Merge ~ubuntu-core-dev/ubuntu/+source/systemd:xnox/fix-v5.15-tests into ubuntu/+source/systemd:ubuntu/focal
- Git
- lp:~ubuntu-core-dev/ubuntu/+source/systemd
- xnox/fix-v5.15-tests
- Merge into ubuntu/focal
Proposed by
Dimitri John Ledkov
Status: | Superseded | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~ubuntu-core-dev/ubuntu/+source/systemd:xnox/fix-v5.15-tests | ||||||||||||||||||||
Merge into: | ubuntu/+source/systemd:ubuntu/focal | ||||||||||||||||||||
Diff against target: |
11294 lines (+10313/-0) (has conflicts) 134 files modified
debian/changelog (+489/-0) debian/extra/dhclient-enter-resolved-hook (+12/-0) debian/extra/initramfs-tools/hooks/udev (+6/-0) debian/extra/rules-ubuntu/40-vm-hotadd.rules (+7/-0) debian/patches/CVE-2020-13529.patch (+36/-0) debian/patches/CVE-2021-33910.patch (+61/-0) debian/patches/CVE-2021-3997-1.patch (+62/-0) debian/patches/CVE-2021-3997-2.patch (+98/-0) debian/patches/CVE-2021-3997-3.patch (+262/-0) debian/patches/debian/UBUNTU-Fix-timezone-setting-on-read-only-etc.patch (+28/-0) debian/patches/debian/timedatectl-lp1650688.patch (+53/-0) debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch (+26/-0) debian/patches/hwdb-Mask-rfkill-event-from-intel-hid-on-HP-platforms.patch (+27/-0) debian/patches/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch (+344/-0) debian/patches/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch (+121/-0) debian/patches/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch (+110/-0) debian/patches/lp1785383-resolved-address-DVE-2018-0001.patch (+161/-0) debian/patches/lp1838329/0001-blockdev-propagate-one-more-unexpected-error.patch (+28/-0) debian/patches/lp1838329/0002-makefs-log-about-OOM-condition.patch (+33/-0) debian/patches/lp1838329/0003-dissect-use-log_debug_errno-where-appropriate.patch (+33/-0) debian/patches/lp1838329/0004-blockdev-add-helper-for-locking-whole-block-device.patch (+67/-0) debian/patches/lp1838329/0005-makefs-lock-device-while-we-operate.patch (+57/-0) debian/patches/lp1838329/0006-makefs-normalize-logging-a-bit.patch (+39/-0) debian/patches/lp1838329/0007-cryptsetup-generator-use-systemd-makefs-for-implemen.patch (+45/-0) debian/patches/lp1858210/0001-time-simplify-get_timezones.patch (+104/-0) debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch (+102/-0) debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch (+90/-0) debian/patches/lp1860926-network-Change-IgnoreCarrierLoss-default-to-value-of.patch (+75/-0) debian/patches/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch (+54/-0) debian/patches/lp1867375/0001-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch (+97/-0) debian/patches/lp1867375/0002-test-network-add-a-test-case-for-DHCPv4.UseGateway-n.patch (+56/-0) debian/patches/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch (+77/-0) debian/patches/lp1867375/0004-test-modify-add-tests-for-UseRoutes-and-UseGateway-c.patch (+187/-0) debian/patches/lp1867375/0005-network-honor-SetDNSRoutes-even-if-UseGateway-False.patch (+162/-0) debian/patches/lp1867375/0006-test-verify-RoutesToDNS-is-independent-of-UseGateway.patch (+74/-0) debian/patches/lp1873607/0001-core-some-minor-clean-ups-modernizations.patch (+56/-0) debian/patches/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch (+33/-0) debian/patches/lp1875708/journald-Increase-stdout-buffer-size-sooner-when-almost-f.patch (+28/-0) debian/patches/lp1875708/journald-rework-end-of-line-marker-handling-to-use-a-fiel.patch (+73/-0) debian/patches/lp1875708/journald-rework-pid-change-handling.patch (+218/-0) debian/patches/lp1875708/journald-use-log_warning_errno-where-appropriate.patch (+37/-0) debian/patches/lp1875708/journald-use-the-fact-that-client_context_release-returns.patch (+23/-0) debian/patches/lp1875708/man-document-the-new-_LINE_BREAK-type.patch (+39/-0) debian/patches/lp1875708/socket-util-introduce-type-safe-dereferencing-wrapper-CMS.patch (+198/-0) debian/patches/lp1875708/test-Add-a-test-case-for-15654.patch (+28/-0) debian/patches/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch (+61/-0) debian/patches/lp1882596-man-fix-some-manvolnum.patch (+267/-0) debian/patches/lp1887744-basic-unit-file-when-loading-linked-unit-files-use-l.patch (+92/-0) debian/patches/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch (+32/-0) debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch (+184/-0) debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch (+46/-0) debian/patches/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch (+104/-0) debian/patches/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch (+62/-0) debian/patches/lp1891810-seccomp-util-add-new-syscalls-from-kernel-5.6-to-sys.patch (+31/-0) debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch (+54/-0) debian/patches/lp1895418-correct-resolved-conf-cache-default.patch (+18/-0) debian/patches/lp1897744-resolve-enable-RES_TRUSTAD-towards-the-127.0.0.53-st.patch (+36/-0) debian/patches/lp1902236-nss-systemd-don-t-synthesize-root-nobody-when-iterat.patch (+39/-0) debian/patches/lp1902891-core-mount-mount-command-may-fail-after-adding-the-c.patch (+32/-0) debian/patches/lp1902960-udev-re-assign-ID_NET_DRIVER-ID_NET_LINK_FILE-ID_NET.patch (+84/-0) debian/patches/lp1903300/0001-network-VXLan-fix-adding-Group-address.patch (+34/-0) debian/patches/lp1903300/0002-network-VXLan-Add-support-for-remote-address.patch (+44/-0) debian/patches/lp1903300/0003-networkctl-Add-support-to-display-VXLan-remote-addre.patch (+32/-0) debian/patches/lp1905044-test-use-cap_last_cap-for-max-supported-cap-number-n.patch (+123/-0) debian/patches/lp1905245/0001-basic-cap-list-parse-print-numerical-capabilities.patch (+92/-0) debian/patches/lp1905245/0002-basic-capability-util-let-cap_last_cap-return-unsign.patch (+212/-0) debian/patches/lp1905245/0003-basic-cap-list-reduce-scope-of-variables.patch (+68/-0) debian/patches/lp1907306/0001-sd-dhcp-client-don-t-log-timeouts-if-already-expired.patch (+60/-0) debian/patches/lp1907306/0002-sd-dhcp-client-track-dhcp4-t1-t2-expire-times.patch (+153/-0) debian/patches/lp1907306/0003-sd-dhcp-client-add-RFC2131-retransmission-details.patch (+63/-0) debian/patches/lp1907306/0004-sd-dhcp-client-simplify-dhcp4-t1-t2-parsing.patch (+126/-0) debian/patches/lp1907306/0005-sd-dhcp-client-correct-dhcpv4-renew-rebind-retransmi.patch (+75/-0) debian/patches/lp1907306/0006-sd-dhcp-client-correct-retransmission-timeout-to-mat.patch (+48/-0) debian/patches/lp1907306/0007-test-network-increase-wait_online-timeout-to-handle-.patch (+35/-0) debian/patches/lp1907306/0008-sd-dhcp-client-fix-renew-rebind-timeout-calculation-.patch (+27/-0) debian/patches/lp1911187-systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch (+43/-0) debian/patches/lp1913189-test-accept-that-char-device-0-0-can-now-be-created-.patch (+61/-0) debian/patches/lp1913423-hashmap-make-sure-to-initialize-shared-hash-key-atom.patch (+70/-0) debian/patches/lp1913763-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch (+22/-0) debian/patches/lp1914740-network-enable-DHCP-broadcast-flag-if-required-by-in.patch (+148/-0) debian/patches/lp1915887-Downgrade-a-couple-of-warnings-to-debug.patch (+60/-0) debian/patches/lp1916485-Newer-Glibc-use-faccessat2-to-implement-faccessat.patch (+24/-0) debian/patches/lp1918696-shared-seccomp-util-address-family-filtering-is-brok.patch (+71/-0) debian/patches/lp1921696/0001-rfkill-improve-error-logging.patch (+121/-0) debian/patches/lp1921696/0002-rfkill-use-short-writes-and-accept-long-reads.patch (+123/-0) debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-.patch (+35/-0) debian/patches/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch (+82/-0) debian/patches/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch (+36/-0) debian/patches/lp1928200/0003-binfmt-modernize-code-a-bit.patch (+47/-0) debian/patches/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch (+120/-0) debian/patches/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch (+34/-0) debian/patches/lp1929122-network-check-that-received-ifindex-is-valid.patch (+23/-0) debian/patches/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch (+169/-0) debian/patches/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch (+29/-0) debian/patches/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch (+108/-0) debian/patches/lp1931578/0002-networkctl-add-field-Required-For-Online.patch (+30/-0) debian/patches/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch (+99/-0) debian/patches/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch (+25/-0) debian/patches/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch (+26/-0) debian/patches/lp1934147/0001-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch (+63/-0) debian/patches/lp1934147/0002-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch (+56/-0) debian/patches/lp1934221-resolved-disable-event-sources-before-unreffing-them.patch (+172/-0) debian/patches/lp1934981-correct-suspend-then-sleep-string.patch (+19/-0) debian/patches/lp1935051-shared-unit-file-make-sure-the-old-hashmaps-and-sets.patch (+153/-0) debian/patches/lp1937117/0001-revert-lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch (+151/-0) debian/patches/lp1937117/0002-avoid-changing-interface-master-if-interface-already-up.patch (+21/-0) debian/patches/lp1937238-util-return-the-correct-correct-wd-from-inotify-help.patch (+54/-0) debian/patches/lp1943561-dell-clamshell-accel-location-base-with-sku.patch (+29/-0) debian/patches/lp1944711-login-filenames-in-run-systemd-users-are-uids.patch (+51/-0) debian/patches/lp1946388-sd-journal-don-t-check-namespaces-if-we-have-no-name.patch (+29/-0) debian/patches/lp1948476-pid1-target-units-can-fail-through-dependencies.patch (+51/-0) debian/patches/lp1952599/0001-virt-Support-detection-for-ARM64-Hyper-V-guests.patch (+24/-0) debian/patches/lp1952599/0002-virt-Fix-the-detection-for-Hyper-V-VMs.patch (+35/-0) debian/patches/lp1952733-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-Map.patch (+23/-0) debian/patches/lp1952735-keymap-Add-microphone-mute-keymap-for-Dell-Machine.patch (+19/-0) debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch (+30/-0) debian/patches/lp1958284-core-move-reset_arguments-to-the-end-of-main-s-finish.patch (+48/-0) debian/patches/lp1959475-core-make-sure-we-don-t-get-confused-when-setting-TERM-fo.patch (+34/-0) debian/patches/lp1966179-add-more-hp-dmi-to-unblock-intel-hid-event.patch (+64/-0) debian/patches/lp1966800-shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch (+95/-0) debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch (+48/-0) debian/patches/lp1979951-network-do-not-remove-localhost-address.patch (+69/-0) debian/patches/lp1982462-units-remove-the-restart-limit-on-the-modprobe-.service.patch (+33/-0) debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch (+91/-0) debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch (+33/-0) debian/patches/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch (+315/-0) debian/patches/series (+134/-0) debian/patches/test-make-test-execute-pass-on-Linux-5.15.patch (+40/-0) debian/tests/boot-and-services (+19/-0) debian/tests/boot-smoke (+27/-0) debian/tests/control (+4/-0) debian/tests/root-unittests (+11/-0) debian/tests/systemd-fsckd (+306/-0) debian/udev.postinst (+6/-0) Conflict in debian/changelog Conflict in debian/extra/dhclient-enter-resolved-hook Conflict in debian/extra/initramfs-tools/hooks/udev Conflict in debian/extra/rules-ubuntu/40-vm-hotadd.rules Conflict in debian/patches/series Conflict in debian/tests/boot-and-services Conflict in debian/tests/boot-smoke Conflict in debian/tests/control Conflict in debian/tests/root-unittests Conflict in debian/tests/systemd-fsckd Conflict in debian/udev.postinst |
||||||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu import | Pending | ||
Review via email: mp+429490@code.launchpad.net |
Commit message
fix tests with v5.15 kernels
Description of the change
To post a comment you must log in.
Unmerged commits
- 41adb75... by Dimitri John Ledkov
-
releasing package systemd version 245.4-4ubuntu3.19
- 7b3140a... by Dimitri John Ledkov
-
test: fix test-execute autotest failure with kernel 5.15 (LP: #1975587)
- 7382329... by Nick Rosbrook
-
Release systemd 245.4-4ubuntu3.18
- c3c3199... by Nick Rosbrook
-
Update changelog
- 68353ff... by Nick Rosbrook
-
units: remove the restart limit on the modprobe@.service (LP: #1982462)
- c2da3a5... by Nick Rosbrook
-
Update changelog
- 87f872b... by Nick Rosbrook
-
network: do not remove localhost address (LP: #1979951)
- 2cddd05... by Nick Rosbrook
-
pstore: do not try to load mtdpstore (LP: #1981622)
systemd has not been released to focal with the offending commit yet, so
modify the pstore change before it becomes an issue.Gbp-Dch: ignore
- b6fe6f3... by Lukas Märdian
-
Update changelog
- 6e60756... by Mustafa Kemal Gilor
-
d/p/lp1978079-
efi-pstore- not-cleared- on-boot. patch: pstore: Run after modules are loaded. Thanks to Alexander Graf <email address hidden>.
(LP: #1978079)
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 0fcaba3..f29d65a 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,492 @@ |
6 | +<<<<<<< debian/changelog |
7 | +======= |
8 | +systemd (245.4-4ubuntu3.19) focal; urgency=medium |
9 | + |
10 | + * test: fix test-execute autotest failure with kernel 5.15 (LP: #1975587) |
11 | + File: debian/patches/test-make-test-execute-pass-on-Linux-5.15.patch |
12 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7b3140ab5916269c020978ce678f06869a769f5c |
13 | + |
14 | + -- Dimitri John Ledkov <dimitri.ledkov@canonical.com> Tue, 06 Sep 2022 11:17:21 +0100 |
15 | + |
16 | +systemd (245.4-4ubuntu3.18) focal; urgency=medium |
17 | + |
18 | + [ Nick Rosbrook ] |
19 | + * core: make sure we don't get confused when setting TERM for a tty fd |
20 | + (LP: #1959475) |
21 | + File: debian/patches/lp1959475-core-make-sure-we-don-t-get-confused-when-setting-TERM-fo.patch |
22 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b10c6853050dde26665caf3b15444d768d2bc498 |
23 | + * shared/calendarspec: when mktime() moves us backwards, jump forward |
24 | + (LP: #1966800) |
25 | + File: debian/patches/lp1966800-shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch |
26 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1f063541e44f6ff1a6904676d4264a2e49a09594 |
27 | + * network: do not remove localhost address (LP: #1979951) |
28 | + File: debian/patches/lp1979951-network-do-not-remove-localhost-address.patch |
29 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=87f872b8c5451f353601fb606e7fd7a479217cef |
30 | + * units: remove the restart limit on the modprobe@.service (LP: #1982462) |
31 | + File: debian/patches/lp1982462-units-remove-the-restart-limit-on-the-modprobe-.service.patch |
32 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=68353ffaf3539e6a58ef62a8b50850f56eae29ea |
33 | + |
34 | + [ Mustafa Kemal Gilor ] |
35 | + * d/p/lp1978079-efi-pstore-not-cleared-on-boot.patch: pstore: Run after |
36 | + modules are loaded. Thanks to Alexander Graf <graf@amazon.com>. |
37 | + (LP: #1978079) |
38 | + Author: Mustafa Kemal Gilor |
39 | + File: debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch |
40 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e60756f2079d6408abdb967127a1d9b9a0eba8c |
41 | + |
42 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Wed, 31 Aug 2022 11:27:33 -0400 |
43 | + |
44 | +systemd (245.4-4ubuntu3.17) focal; urgency=medium |
45 | + |
46 | + [ Andy Chi ] |
47 | + * Add mic mute key support for HP Elite x360 series (LP: #1967038) |
48 | + Author: Andy Chi |
49 | + File: debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch |
50 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=09cd12b399725d9c766f5a3c979ff6983812c783 |
51 | + |
52 | + [ Jeremy Szu ] |
53 | + * Add more hp dmi to unblock intel-hid event (LP: #1966179) |
54 | + Also, add HP EliteBook 630/830 13 inch dmi string to intel-hid allowlist |
55 | + Author: Jeremy Szu |
56 | + File: debian/patches/lp1966179-add-more-hp-dmi-to-unblock-intel-hid-event.patch |
57 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=7e05409f3f812086c530f5eb49fa381413df6065 |
58 | + |
59 | + -- Lukas Märdian <slyon@ubuntu.com> Thu, 21 Apr 2022 14:54:39 +0200 |
60 | + |
61 | +systemd (245.4-4ubuntu3.16) focal; urgency=medium |
62 | + |
63 | + [ Dan Streetman ] |
64 | + * d/p/lp1946388-sd-journal-don-t-check-namespaces-if-we-have-no-name.patch: |
65 | + Avoid journalctl segfault (LP: #1946388) |
66 | + |
67 | + [ Jeremy Szu ] |
68 | + * Add a allowlist to unblock intel-hid on new HP machines (LP: #1955997) |
69 | + Author: Jeremy Szu |
70 | + File: debian/patches/lp1955997-add-a-allowlist-to-unblock-intel-hid-on-HP-mach.patch |
71 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=88a859eaddb6c9a611fcbc44edab441aef4c4355 |
72 | + |
73 | + [ Nick Rosbrook ] |
74 | + * Prevent arguments from being overwritten with defaults at shutdown (LP: #1958284) |
75 | + File: debian/patches/lp1958284-core-move-reset_arguments-to-the-end-of-main-s-finish.patch |
76 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e61052bd1f20bcc54e7417542c6d445cf5040f56 |
77 | + |
78 | + [ Lukas Märdian ] |
79 | + * Fix deadlock between pid1 and dbus-daemon (LP: #1871538) |
80 | + Author: Lukas Märdian |
81 | + File: debian/patches/pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-dbus-da.patch |
82 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=e3aacfa26e3fc6df369e6f28e740389ae0020907 |
83 | + |
84 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Wed, 23 Mar 2022 09:29:33 -0400 |
85 | + |
86 | +systemd (245.4-4ubuntu3.15) focal-security; urgency=medium |
87 | + |
88 | + * SECURITY UPDATE: systemd-tmpfiles could be made to crash. |
89 | + - d/p/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch: |
90 | + Backport upstream patch from PR#20173 |
91 | + - d/p/rm-rf-optionally-fsync-after-removing-directory-tree.patch: |
92 | + Backport upstream patch required for CVE-2021-3997 patches |
93 | + - d/p/CVE-2021-3997-1.patch: Backport upstream patch to refactor |
94 | + rm_rf_children_inner() |
95 | + - d/p/CVE-2021-3997-2.patch: Backport upstream patch to refactor |
96 | + rm_rf() |
97 | + - d/p/CVE-2021-3997-3.patch: Backport upstream patch to loop over |
98 | + nested directories instead of using recursion |
99 | + - CVE-2021-3997 |
100 | + |
101 | + -- Alex Murray <alex.murray@canonical.com> Mon, 10 Jan 2022 15:26:38 +1030 |
102 | + |
103 | +systemd (245.4-4ubuntu3.14) focal; urgency=medium |
104 | + |
105 | + [ Lukas Märdian ] |
106 | + * Allow target units to fail (LP: #1948476) |
107 | + File: d/p/lp1948476-pid1-target-units-can-fail-through-dependencies.patch |
108 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fe0cb0bd66baea89d8bbe47cb47d88540f46d470 |
109 | + * Fix whitespace in lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-.patch to match upstream |
110 | + File: debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-.patch |
111 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=80fef80a1b018556939011707c4ce00cebc58806 |
112 | + * Support detection for ARM64 Hyper-V guests (LP: #1952599) |
113 | + Files: |
114 | + - debian/patches/lp1952599/0001-virt-Support-detection-for-ARM64-Hyper-V-guests.patch |
115 | + - debian/patches/lp1952599/0002-virt-Fix-the-detection-for-Hyper-V-VMs.patch |
116 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=caf3aff933cc7bf21565faba05f78ce78b3196cd |
117 | + |
118 | + [ Andy Chi ] |
119 | + * Add privacy micmute hotkey for Dell machine. (LP: #1952733) |
120 | + File: debian/patches/lp1952733-hwdb-60-keyboard-Update-Dell-Privacy-Micmute-Hotkey-Map.patch |
121 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff8dc41f55baa418076e42509ddbf3212a8c1353 |
122 | + * Add microphone mute key for Dell machine. (LP: #1952735) |
123 | + File: debian/patches/lp1952735-keymap-Add-microphone-mute-keymap-for-Dell-Machine.patch |
124 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=175fb4e209fba889b4bcd81cb2ed262923943a3f |
125 | + |
126 | + [ Yao Wei ] |
127 | + * Add ACCEL_LOCATION=base property for 6 Dell clamshell models (LP: #1943561) |
128 | + File: debian/patches/lp1943561-dell-clamshell-accel-location-base-with-sku.patch |
129 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=246195d68b2bb0473f4a3f1c2ebe54dfd37f068b |
130 | + |
131 | + [ Dan Streetman ] |
132 | + * d/p/lp1944711-login-filenames-in-run-systemd-users-are-uids.patch: |
133 | + Fix systemd-logind restart loading of existing sessions |
134 | + (LP: #1944711) |
135 | + |
136 | + [ Ratchanan Srirattanamet ] |
137 | + * d/p/debian/timedatectl-lp1650688.patch, |
138 | + d/p/debian/UBUNTU-Fix-timezone-setting-on-read-only-etc.patch: |
139 | + Fix timedated unable to retrieve & properly set timezone on |
140 | + read-only /etc (e.g. Ubuntu Core and system-image-based systems) |
141 | + (LP: #1650688) |
142 | + |
143 | + -- Lukas Märdian <slyon@ubuntu.com> Fri, 10 Dec 2021 10:04:02 +0100 |
144 | + |
145 | +systemd (245.4-4ubuntu3.13) focal; urgency=medium |
146 | + |
147 | + * d/p/dell-clamshell-accel-location-base-with-sku.patch: |
148 | + Revert incorrect patch (LP: #1942899) |
149 | + |
150 | + -- Dan Streetman <ddstreet@canonical.com> Tue, 07 Sep 2021 14:37:22 -0400 |
151 | + |
152 | +systemd (245.4-4ubuntu3.12) focal; urgency=medium |
153 | + |
154 | + [ Yao Wei ] |
155 | + * d/p/dell-clamshell-accel-location-base.patch: |
156 | + Add ACCEL_LOCATION=base property for Dell clamshell models (LP: #1938259) |
157 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5c1be33900edee94da0dc9a4ade8edcd079b4c85 |
158 | + |
159 | + [ Lukas Märdian ] |
160 | + * Add d/p/lp1934221-resolved-disable-event-sources-before-unreffing-them.patch |
161 | + - Fix segfault in systemd-resolve (LP: #1934221) |
162 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6c401900c70962052f56c7108fdc02fe7f84c9bf |
163 | + |
164 | + [ Simon Chopin ] |
165 | + * d/p/lp1914740-network-enable-DHCP-broadcast-flag-if-required-by-in.patch: |
166 | + - Apply upstream patch to fix Hipersocket DHCP mode (LP: #1914740) |
167 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=326ae43b7966d9e7c5f7124027185a79a07fa276 |
168 | + |
169 | + [ Dan Streetman ] |
170 | + * d/p/lp1934981-correct-suspend-then-sleep-string.patch: |
171 | + Fix sleep verb used by logind during suspend-then-hibernate |
172 | + (LP: #1934981) |
173 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=997f3a7da3d5db22e3c63626c3f7dc3dff0830b0 |
174 | + * d/p/lp1937238-util-return-the-correct-correct-wd-from-inotify-help.patch: |
175 | + Fix watch for time sync (LP: #1937238) |
176 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=dbabff8a03eb232c19174eff1335cd7cb7d7860c |
177 | + * d/extra/dhclient-enter-resolved-hook: |
178 | + Reset start limit counter for systemd-resolved in dhclient hook |
179 | + (LP: #1939255) |
180 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9d3a91a0b70a4b2bcc166f366cd0a880fd494812 |
181 | + * d/p/lp1935051-shared-unit-file-make-sure-the-old-hashmaps-and-sets.patch: |
182 | + Fix memory leak in path cache (LP: #1935051) |
183 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=12d6bdeb35f309158fe8d4242c6dd9be4d067604 |
184 | + * d/p/lp1934147/0001-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch, |
185 | + d/p/lp1934147/0002-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch: |
186 | + Catchup cgroup inotify watch after reexec/reload (LP: #1934147) |
187 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=63eabc88b8e0005eb40b15b543538ce35377bdbd |
188 | + |
189 | + -- Dan Streetman <ddstreet@canonical.com> Thu, 26 Aug 2021 10:18:02 -0400 |
190 | + |
191 | +systemd (245.4-4ubuntu3.11) focal-security; urgency=medium |
192 | + |
193 | + * d/p/lp1937117/0001-revert-lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch, |
194 | + d/p/lp1937117/0002-avoid-changing-interface-master-if-interface-already-up.patch: |
195 | + - Don't change interface master if interface is already up, |
196 | + due to users expecting previous buggy behavior (LP: #1937117) |
197 | + |
198 | + -- Dan Streetman <ddstreet@canonical.com> Wed, 21 Jul 2021 15:00:21 -0400 |
199 | + |
200 | +systemd (245.4-4ubuntu3.10) focal-security; urgency=medium |
201 | + |
202 | + * SECURITY UPDATE: DoS via DHCP FORCERENEW |
203 | + - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW |
204 | + command in src/libsystemd-network/sd-dhcp-client.c. |
205 | + - CVE-2020-13529 |
206 | + * SECURITY UPDATE: denial of service via stack exhaustion |
207 | + - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path |
208 | + in src/basic/unit-name.c. |
209 | + - CVE-2021-33910 |
210 | + |
211 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 20 Jul 2021 07:39:51 -0400 |
212 | + |
213 | +systemd (245.4-4ubuntu3.8) focal; urgency=medium |
214 | + |
215 | + [ dann frazier ] |
216 | + * d/p/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch: |
217 | + - Fix uninitialized variable that can lead to corrupt network altnames |
218 | + and/or segmentation faults. (LP: #1933402) |
219 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8276cde551b31840b4fc10a2905cda20f7148522 |
220 | + |
221 | + [ Kai-Heng Feng ] |
222 | + * d/p/hwdb-Add-ProBook-to-use-micmute-hotkey.patch: |
223 | + - Add ProBook to use micmute hotkey (LP: #1930910) |
224 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ab932a977b74aef1351532ab70effb761508b9be |
225 | + |
226 | + [ Jeremy Szu ] |
227 | + * d/p/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch: |
228 | + - Fix micmute hotkeys on HP Elite Dragonfly (LP: #1932352) |
229 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e2b7f998a026235d6551d43548d226c50c8056a |
230 | + |
231 | + [ Dan Streetman ] |
232 | + * d/p/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch, |
233 | + d/p/lp1931578/0002-networkctl-add-field-Required-For-Online.patch, |
234 | + d/p/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch: |
235 | + Adjust default for RequiredForOnline when using ActivationPolicy |
236 | + (LP: #1931578) |
237 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=aa2b5015d91037e476ee67d684d7e2d30e616199 |
238 | + * d/extra/dhclient-enter-resolved-hook: |
239 | + Check is-enabled systemd-resolved in dhclient hook (LP: #1853164) |
240 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=52ec2eb2a991cd406d1a94e8301e1b31d2bdb53c |
241 | + * d/p/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch, |
242 | + d/p/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch, |
243 | + d/p/lp1928200/0003-binfmt-modernize-code-a-bit.patch, |
244 | + d/p/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch, |
245 | + d/p/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch: |
246 | + Unregister all binfmts before shutdown (LP: #1928200) |
247 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bc605ba3f0c9d585ef834b35e9bbfc547a6f9eb5 |
248 | + * d/p/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch: |
249 | + Add man page symlink and deprecation notice for systemd-resolve |
250 | + (LP: #1894622) |
251 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=823d20d2c3f78fbb0e68c4fee8cbcdb84e94dcde |
252 | + * d/p/lp1858210/0001-time-simplify-get_timezones.patch, |
253 | + d/p/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch, |
254 | + d/p/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch: |
255 | + Parse tzdata.zi so timedatectl list-timezones also lists aliases |
256 | + (LP: #1858210) |
257 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=58a4c698e18f0a7fc0315a0394326e157a2e8479 |
258 | + * d/p/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch, |
259 | + d/p/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch, |
260 | + d/p/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch, |
261 | + d/p/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch: |
262 | + Don't rewrite resolv.conf is content unchanged (LP: #1891215) |
263 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=563e24f303462dfefd85b77051e742eb712a520c |
264 | + |
265 | + -- Dan Streetman <ddstreet@canonical.com> Tue, 06 Jul 2021 14:33:09 -0400 |
266 | + |
267 | +systemd (245.4-4ubuntu3.7) focal; urgency=medium |
268 | + |
269 | + [ Andy Chi ] |
270 | + * debian/patches/lp1926547-hwdb-60-keyboard-Update-Dell-Privacy-Local-Mic-Mute-.patch |
271 | + - Apply upstream patch to correct key and device mapping. |
272 | + (LP: #1926547) |
273 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=62c3ce6d6b2cab762b24aa610d6d135a67bdd76a |
274 | + |
275 | + [ Dan Streetman ] |
276 | + * d/p/lp1921696/0001-rfkill-improve-error-logging.patch, |
277 | + d/p/lp1921696/0002-rfkill-use-short-writes-and-accept-long-reads.patch: |
278 | + Handle rfkill api change in kernel 5.10 (LP: #1921696) |
279 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff0c23ba4fbcfa7f68e98adb6d62798ce54ca1da |
280 | + * d/p/lp1929122-network-check-that-received-ifindex-is-valid.patch: |
281 | + Check if ifindex is valid (LP: #1929122) |
282 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6378191818bc7d169b657e6f7a2b50cfddb4275e |
283 | + * d/p/lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch: |
284 | + Move link mac and master config out of link_up() (LP: #1929560) |
285 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=28cff7ee02a9ebd4ab93026af9fceaa2283725b3 |
286 | + * d/p/lp1902891-core-mount-mount-command-may-fail-after-adding-the-c.patch: |
287 | + Handle failed mount command (LP: #1902891) |
288 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b425189a483d7455db870b0ec5b2443c0eea7d76 |
289 | + * d/p/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch, |
290 | + d/p/lp1880258-log-nxdomain-as-debug.patch, |
291 | + d/p/lp1785383-resolved-address-DVE-2018-0001.patch: |
292 | + - Use upstream patch for DVE-2018-0001 handling (LP: #1785383) |
293 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ec45ebfee362ad3e429642f7519e8b88f16dc221 |
294 | + |
295 | + [ Łukasz 'sil2100' Zemczak ] |
296 | + * d/p/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch, |
297 | + d/p/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch, |
298 | + d/p/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch: |
299 | + - add support for configuring the activation policy for an interface |
300 | + (LP: #1664844) |
301 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=94f7b72d8128c743f35b308101a87d2c53a4074c |
302 | + |
303 | + -- Dan Streetman <ddstreet@canonical.com> Thu, 27 May 2021 11:16:17 -0400 |
304 | + |
305 | +systemd (245.4-4ubuntu3.6) focal; urgency=medium |
306 | + |
307 | + * debian/patches/lp1916485-Newer-Glibc-use-faccessat2-to-implement-faccessat.patch: |
308 | + Add support for faccessat2 (LP: #1916485) |
309 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=affb2c6507dccfeed02820a2267639648e2a2260 |
310 | + * d/p/lp1918696-shared-seccomp-util-address-family-filtering-is-brok.patch: |
311 | + Stop attempting to restrict address families on ppc archs |
312 | + (LP: #1918696) |
313 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=daff4b6604362fcb5d305682216d5ca15a4c5738 |
314 | + * d/p/lp1891810-seccomp-util-add-new-syscalls-from-kernel-5.6-to-sys.patch: |
315 | + Add openat2() syscall to seccomp filter list |
316 | + (LP: #1891810) |
317 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=69c8a684e2513b2f6530e5a5cf15c83abfb7bc74 |
318 | + * d/p/lp1915887-Downgrade-a-couple-of-warnings-to-debug.patch: |
319 | + Downgrade some log messages so they stop spamming logs |
320 | + (LP: #1915887) |
321 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3c2c4731b90ed430ca1790270e69cd125643b94b |
322 | + * d/p/lp1887744-basic-unit-file-when-loading-linked-unit-files-use-l.patch: |
323 | + Use src name, not dst name, of symlinked unit files (LP: #1887744) |
324 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=03770601097cfdc09adeadf5593083da69345409 |
325 | + |
326 | + -- Dan Streetman <ddstreet@canonical.com> Wed, 17 Mar 2021 17:36:08 -0400 |
327 | + |
328 | +systemd (245.4-4ubuntu3.5) focal; urgency=medium |
329 | + |
330 | + [ Ioanna Alifieraki ] |
331 | + * d/p/lp1911187-systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch: |
332 | + Do not shutdown immediately when scheduled shutdown fails (LP: #1911187) |
333 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3899c9d5c171e84fc503c6ab46aea7cc9def7235 |
334 | + |
335 | + [ Dimitri John Ledkov ] |
336 | + * d/p/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch: |
337 | + meson: initialize time-epoch to reproducible builds compatible value |
338 | + (LP: #1878969) |
339 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=84212797d21ed08031e1d71fe5e118bdd9873c0f |
340 | + |
341 | + [ Dan Streetman ] |
342 | + * d/p/lp1913189-test-accept-that-char-device-0-0-can-now-be-created-.patch: |
343 | + - Fix failing test case under 5.8 kernel (LP: #1913189) |
344 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=782a382017ce188dbf9a40adabd265943d7db119 |
345 | + * d/p/lp1913423-hashmap-make-sure-to-initialize-shared-hash-key-atom.patch: |
346 | + Thread-safe init of hashmap shared key (LP: #1913423) |
347 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=fc8dde7c4b1944d1583866f61c2314174b4dd06a |
348 | + * d/p/lp1902236-nss-systemd-don-t-synthesize-root-nobody-when-iterat.patch: |
349 | + Don't synthesize root/nobody when iterating (LP: #1902236) |
350 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=4d20e415ecd5b0fd032b4cf45bd9fd344cc434ac |
351 | + * d/p/debian/patches/lp1880258-log-nxdomain-as-debug.patch: |
352 | + Change NXDOMAIN 'errors' to log level debug (LP: #1880258) |
353 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=80163a2097aa876fe73b6071495ae4ad8749d04e |
354 | + * d/p/lp1913763-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch: |
355 | + Create symlink for hyperv-provided ptp device (LP: #1913763) |
356 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=b02053da2ff3fee6221bd8310488af0f52b140f1 |
357 | + |
358 | + -- Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com> Tue, 23 Feb 2021 00:18:57 +0000 |
359 | + |
360 | +systemd (245.4-4ubuntu3.4) focal; urgency=medium |
361 | + |
362 | + * d/p/lp1905245/0001-basic-cap-list-parse-print-numerical-capabilities.patch, |
363 | + d/p/lp1905245/0002-basic-capability-util-let-cap_last_cap-return-unsign.patch, |
364 | + d/p/lp1905245/0003-basic-cap-list-reduce-scope-of-variables.patch: |
365 | + - print number of unknown capabilities instead of failing |
366 | + (LP: #1905245) |
367 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5cd98102e16a6e4acc1444b10db3308d87930933 |
368 | + * d/p/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch: |
369 | + Add EliteBook to use micmute hotkey (LP: #1890448) |
370 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=238c8c1a7b9d75f69bdeafb1d55f1faf00acb063 |
371 | + * d/extra/dhclient-enter-resolved-hook: |
372 | + suppress output of cmp command in dhclient hook (LP: #1878955) |
373 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=83df4fc182f8ffe87256f5d7c4b49cee5192529a |
374 | + * d/p/lp1905044-test-use-cap_last_cap-for-max-supported-cap-number-n.patch: |
375 | + test: use cap_last_cap() instead of capability_list_length() |
376 | + (LP: #1905044) |
377 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ff21f41e624d9e603f3be463846ce981a433842a |
378 | + * d/p/lp1903300/0001-network-VXLan-fix-adding-Group-address.patch, |
379 | + d/p/lp1903300/0002-network-VXLan-Add-support-for-remote-address.patch, |
380 | + d/p/lp1903300/0003-networkctl-Add-support-to-display-VXLan-remote-addre.patch: |
381 | + set vxlan multicast group when specified (LP: #1903300) |
382 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9deff4b7c5495dbe738561ca47daf3756df9fcde |
383 | + * d/p/lp1907306/0001-sd-dhcp-client-don-t-log-timeouts-if-already-expired.patch, |
384 | + d/p/lp1907306/0002-sd-dhcp-client-track-dhcp4-t1-t2-expire-times.patch, |
385 | + d/p/lp1907306/0003-sd-dhcp-client-add-RFC2131-retransmission-details.patch, |
386 | + d/p/lp1907306/0004-sd-dhcp-client-simplify-dhcp4-t1-t2-parsing.patch, |
387 | + d/p/lp1907306/0005-sd-dhcp-client-correct-dhcpv4-renew-rebind-retransmi.patch, |
388 | + d/p/lp1907306/0006-sd-dhcp-client-correct-retransmission-timeout-to-mat.patch, |
389 | + d/p/lp1907306/0007-test-network-increase-wait_online-timeout-to-handle-.patch, |
390 | + d/p/lp1907306/0008-sd-dhcp-client-fix-renew-rebind-timeout-calculation-.patch: |
391 | + Send correct number of dhcpv4 renew and rebind requests |
392 | + (LP: #1907306) |
393 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a73c51d0df284dcc38e6924d40eed810554bab2e |
394 | + * d/p/lp1902960-udev-re-assign-ID_NET_DRIVER-ID_NET_LINK_FILE-ID_NET.patch: |
395 | + Run net_setup_link on 'change' uevents (LP: #1902960) |
396 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ec7ba2358aa68d8d6276ed56ef91caafc287cecf |
397 | + * d/t/root-unittests: |
398 | + Remove any corrupt journal files (LP: #1881947) |
399 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=5481fececdb3cb35ca7118598cad537681b5ff14 |
400 | + |
401 | + -- Dan Streetman <ddstreet@canonical.com> Wed, 06 Jan 2021 15:47:39 -0500 |
402 | + |
403 | +systemd (245.4-4ubuntu3.3) focal; urgency=medium |
404 | + |
405 | + [ Rafael David Tinoco ] |
406 | + * d/p/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch: |
407 | + Reworded and reintroduced patch to fully explain delta is NOT a fix to |
408 | + LP: #1861941 if the bcache-tools patch exists, but should be kept anyway |
409 | + as the change makes sense for a better experience to end user. |
410 | + (LP: #1861941) |
411 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f8f64b3b58a04a83b1c426818b9affc41e0bff6c |
412 | + |
413 | + [ Dan Streetman ] |
414 | + * d/p/lp1882596-man-fix-some-manvolnum.patch: |
415 | + - fix some man section references (LP: #1882596) |
416 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=3959ec95eff78d38ec4409807f151572afe83fe9 |
417 | + * d/p/lp1895418-correct-resolved-conf-cache-default.patch: |
418 | + - fix resolved.conf default Cache= value (LP: #1895418) |
419 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ebe274a2b01658ee39b372d7033c35209510b028 |
420 | + * d/p/lp1897744-resolve-enable-RES_TRUSTAD-towards-the-127.0.0.53-st.patch: |
421 | + - add resolv.conf 'trust-ad' option (LP: #1897744) |
422 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=f6acc8c620b80adab7b048352d85e722b5ba8214 |
423 | + * d/t/*: |
424 | + - Update tests to fix false negatives (LP: #1892358) |
425 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=cee6c31a6caec7888270c9fa8757105ab950ed0c |
426 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=a1c1a2bb0ff27faf84fe94583631dfd0f1f4ed8f |
427 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=9417ce996766c133c2a33d4102ce1494f3166774 |
428 | + |
429 | + -- Dan Streetman <ddstreet@canonical.com> Thu, 08 Oct 2020 16:14:56 -0400 |
430 | + |
431 | +systemd (245.4-4ubuntu3.2) focal; urgency=medium |
432 | + |
433 | + [ Dan Streetman ] |
434 | + * Hotadd only offline memory and CPUs (LP: #1876018) |
435 | + File: debian/extra/rules-ubuntu/40-vm-hotadd.rules |
436 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=72d815471596056b7727be5b10f87513ff1d5757 |
437 | + * Lock swap blockdevice while calling mkswap (LP: #1838329) |
438 | + Files: |
439 | + - d/p/lp1838329/0001-blockdev-propagate-one-more-unexpected-error.patch |
440 | + - d/p/lp1838329/0002-makefs-log-about-OOM-condition.patch |
441 | + - d/p/lp1838329/0003-dissect-use-log_debug_errno-where-appropriate.patch |
442 | + - d/p/lp1838329/0004-blockdev-add-helper-for-locking-whole-block-device.patch |
443 | + - d/p/lp1838329/0005-makefs-lock-device-while-we-operate.patch |
444 | + - d/p/lp1838329/0006-makefs-normalize-logging-a-bit.patch |
445 | + - d/p/lp1838329/0007-cryptsetup-generator-use-systemd-makefs-for-implemen.patch |
446 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=c81b75c4297cbb04554488b070b6f79996b8cceb |
447 | + |
448 | + [ Balint Reczey ] |
449 | + * debian/udev.postinst: Allow kvm to be an already present non-system group |
450 | + (LP: #1880541) |
451 | + File: debian/udev.postinst |
452 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8b5c31828d4323ddb719326b1316c179b7cdbdef |
453 | + * d/p/hwdb-Mask-rfkill-event-from-intel-hid-on-HP-platforms.patch: |
454 | + hwdb: Mask rfkill event from intel-hid on HP platforms |
455 | + (LP: #1883846) |
456 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=164c016b466210c7d6d05963fd753eccf4679844 |
457 | + * journald: stream pid change newline fix (LP: #1875708) |
458 | + Files: |
459 | + - debian/patches/lp1875708/journald-Increase-stdout-buffer-size-sooner-when-almost-f.patch |
460 | + - debian/patches/lp1875708/journald-rework-end-of-line-marker-handling-to-use-a-fiel.patch |
461 | + - debian/patches/lp1875708/journald-rework-pid-change-handling.patch |
462 | + - debian/patches/lp1875708/journald-use-log_warning_errno-where-appropriate.patch |
463 | + - debian/patches/lp1875708/journald-use-the-fact-that-client_context_release-returns.patch |
464 | + - debian/patches/lp1875708/man-document-the-new-_LINE_BREAK-type.patch |
465 | + - debian/patches/lp1875708/socket-util-introduce-type-safe-dereferencing-wrapper-CMS.patch |
466 | + - debian/patches/lp1875708/test-Add-a-test-case-for-15654.patch |
467 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=2dc19f7ae4aad7277e9d89849182453ff1d046dc |
468 | + |
469 | + -- Dan Streetman <ddstreet@canonical.com> Mon, 06 Jul 2020 17:38:31 -0400 |
470 | + |
471 | +systemd (245.4-4ubuntu3.1) focal; urgency=medium |
472 | + |
473 | + * d/p/lp1867375/0001-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch, |
474 | + d/p/lp1867375/0002-test-network-add-a-test-case-for-DHCPv4.UseGateway-n.patch, |
475 | + d/p/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch, |
476 | + d/p/lp1867375/0004-test-modify-add-tests-for-UseRoutes-and-UseGateway-c.patch, |
477 | + d/p/lp1867375/0005-network-honor-SetDNSRoutes-even-if-UseGateway-False.patch, |
478 | + d/p/lp1867375/0006-test-verify-RoutesToDNS-is-independent-of-UseGateway.patch: |
479 | + - Add UseGateway= parameter and default to value of UseRoutes, to restore |
480 | + backwards compatibility with old UseRoutes= behavior (LP: #1867375) |
481 | + * d/p/lp1860926-network-Change-IgnoreCarrierLoss-default-to-value-of.patch: |
482 | + - default ignore_carrier_loss to value of configure_without_carrier, |
483 | + so carrier drop during configuration doesn't break networking |
484 | + (LP: #1860926) |
485 | + * d/e/initramfs-tools/hooks/udev: |
486 | + - Follow symlinks when finding link files to copy into initramfs |
487 | + (LP: #1868892) |
488 | + * d/p/lp1873607/0001-core-some-minor-clean-ups-modernizations.patch, |
489 | + d/p/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch: |
490 | + - Avoid segfault during serialization (LP: #1873607) |
491 | + |
492 | + -- Dan Streetman <ddstreet@canonical.com> Thu, 07 May 2020 09:21:22 -0400 |
493 | + |
494 | +>>>>>>> debian/changelog |
495 | systemd (245.4-4ubuntu3) focal; urgency=medium |
496 | |
497 | * dhcp: Allow setting request options again |
498 | diff --git a/debian/extra/dhclient-enter-resolved-hook b/debian/extra/dhclient-enter-resolved-hook |
499 | index ebbb31f..a0578bf 100755 |
500 | --- a/debian/extra/dhclient-enter-resolved-hook |
501 | +++ b/debian/extra/dhclient-enter-resolved-hook |
502 | @@ -14,7 +14,11 @@ |
503 | # (D) = master script downs interface |
504 | # (-) = master script does nothing with this |
505 | |
506 | +<<<<<<< debian/extra/dhclient-enter-resolved-hook |
507 | if [ -x /lib/systemd/systemd-resolved ] ; then |
508 | +======= |
509 | +if systemctl is-enabled systemd-resolved > /dev/null 2>&1; then |
510 | +>>>>>>> debian/extra/dhclient-enter-resolved-hook |
511 | # For safety, first undefine the nasty default make_resolv_conf() |
512 | make_resolv_conf() { : ; } |
513 | case "$reason" in |
514 | @@ -56,7 +60,15 @@ EOF |
515 | |
516 | newstate="$(mktemp)" |
517 | md5sum $statedir/isc-dhcp-v4-$interface.conf $statedir/isc-dhcp-v6-$interface.conf > $newstate 2> /dev/null |
518 | +<<<<<<< debian/extra/dhclient-enter-resolved-hook |
519 | if ! cmp $oldstate $newstate; then |
520 | +======= |
521 | + if ! cmp --quiet $oldstate $newstate; then |
522 | + # We need to reset-failed to reset the start limit counter, |
523 | + # in case we're processing more than StartLimitBurst interfaces |
524 | + # LP: #1939255 |
525 | + systemctl reset-failed systemd-resolved.service |
526 | +>>>>>>> debian/extra/dhclient-enter-resolved-hook |
527 | systemctl try-reload-or-restart systemd-resolved.service |
528 | fi |
529 | |
530 | diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev |
531 | index 854a216..2152f2d 100755 |
532 | --- a/debian/extra/initramfs-tools/hooks/udev |
533 | +++ b/debian/extra/initramfs-tools/hooks/udev |
534 | @@ -22,9 +22,15 @@ cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/" |
535 | |
536 | # copy .link files containing interface naming definitions |
537 | mkdir -p "$DESTDIR/lib/systemd/network/" |
538 | +<<<<<<< debian/extra/initramfs-tools/hooks/udev |
539 | find /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + |
540 | if [ -d /etc/systemd/network ]; then |
541 | find /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + |
542 | +======= |
543 | +find -L /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + |
544 | +if [ -d /etc/systemd/network ]; then |
545 | + find -L /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' + |
546 | +>>>>>>> debian/extra/initramfs-tools/hooks/udev |
547 | fi |
548 | |
549 | mkdir -p "$DESTDIR/lib/udev/rules.d/" |
550 | diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules |
551 | index 62a5a62..04cbf05 100644 |
552 | --- a/debian/extra/rules-ubuntu/40-vm-hotadd.rules |
553 | +++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules |
554 | @@ -6,9 +6,16 @@ GOTO="vm_hotadd_end" |
555 | LABEL="vm_hotadd_apply" |
556 | |
557 | # Memory hotadd request |
558 | +<<<<<<< debian/extra/rules-ubuntu/40-vm-hotadd.rules |
559 | SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}="online" |
560 | |
561 | # CPU hotadd request |
562 | SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}="1" |
563 | +======= |
564 | +SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}!="online", ATTR{state}="online" |
565 | + |
566 | +# CPU hotadd request |
567 | +SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}!="1", ATTR{online}="1" |
568 | +>>>>>>> debian/extra/rules-ubuntu/40-vm-hotadd.rules |
569 | |
570 | LABEL="vm_hotadd_end" |
571 | diff --git a/debian/patches/CVE-2020-13529.patch b/debian/patches/CVE-2020-13529.patch |
572 | new file mode 100644 |
573 | index 0000000..655490d |
574 | --- /dev/null |
575 | +++ b/debian/patches/CVE-2020-13529.patch |
576 | @@ -0,0 +1,36 @@ |
577 | +From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001 |
578 | +From: Yu Watanabe <watanabe.yu+github@gmail.com> |
579 | +Date: Thu, 24 Jun 2021 01:22:07 +0900 |
580 | +Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command |
581 | + |
582 | +This makes DHCP client ignore FORCERENEW requests, as unauthenticated |
583 | +FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). |
584 | + |
585 | +Let's re-enable this after RFC3118 (Authentication for DHCP Messages) |
586 | +and/or RFC6704 (Forcerenew Nonce Authentication) are implemented. |
587 | + |
588 | +Fixes #16774. |
589 | +--- |
590 | + src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++ |
591 | + 1 file changed, 8 insertions(+) |
592 | + |
593 | +--- a/src/libsystemd-network/sd-dhcp-client.c |
594 | ++++ b/src/libsystemd-network/sd-dhcp-client.c |
595 | +@@ -1414,9 +1414,17 @@ static int client_handle_forcerenew(sd_d |
596 | + if (r != DHCP_FORCERENEW) |
597 | + return -ENOMSG; |
598 | + |
599 | ++#if 0 |
600 | + log_dhcp_client(client, "FORCERENEW"); |
601 | + |
602 | + return 0; |
603 | ++#else |
604 | ++ /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP |
605 | ++ * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW |
606 | ++ * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */ |
607 | ++ log_dhcp_client(client, "Received FORCERENEW, ignoring."); |
608 | ++ return -ENOMSG; |
609 | ++#endif |
610 | + } |
611 | + |
612 | + static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) { |
613 | diff --git a/debian/patches/CVE-2021-33910.patch b/debian/patches/CVE-2021-33910.patch |
614 | new file mode 100644 |
615 | index 0000000..619ae4d |
616 | --- /dev/null |
617 | +++ b/debian/patches/CVE-2021-33910.patch |
618 | @@ -0,0 +1,61 @@ |
619 | +Backport of: |
620 | + |
621 | +From 441e0115646d54f080e5c3bb0ba477c892861ab9 Mon Sep 17 00:00:00 2001 |
622 | +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
623 | +Date: Wed, 23 Jun 2021 11:46:41 +0200 |
624 | +Subject: [PATCH 1/2] basic/unit-name: do not use strdupa() on a path |
625 | + |
626 | +The path may have unbounded length, for example through a fuse mount. |
627 | + |
628 | +CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and |
629 | +ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo |
630 | +and each mountpoint is passed to mount_setup_unit(), which calls |
631 | +unit_name_path_escape() underneath. A local attacker who is able to mount a |
632 | +filesystem with a very long path can crash systemd and the whole system. |
633 | + |
634 | +https://bugzilla.redhat.com/show_bug.cgi?id=1970887 |
635 | + |
636 | +The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we |
637 | +can't easily check the length after simplification before doing the |
638 | +simplification, which in turns uses a copy of the string we can write to. |
639 | +So we can't reject paths that are too long before doing the duplication. |
640 | +Hence the most obvious solution is to switch back to strdup(), as before |
641 | +7410616cd9dbbec97cf98d75324da5cda2b2f7a2. |
642 | +--- |
643 | + src/basic/unit-name.c | 13 +++++-------- |
644 | + 1 file changed, 5 insertions(+), 8 deletions(-) |
645 | + |
646 | +--- a/src/basic/unit-name.c |
647 | ++++ b/src/basic/unit-name.c |
648 | +@@ -369,12 +369,13 @@ int unit_name_unescape(const char *f, ch |
649 | + } |
650 | + |
651 | + int unit_name_path_escape(const char *f, char **ret) { |
652 | +- char *p, *s; |
653 | ++ _cleanup_free_ char *p = NULL; |
654 | ++ char *s; |
655 | + |
656 | + assert(f); |
657 | + assert(ret); |
658 | + |
659 | +- p = strdupa(f); |
660 | ++ p = strdup(f); |
661 | + if (!p) |
662 | + return -ENOMEM; |
663 | + |
664 | +@@ -386,13 +387,9 @@ int unit_name_path_escape(const char *f, |
665 | + if (!path_is_normalized(p)) |
666 | + return -EINVAL; |
667 | + |
668 | +- /* Truncate trailing slashes */ |
669 | ++ /* Truncate trailing slashes and skip leading slashes */ |
670 | + delete_trailing_chars(p, "/"); |
671 | +- |
672 | +- /* Truncate leading slashes */ |
673 | +- p = skip_leading_chars(p, "/"); |
674 | +- |
675 | +- s = unit_name_escape(p); |
676 | ++ s = unit_name_escape(skip_leading_chars(p, "/")); |
677 | + } |
678 | + if (!s) |
679 | + return -ENOMEM; |
680 | diff --git a/debian/patches/CVE-2021-3997-1.patch b/debian/patches/CVE-2021-3997-1.patch |
681 | new file mode 100644 |
682 | index 0000000..cafd86a |
683 | --- /dev/null |
684 | +++ b/debian/patches/CVE-2021-3997-1.patch |
685 | @@ -0,0 +1,62 @@ |
686 | +Backport of the following upstream commit: |
687 | +From fbb77e1e55866633c9f064e2b3bcf2b6402d962d Mon Sep 17 00:00:00 2001 |
688 | +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
689 | +Date: Tue, 23 Nov 2021 15:55:45 +0100 |
690 | +Subject: [PATCH 1/3] shared/rm_rf: refactor rm_rf_children_inner() to shorten |
691 | + code a bit |
692 | + |
693 | +--- |
694 | + src/basic/rm-rf.c | 27 +++++++++------------------ |
695 | + 1 file changed, 9 insertions(+), 18 deletions(-) |
696 | + |
697 | +--- a/src/basic/rm-rf.c |
698 | ++++ b/src/basic/rm-rf.c |
699 | +@@ -34,7 +34,7 @@ |
700 | + const struct stat *root_dev) { |
701 | + |
702 | + struct stat st; |
703 | +- int r; |
704 | ++ int r, q = 0; |
705 | + |
706 | + assert(fd >= 0); |
707 | + assert(fname); |
708 | +@@ -50,7 +50,6 @@ |
709 | + |
710 | + if (is_dir) { |
711 | + _cleanup_close_ int subdir_fd = -1; |
712 | +- int q; |
713 | + |
714 | + /* if root_dev is set, remove subdirectories only if device is same */ |
715 | + if (root_dev && st.st_dev != root_dev->st_dev) |
716 | +@@ -86,23 +85,15 @@ |
717 | + * again for each directory */ |
718 | + q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); |
719 | + |
720 | +- r = unlinkat(fd, fname, AT_REMOVEDIR); |
721 | +- if (r < 0) |
722 | +- return r; |
723 | +- if (q < 0) |
724 | +- return q; |
725 | +- |
726 | +- return 1; |
727 | +- |
728 | +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { |
729 | +- r = unlinkat(fd, fname, 0); |
730 | +- if (r < 0) |
731 | +- return r; |
732 | +- |
733 | +- return 1; |
734 | +- } |
735 | ++ } else if (flags & REMOVE_ONLY_DIRECTORIES) |
736 | ++ return 0; |
737 | + |
738 | +- return 0; |
739 | ++ r = unlinkat(fd, fname, is_dir ? AT_REMOVEDIR : 0); |
740 | ++ if (r < 0) |
741 | ++ return r; |
742 | ++ if (q < 0) |
743 | ++ return q; |
744 | ++ return 1; |
745 | + } |
746 | + |
747 | + int rm_rf_children( |
748 | diff --git a/debian/patches/CVE-2021-3997-2.patch b/debian/patches/CVE-2021-3997-2.patch |
749 | new file mode 100644 |
750 | index 0000000..dc81539 |
751 | --- /dev/null |
752 | +++ b/debian/patches/CVE-2021-3997-2.patch |
753 | @@ -0,0 +1,98 @@ |
754 | +Backport of the following upstream commit: |
755 | +From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001 |
756 | +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
757 | +Date: Tue, 23 Nov 2021 16:56:42 +0100 |
758 | +Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit |
759 | + |
760 | +--- |
761 | + src/basic/rm-rf.c | 53 ++++++++++++++++++++-------------------------- |
762 | + 1 file changed, 23 insertions(+), 30 deletions(-) |
763 | + |
764 | +--- a/src/basic/rm-rf.c |
765 | ++++ b/src/basic/rm-rf.c |
766 | +@@ -159,7 +159,7 @@ |
767 | + } |
768 | + |
769 | + int rm_rf(const char *path, RemoveFlags flags) { |
770 | +- int fd, r; |
771 | ++ int fd, r, q = 0; |
772 | + |
773 | + assert(path); |
774 | + |
775 | +@@ -191,49 +191,47 @@ |
776 | + } |
777 | + |
778 | + fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); |
779 | +- if (fd < 0) { |
780 | ++ if (fd >= 0) { |
781 | ++ /* We have a dir */ |
782 | ++ r = rm_rf_children(fd, flags, NULL); |
783 | ++ |
784 | ++ if (FLAGS_SET(flags, REMOVE_ROOT)) { |
785 | ++ q = rmdir(path); |
786 | ++ if (q < 0) |
787 | ++ q = -errno; |
788 | ++ } |
789 | ++ } else { |
790 | + if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) |
791 | + return 0; |
792 | + |
793 | + if (!IN_SET(errno, ENOTDIR, ELOOP)) |
794 | + return -errno; |
795 | + |
796 | +- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) |
797 | ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) |
798 | + return 0; |
799 | + |
800 | +- if (FLAGS_SET(flags, REMOVE_ROOT)) { |
801 | +- |
802 | +- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { |
803 | +- struct statfs s; |
804 | +- |
805 | +- if (statfs(path, &s) < 0) |
806 | +- return -errno; |
807 | +- if (is_physical_fs(&s)) |
808 | +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), |
809 | +- "Attempted to remove files from a disk file system under \"%s\", refusing.", |
810 | +- path); |
811 | +- } |
812 | +- |
813 | +- if (unlink(path) < 0) { |
814 | +- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) |
815 | +- return 0; |
816 | ++ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { |
817 | ++ struct statfs s; |
818 | + |
819 | ++ if (statfs(path, &s) < 0) |
820 | + return -errno; |
821 | +- } |
822 | ++ if (is_physical_fs(&s)) |
823 | ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), |
824 | ++ "Attempted to remove files from a disk file system under \"%s\", refusing.", |
825 | ++ path); |
826 | + } |
827 | + |
828 | +- return 0; |
829 | ++ r = 0; |
830 | ++ q = unlink(path); |
831 | ++ if (q < 0) |
832 | ++ q = -errno; |
833 | + } |
834 | + |
835 | +- r = rm_rf_children(fd, flags, NULL); |
836 | +- |
837 | +- if (FLAGS_SET(flags, REMOVE_ROOT) && |
838 | +- rmdir(path) < 0 && |
839 | +- r >= 0 && |
840 | +- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) |
841 | +- r = -errno; |
842 | +- |
843 | +- return r; |
844 | ++ if (r < 0) |
845 | ++ return r; |
846 | ++ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) |
847 | ++ return q; |
848 | ++ return 0; |
849 | + } |
850 | + |
851 | + int rm_rf_child(int fd, const char *name, RemoveFlags flags) { |
852 | diff --git a/debian/patches/CVE-2021-3997-3.patch b/debian/patches/CVE-2021-3997-3.patch |
853 | new file mode 100644 |
854 | index 0000000..c4e1efd |
855 | --- /dev/null |
856 | +++ b/debian/patches/CVE-2021-3997-3.patch |
857 | @@ -0,0 +1,262 @@ |
858 | +Backport of the following upstream commit: |
859 | +From bef8e8e577368697b2e6f85183b1dbc99e0e520f Mon Sep 17 00:00:00 2001 |
860 | +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
861 | +Date: Tue, 30 Nov 2021 22:29:05 +0100 |
862 | +Subject: [PATCH 3/3] shared/rm-rf: loop over nested directories instead of |
863 | + instead of recursing |
864 | + |
865 | +To remove directory structures, we need to remove the innermost items first, |
866 | +and then recursively remove higher-level directories. We would recursively |
867 | +descend into directories and invoke rm_rf_children and rm_rm_children_inner. |
868 | +This is problematic when too many directories are nested. |
869 | + |
870 | +Instead, let's create a "TODO" queue. In the the queue, for each level we |
871 | +hold the DIR* object we were working on, and the name of the directory. This |
872 | +allows us to leave a partially-processed directory, and restart the removal |
873 | +loop one level down. When done with the inner directory, we use the name to |
874 | +unlinkat() it from the parent, and proceed with the removal of other items. |
875 | + |
876 | +Because the nesting is increased by one level, it is best to view this patch |
877 | +with -b/--ignore-space-change. |
878 | + |
879 | +This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. |
880 | +The issue was reported and patches reviewed by Qualys Team. |
881 | +Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. |
882 | +--- |
883 | + src/basic/rm-rf.c | 161 +++++++++++++++++++++++++++++++-------------- |
884 | + 1 file changed, 113 insertions(+), 48 deletions(-) |
885 | + |
886 | +--- a/src/basic/rm-rf.c |
887 | ++++ b/src/basic/rm-rf.c |
888 | +@@ -26,12 +26,13 @@ |
889 | + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); |
890 | + } |
891 | + |
892 | +-static int rm_rf_children_inner( |
893 | ++static int rm_rf_inner_child( |
894 | + int fd, |
895 | + const char *fname, |
896 | + int is_dir, |
897 | + RemoveFlags flags, |
898 | +- const struct stat *root_dev) { |
899 | ++ const struct stat *root_dev, |
900 | ++ bool allow_recursion) { |
901 | + |
902 | + struct stat st; |
903 | + int r, q = 0; |
904 | +@@ -49,9 +50,7 @@ |
905 | + } |
906 | + |
907 | + if (is_dir) { |
908 | +- _cleanup_close_ int subdir_fd = -1; |
909 | +- |
910 | +- /* if root_dev is set, remove subdirectories only if device is same */ |
911 | ++ /* If root_dev is set, remove subdirectories only if device is same */ |
912 | + if (root_dev && st.st_dev != root_dev->st_dev) |
913 | + return 0; |
914 | + |
915 | +@@ -63,7 +62,6 @@ |
916 | + return 0; |
917 | + |
918 | + if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { |
919 | +- |
920 | + /* This could be a subvolume, try to remove it */ |
921 | + |
922 | + r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); |
923 | +@@ -77,13 +75,16 @@ |
924 | + return 1; |
925 | + } |
926 | + |
927 | +- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); |
928 | ++ if (!allow_recursion) |
929 | ++ return -EISDIR; |
930 | ++ |
931 | ++ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); |
932 | + if (subdir_fd < 0) |
933 | + return -errno; |
934 | + |
935 | + /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type |
936 | + * again for each directory */ |
937 | +- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); |
938 | ++ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); |
939 | + |
940 | + } else if (flags & REMOVE_ONLY_DIRECTORIES) |
941 | + return 0; |
942 | +@@ -96,64 +97,128 @@ |
943 | + return 1; |
944 | + } |
945 | + |
946 | ++typedef struct TodoEntry { |
947 | ++ DIR *dir; /* A directory that we were operating on. */ |
948 | ++ char *dirname; /* The filename of that directory itself. */ |
949 | ++} TodoEntry; |
950 | ++ |
951 | ++static void free_todo_entries(TodoEntry **todos) { |
952 | ++ for (TodoEntry *x = *todos; x && x->dir; x++) { |
953 | ++ closedir(x->dir); |
954 | ++ free(x->dirname); |
955 | ++ } |
956 | ++ |
957 | ++ freep(todos); |
958 | ++} |
959 | ++ |
960 | + int rm_rf_children( |
961 | + int fd, |
962 | + RemoveFlags flags, |
963 | + const struct stat *root_dev) { |
964 | + |
965 | +- _cleanup_closedir_ DIR *d = NULL; |
966 | +- struct dirent *de; |
967 | ++ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; |
968 | ++ size_t n_todo = 0, allocated = 0; |
969 | ++ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ |
970 | + int ret = 0, r; |
971 | + |
972 | +- assert(fd >= 0); |
973 | ++ /* Return the first error we run into, but nevertheless try to go on. |
974 | ++ * The passed fd is closed in all cases, including on failure. */ |
975 | + |
976 | +- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed |
977 | +- * fd, in all cases, including on failure. */ |
978 | ++ for (;;) { /* This loop corresponds to the directory nesting level. */ |
979 | ++ _cleanup_closedir_ DIR *d = NULL; |
980 | ++ struct dirent *de; |
981 | ++ |
982 | ++ if (n_todo > 0) { |
983 | ++ /* We know that we are in recursion here, because n_todo is set. |
984 | ++ * We need to remove the inner directory we were operating on. */ |
985 | ++ assert(dirname); |
986 | ++ r = unlinkat(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR); |
987 | ++ if (r < 0 && r != -ENOENT && ret == 0) |
988 | ++ ret = r; |
989 | ++ dirname = mfree(dirname); |
990 | ++ |
991 | ++ /* And now let's back out one level up */ |
992 | ++ n_todo --; |
993 | ++ d = TAKE_PTR(todos[n_todo].dir); |
994 | ++ dirname = TAKE_PTR(todos[n_todo].dirname); |
995 | ++ |
996 | ++ assert(d); |
997 | ++ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ |
998 | ++ assert(fd >= 0); |
999 | ++ } else { |
1000 | ++ next_fd: |
1001 | ++ assert(fd >= 0); |
1002 | ++ d = fdopendir(fd); |
1003 | ++ if (!d) { |
1004 | ++ safe_close(fd); |
1005 | ++ return -errno; |
1006 | ++ } |
1007 | ++ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have |
1008 | ++ * the right descriptor even if it were to internally invalidate the |
1009 | ++ * one we passed. */ |
1010 | ++ |
1011 | ++ if (!(flags & REMOVE_PHYSICAL)) { |
1012 | ++ struct statfs sfs; |
1013 | ++ |
1014 | ++ if (fstatfs(fd, &sfs) < 0) |
1015 | ++ return -errno; |
1016 | ++ |
1017 | ++ if (is_physical_fs(&sfs)) { |
1018 | ++ /* We refuse to clean physical file systems with this call, unless |
1019 | ++ * explicitly requested. This is extra paranoia just to be sure we |
1020 | ++ * never ever remove non-state data. */ |
1021 | ++ |
1022 | ++ _cleanup_free_ char *path = NULL; |
1023 | ++ |
1024 | ++ (void) fd_get_path(fd, &path); |
1025 | ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), |
1026 | ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", |
1027 | ++ strna(path)); |
1028 | ++ } |
1029 | ++ } |
1030 | ++ } |
1031 | + |
1032 | +- d = fdopendir(fd); |
1033 | +- if (!d) { |
1034 | +- safe_close(fd); |
1035 | +- return -errno; |
1036 | +- } |
1037 | ++ FOREACH_DIRENT_ALL(de, d, return -errno) { |
1038 | ++ int is_dir; |
1039 | + |
1040 | +- if (!(flags & REMOVE_PHYSICAL)) { |
1041 | +- struct statfs sfs; |
1042 | ++ if (dot_or_dot_dot(de->d_name)) |
1043 | ++ continue; |
1044 | + |
1045 | +- if (fstatfs(dirfd(d), &sfs) < 0) |
1046 | +- return -errno; |
1047 | +- } |
1048 | ++ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; |
1049 | + |
1050 | +- if (is_physical_fs(&sfs)) { |
1051 | +- /* We refuse to clean physical file systems with this call, unless explicitly |
1052 | +- * requested. This is extra paranoia just to be sure we never ever remove non-state |
1053 | +- * data. */ |
1054 | +- |
1055 | +- _cleanup_free_ char *path = NULL; |
1056 | +- |
1057 | +- (void) fd_get_path(fd, &path); |
1058 | +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), |
1059 | +- "Attempted to remove disk file system under \"%s\", and we can't allow that.", |
1060 | +- strna(path)); |
1061 | +- } |
1062 | +- } |
1063 | ++ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); |
1064 | ++ if (r == -EISDIR) { |
1065 | ++ /* Push the current working state onto the todo list */ |
1066 | + |
1067 | +- FOREACH_DIRENT_ALL(de, d, return -errno) { |
1068 | +- int is_dir; |
1069 | ++ if (!GREEDY_REALLOC0(todos, allocated, n_todo + 2)) |
1070 | ++ return log_oom(); |
1071 | + |
1072 | +- if (dot_or_dot_dot(de->d_name)) |
1073 | +- continue; |
1074 | ++ _cleanup_free_ char *newdirname = strdup(de->d_name); |
1075 | ++ if (!newdirname) |
1076 | ++ return log_oom(); |
1077 | + |
1078 | +- is_dir = |
1079 | +- de->d_type == DT_UNKNOWN ? -1 : |
1080 | +- de->d_type == DT_DIR; |
1081 | +- |
1082 | +- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); |
1083 | +- if (r < 0 && r != -ENOENT && ret == 0) |
1084 | +- ret = r; |
1085 | +- } |
1086 | ++ int newfd = openat(fd, de->d_name, |
1087 | ++ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); |
1088 | ++ if (newfd >= 0) { |
1089 | ++ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; |
1090 | ++ fd = newfd; |
1091 | ++ dirname = TAKE_PTR(newdirname); |
1092 | ++ |
1093 | ++ goto next_fd; |
1094 | + |
1095 | +- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) |
1096 | +- ret = -errno; |
1097 | ++ } else if (errno != -ENOENT && ret == 0) |
1098 | ++ ret = -errno; |
1099 | ++ |
1100 | ++ } else if (r < 0 && r != -ENOENT && ret == 0) |
1101 | ++ ret = r; |
1102 | ++ } |
1103 | ++ |
1104 | ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) |
1105 | ++ ret = -errno; |
1106 | ++ |
1107 | ++ if (n_todo == 0) |
1108 | ++ break; |
1109 | ++ } |
1110 | + |
1111 | + return ret; |
1112 | + } |
1113 | +@@ -250,5 +315,5 @@ |
1114 | + if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) |
1115 | + return -EINVAL; |
1116 | + |
1117 | +- return rm_rf_children_inner(fd, name, -1, flags, NULL); |
1118 | ++ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); |
1119 | + } |
1120 | diff --git a/debian/patches/debian/UBUNTU-Fix-timezone-setting-on-read-only-etc.patch b/debian/patches/debian/UBUNTU-Fix-timezone-setting-on-read-only-etc.patch |
1121 | new file mode 100644 |
1122 | index 0000000..dccf2e0 |
1123 | --- /dev/null |
1124 | +++ b/debian/patches/debian/UBUNTU-Fix-timezone-setting-on-read-only-etc.patch |
1125 | @@ -0,0 +1,28 @@ |
1126 | +Description: Fix timezone setting on read-only etc |
1127 | + Due to our read-only /etc workaround, the localtime link on such |
1128 | + system ends up in /etc/writable, not /etc. To make the link target |
1129 | + correct in both normal and such systems, makes the path absolute. |
1130 | + . |
1131 | + On Ubuntu Core, this eliminates the need for the wrapper script, and |
1132 | + makes the DBus interface work properly. |
1133 | +Author: Ratchanan Srirattanamet <ratchanan@ubports.com> |
1134 | +Origin: other |
1135 | +Bug-Ubuntu: https://bugs.launchpad.net/snappy/+bug/1650688 |
1136 | +Forwarded: not-needed (part of read-only /etc workaround) |
1137 | +Last-Update: 2021-09-24 |
1138 | +--- |
1139 | +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ |
1140 | +--- a/src/timedate/timedated.c |
1141 | ++++ b/src/timedate/timedated.c |
1142 | +@@ -320,9 +320,9 @@ |
1143 | + return r; |
1144 | + } |
1145 | + |
1146 | +- source = "../usr/share/zoneinfo/UTC"; |
1147 | ++ source = "/usr/share/zoneinfo/UTC"; |
1148 | + } else { |
1149 | +- p = path_join("../usr/share/zoneinfo", c->zone); |
1150 | ++ p = path_join("/usr/share/zoneinfo", c->zone); |
1151 | + if (!p) |
1152 | + return -ENOMEM; |
1153 | + |
1154 | diff --git a/debian/patches/debian/timedatectl-lp1650688.patch b/debian/patches/debian/timedatectl-lp1650688.patch |
1155 | new file mode 100644 |
1156 | index 0000000..35bc48c |
1157 | --- /dev/null |
1158 | +++ b/debian/patches/debian/timedatectl-lp1650688.patch |
1159 | @@ -0,0 +1,53 @@ |
1160 | +Description: Fix retrieving timezone on read-only /etc |
1161 | + get_timezone() retrieve it by reading the link destination of |
1162 | + /etc/localtime, which on systems with read-only /etc will always point |
1163 | + to /etc/writable. Makes this function aware of the /etc/writable |
1164 | + redirection and handle it. |
1165 | + . |
1166 | + [ratchanan@ubports.com: add descrtiption and other metadata.] |
1167 | +Author: Michael Vogt <michael.vogt@ubuntu.com> |
1168 | +Origin: vendor, https://bugs.launchpad.net/snappy/+bug/1650688/comments/46 |
1169 | +Bug-Ubuntu: https://bugs.launchpad.net/snappy/+bug/1650688 |
1170 | +Forwarded: not-needed (part of read-only /etc workaround) |
1171 | +Last-Update: 2021-09-24 |
1172 | +--- |
1173 | +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ |
1174 | +diff --git a/src/basic/time-util.c b/src/basic/time-util.c |
1175 | +index d7028ac..b9bb4da 100644 |
1176 | +--- a/src/basic/time-util.c |
1177 | ++++ b/src/basic/time-util.c |
1178 | +@@ -1391,6 +1391,25 @@ bool clock_supported(clockid_t clock) { |
1179 | + } |
1180 | + } |
1181 | + |
1182 | ++/* Hack for Ubuntu phone: check if path is an existing symlink to |
1183 | ++ * /etc/writable; if it is, update that instead */ |
1184 | ++static const char* writable_filename(const char *path) { |
1185 | ++ ssize_t r; |
1186 | ++ static char realfile_buf[PATH_MAX]; |
1187 | ++ _cleanup_free_ char *realfile = NULL; |
1188 | ++ const char *result = path; |
1189 | ++ int orig_errno = errno; |
1190 | ++ |
1191 | ++ r = readlink_and_make_absolute(path, &realfile); |
1192 | ++ if (r >= 0 && startswith(realfile, "/etc/writable")) { |
1193 | ++ snprintf(realfile_buf, sizeof(realfile_buf), "%s", realfile); |
1194 | ++ result = realfile_buf; |
1195 | ++ } |
1196 | ++ |
1197 | ++ errno = orig_errno; |
1198 | ++ return result; |
1199 | ++} |
1200 | ++ |
1201 | + int get_timezone(char **ret) { |
1202 | + _cleanup_free_ char *t = NULL; |
1203 | + const char *e; |
1204 | +@@ -1398,7 +1417,7 @@ int get_timezone(char **ret) { |
1205 | + int r; |
1206 | + bool use_utc_fallback = false; |
1207 | + |
1208 | +- r = readlink_malloc("/etc/localtime", &t); |
1209 | ++ r = readlink_malloc(writable_filename("/etc/localtime"), &t); |
1210 | + if (r < 0) { |
1211 | + if (r == -ENOENT) |
1212 | + use_utc_fallback = true; |
1213 | diff --git a/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch b/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch |
1214 | new file mode 100644 |
1215 | index 0000000..d303383 |
1216 | --- /dev/null |
1217 | +++ b/debian/patches/hwdb-Add-mic-mute-key-mapping-for-HP-Elite-x360.patch |
1218 | @@ -0,0 +1,26 @@ |
1219 | +From f09f6dc2c8f59b2b58159cc413b605a547c8646e Mon Sep 17 00:00:00 2001 |
1220 | +From: Andy Chi <andy.chi@canonical.com> |
1221 | +Date: Tue, 29 Mar 2022 15:36:13 +0800 |
1222 | +Subject: [PATCH] hwdb: Add mic mute key mapping for HP Elite x360 |
1223 | + |
1224 | +On the new Elite x360 2 in 1 HP laptops, the microphone mute hotkey is "Fn+F8" and |
1225 | +the scancode for this hotkey is 0x81, but this scancode was mapped to |
1226 | +fn_esc in the HP generic keymap section. To fix this problem, we add |
1227 | +a machine specific keymap section to add the correct keymap rule. |
1228 | +--- |
1229 | + hwdb.d/60-keyboard.hwdb | 2 ++ |
1230 | + 1 file changed, 2 insertions(+) |
1231 | + |
1232 | +Index: systemd-ubuntu-core/hwdb.d/60-keyboard.hwdb |
1233 | +=================================================================== |
1234 | +--- systemd-ubuntu-core.orig/hwdb.d/60-keyboard.hwdb |
1235 | ++++ systemd-ubuntu-core/hwdb.d/60-keyboard.hwdb |
1236 | +@@ -600,6 +600,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett |
1237 | + # HP EliteBook |
1238 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBook*:pvr* |
1239 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:pvr* |
1240 | ++# HP Elite x360 |
1241 | ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPElite*x360*:* |
1242 | + # HP Elite Dragonfly |
1243 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteDragonfly*:pvr* |
1244 | + # HP ProBook 440 G2 |
1245 | diff --git a/debian/patches/hwdb-Mask-rfkill-event-from-intel-hid-on-HP-platforms.patch b/debian/patches/hwdb-Mask-rfkill-event-from-intel-hid-on-HP-platforms.patch |
1246 | new file mode 100644 |
1247 | index 0000000..832ad22 |
1248 | --- /dev/null |
1249 | +++ b/debian/patches/hwdb-Mask-rfkill-event-from-intel-hid-on-HP-platforms.patch |
1250 | @@ -0,0 +1,27 @@ |
1251 | +From: Kai-Heng Feng <kai.heng.feng@canonical.com> |
1252 | +Date: Thu, 11 Jun 2020 21:32:12 +0800 |
1253 | +Subject: hwdb: Mask rfkill event from intel-hid on HP platforms |
1254 | + |
1255 | +HP spec mandates the hp-wireless driver as canonical source of rfkill |
1256 | +event, so mask the rfkill event from intel-hid to avoid double rfkill |
1257 | +events fired from a single hotkey press. |
1258 | + |
1259 | +(cherry picked from commit d8a9dd0dc17df77229d079afe29c05ae4a9e2ae9) |
1260 | +--- |
1261 | + hwdb.d/60-keyboard.hwdb | 3 +++ |
1262 | + 1 file changed, 3 insertions(+) |
1263 | + |
1264 | +diff --git a/hwdb.d/60-keyboard.hwdb b/hwdb.d/60-keyboard.hwdb |
1265 | +index fae0ecc..3d9a5d7 100644 |
1266 | +--- a/hwdb.d/60-keyboard.hwdb |
1267 | ++++ b/hwdb.d/60-keyboard.hwdb |
1268 | +@@ -481,6 +481,9 @@ evdev:input:b0003v0458p0708* |
1269 | + # Hewlett Packard |
1270 | + ########################################################### |
1271 | + |
1272 | ++evdev:name:Intel HID events:dmi:bvn*:bvr*:bd*:svnHP*:pn*:pvr* |
1273 | ++ KEYBOARD_KEY_8=unknown # Use hp-wireless instead |
1274 | ++ |
1275 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pn*:pvr* |
1276 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pn*:pvr* |
1277 | + KEYBOARD_KEY_81=fn_esc |
1278 | diff --git a/debian/patches/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch b/debian/patches/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch |
1279 | new file mode 100644 |
1280 | index 0000000..0a8affa |
1281 | --- /dev/null |
1282 | +++ b/debian/patches/lp1664844/0001-network-add-ActivationPolicy-configuration-parameter.patch |
1283 | @@ -0,0 +1,344 @@ |
1284 | +From 61135582e0b2e847e49c96af05e4d101323ce00c Mon Sep 17 00:00:00 2001 |
1285 | +From: Dan Streetman <ddstreet@canonical.com> |
1286 | +Date: Thu, 18 Jun 2020 16:09:40 -0400 |
1287 | +Subject: [PATCH 1/3] network: add ActivationPolicy= configuration parameter |
1288 | +Origin: upstream, https://github.com/systemd/systemd/pull/16228 |
1289 | +Bug-Ubuntu: https://bugs.launchpad.net/netplan/+bug/1664844 |
1290 | + |
1291 | +This parameter allows configuring the activation policy for an interface, |
1292 | +meaning how it manages the interface's administrative state (IFF_UP flag). |
1293 | +The policy can be configured to bring the interface either up or down when |
1294 | +the interface is (re)configured, to always force the interface either up or |
1295 | +down, or to never change the interface administrative state. |
1296 | + |
1297 | +If the interface is bound with BindCarrier=, its administrative state is |
1298 | +controlled by the interface(s) it's bound to, and this parameter is forced |
1299 | +to 'bound'. |
1300 | + |
1301 | +This changes the default behavior of how systemd-networkd sets the IFF_UP |
1302 | +flag; previously, it was set up (if not already up) every time the |
1303 | +link_joined() function was called. Now, with the default ActivationPolicy= |
1304 | +setting of 'up', it will only set the IFF_UP flag once, the first time |
1305 | +link_joined() is called, during an interface's configuration; and on |
1306 | +the first link_joined() call each time the interface is reconfigured. |
1307 | + |
1308 | +Fixes: #3031 |
1309 | +Fixes: #17437 |
1310 | +--- |
1311 | + man/systemd.network.xml | 39 ++++++++++++- |
1312 | + src/network/networkd-link.c | 58 ++++++++++++++++++- |
1313 | + src/network/networkd-link.h | 1 + |
1314 | + src/network/networkd-network-gperf.gperf | 1 + |
1315 | + src/network/networkd-network.c | 40 ++++++++++++- |
1316 | + src/network/networkd-network.h | 16 +++++ |
1317 | + .../fuzz-network-parser/directives.network | 1 + |
1318 | + 7 files changed, 148 insertions(+), 8 deletions(-) |
1319 | + |
1320 | +--- a/man/systemd.network.xml |
1321 | ++++ b/man/systemd.network.xml |
1322 | +@@ -225,6 +225,36 @@ |
1323 | + if <literal>RequiredForOnline=no</literal>.</para> |
1324 | + </listitem> |
1325 | + </varlistentry> |
1326 | ++ <varlistentry> |
1327 | ++ <term><varname>ActivationPolicy=</varname></term> |
1328 | ++ <listitem> |
1329 | ++ <para>Specifies the policy for <command>systemd-networkd</command> managing the link |
1330 | ++ administrative state. Specifically, this controls how <command>systemd-networkd</command> |
1331 | ++ changes the network device's <literal>IFF_UP</literal> flag, which is sometimes |
1332 | ++ controlled by system administrators by running e.g., <command>ip set dev eth0 up</command> |
1333 | ++ or <command>ip set dev eth0 down</command>, and can also be changed with |
1334 | ++ <command>networkctl up eth0</command> or <command>networkctl down eth0</command>.</para> |
1335 | ++ |
1336 | ++ <para>Takes one of <literal>up</literal>, <literal>always-up</literal>, |
1337 | ++ <literal>manual</literal>, <literal>always-down</literal>, <literal>down</literal>, |
1338 | ++ or <literal>bound</literal>. When <literal>manual</literal>, <command>systemd-networkd</command> |
1339 | ++ will not change the link's admin state automatically; the system administrator must bring the |
1340 | ++ interface up or down manually, as desired. When <literal>up</literal> (the default) or |
1341 | ++ <literal>always-up</literal>, or <literal>down</literal> or <literal>always-down</literal>, |
1342 | ++ <command>systemd-networkd</command> will set the link up or down, respectively, |
1343 | ++ when the interface is (re)configured. When <literal>always-up</literal> or |
1344 | ++ <literal>always-down</literal>, <command>systemd-networkd</command> will set the link up |
1345 | ++ or down, respectively, any time <command>systemd-networkd</command> detects a change in |
1346 | ++ the administrative state. When <varname>BindCarrier=</varname> is also set, this is |
1347 | ++ automatically set to <literal>bound</literal> and any other value is ignored.</para> |
1348 | ++ |
1349 | ++ <para>The administrative state is not the same as the carrier state, so using |
1350 | ++ <literal>always-up</literal> does not mean the link will never lose carrier. The link |
1351 | ++ carrier depends on both the administrative state as well as the network device's physical |
1352 | ++ connection. However, to avoid reconfiguration failures, when using <literal>always-up</literal>, |
1353 | ++ <varname>IgnoreCarrierLoss=</varname> is forced to true.</para> |
1354 | ++ </listitem> |
1355 | ++ </varlistentry> |
1356 | + </variablelist> |
1357 | + </refsect1> |
1358 | + |
1359 | +@@ -464,8 +494,9 @@ |
1360 | + <listitem> |
1361 | + <para>A link name or a list of link names. When set, controls the behavior of the current |
1362 | + link. When all links in the list are in an operational down state, the current link is brought |
1363 | +- down. When at least one link has carrier, the current interface is brought up. |
1364 | +- </para> |
1365 | ++ down. When at least one link has carrier, the current interface is brought up.</para> |
1366 | ++ |
1367 | ++ <para>This forces <varname>ActivationPolicy=</varname> to be set to <literal>bound</literal>.</para> |
1368 | + </listitem> |
1369 | + </varlistentry> |
1370 | + <varlistentry> |
1371 | +@@ -819,6 +850,10 @@ |
1372 | + of the interface even if its carrier is lost. When unset, the value specified with |
1373 | + <option>ConfigureWithoutCarrier=</option> is used. |
1374 | + </para> |
1375 | ++ |
1376 | ++ <para>When <varname>ActivationPolicy=</varname> is set to <literal>always-up</literal>, this |
1377 | ++ is forced to <literal>true</literal>. |
1378 | ++ </para> |
1379 | + </listitem> |
1380 | + </varlistentry> |
1381 | + <varlistentry> |
1382 | +--- a/src/network/networkd-link.c |
1383 | ++++ b/src/network/networkd-link.c |
1384 | +@@ -2100,17 +2100,38 @@ |
1385 | + assert(link); |
1386 | + assert(link->network); |
1387 | + |
1388 | +- if (!hashmap_isempty(link->bound_to_links)) { |
1389 | ++ switch (link->network->activation_policy) { |
1390 | ++ case ACTIVATION_POLICY_BOUND: |
1391 | + r = link_handle_bound_to_list(link); |
1392 | + if (r < 0) |
1393 | + return r; |
1394 | +- } else if (!(link->flags & IFF_UP)) { |
1395 | ++ break; |
1396 | ++ case ACTIVATION_POLICY_UP: |
1397 | ++ if (link->activated) |
1398 | ++ break; |
1399 | ++ _fallthrough_; |
1400 | ++ case ACTIVATION_POLICY_ALWAYS_UP: |
1401 | + r = link_up(link); |
1402 | + if (r < 0) { |
1403 | + link_enter_failed(link); |
1404 | + return r; |
1405 | + } |
1406 | ++ break; |
1407 | ++ case ACTIVATION_POLICY_DOWN: |
1408 | ++ if (link->activated) |
1409 | ++ break; |
1410 | ++ _fallthrough_; |
1411 | ++ case ACTIVATION_POLICY_ALWAYS_DOWN: |
1412 | ++ r = link_down(link, NULL); |
1413 | ++ if (r < 0) { |
1414 | ++ link_enter_failed(link); |
1415 | ++ return r; |
1416 | ++ } |
1417 | ++ break; |
1418 | ++ default: |
1419 | ++ break; |
1420 | + } |
1421 | ++ link->activated = true; |
1422 | + |
1423 | + if (link->network->bridge) { |
1424 | + r = link_set_bridge(link); |
1425 | +@@ -3099,6 +3120,7 @@ |
1426 | + return r; |
1427 | + |
1428 | + link_set_state(link, LINK_STATE_PENDING); |
1429 | ++ link->activated = false; |
1430 | + link_dirty(link); |
1431 | + |
1432 | + /* link_configure_duid() returns 0 if it requests product UUID. In that case, |
1433 | +@@ -3680,6 +3702,16 @@ |
1434 | + static int link_admin_state_up(Link *link) { |
1435 | + int r; |
1436 | + |
1437 | ++ assert(link); |
1438 | ++ |
1439 | ++ if (!link->network) |
1440 | ++ return 0; |
1441 | ++ |
1442 | ++ if (link->network->activation_policy == ACTIVATION_POLICY_ALWAYS_DOWN) { |
1443 | ++ log_link_info(link, "ActivationPolicy is \"always-off\", forcing link down"); |
1444 | ++ return link_down(link, NULL); |
1445 | ++ } |
1446 | ++ |
1447 | + /* We set the ipv6 mtu after the device mtu, but the kernel resets |
1448 | + * ipv6 mtu on NETDEV_UP, so we need to reset it. The check for |
1449 | + * ipv6_mtu_set prevents this from trying to set it too early before |
1450 | +@@ -3694,6 +3726,21 @@ |
1451 | + return 0; |
1452 | + } |
1453 | + |
1454 | ++static int link_admin_state_down(Link *link) { |
1455 | ++ |
1456 | ++ assert(link); |
1457 | ++ |
1458 | ++ if (!link->network) |
1459 | ++ return 0; |
1460 | ++ |
1461 | ++ if (link->network->activation_policy == ACTIVATION_POLICY_ALWAYS_UP) { |
1462 | ++ log_link_info(link, "ActivationPolicy is \"always-on\", forcing link up"); |
1463 | ++ return link_up(link); |
1464 | ++ } |
1465 | ++ |
1466 | ++ return 0; |
1467 | ++} |
1468 | ++ |
1469 | + int link_update(Link *link, sd_netlink_message *m) { |
1470 | + _cleanup_strv_free_ char **s = NULL; |
1471 | + struct ether_addr mac; |
1472 | +@@ -3846,9 +3893,14 @@ |
1473 | + r = link_admin_state_up(link); |
1474 | + if (r < 0) |
1475 | + return r; |
1476 | +- } else if (link_was_admin_up && !(link->flags & IFF_UP)) |
1477 | ++ } else if (link_was_admin_up && !(link->flags & IFF_UP)) { |
1478 | + log_link_info(link, "Link DOWN"); |
1479 | + |
1480 | ++ r = link_admin_state_down(link); |
1481 | ++ if (r < 0) |
1482 | ++ return r; |
1483 | ++ } |
1484 | ++ |
1485 | + r = link_update_lldp(link); |
1486 | + if (r < 0) |
1487 | + return r; |
1488 | +--- a/src/network/networkd-link.h |
1489 | ++++ b/src/network/networkd-link.h |
1490 | +@@ -119,6 +119,7 @@ |
1491 | + bool setting_mtu:1; |
1492 | + bool setting_genmode:1; |
1493 | + bool ipv6_mtu_set:1; |
1494 | ++ bool activated:1; |
1495 | + |
1496 | + LIST_HEAD(Address, pool_addresses); |
1497 | + |
1498 | +--- a/src/network/networkd-network-gperf.gperf |
1499 | ++++ b/src/network/networkd-network-gperf.gperf |
1500 | +@@ -48,6 +48,7 @@ |
1501 | + Link.Multicast, config_parse_tristate, 0, offsetof(Network, multicast) |
1502 | + Link.AllMulticast, config_parse_tristate, 0, offsetof(Network, allmulticast) |
1503 | + Link.Unmanaged, config_parse_bool, 0, offsetof(Network, unmanaged) |
1504 | ++Link.ActivationPolicy, config_parse_activation_policy, 0, offsetof(Network, activation_policy) |
1505 | + Link.RequiredForOnline, config_parse_required_for_online, 0, 0 |
1506 | + Network.Description, config_parse_string, 0, offsetof(Network, description) |
1507 | + Network.Bridge, config_parse_ifname, 0, offsetof(Network, bridge_name) |
1508 | +--- a/src/network/networkd-network.c |
1509 | ++++ b/src/network/networkd-network.c |
1510 | +@@ -268,9 +268,6 @@ |
1511 | + if (network->dhcp_use_gateway < 0) |
1512 | + network->dhcp_use_gateway = network->dhcp_use_routes; |
1513 | + |
1514 | +- if (network->ignore_carrier_loss < 0) |
1515 | +- network->ignore_carrier_loss = network->configure_without_carrier; |
1516 | +- |
1517 | + if (network->dhcp_critical >= 0) { |
1518 | + if (network->keep_configuration >= 0) |
1519 | + log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. " |
1520 | +@@ -282,6 +279,30 @@ |
1521 | + network->keep_configuration = KEEP_CONFIGURATION_NO; |
1522 | + } |
1523 | + |
1524 | ++ if (!strv_isempty(network->bind_carrier)) { |
1525 | ++ if (!IN_SET(network->activation_policy, _ACTIVATION_POLICY_INVALID, ACTIVATION_POLICY_BOUND)) |
1526 | ++ log_warning("%s: ActivationPolicy=bound is required with BindCarrier=. " |
1527 | ++ "Setting ActivationPolicy=bound.", network->filename); |
1528 | ++ network->activation_policy = ACTIVATION_POLICY_BOUND; |
1529 | ++ } else if (network->activation_policy == ACTIVATION_POLICY_BOUND) { |
1530 | ++ log_warning("%s: ActivationPolicy=bound requires BindCarrier=. " |
1531 | ++ "Ignoring ActivationPolicy=bound.", network->filename); |
1532 | ++ network->activation_policy = ACTIVATION_POLICY_UP; |
1533 | ++ } |
1534 | ++ |
1535 | ++ if (network->activation_policy == _ACTIVATION_POLICY_INVALID) |
1536 | ++ network->activation_policy = ACTIVATION_POLICY_UP; |
1537 | ++ |
1538 | ++ if (network->activation_policy == ACTIVATION_POLICY_ALWAYS_UP) { |
1539 | ++ if (network->ignore_carrier_loss == false) |
1540 | ++ log_warning("%s: IgnoreCarrierLoss=false conflicts with ActivationPolicy=always-up. " |
1541 | ++ "Setting IgnoreCarrierLoss=true.", network->filename); |
1542 | ++ network->ignore_carrier_loss = true; |
1543 | ++ } |
1544 | ++ |
1545 | ++ if (network->ignore_carrier_loss < 0) |
1546 | ++ network->ignore_carrier_loss = network->configure_without_carrier; |
1547 | ++ |
1548 | + if (network->keep_configuration < 0) |
1549 | + network->keep_configuration = KEEP_CONFIGURATION_NO; |
1550 | + |
1551 | +@@ -451,6 +472,7 @@ |
1552 | + .ipv6_proxy_ndp = -1, |
1553 | + .duid.type = _DUID_TYPE_INVALID, |
1554 | + .proxy_arp = -1, |
1555 | ++ .activation_policy = _ACTIVATION_POLICY_INVALID, |
1556 | + .arp = -1, |
1557 | + .multicast = -1, |
1558 | + .allmulticast = -1, |
1559 | +@@ -1362,3 +1384,15 @@ |
1560 | + }; |
1561 | + |
1562 | + DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(keep_configuration, KeepConfiguration, KEEP_CONFIGURATION_YES); |
1563 | ++ |
1564 | ++static const char* const activation_policy_table[_ACTIVATION_POLICY_MAX] = { |
1565 | ++ [ACTIVATION_POLICY_UP] = "up", |
1566 | ++ [ACTIVATION_POLICY_ALWAYS_UP] = "always-up", |
1567 | ++ [ACTIVATION_POLICY_MANUAL] = "manual", |
1568 | ++ [ACTIVATION_POLICY_ALWAYS_DOWN] = "always-down", |
1569 | ++ [ACTIVATION_POLICY_DOWN] = "down", |
1570 | ++ [ACTIVATION_POLICY_BOUND] = "bound", |
1571 | ++}; |
1572 | ++ |
1573 | ++DEFINE_STRING_TABLE_LOOKUP(activation_policy, ActivationPolicy); |
1574 | ++DEFINE_CONFIG_PARSE_ENUM(config_parse_activation_policy, activation_policy, ActivationPolicy, "Failed to parse activation policy"); |
1575 | +--- a/src/network/networkd-network.h |
1576 | ++++ b/src/network/networkd-network.h |
1577 | +@@ -53,6 +53,17 @@ |
1578 | + _KEEP_CONFIGURATION_INVALID = -1, |
1579 | + } KeepConfiguration; |
1580 | + |
1581 | ++typedef enum ActivationPolicy { |
1582 | ++ ACTIVATION_POLICY_UP, |
1583 | ++ ACTIVATION_POLICY_ALWAYS_UP, |
1584 | ++ ACTIVATION_POLICY_MANUAL, |
1585 | ++ ACTIVATION_POLICY_ALWAYS_DOWN, |
1586 | ++ ACTIVATION_POLICY_DOWN, |
1587 | ++ ACTIVATION_POLICY_BOUND, |
1588 | ++ _ACTIVATION_POLICY_MAX, |
1589 | ++ _ACTIVATION_POLICY_INVALID = -1 |
1590 | ++} ActivationPolicy; |
1591 | ++ |
1592 | + typedef struct Manager Manager; |
1593 | + |
1594 | + struct Network { |
1595 | +@@ -240,6 +251,7 @@ |
1596 | + |
1597 | + bool required_for_online; /* Is this network required to be considered online? */ |
1598 | + LinkOperationalStateRange required_operstate_for_online; |
1599 | ++ ActivationPolicy activation_policy; |
1600 | + |
1601 | + LLDPMode lldp_mode; /* LLDP reception */ |
1602 | + LLDPEmit lldp_emit; /* LLDP transmission */ |
1603 | +@@ -325,6 +337,7 @@ |
1604 | + CONFIG_PARSER_PROTOTYPE(config_parse_ntp); |
1605 | + CONFIG_PARSER_PROTOTYPE(config_parse_required_for_online); |
1606 | + CONFIG_PARSER_PROTOTYPE(config_parse_keep_configuration); |
1607 | ++CONFIG_PARSER_PROTOTYPE(config_parse_activation_policy); |
1608 | + |
1609 | + const struct ConfigPerfItem* network_network_gperf_lookup(const char *key, GPERF_LEN_TYPE length); |
1610 | + |
1611 | +@@ -333,3 +346,6 @@ |
1612 | + |
1613 | + const char* keep_configuration_to_string(KeepConfiguration i) _const_; |
1614 | + KeepConfiguration keep_configuration_from_string(const char *s) _pure_; |
1615 | ++ |
1616 | ++const char* activation_policy_to_string(ActivationPolicy i) _const_; |
1617 | ++ActivationPolicy activation_policy_from_string(const char *s) _pure_; |
1618 | +--- a/test/fuzz/fuzz-network-parser/directives.network |
1619 | ++++ b/test/fuzz/fuzz-network-parser/directives.network |
1620 | +@@ -30,6 +30,7 @@ |
1621 | + MACAddress= |
1622 | + PermanentMACAddress= |
1623 | + [Link] |
1624 | ++ActivationPolicy= |
1625 | + RequiredForOnline= |
1626 | + ARP= |
1627 | + AllMulticast= |
1628 | diff --git a/debian/patches/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch b/debian/patches/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch |
1629 | new file mode 100644 |
1630 | index 0000000..b902690 |
1631 | --- /dev/null |
1632 | +++ b/debian/patches/lp1664844/0002-test-add-ActivationPolicy-unit-tests.patch |
1633 | @@ -0,0 +1,121 @@ |
1634 | +From 2236d75df955118ad5d84c5ab787484c0921dfda Mon Sep 17 00:00:00 2001 |
1635 | +From: Dan Streetman <ddstreet@canonical.com> |
1636 | +Date: Thu, 18 Jun 2020 18:31:18 -0400 |
1637 | +Subject: [PATCH 2/3] test: add ActivationPolicy= unit tests |
1638 | +Origin: upstream, https://github.com/systemd/systemd/pull/16228 |
1639 | +Bug-Ubuntu: https://bugs.launchpad.net/netplan/+bug/1664844 |
1640 | + |
1641 | +--- |
1642 | + .../conf/25-activation-policy.network | 6 +++ |
1643 | + .../always-down.conf | 2 + |
1644 | + .../always-up.conf | 2 + |
1645 | + .../25-activation-policy.network.d/down.conf | 2 + |
1646 | + .../manual.conf | 2 + |
1647 | + .../25-activation-policy.network.d/up.conf | 2 + |
1648 | + test/test-network/systemd-networkd-tests.py | 48 +++++++++++++++++++ |
1649 | + 7 files changed, 64 insertions(+) |
1650 | + create mode 100644 test/test-network/conf/25-activation-policy.network |
1651 | + create mode 100644 test/test-network/conf/25-activation-policy.network.d/always-down.conf |
1652 | + create mode 100644 test/test-network/conf/25-activation-policy.network.d/always-up.conf |
1653 | + create mode 100644 test/test-network/conf/25-activation-policy.network.d/down.conf |
1654 | + create mode 100644 test/test-network/conf/25-activation-policy.network.d/manual.conf |
1655 | + create mode 100644 test/test-network/conf/25-activation-policy.network.d/up.conf |
1656 | + |
1657 | +--- /dev/null |
1658 | ++++ b/test/test-network/conf/25-activation-policy.network |
1659 | +@@ -0,0 +1,6 @@ |
1660 | ++[Match] |
1661 | ++Name=test1 |
1662 | ++ |
1663 | ++[Network] |
1664 | ++Address=192.168.10.30/24 |
1665 | ++Gateway=192.168.10.1 |
1666 | +--- /dev/null |
1667 | ++++ b/test/test-network/conf/25-activation-policy.network.d/always-down.conf |
1668 | +@@ -0,0 +1,2 @@ |
1669 | ++[Link] |
1670 | ++ActivationPolicy=always-down |
1671 | +--- /dev/null |
1672 | ++++ b/test/test-network/conf/25-activation-policy.network.d/always-up.conf |
1673 | +@@ -0,0 +1,2 @@ |
1674 | ++[Link] |
1675 | ++ActivationPolicy=always-up |
1676 | +--- /dev/null |
1677 | ++++ b/test/test-network/conf/25-activation-policy.network.d/down.conf |
1678 | +@@ -0,0 +1,2 @@ |
1679 | ++[Link] |
1680 | ++ActivationPolicy=down |
1681 | +--- /dev/null |
1682 | ++++ b/test/test-network/conf/25-activation-policy.network.d/manual.conf |
1683 | +@@ -0,0 +1,2 @@ |
1684 | ++[Link] |
1685 | ++ActivationPolicy=manual |
1686 | +--- /dev/null |
1687 | ++++ b/test/test-network/conf/25-activation-policy.network.d/up.conf |
1688 | +@@ -0,0 +1,2 @@ |
1689 | ++[Link] |
1690 | ++ActivationPolicy=up |
1691 | +--- a/test/test-network/systemd-networkd-tests.py |
1692 | ++++ b/test/test-network/systemd-networkd-tests.py |
1693 | +@@ -1605,6 +1605,7 @@ |
1694 | + '25-address-link-section.network', |
1695 | + '25-address-preferred-lifetime-zero.network', |
1696 | + '25-address-static.network', |
1697 | ++ '25-activation-policy.network', |
1698 | + '25-bind-carrier.network', |
1699 | + '25-bond-active-backup-slave.netdev', |
1700 | + '25-fibrule-invert.network', |
1701 | +@@ -2211,6 +2212,53 @@ |
1702 | + self.assertRegex(output, 'inet 192.168.10.30/24 brd 192.168.10.255 scope global test1') |
1703 | + self.wait_operstate('test1', 'routable') |
1704 | + |
1705 | ++ def _test_activation_policy(self, test): |
1706 | ++ self.setUp() |
1707 | ++ conffile = '25-activation-policy.network' |
1708 | ++ if test: |
1709 | ++ conffile = f'{conffile}.d/{test}.conf' |
1710 | ++ copy_unit_to_networkd_unit_path('11-dummy.netdev', conffile, dropins=False) |
1711 | ++ start_networkd() |
1712 | ++ |
1713 | ++ always = test.startswith('always') |
1714 | ++ if test == 'manual': |
1715 | ++ initial_up = 'UP' in check_output('ip link show test1') |
1716 | ++ else: |
1717 | ++ initial_up = not test.endswith('down') # note: default is up |
1718 | ++ expect_up = initial_up |
1719 | ++ next_up = not expect_up |
1720 | ++ |
1721 | ++ # if initial expected state is down, must wait for setup_state to reach configuring |
1722 | ++ # so systemd-networkd considers it 'activated' |
1723 | ++ setup_state = None if initial_up else 'configuring' |
1724 | ++ |
1725 | ++ for iteration in range(4): |
1726 | ++ with self.subTest(iteration=iteration, expect_up=expect_up): |
1727 | ++ operstate = 'routable' if expect_up else 'off' |
1728 | ++ self.wait_operstate('test1', operstate, setup_state=setup_state, setup_timeout=20) |
1729 | ++ setup_state = None |
1730 | ++ |
1731 | ++ if expect_up: |
1732 | ++ self.assertIn('UP', check_output('ip link show test1')) |
1733 | ++ self.assertIn('192.168.10.30/24', check_output('ip address show test1')) |
1734 | ++ self.assertIn('default via 192.168.10.1', check_output('ip route show')) |
1735 | ++ else: |
1736 | ++ self.assertIn('DOWN', check_output('ip link show test1')) |
1737 | ++ |
1738 | ++ if next_up: |
1739 | ++ check_output('ip link set dev test1 up') |
1740 | ++ else: |
1741 | ++ check_output('ip link set dev test1 down') |
1742 | ++ expect_up = initial_up if always else next_up |
1743 | ++ next_up = not next_up |
1744 | ++ |
1745 | ++ self.tearDown() |
1746 | ++ |
1747 | ++ def test_activation_policy(self): |
1748 | ++ for test in ['up', 'always-up', 'manual', 'always-down', 'down', '']: |
1749 | ++ with self.subTest(test=test): |
1750 | ++ self._test_activation_policy(test) |
1751 | ++ |
1752 | + def test_domain(self): |
1753 | + copy_unit_to_networkd_unit_path('12-dummy.netdev', '24-search-domain.network') |
1754 | + start_networkd() |
1755 | diff --git a/debian/patches/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch b/debian/patches/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch |
1756 | new file mode 100644 |
1757 | index 0000000..a2c2250 |
1758 | --- /dev/null |
1759 | +++ b/debian/patches/lp1664844/0003-save-link-activation-policy-to-state-file-and-displa.patch |
1760 | @@ -0,0 +1,110 @@ |
1761 | +From a853652ae983699460b160bc2bf72f6fae0bfcd6 Mon Sep 17 00:00:00 2001 |
1762 | +From: Dan Streetman <ddstreet@canonical.com> |
1763 | +Date: Thu, 13 Aug 2020 11:52:53 -0400 |
1764 | +Subject: [PATCH 3/3] save link activation policy to state file and display in |
1765 | + networkctl |
1766 | +Origin: upstream, https://github.com/systemd/systemd/pull/16228 |
1767 | +Bug-Ubuntu: https://bugs.launchpad.net/netplan/+bug/1664844 |
1768 | + |
1769 | +--- |
1770 | + src/libsystemd/sd-network/sd-network.c | 21 +++++++++++++++++++++ |
1771 | + src/network/networkctl.c | 12 +++++++++++- |
1772 | + src/network/networkd-link.c | 3 +++ |
1773 | + src/systemd/sd-network.h | 5 +++++ |
1774 | + test/test-network/systemd-networkd-tests.py | 1 + |
1775 | + 5 files changed, 41 insertions(+), 1 deletion(-) |
1776 | + |
1777 | +--- a/src/libsystemd/sd-network/sd-network.c |
1778 | ++++ b/src/libsystemd/sd-network/sd-network.c |
1779 | +@@ -204,6 +204,27 @@ |
1780 | + return 0; |
1781 | + } |
1782 | + |
1783 | ++_public_ int sd_network_link_get_activation_policy(int ifindex, char **policy) { |
1784 | ++ _cleanup_free_ char *s = NULL; |
1785 | ++ int r; |
1786 | ++ |
1787 | ++ assert_return(policy, -EINVAL); |
1788 | ++ |
1789 | ++ r = network_link_get_string(ifindex, "ACTIVATION_POLICY", &s); |
1790 | ++ if (r < 0) { |
1791 | ++ if (r != -ENODATA) |
1792 | ++ return r; |
1793 | ++ |
1794 | ++ /* For compatibility, assuming up. */ |
1795 | ++ s = strdup("up"); |
1796 | ++ if (!s) |
1797 | ++ return -ENOMEM; |
1798 | ++ } |
1799 | ++ |
1800 | ++ *policy = TAKE_PTR(s); |
1801 | ++ return 0; |
1802 | ++} |
1803 | ++ |
1804 | + _public_ int sd_network_link_get_llmnr(int ifindex, char **llmnr) { |
1805 | + return network_link_get_string(ifindex, "LLMNR", llmnr); |
1806 | + } |
1807 | +--- a/src/network/networkctl.c |
1808 | ++++ b/src/network/networkctl.c |
1809 | +@@ -1143,7 +1143,7 @@ |
1810 | + const LinkInfo *info) { |
1811 | + |
1812 | + _cleanup_strv_free_ char **dns = NULL, **ntp = NULL, **search_domains = NULL, **route_domains = NULL; |
1813 | +- _cleanup_free_ char *setup_state = NULL, *operational_state = NULL, *tz = NULL; |
1814 | ++ _cleanup_free_ char *setup_state = NULL, *operational_state = NULL, *tz = NULL, *activation_policy = NULL; |
1815 | + _cleanup_free_ char *t = NULL, *network = NULL; |
1816 | + const char *driver = NULL, *path = NULL, *vendor = NULL, *model = NULL, *link = NULL; |
1817 | + const char *on_color_operational, *off_color_operational, |
1818 | +@@ -1531,6 +1531,16 @@ |
1819 | + if (r < 0) |
1820 | + return r; |
1821 | + |
1822 | ++ r = sd_network_link_get_activation_policy(info->ifindex, &activation_policy); |
1823 | ++ if (r >= 0) { |
1824 | ++ r = table_add_many(table, |
1825 | ++ TABLE_EMPTY, |
1826 | ++ TABLE_STRING, "Activation Policy:", |
1827 | ++ TABLE_STRING, activation_policy); |
1828 | ++ if (r < 0) |
1829 | ++ return table_log_add_error(r); |
1830 | ++ } |
1831 | ++ |
1832 | + (void) sd_network_link_get_timezone(info->ifindex, &tz); |
1833 | + if (tz) { |
1834 | + r = table_add_many(table, |
1835 | +--- a/src/network/networkd-link.c |
1836 | ++++ b/src/network/networkd-link.c |
1837 | +@@ -4039,6 +4039,9 @@ |
1838 | + log_link_debug(link, "No DHCPv6 lease"); |
1839 | + } |
1840 | + |
1841 | ++ fprintf(f, "ACTIVATION_POLICY=%s\n", |
1842 | ++ activation_policy_to_string(link->network->activation_policy)); |
1843 | ++ |
1844 | + fprintf(f, "NETWORK_FILE=%s\n", link->network->filename); |
1845 | + |
1846 | + fputs("DNS=", f); |
1847 | +--- a/src/systemd/sd-network.h |
1848 | ++++ b/src/systemd/sd-network.h |
1849 | +@@ -103,6 +103,11 @@ |
1850 | + */ |
1851 | + int sd_network_link_get_required_for_online(int ifindex); |
1852 | + |
1853 | ++/* Get activation policy for ifindex. |
1854 | ++ * Possible values are as specified for ActivationPolicy= |
1855 | ++ */ |
1856 | ++int sd_network_link_get_activation_policy(int ifindex, char **policy); |
1857 | ++ |
1858 | + /* Get path to .network file applied to link */ |
1859 | + int sd_network_link_get_network_file(int ifindex, char **filename); |
1860 | + |
1861 | +--- a/test/test-network/systemd-networkd-tests.py |
1862 | ++++ b/test/test-network/systemd-networkd-tests.py |
1863 | +@@ -2407,6 +2407,7 @@ |
1864 | + self.assertRegex(data, r'OPER_STATE=routable') |
1865 | + self.assertRegex(data, r'REQUIRED_FOR_ONLINE=yes') |
1866 | + self.assertRegex(data, r'REQUIRED_OPER_STATE_FOR_ONLINE=routable') |
1867 | ++ self.assertRegex(data, r'ACTIVATION_POLICY=up') |
1868 | + self.assertRegex(data, r'NETWORK_FILE=/run/systemd/network/state-file-tests.network') |
1869 | + self.assertRegex(data, r'DNS=10.10.10.10 10.10.10.11') |
1870 | + self.assertRegex(data, r'NTP=0.fedora.pool.ntp.org 1.fedora.pool.ntp.org') |
1871 | diff --git a/debian/patches/lp1785383-resolved-address-DVE-2018-0001.patch b/debian/patches/lp1785383-resolved-address-DVE-2018-0001.patch |
1872 | new file mode 100644 |
1873 | index 0000000..f5b5ac0 |
1874 | --- /dev/null |
1875 | +++ b/debian/patches/lp1785383-resolved-address-DVE-2018-0001.patch |
1876 | @@ -0,0 +1,161 @@ |
1877 | +From 1ed4e584f3a03f47d2313314b6b5a78c9dc6f135 Mon Sep 17 00:00:00 2001 |
1878 | +From: Lennart Poettering <lennart@poettering.net> |
1879 | +Date: Thu, 12 Nov 2020 17:05:36 +0100 |
1880 | +Subject: [PATCH] resolved: address DVE-2018-0001 |
1881 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/bionic/+source/systemd/+bug/1785383 |
1882 | +Origin: upstream, https://github.com/systemd/systemd/commit/1ed4e584f3a03f47d2313314b6b5a78c9dc6f135 |
1883 | + |
1884 | +This is an updated version of #8608 with more restrictive logic. To |
1885 | +quite the original bug: |
1886 | + |
1887 | + Some captive portals, lie and do not respond with the captive portal |
1888 | + IP address, if the query is with EDNS0 enabled and D0 bit set to |
1889 | + zero. Thus retry "secure" domain name look ups with less secure |
1890 | + methods, upon NXDOMAIN. |
1891 | + |
1892 | +https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md |
1893 | + |
1894 | +Yes, this fix sucks hard, but I guess this is what we need to do to make |
1895 | +sure resolved works IRL. |
1896 | + |
1897 | +Heavily based on the original patch from Dimitri John Ledkov, and I |
1898 | +copied the commentary verbatim. |
1899 | + |
1900 | +Replaces: #8608 |
1901 | +--- |
1902 | + src/resolve/resolved-dns-transaction.c | 69 +++++++++++++++++++++----- |
1903 | + src/resolve/resolved-dns-transaction.h | 7 ++- |
1904 | + 2 files changed, 62 insertions(+), 14 deletions(-) |
1905 | + |
1906 | +--- a/src/resolve/resolved-dns-transaction.c |
1907 | ++++ b/src/resolve/resolved-dns-transaction.c |
1908 | +@@ -204,7 +204,8 @@ int dns_transaction_new(DnsTransaction * |
1909 | + t->answer_nsec_ttl = (uint32_t) -1; |
1910 | + t->key = dns_resource_key_ref(key); |
1911 | + t->current_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1912 | +- t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1913 | ++ t->clamp_feature_level_servfail = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1914 | ++ t->clamp_feature_level_nxdomain = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1915 | + |
1916 | + t->id = pick_new_id(s->manager); |
1917 | + |
1918 | +@@ -378,15 +379,20 @@ static int dns_transaction_pick_server(D |
1919 | + |
1920 | + /* If we changed the server invalidate the feature level clamping, as the new server might have completely |
1921 | + * different properties. */ |
1922 | +- if (server != t->server) |
1923 | +- t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1924 | ++ if (server != t->server) { |
1925 | ++ t->clamp_feature_level_servfail = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1926 | ++ t->clamp_feature_level_nxdomain = _DNS_SERVER_FEATURE_LEVEL_INVALID; |
1927 | ++ } |
1928 | + |
1929 | + t->current_feature_level = dns_server_possible_feature_level(server); |
1930 | + |
1931 | + /* Clamp the feature level if that is requested. */ |
1932 | +- if (t->clamp_feature_level != _DNS_SERVER_FEATURE_LEVEL_INVALID && |
1933 | +- t->current_feature_level > t->clamp_feature_level) |
1934 | +- t->current_feature_level = t->clamp_feature_level; |
1935 | ++ if (t->clamp_feature_level_servfail != _DNS_SERVER_FEATURE_LEVEL_INVALID && |
1936 | ++ t->current_feature_level > t->clamp_feature_level_servfail) |
1937 | ++ t->current_feature_level = t->clamp_feature_level_servfail; |
1938 | ++ if (t->clamp_feature_level_nxdomain != _DNS_SERVER_FEATURE_LEVEL_INVALID && |
1939 | ++ t->current_feature_level > t->clamp_feature_level_nxdomain) |
1940 | ++ t->current_feature_level = t->clamp_feature_level_nxdomain; |
1941 | + |
1942 | + log_debug("Using feature level %s for transaction %u.", dns_server_feature_level_to_string(t->current_feature_level), t->id); |
1943 | + |
1944 | +@@ -1005,19 +1011,19 @@ void dns_transaction_process_reply(DnsTr |
1945 | + /* Reduce this feature level by one and try again. */ |
1946 | + switch (t->current_feature_level) { |
1947 | + case DNS_SERVER_FEATURE_LEVEL_TLS_DO: |
1948 | +- t->clamp_feature_level = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; |
1949 | ++ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; |
1950 | + break; |
1951 | + case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: |
1952 | + /* Skip plain TLS when TLS is not supported */ |
1953 | +- t->clamp_feature_level = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; |
1954 | ++ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; |
1955 | + break; |
1956 | + default: |
1957 | +- t->clamp_feature_level = t->current_feature_level - 1; |
1958 | ++ t->clamp_feature_level_servfail = t->current_feature_level - 1; |
1959 | + } |
1960 | + |
1961 | + log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", |
1962 | + dns_rcode_to_string(DNS_PACKET_RCODE(p)), |
1963 | +- dns_server_feature_level_to_string(t->clamp_feature_level)); |
1964 | ++ dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); |
1965 | + |
1966 | + dns_transaction_retry(t, false /* use the same server */); |
1967 | + return; |
1968 | +@@ -1086,13 +1092,51 @@ void dns_transaction_process_reply(DnsTr |
1969 | + return; |
1970 | + } |
1971 | + |
1972 | ++ if (t->scope->protocol == DNS_PROTOCOL_DNS && |
1973 | ++ DNS_PACKET_RCODE(p) == DNS_RCODE_NXDOMAIN && |
1974 | ++ p->opt && !DNS_PACKET_DO(p) && |
1975 | ++ t->current_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0 && |
1976 | ++ IN_SET(t->current_feature_level, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO, DNS_SERVER_FEATURE_LEVEL_LARGE) && |
1977 | ++ t->scope->dnssec_mode != DNSSEC_YES) { |
1978 | ++ |
1979 | ++ /* Some captive portals are special in that the Aruba/Datavalet hardware will miss |
1980 | ++ * replacing the packets with the local server IP to point to the authenticated side |
1981 | ++ * of the network if EDNS0 is enabled. Instead they return NXDOMAIN, with DO bit set |
1982 | ++ * to zero... nothing to see here, yet respond with the captive portal IP, when using |
1983 | ++ * the more simple UDP level. |
1984 | ++ * |
1985 | ++ * Common portal names that fail like so are: |
1986 | ++ * secure.datavalet.io |
1987 | ++ * securelogin.arubanetworks.com |
1988 | ++ * securelogin.networks.mycompany.com |
1989 | ++ * |
1990 | ++ * Thus retry NXDOMAIN RCODES with a lower feature level. |
1991 | ++ * |
1992 | ++ * Do not lower the server's tracked feature level, as the captive portal should not |
1993 | ++ * be lying for the wider internet (e.g. _other_ queries were observed fine with |
1994 | ++ * EDNS0 on these networks, post auth), i.e. let's just lower the level transaction's |
1995 | ++ * feature level. |
1996 | ++ * |
1997 | ++ * This is reported as https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md |
1998 | ++ */ |
1999 | ++ |
2000 | ++ t->clamp_feature_level_nxdomain = DNS_SERVER_FEATURE_LEVEL_UDP; |
2001 | ++ |
2002 | ++ log_debug("Server returned error %s in EDNS0 mode, retrying transaction with reduced feature level %s (DVE-2018-0001 mitigation)", |
2003 | ++ dns_rcode_to_string(DNS_PACKET_RCODE(p)), |
2004 | ++ dns_server_feature_level_to_string(t->clamp_feature_level_nxdomain)); |
2005 | ++ |
2006 | ++ dns_transaction_retry(t, false /* use the same server */); |
2007 | ++ return; |
2008 | ++ } |
2009 | ++ |
2010 | + if (t->server) { |
2011 | + /* Report that we successfully received a valid packet with a good rcode after we initially got a bad |
2012 | + * rcode and subsequently downgraded the protocol */ |
2013 | + |
2014 | + if (IN_SET(DNS_PACKET_RCODE(p), DNS_RCODE_SUCCESS, DNS_RCODE_NXDOMAIN) && |
2015 | +- t->clamp_feature_level != _DNS_SERVER_FEATURE_LEVEL_INVALID) |
2016 | +- dns_server_packet_rcode_downgrade(t->server, t->clamp_feature_level); |
2017 | ++ t->clamp_feature_level_servfail != _DNS_SERVER_FEATURE_LEVEL_INVALID) |
2018 | ++ dns_server_packet_rcode_downgrade(t->server, t->clamp_feature_level_servfail); |
2019 | + |
2020 | + /* Report that the OPT RR was missing */ |
2021 | + if (!p->opt) |
2022 | +--- a/src/resolve/resolved-dns-transaction.h |
2023 | ++++ b/src/resolve/resolved-dns-transaction.h |
2024 | +@@ -105,8 +105,11 @@ struct DnsTransaction { |
2025 | + /* The features of the DNS server at time of transaction start */ |
2026 | + DnsServerFeatureLevel current_feature_level; |
2027 | + |
2028 | +- /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used before. */ |
2029 | +- DnsServerFeatureLevel clamp_feature_level; |
2030 | ++ /* If we got SERVFAIL back, we retry the lookup, using a lower feature level than we used |
2031 | ++ * before. Similar, if we get NXDOMAIN in pure EDNS0 mode, we check in EDNS0-less mode before giving |
2032 | ++ * up (as mitigation for DVE-2018-0001). */ |
2033 | ++ DnsServerFeatureLevel clamp_feature_level_servfail; |
2034 | ++ DnsServerFeatureLevel clamp_feature_level_nxdomain; |
2035 | + |
2036 | + /* Query candidates this transaction is referenced by and that |
2037 | + * shall be notified about this specific transaction |
2038 | diff --git a/debian/patches/lp1838329/0001-blockdev-propagate-one-more-unexpected-error.patch b/debian/patches/lp1838329/0001-blockdev-propagate-one-more-unexpected-error.patch |
2039 | new file mode 100644 |
2040 | index 0000000..a5357fd |
2041 | --- /dev/null |
2042 | +++ b/debian/patches/lp1838329/0001-blockdev-propagate-one-more-unexpected-error.patch |
2043 | @@ -0,0 +1,28 @@ |
2044 | +From 6cba41ab0dbe5eb817f37bd43caff4754d801d3b Mon Sep 17 00:00:00 2001 |
2045 | +From: Lennart Poettering <lennart@poettering.net> |
2046 | +Date: Mon, 18 May 2020 18:29:57 +0200 |
2047 | +Subject: [PATCH 1/7] blockdev: propagate one more unexpected error |
2048 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2049 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2050 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2051 | + |
2052 | +--- |
2053 | + src/basic/blockdev-util.c | 2 ++ |
2054 | + 1 file changed, 2 insertions(+) |
2055 | + |
2056 | +diff --git a/src/basic/blockdev-util.c b/src/basic/blockdev-util.c |
2057 | +index 7d94c55a6d..54431f5d0f 100644 |
2058 | +--- a/src/basic/blockdev-util.c |
2059 | ++++ b/src/basic/blockdev-util.c |
2060 | +@@ -29,6 +29,8 @@ int block_get_whole_disk(dev_t d, dev_t *ret) { |
2061 | + *ret = d; |
2062 | + return 0; |
2063 | + } |
2064 | ++ if (errno != ENOENT) |
2065 | ++ return -errno; |
2066 | + |
2067 | + /* If it is a partition find the originating device */ |
2068 | + xsprintf_sys_block_path(p, "/partition", d); |
2069 | +-- |
2070 | +2.25.1 |
2071 | + |
2072 | diff --git a/debian/patches/lp1838329/0002-makefs-log-about-OOM-condition.patch b/debian/patches/lp1838329/0002-makefs-log-about-OOM-condition.patch |
2073 | new file mode 100644 |
2074 | index 0000000..bc874dd |
2075 | --- /dev/null |
2076 | +++ b/debian/patches/lp1838329/0002-makefs-log-about-OOM-condition.patch |
2077 | @@ -0,0 +1,33 @@ |
2078 | +From 700e0d3d87705a6ba01793d7130bbb8e6edbee16 Mon Sep 17 00:00:00 2001 |
2079 | +From: Lennart Poettering <lennart@poettering.net> |
2080 | +Date: Mon, 18 May 2020 18:30:18 +0200 |
2081 | +Subject: [PATCH 2/7] makefs: log about OOM condition |
2082 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2083 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2084 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2085 | + |
2086 | +--- |
2087 | + src/partition/makefs.c | 4 ++-- |
2088 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
2089 | + |
2090 | +diff --git a/src/partition/makefs.c b/src/partition/makefs.c |
2091 | +index d73d67c4e8..df08a5fea6 100644 |
2092 | +--- a/src/partition/makefs.c |
2093 | ++++ b/src/partition/makefs.c |
2094 | +@@ -54,11 +54,11 @@ static int run(int argc, char *argv[]) { |
2095 | + /* type and device must be copied because makefs calls safe_fork, which clears argv[] */ |
2096 | + type = strdup(argv[1]); |
2097 | + if (!type) |
2098 | +- return -ENOMEM; |
2099 | ++ return log_oom(); |
2100 | + |
2101 | + device = strdup(argv[2]); |
2102 | + if (!device) |
2103 | +- return -ENOMEM; |
2104 | ++ return log_oom(); |
2105 | + |
2106 | + if (stat(device, &st) < 0) |
2107 | + return log_error_errno(errno, "Failed to stat \"%s\": %m", device); |
2108 | +-- |
2109 | +2.25.1 |
2110 | + |
2111 | diff --git a/debian/patches/lp1838329/0003-dissect-use-log_debug_errno-where-appropriate.patch b/debian/patches/lp1838329/0003-dissect-use-log_debug_errno-where-appropriate.patch |
2112 | new file mode 100644 |
2113 | index 0000000..37686a4 |
2114 | --- /dev/null |
2115 | +++ b/debian/patches/lp1838329/0003-dissect-use-log_debug_errno-where-appropriate.patch |
2116 | @@ -0,0 +1,33 @@ |
2117 | +From 58dfbfbdd6138de49c6f59a763c4cfc7acb8c9a9 Mon Sep 17 00:00:00 2001 |
2118 | +From: Lennart Poettering <lennart@poettering.net> |
2119 | +Date: Mon, 18 May 2020 18:30:49 +0200 |
2120 | +Subject: [PATCH 3/7] dissect: use log_debug_errno() where appropriate |
2121 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2122 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2123 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2124 | + |
2125 | +--- |
2126 | + src/shared/dissect-image.c | 7 +++---- |
2127 | + 1 file changed, 3 insertions(+), 4 deletions(-) |
2128 | + |
2129 | +diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c |
2130 | +index 23ad6b06cf..8decac94b2 100644 |
2131 | +--- a/src/shared/dissect-image.c |
2132 | ++++ b/src/shared/dissect-image.c |
2133 | +@@ -75,10 +75,9 @@ int probe_filesystem(const char *node, char **ret_fstype) { |
2134 | + log_debug("No type detected on partition %s", node); |
2135 | + goto not_found; |
2136 | + } |
2137 | +- if (r == -2) { |
2138 | +- log_debug("Results ambiguous for partition %s", node); |
2139 | +- return -EUCLEAN; |
2140 | +- } |
2141 | ++ if (r == -2) |
2142 | ++ return log_debug_errno(SYNTHETIC_ERRNO(EUCLEAN), |
2143 | ++ "Results ambiguous for partition %s", node); |
2144 | + if (r != 0) |
2145 | + return errno_or_else(EIO); |
2146 | + |
2147 | +-- |
2148 | +2.25.1 |
2149 | + |
2150 | diff --git a/debian/patches/lp1838329/0004-blockdev-add-helper-for-locking-whole-block-device.patch b/debian/patches/lp1838329/0004-blockdev-add-helper-for-locking-whole-block-device.patch |
2151 | new file mode 100644 |
2152 | index 0000000..692bbbd |
2153 | --- /dev/null |
2154 | +++ b/debian/patches/lp1838329/0004-blockdev-add-helper-for-locking-whole-block-device.patch |
2155 | @@ -0,0 +1,67 @@ |
2156 | +From ac83e5aeca7ca4eff3de6ef6d9a55b71b6eb10b1 Mon Sep 17 00:00:00 2001 |
2157 | +From: Lennart Poettering <lennart@poettering.net> |
2158 | +Date: Mon, 18 May 2020 18:31:04 +0200 |
2159 | +Subject: [PATCH 4/7] blockdev: add helper for locking whole block device |
2160 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2161 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2162 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2163 | + |
2164 | +--- |
2165 | + src/basic/blockdev-util.c | 27 +++++++++++++++++++++++++++ |
2166 | + src/basic/blockdev-util.h | 2 ++ |
2167 | + 2 files changed, 29 insertions(+) |
2168 | + |
2169 | +diff --git a/src/basic/blockdev-util.c b/src/basic/blockdev-util.c |
2170 | +index 54431f5d0f..5f8212685b 100644 |
2171 | +--- a/src/basic/blockdev-util.c |
2172 | ++++ b/src/basic/blockdev-util.c |
2173 | +@@ -1,5 +1,6 @@ |
2174 | + /* SPDX-License-Identifier: LGPL-2.1+ */ |
2175 | + |
2176 | ++#include <sys/file.h> |
2177 | + #include <unistd.h> |
2178 | + |
2179 | + #include "alloc-util.h" |
2180 | +@@ -187,3 +188,29 @@ int get_block_device_harder(const char *path, dev_t *ret) { |
2181 | + |
2182 | + return 1; |
2183 | + } |
2184 | ++ |
2185 | ++int lock_whole_block_device(dev_t devt, int operation) { |
2186 | ++ _cleanup_free_ char *whole_node = NULL; |
2187 | ++ _cleanup_close_ int lock_fd = -1; |
2188 | ++ dev_t whole_devt; |
2189 | ++ int r; |
2190 | ++ |
2191 | ++ /* Let's get a BSD file lock on the whole block device, as per: https://systemd.io/BLOCK_DEVICE_LOCKING */ |
2192 | ++ |
2193 | ++ r = block_get_whole_disk(devt, &whole_devt); |
2194 | ++ if (r < 0) |
2195 | ++ return r; |
2196 | ++ |
2197 | ++ r = device_path_make_major_minor(S_IFBLK, whole_devt, &whole_node); |
2198 | ++ if (r < 0) |
2199 | ++ return r; |
2200 | ++ |
2201 | ++ lock_fd = open(whole_node, O_RDONLY|O_CLOEXEC|O_NONBLOCK); |
2202 | ++ if (lock_fd < 0) |
2203 | ++ return -errno; |
2204 | ++ |
2205 | ++ if (flock(lock_fd, operation) < 0) |
2206 | ++ return -errno; |
2207 | ++ |
2208 | ++ return TAKE_FD(lock_fd); |
2209 | ++} |
2210 | +diff --git a/src/basic/blockdev-util.h b/src/basic/blockdev-util.h |
2211 | +index 6d8a796568..1e7588f71c 100644 |
2212 | +--- a/src/basic/blockdev-util.h |
2213 | ++++ b/src/basic/blockdev-util.h |
2214 | +@@ -18,3 +18,5 @@ int block_get_originating(dev_t d, dev_t *ret); |
2215 | + int get_block_device(const char *path, dev_t *dev); |
2216 | + |
2217 | + int get_block_device_harder(const char *path, dev_t *dev); |
2218 | ++ |
2219 | ++int lock_whole_block_device(dev_t devt, int operation); |
2220 | +-- |
2221 | +2.25.1 |
2222 | + |
2223 | diff --git a/debian/patches/lp1838329/0005-makefs-lock-device-while-we-operate.patch b/debian/patches/lp1838329/0005-makefs-lock-device-while-we-operate.patch |
2224 | new file mode 100644 |
2225 | index 0000000..5bffde5 |
2226 | --- /dev/null |
2227 | +++ b/debian/patches/lp1838329/0005-makefs-lock-device-while-we-operate.patch |
2228 | @@ -0,0 +1,57 @@ |
2229 | +From 0181ad85b37d37785787b4eb8aa8c72d2e4c76b4 Mon Sep 17 00:00:00 2001 |
2230 | +From: Lennart Poettering <lennart@poettering.net> |
2231 | +Date: Mon, 18 May 2020 18:31:45 +0200 |
2232 | +Subject: [PATCH 5/7] makefs: lock device while we operate |
2233 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2234 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2235 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2236 | + |
2237 | +Let's implement our own specs, i.e. |
2238 | + |
2239 | +https://systemd.io/BLOCK_DEVICE_LOCKING/ |
2240 | + |
2241 | +This should address issues like this: #13162 |
2242 | +--- |
2243 | + src/partition/makefs.c | 11 ++++++++++- |
2244 | + 1 file changed, 10 insertions(+), 1 deletion(-) |
2245 | + |
2246 | +diff --git a/src/partition/makefs.c b/src/partition/makefs.c |
2247 | +index df08a5fea6..128aa41044 100644 |
2248 | +--- a/src/partition/makefs.c |
2249 | ++++ b/src/partition/makefs.c |
2250 | +@@ -7,7 +7,9 @@ |
2251 | + #include <unistd.h> |
2252 | + |
2253 | + #include "alloc-util.h" |
2254 | ++#include "blockdev-util.h" |
2255 | + #include "dissect-image.h" |
2256 | ++#include "fd-util.h" |
2257 | + #include "main-func.h" |
2258 | + #include "process-util.h" |
2259 | + #include "signal-util.h" |
2260 | +@@ -42,6 +44,7 @@ static int makefs(const char *type, const char *device) { |
2261 | + |
2262 | + static int run(int argc, char *argv[]) { |
2263 | + _cleanup_free_ char *device = NULL, *type = NULL, *detected = NULL; |
2264 | ++ _cleanup_close_ int lock_fd = -1; |
2265 | + struct stat st; |
2266 | + int r; |
2267 | + |
2268 | +@@ -63,7 +66,13 @@ static int run(int argc, char *argv[]) { |
2269 | + if (stat(device, &st) < 0) |
2270 | + return log_error_errno(errno, "Failed to stat \"%s\": %m", device); |
2271 | + |
2272 | +- if (!S_ISBLK(st.st_mode)) |
2273 | ++ if (S_ISBLK(st.st_mode)) { |
2274 | ++ /* Lock the device so that udev doesn't interfere with our work */ |
2275 | ++ |
2276 | ++ lock_fd = lock_whole_block_device(st.st_rdev, LOCK_EX); |
2277 | ++ if (lock_fd < 0) |
2278 | ++ return log_error_errno(lock_fd, "Failed to lock whole block device of \"%s\": %m", device); |
2279 | ++ } else |
2280 | + log_info("%s is not a block device.", device); |
2281 | + |
2282 | + r = probe_filesystem(device, &detected); |
2283 | +-- |
2284 | +2.25.1 |
2285 | + |
2286 | diff --git a/debian/patches/lp1838329/0006-makefs-normalize-logging-a-bit.patch b/debian/patches/lp1838329/0006-makefs-normalize-logging-a-bit.patch |
2287 | new file mode 100644 |
2288 | index 0000000..bdb8bcc |
2289 | --- /dev/null |
2290 | +++ b/debian/patches/lp1838329/0006-makefs-normalize-logging-a-bit.patch |
2291 | @@ -0,0 +1,39 @@ |
2292 | +From a5a8fe2e8dbb9bc1981064d273b626d4aa187152 Mon Sep 17 00:00:00 2001 |
2293 | +From: Lennart Poettering <lennart@poettering.net> |
2294 | +Date: Mon, 18 May 2020 18:32:17 +0200 |
2295 | +Subject: [PATCH 6/7] makefs: normalize logging a bit |
2296 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2297 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2298 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2299 | + |
2300 | +--- |
2301 | + src/partition/makefs.c | 11 ++++------- |
2302 | + 1 file changed, 4 insertions(+), 7 deletions(-) |
2303 | + |
2304 | +diff --git a/src/partition/makefs.c b/src/partition/makefs.c |
2305 | +index 128aa41044..97f50c9033 100644 |
2306 | +--- a/src/partition/makefs.c |
2307 | ++++ b/src/partition/makefs.c |
2308 | +@@ -76,15 +76,12 @@ static int run(int argc, char *argv[]) { |
2309 | + log_info("%s is not a block device.", device); |
2310 | + |
2311 | + r = probe_filesystem(device, &detected); |
2312 | ++ if (r == -EUCLEAN) |
2313 | ++ return log_error_errno(r, "Ambiguous results of probing for file system on \"%s\", refusing to proceed.", device); |
2314 | + if (r < 0) |
2315 | +- return log_warning_errno(r, |
2316 | +- r == -EUCLEAN ? |
2317 | +- "Cannot reliably determine probe \"%s\", refusing to proceed." : |
2318 | +- "Failed to probe \"%s\": %m", |
2319 | +- device); |
2320 | +- |
2321 | ++ return log_error_errno(r, "Failed to probe \"%s\": %m", device); |
2322 | + if (detected) { |
2323 | +- log_info("%s is not empty (type %s), exiting", device, detected); |
2324 | ++ log_info("'%s' is not empty (contains file system of type %s), exiting.", device, detected); |
2325 | + return 0; |
2326 | + } |
2327 | + |
2328 | +-- |
2329 | +2.25.1 |
2330 | + |
2331 | diff --git a/debian/patches/lp1838329/0007-cryptsetup-generator-use-systemd-makefs-for-implemen.patch b/debian/patches/lp1838329/0007-cryptsetup-generator-use-systemd-makefs-for-implemen.patch |
2332 | new file mode 100644 |
2333 | index 0000000..6707978 |
2334 | --- /dev/null |
2335 | +++ b/debian/patches/lp1838329/0007-cryptsetup-generator-use-systemd-makefs-for-implemen.patch |
2336 | @@ -0,0 +1,45 @@ |
2337 | +From db2c56b0dd28f271dd3fe53691b21484f72586e4 Mon Sep 17 00:00:00 2001 |
2338 | +From: Lennart Poettering <lennart@poettering.net> |
2339 | +Date: Mon, 18 May 2020 18:37:02 +0200 |
2340 | +Subject: [PATCH 7/7] cryptsetup-generator: use systemd-makefs for |
2341 | + implementation of "swap" and "tmp" options |
2342 | +Bug: https://github.com/systemd/systemd/issues/10179 |
2343 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1838329 |
2344 | +Origin: upstream, https://github.com/systemd/systemd/pull/15836 |
2345 | + |
2346 | +This way we can take benefit of the correct block device locking we just |
2347 | +added. |
2348 | + |
2349 | +I was thinking whether to instead pull in a regular |
2350 | +systemd-makefs@.service instance, but I couldn't come up with a reason |
2351 | +to, and thus opted for just doing the minimal patch and just replacing |
2352 | +the simply mkfs calls. |
2353 | + |
2354 | +Fixes: #10179 |
2355 | +Replaces: #13162 |
2356 | +--- |
2357 | + src/cryptsetup/cryptsetup-generator.c | 4 ++-- |
2358 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
2359 | + |
2360 | +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c |
2361 | +index 20c752d88d..5724f88d0a 100644 |
2362 | +--- a/src/cryptsetup/cryptsetup-generator.c |
2363 | ++++ b/src/cryptsetup/cryptsetup-generator.c |
2364 | +@@ -367,12 +367,12 @@ static int create_disk( |
2365 | + |
2366 | + if (tmp) |
2367 | + fprintf(f, |
2368 | +- "ExecStartPost=/sbin/mke2fs '/dev/mapper/%s'\n", |
2369 | ++ "ExecStartPost=" ROOTLIBEXECDIR "/systemd-makefs ext2 '/dev/mapper/%s'\n", |
2370 | + name_escaped); |
2371 | + |
2372 | + if (swap) |
2373 | + fprintf(f, |
2374 | +- "ExecStartPost=/sbin/mkswap '/dev/mapper/%s'\n", |
2375 | ++ "ExecStartPost=" ROOTLIBEXECDIR "/systemd-makefs swap '/dev/mapper/%s'\n", |
2376 | + name_escaped); |
2377 | + |
2378 | + if (keydev) |
2379 | +-- |
2380 | +2.25.1 |
2381 | + |
2382 | diff --git a/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch b/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch |
2383 | new file mode 100644 |
2384 | index 0000000..54b3aef |
2385 | --- /dev/null |
2386 | +++ b/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch |
2387 | @@ -0,0 +1,104 @@ |
2388 | +From 31097e2b996ed463ca97d3df618a614c875386c5 Mon Sep 17 00:00:00 2001 |
2389 | +From: Dan Streetman <ddstreet@canonical.com> |
2390 | +Date: Tue, 29 Jun 2021 09:13:22 -0400 |
2391 | +Subject: [PATCH 1/3] time: simplify get_timezones() |
2392 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1858210 |
2393 | +Origin: upstream, https://github.com/systemd/systemd/pull/20066 |
2394 | + |
2395 | +The function can be simplified by using extract_many_words() and strv_extend() |
2396 | +--- |
2397 | + src/basic/time-util.c | 56 +++++++++++++++---------------------------- |
2398 | + 1 file changed, 19 insertions(+), 37 deletions(-) |
2399 | + |
2400 | +--- a/src/basic/time-util.c |
2401 | ++++ b/src/basic/time-util.c |
2402 | +@@ -1205,24 +1205,14 @@ bool ntp_synced(void) { |
2403 | + int get_timezones(char ***ret) { |
2404 | + _cleanup_fclose_ FILE *f = NULL; |
2405 | + _cleanup_strv_free_ char **zones = NULL; |
2406 | +- size_t n_zones = 0, n_allocated = 0; |
2407 | + int r; |
2408 | + |
2409 | + assert(ret); |
2410 | + |
2411 | +- zones = strv_new("UTC"); |
2412 | +- if (!zones) |
2413 | +- return -ENOMEM; |
2414 | +- |
2415 | +- n_allocated = 2; |
2416 | +- n_zones = 1; |
2417 | +- |
2418 | + f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); |
2419 | + if (f) { |
2420 | + for (;;) { |
2421 | +- _cleanup_free_ char *line = NULL; |
2422 | +- char *p, *w; |
2423 | +- size_t k; |
2424 | ++ _cleanup_free_ char *line = NULL, *cc = NULL, *co = NULL, *tz = NULL; |
2425 | + |
2426 | + r = read_line(f, LONG_LINE_MAX, &line); |
2427 | + if (r < 0) |
2428 | +@@ -1230,45 +1220,34 @@ int get_timezones(char ***ret) { |
2429 | + if (r == 0) |
2430 | + break; |
2431 | + |
2432 | +- p = strstrip(line); |
2433 | ++ const char *p = line; |
2434 | + |
2435 | +- if (isempty(p) || *p == '#') |
2436 | ++ /* Line format is: |
2437 | ++ * 'country codes' 'coordinates' 'timezone' 'comments' */ |
2438 | ++ r = extract_many_words(&p, NULL, 0, &cc, &co, &tz, NULL); |
2439 | ++ if (r < 0) |
2440 | + continue; |
2441 | + |
2442 | +- /* Skip over country code */ |
2443 | +- p += strcspn(p, WHITESPACE); |
2444 | +- p += strspn(p, WHITESPACE); |
2445 | +- |
2446 | +- /* Skip over coordinates */ |
2447 | +- p += strcspn(p, WHITESPACE); |
2448 | +- p += strspn(p, WHITESPACE); |
2449 | +- |
2450 | +- /* Found timezone name */ |
2451 | +- k = strcspn(p, WHITESPACE); |
2452 | +- if (k <= 0) |
2453 | ++ /* Lines that start with # are comments. */ |
2454 | ++ if (*cc == '#') |
2455 | + continue; |
2456 | + |
2457 | +- w = strndup(p, k); |
2458 | +- if (!w) |
2459 | +- return -ENOMEM; |
2460 | +- |
2461 | +- if (!GREEDY_REALLOC(zones, n_allocated, n_zones + 2)) { |
2462 | +- free(w); |
2463 | +- return -ENOMEM; |
2464 | +- } |
2465 | +- |
2466 | +- zones[n_zones++] = w; |
2467 | +- zones[n_zones] = NULL; |
2468 | ++ r = strv_extend(&zones, tz); |
2469 | ++ if (r < 0) |
2470 | ++ return r; |
2471 | + } |
2472 | +- |
2473 | +- strv_sort(zones); |
2474 | +- strv_uniq(zones); |
2475 | +- |
2476 | + } else if (errno != ENOENT) |
2477 | + return -errno; |
2478 | + |
2479 | +- *ret = TAKE_PTR(zones); |
2480 | ++ /* Always include UTC */ |
2481 | ++ r = strv_extend(&zones, "UTC"); |
2482 | ++ if (r < 0) |
2483 | ++ return -ENOMEM; |
2484 | ++ |
2485 | ++ strv_sort(zones); |
2486 | ++ strv_uniq(zones); |
2487 | + |
2488 | ++ *ret = TAKE_PTR(zones); |
2489 | + return 0; |
2490 | + } |
2491 | + |
2492 | diff --git a/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch b/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch |
2493 | new file mode 100644 |
2494 | index 0000000..2dc38e5 |
2495 | --- /dev/null |
2496 | +++ b/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch |
2497 | @@ -0,0 +1,102 @@ |
2498 | +From 09a54a862b8f45cff087eb4eabbd283d354afc90 Mon Sep 17 00:00:00 2001 |
2499 | +From: Dan Streetman <ddstreet@canonical.com> |
2500 | +Date: Wed, 30 Jun 2021 07:17:22 -0400 |
2501 | +Subject: [PATCH 2/3] time: split get_timezone() into main function and |
2502 | + zone1970.tab function |
2503 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1858210 |
2504 | +Origin: upstream, https://github.com/systemd/systemd/pull/20066 |
2505 | + |
2506 | +This allows for adding another function to read from a different timezone |
2507 | +source, which is added in the next commit. |
2508 | +--- |
2509 | + src/basic/time-util.c | 62 ++++++++++++++++++++++++++----------------- |
2510 | + 1 file changed, 38 insertions(+), 24 deletions(-) |
2511 | + |
2512 | +--- a/src/basic/time-util.c |
2513 | ++++ b/src/basic/time-util.c |
2514 | +@@ -1202,7 +1202,7 @@ bool ntp_synced(void) { |
2515 | + return true; |
2516 | + } |
2517 | + |
2518 | +-int get_timezones(char ***ret) { |
2519 | ++static int get_timezones_from_zone1970_tab(char ***ret) { |
2520 | + _cleanup_fclose_ FILE *f = NULL; |
2521 | + _cleanup_strv_free_ char **zones = NULL; |
2522 | + int r; |
2523 | +@@ -1210,35 +1210,49 @@ int get_timezones(char ***ret) { |
2524 | + assert(ret); |
2525 | + |
2526 | + f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); |
2527 | +- if (f) { |
2528 | +- for (;;) { |
2529 | +- _cleanup_free_ char *line = NULL, *cc = NULL, *co = NULL, *tz = NULL; |
2530 | +- |
2531 | +- r = read_line(f, LONG_LINE_MAX, &line); |
2532 | +- if (r < 0) |
2533 | +- return r; |
2534 | +- if (r == 0) |
2535 | +- break; |
2536 | +- |
2537 | +- const char *p = line; |
2538 | +- |
2539 | +- /* Line format is: |
2540 | +- * 'country codes' 'coordinates' 'timezone' 'comments' */ |
2541 | +- r = extract_many_words(&p, NULL, 0, &cc, &co, &tz, NULL); |
2542 | +- if (r < 0) |
2543 | +- continue; |
2544 | +- |
2545 | +- /* Lines that start with # are comments. */ |
2546 | +- if (*cc == '#') |
2547 | +- continue; |
2548 | +- |
2549 | +- r = strv_extend(&zones, tz); |
2550 | +- if (r < 0) |
2551 | +- return r; |
2552 | +- } |
2553 | +- } else if (errno != ENOENT) |
2554 | ++ if (!f) |
2555 | + return -errno; |
2556 | + |
2557 | ++ for (;;) { |
2558 | ++ _cleanup_free_ char *line = NULL, *cc = NULL, *co = NULL, *tz = NULL; |
2559 | ++ |
2560 | ++ r = read_line(f, LONG_LINE_MAX, &line); |
2561 | ++ if (r < 0) |
2562 | ++ return r; |
2563 | ++ if (r == 0) |
2564 | ++ break; |
2565 | ++ |
2566 | ++ const char *p = line; |
2567 | ++ |
2568 | ++ /* Line format is: |
2569 | ++ * 'country codes' 'coordinates' 'timezone' 'comments' */ |
2570 | ++ r = extract_many_words(&p, NULL, 0, &cc, &co, &tz, NULL); |
2571 | ++ if (r < 0) |
2572 | ++ continue; |
2573 | ++ |
2574 | ++ /* Lines that start with # are comments. */ |
2575 | ++ if (*cc == '#') |
2576 | ++ continue; |
2577 | ++ |
2578 | ++ r = strv_extend(&zones, tz); |
2579 | ++ if (r < 0) |
2580 | ++ return r; |
2581 | ++ } |
2582 | ++ |
2583 | ++ *ret = TAKE_PTR(zones); |
2584 | ++ return 0; |
2585 | ++} |
2586 | ++ |
2587 | ++int get_timezones(char ***ret) { |
2588 | ++ _cleanup_strv_free_ char **zones = NULL; |
2589 | ++ int r; |
2590 | ++ |
2591 | ++ assert(ret); |
2592 | ++ |
2593 | ++ r = get_timezones_from_zone1970_tab(&zones); |
2594 | ++ if (r < 0 && r != -ENOENT) |
2595 | ++ return r; |
2596 | ++ |
2597 | + /* Always include UTC */ |
2598 | + r = strv_extend(&zones, "UTC"); |
2599 | + if (r < 0) |
2600 | diff --git a/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch b/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch |
2601 | new file mode 100644 |
2602 | index 0000000..605aa49 |
2603 | --- /dev/null |
2604 | +++ b/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch |
2605 | @@ -0,0 +1,90 @@ |
2606 | +From 147bc3639b3d7b15fc7b548b24715e7c4d95c6e1 Mon Sep 17 00:00:00 2001 |
2607 | +From: Dan Streetman <ddstreet@canonical.com> |
2608 | +Date: Wed, 30 Jun 2021 07:30:28 -0400 |
2609 | +Subject: [PATCH 3/3] time: get timezones from tzdata.zi |
2610 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1858210 |
2611 | +Origin: upstream, https://github.com/systemd/systemd/pull/20066 |
2612 | + |
2613 | +The zone1970.tab file doesn't include any timezone 'aliases'. Instead |
2614 | +of parsing it, parse the tzdata.zi file which does include all zones |
2615 | +as well as aliases. |
2616 | + |
2617 | +This keeps the parsing function for zone1970.tab as a fallback in case |
2618 | +the tzdata.zi file isn't found. |
2619 | +--- |
2620 | + src/basic/time-util.c | 58 ++++++++++++++++++++++++++++++++++++++++++- |
2621 | + 1 file changed, 57 insertions(+), 1 deletion(-) |
2622 | + |
2623 | +--- a/src/basic/time-util.c |
2624 | ++++ b/src/basic/time-util.c |
2625 | +@@ -1243,13 +1243,69 @@ static int get_timezones_from_zone1970_t |
2626 | + return 0; |
2627 | + } |
2628 | + |
2629 | ++static int get_timezones_from_tzdata_zi(char ***ret) { |
2630 | ++ _cleanup_fclose_ FILE *f = NULL; |
2631 | ++ _cleanup_strv_free_ char **zones = NULL; |
2632 | ++ int r; |
2633 | ++ |
2634 | ++ f = fopen("/usr/share/zoneinfo/tzdata.zi", "re"); |
2635 | ++ if (!f) |
2636 | ++ return -errno; |
2637 | ++ |
2638 | ++ for (;;) { |
2639 | ++ _cleanup_free_ char *line = NULL, *type = NULL, *f1 = NULL, *f2 = NULL; |
2640 | ++ |
2641 | ++ r = read_line(f, LONG_LINE_MAX, &line); |
2642 | ++ if (r < 0) |
2643 | ++ return r; |
2644 | ++ if (r == 0) |
2645 | ++ break; |
2646 | ++ |
2647 | ++ const char *p = line; |
2648 | ++ |
2649 | ++ /* The only lines we care about are Zone and Link lines. |
2650 | ++ * Zone line format is: |
2651 | ++ * 'Zone' 'timezone' ... |
2652 | ++ * Link line format is: |
2653 | ++ * 'Link' 'target' 'alias' |
2654 | ++ * See 'man zic' for more detail. */ |
2655 | ++ r = extract_many_words(&p, NULL, 0, &type, &f1, &f2, NULL); |
2656 | ++ if (r < 0) |
2657 | ++ continue; |
2658 | ++ |
2659 | ++ char *tz; |
2660 | ++ if (*type == 'Z' || *type == 'z') |
2661 | ++ /* Zone lines have timezone in field 1. */ |
2662 | ++ tz = f1; |
2663 | ++ else if (*type == 'L' || *type == 'l') |
2664 | ++ /* Link lines have timezone in field 2. */ |
2665 | ++ tz = f2; |
2666 | ++ else |
2667 | ++ /* Not a line we care about. */ |
2668 | ++ continue; |
2669 | ++ |
2670 | ++ r = strv_extend(&zones, tz); |
2671 | ++ if (r < 0) |
2672 | ++ return r; |
2673 | ++ } |
2674 | ++ |
2675 | ++ *ret = TAKE_PTR(zones); |
2676 | ++ return 0; |
2677 | ++} |
2678 | ++ |
2679 | + int get_timezones(char ***ret) { |
2680 | + _cleanup_strv_free_ char **zones = NULL; |
2681 | + int r; |
2682 | + |
2683 | + assert(ret); |
2684 | + |
2685 | +- r = get_timezones_from_zone1970_tab(&zones); |
2686 | ++ r = get_timezones_from_tzdata_zi(&zones); |
2687 | ++ if (r == -ENOENT) { |
2688 | ++ log_debug_errno(r, "Could not get timezone data from tzdata.zi, using zone1970.tab: %m"); |
2689 | ++ r = get_timezones_from_zone1970_tab(&zones); |
2690 | ++ if (r == -ENOENT) |
2691 | ++ log_debug_errno(r, "Could not get timezone data from zone1970.tab, using UTC: %m"); |
2692 | ++ } |
2693 | + if (r < 0 && r != -ENOENT) |
2694 | + return r; |
2695 | + |
2696 | diff --git a/debian/patches/lp1860926-network-Change-IgnoreCarrierLoss-default-to-value-of.patch b/debian/patches/lp1860926-network-Change-IgnoreCarrierLoss-default-to-value-of.patch |
2697 | new file mode 100644 |
2698 | index 0000000..63290be |
2699 | --- /dev/null |
2700 | +++ b/debian/patches/lp1860926-network-Change-IgnoreCarrierLoss-default-to-value-of.patch |
2701 | @@ -0,0 +1,75 @@ |
2702 | +From b520a35de0f1ad99f30fa3e1e9b02cc2d4832971 Mon Sep 17 00:00:00 2001 |
2703 | +From: Dan Streetman <ddstreet@canonical.com> |
2704 | +Date: Mon, 27 Apr 2020 06:38:40 -0400 |
2705 | +Subject: [PATCH 1/3] network: Change IgnoreCarrierLoss default to value of |
2706 | + ConfigureWithoutCarrier |
2707 | +Origin: upstream, https://github.com/systemd/systemd/pull/15619 |
2708 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1860926 |
2709 | + |
2710 | +It doesn't make much sense to have ConfigureWithoutCarrier set, but not |
2711 | +IgnoreCarrierLoss; all the configuration added during initial interface |
2712 | +bring-up will be lost at the first carrier up/down. |
2713 | +--- |
2714 | + man/systemd.network.xml | 5 +++-- |
2715 | + src/network/networkd-network-gperf.gperf | 2 +- |
2716 | + src/network/networkd-network.c | 5 +++++ |
2717 | + src/network/networkd-network.h | 2 +- |
2718 | + 4 files changed, 10 insertions(+), 4 deletions(-) |
2719 | + |
2720 | +--- a/man/systemd.network.xml |
2721 | ++++ b/man/systemd.network.xml |
2722 | +@@ -815,8 +815,9 @@ |
2723 | + <varlistentry> |
2724 | + <term><varname>IgnoreCarrierLoss=</varname></term> |
2725 | + <listitem> |
2726 | +- <para>A boolean. Allows networkd to retain both the static and dynamic configuration of the |
2727 | +- interface even if its carrier is lost. Defaults to false. |
2728 | ++ <para>Takes a boolean. Allows networkd to retain both the static and dynamic configuration |
2729 | ++ of the interface even if its carrier is lost. When unset, the value specified with |
2730 | ++ <option>ConfigureWithoutCarrier=</option> is used. |
2731 | + </para> |
2732 | + </listitem> |
2733 | + </varlistentry> |
2734 | +--- a/src/network/networkd-network-gperf.gperf |
2735 | ++++ b/src/network/networkd-network-gperf.gperf |
2736 | +@@ -98,7 +98,7 @@ Network.ProxyARP, |
2737 | + Network.IPv6ProxyNDPAddress, config_parse_ipv6_proxy_ndp_address, 0, 0 |
2738 | + Network.BindCarrier, config_parse_strv, 0, offsetof(Network, bind_carrier) |
2739 | + Network.ConfigureWithoutCarrier, config_parse_bool, 0, offsetof(Network, configure_without_carrier) |
2740 | +-Network.IgnoreCarrierLoss, config_parse_bool, 0, offsetof(Network, ignore_carrier_loss) |
2741 | ++Network.IgnoreCarrierLoss, config_parse_tristate, 0, offsetof(Network, ignore_carrier_loss) |
2742 | + Network.KeepConfiguration, config_parse_keep_configuration, 0, offsetof(Network, keep_configuration) |
2743 | + Address.Address, config_parse_address, 0, 0 |
2744 | + Address.Peer, config_parse_address, 0, 0 |
2745 | +--- a/src/network/networkd-network.c |
2746 | ++++ b/src/network/networkd-network.c |
2747 | +@@ -268,6 +268,9 @@ int network_verify(Network *network) { |
2748 | + if (network->dhcp_use_gateway < 0) |
2749 | + network->dhcp_use_gateway = network->dhcp_use_routes; |
2750 | + |
2751 | ++ if (network->ignore_carrier_loss < 0) |
2752 | ++ network->ignore_carrier_loss = network->configure_without_carrier; |
2753 | ++ |
2754 | + if (network->dhcp_critical >= 0) { |
2755 | + if (network->keep_configuration >= 0) |
2756 | + log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. " |
2757 | +@@ -458,6 +461,8 @@ int network_load_one(Manager *manager, O |
2758 | + .ipv6_accept_ra_route_table = RT_TABLE_MAIN, |
2759 | + .ipv6_accept_ra_route_table_set = false, |
2760 | + |
2761 | ++ .configure_without_carrier = false, |
2762 | ++ .ignore_carrier_loss = -1, |
2763 | + .keep_configuration = _KEEP_CONFIGURATION_INVALID, |
2764 | + |
2765 | + .can_triple_sampling = -1, |
2766 | +--- a/src/network/networkd-network.h |
2767 | ++++ b/src/network/networkd-network.h |
2768 | +@@ -231,7 +231,7 @@ struct Network { |
2769 | + int allmulticast; |
2770 | + bool unmanaged; |
2771 | + bool configure_without_carrier; |
2772 | +- bool ignore_carrier_loss; |
2773 | ++ int ignore_carrier_loss; |
2774 | + KeepConfiguration keep_configuration; |
2775 | + uint32_t iaid; |
2776 | + DUID duid; |
2777 | diff --git a/debian/patches/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch b/debian/patches/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch |
2778 | new file mode 100644 |
2779 | index 0000000..a4a08f0 |
2780 | --- /dev/null |
2781 | +++ b/debian/patches/lp1861941-dont-generate-disk-byuuid-for-bcache-uuid.patch |
2782 | @@ -0,0 +1,54 @@ |
2783 | +Description: skip disk/by-uuid for bcache devices |
2784 | + |
2785 | +blkid reports bcache superblock dev.uuid as a filesystem UUID but it actually |
2786 | +is not a filesystem, it's the UUID of the backing device, which is maintained |
2787 | +at /dev/bcache/by-uuid instead of /dev/disk/by-uuid. |
2788 | + |
2789 | + [Forwarding Note] |
2790 | + |
2791 | + There is an on-going discussion upstream whether this patch should exist. |
2792 | + This patch is not a FIX to LP: #1861941, but can work as a mitigation. The |
2793 | + FIX for LP: #1861941 is the bcache-tools (0003-Add-bcache-export-cached- |
2794 | + helper.patch). |
2795 | + |
2796 | + Ryan Harper arguments are that blkid - and/or udev default rules - should skip |
2797 | + devices with "ID_FS_TYPE = bcache" by default from creating symlinks at |
2798 | + /dev/disk/{by-uuid,by-label}/{ID_FS_UUID_ENC,ID_FS_LABEL_ENC} just because |
2799 | + those devices aren't meant to be used directly (as they are backing devices |
2800 | + to bcache). Actually this is what was causing the issue fixed by bcache-tools |
2801 | + udev rules: symlink management for bcache backing devices were removing |
2802 | + /dev/bcache/xxx symlinks. |
2803 | + |
2804 | + Considering that this is a minor delta, and I agree to Ryan's arguments, of |
2805 | + not having /dev/disk/by-uuid/xxx symlinks to devices that should not be |
2806 | + accessed directly, thus giving a better experience to end user, I'm keeping |
2807 | + this until either upstream provides it by default OR the patch |
2808 | + 0003-Add-bcache-export-cached-helper.patch can be removed from bcache-tools |
2809 | + because udev and/or libblkid started differentiating UUID_CACHED and FS_UUID |
2810 | + when doing /dev/disk/ symlinks. |
2811 | + |
2812 | + - |
2813 | + rafaeldtinoco |
2814 | + |
2815 | +Author: Ryan Harper <ryan.harper@canonical.com> |
2816 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1861941 |
2817 | +Forwarded: https://github.com/systemd/systemd/pull/16317 |
2818 | +Reviewed-by: Rafael David Tinoco <rafaeldtinoco@ubuntu.com> |
2819 | +Last-Update: 2020-07-23 |
2820 | + |
2821 | +--- |
2822 | +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ |
2823 | +--- a/rules.d/60-persistent-storage.rules |
2824 | ++++ b/rules.d/60-persistent-storage.rules |
2825 | +@@ -109,8 +109,11 @@ KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!= |
2826 | + KERNEL!="sr*", IMPORT{builtin}="blkid" |
2827 | + |
2828 | + # by-label/by-uuid links (filesystem metadata) |
2829 | ++# Skip bcache backing devices, handled in 69-bcache.rules |
2830 | ++ENV{ID_FS_TYPE}=="bcache", GOTO="skip_bcache_fs_type" |
2831 | + ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}" |
2832 | + ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}" |
2833 | ++LABEL="skip_bcache_fs_type" |
2834 | + |
2835 | + # by-id (World Wide Name) |
2836 | + ENV{DEVTYPE}=="disk", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-id/wwn-$env{ID_WWN_WITH_EXTENSION}" |
2837 | diff --git a/debian/patches/lp1867375/0001-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch b/debian/patches/lp1867375/0001-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch |
2838 | new file mode 100644 |
2839 | index 0000000..7b35237 |
2840 | --- /dev/null |
2841 | +++ b/debian/patches/lp1867375/0001-network-add-a-flag-to-ignore-gateway-provided-by-DHC.patch |
2842 | @@ -0,0 +1,97 @@ |
2843 | +From b453122789ec4c6f39e6ceb9900e0e80a6abeb99 Mon Sep 17 00:00:00 2001 |
2844 | +From: Yu Watanabe <watanabe.yu+github@gmail.com> |
2845 | +Date: Mon, 16 Mar 2020 18:55:10 +0900 |
2846 | +Subject: [PATCH 1/2] network: add a flag to ignore gateway provided by DHCP |
2847 | + server |
2848 | +Origin: upstream, https://github.com/systemd/systemd/pull/15136 |
2849 | +Bug: https://github.com/systemd/systemd/issues/15117 |
2850 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867375 |
2851 | + |
2852 | +Closes #15117. |
2853 | +--- |
2854 | + man/systemd.network.xml | 8 +++++++- |
2855 | + src/network/networkd-dhcp4.c | 5 ++++- |
2856 | + src/network/networkd-network-gperf.gperf | 1 + |
2857 | + src/network/networkd-network.c | 1 + |
2858 | + src/network/networkd-network.h | 1 + |
2859 | + test/fuzz/fuzz-network-parser/directives.network | 1 + |
2860 | + 6 files changed, 15 insertions(+), 2 deletions(-) |
2861 | + |
2862 | +--- a/man/systemd.network.xml |
2863 | ++++ b/man/systemd.network.xml |
2864 | +@@ -1474,7 +1474,13 @@ |
2865 | + "link" scope will be used. For anything else, scope defaults to "global".</para> |
2866 | + </listitem> |
2867 | + </varlistentry> |
2868 | +- |
2869 | ++ <varlistentry> |
2870 | ++ <term><varname>UseGateway=</varname></term> |
2871 | ++ <listitem> |
2872 | ++ <para>When true (the default), the gateway will be requested from the DHCP server and added to the |
2873 | ++ routing table with a metric of 1024, and a scope of "link".</para> |
2874 | ++ </listitem> |
2875 | ++ </varlistentry> |
2876 | + <varlistentry> |
2877 | + <term><varname>UseTimezone=</varname></term> |
2878 | + |
2879 | +--- a/src/network/networkd-dhcp4.c |
2880 | ++++ b/src/network/networkd-dhcp4.c |
2881 | +@@ -323,6 +323,9 @@ static int link_set_dhcp_routes(Link *li |
2882 | + } |
2883 | + } |
2884 | + |
2885 | ++ if (!link->network->dhcp_use_gateway) |
2886 | ++ return 0; |
2887 | ++ |
2888 | + r = sd_dhcp_lease_get_router(link->dhcp_lease, &router); |
2889 | + if (IN_SET(r, 0, -ENODATA)) |
2890 | + log_link_info(link, "DHCP: No gateway received from DHCP server."); |
2891 | +@@ -451,7 +454,7 @@ static int dhcp_remove_router(Link *link |
2892 | + assert(link); |
2893 | + assert(address); |
2894 | + |
2895 | +- if (!link->network->dhcp_use_routes) |
2896 | ++ if (!link->network->dhcp_use_gateway) |
2897 | + return 0; |
2898 | + |
2899 | + r = sd_dhcp_lease_get_router(lease, &router); |
2900 | +--- a/src/network/networkd-network-gperf.gperf |
2901 | ++++ b/src/network/networkd-network-gperf.gperf |
2902 | +@@ -162,6 +162,7 @@ DHCPv4.UseMTU, |
2903 | + DHCPv4.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_use_hostname) |
2904 | + DHCPv4.UseDomains, config_parse_dhcp_use_domains, 0, offsetof(Network, dhcp_use_domains) |
2905 | + DHCPv4.UseRoutes, config_parse_bool, 0, offsetof(Network, dhcp_use_routes) |
2906 | ++DHCPv4.UseGateway, config_parse_bool, 0, offsetof(Network, dhcp_use_gateway) |
2907 | + DHCPv4.RequestOptions, config_parse_dhcp_request_options, 0, 0 |
2908 | + DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize) |
2909 | + DHCPv4.SendHostname, config_parse_bool, 0, offsetof(Network, dhcp_send_hostname) |
2910 | +--- a/src/network/networkd-network.c |
2911 | ++++ b/src/network/networkd-network.c |
2912 | +@@ -383,6 +383,7 @@ int network_load_one(Manager *manager, O |
2913 | + .dhcp_use_dns = true, |
2914 | + .dhcp_use_hostname = true, |
2915 | + .dhcp_use_routes = true, |
2916 | ++ .dhcp_use_gateway = true, |
2917 | + /* NOTE: this var might be overwritten by network_apply_anonymize_if_set */ |
2918 | + .dhcp_send_hostname = true, |
2919 | + .dhcp_send_release = true, |
2920 | +--- a/src/network/networkd-network.h |
2921 | ++++ b/src/network/networkd-network.h |
2922 | +@@ -110,6 +110,7 @@ struct Network { |
2923 | + bool dhcp_use_sip; |
2924 | + bool dhcp_use_mtu; |
2925 | + bool dhcp_use_routes; |
2926 | ++ bool dhcp_use_gateway; |
2927 | + bool dhcp_use_timezone; |
2928 | + bool rapid_commit; |
2929 | + bool dhcp_use_hostname; |
2930 | +--- a/test/fuzz/fuzz-network-parser/directives.network |
2931 | ++++ b/test/fuzz/fuzz-network-parser/directives.network |
2932 | +@@ -73,6 +73,7 @@ UseDNS= |
2933 | + RoutesToDNS= |
2934 | + UseDomains= |
2935 | + UseRoutes= |
2936 | ++UseGateway= |
2937 | + IAID= |
2938 | + UserClass= |
2939 | + UseNTP= |
2940 | diff --git a/debian/patches/lp1867375/0002-test-network-add-a-test-case-for-DHCPv4.UseGateway-n.patch b/debian/patches/lp1867375/0002-test-network-add-a-test-case-for-DHCPv4.UseGateway-n.patch |
2941 | new file mode 100644 |
2942 | index 0000000..629c455 |
2943 | --- /dev/null |
2944 | +++ b/debian/patches/lp1867375/0002-test-network-add-a-test-case-for-DHCPv4.UseGateway-n.patch |
2945 | @@ -0,0 +1,56 @@ |
2946 | +From 0d7bd445d26590aad7b05040c9d8423fcd6e5d4f Mon Sep 17 00:00:00 2001 |
2947 | +From: Yu Watanabe <watanabe.yu+github@gmail.com> |
2948 | +Date: Mon, 16 Mar 2020 19:08:36 +0900 |
2949 | +Subject: [PATCH 2/2] test-network: add a test case for DHCPv4.UseGateway=no |
2950 | +Origin: upstream, https://github.com/systemd/systemd/pull/15136 |
2951 | +Bug: https://github.com/systemd/systemd/issues/15117 |
2952 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867375 |
2953 | + |
2954 | +--- |
2955 | + .../conf/dhcp-client-ipv4-use-gateway-no.network | 9 +++++++++ |
2956 | + test/test-network/systemd-networkd-tests.py | 14 ++++++++++++++ |
2957 | + 2 files changed, 23 insertions(+) |
2958 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-gateway-no.network |
2959 | + |
2960 | +--- /dev/null |
2961 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-gateway-no.network |
2962 | +@@ -0,0 +1,9 @@ |
2963 | ++[Match] |
2964 | ++Name=veth99 |
2965 | ++ |
2966 | ++[Network] |
2967 | ++DHCP=ipv4 |
2968 | ++IPv6AcceptRA=false |
2969 | ++ |
2970 | ++[DHCPv4] |
2971 | ++UseGateway=no |
2972 | +--- a/test/test-network/systemd-networkd-tests.py |
2973 | ++++ b/test/test-network/systemd-networkd-tests.py |
2974 | +@@ -2826,6 +2826,7 @@ class NetworkdDHCPClientTests(unittest.T |
2975 | + 'dhcp-client-ipv4-dhcp-settings.network', |
2976 | + 'dhcp-client-ipv4-only-ipv6-disabled.network', |
2977 | + 'dhcp-client-ipv4-only.network', |
2978 | ++ 'dhcp-client-ipv4-use-gateway-no.network', |
2979 | + 'dhcp-client-ipv4-use-routes-no.network', |
2980 | + 'dhcp-client-ipv6-only.network', |
2981 | + 'dhcp-client-ipv6-rapid-commit.network', |
2982 | +@@ -2945,6 +2946,19 @@ class NetworkdDHCPClientTests(unittest.T |
2983 | + self.assertRegex(output, r'default via 192.168.5.1 proto dhcp src 192.168.5.181 metric 1024') |
2984 | + self.assertRegex(output, r'192.168.5.1 proto dhcp scope link src 192.168.5.181 metric 1024') |
2985 | + |
2986 | ++ def test_dhcp_client_ipv4_use_gateway_no(self): |
2987 | ++ copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv4-use-gateway-no.network') |
2988 | ++ |
2989 | ++ start_networkd() |
2990 | ++ self.wait_online(['veth-peer:carrier']) |
2991 | ++ start_dnsmasq(additional_options='--dhcp-option=option:dns-server,192.168.5.6,192.168.5.7', lease_time='2m') |
2992 | ++ self.wait_online(['veth99:routable', 'veth-peer:routable']) |
2993 | ++ |
2994 | ++ output = check_output('ip route show dev veth99') |
2995 | ++ print(output) |
2996 | ++ self.assertRegex(output, r'192.168.5.0/24 via 192.168.5.5 proto dhcp src 192.168.5.181 metric 1024') |
2997 | ++ self.assertNotRegex(output, r'default via 192.168.5.1') |
2998 | ++ |
2999 | + def test_dhcp_client_ipv4_ipv6(self): |
3000 | + copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-only.network', |
3001 | + 'dhcp-client-ipv4-only.network') |
3002 | diff --git a/debian/patches/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch b/debian/patches/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch |
3003 | new file mode 100644 |
3004 | index 0000000..9e0c3d9 |
3005 | --- /dev/null |
3006 | +++ b/debian/patches/lp1867375/0003-network-change-UseGateway-default-to-UseRoutes-setti.patch |
3007 | @@ -0,0 +1,77 @@ |
3008 | +From 589397a27759bd650b3674029cb0ef73347c913b Mon Sep 17 00:00:00 2001 |
3009 | +From: Dan Streetman <ddstreet@canonical.com> |
3010 | +Date: Wed, 15 Apr 2020 14:40:21 -0400 |
3011 | +Subject: [PATCH 1/4] network: change UseGateway= default to UseRoutes= setting |
3012 | +Origin: upstream, https://github.com/systemd/systemd/pull/15443 |
3013 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867375 |
3014 | + |
3015 | +Anyone previously using the UseRoutes=false parameter expected their |
3016 | +dhcp4-provided gateway route to be ignored, as well. However, with |
3017 | +the introduction of the UseGateway= parameter, this is no longer true. |
3018 | + |
3019 | +In order to keep backwards compatibility, this sets the UseGateway= |
3020 | +default value to whatever UseRoutes= has been set to. |
3021 | +--- |
3022 | + man/systemd.network.xml | 5 +++-- |
3023 | + src/network/networkd-network-gperf.gperf | 2 +- |
3024 | + src/network/networkd-network.c | 5 ++++- |
3025 | + src/network/networkd-network.h | 2 +- |
3026 | + 4 files changed, 9 insertions(+), 5 deletions(-) |
3027 | + |
3028 | +--- a/man/systemd.network.xml |
3029 | ++++ b/man/systemd.network.xml |
3030 | +@@ -1477,8 +1477,9 @@ |
3031 | + <varlistentry> |
3032 | + <term><varname>UseGateway=</varname></term> |
3033 | + <listitem> |
3034 | +- <para>When true (the default), the gateway will be requested from the DHCP server and added to the |
3035 | +- routing table with a metric of 1024, and a scope of "link".</para> |
3036 | ++ <para>When true, the gateway will be requested from the DHCP server and added to the routing table with a |
3037 | ++ metric of 1024, and a scope of "link". When unset, the value specified with <option>UseRoutes=</option> |
3038 | ++ is used.</para> |
3039 | + </listitem> |
3040 | + </varlistentry> |
3041 | + <varlistentry> |
3042 | +--- a/src/network/networkd-network-gperf.gperf |
3043 | ++++ b/src/network/networkd-network-gperf.gperf |
3044 | +@@ -162,7 +162,7 @@ DHCPv4.UseMTU, |
3045 | + DHCPv4.UseHostname, config_parse_bool, 0, offsetof(Network, dhcp_use_hostname) |
3046 | + DHCPv4.UseDomains, config_parse_dhcp_use_domains, 0, offsetof(Network, dhcp_use_domains) |
3047 | + DHCPv4.UseRoutes, config_parse_bool, 0, offsetof(Network, dhcp_use_routes) |
3048 | +-DHCPv4.UseGateway, config_parse_bool, 0, offsetof(Network, dhcp_use_gateway) |
3049 | ++DHCPv4.UseGateway, config_parse_tristate, 0, offsetof(Network, dhcp_use_gateway) |
3050 | + DHCPv4.RequestOptions, config_parse_dhcp_request_options, 0, 0 |
3051 | + DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize) |
3052 | + DHCPv4.SendHostname, config_parse_bool, 0, offsetof(Network, dhcp_send_hostname) |
3053 | +--- a/src/network/networkd-network.c |
3054 | ++++ b/src/network/networkd-network.c |
3055 | +@@ -265,6 +265,9 @@ int network_verify(Network *network) { |
3056 | + network->dhcp_use_mtu = false; |
3057 | + } |
3058 | + |
3059 | ++ if (network->dhcp_use_gateway < 0) |
3060 | ++ network->dhcp_use_gateway = network->dhcp_use_routes; |
3061 | ++ |
3062 | + if (network->dhcp_critical >= 0) { |
3063 | + if (network->keep_configuration >= 0) |
3064 | + log_warning("%s: Both KeepConfiguration= and deprecated CriticalConnection= are set. " |
3065 | +@@ -383,7 +386,7 @@ int network_load_one(Manager *manager, O |
3066 | + .dhcp_use_dns = true, |
3067 | + .dhcp_use_hostname = true, |
3068 | + .dhcp_use_routes = true, |
3069 | +- .dhcp_use_gateway = true, |
3070 | ++ .dhcp_use_gateway = -1, |
3071 | + /* NOTE: this var might be overwritten by network_apply_anonymize_if_set */ |
3072 | + .dhcp_send_hostname = true, |
3073 | + .dhcp_send_release = true, |
3074 | +--- a/src/network/networkd-network.h |
3075 | ++++ b/src/network/networkd-network.h |
3076 | +@@ -110,7 +110,7 @@ struct Network { |
3077 | + bool dhcp_use_sip; |
3078 | + bool dhcp_use_mtu; |
3079 | + bool dhcp_use_routes; |
3080 | +- bool dhcp_use_gateway; |
3081 | ++ int dhcp_use_gateway; |
3082 | + bool dhcp_use_timezone; |
3083 | + bool rapid_commit; |
3084 | + bool dhcp_use_hostname; |
3085 | diff --git a/debian/patches/lp1867375/0004-test-modify-add-tests-for-UseRoutes-and-UseGateway-c.patch b/debian/patches/lp1867375/0004-test-modify-add-tests-for-UseRoutes-and-UseGateway-c.patch |
3086 | new file mode 100644 |
3087 | index 0000000..6bb2c41 |
3088 | --- /dev/null |
3089 | +++ b/debian/patches/lp1867375/0004-test-modify-add-tests-for-UseRoutes-and-UseGateway-c.patch |
3090 | @@ -0,0 +1,187 @@ |
3091 | +From 7c0d36ff5fc31d00e26661fd2ad45291ed0eb6f7 Mon Sep 17 00:00:00 2001 |
3092 | +From: Dan Streetman <ddstreet@canonical.com> |
3093 | +Date: Wed, 15 Apr 2020 16:26:20 -0400 |
3094 | +Subject: [PATCH 2/4] test: modify/add tests for UseRoutes= and UseGateway= |
3095 | + configuration |
3096 | +Origin: upstream, https://github.com/systemd/systemd/pull/15443 |
3097 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867375 |
3098 | + |
3099 | +The last commit changed the UseGateway= default to the value of UseRoutes= |
3100 | +so the tests need to check for all combinations of the two parameters. |
3101 | +--- |
3102 | + .../dhcp-client-ipv4-use-routes-no.network | 9 --- |
3103 | + ...lient-ipv4-use-routes-use-gateway.network} | 2 +- |
3104 | + .../use-gateway-False.conf | 2 + |
3105 | + .../use-gateway-True.conf | 2 + |
3106 | + .../use-routes-False.conf | 2 + |
3107 | + .../use-routes-True.conf | 2 + |
3108 | + test/test-network/systemd-networkd-tests.py | 58 +++++++++++++------ |
3109 | + 7 files changed, 48 insertions(+), 29 deletions(-) |
3110 | + delete mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-no.network |
3111 | + rename test/test-network/conf/{dhcp-client-ipv4-use-gateway-no.network => dhcp-client-ipv4-use-routes-use-gateway.network} (81%) |
3112 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-gateway-False.conf |
3113 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-gateway-True.conf |
3114 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-routes-False.conf |
3115 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-routes-True.conf |
3116 | + |
3117 | +--- a/test/test-network/conf/dhcp-client-ipv4-use-routes-no.network |
3118 | ++++ /dev/null |
3119 | +@@ -1,9 +0,0 @@ |
3120 | +-[Match] |
3121 | +-Name=veth99 |
3122 | +- |
3123 | +-[Network] |
3124 | +-DHCP=ipv4 |
3125 | +-IPv6AcceptRA=false |
3126 | +- |
3127 | +-[DHCPv4] |
3128 | +-UseRoutes=no |
3129 | +--- a/test/test-network/conf/dhcp-client-ipv4-use-gateway-no.network |
3130 | ++++ /dev/null |
3131 | +@@ -1,9 +0,0 @@ |
3132 | +-[Match] |
3133 | +-Name=veth99 |
3134 | +- |
3135 | +-[Network] |
3136 | +-DHCP=ipv4 |
3137 | +-IPv6AcceptRA=false |
3138 | +- |
3139 | +-[DHCPv4] |
3140 | +-UseGateway=no |
3141 | +--- /dev/null |
3142 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network |
3143 | +@@ -0,0 +1,9 @@ |
3144 | ++[Match] |
3145 | ++Name=veth99 |
3146 | ++ |
3147 | ++[Network] |
3148 | ++DHCP=ipv4 |
3149 | ++IPv6AcceptRA=false |
3150 | ++ |
3151 | ++[DHCPv4] |
3152 | ++RoutesToDNS=yes |
3153 | +--- /dev/null |
3154 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-gateway-False.conf |
3155 | +@@ -0,0 +1,2 @@ |
3156 | ++[DHCPv4] |
3157 | ++UseGateway=no |
3158 | +--- /dev/null |
3159 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-gateway-True.conf |
3160 | +@@ -0,0 +1,2 @@ |
3161 | ++[DHCPv4] |
3162 | ++UseGateway=yes |
3163 | +--- /dev/null |
3164 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-routes-False.conf |
3165 | +@@ -0,0 +1,2 @@ |
3166 | ++[DHCPv4] |
3167 | ++UseRoutes=no |
3168 | +--- /dev/null |
3169 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-routes-True.conf |
3170 | +@@ -0,0 +1,2 @@ |
3171 | ++[DHCPv4] |
3172 | ++UseRoutes=yes |
3173 | +--- a/test/test-network/systemd-networkd-tests.py |
3174 | ++++ b/test/test-network/systemd-networkd-tests.py |
3175 | +@@ -3,6 +3,7 @@ |
3176 | + # systemd-networkd tests |
3177 | + |
3178 | + import argparse |
3179 | ++import itertools |
3180 | + import os |
3181 | + import re |
3182 | + import shutil |
3183 | +@@ -2826,8 +2827,7 @@ class NetworkdDHCPClientTests(unittest.T |
3184 | + 'dhcp-client-ipv4-dhcp-settings.network', |
3185 | + 'dhcp-client-ipv4-only-ipv6-disabled.network', |
3186 | + 'dhcp-client-ipv4-only.network', |
3187 | +- 'dhcp-client-ipv4-use-gateway-no.network', |
3188 | +- 'dhcp-client-ipv4-use-routes-no.network', |
3189 | ++ 'dhcp-client-ipv4-use-routes-use-gateway.network', |
3190 | + 'dhcp-client-ipv6-only.network', |
3191 | + 'dhcp-client-ipv6-rapid-commit.network', |
3192 | + 'dhcp-client-keep-configuration-dhcp-on-stop.network', |
3193 | +@@ -2842,7 +2842,6 @@ class NetworkdDHCPClientTests(unittest.T |
3194 | + 'dhcp-client-use-dns-no.network', |
3195 | + 'dhcp-client-use-dns-yes.network', |
3196 | + 'dhcp-client-use-domains.network', |
3197 | +- 'dhcp-client-use-routes-no.network', |
3198 | + 'dhcp-client-vrf.network', |
3199 | + 'dhcp-client-with-ipv4ll-fallback-with-dhcp-server.network', |
3200 | + 'dhcp-client-with-ipv4ll-fallback-without-dhcp-server.network', |
3201 | +@@ -2851,7 +2850,6 @@ class NetworkdDHCPClientTests(unittest.T |
3202 | + 'dhcp-server-decline.network', |
3203 | + 'dhcp-server-veth-peer.network', |
3204 | + 'dhcp-v4-server-veth-peer.network', |
3205 | +- 'dhcp-client-use-domains.network', |
3206 | + 'static.network'] |
3207 | + |
3208 | + def setUp(self): |
3209 | +@@ -2932,8 +2930,21 @@ class NetworkdDHCPClientTests(unittest.T |
3210 | + self.assertRegex(output, r'192.168.5.7 proto dhcp scope link src 192.168.5.181 metric 1024') |
3211 | + self.assertRegex(output, r'192.168.5.8 proto dhcp scope link src 192.168.5.181 metric 1024') |
3212 | + |
3213 | +- def test_dhcp_client_ipv4_use_routes_no(self): |
3214 | +- copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv4-use-routes-no.network') |
3215 | ++ def test_dhcp_client_ipv4_use_routes_gateway(self): |
3216 | ++ for (routes, gateway) in itertools.product([True, False, None], repeat=2): |
3217 | ++ self.setUp() |
3218 | ++ with self.subTest(routes=routes, gateway=gateway): |
3219 | ++ self._test_dhcp_client_ipv4_use_routes_gateway(routes, gateway) |
3220 | ++ self.tearDown() |
3221 | ++ |
3222 | ++ def _test_dhcp_client_ipv4_use_routes_gateway(self, routes, gateway): |
3223 | ++ testunit = 'dhcp-client-ipv4-use-routes-use-gateway.network' |
3224 | ++ testunits = ['25-veth.netdev', 'dhcp-server-veth-peer.network', testunit] |
3225 | ++ if routes != None: |
3226 | ++ testunits.append(f'{testunit}.d/use-routes-{routes}.conf'); |
3227 | ++ if gateway != None: |
3228 | ++ testunits.append(f'{testunit}.d/use-gateway-{gateway}.conf'); |
3229 | ++ copy_unit_to_networkd_unit_path(*testunits, dropins=False) |
3230 | + |
3231 | + start_networkd() |
3232 | + self.wait_online(['veth-peer:carrier']) |
3233 | +@@ -2942,22 +2953,31 @@ class NetworkdDHCPClientTests(unittest.T |
3234 | + |
3235 | + output = check_output('ip route show dev veth99') |
3236 | + print(output) |
3237 | +- self.assertNotRegex(output, r'192.168.5.5') |
3238 | +- self.assertRegex(output, r'default via 192.168.5.1 proto dhcp src 192.168.5.181 metric 1024') |
3239 | +- self.assertRegex(output, r'192.168.5.1 proto dhcp scope link src 192.168.5.181 metric 1024') |
3240 | + |
3241 | +- def test_dhcp_client_ipv4_use_gateway_no(self): |
3242 | +- copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv4-use-gateway-no.network') |
3243 | ++ # UseRoutes= defaults to true |
3244 | ++ useroutes = routes in [True, None] |
3245 | ++ # UseGateway= defaults to useroutes |
3246 | ++ usegateway = useroutes if gateway == None else gateway |
3247 | ++ |
3248 | ++ # Check UseRoutes= |
3249 | ++ if useroutes: |
3250 | ++ self.assertRegex(output, r'192.168.5.0/24 via 192.168.5.5 proto dhcp src 192.168.5.181 metric 1024') |
3251 | ++ else: |
3252 | ++ self.assertNotRegex(output, r'192.168.5.5') |
3253 | + |
3254 | +- start_networkd() |
3255 | +- self.wait_online(['veth-peer:carrier']) |
3256 | +- start_dnsmasq(additional_options='--dhcp-option=option:dns-server,192.168.5.6,192.168.5.7', lease_time='2m') |
3257 | +- self.wait_online(['veth99:routable', 'veth-peer:routable']) |
3258 | ++ # Check UseGateway= |
3259 | ++ if usegateway: |
3260 | ++ self.assertRegex(output, r'default via 192.168.5.1 proto dhcp src 192.168.5.181 metric 1024') |
3261 | ++ else: |
3262 | ++ self.assertNotRegex(output, r'default via 192.168.5.1') |
3263 | + |
3264 | +- output = check_output('ip route show dev veth99') |
3265 | +- print(output) |
3266 | +- self.assertRegex(output, r'192.168.5.0/24 via 192.168.5.5 proto dhcp src 192.168.5.181 metric 1024') |
3267 | +- self.assertNotRegex(output, r'default via 192.168.5.1') |
3268 | ++ # check for routes to DNS server, only if using gateway |
3269 | ++ if usegateway: |
3270 | ++ self.assertRegex(output, r'192.168.5.6 proto dhcp scope link src 192.168.5.181 metric 1024') |
3271 | ++ self.assertRegex(output, r'192.168.5.7 proto dhcp scope link src 192.168.5.181 metric 1024') |
3272 | ++ else: |
3273 | ++ self.assertNotRegex(output, r'192.168.5.6') |
3274 | ++ self.assertNotRegex(output, r'192.168.5.7') |
3275 | + |
3276 | + def test_dhcp_client_ipv4_ipv6(self): |
3277 | + copy_unit_to_networkd_unit_path('25-veth.netdev', 'dhcp-server-veth-peer.network', 'dhcp-client-ipv6-only.network', |
3278 | diff --git a/debian/patches/lp1867375/0005-network-honor-SetDNSRoutes-even-if-UseGateway-False.patch b/debian/patches/lp1867375/0005-network-honor-SetDNSRoutes-even-if-UseGateway-False.patch |
3279 | new file mode 100644 |
3280 | index 0000000..2acf6ee |
3281 | --- /dev/null |
3282 | +++ b/debian/patches/lp1867375/0005-network-honor-SetDNSRoutes-even-if-UseGateway-False.patch |
3283 | @@ -0,0 +1,162 @@ |
3284 | +From 244490f5e0a98f83190e92033fbdaa1bbcd9b000 Mon Sep 17 00:00:00 2001 |
3285 | +From: Dan Streetman <ddstreet@canonical.com> |
3286 | +Date: Wed, 15 Apr 2020 18:05:14 -0400 |
3287 | +Subject: [PATCH 3/4] network: honor SetDNSRoutes= even if UseGateway=False |
3288 | +Origin: upstream, https://github.com/systemd/systemd/pull/15443 |
3289 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867375 |
3290 | + |
3291 | +--- |
3292 | + src/network/networkd-dhcp4.c | 129 +++++++++++++++++------------------ |
3293 | + 1 file changed, 64 insertions(+), 65 deletions(-) |
3294 | + |
3295 | +--- a/src/network/networkd-dhcp4.c |
3296 | ++++ b/src/network/networkd-dhcp4.c |
3297 | +@@ -323,78 +323,77 @@ static int link_set_dhcp_routes(Link *li |
3298 | + } |
3299 | + } |
3300 | + |
3301 | +- if (!link->network->dhcp_use_gateway) |
3302 | +- return 0; |
3303 | +- |
3304 | +- r = sd_dhcp_lease_get_router(link->dhcp_lease, &router); |
3305 | +- if (IN_SET(r, 0, -ENODATA)) |
3306 | +- log_link_info(link, "DHCP: No gateway received from DHCP server."); |
3307 | +- else if (r < 0) |
3308 | +- log_link_warning_errno(link, r, "DHCP error: could not get gateway: %m"); |
3309 | +- else if (in4_addr_is_null(&router[0])) |
3310 | +- log_link_info(link, "DHCP: Received gateway is null."); |
3311 | +- |
3312 | +- /* According to RFC 3442: If the DHCP server returns both a Classless Static Routes option and |
3313 | +- a Router option, the DHCP client MUST ignore the Router option. */ |
3314 | +- if (classless_route && static_route) |
3315 | +- log_link_warning(link, "Classless static routes received from DHCP server: ignoring static-route option and router option"); |
3316 | +- |
3317 | +- if (r > 0 && !classless_route && !in4_addr_is_null(&router[0])) { |
3318 | +- _cleanup_(route_freep) Route *route = NULL, *route_gw = NULL; |
3319 | +- |
3320 | +- r = route_new(&route_gw); |
3321 | +- if (r < 0) |
3322 | +- return log_link_error_errno(link, r, "Could not allocate route: %m"); |
3323 | +- |
3324 | +- /* The dhcp netmask may mask out the gateway. Add an explicit |
3325 | +- * route for the gw host so that we can route no matter the |
3326 | +- * netmask or existing kernel route tables. */ |
3327 | +- route_gw->family = AF_INET; |
3328 | +- route_gw->dst.in = router[0]; |
3329 | +- route_gw->dst_prefixlen = 32; |
3330 | +- route_gw->prefsrc.in = address; |
3331 | +- route_gw->scope = RT_SCOPE_LINK; |
3332 | +- route_gw->protocol = RTPROT_DHCP; |
3333 | +- route_gw->priority = link->network->dhcp_route_metric; |
3334 | +- route_gw->table = table; |
3335 | +- route_gw->mtu = link->network->dhcp_route_mtu; |
3336 | +- |
3337 | +- r = dhcp_route_configure(&route_gw, link); |
3338 | +- if (r < 0) |
3339 | +- return log_link_error_errno(link, r, "Could not set host route: %m"); |
3340 | +- |
3341 | +- r = route_new(&route); |
3342 | +- if (r < 0) |
3343 | +- return log_link_error_errno(link, r, "Could not allocate route: %m"); |
3344 | +- |
3345 | +- route->family = AF_INET; |
3346 | +- route->gw.in = router[0]; |
3347 | +- route->prefsrc.in = address; |
3348 | +- route->protocol = RTPROT_DHCP; |
3349 | +- route->priority = link->network->dhcp_route_metric; |
3350 | +- route->table = table; |
3351 | +- route->mtu = link->network->dhcp_route_mtu; |
3352 | +- |
3353 | +- r = dhcp_route_configure(&route, link); |
3354 | +- if (r < 0) |
3355 | +- return log_link_error_errno(link, r, "Could not set router: %m"); |
3356 | +- } |
3357 | ++ if (link->network->dhcp_use_gateway) { |
3358 | ++ r = sd_dhcp_lease_get_router(link->dhcp_lease, &router); |
3359 | ++ if (IN_SET(r, 0, -ENODATA)) |
3360 | ++ log_link_info(link, "DHCP: No gateway received from DHCP server."); |
3361 | ++ else if (r < 0) |
3362 | ++ log_link_warning_errno(link, r, "DHCP error: could not get gateway: %m"); |
3363 | ++ else if (in4_addr_is_null(&router[0])) |
3364 | ++ log_link_info(link, "DHCP: Received gateway is null."); |
3365 | ++ |
3366 | ++ /* According to RFC 3442: If the DHCP server returns both a Classless Static Routes option and |
3367 | ++ a Router option, the DHCP client MUST ignore the Router option. */ |
3368 | ++ if (classless_route && static_route) |
3369 | ++ log_link_warning(link, "Classless static routes received from DHCP server: ignoring static-route option and router option"); |
3370 | ++ |
3371 | ++ if (r > 0 && !classless_route && !in4_addr_is_null(&router[0])) { |
3372 | ++ _cleanup_(route_freep) Route *route = NULL, *route_gw = NULL; |
3373 | ++ |
3374 | ++ r = route_new(&route_gw); |
3375 | ++ if (r < 0) |
3376 | ++ return log_link_error_errno(link, r, "Could not allocate route: %m"); |
3377 | ++ |
3378 | ++ /* The dhcp netmask may mask out the gateway. Add an explicit |
3379 | ++ * route for the gw host so that we can route no matter the |
3380 | ++ * netmask or existing kernel route tables. */ |
3381 | ++ route_gw->family = AF_INET; |
3382 | ++ route_gw->dst.in = router[0]; |
3383 | ++ route_gw->dst_prefixlen = 32; |
3384 | ++ route_gw->prefsrc.in = address; |
3385 | ++ route_gw->scope = RT_SCOPE_LINK; |
3386 | ++ route_gw->protocol = RTPROT_DHCP; |
3387 | ++ route_gw->priority = link->network->dhcp_route_metric; |
3388 | ++ route_gw->table = table; |
3389 | ++ route_gw->mtu = link->network->dhcp_route_mtu; |
3390 | ++ |
3391 | ++ r = dhcp_route_configure(&route_gw, link); |
3392 | ++ if (r < 0) |
3393 | ++ return log_link_error_errno(link, r, "Could not set host route: %m"); |
3394 | ++ |
3395 | ++ r = route_new(&route); |
3396 | ++ if (r < 0) |
3397 | ++ return log_link_error_errno(link, r, "Could not allocate route: %m"); |
3398 | ++ |
3399 | ++ route->family = AF_INET; |
3400 | ++ route->gw.in = router[0]; |
3401 | ++ route->prefsrc.in = address; |
3402 | ++ route->protocol = RTPROT_DHCP; |
3403 | ++ route->priority = link->network->dhcp_route_metric; |
3404 | ++ route->table = table; |
3405 | ++ route->mtu = link->network->dhcp_route_mtu; |
3406 | ++ |
3407 | ++ r = dhcp_route_configure(&route, link); |
3408 | ++ if (r < 0) |
3409 | ++ return log_link_error_errno(link, r, "Could not set router: %m"); |
3410 | ++ } |
3411 | + |
3412 | +- Route *rt; |
3413 | +- LIST_FOREACH(routes, rt, link->network->static_routes) { |
3414 | +- if (!rt->gateway_from_dhcp) |
3415 | +- continue; |
3416 | +- |
3417 | +- if (rt->family != AF_INET) |
3418 | +- continue; |
3419 | +- |
3420 | +- rt->gw.in = router[0]; |
3421 | +- |
3422 | +- r = route_configure(rt, link, dhcp4_route_handler); |
3423 | +- if (r < 0) |
3424 | +- return log_link_error_errno(link, r, "Could not set gateway: %m"); |
3425 | +- if (r > 0) |
3426 | +- link->dhcp4_messages++; |
3427 | ++ Route *rt; |
3428 | ++ LIST_FOREACH(routes, rt, link->network->static_routes) { |
3429 | ++ if (!rt->gateway_from_dhcp) |
3430 | ++ continue; |
3431 | ++ |
3432 | ++ if (rt->family != AF_INET) |
3433 | ++ continue; |
3434 | ++ |
3435 | ++ rt->gw.in = router[0]; |
3436 | ++ |
3437 | ++ r = route_configure(rt, link, dhcp4_route_handler); |
3438 | ++ if (r < 0) |
3439 | ++ return log_link_error_errno(link, r, "Could not set gateway: %m"); |
3440 | ++ if (r > 0) |
3441 | ++ link->dhcp4_messages++; |
3442 | ++ } |
3443 | + } |
3444 | + |
3445 | + return link_set_dns_routes(link, &address); |
3446 | diff --git a/debian/patches/lp1867375/0006-test-verify-RoutesToDNS-is-independent-of-UseGateway.patch b/debian/patches/lp1867375/0006-test-verify-RoutesToDNS-is-independent-of-UseGateway.patch |
3447 | new file mode 100644 |
3448 | index 0000000..ad3d89c |
3449 | --- /dev/null |
3450 | +++ b/debian/patches/lp1867375/0006-test-verify-RoutesToDNS-is-independent-of-UseGateway.patch |
3451 | @@ -0,0 +1,74 @@ |
3452 | +From 06c2b0c76bf7e2756f8e9ef18765c85dee99ae14 Mon Sep 17 00:00:00 2001 |
3453 | +From: Dan Streetman <ddstreet@canonical.com> |
3454 | +Date: Wed, 15 Apr 2020 18:30:33 -0400 |
3455 | +Subject: [PATCH 4/4] test: verify RoutesToDNS= is independent of UseGateway= |
3456 | +Origin: upstream, https://github.com/systemd/systemd/pull/15443 |
3457 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1867375 |
3458 | + |
3459 | +--- |
3460 | + ...dhcp-client-ipv4-use-routes-use-gateway.network | 3 --- |
3461 | + .../use-dns-routes-False.conf | 2 ++ |
3462 | + .../use-dns-routes-True.conf | 2 ++ |
3463 | + test/test-network/systemd-networkd-tests.py | 14 ++++++++------ |
3464 | + 4 files changed, 12 insertions(+), 9 deletions(-) |
3465 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-dns-routes-False.conf |
3466 | + create mode 100644 test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-dns-routes-True.conf |
3467 | + |
3468 | +--- a/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network |
3469 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network |
3470 | +@@ -4,6 +4,3 @@ Name=veth99 |
3471 | + [Network] |
3472 | + DHCP=ipv4 |
3473 | + IPv6AcceptRA=false |
3474 | +- |
3475 | +-[DHCPv4] |
3476 | +-RoutesToDNS=yes |
3477 | +--- /dev/null |
3478 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-dns-routes-False.conf |
3479 | +@@ -0,0 +1,2 @@ |
3480 | ++[DHCPv4] |
3481 | ++RoutesToDNS=no |
3482 | +--- /dev/null |
3483 | ++++ b/test/test-network/conf/dhcp-client-ipv4-use-routes-use-gateway.network.d/use-dns-routes-True.conf |
3484 | +@@ -0,0 +1,2 @@ |
3485 | ++[DHCPv4] |
3486 | ++RoutesToDNS=yes |
3487 | +--- a/test/test-network/systemd-networkd-tests.py |
3488 | ++++ b/test/test-network/systemd-networkd-tests.py |
3489 | +@@ -2931,19 +2931,21 @@ class NetworkdDHCPClientTests(unittest.T |
3490 | + self.assertRegex(output, r'192.168.5.8 proto dhcp scope link src 192.168.5.181 metric 1024') |
3491 | + |
3492 | + def test_dhcp_client_ipv4_use_routes_gateway(self): |
3493 | +- for (routes, gateway) in itertools.product([True, False, None], repeat=2): |
3494 | ++ for (routes, gateway, dnsroutes) in itertools.product([True, False, None], repeat=3): |
3495 | + self.setUp() |
3496 | +- with self.subTest(routes=routes, gateway=gateway): |
3497 | +- self._test_dhcp_client_ipv4_use_routes_gateway(routes, gateway) |
3498 | ++ with self.subTest(routes=routes, gateway=gateway, dnsroutes=dnsroutes): |
3499 | ++ self._test_dhcp_client_ipv4_use_routes_gateway(routes, gateway, dnsroutes) |
3500 | + self.tearDown() |
3501 | + |
3502 | +- def _test_dhcp_client_ipv4_use_routes_gateway(self, routes, gateway): |
3503 | ++ def _test_dhcp_client_ipv4_use_routes_gateway(self, routes, gateway, dnsroutes): |
3504 | + testunit = 'dhcp-client-ipv4-use-routes-use-gateway.network' |
3505 | + testunits = ['25-veth.netdev', 'dhcp-server-veth-peer.network', testunit] |
3506 | + if routes != None: |
3507 | + testunits.append(f'{testunit}.d/use-routes-{routes}.conf'); |
3508 | + if gateway != None: |
3509 | + testunits.append(f'{testunit}.d/use-gateway-{gateway}.conf'); |
3510 | ++ if dnsroutes != None: |
3511 | ++ testunits.append(f'{testunit}.d/use-dns-routes-{dnsroutes}.conf'); |
3512 | + copy_unit_to_networkd_unit_path(*testunits, dropins=False) |
3513 | + |
3514 | + start_networkd() |
3515 | +@@ -2971,8 +2973,8 @@ class NetworkdDHCPClientTests(unittest.T |
3516 | + else: |
3517 | + self.assertNotRegex(output, r'default via 192.168.5.1') |
3518 | + |
3519 | +- # check for routes to DNS server, only if using gateway |
3520 | +- if usegateway: |
3521 | ++ # Check RoutesToDNS=, which defaults to false |
3522 | ++ if dnsroutes: |
3523 | + self.assertRegex(output, r'192.168.5.6 proto dhcp scope link src 192.168.5.181 metric 1024') |
3524 | + self.assertRegex(output, r'192.168.5.7 proto dhcp scope link src 192.168.5.181 metric 1024') |
3525 | + else: |
3526 | diff --git a/debian/patches/lp1873607/0001-core-some-minor-clean-ups-modernizations.patch b/debian/patches/lp1873607/0001-core-some-minor-clean-ups-modernizations.patch |
3527 | new file mode 100644 |
3528 | index 0000000..e4d47c8 |
3529 | --- /dev/null |
3530 | +++ b/debian/patches/lp1873607/0001-core-some-minor-clean-ups-modernizations.patch |
3531 | @@ -0,0 +1,56 @@ |
3532 | +From 5b99bd5fd4274c5fac86c82a38ca3334e55df543 Mon Sep 17 00:00:00 2001 |
3533 | +From: Lennart Poettering <lennart@poettering.net> |
3534 | +Date: Wed, 22 Apr 2020 20:33:57 +0200 |
3535 | +Subject: [PATCH 1/2] core: some minor clean-ups/modernizations |
3536 | +Origin: upstream, https://github.com/systemd/systemd/pull/15546 |
3537 | +Bug: https://github.com/systemd/systemd/issues/15356 |
3538 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1873607 |
3539 | + |
3540 | +--- |
3541 | + src/core/service.c | 14 +++++++++++--- |
3542 | + 1 file changed, 11 insertions(+), 3 deletions(-) |
3543 | + |
3544 | +diff --git a/src/core/service.c b/src/core/service.c |
3545 | +index 53dbd5509c..861d82041a 100644 |
3546 | +--- a/src/core/service.c |
3547 | ++++ b/src/core/service.c |
3548 | +@@ -2569,6 +2569,8 @@ static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, ExecC |
3549 | + ExecCommand *first, *c; |
3550 | + |
3551 | + assert(s); |
3552 | ++ assert(id >= 0); |
3553 | ++ assert(id < _SERVICE_EXEC_COMMAND_MAX); |
3554 | + |
3555 | + first = s->exec_command[id]; |
3556 | + |
3557 | +@@ -2632,10 +2634,12 @@ static int service_serialize_exec_command(Unit *u, FILE *f, ExecCommand *command |
3558 | + |
3559 | + p = cescape(command->path); |
3560 | + if (!p) |
3561 | +- return -ENOMEM; |
3562 | ++ return log_oom(); |
3563 | + |
3564 | + key = strjoina(type, "-command"); |
3565 | +- return serialize_item_format(f, key, "%s %u %s %s", service_exec_command_to_string(id), idx, p, args); |
3566 | ++ (void) serialize_item_format(f, key, "%s %u %s %s", service_exec_command_to_string(id), idx, p, args); |
3567 | ++ |
3568 | ++ return 0; |
3569 | + } |
3570 | + |
3571 | + static int service_serialize(Unit *u, FILE *f, FDSet *fds) { |
3572 | +@@ -2737,7 +2741,11 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) { |
3573 | + return 0; |
3574 | + } |
3575 | + |
3576 | +-static int service_deserialize_exec_command(Unit *u, const char *key, const char *value) { |
3577 | ++static int service_deserialize_exec_command( |
3578 | ++ Unit *u, |
3579 | ++ const char *key, |
3580 | ++ const char *value) { |
3581 | ++ |
3582 | + Service *s = SERVICE(u); |
3583 | + int r; |
3584 | + unsigned idx = 0, i; |
3585 | +-- |
3586 | +2.25.1 |
3587 | + |
3588 | diff --git a/debian/patches/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch b/debian/patches/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch |
3589 | new file mode 100644 |
3590 | index 0000000..f7c1864 |
3591 | --- /dev/null |
3592 | +++ b/debian/patches/lp1873607/0002-core-make-sure-to-restore-the-control-command-id-too.patch |
3593 | @@ -0,0 +1,33 @@ |
3594 | +From e9da62b18af647bfa73807e1c7fc3bfa4bb4b2ac Mon Sep 17 00:00:00 2001 |
3595 | +From: Lennart Poettering <lennart@poettering.net> |
3596 | +Date: Wed, 22 Apr 2020 20:34:02 +0200 |
3597 | +Subject: [PATCH 2/2] core: make sure to restore the control command id, too |
3598 | +Origin: upstream, https://github.com/systemd/systemd/pull/15546 |
3599 | +Bug: https://github.com/systemd/systemd/issues/15356 |
3600 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1873607 |
3601 | + |
3602 | +Fixes: #15356 |
3603 | +--- |
3604 | + src/core/service.c | 5 +++-- |
3605 | + 1 file changed, 3 insertions(+), 2 deletions(-) |
3606 | + |
3607 | +diff --git a/src/core/service.c b/src/core/service.c |
3608 | +index 861d82041a..7d5928e455 100644 |
3609 | +--- a/src/core/service.c |
3610 | ++++ b/src/core/service.c |
3611 | +@@ -2834,9 +2834,10 @@ static int service_deserialize_exec_command( |
3612 | + break; |
3613 | + } |
3614 | + |
3615 | +- if (command && control) |
3616 | ++ if (command && control) { |
3617 | + s->control_command = command; |
3618 | +- else if (command) |
3619 | ++ s->control_command_id = id; |
3620 | ++ } else if (command) |
3621 | + s->main_command = command; |
3622 | + else |
3623 | + log_unit_warning(u, "Current command vanished from the unit file, execution of the command list won't be resumed."); |
3624 | +-- |
3625 | +2.25.1 |
3626 | + |
3627 | diff --git a/debian/patches/lp1875708/journald-Increase-stdout-buffer-size-sooner-when-almost-f.patch b/debian/patches/lp1875708/journald-Increase-stdout-buffer-size-sooner-when-almost-f.patch |
3628 | new file mode 100644 |
3629 | index 0000000..916b1ed |
3630 | --- /dev/null |
3631 | +++ b/debian/patches/lp1875708/journald-Increase-stdout-buffer-size-sooner-when-almost-f.patch |
3632 | @@ -0,0 +1,28 @@ |
3633 | +From: Benjamin Robin <dev@benjarobin.fr> |
3634 | +Date: Sun, 3 May 2020 18:37:21 +0200 |
3635 | +Subject: journald: Increase stdout buffer size sooner, when almost full |
3636 | + |
3637 | +If the previous received buffer length is almost equal to the allocated |
3638 | +buffer size, before this change the next read can only receive a couple |
3639 | +of bytes (in the worst case only 1 byte), which is not efficient. |
3640 | + |
3641 | +(cherry picked from commit 034e9719ac1ba88a36b05da38c7aa98761d42c77) |
3642 | +--- |
3643 | + src/journal/journald-stream.c | 4 ++-- |
3644 | + 1 file changed, 2 insertions(+), 2 deletions(-) |
3645 | + |
3646 | +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c |
3647 | +index 202ac3c..7fdbe34 100644 |
3648 | +--- a/src/journal/journald-stream.c |
3649 | ++++ b/src/journal/journald-stream.c |
3650 | +@@ -511,8 +511,8 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, |
3651 | + goto terminate; |
3652 | + } |
3653 | + |
3654 | +- /* If the buffer is full already (discounting the extra NUL we need), add room for another 1K */ |
3655 | +- if (s->length + 1 >= s->allocated) { |
3656 | ++ /* If the buffer is almost full, add room for another 1K */ |
3657 | ++ if (s->length + 512 >= s->allocated) { |
3658 | + if (!GREEDY_REALLOC(s->buffer, s->allocated, s->length + 1 + 1024)) { |
3659 | + log_oom(); |
3660 | + goto terminate; |
3661 | diff --git a/debian/patches/lp1875708/journald-rework-end-of-line-marker-handling-to-use-a-fiel.patch b/debian/patches/lp1875708/journald-rework-end-of-line-marker-handling-to-use-a-fiel.patch |
3662 | new file mode 100644 |
3663 | index 0000000..896cd75 |
3664 | --- /dev/null |
3665 | +++ b/debian/patches/lp1875708/journald-rework-end-of-line-marker-handling-to-use-a-fiel.patch |
3666 | @@ -0,0 +1,73 @@ |
3667 | +From: Lennart Poettering <lennart@poettering.net> |
3668 | +Date: Tue, 12 May 2020 18:53:35 +0200 |
3669 | +Subject: journald: rework end of line marker handling to use a field table |
3670 | + |
3671 | +(cherry picked from commit 549b7379ba404c33fd448d2bca46a57f6529b00b) |
3672 | +--- |
3673 | + src/journal/journald-stream.c | 29 ++++++++++++++++++++--------- |
3674 | + 1 file changed, 20 insertions(+), 9 deletions(-) |
3675 | + |
3676 | +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c |
3677 | +index 85f5fa6..aca0434 100644 |
3678 | +--- a/src/journal/journald-stream.c |
3679 | ++++ b/src/journal/journald-stream.c |
3680 | +@@ -58,6 +58,8 @@ typedef enum LineBreak { |
3681 | + LINE_BREAK_NUL, |
3682 | + LINE_BREAK_LINE_MAX, |
3683 | + LINE_BREAK_EOF, |
3684 | ++ _LINE_BREAK_MAX, |
3685 | ++ _LINE_BREAK_INVALID = -1, |
3686 | + } LineBreak; |
3687 | + |
3688 | + struct StdoutStream { |
3689 | +@@ -238,7 +240,11 @@ fail: |
3690 | + return log_error_errno(r, "Failed to save stream data %s: %m", s->state_file); |
3691 | + } |
3692 | + |
3693 | +-static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_break) { |
3694 | ++static int stdout_stream_log( |
3695 | ++ StdoutStream *s, |
3696 | ++ const char *p, |
3697 | ++ LineBreak line_break) { |
3698 | ++ |
3699 | + struct iovec *iovec; |
3700 | + int priority; |
3701 | + char syslog_priority[] = "PRIORITY=\0"; |
3702 | +@@ -250,6 +256,9 @@ static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_brea |
3703 | + assert(s); |
3704 | + assert(p); |
3705 | + |
3706 | ++ assert(line_break >= 0); |
3707 | ++ assert(line_break < _LINE_BREAK_MAX); |
3708 | ++ |
3709 | + if (s->context) |
3710 | + (void) client_context_maybe_refresh(s->server, s->context, NULL, NULL, 0, NULL, USEC_INFINITY); |
3711 | + else if (pid_is_valid(s->ucred.pid)) { |
3712 | +@@ -301,17 +310,19 @@ static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_brea |
3713 | + iovec[n++] = IOVEC_MAKE_STRING(syslog_identifier); |
3714 | + } |
3715 | + |
3716 | +- if (line_break != LINE_BREAK_NEWLINE) { |
3717 | +- const char *c; |
3718 | ++ static const char * const line_break_field_table[_LINE_BREAK_MAX] = { |
3719 | ++ [LINE_BREAK_NEWLINE] = NULL, /* Do not add field if traditional newline */ |
3720 | ++ [LINE_BREAK_NUL] = "_LINE_BREAK=nul", |
3721 | ++ [LINE_BREAK_LINE_MAX] = "_LINE_BREAK=line-max", |
3722 | ++ [LINE_BREAK_EOF] = "_LINE_BREAK=eof", |
3723 | ++ }; |
3724 | + |
3725 | +- /* If this log message was generated due to an uncommon line break then mention this in the log |
3726 | +- * entry */ |
3727 | ++ const char *c = line_break_field_table[line_break]; |
3728 | + |
3729 | +- c = line_break == LINE_BREAK_NUL ? "_LINE_BREAK=nul" : |
3730 | +- line_break == LINE_BREAK_LINE_MAX ? "_LINE_BREAK=line-max" : |
3731 | +- "_LINE_BREAK=eof"; |
3732 | ++ /* If this log message was generated due to an uncommon line break then mention this in the log |
3733 | ++ * entry */ |
3734 | ++ if (c) |
3735 | + iovec[n++] = IOVEC_MAKE_STRING(c); |
3736 | +- } |
3737 | + |
3738 | + message = strjoin("MESSAGE=", p); |
3739 | + if (message) |
3740 | diff --git a/debian/patches/lp1875708/journald-rework-pid-change-handling.patch b/debian/patches/lp1875708/journald-rework-pid-change-handling.patch |
3741 | new file mode 100644 |
3742 | index 0000000..8a9fe0f |
3743 | --- /dev/null |
3744 | +++ b/debian/patches/lp1875708/journald-rework-pid-change-handling.patch |
3745 | @@ -0,0 +1,218 @@ |
3746 | +From: Lennart Poettering <lennart@poettering.net> |
3747 | +Date: Tue, 12 May 2020 18:56:34 +0200 |
3748 | +Subject: journald: rework pid change handling |
3749 | + |
3750 | +Let's introduce an explicit line ending marker for line endings due to |
3751 | +pid change. |
3752 | + |
3753 | +Let's also make sure we don't get confused with buffer management. |
3754 | + |
3755 | +Fixes: #15654 |
3756 | +(cherry picked from commit 45ba1ea5e9264d385fa565328fe957ef1d78caa1) |
3757 | +--- |
3758 | + src/journal/journald-stream.c | 103 ++++++++++++++++++++++++++++-------------- |
3759 | + 1 file changed, 68 insertions(+), 35 deletions(-) |
3760 | + |
3761 | +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c |
3762 | +index 5474436..4fcf71e 100644 |
3763 | +--- a/src/journal/journald-stream.c |
3764 | ++++ b/src/journal/journald-stream.c |
3765 | +@@ -58,6 +58,7 @@ typedef enum LineBreak { |
3766 | + LINE_BREAK_NUL, |
3767 | + LINE_BREAK_LINE_MAX, |
3768 | + LINE_BREAK_EOF, |
3769 | ++ LINE_BREAK_PID_CHANGE, |
3770 | + _LINE_BREAK_MAX, |
3771 | + _LINE_BREAK_INVALID = -1, |
3772 | + } LineBreak; |
3773 | +@@ -315,6 +316,7 @@ static int stdout_stream_log( |
3774 | + [LINE_BREAK_NUL] = "_LINE_BREAK=nul", |
3775 | + [LINE_BREAK_LINE_MAX] = "_LINE_BREAK=line-max", |
3776 | + [LINE_BREAK_EOF] = "_LINE_BREAK=eof", |
3777 | ++ [LINE_BREAK_PID_CHANGE] = "_LINE_BREAK=pid-change", |
3778 | + }; |
3779 | + |
3780 | + const char *c = line_break_field_table[line_break]; |
3781 | +@@ -435,21 +437,43 @@ static int stdout_stream_line(StdoutStream *s, char *p, LineBreak line_break) { |
3782 | + assert_not_reached("Unknown stream state"); |
3783 | + } |
3784 | + |
3785 | +-static int stdout_stream_scan(StdoutStream *s, bool force_flush) { |
3786 | +- char *p; |
3787 | +- size_t remaining; |
3788 | ++static int stdout_stream_found( |
3789 | ++ StdoutStream *s, |
3790 | ++ char *p, |
3791 | ++ size_t l, |
3792 | ++ LineBreak line_break) { |
3793 | ++ |
3794 | ++ char saved; |
3795 | + int r; |
3796 | + |
3797 | + assert(s); |
3798 | ++ assert(p); |
3799 | ++ |
3800 | ++ /* Let's NUL terminate the specified buffer for this call, and revert back afterwards */ |
3801 | ++ saved = p[l]; |
3802 | ++ p[l] = 0; |
3803 | ++ r = stdout_stream_line(s, p, line_break); |
3804 | ++ p[l] = saved; |
3805 | + |
3806 | +- p = s->buffer; |
3807 | +- remaining = s->length; |
3808 | ++ return r; |
3809 | ++} |
3810 | ++ |
3811 | ++static int stdout_stream_scan( |
3812 | ++ StdoutStream *s, |
3813 | ++ char *p, |
3814 | ++ size_t remaining, |
3815 | ++ LineBreak force_flush, |
3816 | ++ size_t *ret_consumed) { |
3817 | + |
3818 | +- /* XXX: This function does nothing if (s->length == 0) */ |
3819 | ++ size_t consumed = 0; |
3820 | ++ int r; |
3821 | ++ |
3822 | ++ assert(s); |
3823 | ++ assert(p); |
3824 | + |
3825 | + for (;;) { |
3826 | + LineBreak line_break; |
3827 | +- size_t skip; |
3828 | ++ size_t skip, found; |
3829 | + char *end1, *end2; |
3830 | + |
3831 | + end1 = memchr(p, '\n', remaining); |
3832 | +@@ -457,43 +481,40 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) { |
3833 | + |
3834 | + if (end2) { |
3835 | + /* We found a NUL terminator */ |
3836 | +- skip = end2 - p + 1; |
3837 | ++ found = end2 - p; |
3838 | ++ skip = found + 1; |
3839 | + line_break = LINE_BREAK_NUL; |
3840 | + } else if (end1) { |
3841 | + /* We found a \n terminator */ |
3842 | +- *end1 = 0; |
3843 | +- skip = end1 - p + 1; |
3844 | ++ found = end1 - p; |
3845 | ++ skip = found + 1; |
3846 | + line_break = LINE_BREAK_NEWLINE; |
3847 | + } else if (remaining >= s->server->line_max) { |
3848 | + /* Force a line break after the maximum line length */ |
3849 | +- *(p + s->server->line_max) = 0; |
3850 | +- skip = remaining; |
3851 | ++ found = skip = s->server->line_max; |
3852 | + line_break = LINE_BREAK_LINE_MAX; |
3853 | + } else |
3854 | + break; |
3855 | + |
3856 | +- r = stdout_stream_line(s, p, line_break); |
3857 | ++ r = stdout_stream_found(s, p, found, line_break); |
3858 | + if (r < 0) |
3859 | + return r; |
3860 | + |
3861 | +- remaining -= skip; |
3862 | + p += skip; |
3863 | ++ consumed += skip; |
3864 | ++ remaining -= skip; |
3865 | + } |
3866 | + |
3867 | +- if (force_flush && remaining > 0) { |
3868 | +- p[remaining] = 0; |
3869 | +- r = stdout_stream_line(s, p, LINE_BREAK_EOF); |
3870 | ++ if (force_flush >= 0 && remaining > 0) { |
3871 | ++ r = stdout_stream_found(s, p, remaining, force_flush); |
3872 | + if (r < 0) |
3873 | + return r; |
3874 | + |
3875 | +- p += remaining; |
3876 | +- remaining = 0; |
3877 | ++ consumed += remaining; |
3878 | + } |
3879 | + |
3880 | +- if (p > s->buffer) { |
3881 | +- memmove(s->buffer, p, remaining); |
3882 | +- s->length = remaining; |
3883 | +- } |
3884 | ++ if (ret_consumed) |
3885 | ++ *ret_consumed = consumed; |
3886 | + |
3887 | + return 0; |
3888 | + } |
3889 | +@@ -501,10 +522,11 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) { |
3890 | + static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) { |
3891 | + uint8_t buf[CMSG_SPACE(sizeof(struct ucred))]; |
3892 | + StdoutStream *s = userdata; |
3893 | ++ size_t limit, consumed; |
3894 | + struct ucred *ucred; |
3895 | + struct iovec iovec; |
3896 | +- size_t limit; |
3897 | + ssize_t l; |
3898 | ++ char *p; |
3899 | + int r; |
3900 | + |
3901 | + struct msghdr msghdr = { |
3902 | +@@ -532,7 +554,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, |
3903 | + /* Try to make use of the allocated buffer in full, but never read more than the configured line size. Also, |
3904 | + * always leave room for a terminating NUL we might need to add. */ |
3905 | + limit = MIN(s->allocated - 1, s->server->line_max); |
3906 | +- |
3907 | ++ assert(s->length <= limit); |
3908 | + iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length); |
3909 | + |
3910 | + l = recvmsg(s->fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC); |
3911 | +@@ -546,31 +568,42 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, |
3912 | + cmsg_close_all(&msghdr); |
3913 | + |
3914 | + if (l == 0) { |
3915 | +- stdout_stream_scan(s, true); |
3916 | ++ (void) stdout_stream_scan(s, s->buffer, s->length, /* force_flush = */ LINE_BREAK_EOF, NULL); |
3917 | + goto terminate; |
3918 | + } |
3919 | + |
3920 | +- /* Invalidate the context if the pid of the sender changed. This happens when a forked process |
3921 | +- * inherits stdout / stderr from a parent. In this case getpeercred returns the ucred of the parent, |
3922 | +- * which can be invalid if the parent has exited in the meantime. |
3923 | +- */ |
3924 | ++ /* Invalidate the context if the PID of the sender changed. This happens when a forked process |
3925 | ++ * inherits stdout/stderr from a parent. In this case getpeercred() returns the ucred of the parent, |
3926 | ++ * which can be invalid if the parent has exited in the meantime. */ |
3927 | + ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); |
3928 | + if (ucred && ucred->pid != s->ucred.pid) { |
3929 | +- /* force out any previously half-written lines from a different process, before we switch to |
3930 | ++ /* Force out any previously half-written lines from a different process, before we switch to |
3931 | + * the new ucred structure for everything we just added */ |
3932 | +- r = stdout_stream_scan(s, true); |
3933 | ++ r = stdout_stream_scan(s, s->buffer, s->length, /* force_flush = */ LINE_BREAK_PID_CHANGE, NULL); |
3934 | + if (r < 0) |
3935 | + goto terminate; |
3936 | + |
3937 | +- s->ucred = *ucred; |
3938 | + s->context = client_context_release(s->server, s->context); |
3939 | ++ |
3940 | ++ p = s->buffer + s->length; |
3941 | ++ } else { |
3942 | ++ p = s->buffer; |
3943 | ++ l += s->length; |
3944 | + } |
3945 | + |
3946 | +- s->length += l; |
3947 | +- r = stdout_stream_scan(s, false); |
3948 | ++ /* Always copy in the new credentials */ |
3949 | ++ if (ucred) |
3950 | ++ s->ucred = *ucred; |
3951 | ++ |
3952 | ++ r = stdout_stream_scan(s, p, l, _LINE_BREAK_INVALID, &consumed); |
3953 | + if (r < 0) |
3954 | + goto terminate; |
3955 | + |
3956 | ++ /* Move what wasn't consumed to the front of the buffer */ |
3957 | ++ assert(consumed <= (size_t) l); |
3958 | ++ s->length = l - consumed; |
3959 | ++ memmove(s->buffer, p + consumed, s->length); |
3960 | ++ |
3961 | + return 1; |
3962 | + |
3963 | + terminate: |
3964 | diff --git a/debian/patches/lp1875708/journald-use-log_warning_errno-where-appropriate.patch b/debian/patches/lp1875708/journald-use-log_warning_errno-where-appropriate.patch |
3965 | new file mode 100644 |
3966 | index 0000000..d8b4863 |
3967 | --- /dev/null |
3968 | +++ b/debian/patches/lp1875708/journald-use-log_warning_errno-where-appropriate.patch |
3969 | @@ -0,0 +1,37 @@ |
3970 | +From: Lennart Poettering <lennart@poettering.net> |
3971 | +Date: Tue, 12 May 2020 18:52:33 +0200 |
3972 | +Subject: journald: use log_warning_errno() where appropriate |
3973 | + |
3974 | +(cherry picked from commit 5fe7fb0bf604b7652091ffacd5679b310b18a70f) |
3975 | +--- |
3976 | + src/journal/journald-stream.c | 9 ++++----- |
3977 | + 1 file changed, 4 insertions(+), 5 deletions(-) |
3978 | + |
3979 | +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c |
3980 | +index 7fdbe34..85f5fa6 100644 |
3981 | +--- a/src/journal/journald-stream.c |
3982 | ++++ b/src/journal/journald-stream.c |
3983 | +@@ -322,8 +322,8 @@ static int stdout_stream_log(StdoutStream *s, const char *p, LineBreak line_brea |
3984 | + } |
3985 | + |
3986 | + static int stdout_stream_line(StdoutStream *s, char *p, LineBreak line_break) { |
3987 | +- int r; |
3988 | + char *orig; |
3989 | ++ int r; |
3990 | + |
3991 | + assert(s); |
3992 | + assert(p); |
3993 | +@@ -332,10 +332,9 @@ static int stdout_stream_line(StdoutStream *s, char *p, LineBreak line_break) { |
3994 | + p = strstrip(p); |
3995 | + |
3996 | + /* line breaks by NUL, line max length or EOF are not permissible during the negotiation part of the protocol */ |
3997 | +- if (line_break != LINE_BREAK_NEWLINE && s->state != STDOUT_STREAM_RUNNING) { |
3998 | +- log_warning("Control protocol line not properly terminated."); |
3999 | +- return -EINVAL; |
4000 | +- } |
4001 | ++ if (line_break != LINE_BREAK_NEWLINE && s->state != STDOUT_STREAM_RUNNING) |
4002 | ++ return log_warning_errno(SYNTHETIC_ERRNO(EINVAL), |
4003 | ++ "Control protocol line not properly terminated."); |
4004 | + |
4005 | + switch (s->state) { |
4006 | + |
4007 | diff --git a/debian/patches/lp1875708/journald-use-the-fact-that-client_context_release-returns.patch b/debian/patches/lp1875708/journald-use-the-fact-that-client_context_release-returns.patch |
4008 | new file mode 100644 |
4009 | index 0000000..4838b56 |
4010 | --- /dev/null |
4011 | +++ b/debian/patches/lp1875708/journald-use-the-fact-that-client_context_release-returns.patch |
4012 | @@ -0,0 +1,23 @@ |
4013 | +From: Lennart Poettering <lennart@poettering.net> |
4014 | +Date: Tue, 12 May 2020 19:15:38 +0200 |
4015 | +Subject: journald: use the fact that client_context_release() returns NULL |
4016 | + |
4017 | +(cherry picked from commit 020b4a023c2c6dda83afb9a82a62e640569c40c1) |
4018 | +--- |
4019 | + src/journal/journald-stream.c | 3 +-- |
4020 | + 1 file changed, 1 insertion(+), 2 deletions(-) |
4021 | + |
4022 | +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c |
4023 | +index aca0434..5474436 100644 |
4024 | +--- a/src/journal/journald-stream.c |
4025 | ++++ b/src/journal/journald-stream.c |
4026 | +@@ -563,8 +563,7 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, |
4027 | + goto terminate; |
4028 | + |
4029 | + s->ucred = *ucred; |
4030 | +- client_context_release(s->server, s->context); |
4031 | +- s->context = NULL; |
4032 | ++ s->context = client_context_release(s->server, s->context); |
4033 | + } |
4034 | + |
4035 | + s->length += l; |
4036 | diff --git a/debian/patches/lp1875708/man-document-the-new-_LINE_BREAK-type.patch b/debian/patches/lp1875708/man-document-the-new-_LINE_BREAK-type.patch |
4037 | new file mode 100644 |
4038 | index 0000000..39adafe |
4039 | --- /dev/null |
4040 | +++ b/debian/patches/lp1875708/man-document-the-new-_LINE_BREAK-type.patch |
4041 | @@ -0,0 +1,39 @@ |
4042 | +From: Lennart Poettering <lennart@poettering.net> |
4043 | +Date: Wed, 13 May 2020 00:09:43 +0200 |
4044 | +Subject: man: document the new _LINE_BREAK= type |
4045 | + |
4046 | +(cherry picked from commit a3d9aee14fa2f7df429dc401582877176206b7fd) |
4047 | +--- |
4048 | + man/systemd.journal-fields.xml | 19 ++++++++++--------- |
4049 | + 1 file changed, 10 insertions(+), 9 deletions(-) |
4050 | + |
4051 | +diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml |
4052 | +index a0771f3..4d35cfb 100644 |
4053 | +--- a/man/systemd.journal-fields.xml |
4054 | ++++ b/man/systemd.journal-fields.xml |
4055 | +@@ -347,15 +347,16 @@ |
4056 | + <varlistentry> |
4057 | + <term><varname>_LINE_BREAK=</varname></term> |
4058 | + <listitem> |
4059 | +- <para>Only applies to <literal>_TRANSPORT=stdout</literal> records: indicates that the log message in the |
4060 | +- standard output/error stream was not terminated with a normal newline character (<literal>\n</literal>, |
4061 | +- i.e. ASCII 10). Specifically, when set this field is one of <option>nul</option> (in case the line was |
4062 | +- terminated by a NUL byte), <option>line-max</option> (in case the maximum log line length was reached, as |
4063 | +- configured with <varname>LineMax=</varname> in |
4064 | +- <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>) or |
4065 | +- <option>eof</option> (if this was the last log record of a stream and the stream ended without a final |
4066 | +- newline character). Note that this record is not generated when a normal newline character was used for |
4067 | +- marking the log line end.</para> |
4068 | ++ <para>Only applies to <literal>_TRANSPORT=stdout</literal> records: indicates that the log message |
4069 | ++ in the standard output/error stream was not terminated with a normal newline character |
4070 | ++ (<literal>\n</literal>, i.e. ASCII 10). Specifically, when set this field is one of |
4071 | ++ <option>nul</option> (in case the line was terminated by a NUL byte), <option>line-max</option> (in |
4072 | ++ case the maximum log line length was reached, as configured with <varname>LineMax=</varname> in |
4073 | ++ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>), |
4074 | ++ <option>eof</option> (if this was the last log record of a stream and the stream ended without a |
4075 | ++ final newline character), or <option>pid-change</option> (if the process which generated the log |
4076 | ++ output changed in the middle of a line). Note that this record is not generated when a normal |
4077 | ++ newline character was used for marking the log line end.</para> |
4078 | + </listitem> |
4079 | + </varlistentry> |
4080 | + <varlistentry> |
4081 | diff --git a/debian/patches/lp1875708/socket-util-introduce-type-safe-dereferencing-wrapper-CMS.patch b/debian/patches/lp1875708/socket-util-introduce-type-safe-dereferencing-wrapper-CMS.patch |
4082 | new file mode 100644 |
4083 | index 0000000..3e98d44 |
4084 | --- /dev/null |
4085 | +++ b/debian/patches/lp1875708/socket-util-introduce-type-safe-dereferencing-wrapper-CMS.patch |
4086 | @@ -0,0 +1,198 @@ |
4087 | +From: Lennart Poettering <lennart@poettering.net> |
4088 | +Date: Fri, 17 Apr 2020 11:52:48 +0200 |
4089 | +Subject: socket-util: introduce type-safe, |
4090 | + dereferencing wrapper CMSG_FIND_DATA around cmsg_find() |
4091 | + |
4092 | +let's take this once step further, and add type-safety to cmsg_find(), |
4093 | +and imply the CMSG_DATA() macro for finding the cmsg payload. |
4094 | + |
4095 | +(cherry picked from commit 371d72e05b7e2c2b7850cb04d8d4c18be1e60421) |
4096 | +--- |
4097 | + src/basic/socket-util.h | 8 ++++++++ |
4098 | + src/import/importd.c | 10 ++-------- |
4099 | + src/journal/journald-stream.c | 25 +++++++------------------ |
4100 | + src/nspawn/nspawn.c | 13 ++----------- |
4101 | + src/shared/ask-password-api.c | 7 ++----- |
4102 | + src/udev/udevd.c | 10 ++-------- |
4103 | + 6 files changed, 23 insertions(+), 50 deletions(-) |
4104 | + |
4105 | +diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h |
4106 | +index 24e1213..e233260 100644 |
4107 | +--- a/src/basic/socket-util.h |
4108 | ++++ b/src/basic/socket-util.h |
4109 | +@@ -158,6 +158,14 @@ int flush_accept(int fd); |
4110 | + |
4111 | + struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t length); |
4112 | + |
4113 | ++/* Type-safe, dereferencing version of cmsg_find() */ |
4114 | ++#define CMSG_FIND_DATA(mh, level, type, ctype) \ |
4115 | ++ ({ \ |
4116 | ++ struct cmsghdr *_found; \ |
4117 | ++ _found = cmsg_find(mh, level, type, CMSG_LEN(sizeof(ctype))); \ |
4118 | ++ (ctype*) (_found ? CMSG_DATA(_found) : NULL); \ |
4119 | ++ }) |
4120 | ++ |
4121 | + /* |
4122 | + * Certain hardware address types (e.g Infiniband) do not fit into sll_addr |
4123 | + * (8 bytes) and run over the structure. This macro returns the correct size that |
4124 | +diff --git a/src/import/importd.c b/src/import/importd.c |
4125 | +index 93e704e..91290af 100644 |
4126 | +--- a/src/import/importd.c |
4127 | ++++ b/src/import/importd.c |
4128 | +@@ -556,9 +556,8 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void |
4129 | + .msg_control = &control, |
4130 | + .msg_controllen = sizeof(control), |
4131 | + }; |
4132 | +- struct ucred *ucred = NULL; |
4133 | ++ struct ucred *ucred; |
4134 | + Manager *m = userdata; |
4135 | +- struct cmsghdr *cmsg; |
4136 | + char *p, *e; |
4137 | + Transfer *t; |
4138 | + Iterator i; |
4139 | +@@ -575,17 +574,12 @@ static int manager_on_notify(sd_event_source *s, int fd, uint32_t revents, void |
4140 | + |
4141 | + cmsg_close_all(&msghdr); |
4142 | + |
4143 | +- CMSG_FOREACH(cmsg, &msghdr) |
4144 | +- if (cmsg->cmsg_level == SOL_SOCKET && |
4145 | +- cmsg->cmsg_type == SCM_CREDENTIALS && |
4146 | +- cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) |
4147 | +- ucred = (struct ucred*) CMSG_DATA(cmsg); |
4148 | +- |
4149 | + if (msghdr.msg_flags & MSG_TRUNC) { |
4150 | + log_warning("Got overly long notification datagram, ignoring."); |
4151 | + return 0; |
4152 | + } |
4153 | + |
4154 | ++ ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); |
4155 | + if (!ucred || ucred->pid <= 0) { |
4156 | + log_warning("Got notification datagram lacking credential information, ignoring."); |
4157 | + return 0; |
4158 | +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c |
4159 | +index 609af50..202ac3c 100644 |
4160 | +--- a/src/journal/journald-stream.c |
4161 | ++++ b/src/journal/journald-stream.c |
4162 | +@@ -491,8 +491,7 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) { |
4163 | + static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) { |
4164 | + uint8_t buf[CMSG_SPACE(sizeof(struct ucred))]; |
4165 | + StdoutStream *s = userdata; |
4166 | +- struct ucred *ucred = NULL; |
4167 | +- struct cmsghdr *cmsg; |
4168 | ++ struct ucred *ucred; |
4169 | + struct iovec iovec; |
4170 | + size_t limit; |
4171 | + ssize_t l; |
4172 | +@@ -541,24 +540,14 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, |
4173 | + goto terminate; |
4174 | + } |
4175 | + |
4176 | +- CMSG_FOREACH(cmsg, &msghdr) |
4177 | +- if (cmsg->cmsg_level == SOL_SOCKET && |
4178 | +- cmsg->cmsg_type == SCM_CREDENTIALS && |
4179 | +- cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { |
4180 | +- ucred = (struct ucred *)CMSG_DATA(cmsg); |
4181 | +- break; |
4182 | +- } |
4183 | +- |
4184 | +- /* Invalidate the context if the pid of the sender changed. |
4185 | +- * This happens when a forked process inherits stdout / stderr |
4186 | +- * from a parent. In this case getpeercred returns the ucred |
4187 | +- * of the parent, which can be invalid if the parent has exited |
4188 | +- * in the meantime. |
4189 | ++ /* Invalidate the context if the pid of the sender changed. This happens when a forked process |
4190 | ++ * inherits stdout / stderr from a parent. In this case getpeercred returns the ucred of the parent, |
4191 | ++ * which can be invalid if the parent has exited in the meantime. |
4192 | + */ |
4193 | ++ ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); |
4194 | + if (ucred && ucred->pid != s->ucred.pid) { |
4195 | +- /* force out any previously half-written lines from a |
4196 | +- * different process, before we switch to the new ucred |
4197 | +- * structure for everything we just added */ |
4198 | ++ /* force out any previously half-written lines from a different process, before we switch to |
4199 | ++ * the new ucred structure for everything we just added */ |
4200 | + r = stdout_stream_scan(s, true); |
4201 | + if (r < 0) |
4202 | + goto terminate; |
4203 | +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c |
4204 | +index 734dee1..01fa6f2 100644 |
4205 | +--- a/src/nspawn/nspawn.c |
4206 | ++++ b/src/nspawn/nspawn.c |
4207 | +@@ -3696,8 +3696,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r |
4208 | + .msg_control = &control, |
4209 | + .msg_controllen = sizeof(control), |
4210 | + }; |
4211 | +- struct cmsghdr *cmsg; |
4212 | +- struct ucred *ucred = NULL; |
4213 | ++ struct ucred *ucred; |
4214 | + ssize_t n; |
4215 | + pid_t inner_child_pid; |
4216 | + _cleanup_strv_free_ char **tags = NULL; |
4217 | +@@ -3720,15 +3719,7 @@ static int nspawn_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t r |
4218 | + } |
4219 | + cmsg_close_all(&msghdr); |
4220 | + |
4221 | +- CMSG_FOREACH(cmsg, &msghdr) { |
4222 | +- if (cmsg->cmsg_level == SOL_SOCKET && |
4223 | +- cmsg->cmsg_type == SCM_CREDENTIALS && |
4224 | +- cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) { |
4225 | +- |
4226 | +- ucred = (struct ucred*) CMSG_DATA(cmsg); |
4227 | +- } |
4228 | +- } |
4229 | +- |
4230 | ++ ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); |
4231 | + if (!ucred || ucred->pid != inner_child_pid) { |
4232 | + log_debug("Received notify message without valid credentials. Ignoring."); |
4233 | + return 0; |
4234 | +diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c |
4235 | +index 0fc5501..4a6f093 100644 |
4236 | +--- a/src/shared/ask-password-api.c |
4237 | ++++ b/src/shared/ask-password-api.c |
4238 | +@@ -939,15 +939,12 @@ int ask_password_agent( |
4239 | + continue; |
4240 | + } |
4241 | + |
4242 | +- if (msghdr.msg_controllen < CMSG_LEN(sizeof(struct ucred)) || |
4243 | +- control.cmsghdr.cmsg_level != SOL_SOCKET || |
4244 | +- control.cmsghdr.cmsg_type != SCM_CREDENTIALS || |
4245 | +- control.cmsghdr.cmsg_len != CMSG_LEN(sizeof(struct ucred))) { |
4246 | ++ ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); |
4247 | ++ if (!ucred) { |
4248 | + log_debug("Received message without credentials. Ignoring."); |
4249 | + continue; |
4250 | + } |
4251 | + |
4252 | +- ucred = (struct ucred*) CMSG_DATA(&control.cmsghdr); |
4253 | + if (ucred->uid != 0) { |
4254 | + log_debug("Got request from unprivileged user. Ignoring."); |
4255 | + continue; |
4256 | +diff --git a/src/udev/udevd.c b/src/udev/udevd.c |
4257 | +index ca65474..07deadf 100644 |
4258 | +--- a/src/udev/udevd.c |
4259 | ++++ b/src/udev/udevd.c |
4260 | +@@ -905,9 +905,8 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat |
4261 | + .msg_control = &control, |
4262 | + .msg_controllen = sizeof(control), |
4263 | + }; |
4264 | +- struct cmsghdr *cmsg; |
4265 | + ssize_t size; |
4266 | +- struct ucred *ucred = NULL; |
4267 | ++ struct ucred *ucred; |
4268 | + struct worker *worker; |
4269 | + |
4270 | + size = recvmsg(fd, &msghdr, MSG_DONTWAIT); |
4271 | +@@ -924,12 +923,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat |
4272 | + continue; |
4273 | + } |
4274 | + |
4275 | +- CMSG_FOREACH(cmsg, &msghdr) |
4276 | +- if (cmsg->cmsg_level == SOL_SOCKET && |
4277 | +- cmsg->cmsg_type == SCM_CREDENTIALS && |
4278 | +- cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) |
4279 | +- ucred = (struct ucred*) CMSG_DATA(cmsg); |
4280 | +- |
4281 | ++ ucred = CMSG_FIND_DATA(&msghdr, SOL_SOCKET, SCM_CREDENTIALS, struct ucred); |
4282 | + if (!ucred || ucred->pid <= 0) { |
4283 | + log_warning("Ignoring worker message without valid PID"); |
4284 | + continue; |
4285 | diff --git a/debian/patches/lp1875708/test-Add-a-test-case-for-15654.patch b/debian/patches/lp1875708/test-Add-a-test-case-for-15654.patch |
4286 | new file mode 100644 |
4287 | index 0000000..c5b6edb |
4288 | --- /dev/null |
4289 | +++ b/debian/patches/lp1875708/test-Add-a-test-case-for-15654.patch |
4290 | @@ -0,0 +1,28 @@ |
4291 | +From: Benjamin Robin <dev@benjarobin.fr> |
4292 | +Date: Wed, 6 May 2020 23:28:02 +0200 |
4293 | +Subject: test: Add a test case for #15654 |
4294 | + |
4295 | +(cherry picked from commit c11d8fd1dab3bc3f0abbc861ba5eb34518cec1da) |
4296 | +--- |
4297 | + test/TEST-04-JOURNAL/test-journal.sh | 8 ++++++++ |
4298 | + 1 file changed, 8 insertions(+) |
4299 | + |
4300 | +diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh |
4301 | +index 1431dad..07ef8f4 100755 |
4302 | +--- a/test/TEST-04-JOURNAL/test-journal.sh |
4303 | ++++ b/test/TEST-04-JOURNAL/test-journal.sh |
4304 | +@@ -87,6 +87,14 @@ journalctl -b -o export -t "$ID" --output-fields=_PID | grep '^_PID=' >/output |
4305 | + grep -q "^_PID=$PID" /output |
4306 | + grep -vq "^_PID=$PID" /output |
4307 | + |
4308 | ++# https://github.com/systemd/systemd/issues/15654 |
4309 | ++ID=$(journalctl --new-id128 | sed -n 2p) |
4310 | ++printf "This will\nusually fail\nand be truncated\n">/expected |
4311 | ++systemd-cat -t "$ID" /bin/sh -c 'env echo -n "This will";echo;env echo -n "usually fail";echo;env echo -n "and be truncated";echo;' |
4312 | ++journalctl --sync |
4313 | ++journalctl -b -o cat -t "$ID" >/output |
4314 | ++cmp /expected /output |
4315 | ++ |
4316 | + # Add new tests before here, the journald restarts below |
4317 | + # may make tests flappy. |
4318 | + |
4319 | diff --git a/debian/patches/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch b/debian/patches/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch |
4320 | new file mode 100644 |
4321 | index 0000000..3c0de0f |
4322 | --- /dev/null |
4323 | +++ b/debian/patches/lp1878969-meson-initialize-time-epoch-to-reproducible-builds-compat.patch |
4324 | @@ -0,0 +1,61 @@ |
4325 | +From: Dimitri John Ledkov <xnox@ubuntu.com> |
4326 | +Date: Fri, 15 May 2020 19:16:05 +0100 |
4327 | +Subject: meson: initialize time-epoch to reproducible builds compatible value |
4328 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1878969 |
4329 | +Origin: upstream, https://github.com/systemd/systemd/commit/6dbf352cfbbaf9c9b277af54da50da38296ae5c6 |
4330 | + |
4331 | +Debian Policy encourages to preserve timestamps whenever possible in the |
4332 | +tarballs, thus stable release updates of systemd usually do not bump NEWS file |
4333 | +timestamp. And thus time-epoch remains the same for the lifetime of a release. |
4334 | + |
4335 | +It would be better, if each new stable release rebuild of systemd would bump |
4336 | +the time epoch a bit. But at the same time remain |
4337 | +reproducible. SOURCE_DATE_EPOCH is an environmnet variable defined for this |
4338 | +purpose. Thus if available, prefer that, instead of the NEWS file modification |
4339 | +time. |
4340 | + |
4341 | +For example, on Debian/Ubuntu under the reproducible builds the |
4342 | +SOURCE_DATE_EPOCH is set to the timestamp from the packaging metadata, thus it |
4343 | +is incremented on every new stable release update, whilst preserving |
4344 | +reproducible builds capability. |
4345 | + |
4346 | +Reference: https://reproducible-builds.org/docs/timestamps/ |
4347 | +--- |
4348 | + TODO | 3 --- |
4349 | + meson.build | 9 +++++++-- |
4350 | + 2 files changed, 7 insertions(+), 5 deletions(-) |
4351 | + |
4352 | +diff --git a/TODO b/TODO |
4353 | +index e944245..51b23cf 100644 |
4354 | +--- a/TODO |
4355 | ++++ b/TODO |
4356 | +@@ -446,9 +446,6 @@ Features: |
4357 | + |
4358 | + * support projid-based quota in machinectl for containers |
4359 | + |
4360 | +-* maybe use SOURCE_DATE_EPOCH (i.e. the env var the reproducible builds folks |
4361 | +- introduced) as the RTC epoch, instead of the mtime of NEWS. |
4362 | +- |
4363 | + * add a way to lock down cgroup migration: a boolean, which when set for a unit |
4364 | + makes sure the processes in it can never migrate out of it |
4365 | + |
4366 | +diff --git a/meson.build b/meson.build |
4367 | +index 60f8284..4ced8d7 100644 |
4368 | +--- a/meson.build |
4369 | ++++ b/meson.build |
4370 | +@@ -671,8 +671,13 @@ conf.set_quoted('DEFAULT_NET_NAMING_SCHEME', default_net_naming_scheme) |
4371 | + |
4372 | + time_epoch = get_option('time-epoch') |
4373 | + if time_epoch == -1 |
4374 | +- NEWS = files('NEWS') |
4375 | +- time_epoch = run_command(stat, '-c', '%Y', NEWS).stdout().to_int() |
4376 | ++ source_date_epoch = run_command('sh', ['-c', 'echo "$SOURCE_DATE_EPOCH"']).stdout().strip() |
4377 | ++ if source_date_epoch != '' |
4378 | ++ time_epoch = source_date_epoch.to_int() |
4379 | ++ else |
4380 | ++ NEWS = files('NEWS') |
4381 | ++ time_epoch = run_command(stat, '-c', '%Y', NEWS).stdout().to_int() |
4382 | ++ endif |
4383 | + endif |
4384 | + conf.set('TIME_EPOCH', time_epoch) |
4385 | + |
4386 | diff --git a/debian/patches/lp1882596-man-fix-some-manvolnum.patch b/debian/patches/lp1882596-man-fix-some-manvolnum.patch |
4387 | new file mode 100644 |
4388 | index 0000000..a1b0fd0 |
4389 | --- /dev/null |
4390 | +++ b/debian/patches/lp1882596-man-fix-some-manvolnum.patch |
4391 | @@ -0,0 +1,267 @@ |
4392 | +From 675fa6ea284b715d8fc909e6523f520a0125b7eb Mon Sep 17 00:00:00 2001 |
4393 | +From: Anita Zhang <the.anitazha@gmail.com> |
4394 | +Date: Fri, 10 Jul 2020 15:05:23 -0700 |
4395 | +Subject: [PATCH] man: fix some manvolnum |
4396 | +Origin: upstream, https://github.com/systemd/systemd/commit/675fa6ea284b715d8fc909e6523f520a0125b7eb |
4397 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1882596 |
4398 | + |
4399 | +--- |
4400 | + man/homectl.xml | 2 +- |
4401 | + man/journal-remote.conf.xml | 2 +- |
4402 | + man/journal-upload.conf.xml | 2 +- |
4403 | + man/journalctl.xml | 2 +- |
4404 | + man/journald.conf.xml | 2 +- |
4405 | + man/logind.conf.xml | 2 +- |
4406 | + man/systemd-bless-boot.service.xml | 2 +- |
4407 | + man/systemd-boot-check-no-failures.service.xml | 2 +- |
4408 | + man/systemd-environment-d-generator.xml | 2 +- |
4409 | + man/systemd-sleep.conf.xml | 2 +- |
4410 | + man/systemd-system.conf.xml | 2 +- |
4411 | + man/systemd-sysv-generator.xml | 2 +- |
4412 | + man/systemd-xdg-autostart-generator.xml | 2 +- |
4413 | + man/systemd.link.xml | 2 +- |
4414 | + man/systemd.netdev.xml | 2 +- |
4415 | + man/systemd.network.xml | 2 +- |
4416 | + man/systemd.slice.xml | 6 +++--- |
4417 | + man/systemd.unit.xml | 2 +- |
4418 | + man/systemd.xml | 2 +- |
4419 | + man/timesyncd.conf.xml | 2 +- |
4420 | + man/user@.service.xml | 4 ++-- |
4421 | + 21 files changed, 24 insertions(+), 24 deletions(-) |
4422 | + |
4423 | +--- a/man/homectl.xml |
4424 | ++++ b/man/homectl.xml |
4425 | +@@ -395,7 +395,7 @@ |
4426 | + |
4427 | + <listitem><para>Each of these options takes a time span specification as argument (in the syntax |
4428 | + documented in |
4429 | +- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and |
4430 | ++ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>) and |
4431 | + configure various aspects of the user's password expiration policy. Specifically, |
4432 | + <option>--password-change-min=</option> configures how much time has to pass after changing the |
4433 | + password of the user until the password may be changed again. If the user tries to change their |
4434 | +--- a/man/journal-remote.conf.xml |
4435 | ++++ b/man/journal-remote.conf.xml |
4436 | +@@ -39,7 +39,7 @@ |
4437 | + <para>These files configure various parameters of |
4438 | + <citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
4439 | + See |
4440 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4441 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4442 | + for a general description of the syntax.</para> |
4443 | + </refsect1> |
4444 | + |
4445 | +--- a/man/journal-upload.conf.xml |
4446 | ++++ b/man/journal-upload.conf.xml |
4447 | +@@ -34,7 +34,7 @@ |
4448 | + <para>These files configure various parameters of |
4449 | + <citerefentry><refentrytitle>systemd-journal-upload.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
4450 | + See |
4451 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4452 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4453 | + for a general description of the syntax.</para> |
4454 | + </refsect1> |
4455 | + |
4456 | +--- a/man/journalctl.xml |
4457 | ++++ b/man/journalctl.xml |
4458 | +@@ -1015,7 +1015,7 @@ journalctl _SYSTEMD_CGROUP=/user.slice/u |
4459 | + + OBJECT_SYSTEMD_UNIT=<replaceable>name</replaceable>.service _UID=0 |
4460 | + + COREDUMP_UNIT=<replaceable>name</replaceable>.service _UID=0 MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1 |
4461 | + </programlisting> |
4462 | +- (see <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4463 | ++ (see <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4464 | + for an explanation of those patterns). |
4465 | + </para> |
4466 | + |
4467 | +--- a/man/journald.conf.xml |
4468 | ++++ b/man/journald.conf.xml |
4469 | +@@ -36,7 +36,7 @@ |
4470 | + <para>These files configure various parameters of the systemd journal service, |
4471 | + <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
4472 | + See |
4473 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4474 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4475 | + for a general description of the syntax.</para> |
4476 | + |
4477 | + <para>The <command>systemd-journald</command> instance managing the default namespace is configured by |
4478 | +--- a/man/logind.conf.xml |
4479 | ++++ b/man/logind.conf.xml |
4480 | +@@ -36,7 +36,7 @@ |
4481 | + |
4482 | + <para>These files configure various parameters of the systemd login manager, |
4483 | + <citerefentry><refentrytitle>systemd-logind.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>. See |
4484 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4485 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4486 | + for a general description of the syntax.</para> |
4487 | + </refsect1> |
4488 | + |
4489 | +--- a/man/systemd-bless-boot.service.xml |
4490 | ++++ b/man/systemd-bless-boot.service.xml |
4491 | +@@ -106,7 +106,7 @@ |
4492 | + <para> |
4493 | + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4494 | + <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
4495 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
4496 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4497 | + </para> |
4498 | + </refsect1> |
4499 | + |
4500 | +--- a/man/systemd-boot-check-no-failures.service.xml |
4501 | ++++ b/man/systemd-boot-check-no-failures.service.xml |
4502 | +@@ -45,7 +45,7 @@ |
4503 | + <title>See Also</title> |
4504 | + <para> |
4505 | + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4506 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
4507 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4508 | + </para> |
4509 | + </refsect1> |
4510 | + |
4511 | +--- a/man/systemd-environment-d-generator.xml |
4512 | ++++ b/man/systemd-environment-d-generator.xml |
4513 | +@@ -46,7 +46,7 @@ |
4514 | + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4515 | + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4516 | + <citerefentry><refentrytitle>systemd.environment-generator</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
4517 | +- <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4518 | ++ <citerefentry><refentrytitle>systemd.generator</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4519 | + </para> |
4520 | + </refsect1> |
4521 | + |
4522 | +--- a/man/systemd-sleep.conf.xml |
4523 | ++++ b/man/systemd-sleep.conf.xml |
4524 | +@@ -95,7 +95,7 @@ |
4525 | + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
4526 | + attempts to suspend or hibernate the machine. |
4527 | + See |
4528 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4529 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4530 | + for a general description of the syntax.</para> |
4531 | + </refsect1> |
4532 | + |
4533 | +--- a/man/systemd-system.conf.xml |
4534 | ++++ b/man/systemd-system.conf.xml |
4535 | +@@ -48,7 +48,7 @@ |
4536 | + <filename>user.conf.d</filename> directories. These configuration |
4537 | + files contain a few settings controlling basic manager |
4538 | + operations. See |
4539 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4540 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4541 | + for a general description of the syntax.</para> |
4542 | + </refsect1> |
4543 | + |
4544 | +--- a/man/systemd-sysv-generator.xml |
4545 | ++++ b/man/systemd-sysv-generator.xml |
4546 | +@@ -43,7 +43,7 @@ |
4547 | + <literal>$named</literal>, <literal>$portmap</literal>, |
4548 | + <literal>$time</literal> are supported and will be turned into |
4549 | + dependencies on specific native systemd targets. See |
4550 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4551 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4552 | + for more details.</para> |
4553 | + |
4554 | + <para>SysV runlevels have corresponding systemd targets |
4555 | +--- a/man/systemd.link.xml |
4556 | ++++ b/man/systemd.link.xml |
4557 | +@@ -29,7 +29,7 @@ |
4558 | + <para>A plain ini-style text file that encodes configuration for matching network devices, used by |
4559 | + <citerefentry><refentrytitle>systemd-udev</refentrytitle><manvolnum>8</manvolnum></citerefentry> and in |
4560 | + particular its <command>net_setup_link</command> builtin. See |
4561 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a |
4562 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> for a |
4563 | + general description of the syntax.</para> |
4564 | + |
4565 | + <para>The link files are read from the files located in the system |
4566 | +--- a/man/systemd.netdev.xml |
4567 | ++++ b/man/systemd.netdev.xml |
4568 | +@@ -29,7 +29,7 @@ |
4569 | + |
4570 | + <para>A plain ini-style text file that encodes configuration about a virtual network device, used by |
4571 | + <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
4572 | +- See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4573 | ++ See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4574 | + for a general description of the syntax.</para> |
4575 | + |
4576 | + <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>; |
4577 | +--- a/man/systemd.network.xml |
4578 | ++++ b/man/systemd.network.xml |
4579 | +@@ -31,7 +31,7 @@ |
4580 | + <para>A plain ini-style text file that encodes network configuration for matching network interfaces, |
4581 | + used by |
4582 | + <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
4583 | +- See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4584 | ++ See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4585 | + for a general description of the syntax.</para> |
4586 | + |
4587 | + <para>The main network file must have the extension <filename>.network</filename>; other |
4588 | +--- a/man/systemd.slice.xml |
4589 | ++++ b/man/systemd.slice.xml |
4590 | +@@ -43,12 +43,12 @@ |
4591 | + <para>By default, service and scope units are placed in |
4592 | + <filename>system.slice</filename>, virtual machines and containers |
4593 | + registered with |
4594 | +- <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
4595 | ++ <citerefentry><refentrytitle>systemd-machined</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
4596 | + are found in <filename>machine.slice</filename>, and user sessions |
4597 | + handled by |
4598 | +- <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
4599 | ++ <citerefentry><refentrytitle>systemd-logind</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
4600 | + in <filename>user.slice</filename>. See |
4601 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4602 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4603 | + for more information.</para> |
4604 | + |
4605 | + <para>See |
4606 | +--- a/man/systemd.unit.xml |
4607 | ++++ b/man/systemd.unit.xml |
4608 | +@@ -80,7 +80,7 @@ |
4609 | + target, a watched file system path, a timer controlled and supervised by |
4610 | + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a |
4611 | + resource management slice or a group of externally created processes. See |
4612 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4613 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4614 | + for a general description of the syntax.</para> |
4615 | + |
4616 | + <para>This man page lists the common configuration options of all |
4617 | +--- a/man/systemd.xml |
4618 | ++++ b/man/systemd.xml |
4619 | +@@ -1228,7 +1228,7 @@ |
4620 | + <citerefentry><refentrytitle>daemon</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
4621 | + <citerefentry><refentrytitle>sd-daemon</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
4622 | + <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
4623 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
4624 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
4625 | + <citerefentry project='die-net'><refentrytitle>pkg-config</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
4626 | + <citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
4627 | + <citerefentry project='man-pages'><refentrytitle>bootup</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
4628 | +--- a/man/timesyncd.conf.xml |
4629 | ++++ b/man/timesyncd.conf.xml |
4630 | +@@ -32,7 +32,7 @@ |
4631 | + <title>Description</title> |
4632 | + |
4633 | + <para>These configuration files control NTP network time synchronization. See |
4634 | +- <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4635 | ++ <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4636 | + for a general description of the syntax.</para> |
4637 | + </refsect1> |
4638 | + |
4639 | +--- a/man/user@.service.xml |
4640 | ++++ b/man/user@.service.xml |
4641 | +@@ -37,7 +37,7 @@ |
4642 | + hierarchy of its own units. See |
4643 | + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for |
4644 | + a discussion of systemd units and |
4645 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
4646 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
4647 | + for a list of units that form the basis of the unit hierarchies of system and user units.</para> |
4648 | + |
4649 | + <para><filename>user@<replaceable>UID</replaceable>.service</filename> is accompanied by the |
4650 | +@@ -57,7 +57,7 @@ |
4651 | + |
4652 | + <para>Individual <filename>user-<replaceable>UID</replaceable>.slice</filename> slices are |
4653 | + collected under <filename>user.slice</filename>, see |
4654 | +- <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>8</manvolnum></citerefentry>. |
4655 | ++ <citerefentry><refentrytitle>systemd.special</refentrytitle><manvolnum>7</manvolnum></citerefentry>. |
4656 | + </para> |
4657 | + </refsect1> |
4658 | + |
4659 | diff --git a/debian/patches/lp1887744-basic-unit-file-when-loading-linked-unit-files-use-l.patch b/debian/patches/lp1887744-basic-unit-file-when-loading-linked-unit-files-use-l.patch |
4660 | new file mode 100644 |
4661 | index 0000000..bb81adb |
4662 | --- /dev/null |
4663 | +++ b/debian/patches/lp1887744-basic-unit-file-when-loading-linked-unit-files-use-l.patch |
4664 | @@ -0,0 +1,92 @@ |
4665 | +From 3aa57658434e7a95c6000bebb166c31f1c6d051b Mon Sep 17 00:00:00 2001 |
4666 | +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
4667 | +Date: Sun, 14 Feb 2021 14:38:32 +0100 |
4668 | +Subject: [PATCH] basic/unit-file: when loading linked unit files, use link |
4669 | + source as "fragment path" |
4670 | +Origin: upstream, https://github.com/systemd/systemd/pull/18579/commits/3aa57658434e7a95c6000bebb166c31f1c6d051b |
4671 | +Bug: https://github.com/systemd/systemd/issues/18058 |
4672 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1887744 |
4673 | + |
4674 | +The general idea is that when a unit file is "linked" (i.e. installed by |
4675 | +symlinking from outside of the search paths), the *destination* name is |
4676 | +irrelevant. It doesn't even have to be a valid unit name, or to match the type |
4677 | +or instance value. The obvious collorary is that we shouldn't look at the |
4678 | +symlink destination name to derive the unit name, instance value, or anything |
4679 | +else at all. |
4680 | + |
4681 | +When building the name map, when we find a linked unit (possibly at the end |
4682 | +of a series of alias redirects), store the *source* of the final symlink as the |
4683 | +fragment path. This has two effects: |
4684 | +- we stop looking at the *target* file name to derive unit info, i.e. actually |
4685 | + implement the stuff described in the first paragraph. |
4686 | +- we load the unit fragment through the symlink. If someone were to remove the |
4687 | + symlink, we'll not load the unit. This seems like the right thing. |
4688 | + |
4689 | +Fixes #18058. |
4690 | +Before this change, we were generally quite confused about unit alises for |
4691 | +linked units. Fortunately most poeple use the same symlink source and target, |
4692 | +so in practice we wouldn't hit this too often. |
4693 | + |
4694 | +In unit_load_fragment() a comment is added to explain what we're doing there. |
4695 | +--- |
4696 | + src/basic/unit-file.c | 14 ++++++++------ |
4697 | + src/core/load-fragment.c | 7 ++++--- |
4698 | + 2 files changed, 12 insertions(+), 9 deletions(-) |
4699 | + |
4700 | +--- a/src/shared/unit-file.c |
4701 | ++++ b/src/shared/unit-file.c |
4702 | +@@ -347,10 +347,16 @@ int unit_file_build_name_map( |
4703 | + |
4704 | + /* Check if the symlink goes outside of our search path. |
4705 | + * If yes, it's a linked unit file or mask, and we don't care about the target name. |
4706 | +- * Let's just store the link destination directly. |
4707 | ++ * Let's just store the link source directly. |
4708 | + * If not, let's verify that it's a good symlink. */ |
4709 | + char *tail = path_startswith_strv(simplified, lp->search_path); |
4710 | +- if (tail) { |
4711 | ++ if (!tail) { |
4712 | ++ log_debug("%s: linked unit file: %s → %s", |
4713 | ++ __func__, filename, simplified); |
4714 | ++ |
4715 | ++ dst = filename; |
4716 | ++ } else { |
4717 | ++ |
4718 | + bool self_alias; |
4719 | + |
4720 | + dst = basename(simplified); |
4721 | +@@ -373,10 +379,6 @@ int unit_file_build_name_map( |
4722 | + } |
4723 | + |
4724 | + log_debug("%s: alias: %s/%s → %s", __func__, *dir, de->d_name, dst); |
4725 | +- } else { |
4726 | +- dst = simplified; |
4727 | +- |
4728 | +- log_debug("%s: linked unit file: %s/%s → %s", __func__, *dir, de->d_name, dst); |
4729 | + } |
4730 | + |
4731 | + } else { |
4732 | +--- a/src/core/load-fragment.c |
4733 | ++++ b/src/core/load-fragment.c |
4734 | +@@ -4787,10 +4787,11 @@ int unit_load_fragment(Unit *u) { |
4735 | + u->source_mtime = 0; |
4736 | + } |
4737 | + |
4738 | +- /* We do the merge dance here because for some unit types, the unit might have aliases which are not |
4739 | ++ /* Call merge_by_names with the name derived from the fragment path as the preferred name. |
4740 | ++ * |
4741 | ++ * We do the merge dance here because for some unit types, the unit might have aliases which are not |
4742 | + * declared in the file system. In particular, this is true (and frequent) for device and swap units. |
4743 | + */ |
4744 | +- Unit *merged; |
4745 | + const char *id = u->id; |
4746 | + _cleanup_free_ char *free_id = NULL; |
4747 | + |
4748 | +@@ -4807,7 +4808,7 @@ int unit_load_fragment(Unit *u) { |
4749 | + } |
4750 | + } |
4751 | + |
4752 | +- merged = u; |
4753 | ++ Unit *merged = u; |
4754 | + r = merge_by_names(&merged, names, id); |
4755 | + if (r < 0) |
4756 | + return r; |
4757 | diff --git a/debian/patches/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch b/debian/patches/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch |
4758 | new file mode 100644 |
4759 | index 0000000..7697dc2 |
4760 | --- /dev/null |
4761 | +++ b/debian/patches/lp1890448-hwdb-Add-EliteBook-to-use-micmute-hotkey.patch |
4762 | @@ -0,0 +1,32 @@ |
4763 | +From b6eb208b29ae720e45a2950453fa4278a88bbcc9 Mon Sep 17 00:00:00 2001 |
4764 | +From: Kai-Heng Feng <kai.heng.feng@canonical.com> |
4765 | +Date: Tue, 16 Jun 2020 13:24:27 +0800 |
4766 | +Subject: [PATCH] hwdb: Add EliteBook to use micmute hotkey |
4767 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1890448 |
4768 | +Origin: upstream, https://github.com/systemd/systemd/commit/b6eb208b29ae720e45a2950453fa4278a88bbcc9 |
4769 | + |
4770 | +Like HP ZBooks, all EliteBooks use the same micmute scancode. |
4771 | +--- |
4772 | + hwdb.d/60-keyboard.hwdb | 8 +++----- |
4773 | + 1 file changed, 3 insertions(+), 5 deletions(-) |
4774 | + |
4775 | +--- a/hwdb.d/60-keyboard.hwdb |
4776 | ++++ b/hwdb.d/60-keyboard.hwdb |
4777 | +@@ -584,6 +584,9 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett |
4778 | + |
4779 | + # HP EliteBook 725 G2 |
4780 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPLicrice:pvr* |
4781 | ++# HP EliteBook |
4782 | ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBook*:pvr* |
4783 | ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:pvr* |
4784 | + # HP ProBook 440 G2 |
4785 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP440G2:pvr* |
4786 | + # several HP ProBooks 4xx |
4787 | +@@ -610,7 +613,6 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP:pnHP |
4788 | + |
4789 | + # HP Folio 1040g2 |
4790 | + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBookFolio1040G2:pvr* |
4791 | +- KEYBOARD_KEY_81=f20 # Fn+F8; Microphone mute button, should be micmute |
4792 | + KEYBOARD_KEY_d8=!f23 # touchpad off |
4793 | + KEYBOARD_KEY_d9=!f22 # touchpad on |
4794 | + |
4795 | diff --git a/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch b/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch |
4796 | new file mode 100644 |
4797 | index 0000000..00c7142 |
4798 | --- /dev/null |
4799 | +++ b/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch |
4800 | @@ -0,0 +1,184 @@ |
4801 | +From 1098142436f46b889f6b7bcc87af54bc5b95d560 Mon Sep 17 00:00:00 2001 |
4802 | +From: Lennart Poettering <lennart@poettering.net> |
4803 | +Date: Wed, 18 Nov 2020 15:11:43 +0100 |
4804 | +Subject: [PATCH] fs-util: add conservative_rename() that suppresses |
4805 | + unnecessary renames |
4806 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1891215 |
4807 | +Origin: upstream, https://github.com/systemd/systemd/commit/1098142436f46b889f6b7bcc87af54bc5b95d560 |
4808 | + |
4809 | +if the source and destination file match in contents and basic file |
4810 | +attributes, don#t rename, but just remove source. |
4811 | + |
4812 | +This is a simple way to suppress inotify events + mtime changes when |
4813 | +atomically updating files. |
4814 | +--- |
4815 | + src/basic/fs-util.c | 77 +++++++++++++++++++++++++++++++++++++++++ |
4816 | + src/basic/fs-util.h | 2 ++ |
4817 | + src/test/test-fs-util.c | 48 +++++++++++++++++++++++++ |
4818 | + 3 files changed, 127 insertions(+) |
4819 | + |
4820 | +--- a/src/basic/fs-util.c |
4821 | ++++ b/src/basic/fs-util.c |
4822 | +@@ -1479,3 +1479,80 @@ int open_parent(const char *path, int fl |
4823 | + |
4824 | + return fd; |
4825 | + } |
4826 | ++ |
4827 | ++int conservative_rename( |
4828 | ++ int olddirfd, const char *oldpath, |
4829 | ++ int newdirfd, const char *newpath) { |
4830 | ++ |
4831 | ++ _cleanup_close_ int old_fd = -1, new_fd = -1; |
4832 | ++ struct stat old_stat, new_stat; |
4833 | ++ |
4834 | ++ /* Renames the old path to thew new path, much like renameat() — except if both are regular files and |
4835 | ++ * have the exact same contents and basic file attributes already. In that case remove the new file |
4836 | ++ * instead. This call is useful for reducing inotify wakeups on files that are updated but don't |
4837 | ++ * actually change. This function is written in a style that we rather rename too often than suppress |
4838 | ++ * too much. i.e. whenever we are in doubt we rather rename than fail. After all reducing inotify |
4839 | ++ * events is an optimization only, not more. */ |
4840 | ++ |
4841 | ++ old_fd = openat(olddirfd, oldpath, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); |
4842 | ++ if (old_fd < 0) |
4843 | ++ goto do_rename; |
4844 | ++ |
4845 | ++ new_fd = openat(newdirfd, newpath, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); |
4846 | ++ if (new_fd < 0) |
4847 | ++ goto do_rename; |
4848 | ++ |
4849 | ++ if (fstat(old_fd, &old_stat) < 0) |
4850 | ++ goto do_rename; |
4851 | ++ |
4852 | ++ if (!S_ISREG(old_stat.st_mode)) |
4853 | ++ goto do_rename; |
4854 | ++ |
4855 | ++ if (fstat(new_fd, &new_stat) < 0) |
4856 | ++ goto do_rename; |
4857 | ++ |
4858 | ++ if (new_stat.st_ino == old_stat.st_ino && |
4859 | ++ new_stat.st_dev == old_stat.st_dev) |
4860 | ++ goto is_same; |
4861 | ++ |
4862 | ++ if (old_stat.st_mode != new_stat.st_mode || |
4863 | ++ old_stat.st_size != new_stat.st_size || |
4864 | ++ old_stat.st_uid != new_stat.st_uid || |
4865 | ++ old_stat.st_gid != new_stat.st_gid) |
4866 | ++ goto do_rename; |
4867 | ++ |
4868 | ++ for (;;) { |
4869 | ++ char buf1[16*1024]; |
4870 | ++ char buf2[sizeof(buf1) + 1]; |
4871 | ++ ssize_t l1, l2; |
4872 | ++ |
4873 | ++ l1 = read(old_fd, buf1, sizeof(buf1)); |
4874 | ++ if (l1 < 0) |
4875 | ++ goto do_rename; |
4876 | ++ |
4877 | ++ l2 = read(new_fd, buf2, l1 + 1); |
4878 | ++ if (l1 != l2) |
4879 | ++ goto do_rename; |
4880 | ++ |
4881 | ++ if (l1 == 0) /* EOF on both! And everything's the same so far, yay! */ |
4882 | ++ break; |
4883 | ++ |
4884 | ++ if (memcmp(buf1, buf2, l1) != 0) |
4885 | ++ goto do_rename; |
4886 | ++ } |
4887 | ++ |
4888 | ++is_same: |
4889 | ++ /* Everything matches? Then don't rename, instead remove the source file, and leave the existing |
4890 | ++ * destination in place */ |
4891 | ++ |
4892 | ++ if (unlinkat(olddirfd, oldpath, 0) < 0) |
4893 | ++ goto do_rename; |
4894 | ++ |
4895 | ++ return 0; |
4896 | ++ |
4897 | ++do_rename: |
4898 | ++ if (renameat(olddirfd, oldpath, newdirfd, newpath) < 0) |
4899 | ++ return -errno; |
4900 | ++ |
4901 | ++ return 1; |
4902 | ++} |
4903 | +--- a/src/basic/fs-util.h |
4904 | ++++ b/src/basic/fs-util.h |
4905 | +@@ -122,3 +122,5 @@ int fsync_path_at(int at_fd, const char |
4906 | + int syncfs_path(int atfd, const char *path); |
4907 | + |
4908 | + int open_parent(const char *path, int flags, mode_t mode); |
4909 | ++ |
4910 | ++int conservative_rename(int olddirfd, const char *oldpath, int newdirfd, const char *newpath); |
4911 | +--- a/src/test/test-fs-util.c |
4912 | ++++ b/src/test/test-fs-util.c |
4913 | +@@ -3,7 +3,9 @@ |
4914 | + #include <unistd.h> |
4915 | + |
4916 | + #include "alloc-util.h" |
4917 | ++#include "copy.h" |
4918 | + #include "fd-util.h" |
4919 | ++#include "fileio.h" |
4920 | + #include "fs-util.h" |
4921 | + #include "id128-util.h" |
4922 | + #include "macro.h" |
4923 | +@@ -849,6 +851,53 @@ static void test_chmod_and_chown_unsafe( |
4924 | + assert_se(S_ISLNK(st.st_mode)); |
4925 | + } |
4926 | + |
4927 | ++static void test_conservative_rename(void) { |
4928 | ++ _cleanup_(unlink_and_freep) char *p = NULL; |
4929 | ++ _cleanup_free_ char *q = NULL; |
4930 | ++ struct stat st; |
4931 | ++ |
4932 | ++ assert_se(tempfn_random_child(NULL, NULL, &p) >= 0); |
4933 | ++ assert_se(write_string_file(p, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); |
4934 | ++ |
4935 | ++ assert_se(tempfn_random_child(NULL, NULL, &q) >= 0); |
4936 | ++ |
4937 | ++ /* Check that the hardlinked "copy" is detected */ |
4938 | ++ assert_se(link(p, q) >= 0); |
4939 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); |
4940 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4941 | ++ |
4942 | ++ /* Check that a manual copy is detected */ |
4943 | ++ assert_se(stat(p, &st) >= 0); |
4944 | ++ assert_se(copy_file(p, q, 0, st.st_mode, 0, 0, COPY_REFLINK) >= 0); |
4945 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); |
4946 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4947 | ++ |
4948 | ++ /* Check that a manual new writeout is also detected */ |
4949 | ++ assert_se(write_string_file(q, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); |
4950 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); |
4951 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4952 | ++ |
4953 | ++ /* Check that a minimally changed version is detected */ |
4954 | ++ assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); |
4955 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); |
4956 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4957 | ++ |
4958 | ++ /* Check that this really is new updated version */ |
4959 | ++ assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); |
4960 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); |
4961 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4962 | ++ |
4963 | ++ /* Make sure we detect extended files */ |
4964 | ++ assert_se(write_string_file(q, "this is a_testx", WRITE_STRING_FILE_CREATE) >= 0); |
4965 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); |
4966 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4967 | ++ |
4968 | ++ /* Make sure we detect truncated files */ |
4969 | ++ assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); |
4970 | ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); |
4971 | ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); |
4972 | ++} |
4973 | ++ |
4974 | + int main(int argc, char *argv[]) { |
4975 | + test_setup_logging(LOG_INFO); |
4976 | + |
4977 | +@@ -867,6 +916,7 @@ int main(int argc, char *argv[]) { |
4978 | + test_rename_noreplace(); |
4979 | + test_chmod_and_chown(); |
4980 | + test_chmod_and_chown_unsafe(); |
4981 | ++ test_conservative_rename(); |
4982 | + |
4983 | + return 0; |
4984 | + } |
4985 | diff --git a/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch b/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch |
4986 | new file mode 100644 |
4987 | index 0000000..4a88f77 |
4988 | --- /dev/null |
4989 | +++ b/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch |
4990 | @@ -0,0 +1,46 @@ |
4991 | +From f3e1f00d03445911ee73729219cea88c8a70c612 Mon Sep 17 00:00:00 2001 |
4992 | +From: Lennart Poettering <lennart@poettering.net> |
4993 | +Date: Wed, 18 Nov 2020 15:12:44 +0100 |
4994 | +Subject: [PATCH] resolved: don't update resolv.conf snippets unnecessarily |
4995 | +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1891215 |
4996 | +Origin: upstream, https://github.com/systemd/systemd/commit/f3e1f00d03445911ee73729219cea88c8a70c612 |
4997 | + |
4998 | +Fixes: #17577 |
4999 | +--- |
5000 | + src/resolve/resolved-resolv-conf.c | 10 ++++++---- |
The diff has been truncated for viewing.