_SET(r, -ENOENT, -ENOMEDIUM)) -- log_debug_errno(r, "Dedicated cgroup not found: %m"); -- else -- log_warning_errno(r, "Failed to get cgroup: %m"); -- } -- } -- - r = listen_fds(&fd_ctrl, &fd_uevent); - if (r < 0) - return log_error_errno(r, "Failed to listen on fds: %m"); - -- r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup); -+ r = manager_new(&manager, fd_ctrl, fd_uevent); - if (r < 0) - return log_error_errno(r, "Failed to create manager: %m"); - -diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index d042bfb0d3..9901198274 100644 ---- a/units/systemd-udevd.service.in -+++ b/units/systemd-udevd.service.in -@@ -16,6 +16,7 @@ Before=sysinit.target - ConditionPathIsReadWrite=/sys - - [Service] -+Delegate=pids - DeviceAllow=block-* rwm - DeviceAllow=char-* rwm - Type=notify --- -2.27.0 - diff --git a/backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch b/backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch deleted file mode 100644 index b28f6b1abd69601774c133c2142933ff45ebbdc5..0000000000000000000000000000000000000000 --- a/backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch +++ /dev/null @@ -1,58 +0,0 @@ -From c6f78234d1d1c6065ecc56240f217d1fdbeb1771 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 17:14:10 +0900 -Subject: [PATCH] udev: skip event when its dependency cannot be checked - -Reference:https://github.com/systemd/systemd/commit/c6f78234d1d1c6065ecc56240f217d1fdbeb1771 -Conflict:NA - ---- - src/udev/udevd.c | 22 ++++++++++++++++++---- - 1 file changed, 18 insertions(+), 4 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index be2c3ee..683938d 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -910,7 +910,7 @@ no_blocker: - } - - static int event_queue_start(Manager *manager) { -- Event *event; -+ Event *event, *event_next; - usec_t usec; - int r; - -@@ -943,12 +943,26 @@ static int event_queue_start(Manager *manager) { - return log_warning_errno(r, "Failed to read udev rules: %m"); - } - -- LIST_FOREACH(event, event, manager->events) { -+ LIST_FOREACH_SAFE(event, event, event_next, manager->events) { - if (event->state != EVENT_QUEUED) - continue; - -- /* do not start event if parent or child event is still running */ -- if (event_is_blocked(event) != 0) -+ /* do not start event if parent or child event is still running or queued */ -+ r = event_is_blocked(event); -+ if (r < 0) { -+ sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; -+ -+ (void) sd_device_get_action(event->dev, &a); -+ log_device_warning_errno(event->dev, r, -+ "Failed to check event dependency, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s)", -+ event->seqnum, -+ strna(device_action_to_string(a))); -+ -+ event_free(event); -+ return r; -+ } -+ if (r > 0) - continue; - - r = event_run(event); --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-split-worker_lock_block_device-into-two.patch b/backport-udev-split-worker_lock_block_device-into-two.patch deleted file mode 100644 index dc8f58bc5800b26c69169d048d24dd1f38f5d30a..0000000000000000000000000000000000000000 --- a/backport-udev-split-worker_lock_block_device-into-two.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 7b7959fba52ba4bb6b5f7001971917760df40fee Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:55:25 +0900 -Subject: [PATCH] udev: split worker_lock_block_device() into two - -This also makes return value initialized when these function return 0 to -follow our coding style. - -Just a preparation for later commits. - -Reference:https://github.com/systemd/systemd/commit/7b7959fba52ba4bb6b5f7001971917760df40fee -Conflict:NA - ---- - src/udev/udevd.c | 54 ++++++++++++++++++++++++++++++++++++------------ - 1 file changed, 41 insertions(+), 13 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 973727375b67..0b620cb7dcac 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -376,35 +376,29 @@ static int worker_send_result(Manager *manager, EventResult result) { - return loop_write(manager->worker_watch[WRITE_END], &result, sizeof(result), false); - } - --static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -- _cleanup_close_ int fd = -1; -+static int device_get_block_device(sd_device *dev, const char **ret) { - const char *val; - int r; - - assert(dev); -- assert(ret_fd); -- -- /* Take a shared lock on the device node; this establishes a concept of device "ownership" to -- * serialize device access. External processes holding an exclusive lock will cause udev to skip the -- * event handling; in the case udev acquired the lock, the external process can block until udev has -- * finished its event handling. */ -+ assert(ret); - - if (device_for_action(dev, SD_DEVICE_REMOVE)) -- return 0; -+ goto irrelevant; - - r = sd_device_get_subsystem(dev, &val); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get subsystem: %m"); - - if (!streq(val, "block")) -- return 0; -+ goto irrelevant; - - r = sd_device_get_sysname(dev, &val); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get sysname: %m"); - - if (STARTSWITH_SET(val, "dm-", "md", "drbd")) -- return 0; -+ goto irrelevant; - - r = sd_device_get_devtype(dev, &val); - if (r < 0 && r != -ENOENT) -@@ -417,16 +411,46 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - r = sd_device_get_devname(dev, &val); - if (r == -ENOENT) -- return 0; -+ goto irrelevant; - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get devname: %m"); - -+ *ret = val; -+ return 1; -+ -+irrelevant: -+ *ret = NULL; -+ return 0; -+} -+ -+static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -+ _cleanup_close_ int fd = -1; -+ const char *val; -+ int r; -+ -+ assert(dev); -+ assert(ret_fd); -+ -+ /* Take a shared lock on the device node; this establishes a concept of device "ownership" to -+ * serialize device access. External processes holding an exclusive lock will cause udev to skip the -+ * event handling; in the case udev acquired the lock, the external process can block until udev has -+ * finished its event handling. */ -+ -+ r = device_get_block_device(dev, &val); -+ if (r < 0) -+ return r; -+ if (r == 0) -+ goto nolock; -+ - fd = open(val, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK); - if (fd < 0) { - bool ignore = ERRNO_IS_DEVICE_ABSENT(errno); - - log_device_debug_errno(dev, errno, "Failed to open '%s'%s: %m", val, ignore ? ", ignoring" : ""); -- return ignore ? 0 : -errno; -+ if (!ignore) -+ return -errno; -+ -+ goto nolock; - } - - if (flock(fd, LOCK_SH|LOCK_NB) < 0) -@@ -434,6 +458,10 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - *ret_fd = TAKE_FD(fd); - return 1; -+ -+nolock: -+ *ret_fd = -1; -+ return 0; - } - - static int worker_mark_block_device_read_only(sd_device *dev) { - \ No newline at end of file diff --git a/backport-udev-store-action-in-struct-Event.patch b/backport-udev-store-action-in-struct-Event.patch deleted file mode 100644 index b0281bdaf4507d8618adef51e0a5a7bd305e6967..0000000000000000000000000000000000000000 --- a/backport-udev-store-action-in-struct-Event.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0c3d8182c997c979c7a0ccce88d9fc48638261a5 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:39:55 +0900 -Subject: [PATCH] udev: store action in struct Event - -Reference:https://github.com/systemd/systemd/commit/0c3d8182c997c979c7a0ccce88d9fc48638261a5 -Conflict:NA - ---- - src/udev/udevd.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 53728c9f7971..d153b03a38e1 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -125,6 +125,7 @@ typedef struct Event { - - sd_device *dev; - -+ sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; - -@@ -964,16 +965,12 @@ static int event_queue_start(Manager *manager) { - r = event_is_blocked(event); - if (r > 0) - continue; -- if (r < 0) { -- sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; -- -- (void) sd_device_get_action(event->dev, &a); -+ if (r < 0) - log_device_warning_errno(event->dev, r, - "Failed to check dependencies for event (SEQNUM=%"PRIu64", ACTION=%s), " - "assuming there is no blocking event, ignoring: %m", - event->seqnum, -- strna(device_action_to_string(a))); -- } -+ strna(device_action_to_string(event->action))); - - r = event_run(event); - if (r <= 0) /* 0 means there are no idle workers. Let's escape from the loop. */ -@@ -984,6 +981,7 @@ static int event_queue_start(Manager *manager) { - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { -+ sd_device_action_t action; - uint64_t seqnum; - Event *event; - int r; -@@ -999,6 +997,10 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -+ r = sd_device_get_action(dev, &action); -+ if (r < 0) -+ return r; -+ - event = new(Event, 1); - if (!event) - return -ENOMEM; -@@ -1007,6 +1009,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - .manager = manager, - .dev = sd_device_ref(dev), - .seqnum = seqnum, -+ .action = action, - .state = EVENT_QUEUED, - }; - - diff --git a/backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch b/backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch deleted file mode 100644 index 92ee8b3227e05ad4d6b55ee9d44a32a0efda3ae2..0000000000000000000000000000000000000000 --- a/backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 67c3e1f63a5221b47a8fea85ae421671f29f3b7e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 21 Sep 2022 02:26:42 +0900 -Subject: [PATCH] udev: support by-path devlink for multipath nvme block - devices - -If multipath feature is enabled, nvme block devices may belong to the -"nvme-subsystem" subsystem, instead of "nvme" subsystem. -(What a confusing name...) - -Then, the syspath is something like the following, - /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 -Hence, we need to find the 'real parent' device, such as - /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810. -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964. -Replaces #24748. - -Conflict:different code contexts, manual synchronization path, and include patch 6209bb and f4a449 to fix coredump in 67c3e1f -Reference:https://github.com/systemd/systemd/commit/67c3e1f63a5221b47a8fea85ae421671f29f3b7e ---- - rules.d/60-persistent-storage.rules | 1 + - src/udev/udev-builtin-path_id.c | 61 +++++++++++++++++++++++++---- - 2 files changed, 54 insertions(+), 8 deletions(-) - -diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules -index 03f0a619dc..64a2409196 100644 ---- a/rules.d/60-persistent-storage.rules -+++ b/rules.d/60-persistent-storage.rules -@@ -88,6 +88,7 @@ KERNEL=="msblk[0-9]p[0-9]|mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL} - - # by-path - ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" -+ENV{DEVTYPE}=="disk", SUBSYSTEMS=="nvme-subsystem", IMPORT{builtin}="path_id" - KERNEL=="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-boot%n" - KERNEL!="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" - ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" -diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c -index ce7bc5caf0..7ec2e94583 100644 ---- a/src/udev/udev-builtin-path_id.c -+++ b/src/udev/udev-builtin-path_id.c -@@ -543,19 +543,55 @@ static sd_device *handle_ap(sd_device *parent, char **path) { - return skip_subsystem(parent, "ap"); - } - -+static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { -+ _cleanup_(sd_device_unrefp) sd_device *nvme = NULL; -+ const char *sysname, *end; -+ int r; -+ -+ /* If the device belongs to "nvme-subsystem" (not to be confused with "nvme"), which happens when -+ * NVMe multipathing is enabled in the kernel (/sys/module/nvme_core/parameters/multipath is Y), -+ * then the syspath is something like the following: -+ * /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 -+ * Hence, we need to find the 'real parent' in "nvme" subsystem, e.g, -+ * /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 */ -+ -+ assert(dev); -+ assert(ret); -+ -+ r = sd_device_get_sysname(dev, &sysname); -+ if (r < 0) -+ return r; -+ -+ /* The sysname format of nvme block device is nvme%d[c%d]n%d[p%d], e.g. nvme0n1p2 or nvme0c1n2. -+ * (Note, nvme device with 'c' can be ignored, as they are hidden. ) -+ * The sysname format of nvme subsystem device is nvme%d. -+ * See nvme_alloc_ns() and nvme_init_ctrl() in drivers/nvme/host/core.c for more details. */ -+ end = startswith(sysname, "nvme"); -+ if (!end) -+ return -ENXIO; -+ -+ end += strspn(end, DIGITS); -+ sysname = strndupa(sysname, end - sysname); -+ -+ r = sd_device_new_from_subsystem_sysname(&nvme, "nvme", sysname); -+ if (r < 0) -+ return r; -+ -+ *ret = TAKE_PTR(nvme); -+ return 0; -+} -+ - static int builtin_path_id(sd_device *dev, int argc, char *argv[], bool test) { -- sd_device *parent; -- _cleanup_free_ char *path = NULL; -- _cleanup_free_ char *compat_path = NULL; -- bool supported_transport = false; -- bool supported_parent = false; -+ _cleanup_(sd_device_unrefp) sd_device *dev_other_branch = NULL; -+ _cleanup_free_ char *path = NULL, *compat_path = NULL; -+ bool supported_transport = false, supported_parent = false; - const char *subsystem; -+ int r; - - assert(dev); - - /* walk up the chain of devices and compose path */ -- parent = dev; -- while (parent) { -+ for (sd_device *parent = dev; parent; ) { - const char *subsys, *sysname; - - if (sd_device_get_subsystem(parent, &subsys) < 0 || -@@ -642,13 +678,22 @@ static int builtin_path_id(sd_device *dev, sd_netlink **rtnl, int argc, char *ar - parent = skip_subsystem(parent, "iucv"); - supported_transport = true; - supported_parent = true; -- } else if (streq(subsys, "nvme")) { -+ } else if (STR_IN_SET(subsys, "nvme", "nvme-subsystem")) { - const char *nsid; - - if (sd_device_get_sysattr_value(dev, "nsid", &nsid) >= 0) { - path_prepend(&path, "nvme-%s", nsid); - if (compat_path) - path_prepend(&compat_path, "nvme-%s", nsid); -+ -+ if (streq(subsys, "nvme-subsystem")) { -+ r = find_real_nvme_parent(dev, &dev_other_branch); -+ if (r < 0) -+ return r; -+ -+ parent = dev_other_branch; -+ } -+ - parent = skip_subsystem(parent, "nvme"); - supported_parent = true; - supported_transport = true; --- -2.33.0 - diff --git a/backport-udev-update-comment-and-log-messages.patch b/backport-udev-update-comment-and-log-messages.patch deleted file mode 100644 index 17dbaf90fb94978ff6e08e129d138f50224a5a79..0000000000000000000000000000000000000000 --- a/backport-udev-update-comment-and-log-messages.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 87afc766d199642c6da956657b05690a39542856 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:48:36 +0900 -Subject: [PATCH] udev: update comment and log message - -Reference:https://github.com/systemd/systemd/commit/87afc766d199642c6da956657b05690a39542856 -Conflict:NA - ---- - src/udev/udevd.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 41d0ec1e137c..0407068d5112 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1448,10 +1448,11 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_tag_index(worker->event->dev, NULL, false); - - if (manager->monitor) { -- /* forward kernel event without amending it */ -+ /* Forward kernel event unchanged */ - r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); - if (r < 0) -- log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); -+ log_device_warning_errno(worker->event->dev_kernel, r, -+ "Failed to broadcast failed event to libudev listeners, ignoring: %m"); - } - } - - \ No newline at end of file diff --git a/backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch b/backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch deleted file mode 100644 index 06065e29cceda12d823a8cdb2972232a287d3600..0000000000000000000000000000000000000000 --- a/backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6be97d67c82ef5f45360c4323616739816b8f833 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Jun 2021 21:02:01 +0900 -Subject: [PATCH] udev: update log message to clarify that the error is ignored - -Reference:https://github.com/systemd/systemd/commit/6be97d67c82ef5f45360c4323616739816b8f833 -Conflict:NA - ---- - src/udev/udevd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 546bfe039e1d..34a5c9d5d8ee 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -171,8 +171,8 @@ static void event_free(Event *event) { - /* only clean up the queue from the process that created it */ - if (LIST_IS_EMPTY(event->manager->events) && - event->manager->pid == getpid_cached()) -- if (unlink("/run/udev/queue") < 0) -- log_warning_errno(errno, "Failed to unlink /run/udev/queue: %m"); -+ if (unlink("/run/udev/queue") < 0 && errno != ENOENT) -+ log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); - - free(event); - } -@@ -965,7 +965,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (LIST_IS_EMPTY(manager->events)) { - r = touch("/run/udev/queue"); - if (r < 0) -- log_warning_errno(r, "Failed to touch /run/udev/queue: %m"); -+ log_warning_errno(r, "Failed to touch /run/udev/queue, ignoring: %m"); - } - - LIST_APPEND(event, manager->events, event); diff --git a/backport-udev-when-setting-up-lo-do-not-return-an-error.patch b/backport-udev-when-setting-up-lo-do-not-return-an-error.patch deleted file mode 100644 index 3739d43b17efb97d304cf6d62810bef33bf66bc8..0000000000000000000000000000000000000000 --- a/backport-udev-when-setting-up-lo-do-not-return-an-error.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 5f2582e23f10b46052c7f83b85c1f85184b4cd0f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 26 Jul 2021 11:46:12 +0200 -Subject: [PATCH] udev: when setting up lo, do not return an error - -From #20300: -> commit 70f32a260b5ebb68c19ecadf5d69b3844896ba55 -> Author: Yu Watanabe -> Date: Sun May 23 16:59:40 2021 +0900 - -> udev/net: do not manage loopback interfaces - -> There are nothing we can configure in udevd for loopback interfaces; -> no ethertool configs can be applied, MAC address, interface name should - -> introduced a regression for 'udevadm test-builtin net_setup_link /sys/class/net/lo/'. -> Prior to this commit this command would exit with 0 whereas after this commit -> it exists with 1. This causes cloud-init on Archlinux to fail as this command -> is run by it and likely also netplan to have networkd rescan and re-apply a -> bunch of things on NICs. - -I think it's reasonable to keep returning 0 here: we are intentatinally doing -nothing for the device, and that is not an error, but a (noop) success. - -Fixes #20300. - -(cherry picked from commit b4f0261337c91157231452b5a258799391d7ae51) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f2582e23f10b46052c7f83b85c1f85184b4cd0f ---- - src/udev/udev-builtin-net_setup_link.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udev-builtin-net_setup_link.c b/src/udev/udev-builtin-net_setup_link.c -index d40251331c..5964e30bf1 100644 ---- a/src/udev/udev-builtin-net_setup_link.c -+++ b/src/udev/udev-builtin-net_setup_link.c -@@ -28,10 +28,12 @@ static int builtin_net_setup_link(sd_device *dev, int argc, char **argv, bool te - - r = link_config_get(ctx, dev, &link); - if (r < 0) { -- if (r == -ENOENT) -- return log_device_debug_errno(dev, r, "No matching link configuration found."); - if (r == -ENODEV) - return log_device_debug_errno(dev, r, "Link vanished while searching for configuration for it."); -+ if (r == -ENOENT) { -+ log_device_debug_errno(dev, r, "No matching link configuration found, ignoring device."); -+ return 0; -+ } - - return log_device_error_errno(dev, r, "Failed to get link config: %m"); - } --- -2.33.0 - diff --git a/backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch b/backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch deleted file mode 100644 index 2e2d2306a40b5cfce20dbbad2d3004e91a80b867..0000000000000000000000000000000000000000 --- a/backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 7a23db67795b6583028b7d7c0d5d8ef63c67d8c9 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Thu, 20 Jan 2022 14:31:45 +0100 -Subject: [PATCH] udevadm: cleanup-db: don't delete information for kept db - entries - -devices with the db_persist property won't be deleted during database -cleanup. This applies to dm and md devices in particular. -For such devices, we should also keep the files under /run/udev/links, -/run/udev/tags, and /run/udev/watch, to make sure that after restart, -udevd has the same information about the devices as it did before -the cleanup. - -If we don't do this, a lower-priority device that is discovered in -the coldplug phase may take over symlinks from a device that persisted. -Not removing the watches also enables udevd to resume watching a device -after restart. - -Signed-off-by: Martin Wilck -(cherry picked from commit 7ec624147a41d80f8e492c9fe19a24e2cda58c25) -(cherry picked from commit ef7ceef26adb714ef44b2fbc07a219c05a012b42) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7a23db67795b6583028b7d7c0d5d8ef63c67d8c9 ---- - src/udev/udevadm-info.c | 64 +++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 61 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c -index f05363150e..3314d6335e 100644 ---- a/src/udev/udevadm-info.c -+++ b/src/udev/udevadm-info.c -@@ -248,6 +248,64 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { - } - } - -+/* -+ * Assume that dir is a directory with file names matching udev data base -+ * entries for devices in /run/udev/data (such as "b8:16"), and removes -+ * all files except those that haven't been deleted in /run/udev/data -+ * (i.e. they were skipped during db cleanup because of the db_persist flag). -+ * Returns true if the directory is empty after cleanup. -+ */ -+static bool cleanup_dir_after_db_cleanup(DIR *dir, DIR *datadir) { -+ unsigned int kept = 0; -+ struct dirent *dent; -+ -+ assert(dir && datadir); -+ -+ FOREACH_DIRENT_ALL(dent, dir, break) { -+ struct stat data_stats, link_stats; -+ -+ if (dot_or_dot_dot(dent->d_name)) -+ continue; -+ if (fstatat(dirfd(dir), dent->d_name, &link_stats, AT_SYMLINK_NOFOLLOW) < 0) { -+ if (errno != ENOENT) -+ kept++; -+ continue; -+ } -+ -+ if (fstatat(dirfd(datadir), dent->d_name, &data_stats, 0) < 0) -+ (void) unlinkat(dirfd(dir), dent->d_name, -+ S_ISDIR(link_stats.st_mode) ? AT_REMOVEDIR : 0); -+ else -+ /* The entry still exists under /run/udev/data */ -+ kept++; -+ } -+ -+ return kept == 0; -+} -+ -+static void cleanup_dirs_after_db_cleanup(DIR *dir, DIR *datadir) { -+ struct dirent *dent; -+ -+ assert(dir && datadir); -+ -+ FOREACH_DIRENT_ALL(dent, dir, break) { -+ struct stat stats; -+ -+ if (dot_or_dot_dot(dent->d_name)) -+ continue; -+ if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) -+ continue; -+ if (S_ISDIR(stats.st_mode)) { -+ _cleanup_closedir_ DIR *dir2 = NULL; -+ -+ dir2 = fdopendir(openat(dirfd(dir), dent->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)); -+ if (dir2 && cleanup_dir_after_db_cleanup(dir2, datadir)) -+ (void) unlinkat(dirfd(dir), dent->d_name, AT_REMOVEDIR); -+ } else -+ (void) unlinkat(dirfd(dir), dent->d_name, 0); -+ } -+} -+ - static void cleanup_db(void) { - _cleanup_closedir_ DIR *dir1 = NULL, *dir2 = NULL, *dir3 = NULL, *dir4 = NULL, *dir5 = NULL; - -@@ -257,11 +315,11 @@ static void cleanup_db(void) { - - dir2 = opendir("/run/udev/links"); - if (dir2) -- cleanup_dir(dir2, 0, 2); -+ cleanup_dirs_after_db_cleanup(dir2, dir1); - - dir3 = opendir("/run/udev/tags"); - if (dir3) -- cleanup_dir(dir3, 0, 2); -+ cleanup_dirs_after_db_cleanup(dir3, dir1); - - dir4 = opendir("/run/udev/static_node-tags"); - if (dir4) -@@ -269,7 +327,7 @@ static void cleanup_db(void) { - - dir5 = opendir("/run/udev/watch"); - if (dir5) -- cleanup_dir(dir5, 0, 1); -+ cleanup_dir_after_db_cleanup(dir5, dir1); - } - - static int query_device(QueryType query, sd_device* device) { --- -2.33.0 - diff --git a/backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch b/backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch deleted file mode 100644 index fa22397bb849b1d1b2aa45493b12a022572b9dae..0000000000000000000000000000000000000000 --- a/backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 75ff2fb73ed545d0427aea251fae6d55124f0e7c Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Fri, 21 Jan 2022 10:44:26 +0100 -Subject: [PATCH] udevadm: cleanup_dir: use dot_or_dot_dot() - -which is safer than just checking dent[0]. -Also, fix two style issues. - -(cherry picked from commit 28d6e8545151d413f8614db9fa790f9f9edbb045) -(cherry picked from commit 494e3c0def197abd4ec88f7b0c3ba331a708d81e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/75ff2fb73ed545d0427aea251fae6d55124f0e7c ---- - src/udev/udevadm-info.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c -index fa7f04f14c..f05363150e 100644 ---- a/src/udev/udevadm-info.c -+++ b/src/udev/udevadm-info.c -@@ -224,12 +224,14 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { - if (depth <= 0) - return; - -+ assert(dir); -+ - FOREACH_DIRENT_ALL(dent, dir, break) { - struct stat stats; - -- if (dent->d_name[0] == '.') -+ if (dot_or_dot_dot(dent->d_name)) - continue; -- if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) != 0) -+ if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) - continue; - if ((stats.st_mode & mask) != 0) - continue; --- -2.33.0 - diff --git a/backport-umask-util-add-helper-that-resets-umask-until-end-of.patch b/backport-umask-util-add-helper-that-resets-umask-until-end-of.patch deleted file mode 100644 index 3316a58465c9244fce6fb66dc2abf7ddc4b8910c..0000000000000000000000000000000000000000 --- a/backport-umask-util-add-helper-that-resets-umask-until-end-of.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 77cfa37459fbd350c67c08597aaa5cc098fcc1ee Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:06:46 +0100 -Subject: [PATCH] umask-util: add helper that resets umask until end of current - code block - -(cherry picked from commit 52f05ef21d7790f37bc3cd6e54fb9a4bcb16efa5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/77cfa37459fbd350c67c08597aaa5cc098fcc1ee ---- - src/basic/umask-util.h | 3 +++ - src/nspawn/nspawn.c | 9 +++------ - src/shared/dev-setup.c | 3 +-- - src/test/test-fs-util.c | 3 ++- - 4 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/basic/umask-util.h b/src/basic/umask-util.h -index bd7c2bdb8c..90d18f70ba 100644 ---- a/src/basic/umask-util.h -+++ b/src/basic/umask-util.h -@@ -24,3 +24,6 @@ assert_cc((S_IFMT & 0777) == 0); - for (_cleanup_umask_ mode_t _saved_umask_ = umask(mask) | S_IFMT; \ - FLAGS_SET(_saved_umask_, S_IFMT); \ - _saved_umask_ &= 0777) -+ -+#define BLOCK_WITH_UMASK(mask) \ -+ _unused_ _cleanup_umask_ mode_t _saved_umask_ = umask(mask); -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 575b9da447..1c468b310f 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -2201,13 +2201,12 @@ static int copy_devnodes(const char *dest) { - "tty\0" - "net/tun\0"; - -- _cleanup_umask_ mode_t u; - const char *d; - int r = 0; - - assert(dest); - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - /* Create /dev/net, so that we can create /dev/net/tun in it */ - if (userns_mkdir(dest, "/dev/net", 0755, 0, 0) < 0) -@@ -2284,11 +2283,10 @@ static int copy_devnodes(const char *dest) { - } - - static int make_extra_nodes(const char *dest) { -- _cleanup_umask_ mode_t u; - size_t i; - int r; - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - for (i = 0; i < arg_n_extra_nodes; i++) { - _cleanup_free_ char *path = NULL; -@@ -2485,12 +2483,11 @@ static int setup_kmsg(int kmsg_socket) { - _cleanup_(unlink_and_freep) char *from = NULL; - _cleanup_free_ char *fifo = NULL; - _cleanup_close_ int fd = -1; -- _cleanup_umask_ mode_t u; - int r; - - assert(kmsg_socket >= 0); - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - /* We create the kmsg FIFO as as temporary file in /run, but immediately delete it after bind mounting it to - * /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves -diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c -index b788b06913..0390abbfdc 100644 ---- a/src/shared/dev-setup.c -+++ b/src/shared/dev-setup.c -@@ -81,13 +81,12 @@ int make_inaccessible_nodes( - { "inaccessible/blk", S_IFBLK | 0000 }, - }; - -- _cleanup_umask_ mode_t u; - int r; - - if (!parent_dir) - parent_dir = "/run/systemd"; - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - /* Set up inaccessible (and empty) file nodes of all types. This are used to as mount sources for over-mounting - * ("masking") file nodes that shall become inaccessible and empty for specific containers or services. We try -diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c -index 08bebcf0e8..a24558f25b 100644 ---- a/src/test/test-fs-util.c -+++ b/src/test/test-fs-util.c -@@ -763,7 +763,6 @@ static void test_rename_noreplace(void) { - - static void test_chmod_and_chown(void) { - _cleanup_(rm_rf_physical_and_freep) char *d = NULL; -- _unused_ _cleanup_umask_ mode_t u = umask(0000); - struct stat st; - const char *p; - -@@ -772,6 +771,8 @@ static void test_chmod_and_chown(void) { - - log_info("/* %s */", __func__); - -+ BLOCK_WITH_UMASK(0000); -+ - assert_se(mkdtemp_malloc(NULL, &d) >= 0); - - p = strjoina(d, "/reg"); --- -2.33.0 - diff --git a/backport-unit-coldplug-both-job-and-nop_job-if-possible.patch b/backport-unit-coldplug-both-job-and-nop_job-if-possible.patch deleted file mode 100644 index 18580507a15f8cca39c0d85b5f99c9b60bd6d55d..0000000000000000000000000000000000000000 --- a/backport-unit-coldplug-both-job-and-nop_job-if-possible.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 213ae9db6274227636fdca6731511499ed933e61 Mon Sep 17 00:00:00 2001 -From: Geass-LL -Date: Fri, 2 Apr 2021 11:27:59 +0800 -Subject: [PATCH] unit: coldplug both job and nop_job if possible - -Sometimes, both job and nop_job are deserialized. In this case, -if we only cold plug the job, the nop_job will also stuck in the -job list. - -(cherry picked from commit 7dbd330c7ef28852db0fb044503ed6f072477d50) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/213ae9db6274227636fdca6731511499ed933e61 ---- - src/core/unit.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index e469beb534..38d3eb703f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3581,7 +3581,6 @@ int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask m - int unit_coldplug(Unit *u) { - int r = 0, q; - char **i; -- Job *uj; - - assert(u); - -@@ -3604,9 +3603,13 @@ int unit_coldplug(Unit *u) { - r = q; - } - -- uj = u->job ?: u->nop_job; -- if (uj) { -- q = job_coldplug(uj); -+ if (u->job) { -+ q = job_coldplug(u->job); -+ if (q < 0 && r >= 0) -+ r = q; -+ } -+ if (u->nop_job) { -+ q = job_coldplug(u->nop_job); - if (q < 0 && r >= 0) - r = q; - } --- -2.33.0 - diff --git a/backport-unit-escape.patch b/backport-unit-escape.patch deleted file mode 100644 index 2394762fd3b89c13a12e463113eee4d2345097a5..0000000000000000000000000000000000000000 --- a/backport-unit-escape.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 6e4d122ad1db11ca898de183f898f731c4839d4a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 01:29:42 +0900 -Subject: [PATCH] unit: escape % - -Fixes #22601. ---- - units/tmp.mount | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/tmp.mount b/units/tmp.mount -index 4e1bb8de24..734acea237 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -22,4 +22,4 @@ After=swap.target - What=tmpfs - Where=/tmp - Type=tmpfs --Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m -+Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m --- -2.27.0 - diff --git a/backport-unit-file-avoid-null-in-debugging-logs.patch b/backport-unit-file-avoid-null-in-debugging-logs.patch deleted file mode 100644 index 5abc1894aed545b62dccc3407c84702a4c3c1849..0000000000000000000000000000000000000000 --- a/backport-unit-file-avoid-null-in-debugging-logs.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e58e1472edc97ff2b234fda60fd0f977f12659fb Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 23 Jul 2022 12:48:35 +0900 -Subject: [PATCH] unit-file: avoid (null) in debugging logs - -The variable `inst` was set to NULL by TAKE_PTR(). - -This fixes the following log message: -``` -systemd[1]: Unit getty@tty2.service has alias (null). -``` - -(cherry picked from commit 7c35b78a0b96085e3d634542212c5521bc2a2f21) -(cherry picked from commit 9ac0ad80fe97c22ec3dc4670e859abaae9a1f8bf) -(cherry picked from commit 0e7214c8b5c95bc378ad6b9353e944ec0fba4e21) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e58e1472edc97ff2b234fda60fd0f977f12659fb ---- - src/basic/unit-file.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index d1e997ec9f..7b0c932654 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -520,12 +520,9 @@ static int add_names( - continue; - } - -- r = set_consume(*names, TAKE_PTR(inst)); -- if (r > 0) -- log_debug("Unit %s has alias %s.", unit_name, inst); -+ r = add_name(unit_name, names, inst); - } else - r = add_name(unit_name, names, *alias); -- - if (r < 0) - return r; - } --- -2.27.0 - diff --git a/backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch b/backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch deleted file mode 100644 index 0829a03e1ae333957ebf6fe2ad614fe6b413469c..0000000000000000000000000000000000000000 --- a/backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 02d51801672376505f07fae5938e195845f2c7a9 Mon Sep 17 00:00:00 2001 -From: Dominique Martinet -Date: Wed, 24 Nov 2021 22:27:22 +0900 -Subject: [PATCH] unit_is_bound_by_inactive: fix return pointer check - -*ret_culprit should be set if ret_culprit has been passed a non-null value, -checking the previous *ret_culprit value does not make sense. - -This would cause the culprit to not properly be assigned, leading to -pid1 crash when a unit could not be stopped. - -Fixes: #21476 - -(cherry picked from commit 3da361064bf550d1818c7cd800a514326058e5f2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/02d51801672376505f07fae5938e195845f2c7a9 ---- - src/core/unit.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 38d3eb703f..c792bd8e82 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2118,7 +2118,7 @@ bool unit_is_bound_by_inactive(Unit *u, Unit **ret_culprit) { - continue; - - if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { -- if (*ret_culprit) -+ if (ret_culprit) - *ret_culprit = other; - - return true; --- -2.33.0 - diff --git a/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch b/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch deleted file mode 100644 index 2de832eee58c43a266d3a6d9ff60cbd25d23da2a..0000000000000000000000000000000000000000 --- a/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 639423416c18c3a41a8f326618e340c25585a40a Mon Sep 17 00:00:00 2001 -From: Alban Bedel -Date: Wed, 15 Jun 2022 13:12:46 +0200 -Subject: [PATCH] units: remove the restart limit on the modprobe@.service - -They are various cases where the same module might be repeatedly -loaded in a short time frame, for example if a service depending on a -module keep restarting, or if many instances of such service get -started at the same time. If this happend the modprobe@.service -instance will be marked as failed because it hit the restart limit. - -Overall it doesn't seems to make much sense to have a restart limit on -the modprobe service so just disable it. - -Fixes: #23742 -(cherry picked from commit 9625350e5381a68c1179ae4581e7586c206663e1) -(cherry picked from commit 8539a62207c9d0cc1656458eb53ffc9177b2c7c8) ---- - units/modprobe@.service | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/units/modprobe@.service b/units/modprobe@.service -index cf8baf6084..85a2c08dee 100644 ---- a/units/modprobe@.service -+++ b/units/modprobe@.service -@@ -13,6 +13,7 @@ DefaultDependencies=no - Before=sysinit.target - Documentation=man:modprobe(8) - ConditionCapability=CAP_SYS_MODULE -+StartLimitIntervalSec=0 - - [Service] - Type=oneshot --- -2.33.0 - diff --git a/backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch b/backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch deleted file mode 100644 index cd65874c364cbf0d6e3b41c9ba07fc8f560d043e..0000000000000000000000000000000000000000 --- a/backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 5ee578fd13809e08fbda1a9bca2256ffd24e9857 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 5 Oct 2021 18:24:05 +0200 -Subject: [PATCH] user-record: disable two pbkdf fields that don't apply for - pkbdf2 - -Fixes: #20830 -(cherry picked from commit 8b4f88d13681c6dec839de06c668d32374d44724) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5ee578fd13809e08fbda1a9bca2256ffd24e9857 ---- - src/shared/user-record.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/shared/user-record.c b/src/shared/user-record.c -index 17460ceaf6..5fb3d4bbf2 100644 ---- a/src/shared/user-record.c -+++ b/src/shared/user-record.c -@@ -1913,9 +1913,9 @@ uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) { - assert(h); - - /* Returns a value with kb granularity, since that's what libcryptsetup expects */ -- - if (h->luks_pbkdf_memory_cost == UINT64_MAX) -- return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */ -+ return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */ -+ 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */ - - return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024; - } -@@ -1923,8 +1923,9 @@ uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) { - uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) { - assert(h); - -- if (h->luks_pbkdf_memory_cost == UINT64_MAX) -- return 1; /* We default to 1, since this should work on smaller systems too */ -+ if (h->luks_pbkdf_parallel_threads == UINT64_MAX) -+ return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */ -+ 1; /* We default to 1, since this should work on smaller systems too */ - - return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX); - } --- -2.33.0 - diff --git a/backport-user-record-fix-display-of-access-mode.patch b/backport-user-record-fix-display-of-access-mode.patch deleted file mode 100644 index bc28126e11cb7d487e18518c91b9d6f9bcb0542f..0000000000000000000000000000000000000000 --- a/backport-user-record-fix-display-of-access-mode.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9e318d9ff288b2b12b21a534d0cab3b4e153b462 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 5 Nov 2021 16:36:32 +0100 -Subject: [PATCH] user-record: fix display of access mode - -(cherry picked from commit 7cdd5c0d4c2213b791d8d22e7dd466a39e9c5db0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9e318d9ff288b2b12b21a534d0cab3b4e153b462 ---- - src/shared/user-record-show.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c -index 29790282b4..54ff949ff5 100644 ---- a/src/shared/user-record-show.c -+++ b/src/shared/user-record-show.c -@@ -280,7 +280,7 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) { - printf(" IO Weight: %" PRIu64 "\n", hr->io_weight); - - if (hr->access_mode != MODE_INVALID) -- printf(" Access Mode: 0%03oo\n", user_record_access_mode(hr)); -+ printf(" Access Mode: 0%03o\n", user_record_access_mode(hr)); - - if (storage == USER_LUKS) { - printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr)), yes_no(user_record_luks_offline_discard(hr))); --- -2.33.0 - diff --git a/backport-userdb-fix-type-to-pass-to-connect.patch b/backport-userdb-fix-type-to-pass-to-connect.patch deleted file mode 100644 index 6c89beb3309ec0be4f235b3447268ca1b5734ef9..0000000000000000000000000000000000000000 --- a/backport-userdb-fix-type-to-pass-to-connect.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 667eab61d4c5520d7875de5df489ec68a4c9f123 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 16 Oct 2021 05:04:26 +0900 -Subject: [PATCH] userdb: fix type to pass to connect() - -Fixes https://github.com/systemd/systemd/pull/20613#issuecomment-944621275. - -(cherry picked from commit c14e57356f1e82c35bf3a3e8aaeac134b545801b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/667eab61d4c5520d7875de5df489ec68a4c9f123 ---- - src/userdb/userdbctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c -index 8db0c34fb5..9ec0ad6c5e 100644 ---- a/src/userdb/userdbctl.c -+++ b/src/userdb/userdbctl.c -@@ -512,7 +512,7 @@ static int display_services(int argc, char *argv[], void *userdata) { - if (fd < 0) - return log_error_errno(r, "Failed to allocate AF_UNIX/SOCK_STREAM socket: %m"); - -- if (connect(fd, &sockaddr.un, sockaddr_len) < 0) { -+ if (connect(fd, &sockaddr.sa, sockaddr_len) < 0) { - no = strjoin("No (", errno_to_name(errno), ")"); - if (!no) - return log_oom(); --- -2.33.0 - diff --git a/backport-util-another-set-of-CVE-2021-4034-assert-s.patch b/backport-util-another-set-of-CVE-2021-4034-assert-s.patch deleted file mode 100644 index ca8b54d1c1e6384dad07d28cdbfcdc09094cafc4..0000000000000000000000000000000000000000 --- a/backport-util-another-set-of-CVE-2021-4034-assert-s.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 356b1ee1febeecf636eec6b7e08036603bf760d5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 12:06:21 +0100 -Subject: [PATCH] util: another set of CVE-2021-4034 assert()s - -It's a good idea that we validate argc/argv when we are supposed to -store them away. - -(cherry picked from commit 007e03b284e8ffc0b92edb2122cd9d2d16f049ef) -(cherry picked from commit dcba78244e5dc3a4b57fb978a2d21640164c89a2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/356b1ee1febeecf636eec6b7e08036603bf760d5 ---- - src/basic/util.h | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/basic/util.h b/src/basic/util.h -index b6c51c036e..22fcef719f 100644 ---- a/src/basic/util.h -+++ b/src/basic/util.h -@@ -9,6 +9,12 @@ extern int saved_argc; - extern char **saved_argv; - - static inline void save_argc_argv(int argc, char **argv) { -+ -+ /* Protect against CVE-2021-4034 style attacks */ -+ assert_se(argc > 0); -+ assert_se(argv); -+ assert_se(argv[0]); -+ - saved_argc = argc; - saved_argv = argv; - } --- -2.33.0 - diff --git a/backport-utmp-remove-dev-from-line.patch b/backport-utmp-remove-dev-from-line.patch deleted file mode 100644 index 5b6f2efe12378582e7352bd2143d1d462753b627..0000000000000000000000000000000000000000 --- a/backport-utmp-remove-dev-from-line.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 09534e85b5c51c664077637e7e8c7c68dec52972 Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Mon, 18 Oct 2021 20:58:43 +0200 -Subject: [PATCH] utmp: remove /dev from line - -utmp(5) says `ut_line` is the device name minus the leading "/dev/". Therefore, -remove it. Without that, when using UtmpMode=user, we get `/dev/tty` in the -output of `last`/`w`. - -(cherry picked from commit 33331d116db2eaf1189ea56ee4b36540179ac3dd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/09534e85b5c51c664077637e7e8c7c68dec52972 ---- - src/core/execute.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 2a337b55a2..6ff757ff04 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4059,13 +4059,17 @@ static int exec_child( - } - } - -- if (context->utmp_id) -+ if (context->utmp_id) { -+ const char *line = context->tty_path ? -+ (path_startswith(context->tty_path, "/dev/") ?: context->tty_path) : -+ NULL; - utmp_put_init_process(context->utmp_id, getpid_cached(), getsid(0), -- context->tty_path, -+ line, - context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS : - context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS : - USER_PROCESS, - username); -+ } - - if (uid_is_valid(uid)) { - r = chown_terminal(STDIN_FILENO, uid); --- -2.33.0 - diff --git a/backport-varlink-disconnect-varlink-link-in-one-more-case.patch b/backport-varlink-disconnect-varlink-link-in-one-more-case.patch deleted file mode 100644 index 915d3dbdb09fdbb6ddf7704fb3bdeece233f960e..0000000000000000000000000000000000000000 --- a/backport-varlink-disconnect-varlink-link-in-one-more-case.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 968f2f3f5a76b05142e1de447bb79f4f97868721 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 21 Oct 2021 17:29:48 +0200 -Subject: [PATCH] varlink: disconnect varlink link in one more case - -Previously we'd possibly see POLLHUP on a varlink link, and continue to -run epoll on it even though we have nothing to read nor write anymore. - -Let's fix that, and once we know that there's nothing to write anymore -(or we saw a write error already) we'll disconnect after POLLHUP. - -Fixes: #20062 -(cherry picked from commit 7c26a631ad8bf91016db156b7d299ca68fd7866e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/968f2f3f5a76b05142e1de447bb79f4f97868721 ---- - src/shared/varlink.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/shared/varlink.c b/src/shared/varlink.c -index 8da568e208..a57475b5ba 100644 ---- a/src/shared/varlink.c -+++ b/src/shared/varlink.c -@@ -417,9 +417,10 @@ static int varlink_test_disconnect(Varlink *v) { - if (IN_SET(v->state, VARLINK_IDLE_CLIENT) && (v->write_disconnected || v->got_pollhup)) - goto disconnect; - -- /* The server is still expecting to write more, but its write end is disconnected and it got a POLLHUP -- * (i.e. from a disconnected client), so disconnect. */ -- if (IN_SET(v->state, VARLINK_PENDING_METHOD, VARLINK_PENDING_METHOD_MORE) && v->write_disconnected && v->got_pollhup) -+ /* We are on the server side and still want to send out more replies, but we saw POLLHUP already, and -+ * either got no buffered bytes to write anymore or already saw a write error. In that case we should -+ * shut down the varlink link. */ -+ if (IN_SET(v->state, VARLINK_PENDING_METHOD, VARLINK_PENDING_METHOD_MORE) && (v->write_disconnected || v->output_buffer_size == 0) && v->got_pollhup) - goto disconnect; - - return 0; --- -2.33.0 - diff --git a/backport-veritysetup-print-help-for-help-h-help.patch b/backport-veritysetup-print-help-for-help-h-help.patch deleted file mode 100644 index a3725c9d2a81f0ec4f15f6a8e66e8c4e5e0b46e5..0000000000000000000000000000000000000000 --- a/backport-veritysetup-print-help-for-help-h-help.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5e5923f272682476c053e5afd705e0f6b4595cbf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 31 Jul 2021 09:00:11 +0200 -Subject: [PATCH] veritysetup: print help for --help/-h/help - -In general our commands print help on --help, but here this would trigger -the error that two arguments are needed. Let's make this more user-friendly. - -(cherry picked from commit 5d5e43cc33637a12f743f17294cfbd3ede08a1b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5e5923f272682476c053e5afd705e0f6b4595cbf ---- - src/veritysetup/veritysetup.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c -index 34208dcd87..14d7462ddb 100644 ---- a/src/veritysetup/veritysetup.c -+++ b/src/veritysetup/veritysetup.c -@@ -130,7 +130,10 @@ static int run(int argc, char *argv[]) { - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; - int r; - -- if (argc <= 1) -+ if (argc <= 1 || -+ strv_contains(strv_skip(argv, 1), "--help") || -+ strv_contains(strv_skip(argv, 1), "-h") || -+ streq(argv[1], "help")) - return help(); - - if (argc < 3) --- -2.33.0 - diff --git a/backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch b/backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch deleted file mode 100644 index fc435fc520b93ca34cf34d36f8b233130b29fb3c..0000000000000000000000000000000000000000 --- a/backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ba22ee4985c6ca690b84fdca36cf012b200a3c4e Mon Sep 17 00:00:00 2001 -From: Boqun Feng -Date: Tue, 23 Nov 2021 15:09:26 +0800 -Subject: [PATCH] virt: Fix the detection for Hyper-V VMs - -Use product_version instead of product_name in DMI table and the string -"Hyper-V" to avoid misdetection. - -Fixes: #21468 - -Signed-off-by: Boqun Feng -(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ba22ee4985c6ca690b84fdca36cf012b200a3c4e ---- - src/basic/virt.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index cc123a286f..bbc583ae52 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -146,7 +146,8 @@ static int detect_vm_dmi_vendor(void) { - "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ - "/sys/class/dmi/id/sys_vendor", - "/sys/class/dmi/id/board_vendor", -- "/sys/class/dmi/id/bios_vendor" -+ "/sys/class/dmi/id/bios_vendor", -+ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */ - }; - - static const struct { -@@ -165,7 +166,7 @@ static int detect_vm_dmi_vendor(void) { - { "Parallels", VIRTUALIZATION_PARALLELS }, - /* https://wiki.freebsd.org/bhyve */ - { "BHYVE", VIRTUALIZATION_BHYVE }, -- { "Microsoft", VIRTUALIZATION_MICROSOFT }, -+ { "Hyper-V", VIRTUALIZATION_MICROSOFT }, - }; - int r; - --- -2.33.0 - diff --git a/backport-virt-Improve-detection-of-EC2-metal-instances.patch b/backport-virt-Improve-detection-of-EC2-metal-instances.patch deleted file mode 100644 index 309cca9587b4f20cfdf66c2366647cf15b737b1f..0000000000000000000000000000000000000000 --- a/backport-virt-Improve-detection-of-EC2-metal-instances.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 785e760653cf5249207caa80857956f0096525df Mon Sep 17 00:00:00 2001 -From: Benjamin Herrenschmidt -Date: Fri, 3 Sep 2021 11:36:46 +1000 -Subject: [PATCH] virt: Improve detection of EC2 metal instances - -The current detection code relies on /sys/firmware/dmi/entries/0-0/raw -to disambiguate Amazon EC2 virtualized from metal instances. - -Unfortunately this file is root only. Thus on a c6g.metal instance -(aarch64), we observe something like this: - -$ systemd-detect-virt -amazon -$ sudo systemd-detect-virt -none - -Only the latter is correct. - -The right long term fix is to extend the kernel to expose the SMBIOS BIOS -Characteristics properly via /sys/class/dmi, but until this happens (and -for backwards compatibility when it does), we need a plan B. - -This change implements such a workaround by falling back to using the -instance type from DMI and looking at the ".metal" string present on -metal instances. - -Signed-off-by: Benjamin Herrenschmidt -(cherry picked from commit f90eea7d18d9ebe88e6a66cd7a86b618def8945d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/785e760653cf5249207caa80857956f0096525df ---- - src/basic/virt.c | 32 ++++++++++++++++++++++++++++++-- - 1 file changed, 30 insertions(+), 2 deletions(-) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7e88f09b48..7ed01ba3c9 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -235,8 +235,36 @@ static int detect_vm_dmi(void) { - - /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between Amazon EC2 - * virtual machines and bare-metal instances, so we need to look at SMBIOS. */ -- if (r == VIRTUALIZATION_AMAZON && detect_vm_smbios() == SMBIOS_VM_BIT_UNSET) -- return VIRTUALIZATION_NONE; -+ if (r == VIRTUALIZATION_AMAZON) { -+ switch (detect_vm_smbios()) { -+ case SMBIOS_VM_BIT_SET: -+ return VIRTUALIZATION_AMAZON; -+ case SMBIOS_VM_BIT_UNSET: -+ return VIRTUALIZATION_NONE; -+ case SMBIOS_VM_BIT_UNKNOWN: { -+ /* The DMI information we are after is only accessible to the root user, -+ * so we fallback to using the product name which is less restricted -+ * to distinguish metal systems from virtualized instances */ -+ _cleanup_free_ char *s = NULL; -+ -+ r = read_full_virtual_file("/sys/class/dmi/id/product_name", &s, NULL); -+ /* In EC2, virtualized is much more common than metal, so if for some reason -+ * we fail to read the DMI data, assume we are virtualized. */ -+ if (r < 0) { -+ log_debug_errno(r, "Can't read /sys/class/dmi/id/product_name," -+ " assuming virtualized: %m"); -+ return VIRTUALIZATION_AMAZON; -+ } -+ if (endswith(truncate_nl(s), ".metal")) { -+ log_debug("DMI product name ends with '.metal', assuming no virtualization"); -+ return VIRTUALIZATION_NONE; -+ } else -+ return VIRTUALIZATION_AMAZON; -+ } -+ default: -+ assert_not_reached("Bad virtualization value"); -+ } -+ } - - /* If we haven't identified a VM, but the firmware indicates that there is one, indicate as much. We - * have no further information about what it is. */ --- -2.33.0 - diff --git a/backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch b/backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch deleted file mode 100644 index 48ece313324f0a291c2b577d096092e7e0e1c7cf..0000000000000000000000000000000000000000 --- a/backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 258968ba75bc27d4ea61967b9a27c1f139e89799 Mon Sep 17 00:00:00 2001 -From: Boqun Feng -Date: Wed, 13 Oct 2021 11:32:09 +0800 -Subject: [PATCH] virt: Support detection for ARM64 Hyper-V guests - -The detection of Microsoft Hyper-V VMs is done by cpuid currently, -however there is no cpuid on ARM64. And since ARM64 is now a supported -architecture for Microsoft Hyper-V guests[1], then use DMI tables to -detect a Hyper-V guest, which is more generic and works for ARM64. - -[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467 - -(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/258968ba75bc27d4ea61967b9a27c1f139e89799 ---- - src/basic/virt.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7ed01ba3c9..0243b2d2a8 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -165,6 +165,7 @@ static int detect_vm_dmi_vendor(void) { - { "Parallels", VIRTUALIZATION_PARALLELS }, - /* https://wiki.freebsd.org/bhyve */ - { "BHYVE", VIRTUALIZATION_BHYVE }, -+ { "Microsoft", VIRTUALIZATION_MICROSOFT }, - }; - int r; - --- -2.33.0 - diff --git a/backport-virt-detect-OpenStack-Nova-instance.patch b/backport-virt-detect-OpenStack-Nova-instance.patch deleted file mode 100644 index 47f4df4722f9cae24574392657ab1578d0327c71..0000000000000000000000000000000000000000 --- a/backport-virt-detect-OpenStack-Nova-instance.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 01d9fbccddd694bc584aed24eaa0543f831dc929 Mon Sep 17 00:00:00 2001 -From: wangyuhang -Date: Tue, 19 Apr 2022 21:05:25 +0800 -Subject: [PATCH] virt: detect OpenStack Nova instance - -Conflict:add testcase for virt detect OpenStack Nova instance -Reference:https://github.com/systemd/systemd/commit/01d9fbccddd694bc584aed24eaa0543f831dc929 ---- - src/basic/virt.c | 1 + - src/test/meson.build | 14 ++ - src/test/test-virt.c | 39 ++++++++++++++++++++++++++++++ - 3 file changed, 54 insertion(+) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7e88f09..d8740cf 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -154,6 +154,7 @@ static int detect_vm_dmi_vendor(void) { - int id; - } dmi_vendor_table[] = { - { "KVM", VIRTUALIZATION_KVM }, -+ { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ - { "Amazon EC2", VIRTUALIZATION_AMAZON }, - { "QEMU", VIRTUALIZATION_QEMU }, - { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ - -diff --git a/src/test/meson.build b/src/test/meson.build -index e106059..ea64a12 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -602,6 +602,14 @@ tests += [ - - [['src/test/test-nscd-flush.c'], - [], [], [], 'ENABLE_NSCD', 'manual'], -+ -+ [['src/test/test-virt.c', -+ 'src/basic/virt.c', -+ 'src/basic/virt.h'], -+ [libcore, -+ libshared], -+ [], -+ core_includes], - ] - - ############################################################ - -diff --git a/src/test/test-virt.c b/src/test/test-virt.c -new file mode 100644 -index 0000000..17cc22e ---- /dev/null -+++ b/src/test/test-virt.c -@@ -0,0 +1,39 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include -+#include -+#include -+ -+#include "string-util.h" -+#include "fileio.h" -+#include "virt.h" -+#include "log.h" -+#include "tests.h" -+ -+static void detect_virt(const char *vendor) { -+ assert_se(write_string_file("/sys/class/dmi/id/product_name", vendor, -+ WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755) == 0); -+ -+ assert_se(detect_virtualization() == VIRTUALIZATION_KVM); -+} -+ -+int main(int argc, char *argv[]) { -+ char template[] = "/tmp/test-virt.XXXXXX"; -+ assert_se(mkdtemp(template)); -+ -+ if (geteuid() > 0 && unshare(CLONE_NEWUSER) != 0) { -+ (void) log_tests_skipped("Don't have namespace support"); -+ return EXIT_TEST_SKIP; -+ } -+ -+ if (chroot(template) != 0) { -+ (void) log_tests_skipped("Don't have chroot support"); -+ return EXIT_TEST_SKIP; -+ } -+ -+#if defined(__arm__) || defined(__aarch64__) -+ detect_virt("OpenStack Nova"); -+#endif -+ -+ return 0; -+} -\ No newline at end of file --- -2.27.0 - diff --git a/backport-wait-online-rename-Manager-elements.patch b/backport-wait-online-rename-Manager-elements.patch deleted file mode 100644 index 5011a9755bf611838e939779b0a88a42e5f7caea..0000000000000000000000000000000000000000 --- a/backport-wait-online-rename-Manager-elements.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 5d4fc5cb2a0d18f8a67468209227a59ec3f30b5f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 26 Jan 2022 20:54:39 +0900 -Subject: [PATCH] wait-online: rename Manager elements - -(cherry picked from commit 5f200833ed0754adaba548b0b617f6c192615acd) -(cherry picked from commit 397ede8dcd29f35350c015f1d945e50c88476a93) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5d4fc5cb2a0d18f8a67468209227a59ec3f30b5f ---- - src/network/wait-online/link.c | 4 ++-- - src/network/wait-online/manager.c | 33 ++++++++++++++++++------------- - src/network/wait-online/manager.h | 8 ++++---- - 3 files changed, 25 insertions(+), 20 deletions(-) - -diff --git a/src/network/wait-online/link.c b/src/network/wait-online/link.c -index 5a33d563c2..0f5f68e765 100644 ---- a/src/network/wait-online/link.c -+++ b/src/network/wait-online/link.c -@@ -32,7 +32,7 @@ int link_new(Manager *m, Link **ret, int ifindex, const char *ifname) { - .required_operstate = LINK_OPERSTATE_RANGE_DEFAULT, - }; - -- r = hashmap_ensure_put(&m->links, NULL, INT_TO_PTR(ifindex), l); -+ r = hashmap_ensure_put(&m->links_by_index, NULL, INT_TO_PTR(ifindex), l); - if (r < 0) - return r; - -@@ -53,7 +53,7 @@ Link *link_free(Link *l) { - return NULL; - - if (l->manager) { -- hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); -+ hashmap_remove(l->manager->links_by_index, INT_TO_PTR(l->ifindex)); - hashmap_remove(l->manager->links_by_name, l->ifname); - } - -diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c -index e1df0345c0..d8cf2338b0 100644 ---- a/src/network/wait-online/manager.c -+++ b/src/network/wait-online/manager.c -@@ -21,14 +21,15 @@ static bool manager_ignore_link(Manager *m, Link *link) { - return true; - - /* if interfaces are given on the command line, ignore all others */ -- if (m->interfaces && !hashmap_contains(m->interfaces, link->ifname)) -+ if (m->command_line_interfaces_by_name && -+ !hashmap_contains(m->command_line_interfaces_by_name, link->ifname)) - return true; - - if (!link->required_for_online) - return true; - - /* ignore interfaces we explicitly are asked to ignore */ -- return strv_fnmatch(m->ignore, link->ifname); -+ return strv_fnmatch(m->ignored_interfaces, link->ifname); - } - - static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange s) { -@@ -101,14 +102,14 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange - bool manager_configured(Manager *m) { - bool one_ready = false; - const char *ifname; -- void *p; - Link *l; - int r; - -- if (!hashmap_isempty(m->interfaces)) { -+ if (!hashmap_isempty(m->command_line_interfaces_by_name)) { -+ LinkOperationalStateRange *range; -+ - /* wait for all the links given on the command line to appear */ -- HASHMAP_FOREACH_KEY(p, ifname, m->interfaces) { -- LinkOperationalStateRange *range = p; -+ HASHMAP_FOREACH_KEY(range, ifname, m->command_line_interfaces_by_name) { - - l = hashmap_get(m->links_by_name, ifname); - if (!l && range->min == LINK_OPERSTATE_MISSING) { -@@ -139,7 +140,7 @@ bool manager_configured(Manager *m) { - - /* wait for all links networkd manages to be in admin state 'configured' - * and at least one link to gain a carrier */ -- HASHMAP_FOREACH(l, m->links) { -+ HASHMAP_FOREACH(l, m->links_by_index) { - if (manager_ignore_link(m, l)) { - log_link_debug(l, "link is ignored"); - continue; -@@ -191,7 +192,7 @@ static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void * - return 0; - } - -- l = hashmap_get(m->links, INT_TO_PTR(ifindex)); -+ l = hashmap_get(m->links_by_index, INT_TO_PTR(ifindex)); - - switch (type) { - -@@ -294,7 +295,7 @@ static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void * - - sd_network_monitor_flush(m->network_monitor); - -- HASHMAP_FOREACH(l, m->links) { -+ HASHMAP_FOREACH(l, m->links_by_index) { - r = link_update_monitor(l); - if (r < 0 && r != -ENODATA) - log_link_warning_errno(l, r, "Failed to update link state, ignoring: %m"); -@@ -331,10 +332,14 @@ static int manager_network_monitor_listen(Manager *m) { - return 0; - } - --int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, -+int manager_new(Manager **ret, -+ Hashmap *command_line_interfaces_by_name, -+ char **ignored_interfaces, - LinkOperationalStateRange required_operstate, - AddressFamily required_family, -- bool any, usec_t timeout) { -+ bool any, -+ usec_t timeout) { -+ - _cleanup_(manager_freep) Manager *m = NULL; - int r; - -@@ -345,8 +350,8 @@ int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, - return -ENOMEM; - - *m = (Manager) { -- .interfaces = interfaces, -- .ignore = ignore, -+ .command_line_interfaces_by_name = command_line_interfaces_by_name, -+ .ignored_interfaces = ignored_interfaces, - .required_operstate = required_operstate, - .required_family = required_family, - .any = any, -@@ -384,7 +389,7 @@ Manager* manager_free(Manager *m) { - if (!m) - return NULL; - -- hashmap_free_with_destructor(m->links, link_free); -+ hashmap_free_with_destructor(m->links_by_index, link_free); - hashmap_free(m->links_by_name); - - sd_event_source_unref(m->network_monitor_event_source); -diff --git a/src/network/wait-online/manager.h b/src/network/wait-online/manager.h -index f2e091638c..01ad18f8f6 100644 ---- a/src/network/wait-online/manager.h -+++ b/src/network/wait-online/manager.h -@@ -13,12 +13,12 @@ typedef struct Manager Manager; - typedef struct Link Link; - - struct Manager { -- Hashmap *links; -+ Hashmap *links_by_index; - Hashmap *links_by_name; - - /* Do not free the two members below. */ -- Hashmap *interfaces; -- char **ignore; -+ Hashmap *command_line_interfaces_by_name; -+ char **ignored_interfaces; - - LinkOperationalStateRange required_operstate; - AddressFamily required_family; -@@ -34,7 +34,7 @@ struct Manager { - }; - - Manager* manager_free(Manager *m); --int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, -+int manager_new(Manager **ret, Hashmap *command_line_interfaces_by_name, char **ignored_interfaces, - LinkOperationalStateRange required_operstate, - AddressFamily required_family, - bool any, usec_t timeout); --- -2.33.0 - diff --git a/backport-watchdog-pass-right-error-code-to-log-function-so-th.patch b/backport-watchdog-pass-right-error-code-to-log-function-so-th.patch deleted file mode 100644 index cdc4dc963789ad42d1058adf5e81f019caca96f7..0000000000000000000000000000000000000000 --- a/backport-watchdog-pass-right-error-code-to-log-function-so-th.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 11d5f109b04cd61c8bf437065b5e178c485a49b4 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 15 Sep 2021 15:43:42 +0200 -Subject: [PATCH] watchdog: pass right error code to log function so that %m - works - -(cherry picked from commit a4588af942af976c55f72869340c24d5017db278) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/11d5f109b04cd61c8bf437065b5e178c485a49b4 ---- - src/shared/watchdog.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/watchdog.c b/src/shared/watchdog.c -index d33acafe64..8586a88e54 100644 ---- a/src/shared/watchdog.c -+++ b/src/shared/watchdog.c -@@ -47,8 +47,8 @@ static int update_timeout(void) { - flags = WDIOS_ENABLECARD; - if (ioctl(watchdog_fd, WDIOC_SETOPTIONS, &flags) < 0) { - /* ENOTTY means the watchdog is always enabled so we're fine */ -- log_full(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, -- "Failed to enable hardware watchdog: %m"); -+ log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, errno, -+ "Failed to enable hardware watchdog, ignoring: %m"); - if (!ERRNO_IS_NOT_SUPPORTED(errno)) - return -errno; - } --- -2.33.0 - diff --git a/backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch b/backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch deleted file mode 100644 index ab388d4ea43e3b26140573c94722dfe0a609d7f6..0000000000000000000000000000000000000000 --- a/backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5d3466ec91b05853b815db509b901e6a6d5f4db4 Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Mon, 10 Jan 2022 12:35:46 +0100 -Subject: [PATCH] xdg-autostart-service: Ignore missing desktop-sepcific - condition binary - -If a desktop specific ExecCondition= binary does not exist, this just -means that the desktop environment is not available. As such, it is not -an error condition that should prevent the service from being installed -in the .wants target. - -Fix this by simply returning zero. - -(cherry picked from commit 6d0aef1dd15088e7379681b3bd93c3cb450f3c55) -(cherry picked from commit 19fbd7764da2e23a89e27b4d95afd77b99f4be87) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5d3466ec91b05853b815db509b901e6a6d5f4db4 ---- - src/xdg-autostart-generator/xdg-autostart-service.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/xdg-autostart-generator/xdg-autostart-service.c b/src/xdg-autostart-generator/xdg-autostart-service.c -index fe73bfe9db..16545beb50 100644 ---- a/src/xdg-autostart-generator/xdg-autostart-service.c -+++ b/src/xdg-autostart-generator/xdg-autostart-service.c -@@ -486,7 +486,7 @@ static int xdg_autostart_generate_desktop_condition( - log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, - "%s not found: %m", test_binary); - fprintf(f, "# ExecCondition using %s skipped due to missing binary.\n", test_binary); -- return r; -+ return 0; - } - - e_autostart_condition = cescape(condition); --- -2.33.0 - diff --git a/bugfix-also-stop-machine-when-a-machine-un.patch b/bugfix-also-stop-machine-when-a-machine-un.patch index 39eebb28f88aa6d242ec8ad6360040dec7caf0ca..ea7caf86cc8dd7f3ee3d4f49cd9215f0144b067a 100644 --- a/bugfix-also-stop-machine-when-a-machine-un.patch +++ b/bugfix-also-stop-machine-when-a-machine-un.patch @@ -24,18 +24,18 @@ Change-Id: I80e3c32832f4ecf08b6cb149735978730ce1d1c0 3 files changed, 72 insertions(+), 1 deletion(-) diff --git a/src/machine/machine.c b/src/machine/machine.c -index c0ed24b..b48aee6 100644 +index c08a645..02fd9f7 100644 --- a/src/machine/machine.c +++ b/src/machine/machine.c @@ -32,6 +32,7 @@ + #include "tmpfile-util.h" #include "unit-name.h" #include "user-util.h" - #include "util.h" +#include "cgroup-util.h" - Machine* machine_new(Manager *manager, MachineClass class, const char *name) { - Machine *m; -@@ -523,6 +524,40 @@ int machine_finalize(Machine *m) { + DEFINE_TRIVIAL_CLEANUP_FUNC(Machine*, machine_free); + +@@ -520,6 +521,40 @@ int machine_finalize(Machine *m) { return 0; } @@ -76,7 +76,7 @@ index c0ed24b..b48aee6 100644 bool machine_may_gc(Machine *m, bool drop_not_started) { assert(m); -@@ -535,7 +570,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { +@@ -532,7 +567,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { if (m->scope_job && manager_job_is_active(m->manager, m->scope_job)) return false; @@ -86,10 +86,10 @@ index c0ed24b..b48aee6 100644 return true; diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c -index 342b18a..dcc2253 100644 +index 0c157a9..10d370f 100644 --- a/src/machine/machined-dbus.c +++ b/src/machine/machined-dbus.c -@@ -1614,3 +1614,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) { +@@ -1509,3 +1509,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) { return 0; } @@ -141,5 +141,5 @@ index 280c32b..6b8d98b 100644 #if ENABLE_NSCD int manager_enqueue_nscd_cache_flush(Manager *m); -- -2.23.0 +2.33.0 diff --git a/check-whether-command_prev-is-null-before-assigning-.patch b/check-whether-command_prev-is-null-before-assigning-.patch index bdca1feb370a780fb0fcde6f9aaefbcb8ced3a24..06ebf8692c8a0507621622a769d1834e5b8bef7c 100644 --- a/check-whether-command_prev-is-null-before-assigning-.patch +++ b/check-whether-command_prev-is-null-before-assigning-.patch @@ -18,11 +18,11 @@ index 9a26271f72..3c255b3bcc 100644 - + if (!current) + return 0; - first = s->exec_command[id]; + const ExecCommand *first = s->exec_command[id]; /* Figure out where we are in the list by walking back to the beginning */ -- for (c = current; c != first; c = c->command_prev) -+ for (c = current; c != first; c = c->command_prev) { +- for (const ExecCommand *c = current; c != first; c = c->command_prev) ++ for (const ExecCommand *c = current; c != first; c = c->command_prev) { idx++; + if (!c->command_prev) + return idx; diff --git a/core-add-OptionalLog-to-allow-users-change-log-level.patch b/core-add-OptionalLog-to-allow-users-change-log-level.patch index 4a8870561177adfcce659e044c3e8c2917fd2aa1..f62a7359ade714870abd813c36bbd0aab76650d9 100644 --- a/core-add-OptionalLog-to-allow-users-change-log-level.patch +++ b/core-add-OptionalLog-to-allow-users-change-log-level.patch @@ -16,10 +16,10 @@ or LOG_DEBUG. Set "OptionalLog=yes" to log in LOG_INFO. Defaults to no. 7 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/basic/log.h b/src/basic/log.h -index 625be22..6ff143f 100644 +index f73d4c4..d341681 100644 --- a/src/basic/log.h +++ b/src/basic/log.h -@@ -239,6 +239,7 @@ int log_emergency_level(void); +@@ -243,6 +243,7 @@ int log_emergency_level(void); #define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__) #define log_error(...) log_full(LOG_ERR, __VA_ARGS__) #define log_emergency(...) log_full(log_emergency_level(), __VA_ARGS__) @@ -27,7 +27,7 @@ index 625be22..6ff143f 100644 /* Logging triggered by an errno-like error */ #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__) -@@ -235,6 +236,7 @@ int log_emergency_level(void); +@@ -251,6 +252,7 @@ int log_emergency_level(void); #define log_warning_errno(error, ...) log_full_errno(LOG_WARNING, error, __VA_ARGS__) #define log_error_errno(error, ...) log_full_errno(LOG_ERR, error, __VA_ARGS__) #define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__) @@ -36,10 +36,10 @@ index 625be22..6ff143f 100644 /* This logs at the specified level the first time it is called, and then * logs at debug. If the specified level is debug, this logs only the first diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 184df9d..acf782d 100644 +index 7e57a32..9ca392b 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c -@@ -2656,6 +2656,7 @@ const sd_bus_vtable bus_manager_vtable[] = { +@@ -2870,6 +2870,7 @@ const sd_bus_vtable bus_manager_vtable[] = { BUS_PROPERTY_DUAL_TIMESTAMP("InitRDUnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", bus_property_get_log_level, property_set_log_level, 0, 0), SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", bus_property_get_log_target, property_set_log_target, 0, 0), @@ -48,26 +48,26 @@ index 184df9d..acf782d 100644 SD_BUS_PROPERTY("NFailedUnits", "u", property_get_set_size, offsetof(Manager, failed_units), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("NJobs", "u", property_get_hashmap_size, offsetof(Manager, jobs), 0), diff --git a/src/core/main.c b/src/core/main.c -index 2a6b9b8..15a3cb9 100644 +index eaae658..809ed76 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -110,6 +110,7 @@ static const char *arg_bus_introspect = NULL; +@@ -119,6 +119,7 @@ static const char *arg_bus_introspect = NULL; * defaults are assigned in reset_arguments() below. */ static char *arg_default_unit; static bool arg_system; +static bool arg_optional_log; - static bool arg_dump_core; - static int arg_crash_chvt; - static bool arg_crash_shell; -@@ -641,6 +642,7 @@ static int parse_config_file(void) { - { "Manager", "LogColor", config_parse_color, 0, NULL }, - { "Manager", "LogLocation", config_parse_location, 0, NULL }, - { "Manager", "LogTime", config_parse_time, 0, NULL }, -+ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_optional_log }, - { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, - { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt }, - { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, -@@ -748,6 +750,7 @@ static void set_manager_defaults(Manager *m) { + bool arg_dump_core; + int arg_crash_chvt; + bool arg_crash_shell; +@@ -626,6 +627,7 @@ static int parse_config_file(void) { + { "Manager", "LogColor", config_parse_color, 0, NULL }, + { "Manager", "LogLocation", config_parse_location, 0, NULL }, + { "Manager", "LogTime", config_parse_time, 0, NULL }, ++ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_optional_log }, + { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, + { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, +@@ -745,6 +747,7 @@ static void set_manager_defaults(Manager *m) { * affect the manager itself, but are just what newly allocated units will have set if they haven't set * anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */ @@ -75,7 +75,7 @@ index 2a6b9b8..15a3cb9 100644 m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec; m->default_std_output = arg_default_std_output; m->default_std_error = arg_default_std_error; -@@ -2327,6 +2330,7 @@ static void reset_arguments(void) { +@@ -2423,6 +2426,7 @@ static void reset_arguments(void) { /* arg_system — ignore */ @@ -84,10 +84,10 @@ index 2a6b9b8..15a3cb9 100644 arg_crash_chvt = -1; arg_crash_shell = false; diff --git a/src/core/manager.h b/src/core/manager.h -index c20abd5..543f30c 100644 +index d3f6aa2..814421f 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -378,6 +378,7 @@ struct Manager { +@@ -385,6 +385,7 @@ struct Manager { LogTarget original_log_target; bool log_level_overridden; bool log_target_overridden; @@ -96,10 +96,10 @@ index c20abd5..543f30c 100644 struct rlimit *rlimit[_RLIMIT_MAX]; diff --git a/src/core/mount.c b/src/core/mount.c -index 9d676c2..dba8566 100644 +index af0eae6..3751cb4 100644 --- a/src/core/mount.c +++ b/src/core/mount.c -@@ -674,7 +674,7 @@ static void mount_set_state(Mount *m, MountState state) { +@@ -756,7 +756,7 @@ static void mount_set_state(Mount *m, MountState state) { } if (state != old_state) @@ -109,7 +109,7 @@ index 9d676c2..dba8566 100644 unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], m->reload_result == MOUNT_SUCCESS ? 0 : UNIT_NOTIFY_RELOAD_FAILURE); diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index d6cc751..f521f3e 100644 +index 066a9a7..564d146 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in @@ -20,6 +20,7 @@ @@ -121,10 +121,10 @@ index d6cc751..f521f3e 100644 #ShowStatus=yes #CrashChangeVT=no diff --git a/src/core/unit.h b/src/core/unit.h -index 759104f..02f4cb2 100644 +index 58417eb..cc65d93 100644 --- a/src/core/unit.h +++ b/src/core/unit.h -@@ -990,12 +990,14 @@ int unit_thaw_vtable_common(Unit *u); +@@ -1097,12 +1097,14 @@ Condition *unit_find_failed_condition(Unit *u); #define log_unit_notice(unit, ...) log_unit_full(unit, LOG_NOTICE, __VA_ARGS__) #define log_unit_warning(unit, ...) log_unit_full(unit, LOG_WARNING, __VA_ARGS__) #define log_unit_error(unit, ...) log_unit_full(unit, LOG_ERR, __VA_ARGS__) @@ -137,8 +137,8 @@ index 759104f..02f4cb2 100644 #define log_unit_error_errno(unit, error, ...) log_unit_full_errno(unit, LOG_ERR, error, __VA_ARGS__) +#define log_unit_optional_errno(unit, use_info, error, ...) log_unit_full_errno(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) - #define log_unit_struct_errno(unit, level, error, ...) \ - ({ \ + #if LOG_TRACE + # define log_unit_trace(...) log_unit_debug(__VA_ARGS__) -- -2.23.0 +2.33.0 diff --git a/core-add-invalidate-cgroup-config.patch b/core-add-invalidate-cgroup-config.patch index 3b122faaae196d75faa2cd23510861f2e56d9f47..673c102a81e4d822641425d8026b1c6179852f3c 100644 --- a/core-add-invalidate-cgroup-config.patch +++ b/core-add-invalidate-cgroup-config.patch @@ -29,10 +29,10 @@ Under the group(user.slice). 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/core/main.c b/src/core/main.c -index 09075ef..a39d7d3 100644 +index 500691a..c6638a0 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -154,6 +154,7 @@ static bool arg_default_cpuset_accounting; +@@ -166,6 +166,7 @@ static bool arg_default_cpuset_accounting; static bool arg_default_freezer_accounting; static bool arg_default_tasks_accounting; static TasksMax arg_default_tasks_max; @@ -40,23 +40,23 @@ index 09075ef..a39d7d3 100644 static sd_id128_t arg_machine_id; static EmergencyAction arg_cad_burst_action; static OOMPolicy arg_default_oom_policy; -@@ -704,6 +705,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, -+ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_default_invalidate_cgroup }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, - { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, - { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, -@@ -780,6 +782,7 @@ static void set_manager_defaults(Manager *m) { +@@ -692,6 +693,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, ++ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_default_invalidate_cgroup }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action }, + { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, + { "Manager", "DefaultOOMScoreAdjust", config_parse_oom_score_adjust, 0, NULL }, +@@ -778,6 +780,7 @@ static void set_manager_defaults(Manager *m) { m->default_freezer_accounting = arg_default_freezer_accounting; m->default_tasks_accounting = arg_default_tasks_accounting; m->default_tasks_max = arg_default_tasks_max; + m->default_invalidate_cgroup = arg_default_invalidate_cgroup; m->default_oom_policy = arg_default_oom_policy; - - (void) manager_set_default_rlimits(m, arg_default_rlimit); -@@ -2401,6 +2404,7 @@ static void reset_arguments(void) { + m->default_oom_score_adjust_set = arg_default_oom_score_adjust_set; + m->default_oom_score_adjust = arg_default_oom_score_adjust; +@@ -2500,6 +2503,7 @@ static void reset_arguments(void) { arg_default_freezer_accounting = false; arg_default_tasks_accounting = true; arg_default_tasks_max = DEFAULT_TASKS_MAX; @@ -65,45 +65,46 @@ index 09075ef..a39d7d3 100644 arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE; arg_default_oom_policy = OOM_STOP; diff --git a/src/core/manager.c b/src/core/manager.c -index 29ef96b..740bad5 100644 +index 4fa20f8..1a5dcd8 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -780,6 +780,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager +@@ -837,6 +837,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager * .default_cpuset_accounting = false, .default_tasks_accounting = true, .default_tasks_max = TASKS_MAX_UNSET, + .default_invalidate_cgroup = true, - .default_timeout_start_usec = DEFAULT_TIMEOUT_USEC, - .default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC, + .default_timeout_start_usec = manager_default_timeout(scope == LOOKUP_SCOPE_SYSTEM), + .default_timeout_stop_usec = manager_default_timeout(scope == LOOKUP_SCOPE_SYSTEM), .default_restart_usec = DEFAULT_RESTART_USEC, diff --git a/src/core/manager.h b/src/core/manager.h -index 9a38737..485bab1 100644 +index 9e391b1..ea95efe 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -371,6 +371,7 @@ struct Manager { - +@@ -377,6 +377,7 @@ struct Manager { + TasksMax default_tasks_max; usec_t default_timer_accuracy_usec; + bool default_invalidate_cgroup; - + OOMPolicy default_oom_policy; - + int default_oom_score_adjust; diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index f521f3e..c1fd308 100644 +index 564d146..11936cd 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -74,5 +74,6 @@ DefaultLimitMEMLOCK=64M +@@ -76,6 +76,7 @@ DefaultLimitMEMLOCK=64M #DefaultLimitNICE= #DefaultLimitRTPRIO= #DefaultLimitRTTIME= +#DefaultInvalidateCgroup=yes #DefaultOOMPolicy=stop DefaultDFXReboot=yes + #DefaultSmackProcessLabel= diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 689a536..f3b3e70 100644 +index 21457dc..0398ec8 100644 --- a/src/core/unit-serialize.c +++ b/src/core/unit-serialize.c -@@ -526,7 +526,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { +@@ -548,7 +548,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { /* Let's make sure that everything that is deserialized also gets any potential new cgroup settings * applied after we are done. For that we invalidate anything already realized, so that we can * realize it again. */ @@ -112,6 +113,6 @@ index 689a536..f3b3e70 100644 unit_invalidate_cgroup(u, _CGROUP_MASK_ALL); unit_invalidate_cgroup_bpf(u); } --- -2.27.0 +-- +2.33.0 diff --git a/core-cgroup-support-cpuset.patch b/core-cgroup-support-cpuset.patch index 79029945f388c0b0adff76d96ae3f87d60666c1c..311e8771dad4c7b7673839ec385883c3ed601078 100644 --- a/core-cgroup-support-cpuset.patch +++ b/core-cgroup-support-cpuset.patch @@ -5,39 +5,33 @@ Subject: [PATCH] core-cgroup: support cpuset This patch add support for cpuset subsystem. --- - src/basic/cgroup-util.c | 3 +- - src/basic/cgroup-util.h | 10 ++- - src/basic/string-util.c | 42 +++++++++ - src/basic/string-util.h | 2 + - src/core/cgroup.c | 86 ++++++++++++++++--- - src/core/cgroup.h | 10 ++- - src/core/dbus-cgroup.c | 52 +++++++++-- - src/core/dbus-manager.c | 1 + - src/core/load-fragment-gperf.gperf.in | 5 ++ - src/core/load-fragment.c | 73 +++++++++++++++- - src/core/load-fragment.h | 1 + - src/core/main.c | 4 + - src/core/manager.c | 1 + - src/core/manager.h | 1 + - src/core/system.conf.in | 1 + - src/core/unit.c | 1 + - src/shared/bus-unit-util.c | 15 +++- - src/shared/cpu-set-util.c | 1 + - src/test/test-cgroup-mask.c | 5 +- - .../fuzz-unit-file/directives-all.service | 5 ++ - test/fuzz/fuzz-unit-file/directives.mount | 5 ++ - test/fuzz/fuzz-unit-file/directives.scope | 5 ++ - test/fuzz/fuzz-unit-file/directives.service | 5 ++ - test/fuzz/fuzz-unit-file/directives.slice | 5 ++ - test/fuzz/fuzz-unit-file/directives.socket | 5 ++ - test/fuzz/fuzz-unit-file/directives.swap | 5 ++ - 26 files changed, 319 insertions(+), 30 deletions(-) + src/basic/cgroup-util.c | 3 +- + src/basic/cgroup-util.h | 10 +- + src/basic/string-util.c | 42 +++++++ + src/basic/string-util.h | 1 + + src/core/cgroup.c | 112 ++++++++++++++---- + src/core/cgroup.h | 14 ++- + src/core/dbus-cgroup.c | 60 ++++++++-- + src/core/dbus-manager.c | 1 + + src/core/load-fragment-gperf.gperf.in | 13 +- + src/core/load-fragment.c | 69 +++++++++++ + src/core/load-fragment.h | 1 + + src/core/main.c | 4 + + src/core/manager.c | 1 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 15 ++- + src/shared/cpu-set-util.c | 1 + + src/test/test-cgroup-mask.c | 5 +- + .../fuzz-unit-file/directives-all.service | 5 + + 20 files changed, 309 insertions(+), 51 deletions(-) diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 1ff6160..01a4181 100644 +index feda596..1bb07f7 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c -@@ -2155,12 +2155,13 @@ bool fd_is_cgroup_fs(int fd) { +@@ -2248,12 +2248,13 @@ bool fd_is_cgroup_fs(int fd) { static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { [CGROUP_CONTROLLER_CPU] = "cpu", [CGROUP_CONTROLLER_CPUACCT] = "cpuacct", @@ -53,10 +47,10 @@ index 1ff6160..01a4181 100644 [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index ce2f4c6..06a23ff 100644 +index b69f168..764d47a 100644 --- a/src/basic/cgroup-util.h +++ b/src/basic/cgroup-util.h -@@ -20,12 +20,13 @@ typedef enum CGroupController { +@@ -21,12 +21,13 @@ typedef enum CGroupController { /* Original cgroup controllers */ CGROUP_CONTROLLER_CPU, CGROUP_CONTROLLER_CPUACCT, /* v1 only */ @@ -71,7 +65,7 @@ index ce2f4c6..06a23ff 100644 /* BPF-based pseudo-controllers, v2 only */ CGROUP_CONTROLLER_BPF_FIREWALL, -@@ -43,22 +44,23 @@ typedef enum CGroupController { +@@ -48,12 +49,13 @@ typedef enum CGroupController { typedef enum CGroupMask { CGROUP_MASK_CPU = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPU), CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT), @@ -86,7 +80,8 @@ index ce2f4c6..06a23ff 100644 CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), - CGROUP_MASK_BPF_SOCKET_BIND = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_SOCKET_BIND), +@@ -61,10 +63,10 @@ typedef enum CGroupMask { + CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_RESTRICT_NETWORK_INTERFACES), /* All real cgroup v1 controllers */ - CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, @@ -97,16 +92,15 @@ index ce2f4c6..06a23ff 100644 + CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, /* All cgroup v2 BPF pseudo-controllers */ - CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES|CGROUP_MASK_BPF_FOREIGN|CGROUP_MASK_BPF_SOCKET_BIND, + CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES|CGROUP_MASK_BPF_FOREIGN|CGROUP_MASK_BPF_SOCKET_BIND|CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES, diff --git a/src/basic/string-util.c b/src/basic/string-util.c -index a645958..45f358b 100644 +index ad8c986..755ad11 100644 --- a/src/basic/string-util.c +++ b/src/basic/string-util.c -@@ -1146,3 +1146,45 @@ int string_contains_word_strv(const char *string, const char *separators, char * - *ret_word = found; +@@ -1159,6 +1159,48 @@ int string_contains_word_strv(const char *string, const char *separators, char * return !!found; } -+ + +int string_isvalid_interval(const char *instr) +{ + const char *pstr = instr; /* tmp */ @@ -148,26 +142,45 @@ index a645958..45f358b 100644 + + return 0; +} ++ + bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok) { + if (!s1 && !s2) + return true; diff --git a/src/basic/string-util.h b/src/basic/string-util.h -index 9155e50..338dcd5 100644 +index e0a47a2..b025c06 100644 --- a/src/basic/string-util.h +++ b/src/basic/string-util.h -@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * - static inline int string_contains_word(const char *string, const char *separators, const char *word) { +@@ -235,6 +235,7 @@ static inline int string_contains_word(const char *string, const char *separator return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); } -+ + +int string_isvalid_interval(const char *instr); + bool streq_skip_trailing_chars(const char *s1, const char *s2, const char *ok); + + char *string_replace_char(char *str, char old_char, char new_char); diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index de1d5f4..2c2d1b0 100644 +index f6ae2ab..a6396e1 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -246,8 +246,14 @@ void cgroup_context_done(CGroupContext *c) { - while (c->bpf_foreign_programs) - cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs); +@@ -90,8 +90,8 @@ bool unit_has_startup_cgroup_constraints(Unit *u) { + return c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID || + c->startup_io_weight != CGROUP_WEIGHT_INVALID || + c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID || +- c->startup_cpuset_cpus.set || +- c->startup_cpuset_mems.set; ++ c->startup_cpuset_cpus2.set || ++ c->startup_cpuset_mems2.set; + } + + bool unit_has_host_root_cgroup(Unit *u) { +@@ -277,10 +277,16 @@ void cgroup_context_done(CGroupContext *c) { + + c->restrict_network_interfaces = set_free(c->restrict_network_interfaces); - cpu_set_reset(&c->cpuset_cpus); +- cpu_set_reset(&c->startup_cpuset_cpus); - cpu_set_reset(&c->cpuset_mems); +- cpu_set_reset(&c->startup_cpuset_mems); + if (c->cpuset_cpus) + c->cpuset_cpus = mfree(c->cpuset_cpus); + @@ -175,27 +188,33 @@ index de1d5f4..2c2d1b0 100644 + c->cpuset_mems = mfree(c->cpuset_mems); + + cpu_set_reset(&c->cpuset_cpus2); ++ cpu_set_reset(&c->startup_cpuset_cpus2); + cpu_set_reset(&c->cpuset_mems2); ++ cpu_set_reset(&c->startup_cpuset_mems2); } static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) { -@@ -382,7 +388,7 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, +@@ -415,7 +421,7 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, } void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { -- _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL; -+ _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL; - CGroupIODeviceLimit *il; - CGroupIODeviceWeight *iw; - CGroupIODeviceLatency *l; -@@ -412,14 +418,15 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +- _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL, *startup_cpuset_cpus = NULL, *startup_cpuset_mems = NULL; ++ _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL, *startup_cpuset_cpus2 = NULL, *startup_cpuset_mems2 = NULL; + CGroupContext *c; + struct in_addr_prefix *iaai; + +@@ -434,16 +440,17 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { (void) cg_mask_to_string(c->disable_controllers, &disable_controllers_str); - cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus); +- startup_cpuset_cpus = cpu_set_to_range_string(&c->startup_cpuset_cpus); - cpuset_mems = cpu_set_to_range_string(&c->cpuset_mems); +- startup_cpuset_mems = cpu_set_to_range_string(&c->startup_cpuset_mems); + cpuset_cpus2 = cpu_set_to_range_string(&c->cpuset_cpus2); ++ startup_cpuset_cpus2 = cpu_set_to_range_string(&c->startup_cpuset_cpus2); + cpuset_mems2 = cpu_set_to_range_string(&c->cpuset_mems2); ++ startup_cpuset_mems2 = cpu_set_to_range_string(&c->startup_cpuset_mems2); fprintf(f, "%sCPUAccounting: %s\n" @@ -206,9 +225,9 @@ index de1d5f4..2c2d1b0 100644 "%sTasksAccounting: %s\n" "%sIPAccounting: %s\n" "%sCPUWeight: %" PRIu64 "\n" -@@ -442,6 +449,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sMemoryMax: %" PRIu64 "%s\n" +@@ -469,6 +476,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { "%sMemorySwapMax: %" PRIu64 "%s\n" + "%sMemoryZSwapMax: %" PRIu64 "%s\n" "%sMemoryLimit: %" PRIu64 "\n" + "%sCPUSetCpus=%s\n" + "%sCPUSetMems=%s\n" @@ -217,7 +236,7 @@ index de1d5f4..2c2d1b0 100644 "%sTasksMax: %" PRIu64 "\n" "%sDevicePolicy: %s\n" "%sDisableControllers: %s\n" -@@ -454,6 +465,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +@@ -481,6 +492,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, yes_no(c->io_accounting), prefix, yes_no(c->blockio_accounting), prefix, yes_no(c->memory_accounting), @@ -225,20 +244,24 @@ index de1d5f4..2c2d1b0 100644 prefix, yes_no(c->tasks_accounting), prefix, yes_no(c->ip_accounting), prefix, c->cpu_weight, -@@ -462,8 +474,8 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +@@ -489,10 +501,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, c->startup_cpu_shares, - prefix, format_timespan(q, sizeof(q), c->cpu_quota_per_sec_usec, 1), - prefix, format_timespan(v, sizeof(v), c->cpu_quota_period_usec, 1), + prefix, FORMAT_TIMESPAN(c->cpu_quota_per_sec_usec, 1), + prefix, FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1), - prefix, strempty(cpuset_cpus), +- prefix, strempty(startup_cpuset_cpus), - prefix, strempty(cpuset_mems), +- prefix, strempty(startup_cpuset_mems), + prefix, strempty(cpuset_cpus2), ++ prefix, strempty(startup_cpuset_cpus2), + prefix, strempty(cpuset_mems2), ++ prefix, strempty(startup_cpuset_mems2), prefix, c->io_weight, prefix, c->startup_io_weight, prefix, c->blockio_weight, -@@ -476,6 +488,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), +@@ -506,6 +518,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), + prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"), prefix, c->memory_limit, + prefix, c->cpuset_cpus, + prefix, c->cpuset_mems, @@ -247,20 +270,55 @@ index de1d5f4..2c2d1b0 100644 prefix, tasks_max_resolve(&c->tasks_max), prefix, cgroup_device_policy_to_string(c->device_policy), prefix, strempty(disable_controllers_str), -@@ -1277,9 +1293,9 @@ static void cgroup_context_apply( +@@ -921,11 +937,11 @@ static bool cgroup_context_has_cpu_shares(CGroupContext *c) { + } + + static bool cgroup_context_has_allowed_cpus(CGroupContext *c) { +- return c->cpuset_cpus.set || c->startup_cpuset_cpus.set; ++ return c->cpuset_cpus2.set || c->startup_cpuset_cpus2.set; + } + + static bool cgroup_context_has_allowed_mems(CGroupContext *c) { +- return c->cpuset_mems.set || c->startup_cpuset_mems.set; ++ return c->cpuset_mems2.set || c->startup_cpuset_mems2.set; + } + + static uint64_t cgroup_context_cpu_weight(CGroupContext *c, ManagerState state) { +@@ -950,18 +966,18 @@ static uint64_t cgroup_context_cpu_shares(CGroupContext *c, ManagerState state) + + static CPUSet *cgroup_context_allowed_cpus(CGroupContext *c, ManagerState state) { + if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING, MANAGER_STOPPING) && +- c->startup_cpuset_cpus.set) +- return &c->startup_cpuset_cpus; ++ c->startup_cpuset_cpus2.set) ++ return &c->startup_cpuset_cpus2; + else +- return &c->cpuset_cpus; ++ return &c->cpuset_cpus2; + } + + static CPUSet *cgroup_context_allowed_mems(CGroupContext *c, ManagerState state) { + if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING, MANAGER_STOPPING) && +- c->startup_cpuset_mems.set) +- return &c->startup_cpuset_mems; ++ c->startup_cpuset_mems2.set) ++ return &c->startup_cpuset_mems2; + else +- return &c->cpuset_mems; ++ return &c->cpuset_mems2; + } + + usec_t cgroup_cpu_adjust_period(usec_t period, usec_t quota, usec_t resolution, usec_t max_period) { +@@ -1495,7 +1511,7 @@ static void cgroup_context_apply( } } - if ((apply_mask & CGROUP_MASK_CPUSET) && !is_local_root) { -- cgroup_apply_unified_cpuset(u, &c->cpuset_cpus, "cpuset.cpus"); -- cgroup_apply_unified_cpuset(u, &c->cpuset_mems, "cpuset.mems"); + if ((apply_mask & CGROUP_MASK_CPUSET2) && !is_local_root) { -+ cgroup_apply_unified_cpuset(u, &c->cpuset_cpus2, "cpuset.cpus"); -+ cgroup_apply_unified_cpuset(u, &c->cpuset_mems2, "cpuset.mems"); + cgroup_apply_unified_cpuset(u, cgroup_context_allowed_cpus(c, state), "cpuset.cpus"); + cgroup_apply_unified_cpuset(u, cgroup_context_allowed_mems(c, state), "cpuset.mems"); } - - /* The 'io' controller attributes are not exported on the host's root cgroup (being a pure cgroup v2 -@@ -1477,6 +1493,45 @@ static void cgroup_context_apply( +@@ -1667,6 +1683,45 @@ static void cgroup_context_apply( } } @@ -306,18 +364,16 @@ index de1d5f4..2c2d1b0 100644 /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of * containers, where we leave this to the manager */ if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && -@@ -1603,8 +1658,8 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { - c->cpu_quota_per_sec_usec != USEC_INFINITY) +@@ -1808,7 +1863,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { mask |= CGROUP_MASK_CPU; -- if (c->cpuset_cpus.set || c->cpuset_mems.set) + if (cgroup_context_has_allowed_cpus(c) || cgroup_context_has_allowed_mems(c)) - mask |= CGROUP_MASK_CPUSET; -+ if (c->cpuset_cpus2.set || c->cpuset_mems2.set) + mask |= CGROUP_MASK_CPUSET2; if (cgroup_context_has_io_config(c) || cgroup_context_has_blockio_config(c)) mask |= CGROUP_MASK_IO | CGROUP_MASK_BLKIO; -@@ -1614,6 +1669,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { +@@ -1818,6 +1873,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { unit_has_unified_memory_config(u)) mask |= CGROUP_MASK_MEMORY; @@ -329,7 +385,7 @@ index de1d5f4..2c2d1b0 100644 if (c->device_allow || c->device_policy != CGROUP_DEVICE_POLICY_AUTO) mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; -@@ -3984,7 +4044,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) { +@@ -4286,7 +4346,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) { if (!u->cgroup_path) return -ENODATA; @@ -339,7 +395,7 @@ index de1d5f4..2c2d1b0 100644 r = cg_all_unified(); diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index ea92936..a8a4726 100644 +index d137e3a..501cba4 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -115,6 +115,7 @@ struct CGroupContext { @@ -350,47 +406,55 @@ index ea92936..a8a4726 100644 bool tasks_accounting; bool ip_accounting; -@@ -131,8 +132,8 @@ struct CGroupContext { +@@ -131,10 +132,10 @@ struct CGroupContext { usec_t cpu_quota_per_sec_usec; usec_t cpu_quota_period_usec; - CPUSet cpuset_cpus; +- CPUSet startup_cpuset_cpus; - CPUSet cpuset_mems; +- CPUSet startup_cpuset_mems; + CPUSet cpuset_cpus2; ++ CPUSet startup_cpuset_cpus2; + CPUSet cpuset_mems2; ++ CPUSet startup_cpuset_mems2; uint64_t io_weight; uint64_t startup_io_weight; -@@ -148,6 +149,11 @@ struct CGroupContext { - uint64_t memory_max; +@@ -151,6 +152,11 @@ struct CGroupContext { uint64_t memory_swap_max; + uint64_t memory_zswap_max; + char *cpuset_cpus; + char *cpuset_mems; + bool cpuset_clone_children; + bool cpuset_memory_migrate; + - bool default_memory_min_set; - bool default_memory_low_set; - bool memory_min_set; + bool default_memory_min_set:1; + bool default_memory_low_set:1; + bool memory_min_set:1; diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 84c3caf..0cdc98c 100644 +index b5484ed..c3b140e 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c -@@ -414,8 +414,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { +@@ -441,10 +441,10 @@ const sd_bus_vtable bus_cgroup_vtable[] = { SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0), SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0), - SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0), +- SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus), 0), - SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0), +- SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems), 0), + SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus2), 0), ++ SD_BUS_PROPERTY("StartupAllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_cpus2), 0), + SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems2), 0), ++ SD_BUS_PROPERTY("StartupAllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, startup_cpuset_mems2), 0), SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), -@@ -440,6 +440,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), +@@ -470,6 +470,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = { SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), + SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), + SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), + SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), @@ -400,7 +464,7 @@ index 84c3caf..0cdc98c 100644 SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), -@@ -1065,6 +1070,43 @@ int bus_cgroup_set_property( +@@ -1129,6 +1134,43 @@ int bus_cgroup_set_property( if (streq(name, "MemoryLimitScale")) return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error); @@ -444,17 +508,25 @@ index 84c3caf..0cdc98c 100644 if (streq(name, "TasksAccounting")) return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); -@@ -1146,15 +1188,15 @@ int bus_cgroup_set_property( +@@ -1208,13 +1250,13 @@ int bus_cgroup_set_property( return -ENOMEM; if (streq(name, "AllowedCPUs")) - set = &c->cpuset_cpus; + set = &c->cpuset_cpus2; - else + else if (streq(name, "StartupAllowedCPUs")) +- set = &c->startup_cpuset_cpus; ++ set = &c->startup_cpuset_cpus2; + else if (streq(name, "AllowedMemoryNodes")) - set = &c->cpuset_mems; + set = &c->cpuset_mems2; + else if (streq(name, "StartupAllowedMemoryNodes")) +- set = &c->startup_cpuset_mems; ++ set = &c->startup_cpuset_mems2; + + assert(set); - cpu_set_reset(set); +@@ -1222,7 +1264,7 @@ int bus_cgroup_set_property( *set = new_set; new_set = (CPUSet) {}; @@ -464,10 +536,10 @@ index 84c3caf..0cdc98c 100644 } diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index de057a0..82896af 100644 +index c4f205b..d6f45a7 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c -@@ -2690,6 +2690,7 @@ const sd_bus_vtable bus_manager_vtable[] = { +@@ -2910,6 +2910,7 @@ const sd_bus_vtable bus_manager_vtable[] = { SD_BUS_PROPERTY("DefaultCPUAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpu_accounting), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, default_blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, default_memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), @@ -476,12 +548,27 @@ index de057a0..82896af 100644 SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 42441ea..60c9dbc 100644 +index 3ea3ca3..8600faa 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in -@@ -197,6 +197,11 @@ - {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) +@@ -187,10 +187,10 @@ + + {%- macro CGROUP_CONTEXT_CONFIG_ITEMS(type) -%} + {{type}}.Slice, config_parse_unit_slice, 0, 0 +-{{type}}.AllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) +-{{type}}.StartupAllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_cpus) +-{{type}}.AllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_mems) +-{{type}}.StartupAllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_mems) ++{{type}}.AllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_cpus2) ++{{type}}.StartupAllowedCPUs, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_cpus2) ++{{type}}.AllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.cpuset_mems2) ++{{type}}.StartupAllowedMemoryNodes, config_parse_allowed_cpuset, 0, offsetof({{type}}, cgroup_context.startup_cpuset_mems2) + {{type}}.CPUAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpu_accounting) + {{type}}.CPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.cpu_weight) + {{type}}.StartupCPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.startup_cpu_weight) +@@ -208,6 +208,11 @@ {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) +{{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) +{{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) @@ -492,28 +579,10 @@ index 42441ea..60c9dbc 100644 {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 399a759..ad80a64 100644 +index ce15758..b0feac7 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c -@@ -3632,7 +3632,7 @@ int config_parse_allowed_cpus( - - CGroupContext *c = data; - -- (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue); -+ (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus2, true, unit, filename, line, lvalue); - - return 0; - } -@@ -3651,7 +3651,7 @@ int config_parse_allowed_mems( - - CGroupContext *c = data; - -- (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue); -+ (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems2, true, unit, filename, line, lvalue); - - return 0; - } -@@ -3722,6 +3722,75 @@ int config_parse_memory_limit( +@@ -3864,6 +3864,75 @@ int config_parse_memory_limit( return 0; } @@ -590,11 +659,11 @@ index 399a759..ad80a64 100644 const char *unit, const char *filename, diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h -index 45e9c39..1ecad67 100644 +index 11d43dd..405681f 100644 --- a/src/core/load-fragment.h +++ b/src/core/load-fragment.h -@@ -74,6 +74,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_unit_slice); - CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); +@@ -81,6 +81,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); + CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight); CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); +CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); @@ -602,10 +671,10 @@ index 45e9c39..1ecad67 100644 CONFIG_PARSER_PROTOTYPE(config_parse_delegate); CONFIG_PARSER_PROTOTYPE(config_parse_managed_oom_mode); diff --git a/src/core/main.c b/src/core/main.c -index 9282b09..c4564e8 100644 +index c6d16b2..e64882c 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -148,6 +148,7 @@ static bool arg_default_io_accounting; +@@ -160,6 +160,7 @@ static bool arg_default_io_accounting; static bool arg_default_ip_accounting; static bool arg_default_blockio_accounting; static bool arg_default_memory_accounting; @@ -613,15 +682,15 @@ index 9282b09..c4564e8 100644 static bool arg_default_tasks_accounting; static TasksMax arg_default_tasks_max; static sd_id128_t arg_machine_id; -@@ -693,6 +694,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, - { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, - { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, -+ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting }, - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, -@@ -764,6 +766,7 @@ static void set_manager_defaults(Manager *m) { +@@ -681,6 +682,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, + { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, + { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, ++ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action }, +@@ -762,6 +764,7 @@ static void set_manager_defaults(Manager *m) { m->default_ip_accounting = arg_default_ip_accounting; m->default_blockio_accounting = arg_default_blockio_accounting; m->default_memory_accounting = arg_default_memory_accounting; @@ -629,7 +698,7 @@ index 9282b09..c4564e8 100644 m->default_tasks_accounting = arg_default_tasks_accounting; m->default_tasks_max = arg_default_tasks_max; m->default_oom_policy = arg_default_oom_policy; -@@ -2358,6 +2361,7 @@ static void reset_arguments(void) { +@@ -2457,6 +2460,7 @@ static void reset_arguments(void) { arg_default_ip_accounting = false; arg_default_blockio_accounting = false; arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT; @@ -638,22 +707,22 @@ index 9282b09..c4564e8 100644 arg_default_tasks_max = DEFAULT_TASKS_MAX; arg_machine_id = (sd_id128_t) {}; diff --git a/src/core/manager.c b/src/core/manager.c -index 38482c0..3a12d6d 100644 +index 2c8c726..011de6b 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -776,6 +776,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager +@@ -833,6 +833,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager * .default_timer_accuracy_usec = USEC_PER_MINUTE, .default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT, + .default_cpuset_accounting = false, .default_tasks_accounting = true, .default_tasks_max = TASKS_MAX_UNSET, - .default_timeout_start_usec = DEFAULT_TIMEOUT_USEC, + .default_timeout_start_usec = manager_default_timeout(scope == LOOKUP_SCOPE_SYSTEM), diff --git a/src/core/manager.h b/src/core/manager.h -index 0c39626..f658caa 100644 +index e7b594f..c4edacc 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -360,6 +360,7 @@ struct Manager { +@@ -365,6 +365,7 @@ struct Manager { bool default_cpu_accounting; bool default_memory_accounting; @@ -662,22 +731,22 @@ index 0c39626..f658caa 100644 bool default_blockio_accounting; bool default_tasks_accounting; diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index f2c75fc..fcc20d0 100644 +index 1349b1f..a0ef2bf 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -53,6 +53,7 @@ +@@ -55,6 +55,7 @@ + #DefaultIOAccounting=no #DefaultIPAccounting=no - #DefaultBlockIOAccounting=no #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} +#DefaultCpusetAccounting= #DefaultTasksAccounting=yes #DefaultTasksMax=80% #DefaultLimitCPU= diff --git a/src/core/unit.c b/src/core/unit.c -index e30c14b..bfd47cf 100644 +index 5e230ef..9ac41b4 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -176,6 +176,7 @@ static void unit_init(Unit *u) { +@@ -179,6 +179,7 @@ static void unit_init(Unit *u) { cc->io_accounting = u->manager->default_io_accounting; cc->blockio_accounting = u->manager->default_blockio_accounting; cc->memory_accounting = u->manager->default_memory_accounting; @@ -686,10 +755,10 @@ index e30c14b..bfd47cf 100644 cc->ip_accounting = u->manager->default_ip_accounting; diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index d3a5b25..caad3ab 100644 +index 1e95e36..e1aed3d 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c -@@ -460,7 +460,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons +@@ -481,7 +481,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons "IOAccounting", "BlockIOAccounting", "TasksAccounting", @@ -701,7 +770,7 @@ index d3a5b25..caad3ab 100644 return bus_append_parse_boolean(m, field, eq); if (STR_IN_SET(field, "CPUWeight", -@@ -561,6 +564,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons +@@ -587,6 +590,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons return bus_append_parse_size(m, field, eq, 1024); } @@ -719,7 +788,7 @@ index d3a5b25..caad3ab 100644 if (isempty(eq)) r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); diff --git a/src/shared/cpu-set-util.c b/src/shared/cpu-set-util.c -index e3e6963..2cb4a36 100644 +index 34c13cf..68da01b 100644 --- a/src/shared/cpu-set-util.c +++ b/src/shared/cpu-set-util.c @@ -7,6 +7,7 @@ @@ -731,10 +800,10 @@ index e3e6963..2cb4a36 100644 #include "errno-util.h" #include "extract-word.h" diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c -index 19e159b..425fe19 100644 +index 57483f7..e969569 100644 --- a/src/test/test-cgroup-mask.c +++ b/src/test/test-cgroup-mask.c -@@ -55,6 +55,7 @@ static int test_cgroup_mask(void) { +@@ -55,6 +55,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) { * else. */ m->default_cpu_accounting = m->default_memory_accounting = @@ -744,10 +813,10 @@ index 19e159b..425fe19 100644 m->default_tasks_accounting = false; @@ -140,10 +141,10 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { - static void test_cg_mask_to_string(void) { + TEST(cg_mask_to_string) { test_cg_mask_to_string_one(0, NULL); -- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset io blkio memory devices pids bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); -+ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); +- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset io blkio memory devices pids bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); ++ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); - test_cg_mask_to_string_one(CGROUP_MASK_CPUSET, "cpuset"); @@ -756,10 +825,10 @@ index 19e159b..425fe19 100644 test_cg_mask_to_string_one(CGROUP_MASK_BLKIO, "blkio"); test_cg_mask_to_string_one(CGROUP_MASK_MEMORY, "memory"); diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 3039d1c..5f8cdd8 100644 +index f8237d7..dcf99e1 100644 --- a/test/fuzz/fuzz-unit-file/directives-all.service +++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -48,6 +48,11 @@ BusName= +@@ -52,6 +52,11 @@ BusName= CoredumpFilter= CPUAccounting= CPUQuota= @@ -771,102 +840,6 @@ index 3039d1c..5f8cdd8 100644 CPUShares= CPUWeight= CapabilityBoundingSet= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 451f291..3adfd5b 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -19,6 +19,11 @@ CPUQuotaPeriodSec= - CPUSchedulingPolicy= - CPUSchedulingPriority= - CPUSchedulingResetOnFork= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CacheDirectory= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index 7e69cf8..c953f9c 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -11,6 +11,11 @@ BlockIOWriteBandwidth= - CPUAccounting= - CPUQuota= - CPUQuotaPeriodSec= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - DefaultMemoryLow= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index de7d2c7..aa5ad32 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -63,6 +63,11 @@ ConditionSecurity= - ConditionUser= - ConditionVirtualization= - Conflicts= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - DefaultDependencies= - Description= - Documentation= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 789ac8f..54cb55d 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -11,6 +11,11 @@ BlockIOWriteBandwidth= - CPUAccounting= - CPUQuota= - CPUQuotaPeriodSec= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - DefaultMemoryLow= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index 11f589e..aa9e758 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -24,6 +24,11 @@ CPUQuotaPeriodSec= - CPUSchedulingPolicy= - CPUSchedulingPriority= - CPUSchedulingResetOnFork= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CacheDirectory= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index 582a136..bc07775 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -19,6 +19,11 @@ CPUQuotaPeriodSec= - CPUSchedulingPolicy= - CPUSchedulingPriority= - CPUSchedulingResetOnFork= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CacheDirectory= -- -2.23.0 +2.33.0 diff --git a/core-cgroup-support-default-slice-for-all-uni.patch b/core-cgroup-support-default-slice-for-all-uni.patch index 361286c7e6d7c76144ae9f02ad3bee42ed36367f..74a25ef7d6a6044cc5bedd745117417a6c7cd684 100644 --- a/core-cgroup-support-default-slice-for-all-uni.patch +++ b/core-cgroup-support-default-slice-for-all-uni.patch @@ -7,15 +7,15 @@ With this patch, users can specify a default slice for all units by adding DefaultUnitSlice=xxx.slice in /etc/systemd/system.conf. --- src/core/main.c | 22 +++++++++++ - src/core/manager.h | 2 + + src/core/manager.h | 3 ++ src/core/unit.c | 98 ++++++++++++++++++++++++++++++++++++++++++---- - 3 files changed, 114 insertions(+), 8 deletions(-) + 3 files changed, 115 insertions(+), 8 deletions(-) diff --git a/src/core/main.c b/src/core/main.c -index 48e8a4b..c3d9e1c 100644 +index 809ed76..500691a 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -159,6 +159,7 @@ static EmergencyAction arg_cad_burst_action; +@@ -171,6 +171,7 @@ static EmergencyAction arg_cad_burst_action; static OOMPolicy arg_default_oom_policy; static CPUSet arg_cpu_affinity; static NUMAPolicy arg_numa_policy; @@ -23,16 +23,16 @@ index 48e8a4b..c3d9e1c 100644 static usec_t arg_clock_usec; static void *arg_random_seed; static size_t arg_random_seed_size; -@@ -705,6 +706,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, - { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, -+ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, - {} - }; - -@@ -784,6 +786,26 @@ static void set_manager_defaults(Manager *m) { - +@@ -694,6 +695,7 @@ static int parse_config_file(void) { + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action }, + { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, + { "Manager", "DefaultOOMScoreAdjust", config_parse_oom_score_adjust, 0, NULL }, ++ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, + { "Manager", "ReloadLimitIntervalSec", config_parse_sec, 0, &arg_reload_limit_interval_sec }, + { "Manager", "ReloadLimitBurst", config_parse_unsigned, 0, &arg_reload_limit_burst }, + #if ENABLE_SMACK +@@ -786,6 +788,26 @@ static void set_manager_defaults(Manager *m) { + (void) manager_default_environment(m); (void) manager_transient_environment_add(m, arg_default_environment); + if (m->default_unit_slice) @@ -56,36 +56,37 @@ index 48e8a4b..c3d9e1c 100644 + arg_default_unit_slice = NULL; + } } - + static void set_manager_settings(Manager *m) { diff --git a/src/core/manager.h b/src/core/manager.h -index 25d058f..ddddc8e 100644 +index 814421f..9e391b1 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -23,6 +23,7 @@ typedef struct Unit Unit; - +@@ -22,6 +22,7 @@ typedef struct Unit Unit; + /* Enforce upper limit how many names we allow */ #define MANAGER_MAX_NAMES 131072 /* 128K */ +#define DEFAULT_UNIT_NAME_LEN_MAX 32 - + typedef struct Manager Manager; - -@@ -445,6 +446,7 @@ struct Manager { + +@@ -455,6 +456,8 @@ struct Manager { unsigned sigchldgen; unsigned notifygen; - + + char *default_unit_slice; - bool in_manager_catchup; - ++ VarlinkServer *varlink_server; + /* When we're a system manager, this object manages the subscription from systemd-oomd to PID1 that's + * used to report changes in ManagedOOM settings (systemd server - oomd client). When diff --git a/src/core/unit.c b/src/core/unit.c -index cbb02ea..e3dee86 100644 +index eef05d0..cc74a43 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -3316,6 +3316,58 @@ int unit_set_slice(Unit *u, Unit *slice) { +@@ -3340,6 +3340,58 @@ int unit_set_slice(Unit *u, Unit *slice) { return 1; } - + +/* system-xxx.slice, xxx must be (a b c/A B C...and 0 1 2...) */ +static bool slicename_is_valid(const char *slicename) { + const char *str_start = "system-"; @@ -141,10 +142,10 @@ index cbb02ea..e3dee86 100644 int unit_set_default_slice(Unit *u) { const char *slice_name; Unit *slice; -@@ -3326,6 +3378,20 @@ int unit_set_default_slice(Unit *u) { +@@ -3353,6 +3405,20 @@ int unit_set_default_slice(Unit *u) { if (UNIT_GET_SLICE(u)) return 0; - + + bool isdefaultslice = false; + char *default_unit_slice = u->manager->default_unit_slice; + @@ -161,11 +162,11 @@ index cbb02ea..e3dee86 100644 + if (u->instance) { _cleanup_free_ char *prefix = NULL, *escaped = NULL; - -@@ -3343,24 +3409,40 @@ int unit_set_default_slice(Unit *u) { + +@@ -3370,24 +3436,40 @@ int unit_set_default_slice(Unit *u) { if (!escaped) return -ENOMEM; - + - if (MANAGER_IS_SYSTEM(u->manager)) - slice_name = strjoina("system-", escaped, ".slice"); - else @@ -182,7 +183,7 @@ index cbb02ea..e3dee86 100644 + slice_name = strjoina("system-", escaped, ".slice"); + } else slice_name = strjoina("app-", escaped, ".slice"); - + - } else if (unit_is_extrinsic(u)) + } else if (unit_is_extrinsic(u)) { /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in @@ -202,15 +203,15 @@ index cbb02ea..e3dee86 100644 slice_name = SPECIAL_APP_SLICE; + isdefaultslice = false; + } - + r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice); if (r < 0) return r; + if (isdefaultslice) + slice->default_dependencies=false; - + return unit_set_slice(u, slice); } --- -2.27.0 +-- +2.33.0 diff --git a/core-cgroup-support-freezer.patch b/core-cgroup-support-freezer.patch index e38319097a93a7ff2c21eb25375616c76383a279..8511989728a4dc70adc6db40de53c36f3b8af8a2 100644 --- a/core-cgroup-support-freezer.patch +++ b/core-cgroup-support-freezer.patch @@ -23,20 +23,14 @@ This patch add support for freezer subsystem. src/test/test-cgroup-freezer.c | 43 +++++++++++++++++++ src/test/test-cgroup-mask.c | 3 +- .../fuzz-unit-file/directives-all.service | 2 + - test/fuzz/fuzz-unit-file/directives.mount | 2 + - test/fuzz/fuzz-unit-file/directives.scope | 2 + - test/fuzz/fuzz-unit-file/directives.service | 2 + - test/fuzz/fuzz-unit-file/directives.slice | 2 + - test/fuzz/fuzz-unit-file/directives.socket | 2 + - test/fuzz/fuzz-unit-file/directives.swap | 2 + - 24 files changed, 173 insertions(+), 2 deletions(-) + 18 files changed, 161 insertions(+), 2 deletions(-) create mode 100644 src/test/test-cgroup-freezer.c diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 01a4181..f912b65 100644 +index 1bb07f7..ac25693 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c -@@ -2162,6 +2162,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { +@@ -2255,6 +2255,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { [CGROUP_CONTROLLER_DEVICES] = "devices", [CGROUP_CONTROLLER_PIDS] = "pids", [CGROUP_CONTROLLER_CPUSET] = "cpuset", @@ -45,10 +39,10 @@ index 01a4181..f912b65 100644 [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index 06a23ff..a491eca 100644 +index 764d47a..147c956 100644 --- a/src/basic/cgroup-util.h +++ b/src/basic/cgroup-util.h -@@ -27,6 +27,7 @@ typedef enum CGroupController { +@@ -28,6 +28,7 @@ typedef enum CGroupController { CGROUP_CONTROLLER_DEVICES, /* v1 only */ CGROUP_CONTROLLER_PIDS, CGROUP_CONTROLLER_CPUSET, @@ -56,7 +50,7 @@ index 06a23ff..a491eca 100644 /* BPF-based pseudo-controllers, v2 only */ CGROUP_CONTROLLER_BPF_FIREWALL, -@@ -51,13 +52,14 @@ typedef enum CGroupMask { +@@ -56,6 +57,7 @@ typedef enum CGroupMask { CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), @@ -64,7 +58,8 @@ index 06a23ff..a491eca 100644 CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), - CGROUP_MASK_BPF_SOCKET_BIND = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_SOCKET_BIND), +@@ -63,7 +65,7 @@ typedef enum CGroupMask { + CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_RESTRICT_NETWORK_INTERFACES), /* All real cgroup v1 controllers */ - CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, @@ -73,10 +68,10 @@ index 06a23ff..a491eca 100644 /* All real cgroup v2 controllers */ CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 83e94c7..f811a8b 100644 +index a6396e1..7d1e59b 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -139,6 +139,7 @@ void cgroup_context_init(CGroupContext *c) { +@@ -162,6 +162,7 @@ void cgroup_context_init(CGroupContext *c) { .startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID, .tasks_max = TASKS_MAX_UNSET, @@ -84,17 +79,17 @@ index 83e94c7..f811a8b 100644 .moom_swap = MANAGED_OOM_AUTO, .moom_mem_pressure = MANAGED_OOM_AUTO, -@@ -260,6 +261,9 @@ void cgroup_context_done(CGroupContext *c) { - - cpu_set_reset(&c->cpuset_cpus2); +@@ -287,6 +288,9 @@ void cgroup_context_done(CGroupContext *c) { + cpu_set_reset(&c->startup_cpuset_cpus2); cpu_set_reset(&c->cpuset_mems2); + cpu_set_reset(&c->startup_cpuset_mems2); + + if (c->freezer_state) + c->freezer_state = mfree(c->freezer_state); } static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) { -@@ -433,6 +437,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +@@ -451,6 +455,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { "%sBlockIOAccounting: %s\n" "%sMemoryAccounting: %s\n" "%sCPUSetAccounting: %s\n" @@ -102,7 +97,7 @@ index 83e94c7..f811a8b 100644 "%sTasksAccounting: %s\n" "%sIPAccounting: %s\n" "%sCPUWeight: %" PRIu64 "\n" -@@ -460,6 +465,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +@@ -481,6 +486,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { "%sCPUSetCloneChildren=%s\n" "%sCPUSetMemMigrate=%s\n" "%sTasksMax: %" PRIu64 "\n" @@ -110,7 +105,7 @@ index 83e94c7..f811a8b 100644 "%sDevicePolicy: %s\n" "%sDisableControllers: %s\n" "%sDelegate: %s\n" -@@ -472,6 +478,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +@@ -493,6 +499,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, yes_no(c->blockio_accounting), prefix, yes_no(c->memory_accounting), prefix, yes_no(c->cpuset_accounting), @@ -118,7 +113,7 @@ index 83e94c7..f811a8b 100644 prefix, yes_no(c->tasks_accounting), prefix, yes_no(c->ip_accounting), prefix, c->cpu_weight, -@@ -499,6 +506,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +@@ -523,6 +530,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, yes_no(c->cpuset_clone_children), prefix, yes_no(c->cpuset_memory_migrate), prefix, tasks_max_resolve(&c->tasks_max), @@ -126,7 +121,7 @@ index 83e94c7..f811a8b 100644 prefix, cgroup_device_policy_to_string(c->device_policy), prefix, strempty(disable_controllers_str), prefix, yes_no(c->delegate), -@@ -1566,6 +1574,11 @@ static void cgroup_context_apply( +@@ -1722,6 +1730,11 @@ static void cgroup_context_apply( } } @@ -138,7 +133,7 @@ index 83e94c7..f811a8b 100644 /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of * containers, where we leave this to the manager */ if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && -@@ -1708,6 +1721,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { +@@ -1878,6 +1891,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { c->cpuset_mems) mask |= CGROUP_MASK_CPUSET; @@ -149,7 +144,7 @@ index 83e94c7..f811a8b 100644 c->device_policy != CGROUP_DEVICE_POLICY_AUTO) mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index 1e27104..6833d5b 100644 +index 501cba4..2251548 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -116,6 +116,7 @@ struct CGroupContext { @@ -160,7 +155,7 @@ index 1e27104..6833d5b 100644 bool tasks_accounting; bool ip_accounting; -@@ -186,6 +187,9 @@ struct CGroupContext { +@@ -196,6 +197,9 @@ struct CGroupContext { /* Common */ TasksMax tasks_max; @@ -171,10 +166,10 @@ index 1e27104..6833d5b 100644 ManagedOOMMode moom_swap; ManagedOOMMode moom_mem_pressure; diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 0cdc98c..8527a1a 100644 +index c3b140e..c51a8b7 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c -@@ -445,6 +445,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { +@@ -475,6 +475,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), @@ -183,7 +178,7 @@ index 0cdc98c..8527a1a 100644 SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), -@@ -1073,6 +1075,9 @@ int bus_cgroup_set_property( +@@ -1137,6 +1139,9 @@ int bus_cgroup_set_property( if (streq(name, "CPUSetAccounting")) return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); @@ -193,7 +188,7 @@ index 0cdc98c..8527a1a 100644 if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { const char *cpuset_str = NULL; -@@ -1107,6 +1112,30 @@ int bus_cgroup_set_property( +@@ -1171,6 +1176,30 @@ int bus_cgroup_set_property( if (streq(name, "CPUSetMemMigrate")) return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); @@ -225,10 +220,10 @@ index 0cdc98c..8527a1a 100644 return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 82896af..184df9d 100644 +index d6f45a7..7e57a32 100644 --- a/src/core/dbus-manager.c +++ b/src/core/dbus-manager.c -@@ -2691,6 +2691,7 @@ const sd_bus_vtable bus_manager_vtable[] = { +@@ -2911,6 +2911,7 @@ const sd_bus_vtable bus_manager_vtable[] = { SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, default_blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, default_memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), @@ -237,10 +232,10 @@ index 82896af..184df9d 100644 SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 60c9dbc..5b7ecd2 100644 +index 8600faa..eb68807 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in -@@ -202,6 +202,8 @@ +@@ -213,6 +213,8 @@ {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) {{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) {{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) @@ -250,10 +245,10 @@ index 60c9dbc..5b7ecd2 100644 {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 5f6a703..d5eb932 100644 +index b0feac7..d01b6c4 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c -@@ -3791,6 +3791,39 @@ int config_parse_cpuset_cpumems( +@@ -3933,6 +3933,39 @@ int config_parse_cpuset_cpumems( return 0; } @@ -294,10 +289,10 @@ index 5f6a703..d5eb932 100644 const char *unit, const char *filename, diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h -index 1ecad67..090776c 100644 +index 405681f..d5437ea 100644 --- a/src/core/load-fragment.h +++ b/src/core/load-fragment.h -@@ -75,6 +75,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); +@@ -82,6 +82,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight); CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); @@ -306,10 +301,10 @@ index 1ecad67..090776c 100644 CONFIG_PARSER_PROTOTYPE(config_parse_delegate); CONFIG_PARSER_PROTOTYPE(config_parse_managed_oom_mode); diff --git a/src/core/main.c b/src/core/main.c -index 6309aab..9cc7fec 100644 +index e64882c..9f62b9d 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -149,6 +149,7 @@ static bool arg_default_ip_accounting; +@@ -161,6 +161,7 @@ static bool arg_default_ip_accounting; static bool arg_default_blockio_accounting; static bool arg_default_memory_accounting; static bool arg_default_cpuset_accounting; @@ -317,15 +312,15 @@ index 6309aab..9cc7fec 100644 static bool arg_default_tasks_accounting; static TasksMax arg_default_tasks_max; static sd_id128_t arg_machine_id; -@@ -695,6 +696,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, - { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, - { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting }, -+ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, -@@ -767,6 +769,7 @@ static void set_manager_defaults(Manager *m) { +@@ -683,6 +684,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, + { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, + { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting }, ++ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action }, +@@ -765,6 +767,7 @@ static void set_manager_defaults(Manager *m) { m->default_blockio_accounting = arg_default_blockio_accounting; m->default_memory_accounting = arg_default_memory_accounting; m->default_cpuset_accounting = arg_default_cpuset_accounting; @@ -333,7 +328,7 @@ index 6309aab..9cc7fec 100644 m->default_tasks_accounting = arg_default_tasks_accounting; m->default_tasks_max = arg_default_tasks_max; m->default_oom_policy = arg_default_oom_policy; -@@ -2405,6 +2408,7 @@ static void reset_arguments(void) { +@@ -2461,6 +2464,7 @@ static void reset_arguments(void) { arg_default_blockio_accounting = false; arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT; arg_default_cpuset_accounting = false; @@ -342,10 +337,10 @@ index 6309aab..9cc7fec 100644 arg_default_tasks_max = DEFAULT_TASKS_MAX; arg_machine_id = (sd_id128_t) {}; diff --git a/src/core/manager.h b/src/core/manager.h -index b7a51cf..72fd86e 100644 +index c4edacc..0196c52 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -361,6 +361,7 @@ struct Manager { +@@ -366,6 +366,7 @@ struct Manager { bool default_cpu_accounting; bool default_memory_accounting; bool default_cpuset_accounting; @@ -354,11 +349,11 @@ index b7a51cf..72fd86e 100644 bool default_blockio_accounting; bool default_tasks_accounting; diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index fcc20d0..f97bd2f 100644 +index a0ef2bf..a44511b 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -54,6 +54,7 @@ - #DefaultBlockIOAccounting=no +@@ -56,6 +56,7 @@ + #DefaultIPAccounting=no #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} #DefaultCpusetAccounting= +#DefaultFreezerAccounting=no @@ -366,10 +361,10 @@ index fcc20d0..f97bd2f 100644 #DefaultTasksMax=80% #DefaultLimitCPU= diff --git a/src/core/unit.c b/src/core/unit.c -index 2f20053..70849e4 100644 +index 9ac41b4..eef05d0 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -177,6 +177,7 @@ static void unit_init(Unit *u) { +@@ -180,6 +180,7 @@ static void unit_init(Unit *u) { cc->blockio_accounting = u->manager->default_blockio_accounting; cc->memory_accounting = u->manager->default_memory_accounting; cc->cpuset_accounting = u->manager->default_cpuset_accounting; @@ -378,10 +373,10 @@ index 2f20053..70849e4 100644 cc->ip_accounting = u->manager->default_ip_accounting; diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index caad3ab..f20fcbf 100644 +index e1aed3d..a174e3e 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c -@@ -462,6 +462,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons +@@ -483,6 +483,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons "TasksAccounting", "IPAccounting", "CPUSetAccounting", @@ -389,7 +384,7 @@ index caad3ab..f20fcbf 100644 "CPUSetCloneChildren", "CPUSetMemMigrate")) return bus_append_parse_boolean(m, field, eq); -@@ -574,6 +575,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons +@@ -600,6 +601,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons return 1; } @@ -407,20 +402,20 @@ index caad3ab..f20fcbf 100644 if (isempty(eq)) r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); diff --git a/src/test/meson.build b/src/test/meson.build -index c0faeb4..fc891bb 100644 +index 34dbd6d..be99212 100644 --- a/src/test/meson.build +++ b/src/test/meson.build -@@ -450,6 +450,12 @@ tests += [ +@@ -525,6 +525,12 @@ tests += [ [], core_includes], -+ [['src/test/test-cgroup-freezer.c'], ++ [files('test-cgroup-freezer.c'), + [libcore, + libshared], + [], + core_includes], + - [['src/test/test-cgroup-unit-default.c'], + [files('test-cgroup-unit-default.c'), [libcore, libshared], diff --git a/src/test/test-cgroup-freezer.c b/src/test/test-cgroup-freezer.c @@ -473,10 +468,10 @@ index 0000000..a533d16 + return 0; +} diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c -index 425fe19..31fd5d0 100644 +index e969569..e76f252 100644 --- a/src/test/test-cgroup-mask.c +++ b/src/test/test-cgroup-mask.c -@@ -56,6 +56,7 @@ static int test_cgroup_mask(void) { +@@ -56,6 +56,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) { m->default_cpu_accounting = m->default_memory_accounting = m->default_cpuset_accounting = @@ -486,18 +481,18 @@ index 425fe19..31fd5d0 100644 m->default_tasks_accounting = false; @@ -141,7 +142,7 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { - static void test_cg_mask_to_string(void) { + TEST(cg_mask_to_string) { test_cg_mask_to_string_one(0, NULL); -- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); -+ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset freezer bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); +- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); ++ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset freezer bpf-firewall bpf-devices bpf-foreign bpf-socket-bind bpf-restrict-network-interfaces"); test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); test_cg_mask_to_string_one(CGROUP_MASK_CPUSET2, "cpuset2"); diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 5f8cdd8..1cd161d 100644 +index dcf99e1..1a5cd5d 100644 --- a/test/fuzz/fuzz-unit-file/directives-all.service +++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -107,6 +107,8 @@ FileDescriptorName= +@@ -115,6 +115,8 @@ FileDescriptorName= FileDescriptorStoreMax= ForceUnmount= FreeBind= @@ -506,84 +501,6 @@ index 5f8cdd8..1cd161d 100644 Group= GuessMainPID= IOAccounting= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 3adfd5b..53c035a 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -47,6 +47,8 @@ ExecPaths= - ExtensionImages= - FinalKillSignal= - ForceUnmount= -+FreezerAccounting= -+FreezerState= - Group= - IOAccounting= - IODeviceLatencyTargetSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index c953f9c..1dd6c60 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -25,6 +25,8 @@ DeviceAllow= - DevicePolicy= - DisableControllers= - FinalKillSignal= -+FreezerAccounting= -+FreezerState= - IOAccounting= - IODeviceLatencyTargetSec= - IODeviceWeight= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index aa5ad32..a5f7f07 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -73,6 +73,8 @@ Description= - Documentation= - FailureAction= - FailureActionExitStatus= -+FreezerAccounting= -+FreezerState= - IgnoreOnIsolate= - IgnoreOnSnapshot= - JobRunningTimeoutSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 54cb55d..2328a24 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -24,6 +24,8 @@ Delegate= - DeviceAllow= - DevicePolicy= - DisableControllers= -+FreezerAccounting= -+FreezerState= - IOAccounting= - IODeviceLatencyTargetSec= - IODeviceWeight= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index aa9e758..6fb1e5f 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -59,6 +59,8 @@ FileDescriptorName= - FinalKillSignal= - FlushPending= - FreeBind= -+FreezerAccounting= -+FreezerState= - Group= - IOAccounting= - IODeviceLatencyTargetSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index bc07775..6ca6198 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -45,6 +45,8 @@ EnvironmentFile= - ExecPaths= - ExtensionImages= - FinalKillSignal= -+FreezerAccounting= -+FreezerState= - Group= - IOAccounting= - IODeviceLatencyTargetSec= -- -2.23.0 +2.33.0 diff --git a/core-cgroup-support-memorysw.patch b/core-cgroup-support-memorysw.patch index 5b2141d951323010b66d1490c0df1ea1d492334d..2c0a9e898d5567557db8c9b057b3faca9b41d2bb 100644 --- a/core-cgroup-support-memorysw.patch +++ b/core-cgroup-support-memorysw.patch @@ -10,68 +10,63 @@ This patch enables setting memory.memsw.limit_in_bytes by MemoryMemswLimit. src/core/cgroup.h | 1 + src/core/dbus-cgroup.c | 4 ++++ src/core/load-fragment-gperf.gperf.in | 1 + - src/core/load-fragment.c | 2 ++ + src/core/load-fragment.c | 10 ++++++---- src/shared/bus-print-properties.c | 2 +- src/shared/bus-unit-util.c | 1 + test/fuzz/fuzz-unit-file/directives-all.service | 1 + - test/fuzz/fuzz-unit-file/directives.mount | 1 + - test/fuzz/fuzz-unit-file/directives.scope | 1 + - test/fuzz/fuzz-unit-file/directives.service | 1 + - test/fuzz/fuzz-unit-file/directives.slice | 1 + - test/fuzz/fuzz-unit-file/directives.socket | 1 + - test/fuzz/fuzz-unit-file/directives.swap | 1 + - 14 files changed, 32 insertions(+), 3 deletions(-) + 8 files changed, 30 insertions(+), 7 deletions(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index d9b1d9b..4eedaf7 100644 +index 7d1e59b..f827219 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -125,6 +125,7 @@ void cgroup_context_init(CGroupContext *c) { - .memory_swap_max = CGROUP_LIMIT_MAX, - +@@ -154,6 +154,7 @@ void cgroup_context_init(CGroupContext *c) { + .memory_zswap_max = CGROUP_LIMIT_MAX, + .memory_limit = CGROUP_LIMIT_MAX, + .memory_memsw_limit = CGROUP_LIMIT_MAX, - + .io_weight = CGROUP_WEIGHT_INVALID, .startup_io_weight = CGROUP_WEIGHT_INVALID, -@@ -454,6 +455,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sMemoryMax: %" PRIu64 "%s\n" +@@ -481,6 +482,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { "%sMemorySwapMax: %" PRIu64 "%s\n" + "%sMemoryZSwapMax: %" PRIu64 "%s\n" "%sMemoryLimit: %" PRIu64 "\n" + "%sMemoryMemswLimit=%" PRIu64 "\n" "%sCPUSetCpus=%s\n" "%sCPUSetMems=%s\n" "%sCPUSetCloneChildren=%s\n" -@@ -495,6 +497,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), +@@ -525,6 +527,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), + prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"), prefix, c->memory_limit, + prefix, c->memory_memsw_limit, prefix, c->cpuset_cpus, prefix, c->cpuset_mems, prefix, yes_no(c->cpuset_clone_children), -@@ -1484,13 +1487,16 @@ static void cgroup_context_apply( - +@@ -1673,14 +1676,17 @@ static void cgroup_context_apply( + } else { char buf[DECIMAL_STR_MAX(uint64_t) + 1]; - uint64_t val; + uint64_t val, sw_val; - + if (unit_has_unified_memory_config(u)) { val = c->memory_max; + sw_val = CGROUP_LIMIT_MAX; - log_cgroup_compat(u, "Applying MemoryMax=%" PRIi64 " as MemoryLimit=", val); + if (val != CGROUP_LIMIT_MAX) + log_cgroup_compat(u, "Applying MemoryMax=%" PRIu64 " as MemoryLimit=", val); - } else + } else { val = c->memory_limit; + sw_val = c->memory_memsw_limit; + } - + if (val == CGROUP_LIMIT_MAX) strncpy(buf, "-1\n", sizeof(buf)); -@@ -1498,6 +1504,12 @@ static void cgroup_context_apply( +@@ -1688,6 +1694,12 @@ static void cgroup_context_apply( xsprintf(buf, "%" PRIu64 "\n", val); - + (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf); + + if (sw_val == CGROUP_LIMIT_MAX) @@ -81,43 +76,43 @@ index d9b1d9b..4eedaf7 100644 + (void) set_attribute_and_warn(u, "memory", "memory.memsw.limit_in_bytes", buf); } } - -@@ -1679,6 +1691,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { - + +@@ -1883,6 +1895,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + if (c->memory_accounting || c->memory_limit != CGROUP_LIMIT_MAX || + c->memory_memsw_limit != CGROUP_LIMIT_MAX || unit_has_unified_memory_config(u)) mask |= CGROUP_MASK_MEMORY; - + diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index 9177415..1a36c2d 100644 +index 2251548..313b63c 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h -@@ -177,6 +177,7 @@ struct CGroupContext { +@@ -187,6 +187,7 @@ struct CGroupContext { LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths); - + uint64_t memory_limit; + uint64_t memory_memsw_limit; - + CGroupDevicePolicy device_policy; LIST_HEAD(CGroupDeviceAllow, device_allow); diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 509ae4f..a200710 100644 +index c51a8b7..e54657e 100644 --- a/src/core/dbus-cgroup.c +++ b/src/core/dbus-cgroup.c -@@ -440,6 +440,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), +@@ -470,6 +470,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), + SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0), SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), + SD_BUS_PROPERTY("MemoryMemswLimit", "t", NULL, offsetof(CGroupContext, memory_memsw_limit), 0), SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), -@@ -1032,6 +1033,9 @@ int bus_cgroup_set_property( +@@ -1093,6 +1094,9 @@ int bus_cgroup_set_property( if (streq(name, "MemoryLimit")) return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error); - + + if (streq(name, "MemoryMemswLimit")) + return bus_cgroup_set_memory(u, name, &c->memory_memsw_limit, message, flags, error); + @@ -125,139 +120,67 @@ index 509ae4f..a200710 100644 r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); if (r > 0) diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 5b7ecd2..0702aa0 100644 +index eb68807..c1bc771 100644 --- a/src/core/load-fragment-gperf.gperf.in +++ b/src/core/load-fragment-gperf.gperf.in -@@ -197,6 +197,7 @@ - {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) +@@ -208,6 +208,7 @@ {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) +{{type}}.MemoryMemswLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) {{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) {{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 1fb097d..a2ad32b 100644 +index d01b6c4..8d2171f 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c -@@ -3716,6 +3716,8 @@ int config_parse_memory_limit( +@@ -3854,6 +3854,8 @@ int config_parse_memory_limit( c->memory_swap_max = bytes; - else if (streq(lvalue, "MemoryLimit")) - c->memory_limit = bytes; + else if (streq(lvalue, "MemoryZSwapMax")) + c->memory_zswap_max = bytes; + else if (streq(lvalue, "MemoryMemswLimit")) + c->memory_memsw_limit = bytes; - else - return -EINVAL; - + else if (streq(lvalue, "MemoryLimit")) { + log_syntax(unit, LOG_WARNING, filename, line, 0, + "Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon."); diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c -index b459219..a16aca8 100644 +index 9369866..9e26b71 100644 --- a/src/shared/bus-print-properties.c +++ b/src/shared/bus-print-properties.c -@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b - +@@ -162,7 +162,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b + bus_print_property_value(name, expected_value, flags, "[not set]"); - -- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || -+ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryMemswLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || + +- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || ++ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryMemswLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || (startswith(name, "Limit") && u == UINT64_MAX) || (startswith(name, "DefaultLimit") && u == UINT64_MAX)) diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index f20fcbf..b4b04e1 100644 +index a174e3e..984dfa9 100644 --- a/src/shared/bus-unit-util.c +++ b/src/shared/bus-unit-util.c -@@ -521,6 +521,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - "MemoryMax", +@@ -547,6 +547,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons "MemorySwapMax", + "MemoryZSwapMax", "MemoryLimit", + "MemoryMemswLimit", "TasksMax")) { - + if (streq(eq, "infinity")) { diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 1cd161d..208c33b 100644 +index 1a5cd5d..59c693d 100644 --- a/test/fuzz/fuzz-unit-file/directives-all.service +++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -158,6 +158,7 @@ MemoryHigh= +@@ -166,6 +166,7 @@ MemoryHigh= MemoryLimit= MemoryLow= MemoryMax= +MemoryMemswLimit= MemorySwapMax= + MemoryZSwapMax= MessageQueueMaxMessages= - MessageQueueMessageSize= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 53c035a..0c3cd57 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -109,6 +109,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MountAPIVFS= - MountFlags= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index 1dd6c60..36a60f6 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -52,6 +52,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - NetClass= - RestartKillSignal= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index a5f7f07..8044977 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -231,6 +231,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MountAPIVFS= - MountFlags= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 2328a24..097ff4e 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -49,6 +49,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - NetClass= - Slice= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index 6fb1e5f..c372f1e 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -137,6 +137,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index 6ca6198..a46164e 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -106,6 +106,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MountAPIVFS= - MountFlags= --- -2.23.0 +-- +2.33.0 diff --git a/core-skip-change-device-to-dead-in-manager_catchup-d.patch b/core-skip-change-device-to-dead-in-manager_catchup-d.patch deleted file mode 100644 index 3c8bdbd870a27e639ac59a8147ad6aebc47da3af..0000000000000000000000000000000000000000 --- a/core-skip-change-device-to-dead-in-manager_catchup-d.patch +++ /dev/null @@ -1,106 +0,0 @@ -From e5c023a1c20058703f1517a48848b4ecec563db6 Mon Sep 17 00:00:00 2001 -From: xujing -Date: Mon, 10 Jan 2022 22:42:30 +0800 -Subject: [PATCH] core: skip change device to dead in manager_catchup during - booting - -There is a problem during booting as follows: -1.systemd is processing all udev devices state but not finished -2.now calling daemon-reload, it will serialize and deserialize the device state -3.after deserialize, some devices is processed finished, it will cause devices - state changed when calling manager_catchup and then set device to DEVICE_DEAD - later which will cause some fs unmounted. - -This patch just fix that fs will not unmounted during booting when calling -daemon-reload, if boot time is more than 10min, just ensure fs will not -unmounted during 10min after booting. ---- - src/core/device.c | 16 +++++++++++++++- - src/core/manager.c | 5 +++++ - src/core/manager.h | 2 ++ - 3 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 58007cc..7be59bd 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -728,7 +728,10 @@ static void device_process_new(Manager *m, sd_device *dev) { - } - - static void device_found_changed(Device *d, DeviceFound previous, DeviceFound now) { -+ Manager *m; -+ - assert(d); -+ m = UNIT(d)->manager; - - /* Didn't exist before, but does now? if so, generate a new invocation ID for it */ - if (previous == DEVICE_NOT_FOUND && now != DEVICE_NOT_FOUND) -@@ -741,10 +744,21 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no - /* If the device has not been seen by udev yet, but is now referenced by the kernel, then we assume the - * kernel knows it now, and udev might soon too. */ - device_set_state(d, DEVICE_TENTATIVE); -- else -+ else { -+ if (m->in_manager_catchup && !MANAGER_IS_FINISHED(m)) { -+ dual_timestamp boot_timestamp; -+ -+ dual_timestamp_get(&boot_timestamp); -+ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) { -+ log_info("Want to change device to dead in manager_catchup during booting, skipping!"); -+ return; -+ } -+ } -+ - /* If nobody sees the device, or if the device was previously seen by udev and now is only referenced - * from the kernel, then we consider the device is gone, the kernel just hasn't noticed it yet. */ - device_set_state(d, DEVICE_DEAD); -+ } - } - - static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { -diff --git a/src/core/manager.c b/src/core/manager.c -index 5becd30..c5dd041 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -811,6 +811,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager - .test_run_flags = test_run_flags, - - .default_oom_policy = OOM_STOP, -+ .in_manager_catchup = false, - }; - - #if ENABLE_EFI -@@ -1579,6 +1580,8 @@ static void manager_catchup(Manager *m) { - - log_debug("Invoking unit catchup() handlers…"); - -+ m->in_manager_catchup = true; -+ - /* Let's catch up on any state changes that happened while we were reloading/reexecing */ - HASHMAP_FOREACH_KEY(u, k, m->units) { - -@@ -1588,6 +1591,8 @@ static void manager_catchup(Manager *m) { - - unit_catchup(u); - } -+ -+ m->in_manager_catchup = false; - } - - static void manager_distribute_fds(Manager *m, FDSet *fds) { -diff --git a/src/core/manager.h b/src/core/manager.h -index 67c204f..d298dce 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -442,6 +442,8 @@ struct Manager { - unsigned sigchldgen; - unsigned notifygen; - -+ bool in_manager_catchup; -+ - VarlinkServer *varlink_server; - /* Only systemd-oomd should be using this to subscribe to changes in ManagedOOM settings */ - Varlink *managed_oom_varlink_request; --- -2.33.0 - diff --git a/core-update-arg_default_rlimit-in-bump_rlimit.patch b/core-update-arg_default_rlimit-in-bump_rlimit.patch index 796ff6d692885ed668d15182a424da1deb337b29..0b4e32732816fd6792645b594fe30c3b60f199ab 100644 --- a/core-update-arg_default_rlimit-in-bump_rlimit.patch +++ b/core-update-arg_default_rlimit-in-bump_rlimit.patch @@ -15,7 +15,7 @@ index a58f65a..4762669 100644 #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} #DefaultLimitAS= #DefaultLimitNPROC= --#DefaultLimitMEMLOCK= +-#DefaultLimitMEMLOCK=8M +DefaultLimitMEMLOCK=64M #DefaultLimitLOCKS= #DefaultLimitSIGPENDING= diff --git a/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch index 557e0dedd2b4ac81132032cea2cafc05c9418433..71f89109b5806af68e984ea457945beef4fb8a64 100644 --- a/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +++ b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch @@ -33,7 +33,7 @@ index e368ec8..9b4b5b1 100644 log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); - return; + restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; -+ r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec)); ++ r = service_arm_timer(s, /* relative= */ false, usec_add(now(CLOCK_MONOTONIC), restart_usec)); + if (r < 0) + goto fail; } diff --git a/delete-journal-files-except-system.journal-when-jour.patch b/delete-journal-files-except-system.journal-when-jour.patch index bb57e4e701ceae6c6b8c59cbdebd61e86f439e99..b6f3fdc8a32c57fc20f5947c2f3383eb7a37efd8 100644 --- a/delete-journal-files-except-system.journal-when-jour.patch +++ b/delete-journal-files-except-system.journal-when-jour.patch @@ -11,17 +11,17 @@ except system.journal, to ensure that the sd_journal_next function meets user expectations. --- meson.build | 2 ++ - src/basic/dirent-util.c | 24 ++++++++++++++++ + src/basic/dirent-util.c | 24 +++++++++++++++++ src/basic/dirent-util.h | 2 ++ - src/libsystemd/sd-journal/journal-file.c | 35 ++++++++++++++++++++++++ + src/libsystemd/sd-journal/journal-file.c | 34 ++++++++++++++++++++++++ src/libsystemd/sd-journal/sd-journal.c | 22 --------------- - 5 files changed, 63 insertions(+), 22 deletions(-) + 5 files changed, 62 insertions(+), 22 deletions(-) diff --git a/meson.build b/meson.build -index 278e264..9ab40b6 100644 +index 0372b17..8b1ce23 100644 --- a/meson.build +++ b/meson.build -@@ -1644,6 +1644,8 @@ basic_includes = include_directories( +@@ -2001,6 +2001,8 @@ basic_includes = include_directories( 'src/basic', 'src/fundamental', 'src/systemd', @@ -31,19 +31,19 @@ index 278e264..9ab40b6 100644 libsystemd_includes = [basic_includes, include_directories( diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c -index f6213a3..b227cae 100644 +index 17df6a2..e362554 100644 --- a/src/basic/dirent-util.c +++ b/src/basic/dirent-util.c -@@ -6,6 +6,8 @@ - #include "dirent-util.h" +@@ -7,6 +7,8 @@ #include "path-util.h" + #include "stat-util.h" #include "string-util.h" +#include "id128-util.h" +#include "syslog-util.h" - static int dirent_ensure_type(DIR *d, struct dirent *de) { - struct stat st; -@@ -59,6 +61,28 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { + int dirent_ensure_type(int dir_fd, struct dirent *de) { + STRUCT_STATX_DEFINE(sx); +@@ -65,6 +67,28 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { return endswith(de->d_name, suffix); } @@ -70,15 +70,15 @@ index f6213a3..b227cae 100644 +} + struct dirent *readdir_ensure_type(DIR *d) { - struct dirent *de; + int r; diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h -index c7956e7..f72a731 100644 +index 0f1fb23..2effce3 100644 --- a/src/basic/dirent-util.h +++ b/src/basic/dirent-util.h -@@ -11,6 +11,8 @@ - bool dirent_is_file(const struct dirent *de) _pure_; +@@ -12,6 +12,8 @@ bool dirent_is_file(const struct dirent *de) _pure_; bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) _pure_; + int dirent_ensure_type(int dir_fd, struct dirent *de); +bool dirent_is_journal_subdir(const struct dirent *de); + @@ -86,24 +86,23 @@ index c7956e7..f72a731 100644 struct dirent *readdir_no_dot(DIR *dirp); diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 6807c46..0abda23 100644 +index 9e6bf6e..561a705 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c -@@ -33,6 +33,7 @@ - #include "string-util.h" - #include "strv.h" +@@ -38,6 +38,7 @@ + #include "sync-util.h" + #include "user-util.h" #include "xattr-util.h" +#include "dirent-util.h" #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem)) #define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem)) -@@ -3781,9 +3782,37 @@ int journal_file_rotate( - return r; +@@ -4069,8 +4070,35 @@ int journal_file_archive(JournalFile *f, char **ret_previous_path) { + return 0; } +static void delete_dumped_journal_files(const char *path) { + _cleanup_closedir_ DIR *d = NULL; -+ struct dirent *de; + + d = opendir(path); + if (!d) @@ -130,12 +129,11 @@ index 6807c46..0abda23 100644 + int journal_file_dispose(int dir_fd, const char *fname) { _cleanup_free_ char *p = NULL; - _cleanup_close_ int fd = -1; + dual_timestamp boot_timestamp; assert(fname); -@@ -3804,6 +3833,12 @@ int journal_file_dispose(int dir_fd, const char *fname) { +@@ -4091,6 +4119,12 @@ int journal_file_dispose(int dir_fd, const char *fname) { if (renameat(dir_fd, fname, dir_fd, p) < 0) return -errno; @@ -145,14 +143,14 @@ index 6807c46..0abda23 100644 + return 0; + } + - /* btrfs doesn't cope well with our write pattern and fragments heavily. Let's defrag all files we rotate */ - fd = openat(dir_fd, p, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); - if (fd < 0) + return 0; + } + diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 1a76bb6..56e1398 100644 +index f6090dd..8b83f65 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -1523,28 +1523,6 @@ static bool dirent_is_journal_file(const struct dirent *de) { +@@ -1510,28 +1510,6 @@ static bool dirent_is_journal_file(const struct dirent *de) { endswith(de->d_name, ".journal~"); } @@ -171,7 +169,7 @@ index 1a76bb6..56e1398 100644 - if (!e) - return id128_is_valid(de->d_name); /* No namespace */ - -- n = strndupa(de->d_name, e - de->d_name); +- n = strndupa_safe(de->d_name, e - de->d_name); - if (!id128_is_valid(n)) - return false; - @@ -182,5 +180,5 @@ index 1a76bb6..56e1398 100644 DIR *d; -- -2.23.0 +2.33.0 diff --git a/disable-initialize_clock.patch b/disable-initialize_clock.patch index 508c052eee5d67e5f6e0ac557d29861c7df4e371..6b1afcecf74fec5fe5debe2edc2ae1d594eb6260 100644 --- a/disable-initialize_clock.patch +++ b/disable-initialize_clock.patch @@ -14,49 +14,52 @@ or even 1930s. we think it is ok when current system time is before build time. And, don't restore time when systemd-timesyncd started. --- - src/core/main.c | 5 ----- - src/timesync/timesyncd.c | 12 ------------ - 2 files changed, 17 deletions(-) + src/core/main.c | 12 ------------ + src/timesync/timesyncd.c | 8 -------- + 2 files changed, 20 deletions(-) diff --git a/src/core/main.c b/src/core/main.c -index a114257..bac746f 100644 +index 4051a91..c6d16b2 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -1473,11 +1473,6 @@ static void initialize_clock(void) { +@@ -1627,18 +1627,6 @@ static void initialize_clock(void) { */ (void) clock_reset_timewarp(); -- r = clock_apply_epoch(); -- if (r < 0) -- log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); -- else if (r > 0) +- ClockChangeDirection change_dir; +- r = clock_apply_epoch(&change_dir); +- if (r > 0 && change_dir == CLOCK_CHANGE_FORWARD) - log_info("System time before build time, advancing clock."); +- else if (r > 0 && change_dir == CLOCK_CHANGE_BACKWARD) +- log_info("System time is further ahead than %s after build time, resetting clock to build time.", +- FORMAT_TIMESPAN(CLOCK_VALID_RANGE_USEC_MAX, USEC_PER_DAY)); +- else if (r < 0 && change_dir == CLOCK_CHANGE_FORWARD) +- log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); +- else if (r < 0 && change_dir == CLOCK_CHANGE_BACKWARD) +- log_error_errno(r, "Current system time is further ahead %s after build time, but cannot correct: %m", +- FORMAT_TIMESPAN(CLOCK_VALID_RANGE_USEC_MAX, USEC_PER_DAY)); } static void apply_clock_update(void) { diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c -index e56e09c..028e5d6 100644 +index e60742c..efe56fd 100644 --- a/src/timesync/timesyncd.c +++ b/src/timesync/timesyncd.c -@@ -73,18 +73,6 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { - } +@@ -121,14 +121,6 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { + if (ct > min) + return 0; - settime: -- ct = now(CLOCK_REALTIME); -- if (ct < min) { -- struct timespec ts; -- char date[FORMAT_TIMESTAMP_MAX]; -- -- log_info("System clock time unset or jumped backwards, restoring from recorded timestamp: %s", -- format_timestamp(date, sizeof(date), min)); -- -- if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, min)) < 0) -- log_error_errno(errno, "Failed to restore system clock, ignoring: %m"); +- /* Not that it matters much, but we actually restore the clock to n+1 here rather than n, simply +- * because we read n as time previously already and we want to progress here, i.e. not report the +- * same time again. */ +- if (clock_settime(CLOCK_REALTIME, TIMESPEC_STORE(min+1)) < 0) { +- log_warning_errno(errno, "Failed to restore system clock, ignoring: %m"); +- return 0; - } - - return 0; - } - + log_struct(LOG_INFO, + "MESSAGE_ID=" SD_MESSAGE_TIME_BUMP_STR, + "REALTIME_USEC=" USEC_FMT, min+1, -- -2.23.0 +2.33.0 diff --git a/disable-systemd-timesyncd-networkd-resolved-homed-us.patch b/disable-systemd-timesyncd-networkd-resolved-homed-us.patch deleted file mode 100644 index 8c0381e56a7e2b747867832312f910f9c9c76fe1..0000000000000000000000000000000000000000 --- a/disable-systemd-timesyncd-networkd-resolved-homed-us.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 72e9c079d0fd769d1bdb7d7db9c49454ce4bd255 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Wed, 1 Dec 2021 17:27:07 +0800 -Subject: [PATCH] disable systemd-{timesyncd, networkd, resolved, homed, - userdbd, pstore} by default - ---- - presets/90-systemd.preset | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset -index d260874..2a7396c 100644 ---- a/presets/90-systemd.preset -+++ b/presets/90-systemd.preset -@@ -16,12 +16,6 @@ enable remote-cryptsetup.target - enable machines.target - - enable getty@.service --enable systemd-timesyncd.service --enable systemd-networkd.service --enable systemd-resolved.service --enable systemd-homed.service --enable systemd-userdbd.socket --enable systemd-pstore.service - - disable console-getty.service - disable debug-shell.service -@@ -44,3 +38,9 @@ disable syslog.socket - disable systemd-journal-gatewayd.* - disable systemd-journal-remote.* - disable systemd-journal-upload.* -+disable systemd-timesyncd.service -+disable systemd-networkd.service -+disable systemd-resolved.service -+disable systemd-homed.service -+disable systemd-userdbd.socket -+disable systemd-pstore.service --- -2.23.0 - diff --git a/fix-mount-failed-while-daemon-reexec.patch b/fix-mount-failed-while-daemon-reexec.patch deleted file mode 100644 index ea7e69b3adb2a4e2494afc9396a4ce9c7b977591..0000000000000000000000000000000000000000 --- a/fix-mount-failed-while-daemon-reexec.patch +++ /dev/null @@ -1,62 +0,0 @@ -From e485f8a182f8a141676f7ffe0311a1a4724c3c1a Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Tue, 28 Jun 2022 21:56:26 +0800 -Subject: [PATCH] fix mount failed while daemon-reexec - ---- - src/core/manager.c | 1 + - src/core/manager.h | 1 + - src/core/mount.c | 5 ++++- - 3 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 55adcd1..74f8304 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1808,6 +1808,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - } - - manager_ready(m); -+ m->mountinfo_uptodate = false; - - manager_set_switching_root(m, false); - -diff --git a/src/core/manager.h b/src/core/manager.h -index 31b4670..df74200 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -259,6 +259,7 @@ struct Manager { - /* Data specific to the mount subsystem */ - struct libmnt_monitor *mount_monitor; - sd_event_source *mount_event_source; -+ bool mountinfo_uptodate; - - /* Data specific to the swap filesystem */ - FILE *proc_swaps; -diff --git a/src/core/mount.c b/src/core/mount.c -index 8fed04c..00482e9 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1785,6 +1785,7 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { - (void) mount_setup_unit(m, device, path, options, fstype, set_flags); - } - -+ m->mountinfo_uptodate = true; - return 0; - } - -@@ -1948,8 +1949,10 @@ static int mount_process_proc_self_mountinfo(Manager *m) { - assert(m); - - r = drain_libmount(m); -- if (r <= 0) -+ if (r < 0) - return r; -+ if (r == 0 && m->mountinfo_uptodate) -+ return 0; - - r = mount_load_proc_self_mountinfo(m, true); - if (r < 0) { --- -2.33.0 - diff --git a/fuser-print-umount-message-to-reboot-umount-msg.patch b/fuser-print-umount-message-to-reboot-umount-msg.patch index 734396c54aced9b7c424e60aceae14ac11a54ae2..362f4b681b6ceac919db8148b82cc5428f8ddf7e 100644 --- a/fuser-print-umount-message-to-reboot-umount-msg.patch +++ b/fuser-print-umount-message-to-reboot-umount-msg.patch @@ -22,7 +22,7 @@ Signed-off-by: lixiaokeng 4 files changed, 94 insertions(+), 6 deletions(-) diff --git a/src/core/fuser.c b/src/core/fuser.c -index 0a0c791..dd2ca60 100644 +index e943469..94a0812 100644 --- a/src/core/fuser.c +++ b/src/core/fuser.c @@ -383,6 +383,8 @@ static void print_matches(const struct name *name) { @@ -105,16 +105,16 @@ index 0a0c791..dd2ca60 100644 - if (pptr->pid != 0) + if (pptr->pid != 0) { manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\t%-d\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); + "\t\t%-u\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); - else + if (fp != NULL) { -+ fprintf(fp, "%-d\t\t%-d\t%-s\n", pptr->uid, pptr->pid, pptr->command); ++ fprintf(fp, "%-u\t\t%-d\t%-s\n", pptr->uid, pptr->pid, pptr->command); + } + } else { manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\t%-d\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); + "\t\t%-u\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); + if (fp != NULL) { -+ fprintf(fp, "%-d\t\t%-s\t%-s\n", pptr->uid, "kernel", pptr->command); ++ fprintf(fp, "%-u\t\t%-s\t%-s\n", pptr->uid, "kernel", pptr->command); + } + } } @@ -148,7 +148,7 @@ index b74b879..2729c9b 100644 int fuser(const char *dir); diff --git a/src/core/job.c b/src/core/job.c -index 3645c11..7a0ed48 100644 +index d7ad85a..ee48860 100644 --- a/src/core/job.c +++ b/src/core/job.c @@ -31,6 +31,8 @@ @@ -160,7 +160,7 @@ index 3645c11..7a0ed48 100644 Job* job_new_raw(Unit *unit) { Job *j; -@@ -682,6 +684,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult +@@ -706,6 +708,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult const char *ident, *format; int r = 0; pid_t pid; @@ -170,7 +170,7 @@ index 3645c11..7a0ed48 100644 assert(u); assert(t >= 0); -@@ -751,6 +756,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult +@@ -807,6 +812,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { Mount *m = MOUNT(u); @@ -211,15 +211,18 @@ index 3645c11..7a0ed48 100644 r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); if (r < 0) { diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index cf34a12..d6cc751 100644 +index e9a5420..066a9a7 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -74,4 +74,4 @@ DefaultLimitMEMLOCK=64M +@@ -76,7 +76,7 @@ DefaultLimitMEMLOCK=64M #DefaultLimitRTPRIO= #DefaultLimitRTTIME= #DefaultOOMPolicy=stop -#DefaultDFXReboot=no +DefaultDFXReboot=yes + #DefaultSmackProcessLabel= + #ReloadLimitIntervalSec= + #ReloadLimitBurst= -- -2.27.0 +2.33.0 diff --git a/journal-don-t-enable-systemd-journald-audit.socket-b.patch b/journal-don-t-enable-systemd-journald-audit.socket-b.patch deleted file mode 100644 index ca97a3ef021f120f6a4bbc920af5b75cca02137e..0000000000000000000000000000000000000000 --- a/journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7a650ee8d3faf79fd5ef866b69741880a3a42b8d Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Thu, 2 May 2019 14:11:54 +0200 -Subject: [PATCH] journal: don't enable systemd-journald-audit.socket - by default - -Resolves: #1699287 - ---- - units/meson.build | 3 +-- - units/systemd-journald.service.in | 2 +- - 2 files changed, 2 insertions(+), 3 deletions(-) - -diff --git a/units/meson.build b/units/meson.build -index 4eb09a3..ccea8a6 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -110,8 +110,7 @@ units = [ - 'sysinit.target.wants/'], - ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], - ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], -- ['systemd-journald-audit.socket', '', -- 'sockets.target.wants/'], -+ ['systemd-journald-audit.socket', ''], - ['systemd-journald-dev-log.socket', '', - 'sockets.target.wants/'], - ['systemd-journald.socket', '', -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 0cb1bfa..fa7348a 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -34,7 +34,7 @@ RestrictRealtime=yes - RestrictSUIDSGID=yes - RuntimeDirectory=systemd/journal - RuntimeDirectoryPreserve=yes --Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket -+Sockets=systemd-journald.socket systemd-journald-dev-log.socket - StandardOutput=null - SystemCallArchitectures=native - SystemCallErrorNumber=EPERM --- -2.23.0 - diff --git a/keep-weight-consistent-with-the-set-value.patch b/keep-weight-consistent-with-the-set-value.patch index 5f6385b8b72827029398dcfa55c3a0e0b6bf5433..24c3e99512a7957362e6f995cb627f20b003bb65 100644 --- a/keep-weight-consistent-with-the-set-value.patch +++ b/keep-weight-consistent-with-the-set-value.patch @@ -4,31 +4,33 @@ Date: Thu, 9 Jun 2022 20:10:50 +0800 Subject: [PATCH] keep weight consistent with the set value --- - src/core/cgroup.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + src/core/cgroup.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index ee15d50..4c5feef 100644 +index 4cac3f6..f6ae2ab 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -1249,7 +1249,7 @@ static void set_io_weight(Unit *u, uint64_t weight) { - * See also: https://github.com/systemd/systemd/pull/13335 and - * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. - * The range is 1..1000 apparently, and the default is 100. */ -- xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); +@@ -1392,7 +1392,8 @@ static void set_io_weight(Unit *u, uint64_t weight) { + + assert(u); + +- (void) set_bfq_weight(u, "io", makedev(0, 0), weight); + xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); ++ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); xsprintf(buf, "default %" PRIu64 "\n", weight); -@@ -1262,7 +1262,7 @@ static void set_blkio_weight(Unit *u, uint64_t weight) { + (void) set_attribute_and_warn(u, "io", "io.weight", buf); +@@ -1403,7 +1404,8 @@ static void set_blkio_weight(Unit *u, uint64_t weight) { + assert(u); - /* FIXME: see comment in set_io_weight(). */ -- xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); +- (void) set_bfq_weight(u, "blkio", makedev(0, 0), weight); + xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); ++ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); xsprintf(buf, "%" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); -- 2.33.0 diff --git a/let-the-child-of-one-unit-don-t-affect-each-other.patch b/let-the-child-of-one-unit-don-t-affect-each-other.patch index f60169f8c92229a086db208deaf3130eef99eb7f..5c8c4ea540added04d80ecaf98c8e4b7bd711fcc 100644 --- a/let-the-child-of-one-unit-don-t-affect-each-other.patch +++ b/let-the-child-of-one-unit-don-t-affect-each-other.patch @@ -17,8 +17,7 @@ if will be restored to the default value of systemd. Defaults to "no". src/core/load-fragment-gperf.gperf.in | 1 + src/core/unit-serialize.c | 2 ++ src/core/unit.h | 2 ++ - test/fuzz/fuzz-unit-file/directives.service | 1 + - 5 files changed, 9 insertions(+) + 4 files changed, 8 insertions(+) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 4eedaf7..ab6d602 100644 @@ -79,18 +78,6 @@ index cb85dfc..439714a 100644 /* Garbage collect us we nobody wants or requires us anymore */ bool stop_when_unneeded; -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index 8044977..03eab60 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -98,6 +98,7 @@ RefuseManualStop= - ReloadPropagatedFrom= - Requires= - RequiresMountsFor= -+IndependentChild= - RequiresOverridable= - Requisite= - RequisiteOverridable= -- 2.27.0 diff --git a/logind-set-RemoveIPC-to-false-by-default.patch b/logind-set-RemoveIPC-to-false-by-default.patch index 657b28aa3e09af2d15fe7e3bfeac2da19a6a4f6e..6b99a61e98922d725350e0328a618e3fb33cbf3b 100644 --- a/logind-set-RemoveIPC-to-false-by-default.patch +++ b/logind-set-RemoveIPC-to-false-by-default.patch @@ -22,7 +22,7 @@ index b00daf366d..a9fed78aa6 100644 + are excluded from the effect of this setting. Defaults to no. - + diff --git a/src/login/logind-core.c b/src/login/logind-core.c index 4289461df6..556945be20 100644 --- a/src/login/logind-core.c diff --git a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch index 8db3b77af466d0445ddff17c68161d407e894bd9..c0235719b14272299da077f46ed6f8e7347feab0 100644 --- a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch @@ -22,7 +22,7 @@ index c11dd46..b259631 100644 + of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= and root cgroup pids.max. Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. - For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, + For example, with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, diff --git a/src/core/main.c b/src/core/main.c index da6c50a..f4fe751 100644 --- a/src/core/main.c @@ -41,7 +41,7 @@ index e88280b..f2c75fc 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in @@ -54,7 +54,7 @@ - #DefaultBlockIOAccounting=no + #DefaultIPAccounting=no #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} #DefaultTasksAccounting=yes -#DefaultTasksMax=15% diff --git a/print-the-process-status-to-console-when-shutdown.patch b/print-the-process-status-to-console-when-shutdown.patch index 51b9839b65af6b1ea20b3f7b513082a2cb0a7278..cb59646f869ffa339942b95ba3fe51cb3bffb397 100644 --- a/print-the-process-status-to-console-when-shutdown.patch +++ b/print-the-process-status-to-console-when-shutdown.patch @@ -13,17 +13,17 @@ Subject: [PATCH] print process status to console when shutdown src/core/main.c | 13 +- src/core/manager.c | 1 + src/core/manager.h | 2 + - src/core/meson.build | 2 + + src/core/meson.build | 1 + src/core/system.conf.in | 1 + - src/shutdown/meson.build | 10 +- + src/shutdown/meson.build | 9 +- src/shutdown/process-status.c | 143 ++++++++++ src/shutdown/process-status.h | 24 ++ src/shutdown/shutdown.c | 45 +++ - src/shutdown/umount.c | 8 +- - src/test/meson.build | 17 ++ + src/shutdown/umount.c | 5 + + src/test/meson.build | 15 + src/test/test-fuser.c | 14 + src/test/test-process-status.c | 10 + - 19 files changed, 945 insertions(+), 8 deletions(-) + 19 files changed, 939 insertions(+), 7 deletions(-) create mode 100644 src/core/fuser.c create mode 100644 src/core/fuser.h create mode 100644 src/shutdown/process-status.c @@ -32,10 +32,10 @@ Subject: [PATCH] print process status to console when shutdown create mode 100644 src/test/test-process-status.c diff --git a/meson.build b/meson.build -index 1c088ba..278e264 100644 +index bfc8685..0372b17 100644 --- a/meson.build +++ b/meson.build -@@ -3211,8 +3211,10 @@ public_programs += executable( +@@ -3882,8 +3882,10 @@ endif executable( 'systemd-shutdown', systemd_shutdown_sources, @@ -45,14 +45,14 @@ index 1c088ba..278e264 100644 + core_includes], + link_with : [libcore, + libshared], - dependencies : [libmount], - install_rpath : rootlibexecdir, - install : true, + dependencies : [libmount, + versiondep], + install_rpath : rootpkglibdir, diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 14259ea..e28412a 100644 +index b6bf83c..eb48f4d 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c -@@ -1729,3 +1729,61 @@ static const char* const sched_policy_table[] = { +@@ -1569,3 +1569,61 @@ static const char* const sched_policy_table[] = { }; DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX); @@ -115,18 +115,18 @@ index 14259ea..e28412a 100644 + return n; +} diff --git a/src/basic/process-util.h b/src/basic/process-util.h -index 0e064de..6f9b577 100644 +index 96da0bb..55cb72b 100644 --- a/src/basic/process-util.h +++ b/src/basic/process-util.h -@@ -205,3 +205,5 @@ int pidfd_get_pid(int fd, pid_t *ret); +@@ -189,3 +189,5 @@ int pidfd_verify_pid(int pidfd, pid_t pid); int setpriority_closest(int priority); - bool invoked_as(char *argv[], const char *token); + _noreturn_ void freeze(void); + +unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep); diff --git a/src/core/fuser.c b/src/core/fuser.c new file mode 100644 -index 0000000..0a0c791 +index 0000000..e943469 --- /dev/null +++ b/src/core/fuser.c @@ -0,0 +1,506 @@ @@ -262,7 +262,7 @@ index 0000000..0a0c791 + if (isprint(*cptr)) { + pptr->command[cmdlen++] = *cptr; + } else if (cmdlen < (COMM_LEN - 4)) { -+ cmdlen += sprintf(&(pptr->command[cmdlen]), "\\%03o", *cptr); ++ cmdlen += sprintf(&(pptr->command[cmdlen]), "\\%03o", (unsigned int)*cptr); + } + } + @@ -557,10 +557,10 @@ index 0000000..0a0c791 + } else { + if (pptr->pid != 0) + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\t%-d\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); ++ "\t\t%-u\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); + else + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\t%-d\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); ++ "\t\t%-u\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); + } + } +} @@ -698,7 +698,7 @@ index 0000000..b74b879 + +int fuser(const char *dir); diff --git a/src/core/job.c b/src/core/job.c -index eb6728a..3645c11 100644 +index 032554a..d7ad85a 100644 --- a/src/core/job.c +++ b/src/core/job.c @@ -27,6 +27,9 @@ @@ -711,7 +711,7 @@ index eb6728a..3645c11 100644 Job* job_new_raw(Unit *unit) { Job *j; -@@ -677,6 +680,8 @@ static const char* job_done_mid(JobType type, JobResult result) { +@@ -701,6 +704,8 @@ static const char* job_done_mid(JobType type, JobResult result) { static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult result) { _cleanup_free_ char *free_ident = NULL; const char *ident, *format; @@ -720,12 +720,12 @@ index eb6728a..3645c11 100644 assert(u); assert(t >= 0); -@@ -741,6 +746,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult +@@ -797,6 +802,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult "See 'systemctl status %s' for details.", quoted); } } + -+ if (IN_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->default_dfx_reboot && ++ if (FLAGS_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->default_dfx_reboot && + ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { + + Mount *m = MOUNT(u); @@ -759,26 +759,26 @@ index eb6728a..3645c11 100644 static int job_perform_on_unit(Job **j) { diff --git a/src/core/main.c b/src/core/main.c -index 8de32a7..2a6b9b8 100644 +index 9f62b9d..eaae658 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -114,6 +114,7 @@ static bool arg_dump_core; - static int arg_crash_chvt; - static bool arg_crash_shell; - static bool arg_crash_reboot; +@@ -123,6 +123,7 @@ bool arg_dump_core; + int arg_crash_chvt; + bool arg_crash_shell; + bool arg_crash_reboot; +static bool arg_default_dfx_reboot; static char *arg_confirm_spawn; static ShowStatus arg_show_status; static StatusUnitFormat arg_status_unit_format; -@@ -645,6 +646,7 @@ static int parse_config_file(void) { - { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, - { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell }, - { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, -+ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_default_dfx_reboot }, - { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, - { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format }, - { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity }, -@@ -756,6 +758,7 @@ static void set_manager_defaults(Manager *m) { +@@ -630,6 +631,7 @@ static int parse_config_file(void) { + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell }, + { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, ++ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_default_dfx_reboot }, + { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, + { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format }, + { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity }, +@@ -754,6 +756,7 @@ static void set_manager_defaults(Manager *m) { m->default_restart_usec = arg_default_restart_usec; m->default_start_limit_interval = arg_default_start_limit_interval; m->default_start_limit_burst = arg_default_start_limit_burst; @@ -786,7 +786,7 @@ index 8de32a7..2a6b9b8 100644 /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU * controller to be enabled, so the default is to enable it unless we got told otherwise. */ -@@ -1473,18 +1476,20 @@ static int become_shutdown( +@@ -1512,19 +1515,21 @@ static int become_shutdown(int objective, int retval) { char log_level[DECIMAL_STR_MAX(int) + 1], exit_code[DECIMAL_STR_MAX(uint8_t) + 1], @@ -797,7 +797,7 @@ index 8de32a7..2a6b9b8 100644 - const char* command_line[13] = { + const char* command_line[15] = { SYSTEMD_SHUTDOWN_BINARY_PATH, - shutdown_verb, + table[objective], "--timeout", timeout, "--log-level", log_level, + "--dfx-reboot", dfx_reboot, @@ -805,12 +805,13 @@ index 8de32a7..2a6b9b8 100644 }; _cleanup_strv_free_ char **env_block = NULL; + usec_t watchdog_timer = 0; - size_t pos = 7; + size_t pos = 9; int r; - usec_t watchdog_timer = 0; -@@ -1494,6 +1499,7 @@ static int become_shutdown( + assert(objective >= 0 && objective < _MANAGER_OBJECTIVE_MAX); +@@ -1534,6 +1539,7 @@ static int become_shutdown(int objective, int retval) { xsprintf(log_level, "%d", log_get_max_level()); xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec); @@ -818,7 +819,7 @@ index 8de32a7..2a6b9b8 100644 switch (log_get_target()) { -@@ -2325,6 +2331,7 @@ static void reset_arguments(void) { +@@ -2421,6 +2427,7 @@ static void reset_arguments(void) { arg_crash_chvt = -1; arg_crash_shell = false; arg_crash_reboot = false; @@ -827,10 +828,10 @@ index 8de32a7..2a6b9b8 100644 arg_show_status = _SHOW_STATUS_INVALID; arg_status_unit_format = STATUS_UNIT_FORMAT_DEFAULT; diff --git a/src/core/manager.c b/src/core/manager.c -index 3a12d6d..29ef96b 100644 +index 011de6b..4fa20f8 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -771,6 +771,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager +@@ -828,6 +828,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager * *m = (Manager) { .unit_file_scope = scope, .objective = _MANAGER_OBJECTIVE_INVALID, @@ -839,10 +840,10 @@ index 3a12d6d..29ef96b 100644 .status_unit_format = STATUS_UNIT_FORMAT_DEFAULT, diff --git a/src/core/manager.h b/src/core/manager.h -index dada79c..c20abd5 100644 +index 0196c52..d3f6aa2 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -335,6 +335,8 @@ struct Manager { +@@ -339,6 +339,8 @@ struct Manager { /* Have we ever changed the "kernel.pid_max" sysctl? */ bool sysctl_pid_max_changed; @@ -852,48 +853,47 @@ index dada79c..c20abd5 100644 /* If non-zero, exit with the following value when the systemd diff --git a/src/core/meson.build b/src/core/meson.build -index f0d2c6f..825eede 100644 +index 981b46f..b03fcdd 100644 --- a/src/core/meson.build +++ b/src/core/meson.build -@@ -127,6 +127,8 @@ libcore_sources = ''' - unit-serialize.h - unit.c - unit.h -+ fuser.c -+ fuser.h - '''.split() +@@ -66,6 +66,7 @@ libcore_sources = files( + 'unit-printf.c', + 'unit-serialize.c', + 'unit.c', ++ 'fuser.c', + ) - subdir('bpf/socket_bind') + if conf.get('BPF_FRAMEWORK') == 1 diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index dfc2477..cf34a12 100644 +index a44511b..e9a5420 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -74,3 +74,4 @@ DefaultLimitMEMLOCK=64M +@@ -76,6 +76,7 @@ DefaultLimitMEMLOCK=64M #DefaultLimitRTPRIO= #DefaultLimitRTTIME= #DefaultOOMPolicy=stop +#DefaultDFXReboot=no + #DefaultSmackProcessLabel= + #ReloadLimitIntervalSec= + #ReloadLimitBurst= diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build -index e1348d9..12fbef3 100644 +index d62032a..0ec8e76 100644 --- a/src/shutdown/meson.build +++ b/src/shutdown/meson.build -@@ -1,15 +1,21 @@ +@@ -1,13 +1,18 @@ # SPDX-License-Identifier: LGPL-2.1-or-later +shutdown_includes = [includes, include_directories('.')] + - systemd_shutdown_sources = files(''' - shutdown.c - umount.c - umount.h -+ process-status.c -+ process-status.h - '''.split()) + systemd_shutdown_sources = files( + 'shutdown.c', + 'umount.c', ++ 'process-status.c', + ) tests += [ - [['src/shutdown/test-umount.c', - 'src/shutdown/umount.c', - 'src/shutdown/umount.h'], + [files('test-umount.c', + 'umount.c'), - [], - [libmount]], + [libshared, @@ -1081,11 +1081,11 @@ index 0000000..2f4333d + +int process_status(void); diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index a98cfc4..1ad6fa0 100644 +index 42111d2..1bbabfb 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c -@@ -38,13 +38,17 @@ - #include "util.h" +@@ -40,13 +40,17 @@ + #include "umount.h" #include "virt.h" #include "watchdog.h" +#include "process-status.h" @@ -1102,7 +1102,7 @@ index a98cfc4..1ad6fa0 100644 static int parse_argv(int argc, char *argv[]) { enum { -@@ -55,6 +59,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -57,6 +61,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_LOG_TIME, ARG_EXIT_CODE, ARG_TIMEOUT, @@ -1110,7 +1110,7 @@ index a98cfc4..1ad6fa0 100644 }; static const struct option options[] = { -@@ -65,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) { +@@ -67,6 +72,7 @@ static int parse_argv(int argc, char *argv[]) { { "log-time", optional_argument, NULL, ARG_LOG_TIME }, { "exit-code", required_argument, NULL, ARG_EXIT_CODE }, { "timeout", required_argument, NULL, ARG_TIMEOUT }, @@ -1118,7 +1118,7 @@ index a98cfc4..1ad6fa0 100644 {} }; -@@ -78,6 +84,13 @@ static int parse_argv(int argc, char *argv[]) { +@@ -80,6 +86,13 @@ static int parse_argv(int argc, char *argv[]) { while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) switch (c) { @@ -1132,18 +1132,18 @@ index a98cfc4..1ad6fa0 100644 case ARG_LOG_LEVEL: r = log_set_max_level_from_string(optarg); if (r < 0) -@@ -313,6 +326,9 @@ int main(int argc, char *argv[]) { - char *arguments[3], *watchdog_device; - int cmd, r, umount_log_level = LOG_INFO; - static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; +@@ -340,6 +353,9 @@ int main(int argc, char *argv[]) { + _cleanup_free_ char *cgroup = NULL; + char *arguments[3]; + int cmd, r; + usec_t now_time, time_interval; + pid_t pid; + bool fork_failed = false; /* The log target defaults to console, but the original systemd process will pass its log target in through a * command line argument, which will override this default. Also, ensure we'll never log to the journal or -@@ -405,8 +421,37 @@ int main(int argc, char *argv[]) { - need_md_detach = !in_container; +@@ -425,8 +441,37 @@ int main(int argc, char *argv[]) { + need_dm_detach = !in_container, need_md_detach = !in_container, can_initrd, last_try = false; can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0; + now_time = now(CLOCK_MONOTONIC); @@ -1179,66 +1179,63 @@ index a98cfc4..1ad6fa0 100644 + bool changed = false; - if (use_watchdog) + (void) watchdog_ping(); diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index c2a2624..1541bcc 100644 +index 61bd9d2..ecba3d4 100644 --- a/src/shutdown/umount.c +++ b/src/shutdown/umount.c -@@ -37,6 +37,7 @@ +@@ -48,6 +48,7 @@ + #include "sync-util.h" #include "umount.h" - #include "util.h" #include "virt.h" +#include "manager.h" static void mount_point_free(MountPoint **head, MountPoint *m) { assert(head); -@@ -553,6 +554,7 @@ static int umount_with_timeout(MountPoint *m, int umount_log_level) { - return r; - if (r == 0) { +@@ -678,6 +679,7 @@ static int umount_with_timeout(MountPoint *m, bool last_try) { + pfd[0] = safe_close(pfd[0]); + log_info("Unmounting '%s'.", m->path); + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounting '%s'.", m->path); - /* Start the mount operation here in the child Using MNT_FORCE - * causes some filesystems (e.g. FUSE and NFS and other network -@@ -562,8 +564,12 @@ static int umount_with_timeout(MountPoint *m, int umount_log_level) { - * filesystem less busy so the unmount might succeed (rather - * than return EBUSY). */ - r = umount2(m->path, MNT_FORCE); -- if (r < 0) -+ if (r < 0) { - log_full_errno(umount_log_level, errno, "Failed to unmount %s: %m", m->path); + /* Start the mount operation here in the child Using MNT_FORCE causes some filesystems + * (e.g. FUSE and NFS and other network filesystems) to abort any pending requests and return +@@ -689,9 +691,12 @@ static int umount_with_timeout(MountPoint *m, bool last_try) { + (m->umount_lazily ? MNT_DETACH : MNT_FORCE))); + if (r < 0) { + log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Failed to unmount %s: %m", m->path); + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Failed to unmount '%s'.", m->path); + + if (r == -EBUSY && last_try) + log_umount_blockers(m->path); + } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounted '%s'.", m->path); -+ } + } - _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); - } + (void) write(pfd[1], &r, sizeof(r)); /* try to send errno up */ diff --git a/src/test/meson.build b/src/test/meson.build -index 561386d..09c5298 100644 +index be99212..e0a40b8 100644 --- a/src/test/meson.build +++ b/src/test/meson.build -@@ -616,6 +616,23 @@ tests += [ - libshared], - [], - core_includes], -+ -+ [['src/test/test-process-status.c', -+ 'src/shutdown/process-status.c', -+ 'src/shutdown/process-status.h'], +@@ -700,6 +700,21 @@ tests += [ + [files('test-sha256.c')], + + [files('test-open-file.c')], ++ ++ [files('test-process-status.c', ++ '../shutdown/process-status.c'), + [libcore, + libshared], + [], + [shutdown_includes, + core_includes]], + -+ [['src/test/test-fuser.c', -+ 'src/core/fuser.c', -+ 'src/core/fuser.h'], ++ [files('test-fuser.c', ++ '../core/fuser.c'), + [libcore, + libshared], + [], -+ core_includes], ++ core_includes], ] ############################################################ @@ -1279,5 +1276,5 @@ index 0000000..4a4c3da + +} -- -2.23.0 +2.33.0 diff --git a/process-util-log-more-information-when-runnin.patch b/process-util-log-more-information-when-runnin.patch index 059ef8d7dbe5dbe05c16f4ae8f9a6f24601b037c..c4b1c3abae990e3b250574fdec7c2d95a8433278 100644 --- a/process-util-log-more-information-when-runnin.patch +++ b/process-util-log-more-information-when-runnin.patch @@ -14,10 +14,10 @@ Subject: [PATCH] process-util: log more information when running 4 files changed, 66 insertions(+) diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 5452edd..f137ba0 100644 +index b6bf83c..aaf5e87 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c -@@ -42,6 +42,7 @@ +@@ -49,6 +49,7 @@ #include "stdio-util.h" #include "string-table.h" #include "string-util.h" @@ -25,7 +25,7 @@ index 5452edd..f137ba0 100644 #include "terminal-util.h" #include "user-util.h" #include "utf8.h" -@@ -189,6 +190,36 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags +@@ -258,6 +259,36 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags return 0; } @@ -59,26 +59,26 @@ index 5452edd..f137ba0 100644 + +} + - static int update_argv(const char name[], size_t l) { - static int can_do = -1; - + int container_get_leader(const char *machine, pid_t *pid) { + _cleanup_free_ char *s = NULL, *class = NULL; + const char *p; diff --git a/src/basic/process-util.h b/src/basic/process-util.h -index 41d4759..4d8147e 100644 +index 96da0bb..135386c 100644 --- a/src/basic/process-util.h +++ b/src/basic/process-util.h -@@ -38,6 +38,7 @@ typedef enum ProcessCmdlineFlags { +@@ -40,6 +40,7 @@ typedef enum ProcessCmdlineFlags { - int get_process_comm(pid_t pid, char **name); - int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **line); + int get_process_comm(pid_t pid, char **ret); + int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret); +int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], char *filter[]); - int get_process_exe(pid_t pid, char **name); - int get_process_uid(pid_t pid, uid_t *uid); - int get_process_gid(pid_t pid, gid_t *gid); + int get_process_exe(pid_t pid, char **ret); + int get_process_uid(pid_t pid, uid_t *ret); + int get_process_gid(pid_t pid, gid_t *ret); diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 1c01914..dd5bee9 100644 +index 4e7fd04..6143505 100644 --- a/src/systemctl/systemctl.c +++ b/src/systemctl/systemctl.c -@@ -12,6 +12,7 @@ +@@ -2,6 +2,7 @@ #include #include @@ -86,9 +86,9 @@ index 1c01914..dd5bee9 100644 #include #include "sd-daemon.h" -@@ -9272,6 +9273,14 @@ static int logind_cancel_shutdown(void) { - - static int run(int argc, char *argv[]) { +@@ -1153,6 +1154,14 @@ static int run(int argc, char *argv[]) { + _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL; + _cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL; int r; + pid_t ppid; + char *filter[] = { @@ -100,26 +100,27 @@ index 1c01914..dd5bee9 100644 + }; setlocale(LC_ALL, ""); - log_parse_environment(); -@@ -9291,6 +9300,9 @@ static int run(int argc, char *argv[]) { + log_setup(); +@@ -1166,6 +1175,9 @@ static int run(int argc, char *argv[]) { if (r <= 0) goto finish; + ppid = getppid(); + (void) print_process_cmdline_with_arg(ppid, argc, argv, filter); + - if (arg_action != ACTION_SYSTEMCTL && running_in_chroot() > 0) { - if (!arg_quiet) - log_info("Running in chroot, ignoring request."); + if (proc_mounted() == 0) + log_full(arg_no_warn ? LOG_DEBUG : LOG_WARNING, + "%s%s/proc/ is not mounted. This is not a supported mode of operation. Please fix\n" diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c -index 8dc9fdd..1cb4ee2 100644 +index 1864f8a..3a844cf 100644 --- a/src/test/test-process-util.c +++ b/src/test/test-process-util.c -@@ -601,6 +601,27 @@ static void test_ioprio_class_from_to_string(void) { - } +@@ -798,4 +798,26 @@ static int intro(void) { + return EXIT_SUCCESS; } -+static void test_print_process_cmdline_with_arg(pid_t pid) { ++TEST(print_process_cmdline_with_arg) { ++ pid_t pid = getpid(); + char *arg_filter_empty[] = {"", NULL}; + char *arg_filter_1_in[] = {"status", NULL}; + char *arg_filter_1_no[] = {"stop", NULL}; @@ -140,17 +141,7 @@ index 8dc9fdd..1cb4ee2 100644 + assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_2_no) >= 0); +} + - int main(int argc, char *argv[]) { - log_show_color(true); - test_setup_logging(LOG_INFO); -@@ -627,6 +648,7 @@ int main(int argc, char *argv[]) { - test_ioprio_class_from_to_string(); - test_setpriority_closest(); - test_get_process_ppid(); -+ test_print_process_cmdline_with_arg(getpid()); - - return 0; - } + DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); -- -2.23.0 +2.33.0 diff --git a/resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch index 21ba7904cc4904cd665b22a552339607e2037f5e..f28912715ae60357337b0bd77e011579fdbf48e7 100644 --- a/resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -13,12 +13,12 @@ don't touch it in that case either. https://bugzilla.redhat.com/show_bug.cgi?id=1313085 --- - src/resolve/resolved.c | 5 +++++ - tmpfiles.d/etc.conf.in | 3 --- - 2 files changed, 5 insertions(+), 3 deletions(-) + src/resolve/resolved.c | 5 +++++ + tmpfiles.d/systemd-resolve.conf | 2 -- + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index 50989a6b0a..95a51a574a 100644 +index d3bc902..a94d744 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -58,6 +58,11 @@ static int run(int argc, char *argv[]) { @@ -33,20 +33,16 @@ index 50989a6b0a..95a51a574a 100644 /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */ r = drop_privileges(uid, gid, (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ -diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in -index f82e0b82ce..66a777bdb2 100644 ---- a/tmpfiles.d/etc.conf.in -+++ b/tmpfiles.d/etc.conf.in -@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts - {% if HAVE_SMACK_RUN_LABEL %} - t /etc/mtab - - - - security.SMACK64=_ - {% endif %} --{% if ENABLE_RESOLVE %} +diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf +index cb1c56d..ce3d1a6 100644 +--- a/tmpfiles.d/systemd-resolve.conf ++++ b/tmpfiles.d/systemd-resolve.conf +@@ -6,5 +6,3 @@ + # (at your option) any later version. + + # See tmpfiles.d(5) for details +- -L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf --{% endif %} - C! /etc/nsswitch.conf - - - - - {% if HAVE_PAM %} - C! /etc/pam.d - - - - -- -2.23.0 +2.33.0 diff --git a/revert-rpm-restart-services-in-posttrans.patch b/revert-rpm-restart-services-in-posttrans.patch index b76853fe3c9fef1cca9a6dc3bd3d19286af38f90..01e6f751cbe1d2b717c739f2e5411f77b83ccedb 100644 --- a/revert-rpm-restart-services-in-posttrans.patch +++ b/revert-rpm-restart-services-in-posttrans.patch @@ -10,20 +10,18 @@ and use the version 20.03 scheme Conflict:NA Reference:https://github.com/systemd/systemd/commit/fa97d2fcf64e0558054bee673f734f523373b146 --- - src/rpm/macros.systemd.in | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) + src/rpm/macros.systemd.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3a0169a..8dae941 100644 +index 8880078..b1a297e 100644 --- a/src/rpm/macros.systemd.in +++ b/src/rpm/macros.systemd.in -@@ -86,9 +86,7 @@ fi \ +@@ -89,7 +89,7 @@ fi \ %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ - if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ + if [ $1 -ge 1 ] && [ -x "{{SYSTEMD_UPDATE_HELPER_PATH}}" ]; then \ # Package upgrade, not uninstall \ -- for unit in %{?*}; do \ -- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ -- done \ +- {{SYSTEMD_UPDATE_HELPER_PATH}} mark-restart-system-units %{?*} || : \ + %{_bindir}/systemctl try-restart %{?*} || : \ fi \ %{nil} diff --git a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch index af9c43cabaf031a9c4102bc56c44e2fef218b869..19893e37501075a92fd324d05eecd1d4e224c2cd 100644 --- a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +++ b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch @@ -13,7 +13,7 @@ Related: #1523227 diff --git a/rules.d/73-idrac.rules b/rules.d/73-idrac.rules new file mode 100644 -index 0000000000..d67fc425b1 +index 0000000..d67fc42 --- /dev/null +++ b/rules.d/73-idrac.rules @@ -0,0 +1,6 @@ @@ -24,17 +24,17 @@ index 0000000000..d67fc425b1 + +ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" diff --git a/rules.d/meson.build b/rules.d/meson.build -index 13d1d330cf..b06edf0621 100644 +index cba9dd4..39e174d 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -18,6 +18,7 @@ rules = files(''' - 70-joystick.rules - 70-mouse.rules - 70-touchpad.rules -+ 73-idrac.rules - 75-net-description.rules - 75-probe_mtd.rules - 78-sound-card.rules +@@ -24,6 +24,7 @@ rules = [ + '70-joystick.rules', + '70-mouse.rules', + '70-touchpad.rules', ++ '73-idrac.rules', + '75-net-description.rules', + '75-probe_mtd.rules', + '78-sound-card.rules', -- -2.23.0 +2.33.0 diff --git a/rules-add-the-rule-that-adds-elevator-kernel-command.patch b/rules-add-the-rule-that-adds-elevator-kernel-command.patch index 768c72b5c7f95b349659194f38f46c1f12ad2100..b3f37e399da8298eb9dd064410d26eb83f9b44f6 100644 --- a/rules-add-the-rule-that-adds-elevator-kernel-command.patch +++ b/rules-add-the-rule-that-adds-elevator-kernel-command.patch @@ -7,21 +7,23 @@ Subject: [PATCH] rules: add the rule that adds elevator= kernel Resolves: #1670126 --- - rules.d/meson.build | 1 + - 1 file changed, 1 insertion(+) + rules.d/meson.build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules.d/meson.build b/rules.d/meson.build -index 62026fd..4a3c32f 100644 +index 39e174d..e356183 100644 --- a/rules.d/meson.build +++ b/rules.d/meson.build -@@ -5,6 +5,7 @@ install_data( +@@ -5,7 +5,8 @@ install_data( install_dir : udevrulesdir) - rules = files(''' -+ 40-elevator.rules - 60-autosuspend.rules - 60-block.rules - 60-cdrom_id.rules + rules = [ +- [files('60-autosuspend.rules', ++ [files('40-elevator.rules', ++ '60-autosuspend.rules', + '60-block.rules', + '60-cdrom_id.rules', + '60-drm.rules', -- -2.23.0 +2.33.0 diff --git a/sd-bus-properly-initialize-containers.patch b/sd-bus-properly-initialize-containers.patch index a6583b82977dfeb64437b1849de90e7f0724c834..3f74b2ee38598a2aafb43cae177f0e0d26e4dee7 100644 --- a/sd-bus-properly-initialize-containers.patch +++ b/sd-bus-properly-initialize-containers.patch @@ -15,17 +15,17 @@ Related: #1635435 1 file changed, 1 insertion(+) diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c -index eb029e4..e0c8338 100644 +index 9719f97..ec6cd57 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c -@@ -2051,6 +2051,7 @@ _public_ int sd_bus_message_open_container( +@@ -1783,6 +1783,7 @@ _public_ int sd_bus_message_open_container( .enclosing = type, .signature = TAKE_PTR(signature), .array_size = array_size, -+ .peeked_signature = NULL, ++ .peeked_signature = NULL, .before = before, .begin = begin, - .need_offsets = need_offsets, + }; -- -2.19.1 +2.33.0 diff --git a/shutdown-reboot-when-recieve-crash-signal.patch b/shutdown-reboot-when-recieve-crash-signal.patch index 42130900c07cb22c3d86d40343b266766ed234eb..f5bebc7fe03bd955948e8a9bc02b07ec3253d26c 100644 --- a/shutdown-reboot-when-recieve-crash-signal.patch +++ b/shutdown-reboot-when-recieve-crash-signal.patch @@ -5,13 +5,13 @@ Subject: [PATCH] shutdown: reboot when recieve crash signal --- src/shutdown/shutdown.c | 33 +++++++++++++++++++++++++++++++++ - 1 files changed, 33 insertions(+) + 1 file changed, 33 insertions(+) diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 680de4f..066a03a 100644 +index 1bbabfb..8f68559 100644 --- a/src/shutdown/shutdown.c +++ b/src/shutdown/shutdown.c -@@ -307,6 +307,26 @@ static void bump_sysctl_printk_log_level(int min_level) { +@@ -322,6 +322,26 @@ static void bump_sysctl_printk_log_level(int min_level) { log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1); } @@ -35,10 +35,10 @@ index 680de4f..066a03a 100644 + } +} + - int main(int argc, char *argv[]) { - bool need_umount, need_swapoff, need_loop_detach, need_dm_detach, need_md_detach, in_container, use_watchdog = false, can_initrd; - _cleanup_free_ char *cgroup = NULL; -@@ -316,6 +336,19 @@ int main(int argc, char *argv[]) { + static void init_watchdog(void) { + const char *s; + int r; +@@ -356,6 +376,19 @@ int main(int argc, char *argv[]) { usec_t now_time, time_interval; pid_t pid; bool fork_failed = false; @@ -59,5 +59,5 @@ index 680de4f..066a03a 100644 /* The log target defaults to console, but the original systemd process will pass its log target in through a * command line argument, which will override this default. Also, ensure we'll never log to the journal or -- -2.23.0 +2.33.0 diff --git a/support-disable-cgroup-controllers-we-don-t-want.patch b/support-disable-cgroup-controllers-we-don-t-want.patch index 5fc541a3238ab2fe10ea2ea158acd5a6d060b1f8..1fa0df1f017c79e327b665556a469d1c19ea17ee 100644 --- a/support-disable-cgroup-controllers-we-don-t-want.patch +++ b/support-disable-cgroup-controllers-we-don-t-want.patch @@ -15,10 +15,10 @@ Subject: [PATCH] support disable cgroup controllers we don't want 8 files changed, 81 insertions(+) diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index f912b65..79089ac 100644 +index ac25693..a7c839c 100644 --- a/src/basic/cgroup-util.c +++ b/src/basic/cgroup-util.c -@@ -1951,6 +1951,20 @@ int cg_mask_supported(CGroupMask *ret) { +@@ -2052,6 +2052,20 @@ int cg_mask_supported(CGroupMask *ret) { return cg_mask_supported_subtree(root, ret); } @@ -37,13 +37,13 @@ index f912b65..79089ac 100644 +} + int cg_kernel_controllers(Set **ret) { - _cleanup_set_free_free_ Set *controllers = NULL; + _cleanup_set_free_ Set *controllers = NULL; _cleanup_fclose_ FILE *f = NULL; diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index a491eca..faa253b 100644 +index 147c956..a539327 100644 --- a/src/basic/cgroup-util.h +++ b/src/basic/cgroup-util.h -@@ -269,6 +269,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata); +@@ -295,6 +295,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata); int cg_mask_supported(CGroupMask *ret); int cg_mask_supported_subtree(const char *root, CGroupMask *ret); @@ -52,10 +52,10 @@ index a491eca..faa253b 100644 int cg_mask_to_string(CGroupMask mask, char **ret); diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index ab6d602..6101d53 100644 +index 9987dac..af58b9b 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -3378,6 +3378,7 @@ int manager_setup_cgroup(Manager *m) { +@@ -3646,6 +3646,7 @@ int manager_setup_cgroup(Manager *m) { if (r < 0) return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m"); m->cgroup_supported |= mask; @@ -64,10 +64,10 @@ index ab6d602..6101d53 100644 /* 10. Log which controllers are supported */ for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) diff --git a/src/core/main.c b/src/core/main.c -index a39d7d3..c4ce9a8 100644 +index 990e4d2..5404e24 100644 --- a/src/core/main.c +++ b/src/core/main.c -@@ -145,6 +145,7 @@ static nsec_t arg_timer_slack_nsec; +@@ -157,6 +157,7 @@ static nsec_t arg_timer_slack_nsec; static usec_t arg_default_timer_accuracy_usec; static Set* arg_syscall_archs; static FILE* arg_serialization; @@ -75,15 +75,15 @@ index a39d7d3..c4ce9a8 100644 static int arg_default_cpu_accounting; static bool arg_default_io_accounting; static bool arg_default_ip_accounting; -@@ -696,6 +697,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit }, - { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit }, - { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit }, -+ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers }, - { "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting }, - { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting }, - { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, -@@ -767,6 +769,10 @@ static void set_manager_defaults(Manager *m) { +@@ -684,6 +685,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit }, + { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit }, + { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit }, ++ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers }, + { "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting }, + { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting }, + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, +@@ -765,6 +767,10 @@ static void set_manager_defaults(Manager *m) { m->default_start_limit_burst = arg_default_start_limit_burst; m->default_dfx_reboot = arg_default_dfx_reboot; @@ -94,7 +94,7 @@ index a39d7d3..c4ce9a8 100644 /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU * controller to be enabled, so the default is to enable it unless we got told otherwise. */ if (arg_default_cpu_accounting >= 0) -@@ -2395,6 +2401,7 @@ static void reset_arguments(void) { +@@ -2494,6 +2500,7 @@ static void reset_arguments(void) { /* arg_serialization — ignore */ @@ -103,10 +103,10 @@ index a39d7d3..c4ce9a8 100644 arg_default_io_accounting = false; arg_default_ip_accounting = false; diff --git a/src/core/manager.h b/src/core/manager.h -index 54c1d3e..1f7d3b5 100644 +index ea95efe..9bf5454 100644 --- a/src/core/manager.h +++ b/src/core/manager.h -@@ -295,6 +295,8 @@ struct Manager { +@@ -296,6 +296,8 @@ struct Manager { /* Data specific to the cgroup subsystem */ Hashmap *cgroup_unit; CGroupMask cgroup_supported; @@ -116,10 +116,10 @@ index 54c1d3e..1f7d3b5 100644 /* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */ diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index c1fd308..2fe6f60 100644 +index 11936cd..e7aecfd 100644 --- a/src/core/system.conf.in +++ b/src/core/system.conf.in -@@ -49,6 +49,7 @@ +@@ -52,6 +52,7 @@ #DefaultStartLimitIntervalSec=10s #DefaultStartLimitBurst=5 #DefaultEnvironment= @@ -128,7 +128,7 @@ index c1fd308..2fe6f60 100644 #DefaultIOAccounting=no #DefaultIPAccounting=no diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c -index d0ac1b2..23fc1f5 100644 +index 29051ca..2527d31 100644 --- a/src/shared/conf-parser.c +++ b/src/shared/conf-parser.c @@ -10,6 +10,7 @@ @@ -136,10 +136,10 @@ index d0ac1b2..23fc1f5 100644 #include "conf-files.h" #include "conf-parser.h" +#include "cgroup-util.h" - #include "def.h" - #include "ether-addr-util.h" - #include "extract-word.h" -@@ -1196,6 +1197,59 @@ int config_parse_rlimit( + #include "constants.h" + #include "dns-domain.h" + #include "escape.h" +@@ -1557,6 +1558,59 @@ int config_parse_rlimit( return 0; } @@ -200,17 +200,17 @@ index d0ac1b2..23fc1f5 100644 const char* unit, const char *filename, diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h -index c3a1382..65ef71e 100644 +index e1765f5..2d8f21e 100644 --- a/src/shared/conf-parser.h +++ b/src/shared/conf-parser.h -@@ -146,6 +146,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames); +@@ -200,6 +200,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames); CONFIG_PARSER_PROTOTYPE(config_parse_ip_port); CONFIG_PARSER_PROTOTYPE(config_parse_mtu); CONFIG_PARSER_PROTOTYPE(config_parse_rlimit); +CONFIG_PARSER_PROTOTYPE(config_parse_cgroup); CONFIG_PARSER_PROTOTYPE(config_parse_vlanprotocol); - CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr); - CONFIG_PARSER_PROTOTYPE(config_parse_hwaddrs); + CONFIG_PARSER_PROTOTYPE(config_parse_hw_addr); + CONFIG_PARSER_PROTOTYPE(config_parse_hw_addrs); -- -2.23.0 +2.33.0 diff --git a/systemd-249.tar.gz b/systemd-253.tar.gz similarity index 54% rename from systemd-249.tar.gz rename to systemd-253.tar.gz index 7d0d938cbff08c53ec81b1068eff3afb5d76da0d..0337f9fafebe7741d63196dfe3128e14eeef0448 100644 Binary files a/systemd-249.tar.gz and b/systemd-253.tar.gz differ diff --git a/systemd-change-time-log-level.patch b/systemd-change-time-log-level.patch index 80c7db6c1cebc0f26998f5a3223055608193cbe7..0a482fa1d3f34fc1e772039a5f04a2d80cc85b15 100644 --- a/systemd-change-time-log-level.patch +++ b/systemd-change-time-log-level.patch @@ -6,27 +6,30 @@ Subject: [PATCH] systemd: change time log level Signed-off-by: yefei25 --- - src/core/manager.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + src/core/manager.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c -index 32c340f..29eccd8 100644 +index 7b39479..1619f8c 100644 --- a/src/core/manager.c +++ b/src/core/manager.c -@@ -2681,11 +2681,11 @@ static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint - - assert(m); - assert(m->time_change_fd == fd); +@@ -2937,11 +2937,11 @@ static int manager_dispatch_signal_fd(sd_event_source *source, int fd, uint32_t + static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata) { + Manager *m = ASSERT_PTR(userdata); + Unit *u; - - log_struct(LOG_DEBUG, -+ if (getpid_cached() == 1) { -+ log_struct(LOG_INFO, - "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, - LOG_MESSAGE("Time has been changed")); +- "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, +- LOG_MESSAGE("Time has been changed")); - ++ if (getpid_cached() == 1) { ++ log_struct(LOG_INFO, ++ "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, ++ LOG_MESSAGE("Time has been changed")); + } /* Restart the watch */ (void) manager_setup_time_change(m); - --- -2.19.1 + +-- +2.33.0 + diff --git a/systemd-core-Add-new-rules-for-lower-priority-events.patch b/systemd-core-Add-new-rules-for-lower-priority-events.patch index 921b3621f92f95bdc4a0de889dea51675df487fc..c03bab6f7f2c0ca1464a93ce230f2ad520c76318 100644 --- a/systemd-core-Add-new-rules-for-lower-priority-events.patch +++ b/systemd-core-Add-new-rules-for-lower-priority-events.patch @@ -25,11 +25,11 @@ d) The above rules only works for events with priority equal or higher than 'SD_ 4 files changed, 91 insertions(+) diff --git a/src/core/mount.c b/src/core/mount.c -index 053deac..de5b745 100644 +index f47c511..af0eae6 100644 --- a/src/core/mount.c +++ b/src/core/mount.c -@@ -1895,6 +1895,10 @@ static void mount_enumerate(Manager *m) { - goto fail; +@@ -1984,6 +1984,10 @@ static void mount_enumerate(Manager *m) { + goto fail; } + r = sd_event_source_set_preempt_dispatch_count(m->mount_event_source, 5); @@ -40,7 +40,7 @@ index 053deac..de5b745 100644 } diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h -index d2dc214..0fa41aa 100644 +index 6092652..0b2ab7d 100644 --- a/src/libsystemd/sd-event/event-source.h +++ b/src/libsystemd/sd-event/event-source.h @@ -70,6 +70,11 @@ struct sd_event_source { @@ -53,13 +53,13 @@ index d2dc214..0fa41aa 100644 + unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ + sd_event_destroy_t destroy_callback; + sd_event_handler_t ratelimit_expire_callback; - LIST_FIELDS(sd_event_source, sources); diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index e9199de..46f8aff 100644 +index d3c2d3a..31d4feb 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c -@@ -27,6 +27,11 @@ +@@ -29,6 +29,11 @@ #include "strxcpyx.h" #include "time-util.h" @@ -71,7 +71,7 @@ index e9199de..46f8aff 100644 #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC) static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) { -@@ -152,6 +157,11 @@ struct sd_event { +@@ -154,6 +159,11 @@ struct sd_event { LIST_HEAD(sd_event_source, sources); @@ -80,10 +80,10 @@ index e9199de..46f8aff 100644 + * for it may have been freed already.*/ + void *last_source; + + sd_event_source *sigint_event_source, *sigterm_event_source; + usec_t last_run_usec, last_log_usec; - unsigned delays[sizeof(usec_t) * 8]; - }; -@@ -165,6 +175,39 @@ static sd_event *event_resolve(sd_event *e) { +@@ -169,6 +179,39 @@ static sd_event *event_resolve(sd_event *e) { return e == SD_EVENT_DEFAULT ? default_event : e; } @@ -123,7 +123,7 @@ index e9199de..46f8aff 100644 static int pending_prioq_compare(const void *a, const void *b) { const sd_event_source *x = a, *y = b; int r; -@@ -182,6 +225,10 @@ static int pending_prioq_compare(const void *a, const void *b) { +@@ -186,6 +229,10 @@ static int pending_prioq_compare(const void *a, const void *b) { if (r != 0) return r; @@ -134,7 +134,7 @@ index e9199de..46f8aff 100644 /* Lower priority values first */ r = CMP(x->priority, y->priority); if (r != 0) -@@ -998,6 +1045,17 @@ static int source_set_pending(sd_event_source *s, bool b) { +@@ -1031,6 +1078,17 @@ static int source_set_pending(sd_event_source *s, bool b) { assert(s); assert(s->type != SOURCE_EXIT); @@ -152,7 +152,7 @@ index e9199de..46f8aff 100644 if (s->pending == b) return 0; -@@ -1057,6 +1115,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t +@@ -1090,6 +1148,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t .type = type, .pending_index = PRIOQ_IDX_NULL, .prepare_index = PRIOQ_IDX_NULL, @@ -160,7 +160,7 @@ index e9199de..46f8aff 100644 }; if (!floating) -@@ -2370,6 +2429,7 @@ static int event_source_offline( +@@ -2511,6 +2570,7 @@ static int event_source_offline( s->enabled = enabled; s->ratelimited = ratelimited; @@ -168,7 +168,7 @@ index e9199de..46f8aff 100644 switch (s->type) { case SOURCE_IO: -@@ -3443,6 +3503,19 @@ static int process_inotify(sd_event *e) { +@@ -3605,6 +3665,19 @@ static int process_inotify(sd_event *e) { return done; } @@ -186,9 +186,9 @@ index e9199de..46f8aff 100644 +} + static int source_dispatch(sd_event_source *s) { - _cleanup_(sd_event_unrefp) sd_event *saved_event = NULL; EventSourceType saved_type; -@@ -3496,6 +3569,7 @@ static int source_dispatch(sd_event_source *s) { + sd_event *saved_event; +@@ -3659,6 +3732,7 @@ static int source_dispatch(sd_event_source *s) { return r; } @@ -196,29 +196,32 @@ index e9199de..46f8aff 100644 s->dispatching = true; switch (s->type) { -@@ -4449,3 +4523,10 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) { - +@@ -4624,6 +4698,13 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) { return s->ratelimited; } -+ + +_public_ int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count) { + assert_return(s, -EINVAL); + + s->preempt_dispatch_count = count; + return 0; +} ++ + _public_ int sd_event_set_signal_exit(sd_event *e, int b) { + bool change = false; + int r; diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h -index 2ae2a0d..f113aba 100644 +index cae4c86..6e70a32 100644 --- a/src/systemd/sd-event.h +++ b/src/systemd/sd-event.h -@@ -165,6 +165,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b); +@@ -169,6 +169,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b); int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval_usec, unsigned burst); int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval_usec, unsigned *ret_burst); int sd_event_source_is_ratelimited(sd_event_source *s); +int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count); + int sd_event_source_set_ratelimit_expire_callback(sd_event_source *s, sd_event_handler_t callback); /* Define helpers so that __attribute__((cleanup(sd_event_unrefp))) and similar may be used. */ - _SD_DEFINE_POINTER_CLEANUP_FUNC(sd_event, sd_event_unref); -- -2.23.0 +2.33.0 diff --git a/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch index 27dc8dbc500a43a9a3e60f27abde0aeb5db5be2d..2ff7fe37667c0bc8a3f132eb1291dfaa94387ebd 100644 --- a/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch +++ b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch @@ -8,15 +8,15 @@ size 0 Signed-off-by: yefei25 --- - src/libsystemd/sd-journal/journal-file.c | 3 ++- - src/libsystemd/sd-journal/sd-journal.c | 9 +++++++--- + src/libsystemd/sd-journal/journal-file.c | 5 +++-- + src/libsystemd/sd-journal/sd-journal.c | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 220717d..221f8c4 100644 +index 2ead295..9962d3b 100644 --- a/src/libsystemd/sd-journal/journal-file.c +++ b/src/libsystemd/sd-journal/journal-file.c -@@ -895,8 +895,9 @@ static int journal_file_check_object(JournalFile *f, uint64_t offset, Object *o) +@@ -898,8 +898,9 @@ static int check_object(JournalFile *f, Object *o, uint64_t offset) { le64toh(o->tag.epoch), offset); break; @@ -27,11 +27,20 @@ index 220717d..221f8c4 100644 return 0; } +@@ -1804,7 +1805,7 @@ int journal_file_data_payload( + } + + size = le64toh(READ_NOW(o->object.size)); +- if (size < journal_file_data_payload_offset(f)) ++ if (size == 0 || o->object.type == 0 || size < journal_file_data_payload_offset(f)) + return -EBADMSG; + + size -= journal_file_data_payload_offset(f); diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index d08b51e..489144b 100644 +index 898218e..f6090dd 100644 --- a/src/libsystemd/sd-journal/sd-journal.c +++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -127,6 +127,10 @@ static void init_location(Location *l, LocationType type, JournalFile *f, Object +@@ -114,6 +114,10 @@ static void init_location(Location *l, LocationType type, JournalFile *f, Object assert(IN_SET(type, LOCATION_DISCRETE, LOCATION_SEEK)); assert(f); @@ -42,7 +51,7 @@ index d08b51e..489144b 100644 *l = (Location) { .type = type, .seqnum = le64toh(o->entry.seqnum), -@@ -856,7 +860,8 @@ static int real_journal_next(sd_journal *j, direction_t direction) { +@@ -851,7 +855,8 @@ static int real_journal_next(sd_journal *j, direction_t direction) { return r; set_location(j, new_file, o); @@ -52,15 +61,6 @@ index d08b51e..489144b 100644 return 1; } -@@ -2300,7 +2305,7 @@ static int return_data(sd_journal *j, JournalFile *f, Object *o, const void **da - assert(f); - - l = le64toh(READ_NOW(o->object.size)); -- if (l < offsetof(Object, data.payload)) -+ if (l == 0 || o->object.type == 0 || l < offsetof(Object, data.payload)) - return -EBADMSG; - l -= offsetof(Object, data.payload); - -- -2.19.1 +2.33.0 diff --git a/systemd.spec b/systemd.spec index d2fbcf6bf53e715320c2fac40eedf168b410df2d..dde962a165e8f72e29db45743f3fa1fc526d6eef 100644 --- a/systemd.spec +++ b/systemd.spec @@ -20,8 +20,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 249 -Release: 52 +Version: 253 +Release: 3 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -46,533 +46,61 @@ Source105: rule_generator.functions Source106: write_net_rules Source107: detect_virt -Patch6000: backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch -Patch6001: backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch -Patch6002: backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch -Patch6003: backport-shared-format-table-allocate-buffer-of-sufficient-si.patch -Patch6004: backport-fix-CVE-2021-33910.patch -Patch6005: backport-sd-bus-fix-missing-initializer-in-SD_BUS_VTABLE_END-.patch -Patch6006: backport-pid1-propagate-the-original-command-line-when-reexec.patch -Patch6007: backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch -Patch6008: backport-machined-varlink-fix-double-free.patch -Patch6009: backport-malloc-uses-getrandom-now.patch -Patch6010: backport-discover-image-mount-as-read-only-when-extracting-me.patch -Patch6011: backport-networkd-Include-linux-netdevice.h-header.patch -Patch6012: backport-seccomp-drop-getrandom-from-system-service.patch -Patch6013: backport-seccomp-move-sched_getaffinity-from-system-service-t.patch -Patch6014: backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch -Patch6015: backport-Use-correct-fcntl.h-include.patch -Patch6016: backport-Use-correct-poll.h-include.patch -Patch6017: backport-veritysetup-print-help-for-help-h-help.patch -Patch6018: backport-network-use-address_equal-route_equal-to-compare-add.patch -Patch6019: backport-mkosi-openSUSE-update-bootable-no-dependencies.patch -Patch6020: backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch -Patch6021: backport-sd-netlink-always-append-new-bridge-FDB-entries.patch -Patch6022: backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch -Patch6023: backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch -Patch6024: backport-network-add-comments.patch -Patch6025: backport-network-ignore-errors-on-setting-bridge-config.patch -Patch6026: backport-network-ignore-errors-on-unsetting-master-ifindex.patch -Patch6027: backport-network-also-check-addresses-when-determine-a-gatewa.patch -Patch6028: backport-network-check-the-received-interface-name-is-actuall.patch -Patch6029: backport-network-configure-address-with-requested-lifetime.patch -Patch6030: backport-network-use-monotonic-instead-of-boot-time-to-handle.patch -Patch6031: backport-udev-when-setting-up-lo-do-not-return-an-error.patch -Patch6032: backport-network-fix-configuring-of-CAN-devices.patch -Patch6033: backport-network-fix-logic-for-checking-gateway-address-is-re.patch -Patch6034: backport-Fix-the-Failed-to-open-random-seed-.-message.patch -Patch6035: backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch -Patch6036: backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch -Patch6037: backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch -Patch6038: backport-Get-rid-of-dangling-setutxent.patch -Patch6039: backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch -Patch6040: backport-hostname-fix-off-by-one-issue-in-gethostname.patch -Patch6041: backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch -Patch6042: backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch -Patch6043: backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch -Patch6044: backport-sd-boot-Fix-possible-null-pointer-dereference.patch -Patch6045: backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch -Patch6046: backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch -Patch6047: backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch -Patch6048: backport-unit-coldplug-both-job-and-nop_job-if-possible.patch -Patch6049: backport-network-do-not-assume-the-highest-priority-when-Prio.patch -Patch6050: backport-fstab-generator-Respect-nofail-when-ordering.patch -Patch6051: backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch -Patch6052: backport-src-boot-efi-linux-fix-linux_exec-prototype.patch -Patch6053: backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch -Patch6054: backport-import-turn-off-weird-protocols-in-curl.patch -Patch6055: backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch -Patch6056: backport-icmp6-drop-unnecessary-assertion.patch -Patch6057: backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch -Patch6058: backport-timesync-check-cmsg-length.patch -Patch6059: backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch -Patch6060: backport-tpm-util-fix-TPM-parameter-handling.patch -Patch6061: backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch -Patch6062: backport-Drop-bundled-copy-of-linux-if_arp.h.patch -Patch6063: backport-explicitly-close-FIDO2-devices.patch -Patch6064: backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch -Patch6065: backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch -Patch6066: backport-core-Remove-circular-include.patch -Patch6067: backport-path-util-make-find_executable-work-without-proc-mou.patch -Patch6068: backport-Fix-another-crash-due-to-missing-NHDR.patch -Patch6069: backport-hwdb-remove-double-empty-line-in-help-text.patch -Patch6070: backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch -Patch6071: backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch -Patch6072: backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch -Patch6073: backport-homed-add-missing-SYNTHETIC_ERRNO.patch -Patch6074: backport-homed-remove-misplaced-assert.patch -Patch6075: backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch -Patch6076: backport-udev-fix-potential-memleak.patch -Patch6077: backport-nspawn-fix-type-to-pass-to-connect.patch -Patch6078: backport-home-secret-argument-of-handle_generic_user_record_e.patch -Patch6079: backport-docs-portablectl-is-in-bin.patch -Patch6080: backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch -Patch6081: backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch -Patch6082: backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch -Patch6083: backport-nss-systemd-ensure-returned-strings-point-into-provi.patch -Patch6084: backport-core-Parse-log-environment-settings-again-after-appl.patch -Patch6085: backport-network-fix-handling-of-network-interface-renaming.patch -Patch6086: backport-virt-Improve-detection-of-EC2-metal-instances.patch -Patch6087: backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch -Patch6088: backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch -Patch6089: backport-test-use-a-less-restrictive-portable-profile-when-ru.patch -Patch6090: backport-Respect-install_sysconfdir.patch -Patch6091: backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch -Patch6092: backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch -Patch6093: backport-watchdog-pass-right-error-code-to-log-function-so-th.patch -Patch6094: backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch -Patch6095: backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch -Patch6096: backport-fileio-start-with-4k-buffer-for-procfs.patch -Patch6097: backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch -Patch6098: backport-test-fileio-test-read_virtual_file-with-more-files-f.patch -Patch6099: backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch -Patch6100: backport-network-disable-event-sources-before-unref-them.patch -Patch6101: backport-libsystemd-network-disable-event-sources-before-unre.patch -Patch6102: backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch -Patch6103: backport-resolvconf-compat-make-u-operation-a-NOP.patch -Patch6104: backport-basic-unit-file-don-t-filter-out-names-starting-with.patch -Patch6105: backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch -Patch6106: backport-seccomp-Always-install-filters-for-native-architectu.patch -Patch6107: backport-test-Check-that-native-architecture-is-always-filter.patch -Patch6108: backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch -Patch6109: backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch -Patch6110: backport-repart-use-right-error-variable.patch -Patch6111: backport-basic-env-util-correctly-parse-extended-vars-after-n.patch -Patch6112: backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch -Patch6113: backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch -Patch6114: backport-core-service-also-check-path-in-exec-commands.patch -Patch6115: backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch -Patch6116: backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch -Patch6117: backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch -Patch6118: backport-coredumpctl-stop-truncating-information-about-coredu.patch -Patch6119: backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch -Patch6120: backport-sd-boot-Unify-error-handling.patch -Patch6121: backport-sd-boot-Rework-console-input-handling.patch -Patch6122: backport-coredump-fix-filename-in-journal-when-not-compressed.patch -Patch6123: backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch -Patch6124: backport-homework-fix-incorrect-error-variable-use.patch -Patch6125: backport-sd-device-monitor-update-log-message-to-clarify-the-.patch -Patch6126: backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch -Patch6127: backport-userdb-fix-type-to-pass-to-connect.patch -Patch6128: backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch -Patch6129: backport-utmp-remove-dev-from-line.patch -Patch6130: backport-network-route-fix-possible-overflow-in-conversion-us.patch -Patch6131: backport-varlink-disconnect-varlink-link-in-one-more-case.patch -Patch6132: backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch -Patch6133: backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch -Patch6134: backport-json-do-something-remotely-reasonable-when-we-see-Na.patch -Patch6135: backport-change-indicator-used-for-later-versions-of-VirtualB.patch -Patch6136: backport-hwdb-Allow-console-users-access-to-media-nodes.patch -Patch6137: backport-test-do-not-use-alloca-in-function-call.patch -Patch6138: backport-systemctl-pretty-print-ExtensionImages-property.patch -Patch6139: backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch -Patch6140: backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch -Patch6141: backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch -Patch6142: backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch -Patch6143: backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch -Patch6144: backport-execute-respect-selinux_context_ignore.patch -Patch6145: backport-core-ignore-failure-on-setting-smack-process-label-w.patch -Patch6146: backport-process-util-wait-for-processes-we-killed-even-if-ki.patch -Patch6147: backport-scope-count-successful-cgroup-additions-when-delegat.patch -Patch6148: backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch -Patch6149: backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch -Patch6150: backport-ci-fix-indentation.patch -Patch6151: backport-ci-cancel-previous-jobs-on-ref-update.patch -Patch6152: backport-ci-take-CIFuzz-s-matrix-into-consideration.patch -Patch6153: backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch -Patch6154: backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch -Patch6155: backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch -Patch6156: backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch -Patch6157: backport-user-record-fix-display-of-access-mode.patch -Patch6158: backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch -Patch6159: backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch -Patch6160: backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch -Patch6161: backport-Change-gendered-terms-to-be-gender-neutral-21325.patch -Patch6162: backport-binfmt-fix-exit-value.patch -Patch6163: backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch -Patch6164: backport-umask-util-add-helper-that-resets-umask-until-end-of.patch -Patch6165: backport-namespace-rebreak-a-few-comments.patch -Patch6166: backport-namespace-make-whole-namespace_setup-work-regardless.patch -Patch6167: backport-namespace-make-tmp-dir-handling-code-independent-of-.patch -Patch6168: backport-tests-add-test-case-for-UMask-BindPaths-combination.patch -Patch6169: backport-sd-dhcp6-client-constify-one-argument.patch -Patch6170: backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch -Patch6171: backport-test-add-tests-for-reading-unaligned-data.patch -Patch6172: backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch -Patch6173: backport-sd-dhcp6-client-constify-several-arguments.patch -Patch6174: backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch -Patch6175: backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch -Patch6176: backport-dhcp-fix-assertion-failure.patch -Patch6177: backport-network-address-read-flags-from-message-header-when-.patch -Patch6178: backport-seccomp-move-mprotect-to-default.patch -Patch6179: backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch -Patch6180: backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch -Patch6181: backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch -Patch6182: backport-analyze-fix-printing-config-when-there-is-no-main-co.patch -Patch6183: backport-resolved-fix-ResolveService-hostname-handling.patch -Patch6184: backport-resolved-properly-signal-transient-errors-back-to-NS.patch -Patch6185: backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch -Patch6186: backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch -Patch6187: backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch -Patch6188: backport-homework-fix-a-bad-error-propagation.patch -Patch6189: backport-journal-Remove-entry-seqnum-revert-logic.patch -Patch6190: backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch -Patch6191: backport-journal-Deduplicate-entry-items-before-they-are-stor.patch -Patch6192: backport-test-journal-flush-allow-testing-against-specific-fi.patch -Patch6193: backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch -Patch6194: backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch -Patch6195: backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch -Patch6196: backport-sd-dhcp6-client-fix-error-handling.patch -Patch6197: backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch -Patch6198: backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch -Patch6199: backport-cryptenroll-fix-wrong-error-messages.patch -Patch6200: backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch -Patch6201: backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch -Patch6202: backport-core-use-correct-level-for-CPU-time-log-message.patch -Patch6203: backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch -Patch6204: backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch -Patch6205: backport-resolve-remove-server-large-level.patch -Patch6206: backport-mkosi-Build-Fedora-35-images.patch -Patch6207: backport-home-fix-heap-use-after-free.patch -Patch6208: backport-journactl-show-info-about-journal-range-only-at-debu.patch -Patch6209: backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch -Patch6210: backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch -Patch6211: backport-repart-use-real-disk-start-end-for-bar-production.patch -Patch6212: backport-machined-set-TTYPath-for-container-shell.patch -Patch6213: backport-sd-journal-free-incomplete-match-on-failure.patch -Patch6214: backport-sd-journal-fix-segfault-when-match_new-fails.patch -Patch6215: backport-random-util-use-ssize_t-for-getrandom-return-value.patch -Patch6216: backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch -Patch6217: backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch -Patch6218: backport-sysusers-use-filename-if-proc-is-not-mounted.patch -Patch6219: backport-nss-systemd-fix-required-buffer-size-calculation.patch -Patch6220: backport-nss-systemd-fix-alignment-of-gr_mem.patch -Patch6221: backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch -Patch6222: backport-syscalls-update-syscall-definitions.patch -Patch6223: backport-missing-syscall-add-__NR_openat2.patch -Patch6224: backport-basic-log-allow-errno-values-higher-than-255.patch -Patch6225: backport-backlight-ignore-error-if-the-backlight-device-is-al.patch -Patch6226: backport-logind-do-not-propagate-error-in-delayed-action.patch -Patch6227: backport-test-watchdog-mark-as-unsafe.patch -Patch6228: backport-fstab-generator-skip-root-directory-handling-when-nf.patch -Patch6229: backport-seccomp-move-arch_prctl-to-default.patch -Patch6230: backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch -Patch6231: backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch -Patch6232: backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch -Patch6233: backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch -Patch6234: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch -Patch6235: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch -Patch6236: backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch -Patch6237: backport-nss-drop-dummy-setup_logging-helpers.patch -Patch6238: backport-nss-only-read-logging-config-from-environment-variab.patch -Patch6239: backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch -Patch6240: backport-policy-files-adjust-landing-page-link.patch -Patch6241: backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch -Patch6242: backport-journal-Skip-data-objects-with-invalid-offsets.patch -Patch6243: backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch -Patch6244: backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch -Patch6245: backport-dissect-image-validate-extension-release-even-if-the.patch -Patch6246: backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch -Patch6247: backport-resolve-fix-assertion-triggered-when-r-0.patch -Patch6248: backport-oomd-fix-race-with-path-unavailability-when-killing-.patch -Patch6249: backport-oomd-handle-situations-when-no-cgroups-are-killed.patch -Patch6250: backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch -Patch6251: backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch -Patch6252: backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch -Patch6253: backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch -Patch6254: backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch -Patch6255: backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch -Patch6256: backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch -Patch6257: backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch -Patch6258: backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch -Patch6259: backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch -Patch6260: backport-bus-util-retrieve-bus-error-from-message.patch -Patch6261: backport-core-unit-use-bus_error_message-at-one-more-place.patch -Patch6262: backport-login-use-bus_error_message-at-one-more-place.patch -Patch6263: backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch -Patch6264: backport-execute-use-_cleanup_-logic-where-appropriate.patch -Patch6265: backport-execute-line-break-comments-a-bit-less-aggressively.patch -Patch6266: backport-execute-document-that-the-env-param-is-input-and-out.patch -Patch6267: backport-sd-dhcp-lease-fix-memleak.patch -Patch6269: backport-util-another-set-of-CVE-2021-4034-assert-s.patch -Patch6270: backport-resolve-fix-potential-memleak-and-use-after-free.patch -Patch6271: backport-resolve-fix-possible-memleak.patch -Patch6272: backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch -Patch6273: backport-network-bridge-fix-endian-of-vlan-protocol.patch -Patch6274: backport-basic-escape-add-helper-for-quoting-command-lines.patch -Patch6275: backport-core-use-the-new-quoting-helper.patch -Patch6276: backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch -Patch6277: backport-sd-bus-print-debugging-information-if-bus_container_.patch -Patch6278: backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch -Patch6279: backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch -Patch6280: backport-sd-device-silence-gcc-warning-with-newest-gcc.patch -Patch6281: backport-packit-build-on-and-use-Fedora-35-spec-file.patch -Patch6282: backport-ci-use-the-system-llvm-11-package-on-Focal.patch -Patch6283: backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch -Patch6284: backport-resolve-add-reference-of-the-original-bus-message-to.patch -Patch6285: backport-ci-replace-apt-key-with-signed-by.patch -Patch6286: backport-ci-fix-clang-13-installation.patch -Patch6287: backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch -Patch6288: backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch -Patch6289: backport-packit-drop-unnumbered-patches-as-well.patch -Patch6290: backport-dns-domain-re-introduce-dns_name_is_empty.patch -Patch6291: backport-resolve-synthesize-empty-name.patch -Patch6292: backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch -Patch6293: backport-resolve-drop-never-matched-condition.patch -Patch6294: backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch -Patch6295: backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch -Patch6296: backport-pid1-watch-bus-name-always-when-we-have-it.patch -Patch6297: backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch -Patch6298: backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch -Patch6299: backport-pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-db.patch -Patch6300: backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch -Patch6301: backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch -Patch6302: backport-test-oomd-util-style-fixlets.patch -Patch6303: backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch -Patch6304: backport-test-fix-file-descriptor-leak-in-test-catalog.patch -Patch6305: backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch -Patch6306: backport-test-fix-file-descriptor-leak-in-test-fs-util.patch -Patch6307: backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch -Patch6308: backport-test-fix-file-descriptor-leak-in-test-psi-util.patch -Patch6309: backport-clang-format-we-actually-typically-use-16ch-continua.patch -Patch6310: backport-test-journal-send-close-fd-opend-by-syslog.patch -Patch6311: backport-journal-send-close-fd-on-exit-when-running-with-valg.patch -Patch6312: backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch -Patch6313: backport-mkosi-Remove-Arch-nspawn-workaround.patch -Patch6314: backport-core-check-size-before-mmap.patch -Patch6315: backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch -Patch6316: backport-dissect-image-add-extension-specific-validation-flag.patch -Patch6317: backport-portabled-error-out-if-there-are-no-units-only-after.patch -Patch6318: backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch -Patch6319: backport-portabled-refactor-extraction-validation-into-a-comm.patch -Patch6320: backport-portable-move-profile-search-helper-to-path-lookup.patch -Patch6321: backport-portable-add-flag-to-return-extension-releases-in-Ge.patch -Patch6322: backport-portablectl-reorder-if-branches-to-match-previous-co.patch -Patch6323: backport-portable-inline-one-variable-declaration.patch -Patch6324: backport-portable-add-return-parameter-to-GetImageMetadataWit.patch -Patch6325: backport-wait-online-rename-Manager-elements.patch -Patch6326: backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch -Patch6327: backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch -Patch6328: backport-kernel-install-also-remove-modules.builtin.alias.bin.patch -Patch6329: backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch -Patch6330: backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch -Patch6331: backport-unit-escape.patch -Patch6332: backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch -Patch6333: backport-udev-run-the-main-process-workers-and-spawned-comman.patch -Patch6334: backport-Add-meson-option-to-disable-urlify.patch -Patch6335: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch -Patch6336: backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch -Patch6337: backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch -Patch6338: backport-virt-detect-OpenStack-Nova-instance.patch -Patch6339: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch6340: backport-revert-delete-initrd-usr-fs-target.patch -Patch6341: backport-journal-Only-move-to-objects-when-necessary.patch -Patch6342: backport-sd-device-introduce-device_has_devlink.patch -Patch6343: backport-udev-node-split-out-permission-handling-from-udev_no.patch -Patch6344: backport-udev-node-stack-directory-must-exist-when-adding-dev.patch -Patch6345: backport-udev-node-save-information-about-device-node-and-pri.patch -Patch6346: backport-udev-node-always-update-timestamp-of-stack-directory.patch -Patch6347: backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch -Patch6348: backport-udev-node-always-atomically-create-symlink-to-device.patch -Patch6349: backport-udev-node-check-stack-directory-change-even-if-devli.patch -Patch6350: backport-udev-node-shorten-code-a-bit-and-update-log-message.patch -Patch6351: backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch -Patch6352: backport-udev-node-drop-redundant-trial-of-devlink-creation.patch -Patch6353: backport-udev-node-simplify-the-example-of-race.patch -Patch6354: backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch -Patch6355: backport-calendarspec-fix-possibly-skips-next-elapse.patch -Patch6356: backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch -Patch6357: backport-core-command-argument-can-be-longer-than-PATH_MAX.patch -Patch6358: backport-hwdb-fix-parsing-options.patch -Patch6359: backport-sd-bus-fix-buffer-overflow.patch -Patch6360: backport-temporarily-disable-test-seccomp.patch -Patch6362: backport-meson.build-change-operator-combining-bools-from-to-.patch -Patch6363: backport-core-replace-slice-dependencies-as-they-get-added.patch -Patch6364: backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch -Patch6365: backport-revert-units-add-ProtectClock-yes.patch -Patch6366: backport-fix-CVE-2022-3821.patch -Patch6367: backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch -Patch6368: backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch -Patch6369: backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch -Patch6370: backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch -Patch6371: backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch -Patch6372: backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch -Patch6373: backport-coredump-Fix-format-string-type-mismatch.patch -Patch6374: backport-coredump-drop-an-unused-variable.patch -Patch6375: backport-CVE-2022-4415-coredump-adjust-whitespace.patch -Patch6376: backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch -Patch6377: backport-dns-domain-make-each-label-nul-terminated.patch -Patch6378: backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch -Patch6379: backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch -Patch6380: backport-growfs-don-t-actually-resize-on-dry-run.patch -Patch6381: backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch -Patch6382: backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch -Patch6383: backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch -Patch6384: backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch -Patch6385: backport-unit-file-avoid-null-in-debugging-logs.patch -Patch6386: backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch -Patch6387: backport-dhcp-fix-potential-buffer-overflow.patch -Patch6388: backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch -Patch6389: backport-sysusers-add-fsync-for-passwd-24324.patch -Patch6390: backport-condition-fix-device-tree-firmware-path.patch -Patch6391: backport-log-don-t-attempt-to-duplicate-closed-fd.patch -Patch6392: backport-mount-util-fix-error-code.patch -Patch6393: backport-analyze-add-forgotten-return-statement.patch -Patch6394: backport-shared-condition-avoid-nss-lookup-in-PID1.patch -Patch6395: backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch -Patch6396: backport-mount-setup-don-t-need-to-mount-sys-fs-pstore-if-the.patch -Patch6397: backport-swap-tell-swapon-to-reinitialize-swap-if-needed.patch -Patch6398: backport-sd-event-never-pass-negative-errnos-as-signalfd-to.patch -Patch6399: backport-sd-event-don-t-mistake-USEC_INFINITY-passed-in-for.patch -Patch6400: backport-tmpfiles-avoid-null-free-for-acl-attributes.patch -Patch6401: backport-nspawn-guard-acl_free-with-a-NULL-check.patch -Patch6402: backport-core-mount-namespaces-Remove-auxiliary-bind-mounts.patch -Patch6403: backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch -Patch6404: backport-argv-util-also-update-program_invocation_short_name.patch -Patch6405: backport-pid1-fix-segv-triggered-by-status-query.patch -Patch6406: backport-main-log-which-process-send-SIGNAL-to-PID1.patch -Patch6407: backport-main-drop-get_process_cmdline-from-crash-handler.patch -Patch6408: backport-core-unit-drop-dependency-to-the-unit-being-merged.patch -Patch6409: backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch -Patch6410: backport-core-unit-merge-two-loops-into-one.patch -Patch6411: backport-core-unit-merge-unit-names-after-merging-deps.patch -Patch6412: backport-core-unit-fix-log-message.patch -Patch6413: backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch -Patch6414: backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch -Patch6415: backport-udev-move-several-functions.patch -Patch6416: backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch -Patch6417: backport-udev-make-event_free-return-NULL.patch -Patch6418: backport-udev-make-event_queue_start-return-negative-errno-on-error.patch -Patch6419: backport-udev-add-usec_add-at-one-more-place.patch -Patch6420: backport-udev-propagate-error-on-spawning-a-worker.patch -Patch6421: backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch -Patch6422: backport-udev-rename-is_device_busy-event_is_blocked.patch -Patch6423: backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch -Patch6424: backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch -Patch6425: backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch -Patch6426: backport-event-util-introduce-event_reset_time_relative.patch -Patch6427: backport-udev-update-comment-and-log-messages.patch -Patch6428: backport-udev-remove-run-udev-queue-in-on_post.patch -Patch6429: backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch -Patch6430: backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch -Patch6431: backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch -Patch6432: backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch -Patch6433: backport-udev-introduce-device_broadcast_helper_function.patch -Patch6434: backport-udev-store-action-in-struct-Event.patch -Patch6435: backport-udev-requeue-event-when-the-corresponding-block-device-is.patch -Patch6436: backport-udev-split-worker_lock_block_device-into-two.patch -Patch6437: backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch -Patch6438: backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch -Patch6439: backport-udev-certainly-restart-event-for-previously-locked-device.patch -Patch6440: backport-udev-drop-unnecessary-calls-of-event_queue_start.patch -Patch6441: backport-timedatectl-fix-a-memory-leak.patch -Patch6442: backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch -Patch6443: backport-core-unit-fix-use-after-free.patch -Patch6444: backport-shared-json-fix-memory-leak-on-failed-normalization.patch -Patch6445: backport-core-timer-fix-memleak.patch -Patch6446: backport-core-timer-fix-potential-use-after-free.patch -Patch6447: backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch -Patch6448: backport-udev-cdrom_id-check-last-track-info.patch -Patch6449: backport-manager-reformat-boolean-expression-in-unit_is_prist.patch -Patch6450: backport-manager-allow-transient-units-to-have-drop-ins.patch -Patch6451: backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch -Patch6452: backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch -Patch6453: backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch -Patch6454: backport-sd-event-always-initialize-sd_event.perturb.patch -Patch6455: backport-sd-event-fix-error-handling.patch -Patch6456: backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch -Patch6457: backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch -Patch6458: backport-core-device-drop-unnecessary-condition.patch -Patch6459: backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch -Patch6460: backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch -Patch6461: backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch -Patch6462: backport-test-store-the-key-on-a-separate-device.patch -Patch6463: backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch -Patch6464: backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch -Patch6465: backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch -Patch6466: backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch -Patch6467: backport-core-device-update-comment.patch -Patch6468: backport-core-device-also-serialize-deserialize-device-syspat.patch -Patch6469: backport-core-device-verify-device-syspath-on-switching-root.patch -Patch6470: backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch -Patch6471: backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch -Patch6472: backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch - -Patch9001: update-rtc-with-system-clock-when-shutdown.patch -Patch9002: udev-add-actions-while-rename-netif-failed.patch -Patch9003: fix-two-VF-virtual-machines-have-same-mac-address.patch -Patch9004: logind-set-RemoveIPC-to-false-by-default.patch -Patch9005: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch -Patch9006: unit-don-t-add-Requires-for-tmp.mount.patch -Patch9007: rules-add-elevator-kernel-command-line-parameter.patch -Patch9008: rules-add-the-rule-that-adds-elevator-kernel-command.patch -Patch9009: units-add-Install-section-to-tmp.mount.patch -Patch9010: Make-systemd-udevd.service-start-after-systemd-remou.patch -Patch9011: udev-virsh-shutdown-vm.patch -Patch9012: sd-bus-properly-initialize-containers.patch -Patch9013: Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch9014: journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch9015: systemd-change-time-log-level.patch -Patch9016: fix-capsh-drop-but-ping-success.patch -Patch9017: resolved-create-etc-resolv.conf-symlink-at-runtime.patch -Patch9018: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch9019: fix-journal-file-descriptors-leak-problems.patch -Patch9020: activation-service-must-be-restarted-when-reactivated.patch -Patch9021: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch -Patch9022: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch -Patch9023: disable-initialize_clock.patch -Patch9024: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch -Patch9025: check-whether-command_prev-is-null-before-assigning-.patch -Patch9027: core-skip-change-device-to-dead-in-manager_catchup-d.patch -Patch9028: revert-rpm-restart-services-in-posttrans.patch -Patch9029: Don-t-set-AlternativeNamesPolicy-by-default.patch -Patch9030: change-NTP-server-to-x.pool.ntp.org.patch -Patch9031: keep-weight-consistent-with-the-set-value.patch -Patch9032: Systemd-Add-sw64-architecture.patch -%ifarch loongarch64 -Patch9033: 0029-Add-support-for-the-LoongArch-architecture.patch -Patch9034: 0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch -Patch9035: add-loongarch-for-missing_syscall_def.patch -%endif -Patch9036: core-update-arg_default_rlimit-in-bump_rlimit.patch -Patch9037: set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch -Patch9038: core-cgroup-support-cpuset.patch -Patch9039: core-cgroup-support-freezer.patch -Patch9040: core-cgroup-support-memorysw.patch -Patch9041: systemd-core-Add-new-rules-for-lower-priority-events.patch -Patch9042: bugfix-also-stop-machine-when-a-machine-un.patch -Patch9043: print-the-process-status-to-console-when-shutdown.patch -Patch9044: Retry-to-handle-the-uevent-when-worker-is-terminated.patch -Patch9045: treat-hyphen-as-valid-hostname-char.patch -Patch9046: process-util-log-more-information-when-runnin.patch -Patch9047: fuser-print-umount-message-to-reboot-umount-msg.patch -Patch9048: shutdown-reboot-when-recieve-crash-signal.patch -Patch9049: core-add-OptionalLog-to-allow-users-change-log-level.patch -Patch9050: core-cgroup-support-default-slice-for-all-uni.patch -Patch9051: core-add-invalidate-cgroup-config.patch -Patch9052: let-the-child-of-one-unit-don-t-affect-each-other.patch -Patch9053: support-disable-cgroup-controllers-we-don-t-want.patch -Patch9054: fix-mount-failed-while-daemon-reexec.patch +Patch6001: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +Patch6002: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch6003: backport-temporarily-disable-test-seccomp.patch +Patch6004: backport-sd-event-always-initialize-sd_event.perturb.patch +Patch6005: backport-sd-event-fix-error-handling.patch +Patch6006: backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch +Patch6007: backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch + +Patch9008: update-rtc-with-system-clock-when-shutdown.patch +Patch9009: udev-add-actions-while-rename-netif-failed.patch +Patch9010: fix-two-VF-virtual-machines-have-same-mac-address.patch +Patch9011: logind-set-RemoveIPC-to-false-by-default.patch +Patch9012: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +Patch9013: unit-don-t-add-Requires-for-tmp.mount.patch +Patch9014: rules-add-elevator-kernel-command-line-parameter.patch +Patch9015: rules-add-the-rule-that-adds-elevator-kernel-command.patch +Patch9016: units-add-Install-section-to-tmp.mount.patch +Patch9017: Make-systemd-udevd.service-start-after-systemd-remou.patch +Patch9018: udev-virsh-shutdown-vm.patch +Patch9019: sd-bus-properly-initialize-containers.patch +Patch9020: Revert-core-one-step-back-again-for-nspawn-we-actual.patch +Patch9021: systemd-change-time-log-level.patch +Patch9022: fix-capsh-drop-but-ping-success.patch +Patch9023: resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch9024: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +Patch9025: fix-journal-file-descriptors-leak-problems.patch +Patch9026: activation-service-must-be-restarted-when-reactivated.patch +Patch9027: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +Patch9028: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +Patch9029: disable-initialize_clock.patch +Patch9030: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch +Patch9031: check-whether-command_prev-is-null-before-assigning-.patch +Patch9032: revert-rpm-restart-services-in-posttrans.patch +Patch9033: Don-t-set-AlternativeNamesPolicy-by-default.patch +Patch9034: change-NTP-server-to-x.pool.ntp.org.patch +Patch9035: keep-weight-consistent-with-the-set-value.patch +Patch9036: Systemd-Add-sw64-architecture.patch +Patch9037: core-update-arg_default_rlimit-in-bump_rlimit.patch +Patch9038: set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch +Patch9039: core-cgroup-support-cpuset.patch +Patch9040: core-cgroup-support-freezer.patch +Patch9041: core-cgroup-support-memorysw.patch +Patch9042: systemd-core-Add-new-rules-for-lower-priority-events.patch +Patch9043: bugfix-also-stop-machine-when-a-machine-un.patch +Patch9044: print-the-process-status-to-console-when-shutdown.patch +Patch9045: Retry-to-handle-the-uevent-when-worker-is-terminated.patch +Patch9046: treat-hyphen-as-valid-hostname-char.patch +Patch9047: process-util-log-more-information-when-runnin.patch +Patch9048: fuser-print-umount-message-to-reboot-umount-msg.patch +Patch9049: shutdown-reboot-when-recieve-crash-signal.patch +Patch9050: core-add-OptionalLog-to-allow-users-change-log-level.patch +Patch9051: core-cgroup-support-default-slice-for-all-uni.patch +Patch9052: core-add-invalidate-cgroup-config.patch +Patch9053: let-the-child-of-one-unit-don-t-affect-each-other.patch +Patch9054: support-disable-cgroup-controllers-we-don-t-want.patch Patch9055: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch Patch9056: delete-journal-files-except-system.journal-when-jour.patch Patch9057: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch @@ -760,7 +288,7 @@ Systemd PAM module registers the session with systemd-logind. %prep %autosetup -n %{name}-%{version} -p1 -Sgit %ifnarch sw_64 -%patch9032 -R -p1 +%patch9029 -R -p1 %endif %build @@ -847,6 +375,8 @@ CONFIGURE_OPTS=( -Dtime-epoch=0 -Dmode=release -Durlify=false + -Dlink-journalctl-shared=false + -Dlink-boot-shared=false ) %meson "${CONFIGURE_OPTS[@]}" @@ -952,9 +482,9 @@ do fi fi done -# add rpath path /usr/lib/systemd in ld.so.conf.d +# add rpath path _libdir/systemd in ld.so.conf.d mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d -echo "/usr/lib/systemd" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf +echo "%{_libdir}/systemd" > %{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf %check %ifnarch loongarch64 @@ -1249,11 +779,6 @@ fi %files -f %{name}.lang %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE.* -%exclude %{_systemddir}/systemd-bless-boot -%exclude %{_unitdir}/systemd-bless-boot.service -%exclude %{_systemddir}/system-generators/systemd-bless-boot-generator -%exclude %{_unitdir}/systemd-boot-system-token.service -%exclude %{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service %license LICENSE.GPL2 LICENSE.LGPL2.1 %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants @@ -1274,7 +799,6 @@ fi %ghost %dir /var/log/journal %ghost %attr(0664,root,utmp) /var/log/wtmp -/var/log/README %ghost %attr(0600,root,utmp) /var/log/btmp %ghost %attr(0700,root,root) %dir /var/log/private %ghost %attr(0664,root,utmp) /var/run/utmp @@ -1297,6 +821,7 @@ fi %dir /usr/share/factory %dir /usr/share/factory/etc /usr/share/factory/etc/issue +/usr/share/factory/etc/locale.conf /usr/share/factory/etc/nsswitch.conf %dir /usr/share/factory/etc/pam.d /usr/share/factory/etc/pam.d/other @@ -1316,6 +841,7 @@ fi /usr/share/bash-completion/completions/systemctl /usr/share/bash-completion/completions/journalctl /usr/share/bash-completion/completions/systemd-analyze +/usr/share/bash-completion/completions/systemd-dissect /usr/share/bash-completion/completions/loginctl /usr/share/bash-completion/completions/timedatectl /usr/share/bash-completion/completions/busctl @@ -1353,6 +879,28 @@ fi /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy /usr/share/polkit-1/actions/org.freedesktop.login1.policy /usr/share/polkit-1/actions/org.freedesktop.locale1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.hostname1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.locale1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.LogControl1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Seat.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Session.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.User.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Automount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Device.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Job.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Mount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Path.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Scope.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Service.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Slice.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Socket.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Swap.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Target.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Timer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Unit.xml +/usr/share/dbus-1/interfaces/org.freedesktop.timedate1.xml /usr/bin/systemd-machine-id-setup /usr/bin/localectl /usr/bin/systemd-path @@ -1383,14 +931,17 @@ fi /usr/bin/systemd-tty-ask-password-agent /usr/bin/busctl /usr/bin/coredumpctl +/usr/bin/systemd-ac-power +/usr/bin/systemd-creds %dir /usr/lib/environment.d %dir /usr/lib/binfmt.d %dir /usr/lib/tmpfiles.d %dir /usr/lib/sysctl.d %dir /usr/lib/systemd %dir /usr/lib/sysusers.d -/usr/lib/sysusers.d/systemd.conf /usr/lib/sysusers.d/basic.conf +/usr/lib/sysusers.d/systemd-coredump.conf +/usr/lib/sysusers.d/systemd-journal.conf /usr/lib/systemd/system/hwclock-save.service /usr/lib/systemd/system/sysinit.target.wants/hwclock-save.service %{_systemddir}/systemd-update-done @@ -1406,9 +957,10 @@ fi %{_systemddir}/systemd-user-sessions %{_systemddir}/systemd-sysctl %{_systemddir}/systemd-socket-proxyd -%{_systemddir}/systemd-ac-power %{_systemddir}/systemd-hostnamed %{_systemddir}/systemd-localed +%{_systemddir}/systemd-sysroot-fstab-check +%{_systemddir}/systemd-update-helper %dir %{_systemddir}/user %{_systemddir}/systemd-volatile-root %{_systemddir}/systemd-journald @@ -1417,7 +969,8 @@ fi %dir %{_systemddir}/system-preset %dir %{_systemddir}/user-environment-generators %{_systemddir}/systemd-shutdown -%{_systemddir}/libsystemd-shared*.so +%{_libdir}/systemd/libsystemd-core-*.so +%{_libdir}/systemd/libsystemd-shared*.so %{_systemddir}/systemd-reply-password %dir %{_systemddir}/system-generators %dir %{_systemddir}/system @@ -1555,6 +1108,10 @@ fi %{_unitdir}/systemd-network-generator.service %{_unitdir}/autovt@.service %dir %{_unitdir}/user-.slice.d +%dir %{_unitdir}/user@.service.d +%dir %{_unitdir}/user@0.service.d +%{_unitdir}/user@.service.d/10-login-barrier.conf +%{_unitdir}/user@0.service.d/10-login-barrier.conf %{_unitdir}/systemd-boot-check-no-failures.service %{_unitdir}/halt.target %{_unitdir}/system-update-cleanup.service @@ -1602,7 +1159,6 @@ fi %{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path %{_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service %{_unitdir}/systemd-hostnamed.service.d/disable-privatedevices.conf -%{_unitdir}/sockets.target.wants/systemd-coredump.socket %{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket %{_unitdir}/sockets.target.wants/systemd-journald.socket %{_unitdir}/sockets.target.wants/systemd-initctl.socket @@ -1614,6 +1170,8 @@ fi %{_unitdir}/systemd-journald@.service %{_unitdir}/systemd-journald@.socket %{_unitdir}/modprobe@.service +%{_unitdir}/factory-reset.target +%{_unitdir}/initrd-usr-fs.target %{_systemddir}/system-generators/systemd-fstab-generator %{_systemddir}/system-generators/systemd-sysv-generator %{_systemddir}/system-generators/systemd-rc-local-generator @@ -1640,18 +1198,7 @@ fi %{_userunitdir}/systemd-tmpfiles-clean.timer %{_userunitdir}/sockets.target %{_userunitdir}/smartcard.target -%{_systemddir}/catalog/systemd.fr.catalog -%{_systemddir}/catalog/systemd.be.catalog -%{_systemddir}/catalog/systemd.bg.catalog -%{_systemddir}/catalog/systemd.de.catalog -%{_systemddir}/catalog/systemd.pt_BR.catalog -%{_systemddir}/catalog/systemd.it.catalog -%{_systemddir}/catalog/systemd.be@latin.catalog -%{_systemddir}/catalog/systemd.pl.catalog -%{_systemddir}/catalog/systemd.zh_CN.catalog -%{_systemddir}/catalog/systemd.zh_TW.catalog -%{_systemddir}/catalog/systemd.ru.catalog -%{_systemddir}/catalog/systemd.catalog +%{_systemddir}/catalog/systemd*.catalog /usr/lib/sysctl.d/50-default.conf /usr/lib/sysctl.d/50-pid-max.conf /usr/lib/sysctl.d/50-coredump.conf @@ -1666,6 +1213,8 @@ fi /usr/lib/tmpfiles.d/legacy.conf /usr/lib/tmpfiles.d/static-nodes-permissions.conf /usr/lib/tmpfiles.d/var.conf +/usr/lib/tmpfiles.d/credstore.conf +/usr/lib/tmpfiles.d/provision.conf /usr/lib/environment.d/99-environment.conf %ghost %config(noreplace) /etc/localtime %dir /etc/rc.d @@ -1735,6 +1284,7 @@ fi /usr/include/systemd/sd-bus.h /usr/include/systemd/sd-login.h /usr/include/systemd/sd-path.h +/usr/include/systemd/sd-gpt.h %{_libdir}/libudev.so %{_libdir}/libsystemd.so %{_libdir}/pkgconfig/libsystemd.pc @@ -1744,17 +1294,15 @@ fi %exclude /usr/share/bash-completion/completions/kernel-install %exclude /usr/share/zsh/site-functions/_kernel-install %exclude /usr/bin/kernel-install -%exclude /usr/lib/kernel/install.d/00-entry-directory.install %exclude /usr/lib/kernel/install.d/90-loaderentry.install %exclude /usr/lib/kernel/install.d/50-depmod.install %exclude /usr/lib/kernel/install.d/20-grubby.install +%exclude /usr/lib/kernel/install.d/90-uki-copy.install +%exclude /usr/lib/kernel/install.conf %exclude %dir /etc/kernel/install.d %exclude %dir /etc/kernel %exclude %dir /usr/lib/kernel %exclude %dir /usr/lib/kernel/install.d -%exclude /usr/bin/bootctl -%exclude /usr/share/zsh/site-functions/_bootctl -%exclude /usr/share/bash-completion/completions/bootctl %exclude %{_unitdir}/usb-gadget.target %ghost /var/lib/systemd/random-seed /etc/modules-load.d @@ -1776,6 +1324,8 @@ fi %{_systemddir}/systemd-sleep %{_systemddir}/systemd-udevd %{_systemddir}/systemd-vconsole-setup +%{_unitdir}/systemd-growfs-root.service +%{_unitdir}/systemd-growfs@.service %{_unitdir}/systemd-udevd.service %{_unitdir}/initrd-udevadm-cleanup-db.service %{_unitdir}/systemd-suspend.service @@ -1819,7 +1369,7 @@ fi /usr/lib/udev/mtd_probe /usr/lib/udev/scsi_id /usr/lib/udev/fido_id -%ifnarch sw_64 +%ifnarch sw_64 riscv64 /usr/lib/udev/dmi_memory_id %endif @@ -1849,6 +1399,10 @@ fi %{_udevhwdbdir}/60-autosuspend-fingerprint-reader.hwdb %{_udevhwdbdir}/60-seat.hwdb %{_udevhwdbdir}/80-ieee1394-unit-function.hwdb +%{_udevhwdbdir}/70-analyzers.hwdb +%{_udevhwdbdir}/70-av-production.hwdb +%{_udevhwdbdir}/70-cameras.hwdb +%{_udevhwdbdir}/70-pda.hwdb %{_udevhwdbdir}/README %dir /usr/lib/udev/rules.d @@ -1886,7 +1440,9 @@ fi %{_udevrulesdir}/50-udev-default.rules %{_udevrulesdir}/60-fido-id.rules %{_udevrulesdir}/81-net-dhcp.rules -%ifnarch sw_64 +%{_udevrulesdir}/60-infiniband.rules +%{_udevrulesdir}/70-camera.rules +%ifnarch sw_64 riscv64 %{_udevrulesdir}/70-memory.rules %endif %{_udevrulesdir}/README @@ -1909,6 +1465,9 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service /usr/share/dbus-1/system.d/org.freedesktop.machine1.conf /usr/share/polkit-1/actions/org.freedesktop.machine1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Image.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Machine.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Manager.xml %{_libdir}/libnss_mymachines.so.2 /usr/bin/machinectl %{_systemddir}/systemd-machined @@ -1935,12 +1494,17 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.resolve1.service /usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf /usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.DnssdService.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Manager.xml /usr/bin/systemd-resolve %{_systemddir}/resolv.conf %{_systemddir}/systemd-resolved %config(noreplace) /etc/systemd/resolved.conf %{_libdir}/libnss_resolve.so.2 %{_unitdir}/systemd-resolved.service +/usr/lib/sysusers.d/systemd-resolve.conf +/usr/lib/tmpfiles.d/systemd-resolve.conf %files nspawn /usr/share/bash-completion/completions/systemd-nspawn @@ -1955,12 +1519,17 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.network1.service /usr/share/dbus-1/system.d/org.freedesktop.network1.conf /usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPServer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Network.xml /usr/share/polkit-1/rules.d/systemd-networkd.rules /usr/bin/networkctl %{_systemddir}/systemd-networkd-wait-online %{_systemddir}/systemd-networkd %{_unitdir}/systemd-networkd.socket %{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-networkd-wait-online@.service %{_unitdir}/systemd-networkd.service %{_systemddir}/network/80-container-host0.network %dir /etc/systemd/network @@ -1970,6 +1539,11 @@ fi %{_systemddir}/network/80-wifi-adhoc.network %{_systemddir}/network/80-wifi-ap.network.example %{_systemddir}/network/80-wifi-station.network.example +%{_systemddir}/network/80-6rd-tunnel.network +%{_systemddir}/network/80-container-vb.network +%{_systemddir}/network/80-ethernet.network.example +/usr/lib/sysusers.d/systemd-network.conf +/usr/lib/tmpfiles.d/systemd-network.conf %files timesyncd %dir %{_systemddir}/ntp-units.d @@ -1979,32 +1553,43 @@ fi %ghost /var/lib/systemd/timesync/clock /usr/share/dbus-1/system-services/org.freedesktop.timesync1.service /usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +/usr/share/polkit-1/actions/org.freedesktop.timesync1.policy %{_systemddir}/systemd-timesyncd %{_unitdir}/systemd-timesyncd.service %{_systemddir}/ntp-units.d/80-systemd-timesync.list %config(noreplace) /etc/systemd/timesyncd.conf +/usr/lib/sysusers.d/systemd-timesync.conf %files pam %{_libdir}/security/pam_systemd.so %changelog +* Mon Jul 31 2023 huyubiao - 253-3 +- sync the patch from v249 + +* Sat Jul 29 2023 huyubiao - 253-2 +- fix the dynamic library cannot be found + +* Thu Jul 20 2023 huyubiao - 253-1 +- systemd update to v253 + * Thu Jun 15 2023 hongjinghao - 249-52 - backport: sync patches from systemd community -* Thu Jun 8 2023 licunlong - 249-51 -- set the cpuset.cpus/mems of machine.slice to all by default - -* Sat Jun 3 2023 chenjiayi - 249-50 +* Mon Jun 12 2023 chenjiayi - 249-51 - backport upstream patches to fix event loss when the whole disk is locked -* Mon Apr 10 2023 hongjinghao - 249-49 +* Thu Jun 8 2023 licunlong - 249-50 +- set the cpuset.cpus/mems of machine.slice to all by default + +* Wed Mar 22 2023 hongjinghao - 249-49 - backport: sync patches from systemd community -* Wed Mar 8 2023 wangyuhang -249-48 +* Tue Mar 7 2023 wangyuhang -249-48 - fix symlinks to NVMe drives are missing in /dev/disk/by-path -* Mon Mar 6 2023 hongjinghao -249-47 -- backport patches from upstream and add patches +* Tue Feb 28 2023 misaka00251 -249-47 +- Exclude riscv64 unsupported files for now, might add them back later * Thu Jan 19 2023 yangmingtai -249-46 - delete unused patch files @@ -2037,26 +1622,26 @@ fi * Mon Oct 10 2022 wangyuhang -249-38 - backport: sync systemd-stable-249 patches from systemd community -* Mon Oct 10 2022 wangyuhang -249-37 -- update release number to 249-37 to synchronize master - -* Thu Sep 29 2022 yangmingtai -249-36 +* Thu Sep 29 2022 yangmingtai -249-37 - 1.change default ntp server 2.correct the default value of RuntimeDirectoryInodesMax -* Fri Sep 16 2022 yangmingtai -249-35 +* Fri Sep 16 2022 yangmingtai -249-36 - revert:delete the initrd-usr-fs.target -* Wed Sep 14 2022 xujing -249-34 +* Wed Sep 14 2022 xujing -249-35 - revert add ProtectClock=yes -* Fri Sep 2 2022 Wenchao Hao -249-33 +* Fri Sep 2 2022 Wenchao Hao -249-34 - scsi_id: retry inquiry ioctl if host_byte is DID_TRANSPORT_DISRUPTED -* Thu Sep 1 2022 hongjinghao -249-32 +* Thu Sep 1 2022 hongjinghao - 249-33 - 1. Don't set AlternativeNamesPolicy by default 2. fix systemd-journald coredump +* Tue Aug 02 2022 zhukeqian -249-32 +- core: replace slice dependencies as they get added + * Wed Jun 22 2022 zhangyao -249-31 - fix don't preset systemd-timesyncd when install systemd-udev @@ -2162,6 +1747,12 @@ fi * Wed Dec 8 2021 yangmingtai - 249-1 - systemd update to v249 +* Tue Dec 28 2021 licunlong - 248-15 +- fix typo: disable not denable. + +* Wed Dec 01 2021 licunlong - 248-14 +- disable systemd-{timesyncd, networkd, resolved} by default + * Thu Sep 16 2021 ExtinctFire - 248-13 - core: fix free undefined pointer when strdup failed in the first loop diff --git a/udev-add-actions-while-rename-netif-failed.patch b/udev-add-actions-while-rename-netif-failed.patch index 9832a3c4a749a7db3b60628b297ba66ebd85598a..44f7aef5811cdd2e369c30558e73aa1c359d7b5b 100644 --- a/udev-add-actions-while-rename-netif-failed.patch +++ b/udev-add-actions-while-rename-netif-failed.patch @@ -3,45 +3,54 @@ From: systemd team Date: Tue, 7 Mar 2017 08:20:10 +0000 Subject: [PATCH] udev-add-actions-while-rename-netif-failed --- - src/udev/udev-event.c | 42 ++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 38 insertions(+), 4 deletions(-) + src/udev/udev-event.c | 47 +++++++++++++++++++++++++++++++++++++------ + 1 file changed, 41 insertions(+), 6 deletions(-) diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index e1c2baf..b64d279 100644 +index ec4ad30..d53a0aa 100644 --- a/src/udev/udev-event.c +++ b/src/udev/udev-event.c -@@ -820,6 +820,7 @@ static int rename_netif(UdevEvent *event) { - const char *oldname; - unsigned flags; +@@ -908,6 +908,7 @@ static int rename_netif(UdevEvent *event) { + const char *s; + sd_device *dev; int ifindex, r; + char name[IFNAMSIZ]; - - if (!event->name) - return 0; /* No new name is requested. */ -@@ -860,12 +861,45 @@ static int rename_netif(UdevEvent *event) { - if (r < 0) - return log_device_debug_errno(event->dev_db_clone, r, "Failed to update database under /run/udev/data/: %m"); - + + assert(event); + +@@ -978,19 +979,53 @@ static int rename_netif(UdevEvent *event) { + goto revert; + } + - r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); + strscpy(name, IFNAMSIZ, event->name); + + r = rtnl_set_link_name(&event->rtnl, ifindex, name); - if (r < 0) -- return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", -- ifindex, oldname, event->name); -+ { + if (r < 0) { + if (r == -EBUSY) { + log_device_info(dev, "Network interface '%s' is already up, cannot rename to '%s'.", + old_sysname, event->name); + r = 0; +- } else +- log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", +- ifindex, old_sysname, event->name); +- goto revert; ++ goto revert; ++ } + int loop; + if (r != -EEXIST) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", oldname, name); ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name); ++ goto revert; + } + -+ snprintf(name, IFNAMSIZ, "rename%u", ifindex); ++ snprintf(name, IFNAMSIZ, "rename%d", ifindex); + r = rtnl_set_link_name(&event->rtnl, ifindex, name); + if (r < 0) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", oldname, name); ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name); ++ goto revert; + } + -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name); ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, name); + + /* wait 90 seconds for our target to become available */ + loop = 90 * 20; @@ -51,23 +60,24 @@ index e1c2baf..b64d279 100644 + r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); + if (r == 0) { + log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, name, event->name); -+ return 0; ++ goto revert; + } + + if (r != -EEXIST) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", name, event->name); ++ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", name, event->name); ++ goto revert; + } + log_debug( "wait for netif '%s' to become free, loop=%i\n", + event->name, (90 * 20) - loop); + nanosleep(&duration, NULL); + } -+ } - -- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, event->name); -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, event->name); - + } + +- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name); ++ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name); return 1; - } --- -2.23.0 + + revert: +-- +2.33.0 diff --git a/udev-virsh-shutdown-vm.patch b/udev-virsh-shutdown-vm.patch index 194093109b6bf6e35be30c0bba885996e69f2566..f261c3eae9067be317dd2b18b61b05cbb41b5a83 100644 --- a/udev-virsh-shutdown-vm.patch +++ b/udev-virsh-shutdown-vm.patch @@ -4,13 +4,13 @@ Date: Thu, 31 Jan 2019 02:24:16 -0500 Subject: [PATCH] systemd:virsh shutdown vm --- - src/login/70-power-switch.rules | 1 + + rules.d/70-power-switch.rules | 1 + 1 file changed, 1 insertion(+) -diff --git a/src/login/70-power-switch.rules b/src/login/70-power-switch.rules -index d69e65b..cb77f7a 100644 ---- a/src/login/70-power-switch.rules -+++ b/src/login/70-power-switch.rules +diff --git a/rules.d/70-power-switch.rules b/rules.d/70-power-switch.rules +index 3fb954a..bc79410 100644 +--- a/rules.d/70-power-switch.rules ++++ b/rules.d/70-power-switch.rules @@ -11,5 +11,6 @@ ACTION=="remove", GOTO="power_switch_end" SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT_SWITCH}=="1", TAG+="power-switch" @@ -19,5 +19,5 @@ index d69e65b..cb77f7a 100644 LABEL="power_switch_end" -- -1.8.3.1 +2.33.0 diff --git a/unit-don-t-add-Requires-for-tmp.mount.patch b/unit-don-t-add-Requires-for-tmp.mount.patch index 99d5db276304c942b71c5b206f5be9be567b5c61..6247515f68f336f9b298b16cb6af7c88e6d41eac 100644 --- a/unit-don-t-add-Requires-for-tmp.mount.patch +++ b/unit-don-t-add-Requires-for-tmp.mount.patch @@ -14,8 +14,8 @@ index c9f756c..721d8d6 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1421,7 +1421,7 @@ static int unit_add_mount_dependencies(Unit *u) { - if (r < 0) return r; + changed = changed || r > 0; - if (m->fragment_path) { + if (m->fragment_path && !streq(m->id, "tmp.mount")) {