Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org
Dear Release Team,
We would like to upload the latest stable point release of systemd 252
to bookworm-p-u. Stable release branches are maintained upstream with
the intention of providing bug fixes only and no compatibility
breakages, and with automated non-trivial CI jobs that also cover
Debian and Ubuntu. I have already uploaded to p-u.
There are no packaging changes. Debdiff attached. The debdiff excludes
hwdb generated IDs.
The list of commits included can be seen at:
https://github.com/systemd/systemd-stable/compare/v252.31...v252.32
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/debian/changelog systemd-252.32/debian/changelog
--- systemd-252.31/debian/changelog 2024-10-10 18:40:53.000000000 +0100
+++ systemd-252.32/debian/changelog 2024-11-16 18:35:32.000000000 +0000
@@ -1,3 +1,9 @@
+systemd (252.32-1~deb12u1) bookworm; urgency=medium
+
+ * New upstream version 252.32
+
+ -- Luca Boccassi <bl...@debian.org> Sat, 16 Nov 2024 18:35:32 +0000
+
systemd (252.31-1~deb12u1) bookworm; urgency=medium
* New upstream version 252.31
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/docs/CODING_STYLE.md systemd-252.32/docs/CODING_STYLE.md
--- systemd-252.31/docs/CODING_STYLE.md 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/docs/CODING_STYLE.md 2024-11-16 18:30:43.000000000 +0000
@@ -539,6 +539,14 @@
important for objects that unprivileged users may allocate, but also matters
for everything else any user may allocate.
+- Please use `secure_getenv()` for all environment variable accesses, unless
+ it's clear that `getenv()` would be the better choice. This matters in
+ particular in `src/basic/` and `src/shared/` (i.e. library code that might
+ end up in unexpected processes), but should be followed everywhere else too
+ (in order to make it unproblematic to move code around). To say this clearly:
+ the default should be `secure_getenv()`, the exception should be regular
+ `getenv()`.
+
## Types
- Think about the types you use. If a value cannot sensibly be negative, do not
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/docs/ENVIRONMENT.md systemd-252.32/docs/ENVIRONMENT.md
--- systemd-252.31/docs/ENVIRONMENT.md 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/docs/ENVIRONMENT.md 2024-11-16 18:30:43.000000000 +0000
@@ -313,7 +313,7 @@
subvolumes if the backing filesystem supports them. If set to `0`, these
lines will always create directories.
-`systemd-sysusers`
+`systemd-sysusers`:
* `SOURCE_DATE_EPOCH` — if unset, the field of the date of last password change
in `/etc/shadow` will be the number of days from Jan 1, 1970 00:00 UTC until
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/man/machinectl.xml systemd-252.32/man/machinectl.xml
--- systemd-252.31/man/machinectl.xml 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/man/machinectl.xml 2024-11-16 18:30:43.000000000 +0000
@@ -241,7 +241,7 @@
<term><command>poweroff</command> <replaceable>NAME</replaceable>…</term>
<listitem><para>Power off one or more containers. This will
- trigger a reboot by sending SIGRTMIN+4 to the container's init
+ trigger a shutdown by sending SIGRTMIN+4 to the container's init
process, which causes systemd-compatible init systems to shut
down cleanly. Use <command>stop</command> as alias for <command>poweroff</command>.
This operation does not work on containers that do not run a
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/man/systemd-nspawn.xml systemd-252.32/man/systemd-nspawn.xml
--- systemd-252.31/man/systemd-nspawn.xml 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/man/systemd-nspawn.xml 2024-11-16 18:30:43.000000000 +0000
@@ -46,8 +46,8 @@
<para><command>systemd-nspawn</command> may be used to run a command or OS in a light-weight namespace
container. In many ways it is similar to <citerefentry
project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry>, but more powerful
- since it fully virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems and
- the host and domain name.</para>
+ since it virtualizes the file system hierarchy, as well as the process tree, the various IPC subsystems, and
+ the host and domain names.</para>
<para><command>systemd-nspawn</command> may be invoked on any directory tree containing an operating system tree,
using the <option>--directory=</option> command line option. By using the <option>--machine=</option> option an OS
@@ -59,11 +59,14 @@
project='man-pages'><refentrytitle>chroot</refentrytitle><manvolnum>1</manvolnum></citerefentry> <command>systemd-nspawn</command>
may be used to boot full Linux-based operating systems in a container.</para>
- <para><command>systemd-nspawn</command> limits access to various kernel interfaces in the container to read-only,
- such as <filename>/sys/</filename>, <filename>/proc/sys/</filename> or <filename>/sys/fs/selinux/</filename>. The
- host's network interfaces and the system clock may not be changed from within the container. Device nodes may not
- be created. The host system cannot be rebooted and kernel modules may not be loaded from within the
- container.</para>
+ <para><command>systemd-nspawn</command> limits access to various kernel interfaces in the container to
+ read-only, such as <filename>/sys/</filename>, <filename>/proc/sys/</filename>, or
+ <filename>/sys/fs/selinux/</filename>. The host's network interfaces and the system clock may not be
+ changed from within the container. Device nodes may not be created. The host system cannot be rebooted
+ and kernel modules may not be loaded from within the container. <emphasis>This sandbox can easily be
+ circumvented from within the container if user namespaces are not used</emphasis>. This means that
+ untrusted code must always be run in a user namespace, see the discussion of the
+ <option>--private-users=</option> option below.</para>
<para>Use a tool like <citerefentry
project='mankier'><refentrytitle>dnf</refentrytitle><manvolnum>8</manvolnum></citerefentry>, <citerefentry
@@ -100,8 +103,8 @@
template unit file, making it usually unnecessary to alter this template file directly.</para>
<para>Note that <command>systemd-nspawn</command> will mount file systems private to the container to
- <filename>/dev/</filename>, <filename>/run/</filename> and similar. These will not be visible outside of the
- container, and their contents will be lost when the container exits.</para>
+ <filename>/dev/</filename>, <filename>/run/</filename>, and similar. These will not be visible outside of
+ the container, and their contents will be lost when the container exits.</para>
<para>Note that running two <command>systemd-nspawn</command> containers from the same directory tree will not make
processes in them see each other. The PID namespace separation of the two containers is complete and the containers
@@ -322,7 +325,7 @@
<varlistentry>
<term><option>--read-only</option></term>
- <listitem><para>Mount the container's root file system (and any other file systems container in the container
+ <listitem><para>Mount the container's root file system (and any other file systems contained in the container
image) read-only. This has no effect on additional mounts made with <option>--bind=</option>,
<option>--tmpfs=</option> and similar options. This mode is implied if the container image file or directory is
marked read-only itself. It is also implied if <option>--volatile=</option> is used. In this case the container
@@ -357,7 +360,7 @@
<filename>/efi/</filename> or <filename>/boot/</filename> are prohibited in case such a partition
exists in the container image operated on, and even if <option>--volatile=state</option> is used the
hypothetical file <filename index="false">/etc/foobar</filename> is potentially writable if
- <option>--bind=/etc/foobar</option> if used to mount it from outside the read-only container
+ <option>--bind=/etc/foobar</option> is used to mount it from outside the read-only container
<filename>/etc/</filename> directory.</para>
<para>The <option>--ephemeral</option> option is closely related to this setting, and provides similar
@@ -722,17 +725,6 @@
range. In this mode, the number of UIDs/GIDs assigned to the container is 65536, and the owner
UID/GID of the root directory must be a multiple of 65536.</para></listitem>
- <listitem><para>If the parameter is <literal>no</literal>, user namespacing is turned off. This is
- the default.</para>
- </listitem>
-
- <listitem><para>If the parameter is <literal>identity</literal>, user namespacing is employed with
- an identity mapping for the first 65536 UIDs/GIDs. This is mostly equivalent to
- <option>--private-users=0:65536</option>. While it does not provide UID/GID isolation, since all
- host and container UIDs/GIDs are chosen identically it does provide process capability isolation,
- and hence is often a good choice if proper user namespacing with distinct UID maps is not
- appropriate.</para></listitem>
-
<listitem><para>The special value <literal>pick</literal> turns on user namespacing. In this case
the UID/GID range is automatically chosen. As first step, the file owner UID/GID of the root
directory of the container's directory tree is read, and it is checked that no other container is
@@ -749,22 +741,35 @@
for it, and thus in the (possibly expensive) file ownership adjustment operation. However,
subsequent invocations of the container will be cheap (unless of course the picked UID/GID range is
assigned to a different use by then).</para></listitem>
- </orderedlist>
- <para>It is recommended to assign at least 65536 UIDs/GIDs to each container, so that the usable UID/GID range in the
- container covers 16 bit. For best security, do not assign overlapping UID/GID ranges to multiple containers. It is
- hence a good idea to use the upper 16 bit of the host 32-bit UIDs/GIDs as container identifier, while the lower 16
- bit encode the container UID/GID used. This is in fact the behavior enforced by the
- <option>--private-users=pick</option> option.</para>
+ <listitem><para>If the parameter is <literal>no</literal>, user namespacing is turned off. This is
+ the default when <command>systemd-nspawn</command> is invoked directly. (Note that the
+ <filename>systemd-nspawn@.service</filename> unit enables private users.) This option is not
+ secure and must not be used to run untrusted code.</para></listitem>
- <para>When user namespaces are used, the GID range assigned to each container is always chosen identical to the
- UID range.</para>
+ <listitem><para>If the parameter is <literal>identity</literal>, user namespacing is employed with
+ an identity mapping for the first 65536 UIDs/GIDs. This is mostly equivalent to
+ <option>--private-users=0:65536</option>. While it does not provide UID/GID isolation, since all
+ host and container UIDs/GIDs are chosen identically it does provide process capability isolation,
+ but may be useful if proper user namespacing with distinct UID maps is not possible. This option is
+ not secure and must not be used to run untrusted code.</para></listitem>
+ </orderedlist>
- <para>In most cases, using <option>--private-users=pick</option> is the recommended option as it enhances
- container security massively and operates fully automatically in most cases.</para>
+ <para>It is recommended to assign at least 65536 UIDs/GIDs to each container, so that the usable
+ UID/GID range in the container covers 16 bits. For best security, do not assign overlapping UID/GID
+ ranges to multiple containers. It is hence a good idea to use the upper 16 bit of the host 32-bit
+ UIDs/GIDs as container identifier, while the lower 16 bits encode the container UID/GID used. This is
+ in fact the behavior enforced by the <option>--private-users=pick</option> option.</para>
+
+ <para>When user namespaces are used, the GID range assigned to each container is always chosen
+ identical to the UID range.</para>
+
+ <para>In most cases, using <option>--private-users=pick</option> is the recommended option as user
+ namespacing is required for security, and this option massively enhances container security while
+ operating fully automatically in most cases.</para>
<para>Note that the picked UID/GID range is not written to <filename>/etc/passwd</filename> or
- <filename>/etc/group</filename>. In fact, the allocation of the range is not stored persistently anywhere,
+ <filename>/etc/group</filename>. In fact, the allocation of the range is not stored persistently,
except in the file ownership of the files and directories of the container.</para>
<para>Note that when user namespacing is used file ownership on disk reflects this, and all of the container's
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/man/systemd.path.xml systemd-252.32/man/systemd.path.xml
--- systemd-252.31/man/systemd.path.xml 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/man/systemd.path.xml 2024-11-16 18:30:43.000000000 +0000
@@ -153,11 +153,14 @@
not apply to <varname>PathChanged=</varname> and
<varname>PathModified=</varname>.</para>
- <para>If the path itself or any of the containing directories
- are not accessible, <command>systemd</command> will watch for
- permission changes and notice that conditions are satisfied
- when permissions allow that. </para></listitem>
+ <para>If the path itself or any of the containing directories are not accessible,
+ <command>systemd</command> will watch for permission changes and notice that conditions are satisfied
+ when permissions allow that. </para>
+
+ <para>Note that files whose name starts with a dot (i.e. hidden files) are generally ignored when
+ monitoring these paths.</para></listitem>
</varlistentry>
+
<varlistentry>
<term><varname>Unit=</varname></term>
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/man/systemd.service.xml systemd-252.32/man/systemd.service.xml
--- systemd-252.31/man/systemd.service.xml 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/man/systemd.service.xml 2024-11-16 18:30:43.000000000 +0000
@@ -427,12 +427,11 @@
<varlistentry>
<term><varname>ExecStartPre=</varname></term>
<term><varname>ExecStartPost=</varname></term>
- <listitem><para>Additional commands that are executed before
- or after the command in <varname>ExecStart=</varname>,
- respectively. Syntax is the same as for
- <varname>ExecStart=</varname>, except that multiple command
- lines are allowed and the commands are executed one after the
- other, serially.</para>
+
+ <listitem><para>Additional commands that are executed before or after the command in
+ <varname>ExecStart=</varname>, respectively. Syntax is the same as for <varname>ExecStart=</varname>.
+ Multiple command lines are allowed, regardless of the service type (i.e. <varname>Type=</varname>),
+ and the commands are executed one after the other, serially.</para>
<para>If any of those commands (not prefixed with
<literal>-</literal>) fail, the rest are not executed and the
@@ -467,8 +466,9 @@
<varlistentry>
<term><varname>ExecCondition=</varname></term>
- <listitem><para>Optional commands that are executed before the commands in <varname>ExecStartPre=</varname>.
- Syntax is the same as for <varname>ExecStart=</varname>, except that multiple command lines are allowed and the
+ <listitem><para>Optional commands that are executed before the commands in
+ <varname>ExecStartPre=</varname>. Syntax is the same as for <varname>ExecStart=</varname>. Multiple
+ command lines are allowed, regardless of the service type (i.e. <varname>Type=</varname>), and the
commands are executed one after the other, serially.</para>
<para>The behavior is like an <varname>ExecStartPre=</varname> and condition check hybrid: when an
@@ -570,11 +570,11 @@
<varname>ExecStop=</varname> – commands specified with this setting are invoked when a service failed to start
up correctly and is shut down again.</para>
- <para>It is recommended to use this setting for clean-up operations that shall be executed even when the
- service failed to start up correctly. Commands configured with this setting need to be able to operate even if
- the service failed starting up half-way and left incompletely initialized data around. As the service's
- processes have been terminated already when the commands specified with this setting are executed they should
- not attempt to communicate with them.</para>
+ <para>It is recommended to use this setting for clean-up operations that shall be executed even when
+ the service failed to start up correctly. Commands configured with this setting need to be able to
+ operate even if the service failed starting up half-way and left incompletely initialized data
+ around. As the service's processes have likely exited already when the commands specified with this
+ setting are executed they should not attempt to communicate with them.</para>
<para>Note that all commands that are configured with this setting are invoked with the result code of the
service, as well as the main process' exit code and status, set in the <varname>$SERVICE_RESULT</varname>,
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/meson.build systemd-252.32/meson.build
--- systemd-252.31/meson.build 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/meson.build 2024-11-16 18:30:43.000000000 +0000
@@ -514,10 +514,10 @@
decl_headers = '''
#include <dirent.h>
-#include <uchar.h>
+#include <sched.h>
#include <sys/mount.h>
#include <sys/stat.h>
-#include <sched.h>
+#include <uchar.h>
'''
foreach decl : ['char16_t',
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/rules.d/99-systemd.rules.in systemd-252.32/rules.d/99-systemd.rules.in
--- systemd-252.31/rules.d/99-systemd.rules.in 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/rules.d/99-systemd.rules.in 2024-11-16 18:30:43.000000000 +0000
@@ -11,7 +11,7 @@
SUBSYSTEM=="tty", KERNEL=="tty[a-zA-Z]*|hvc*|xvc*|hvsi*|ttysclp*|sclp_line*|3270/tty[0-9]*", TAG+="systemd"
# Exclude 8250 serial ports with a zero IO port, as they are not usable until "setserial /dev/ttySxxx port …" is invoked.
-SUBSYSTEM=="tty", KERNEL=="ttyS*", DRIVERS=="serial8250", ATTR{port}=="0x0", ENV{SYSTEMD_READY}="0"
+SUBSYSTEM=="tty", KERNEL=="ttyS*", DRIVERS=="serial8250", ATTR{port}=="0x0", ATTR{iomem_base}=="0x0", ENV{SYSTEMD_READY}="0"
KERNEL=="vport*", TAG+="systemd"
SUBSYSTEM=="ptp", TAG+="systemd"
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/boot/efi/stub.c systemd-252.32/src/boot/efi/stub.c
--- systemd-252.31/src/boot/efi/stub.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/boot/efi/stub.c 2024-11-16 18:30:43.000000000 +0000
@@ -42,11 +42,20 @@
n += extra_initrd_sizes[i];
}
+#if defined(__i386__) || defined(__x86_64__)
_cleanup_pages_ Pages pages = xmalloc_pages(
AllocateMaxAddress,
EfiLoaderData,
EFI_SIZE_TO_PAGES(n),
UINT32_MAX /* Below 4G boundary. */);
+#else
+ _cleanup_pages_ Pages pages = xmalloc_pages(
+ AllocateAnyPages,
+ EfiLoaderData,
+ EFI_SIZE_TO_PAGES(n),
+ 0 /* Ignored. */);
+#endif
+
uint8_t *p = PHYSICAL_ADDRESS_TO_POINTER(pages.addr);
if (initrd_base != 0) {
UINTN pad;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/core/dbus-cgroup.c systemd-252.32/src/core/dbus-cgroup.c
--- systemd-252.31/src/core/dbus-cgroup.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/core/dbus-cgroup.c 2024-11-16 18:30:43.000000000 +0000
@@ -1825,11 +1825,12 @@
prefixes = streq(name, "IPAddressAllow") ? &c->ip_address_allow : &c->ip_address_deny;
reduced = streq(name, "IPAddressAllow") ? &c->ip_address_allow_reduced : &c->ip_address_deny_reduced;
+ fputs(name, f);
+ fputs("=\n", f);
+
if (n == 0) {
*reduced = true;
*prefixes = set_free(*prefixes);
- fputs(name, f);
- fputs("=\n", f);
} else {
*reduced = false;
@@ -1838,7 +1839,7 @@
return r;
const struct in_addr_prefix *p;
- SET_FOREACH(p, new_prefixes)
+ SET_FOREACH(p, *prefixes)
fprintf(f, "%s=%s\n", name,
IN_ADDR_PREFIX_TO_STRING(p->family, &p->address, p->prefixlen));
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/core/mount.c systemd-252.32/src/core/mount.c
--- systemd-252.31/src/core/mount.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/core/mount.c 2024-11-16 18:30:43.000000000 +0000
@@ -1812,6 +1812,7 @@
static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
_cleanup_(mnt_free_tablep) struct libmnt_table *table = NULL;
_cleanup_(mnt_free_iterp) struct libmnt_iter *iter = NULL;
+ _cleanup_set_free_ Set *devices = NULL;
int r;
assert(m);
@@ -1838,7 +1839,11 @@
if (!device || !path)
continue;
- device_found_node(m, device, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT);
+ /* Just to achieve device name uniqueness. Note that the suppresion of the duplicate
+ * processing is merely an optimization, hence in case of OOM (unlikely) we'll just process
+ * it twice. */
+ if (set_put_strdup_full(&devices, &path_hash_ops_free, device) != 0)
+ device_found_node(m, device, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT);
(void) mount_setup_unit(m, device, path, options, fstype, set_flags);
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/core/service.c systemd-252.32/src/core/service.c
--- systemd-252.31/src/core/service.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/core/service.c 2024-11-16 18:30:43.000000000 +0000
@@ -4358,7 +4358,7 @@
e = sd_bus_message_get_error(reply);
if (e) {
r = sd_bus_error_get_errno(e);
- log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
+ log_unit_warning_errno(UNIT(s), r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
return 1;
}
@@ -4369,7 +4369,7 @@
}
if (!pid_is_valid(pid)) {
- log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID");
+ log_unit_debug_errno(UNIT(s), SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID");
return 1;
}
@@ -4428,7 +4428,7 @@
"s",
s->bus_name);
if (r < 0)
- log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m");
+ log_unit_debug_errno(u, r, "Failed to request owner PID of service name, ignoring: %m");
}
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/cryptenroll/cryptenroll-recovery.c systemd-252.32/src/cryptenroll/cryptenroll-recovery.c
--- systemd-252.31/src/cryptenroll/cryptenroll-recovery.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/cryptenroll/cryptenroll-recovery.c 2024-11-16 18:30:43.000000000 +0000
@@ -67,7 +67,7 @@
"whenever authentication is requested.\n", stderr);
fflush(stderr);
- (void) print_qrcode(stderr, "You may optionally scan the recovery key off screen", password);
+ (void) print_qrcode(stderr, "Optionally scan the recovery key for safekeeping", password);
if (asprintf(&keyslot_as_string, "%i", keyslot) < 0) {
r = log_oom();
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/home/homectl-recovery-key.c systemd-252.32/src/home/homectl-recovery-key.c
--- systemd-252.31/src/home/homectl-recovery-key.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/home/homectl-recovery-key.c 2024-11-16 18:30:43.000000000 +0000
@@ -159,7 +159,7 @@
"whenever authentication is requested.\n", stderr);
fflush(stderr);
- (void) print_qrcode(stderr, "You may optionally scan the recovery key off screen", password);
+ (void) print_qrcode(stderr, "Optionally scan the recovery key for safekeeping", password);
return 0;
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/journal/journalctl.c systemd-252.32/src/journal/journalctl.c
--- systemd-252.31/src/journal/journalctl.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/journal/journalctl.c 2024-11-16 18:30:43.000000000 +0000
@@ -134,7 +134,7 @@
STATIC_DESTRUCTOR_REGISTER(arg_file, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_facilities, set_freep);
-STATIC_DESTRUCTOR_REGISTER(arg_verify_key, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_verify_key, erase_and_freep);
STATIC_DESTRUCTOR_REGISTER(arg_syslog_identifier, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_system_units, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_user_units, strv_freep);
@@ -784,9 +784,11 @@
break;
case ARG_VERIFY_KEY:
- r = free_and_strdup(&arg_verify_key, optarg);
- if (r < 0)
- return r;
+ erase_and_free(arg_verify_key);
+ arg_verify_key = strdup(optarg);
+ if (!arg_verify_key)
+ return log_oom();
+
/* Use memset not explicit_bzero() or similar so this doesn't look confusing
* in ps or htop output. */
memset(optarg, 'x', strlen(optarg));
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/libsystemd/sd-event/sd-event.c systemd-252.32/src/libsystemd/sd-event/sd-event.c
--- systemd-252.31/src/libsystemd/sd-event/sd-event.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/libsystemd/sd-event/sd-event.c 2024-11-16 18:30:43.000000000 +0000
@@ -4628,6 +4628,9 @@
int r;
assert_return(e, -EINVAL);
+ assert_return(e = event_resolve(e), -ENOPKG);
+ assert_return(e->state != SD_EVENT_FINISHED, -ESTALE);
+ assert_return(!event_pid_changed(e), -ECHILD);
if (b) {
/* We want to maintain pointers to these event sources, so that we can destroy them when told
@@ -4639,7 +4642,7 @@
if (r < 0)
return r;
- assert(sd_event_source_set_floating(e->sigint_event_source, true) >= 0);
+ assert_se(sd_event_source_set_floating(e->sigint_event_source, true) >= 0);
change = true;
}
@@ -4647,26 +4650,26 @@
r = sd_event_add_signal(e, &e->sigterm_event_source, SIGTERM | SD_EVENT_SIGNAL_PROCMASK, NULL, NULL);
if (r < 0) {
if (change) {
- assert(sd_event_source_set_floating(e->sigint_event_source, false) >= 0);
+ assert_se(sd_event_source_set_floating(e->sigint_event_source, false) >= 0);
e->sigint_event_source = sd_event_source_unref(e->sigint_event_source);
}
return r;
}
- assert(sd_event_source_set_floating(e->sigterm_event_source, true) >= 0);
+ assert_se(sd_event_source_set_floating(e->sigterm_event_source, true) >= 0);
change = true;
}
} else {
if (e->sigint_event_source) {
- assert(sd_event_source_set_floating(e->sigint_event_source, false) >= 0);
+ assert_se(sd_event_source_set_floating(e->sigint_event_source, false) >= 0);
e->sigint_event_source = sd_event_source_unref(e->sigint_event_source);
change = true;
}
if (e->sigterm_event_source) {
- assert(sd_event_source_set_floating(e->sigterm_event_source, false) >= 0);
+ assert_se(sd_event_source_set_floating(e->sigterm_event_source, false) >= 0);
e->sigterm_event_source = sd_event_source_unref(e->sigterm_event_source);
change = true;
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/libsystemd-network/test-dhcp-client.c systemd-252.32/src/libsystemd-network/test-dhcp-client.c
--- systemd-252.31/src/libsystemd-network/test-dhcp-client.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/libsystemd-network/test-dhcp-client.c 2024-11-16 18:30:43.000000000 +0000
@@ -43,7 +43,7 @@
sd_dhcp_client *client;
if (verbose)
- printf("* %s\n", __func__);
+ log_info("* %s", __func__);
/* Initialize client without Anonymize settings. */
r = sd_dhcp_client_new(&client, false);
@@ -103,7 +103,7 @@
sd_dhcp_client *client;
if (verbose)
- printf("* %s\n", __func__);
+ log_info("* %s", __func__);
/* Initialize client with Anonymize settings. */
r = sd_dhcp_client_new(&client, true);
@@ -135,7 +135,7 @@
};
if (verbose)
- printf("* %s\n", __func__);
+ log_info("* %s", __func__);
assert_se(dhcp_packet_checksum((uint8_t*)&buf, 20) == be16toh(0x78ae));
}
@@ -267,7 +267,7 @@
assert_se(res == DHCP_DISCOVER);
if (verbose)
- printf(" recv DHCP Discover 0x%08x\n", be32toh(dhcp->xid));
+ log_info(" recv DHCP Discover 0x%08x", be32toh(dhcp->xid));
return 0;
}
@@ -277,7 +277,7 @@
int res, r;
if (verbose)
- printf("* %s\n", __func__);
+ log_info("* %s", __func__);
r = sd_dhcp_client_new(&client, false);
assert_se(r >= 0);
@@ -422,7 +422,7 @@
sizeof(addrs[0].s_addr)) == 0);
if (verbose)
- printf(" DHCP address acquired\n");
+ log_info(" DHCP address acquired");
sd_event_exit(e, 0);
@@ -441,7 +441,7 @@
assert_se(msg_bytes[size - 1] == SD_DHCP_OPTION_END);
if (verbose)
- printf(" recv DHCP Request 0x%08x\n", be32toh(xid));
+ log_info(" recv DHCP Request 0x%08x", be32toh(xid));
memcpy(&test_addr_acq_ack[26], &udp_check, sizeof(udp_check));
memcpy(&test_addr_acq_ack[32], &xid, sizeof(xid));
@@ -454,7 +454,7 @@
assert_se(res == sizeof(test_addr_acq_ack));
if (verbose)
- printf(" send DHCP Ack\n");
+ log_info(" send DHCP Ack");
return 0;
};
@@ -472,7 +472,7 @@
xid = discover->xid;
if (verbose)
- printf(" recv DHCP Discover 0x%08x\n", be32toh(xid));
+ log_info(" recv DHCP Discover 0x%08x", be32toh(xid));
memcpy(&test_addr_acq_offer[26], &udp_check, sizeof(udp_check));
memcpy(&test_addr_acq_offer[32], &xid, sizeof(xid));
@@ -485,7 +485,7 @@
assert_se(res == sizeof(test_addr_acq_offer));
if (verbose)
- printf(" sent DHCP Offer\n");
+ log_info(" sent DHCP Offer");
return 0;
}
@@ -495,7 +495,7 @@
int res, r;
if (verbose)
- printf("* %s\n", __func__);
+ log_info("* %s", __func__);
r = sd_dhcp_client_new(&client, false);
assert_se(r >= 0);
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/login/logind-session.c systemd-252.32/src/login/logind-session.c
--- systemd-252.31/src/login/logind-session.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/login/logind-session.c 2024-11-16 18:30:43.000000000 +0000
@@ -1269,10 +1269,20 @@
int session_kill(Session *s, KillWho who, int signo) {
assert(s);
- if (!s->scope)
- return -ESRCH;
+ switch (who) {
- return manager_kill_unit(s->manager, s->scope, who, signo, NULL);
+ case KILL_ALL:
+ if (!s->scope)
+ return -ESRCH;
+
+ return manager_kill_unit(s->manager, s->scope, KILL_ALL, signo, NULL);
+
+ case KILL_LEADER:
+ return RET_NERRNO(kill(s->leader, signo));
+
+ default:
+ assert_not_reached();
+ }
}
static int session_open_vt(Session *s) {
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/network/generator/network-generator.c systemd-252.32/src/network/generator/network-generator.c
--- systemd-252.31/src/network/generator/network-generator.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/network/generator/network-generator.c 2024-11-16 18:30:43.000000000 +0000
@@ -13,6 +13,7 @@
#include "string-table.h"
#include "string-util.h"
#include "strv.h"
+#include "vlan-util.h"
/*
# .network
@@ -158,7 +159,7 @@
free(network->ifname);
free(network->hostname);
strv_free(network->dns);
- free(network->vlan);
+ strv_free(network->vlan);
free(network->bridge);
free(network->bond);
@@ -508,7 +509,7 @@
return r;
}
- return free_and_strdup(&network->vlan, value);
+ return strv_extend(&network->vlan, value);
}
static int network_set_bridge(Context *context, const char *ifname, const char *value) {
@@ -918,16 +919,31 @@
assert(context);
assert(key);
- if (proc_cmdline_value_missing(key, value))
- return network_set_dhcp_use_dns(context, "", true);
-
- r = parse_boolean(value);
+ r = value ? parse_boolean(value) : true;
if (r < 0)
return r;
return network_set_dhcp_use_dns(context, "", r);
}
+static int extract_vlan_id(const char *vlan_name, uint16_t *ret) {
+ assert(!isempty(vlan_name));
+ assert(ret);
+
+ /* From dracut.cmdline(7):
+ * We support the four styles of vlan names:
+ * VLAN_PLUS_VID (vlan0005),
+ * VLAN_PLUS_VID_NO_PAD (vlan5),
+ * DEV_PLUS_VID (eth0.0005), and
+ * DEV_PLUS_VID_NO_PAD (eth0.5). */
+
+ for (const char *p = vlan_name + strlen(vlan_name) - 1; p > vlan_name; p--)
+ if (!ascii_isdigit(*p))
+ return parse_vlanid(p+1, ret);
+
+ return -EINVAL;
+}
+
static int parse_cmdline_vlan(Context *context, const char *key, const char *value) {
const char *name, *p;
NetDev *netdev;
@@ -952,6 +968,10 @@
return r;
}
+ r = extract_vlan_id(name, &netdev->vlan_id);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to parse VLAN ID from VLAN device name '%s': %m", name);
+
return network_set_vlan(context, p + 1, name);
}
@@ -1282,8 +1302,8 @@
STRV_FOREACH(dns, network->dns)
fprintf(f, "DNS=%s\n", *dns);
- if (network->vlan)
- fprintf(f, "VLAN=%s\n", network->vlan);
+ STRV_FOREACH(v, network->vlan)
+ fprintf(f, "VLAN=%s\n", *v);
if (network->bridge)
fprintf(f, "Bridge=%s\n", network->bridge);
@@ -1319,6 +1339,13 @@
if (netdev->mtu > 0)
fprintf(f, "MTUBytes=%" PRIu32 "\n", netdev->mtu);
+
+ if (streq(netdev->kind, "vlan")) {
+ fprintf(f,
+ "\n[VLAN]\n"
+ "Id=%u\n",
+ netdev->vlan_id);
+ }
}
void link_dump(Link *link, FILE *f) {
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/network/generator/network-generator.h systemd-252.32/src/network/generator/network-generator.h
--- systemd-252.31/src/network/generator/network-generator.h 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/network/generator/network-generator.h 2024-11-16 18:30:43.000000000 +0000
@@ -61,7 +61,7 @@
/* [Network] */
DHCPType dhcp_type;
char **dns;
- char *vlan;
+ char **vlan;
char *bridge;
char *bond;
@@ -78,6 +78,9 @@
char *ifname;
char *kind;
uint32_t mtu;
+
+ /* [VLAN] */
+ uint16_t vlan_id;
};
struct Link {
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/network/generator/test-network-generator.c systemd-252.32/src/network/generator/test-network-generator.c
--- systemd-252.31/src/network/generator/test-network-generator.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/network/generator/test-network-generator.c 2024-11-16 18:30:43.000000000 +0000
@@ -280,12 +280,13 @@
"UseDNS=yes\n"
);
- test_network_one("eth0", "vlan", "vlan99:eth0",
+ test_network_two("eth0", "vlan", "vlan99:eth0", "vlan", "vlan98:eth0",
"[Match]\n"
"Name=eth0\n"
"\n[Link]\n"
"\n[Network]\n"
"VLAN=vlan99\n"
+ "VLAN=vlan98\n"
"\n[DHCP]\n"
);
@@ -332,6 +333,38 @@
"MTUBytes=1530\n"
);
+ test_netdev_one("vlan123", "vlan", "vlan123:eth0",
+ "[NetDev]\n"
+ "Kind=vlan\n"
+ "Name=vlan123\n"
+ "\n[VLAN]\n"
+ "Id=123\n"
+ );
+
+ test_netdev_one("vlan0013", "vlan", "vlan0013:eth0",
+ "[NetDev]\n"
+ "Kind=vlan\n"
+ "Name=vlan0013\n"
+ "\n[VLAN]\n"
+ "Id=11\n" /* 0013 (octal) -> 11 */
+ );
+
+ test_netdev_one("eth0.123", "vlan", "eth0.123:eth0",
+ "[NetDev]\n"
+ "Kind=vlan\n"
+ "Name=eth0.123\n"
+ "\n[VLAN]\n"
+ "Id=123\n"
+ );
+
+ test_netdev_one("eth0.0013", "vlan", "eth0.0013:eth0",
+ "[NetDev]\n"
+ "Kind=vlan\n"
+ "Name=eth0.0013\n"
+ "\n[VLAN]\n"
+ "Id=11\n" /* 0013 (octal) -> 11 */
+ );
+
test_link_one("hogehoge", "ifname", "hogehoge:00:11:22:33:44:55",
"[Match]\n"
"MACAddress=00:11:22:33:44:55\n"
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/network/netdev/tunnel.c systemd-252.32/src/network/netdev/tunnel.c
--- systemd-252.31/src/network/netdev/tunnel.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/network/netdev/tunnel.c 2024-11-16 18:30:43.000000000 +0000
@@ -711,34 +711,27 @@
}
}
- if (IN_SET(netdev->kind, NETDEV_KIND_VTI, NETDEV_KIND_IPIP, NETDEV_KIND_SIT, NETDEV_KIND_GRE) &&
- !IN_SET(t->family, AF_UNSPEC, AF_INET))
- return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
- "vti/ipip/sit/gre tunnel without a local/remote IPv4 address configured in %s. Ignoring", filename);
-
- if (IN_SET(netdev->kind, NETDEV_KIND_GRETAP, NETDEV_KIND_ERSPAN) &&
- (t->family != AF_INET || !in_addr_is_set(t->family, &t->remote)))
- return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
- "gretap/erspan tunnel without a remote IPv4 address configured in %s. Ignoring", filename);
+ if (IN_SET(netdev->kind, NETDEV_KIND_VTI, NETDEV_KIND_IPIP, NETDEV_KIND_SIT, NETDEV_KIND_GRE, NETDEV_KIND_GRETAP, NETDEV_KIND_ERSPAN)) {
+ if (!IN_SET(t->family, AF_UNSPEC, AF_INET))
+ return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+ "%s tunnel without a local/remote IPv4 address configured in %s, ignoring.",
+ netdev_kind_to_string(netdev->kind), filename);
- if ((IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL) && t->family != AF_INET6) ||
- (netdev->kind == NETDEV_KIND_IP6GRE && !IN_SET(t->family, AF_UNSPEC, AF_INET6)))
- return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
- "vti6/ip6tnl/ip6gre tunnel without a local/remote IPv6 address configured in %s. Ignoring", filename);
+ t->family = AF_INET; /* For netlink_message_append_in_addr_union(). */
+ }
- if (netdev->kind == NETDEV_KIND_IP6GRETAP &&
- (t->family != AF_INET6 || !in_addr_is_set(t->family, &t->remote)))
- return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
- "ip6gretap tunnel without a remote IPv6 address configured in %s. Ignoring", filename);
+ if (IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL, NETDEV_KIND_IP6GRE, NETDEV_KIND_IP6GRETAP)) {
+ if (!IN_SET(t->family, AF_UNSPEC, AF_INET6))
+ return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
+ "%s tunnel without a local/remote IPv6 address configured in %s, ignoring,",
+ netdev_kind_to_string(netdev->kind), filename);
+ t->family = AF_INET6; /* For netlink_message_append_in_addr_union(). */
+ }
if (t->fou_tunnel && t->fou_destination_port <= 0)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"FooOverUDP missing port configured in %s. Ignoring", filename);
- /* netlink_message_append_in_addr_union() is used for vti/vti6. So, t->family cannot be AF_UNSPEC. */
- if (netdev->kind == NETDEV_KIND_VTI)
- t->family = AF_INET;
-
if (t->assign_to_loopback)
t->independent = true;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/network/networkd-address.c systemd-252.32/src/network/networkd-address.c
--- systemd-252.31/src/network/networkd-address.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/network/networkd-address.c 2024-11-16 18:30:43.000000000 +0000
@@ -22,8 +22,8 @@
#include "strv.h"
#include "strxcpyx.h"
-#define ADDRESSES_PER_LINK_MAX 2048U
-#define STATIC_ADDRESSES_PER_NETWORK_MAX 1024U
+#define ADDRESSES_PER_LINK_MAX 16384U
+#define STATIC_ADDRESSES_PER_NETWORK_MAX 8192U
int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) {
_cleanup_free_ char *str = NULL;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/network/networkd-dhcp6.c systemd-252.32/src/network/networkd-dhcp6.c
--- systemd-252.31/src/network/networkd-dhcp6.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/network/networkd-dhcp6.c 2024-11-16 18:30:43.000000000 +0000
@@ -275,25 +275,35 @@
return r;
}
- if (link->network->dhcp6_use_hostname) {
- const char *dhcpname = NULL;
- _cleanup_free_ char *hostname = NULL;
-
- (void) sd_dhcp6_lease_get_fqdn(link->dhcp6_lease, &dhcpname);
-
- if (dhcpname) {
- r = shorten_overlong(dhcpname, &hostname);
- if (r < 0)
- log_link_warning_errno(link, r, "Unable to shorten overlong DHCP hostname '%s', ignoring: %m", dhcpname);
- if (r == 1)
- log_link_notice(link, "Overlong DHCP hostname received, shortened from '%s' to '%s'", dhcpname, hostname);
- }
- if (hostname) {
- r = manager_set_hostname(link->manager, hostname);
- if (r < 0)
- log_link_error_errno(link, r, "Failed to set transient hostname to '%s': %m", hostname);
- }
- }
+ return 0;
+}
+
+static int dhcp6_request_hostname(Link *link) {
+ _cleanup_free_ char *hostname = NULL;
+ const char *dhcpname = NULL;
+ int r;
+
+ assert(link);
+ assert(link->network);
+
+ if (!link->network->dhcp6_use_hostname)
+ return 0;
+
+ r = sd_dhcp6_lease_get_fqdn(link->dhcp6_lease, &dhcpname);
+ if (r == -ENODATA)
+ return 0;
+ if (r < 0)
+ return r;
+
+ r = shorten_overlong(dhcpname, &hostname);
+ if (r < 0)
+ return log_link_warning_errno(link, r, "Unable to shorten overlong DHCP hostname '%s': %m", dhcpname);
+ if (r == 1)
+ log_link_notice(link, "Overlong DHCP hostname received, shortened from '%s' to '%s'", dhcpname, hostname);
+
+ r = manager_set_hostname(link->manager, hostname);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Failed to set transient hostname to '%s', ignoring: %m", hostname);
return 0;
}
@@ -313,6 +323,10 @@
lease_old = TAKE_PTR(link->dhcp6_lease);
link->dhcp6_lease = sd_dhcp6_lease_ref(lease);
+ r = dhcp6_request_hostname(link);
+ if (r < 0)
+ return r;
+
r = dhcp6_address_acquired(link);
if (r < 0)
return r;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/nspawn/nspawn.c systemd-252.32/src/nspawn/nspawn.c
--- systemd-252.31/src/nspawn/nspawn.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/nspawn/nspawn.c 2024-11-16 18:30:43.000000000 +0000
@@ -2240,6 +2240,7 @@
NULSTR_FOREACH(d, devnodes) {
_cleanup_free_ char *from = NULL, *to = NULL;
struct stat st;
+ bool ignore_mknod_failure = streq(d, "net/tun");
from = path_join("/dev/", d);
if (!from)
@@ -2264,16 +2265,31 @@
/* Explicitly warn the user when /dev is already populated. */
if (errno == EEXIST)
log_notice("%s/dev is pre-mounted and pre-populated. If a pre-mounted /dev is provided it needs to be an unpopulated file system.", dest);
- if (errno != EPERM || arg_uid_shift != 0)
+ if (errno != EPERM || arg_uid_shift != 0) {
+ if (ignore_mknod_failure) {
+ log_debug_errno(r, "mknod(%s) failed, ignoring: %m", to);
+ return 0;
+ }
return log_error_errno(errno, "mknod(%s) failed: %m", to);
+ }
/* Some systems abusively restrict mknod but allow bind mounts. */
r = touch(to);
- if (r < 0)
+ if (r < 0) {
+ if (ignore_mknod_failure) {
+ log_debug_errno(r, "touch (%s) failed, ignoring: %m", to);
+ return 0;
+ }
return log_error_errno(r, "touch (%s) failed: %m", to);
+ }
r = mount_nofollow_verbose(LOG_DEBUG, from, to, NULL, MS_BIND, NULL);
- if (r < 0)
+ if (r < 0) {
+ if (ignore_mknod_failure) {
+ log_debug_errno(r, "Both mknod and bind mount (%s) failed, ignoring: %m", to);
+ return 0;
+ }
return log_error_errno(r, "Both mknod and bind mount (%s) failed: %m", to);
+ }
} else {
r = userns_lchown(to, 0, 0);
if (r < 0)
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/portable/portable.c systemd-252.32/src/portable/portable.c
--- systemd-252.31/src/portable/portable.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/portable/portable.c 2024-11-16 18:30:43.000000000 +0000
@@ -593,7 +593,7 @@
if (r < 0)
return r;
if (isempty(id))
- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s os-release metadata lacks the ID field", name_or_path);
+ return sd_bus_error_set_errnof(error, ESTALE, "Image %s os-release metadata lacks the ID field", name_or_path);
if (prefixes) {
valid_prefixes = strv_split(prefixes, WHITESPACE);
@@ -637,7 +637,7 @@
if (validate_sysext) {
r = extension_release_validate(ext->path, id, version_id, sysext_level, "portable", extension_release);
if (r == 0)
- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path);
+ return sd_bus_error_set_errnof(error, ESTALE, "Image %s extension-release metadata does not match the root's", ext->path);
if (r < 0)
return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path);
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/resolve/resolved-bus.c systemd-252.32/src/resolve/resolved-bus.c
--- systemd-252.31/src/resolve/resolved-bus.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/resolve/resolved-bus.c 2024-11-16 18:30:43.000000000 +0000
@@ -1761,7 +1761,7 @@
static int call_link_method(Manager *m, sd_bus_message *message, sd_bus_message_handler_t handler, sd_bus_error *error) {
int ifindex, r;
- Link *l;
+ Link *l = NULL; /* avoid false maybe-uninitialized warning */
assert(m);
assert(message);
@@ -1822,7 +1822,7 @@
_cleanup_free_ char *p = NULL;
Manager *m = ASSERT_PTR(userdata);
int r, ifindex;
- Link *l;
+ Link *l = NULL; /* avoid false maybe-uninitialized warning */
assert(message);
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/resolve/resolved-dns-stream.c systemd-252.32/src/resolve/resolved-dns-stream.c
--- systemd-252.31/src/resolve/resolved-dns-stream.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/resolve/resolved-dns-stream.c 2024-11-16 18:30:43.000000000 +0000
@@ -205,6 +205,7 @@
ssize_t dns_stream_writev(DnsStream *s, const struct iovec *iov, size_t iovcnt, int flags) {
ssize_t m;
+ int r;
assert(s);
assert(iov);
@@ -224,12 +225,14 @@
m = sendmsg(s->fd, &hdr, MSG_FASTOPEN);
if (m < 0) {
- if (errno == EOPNOTSUPP) {
- s->tfo_salen = 0;
- if (connect(s->fd, &s->tfo_address.sa, s->tfo_salen) < 0)
- return -errno;
+ if (ERRNO_IS_NOT_SUPPORTED(errno)) {
+ /* MSG_FASTOPEN not supported? Then try to connect() traditionally */
+ r = RET_NERRNO(connect(s->fd, &s->tfo_address.sa, s->tfo_salen));
+ s->tfo_salen = 0; /* connection is made */
+ if (r < 0 && r != -EINPROGRESS)
+ return r;
- return -EAGAIN;
+ return -EAGAIN; /* In case of EINPROGRESS, EAGAIN or success: return EAGAIN, so that caller calls us again */
}
if (errno == EINPROGRESS)
return -EAGAIN;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/resolve/resolved-dnstls-gnutls.c systemd-252.32/src/resolve/resolved-dnstls-gnutls.c
--- systemd-252.31/src/resolve/resolved-dnstls-gnutls.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/resolve/resolved-dnstls-gnutls.c 2024-11-16 18:30:43.000000000 +0000
@@ -236,7 +236,9 @@
r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
if (r < 0)
- return -ENOMEM;
+ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to allocate SSL credentials: %s",
+ gnutls_strerror(r));
r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred);
if (r < 0)
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/resolve/resolved-dnstls-openssl.c systemd-252.32/src/resolve/resolved-dnstls-openssl.c
--- systemd-252.31/src/resolve/resolved-dnstls-openssl.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/resolve/resolved-dnstls-openssl.c 2024-11-16 18:30:43.000000000 +0000
@@ -397,11 +397,15 @@
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
if (!manager->dnstls_data.ctx)
- return -ENOMEM;
+ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to create SSL context: %s",
+ ERR_error_string(ERR_get_error(), NULL));
r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
if (r == 0)
- return -EIO;
+ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to set protocol version on SSL context: %s",
+ ERR_error_string(ERR_get_error(), NULL));
(void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
@@ -410,7 +414,6 @@
return log_warning_errno(SYNTHETIC_ERRNO(EIO),
"Failed to load system trust store: %s",
ERR_error_string(ERR_get_error(), NULL));
-
return 0;
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/resolve/resolved-manager.c systemd-252.32/src/resolve/resolved-manager.c
--- systemd-252.31/src/resolve/resolved-manager.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/resolve/resolved-manager.c 2024-11-16 18:30:43.000000000 +0000
@@ -92,6 +92,9 @@
log_debug("Removing link %i/%s", l->ifindex, l->ifname);
link_remove_user(l);
link_free(l);
+
+ /* Make sure DNS servers are dropped from written resolv.conf if their link goes away */
+ manager_write_resolv_conf(m);
}
break;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/rpm/systemd-update-helper.in systemd-252.32/src/rpm/systemd-update-helper.in
--- systemd-252.31/src/rpm/systemd-update-helper.in 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/rpm/systemd-update-helper.in 2024-11-16 18:30:43.000000000 +0000
@@ -3,6 +3,10 @@
set -eu
set -o pipefail
+if [ "${SYSTEMD_LOG_LEVEL:-}" = "debug" ]; then
+ set -x
+fi
+
command="${1:?}"
shift
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/run/run.c systemd-252.32/src/run/run.c
--- systemd-252.31/src/run/run.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/run/run.c 2024-11-16 18:30:43.000000000 +0000
@@ -1755,10 +1755,12 @@
_cleanup_free_ char *command = NULL;
r = find_executable(arg_cmdline[0], &command);
- if (r < 0)
+ if (ERRNO_IS_PRIVILEGE(r))
+ log_debug_errno(r, "Failed to find executable '%s' due to permission problems, leaving path as is: %m", arg_cmdline[0]);
+ else if (r < 0)
return log_error_errno(r, "Failed to find executable %s: %m", arg_cmdline[0]);
-
- free_and_replace(arg_cmdline[0], command);
+ else
+ free_and_replace(arg_cmdline[0], command);
}
if (!arg_description) {
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/shared/conf-parser.c systemd-252.32/src/shared/conf-parser.c
--- systemd-252.31/src/shared/conf-parser.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/shared/conf-parser.c 2024-11-16 18:30:43.000000000 +0000
@@ -694,6 +694,10 @@
return -errno;
}
+ /* Skipping an empty file. */
+ if (null_or_empty(&st))
+ continue;
+
r = hashmap_put_stats_by_path(&stats_by_path, *f, &st);
if (r < 0)
return r;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/shared/seccomp-util.c systemd-252.32/src/shared/seccomp-util.c
--- systemd-252.31/src/shared/seccomp-util.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/shared/seccomp-util.c 2024-11-16 18:30:43.000000000 +0000
@@ -370,6 +370,7 @@
"sigreturn\0"
"time\0"
"ugetrlimit\0"
+ "uretprobe\0"
},
[SYSCALL_FILTER_SET_AIO] = {
.name = "@aio",
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/systemd/_sd-common.h systemd-252.32/src/systemd/_sd-common.h
--- systemd-252.31/src/systemd/_sd-common.h 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/systemd/_sd-common.h 2024-11-16 18:30:43.000000000 +0000
@@ -45,6 +45,10 @@
# define _sd_pure_ __attribute__((__pure__))
#endif
+#ifndef _sd_const_
+# define _sd_const_ __attribute__((__const__))
+#endif
+
/* Note that strictly speaking __deprecated__ has been available before GCC 6. However, starting with GCC 6
* it also works on enum values, which we are interested in. Since this is a developer-facing feature anyway
* (as opposed to build engineer-facing), let's hence conditionalize this to gcc 6, given that the developers
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/systemd/sd-id128.h systemd-252.32/src/systemd/sd-id128.h
--- systemd-252.31/src/systemd/sd-id128.h 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/systemd/sd-id128.h 2024-11-16 18:30:43.000000000 +0000
@@ -115,24 +115,24 @@
#define SD_ID128_MAKE_UUID_STR(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) \
#a #b #c #d "-" #e #f "-" #g #h "-" #i #j "-" #k #l #m #n #o #p
-_sd_pure_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
+_sd_const_ static __inline__ int sd_id128_equal(sd_id128_t a, sd_id128_t b) {
return a.qwords[0] == b.qwords[0] && a.qwords[1] == b.qwords[1];
}
int sd_id128_string_equal(const char *s, sd_id128_t id);
-_sd_pure_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
+_sd_const_ static __inline__ int sd_id128_is_null(sd_id128_t a) {
return a.qwords[0] == 0 && a.qwords[1] == 0;
}
-_sd_pure_ static __inline__ int sd_id128_is_allf(sd_id128_t a) {
+_sd_const_ static __inline__ int sd_id128_is_allf(sd_id128_t a) {
return a.qwords[0] == UINT64_C(0xFFFFFFFFFFFFFFFF) && a.qwords[1] == UINT64_C(0xFFFFFFFFFFFFFFFF);
}
#define SD_ID128_NULL ((const sd_id128_t) { .qwords = { 0, 0 }})
#define SD_ID128_ALLF ((const sd_id128_t) { .qwords = { UINT64_C(0xFFFFFFFFFFFFFFFF), UINT64_C(0xFFFFFFFFFFFFFFFF) }})
-_sd_pure_ static __inline__ int sd_id128_in_setv(sd_id128_t a, va_list ap) {
+_sd_const_ static __inline__ int sd_id128_in_setv(sd_id128_t a, va_list ap) {
for (;;) {
sd_id128_t b = va_arg(ap, sd_id128_t);
@@ -144,7 +144,7 @@
}
}
-_sd_pure_ static __inline__ int sd_id128_in_set_sentinel(sd_id128_t a, ...) {
+_sd_const_ static __inline__ int sd_id128_in_set_sentinel(sd_id128_t a, ...) {
va_list ap;
int r;
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/test/test-calendarspec.c systemd-252.32/src/test/test-calendarspec.c
--- systemd-252.31/src/test/test-calendarspec.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/test/test-calendarspec.c 2024-11-16 18:30:43.000000000 +0000
@@ -191,18 +191,18 @@
TEST(calendar_spec_next) {
test_next("2016-03-27 03:17:00", "", 12345, 1459048620000000);
- test_next("2016-03-27 03:17:00", "CET", 12345, 1459041420000000);
- test_next("2016-03-27 03:17:00", "EET", 12345, -1);
+ test_next("2016-03-27 03:17:00", "Europe/Berlin", 12345, 1459041420000000);
+ test_next("2016-03-27 03:17:00", "Europe/Kyiv", 12345, -1);
test_next("2016-03-27 03:17:00 UTC", NULL, 12345, 1459048620000000);
test_next("2016-03-27 03:17:00 UTC", "", 12345, 1459048620000000);
- test_next("2016-03-27 03:17:00 UTC", "CET", 12345, 1459048620000000);
- test_next("2016-03-27 03:17:00 UTC", "EET", 12345, 1459048620000000);
- test_next("2016-03-27 03:17:00.420000001 UTC", "EET", 12345, 1459048620420000);
- test_next("2016-03-27 03:17:00.4200005 UTC", "EET", 12345, 1459048620420001);
- test_next("2015-11-13 09:11:23.42", "EET", 12345, 1447398683420000);
- test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683420000, 1447398685190000);
- test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683419999, 1447398683420000);
- test_next("Sun 16:00:00", "CET", 1456041600123456, 1456066800000000);
+ test_next("2016-03-27 03:17:00 UTC", "Europe/Berlin", 12345, 1459048620000000);
+ test_next("2016-03-27 03:17:00 UTC", "Europe/Kyiv", 12345, 1459048620000000);
+ test_next("2016-03-27 03:17:00.420000001 UTC", "Europe/Kyiv", 12345, 1459048620420000);
+ test_next("2016-03-27 03:17:00.4200005 UTC", "Europe/Kyiv", 12345, 1459048620420001);
+ test_next("2015-11-13 09:11:23.42", "Europe/Kyiv", 12345, 1447398683420000);
+ test_next("2015-11-13 09:11:23.42/1.77", "Europe/Kyiv", 1447398683420000, 1447398685190000);
+ test_next("2015-11-13 09:11:23.42/1.77", "Europe/Kyiv", 1447398683419999, 1447398683420000);
+ test_next("Sun 16:00:00", "Europe/Berlin", 1456041600123456, 1456066800000000);
test_next("*-04-31", "", 12345, -1);
test_next("2016-02~01 UTC", "", 12345, 1456704000000000);
test_next("Mon 2017-05~01..07 UTC", "", 12345, 1496016000000000);
@@ -221,7 +221,7 @@
test_next("2017-04-02 03:30:00 Pacific/Auckland", "", 12345, 1491060600000000);
/* Confirm that timezones in the Spec work regardless of current timezone */
test_next("2017-09-09 20:42:00 Pacific/Auckland", "", 12345, 1504946520000000);
- test_next("2017-09-09 20:42:00 Pacific/Auckland", "EET", 12345, 1504946520000000);
+ test_next("2017-09-09 20:42:00 Pacific/Auckland", "Europe/Kyiv", 12345, 1504946520000000);
/* Check that we don't start looping if mktime() moves us backwards */
test_next("Sun *-*-* 01:00:00 Europe/Dublin", "", 1616412478000000, 1617494400000000);
test_next("Sun *-*-* 01:00:00 Europe/Dublin", "IST", 1616412478000000, 1617494400000000);
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/src/test/test-terminal-util.c systemd-252.32/src/test/test-terminal-util.c
--- systemd-252.31/src/test/test-terminal-util.c 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/src/test/test-terminal-util.c 2024-11-16 18:30:43.000000000 +0000
@@ -22,6 +22,10 @@
"in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat " \
"non proident, sunt in culpa qui officia deserunt mollit anim id est laborum."
+TEST(colors_enabled) {
+ log_info("colors_enabled: %s", yes_no(colors_enabled()));
+}
+
TEST(default_term_for_tty) {
puts(default_term_for_tty("/dev/tty23"));
puts(default_term_for_tty("/dev/ttyS23"));
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/test/test-functions systemd-252.32/test/test-functions
--- systemd-252.31/test/test-functions 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/test/test-functions 2024-11-16 18:30:43.000000000 +0000
@@ -2204,8 +2204,6 @@
inst_any /usr/share/zoneinfo/Europe/Kyiv
inst_any /usr/share/zoneinfo/Pacific/Auckland
inst_any /usr/share/zoneinfo/Pacific/Honolulu
- inst_any /usr/share/zoneinfo/CET
- inst_any /usr/share/zoneinfo/EET
inst_any /usr/share/zoneinfo/UTC
}
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/test/units/TEST-74-AUX-UTILS.sysusers.sh systemd-252.32/test/units/TEST-74-AUX-UTILS.sysusers.sh
--- systemd-252.31/test/units/TEST-74-AUX-UTILS.sysusers.sh 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/test/units/TEST-74-AUX-UTILS.sysusers.sh 1970-01-01 01:00:00.000000000 +0100
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -eux
-set -o pipefail
-
-# shellcheck source=test/units/util.sh
-. "$(dirname "$0")"/util.sh
-
-at_exit() {
- set +e
- userdel -r foobarbaz
- umount /run/systemd/userdb/
-}
-
-# Check that we indeed run under root to make the rest of the test work
-[[ "$(id -u)" -eq 0 ]]
-
-trap at_exit EXIT
-
-# Ensure that a non-responsive NSS socket doesn't make sysusers fail
-mount -t tmpfs tmpfs /run/systemd/userdb/
-touch /run/systemd/userdb/io.systemd.DynamicUser
-echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
-grep -q foobarbaz /etc/passwd
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/test/units/testsuite-19.IPAddressAllow-Deny.sh systemd-252.32/test/units/testsuite-19.IPAddressAllow-Deny.sh
--- systemd-252.31/test/units/testsuite-19.IPAddressAllow-Deny.sh 1970-01-01 01:00:00.000000000 +0100
+++ systemd-252.32/test/units/testsuite-19.IPAddressAllow-Deny.sh 2024-11-16 18:30:43.000000000 +0000
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+set -o pipefail
+
+# shellcheck source=test/units/assert.sh
+. "$(dirname "$0")"/assert.sh
+
+if [[ "$(get_cgroup_hierarchy)" != unified ]]; then
+ echo "Skipping $0 as we're not running with the unified cgroup hierarchy."
+ exit 0
+fi
+
+if systemd-detect-virt --container --quiet; then
+ echo "Skipping $0 as we're running on container."
+ exit 0
+fi
+
+ip netns add test-ns
+ip link add test-veth-1 type veth peer test-veth-2
+ip link set test-veth-2 netns test-ns
+ip link set test-veth-1 up
+ip address add 192.0.2.1/24 dev test-veth-1
+ip address add 2001:db8::1/64 dev test-veth-1 nodad
+ip netns exec test-ns ip link set test-veth-2 up
+ip netns exec test-ns ip address add 192.0.2.2/24 dev test-veth-2
+ip netns exec test-ns ip address add 2001:db8::2/64 dev test-veth-2 nodad
+
+ping_ok_one() {
+ local interface="${1?}"
+ local target="${2?}"
+ shift 2
+
+ assert_true systemd-run --wait --pipe "$@" ping -c 1 -W 1 -I "$interface" "$target"
+}
+
+ping_fail_one() {
+ local interface="${1?}"
+ local target="${2?}"
+ shift 2
+
+ assert_fail systemd-run --wait --pipe "$@" ping -c 1 -W 1 -I "$interface" "$target"
+}
+
+ping_ok() {
+ ping_ok_one lo 127.0.0.1 "$@"
+ ping_ok_one lo ::1 "$@"
+ ping_ok_one test-veth-1 192.0.2.2 "$@"
+ ping_ok_one test-veth-1 2001:db8::2 "$@"
+}
+
+ping_fail() {
+ ping_fail_one lo 127.0.0.1 "$@"
+ ping_fail_one lo ::1 "$@"
+ ping_fail_one test-veth-1 192.0.2.2 "$@"
+ ping_fail_one test-veth-1 2001:db8::2 "$@"
+}
+
+ping_ok
+ping_ok -p IPAddressDeny=any -p IPAddressDeny=
+ping_ok -p IPAddressDeny=any -p IPAddressDeny= -p IPAddressDeny=link-local
+ping_ok -p IPAddressDeny=any -p IPAddressAllow=localhost -p IPAddressAllow=192.0.2.0/24 -p IPAddressAllow=2001:db8::/64
+ping_ok -p IPAddressDeny=any -p IPAddressAllow=localhost -p IPAddressAllow=192.0.2.0/24 -p IPAddressAllow=2001:db8::/64 \
+ -p IPAddressAllow= -p IPAddressAllow=localhost -p IPAddressAllow=192.0.2.0/24 -p IPAddressAllow=2001:db8::/64
+
+ping_fail -p IPAddressDeny=any
+ping_fail -p IPAddressDeny=any -p IPAddressDeny= -p IPAddressDeny=localhost -p IPAddressDeny=192.0.2.0/24 -p IPAddressDeny=2001:db8::/64
+ping_fail -p IPAddressDeny=any -p IPAddressAllow=localhost -p IPAddressAllow=192.0.2.0/24 -p IPAddressAllow=2001:db8::/64 -p IPAddressAllow=
+ping_fail -p IPAddressDeny=any -p IPAddressAllow=localhost -p IPAddressAllow=192.0.2.0/24 -p IPAddressAllow=2001:db8::/64 -p IPAddressAllow= -p IPAddressAllow=link-local
+
+ip link del test-veth-1
+ip netns exec test-ns ip link del test-veth-2 || :
+ip netns del test-ns
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/test/units/testsuite-60.sh systemd-252.32/test/units/testsuite-60.sh
--- systemd-252.31/test/units/testsuite-60.sh 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/test/units/testsuite-60.sh 2024-11-16 18:30:43.000000000 +0000
@@ -59,7 +59,7 @@
# mount LOOP_0
mount -t ext4 "${LOOP_0}p1" /tmp/deptest
- sleep 1
+ timeout 10 bash -c 'until systemctl -q is-active tmp-deptest.mount; do sleep .1; done'
after=$(systemctl show --property=After --value tmp-deptest.mount)
assert_in "local-fs-pre.target" "$after"
assert_not_in "remote-fs-pre.target" "$after"
@@ -68,7 +68,7 @@
assert_in "blockdev@${escaped_0}.target" "$after"
assert_not_in "${escaped_1}.device" "$after"
assert_not_in "blockdev@${escaped_1}.target" "$after"
- umount /tmp/deptest
+ systemctl stop tmp-deptest.mount
if [[ -f /run/systemd/system/tmp-deptest.mount ]]; then
after=$(systemctl show --property=After --value tmp-deptest.mount)
@@ -79,7 +79,7 @@
# mount LOOP_1 (using fake _netdev option)
mount -t ext4 -o _netdev "${LOOP_1}p1" /tmp/deptest
- sleep 1
+ timeout 10 bash -c 'until systemctl -q is-active tmp-deptest.mount; do sleep .1; done'
after=$(systemctl show --property=After --value tmp-deptest.mount)
assert_not_in "local-fs-pre.target" "$after"
assert_in "remote-fs-pre.target" "$after"
@@ -88,7 +88,7 @@
assert_not_in "blockdev@${escaped_0}.target" "$after"
assert_in "${escaped_1}.device" "$after"
assert_in "blockdev@${escaped_1}.target" "$after"
- umount /tmp/deptest
+ systemctl stop tmp-deptest.mount
if [[ -f /run/systemd/system/tmp-deptest.mount ]]; then
after=$(systemctl show --property=After --value tmp-deptest.mount)
@@ -99,7 +99,7 @@
# mount tmpfs
mount -t tmpfs tmpfs /tmp/deptest
- sleep 1
+ timeout 10 bash -c 'until systemctl -q is-active tmp-deptest.mount; do sleep .1; done'
after=$(systemctl show --property=After --value tmp-deptest.mount)
assert_in "local-fs-pre.target" "$after"
assert_not_in "remote-fs-pre.target" "$after"
@@ -108,7 +108,7 @@
assert_not_in "blockdev@${escaped_0}.target" "$after"
assert_not_in "${escaped_1}.device" "$after"
assert_not_in "blockdev@${escaped_1}.target" "$after"
- umount /tmp/deptest
+ systemctl stop tmp-deptest.mount
if [[ -f /run/systemd/system/tmp-deptest.mount ]]; then
after=$(systemctl show --property=After --value tmp-deptest.mount)
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/test/units/testsuite-74.firstboot.sh systemd-252.32/test/units/testsuite-74.firstboot.sh
--- systemd-252.31/test/units/testsuite-74.firstboot.sh 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/test/units/testsuite-74.firstboot.sh 2024-11-16 18:30:43.000000000 +0000
@@ -82,7 +82,7 @@
--locale=locale-overwrite \
--locale-messages=messages-overwrite \
--keymap=keymap-overwrite \
- --timezone=CET \
+ --timezone=Europe/Berlin \
--hostname=hostname-overwrite \
--machine-id=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb \
--root-password-hashed="$ROOT_HASHED_PASSWORD2" \
@@ -103,7 +103,7 @@
--locale=locale-overwrite \
--locale-messages=messages-overwrite \
--keymap=keymap-overwrite \
- --timezone=CET \
+ --timezone=Europe/Berlin \
--hostname=hostname-overwrite \
--machine-id=bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb \
--root-password-hashed="$ROOT_HASHED_PASSWORD2" \
@@ -112,7 +112,7 @@
grep -q "LANG=locale-overwrite" "$ROOT$LOCALE_PATH"
grep -q "LC_MESSAGES=messages-overwrite" "$ROOT$LOCALE_PATH"
grep -q "KEYMAP=keymap-overwrite" "$ROOT/etc/vconsole.conf"
-readlink "$ROOT/etc/localtime" | grep -q "/CET$"
+readlink "$ROOT/etc/localtime" | grep -q "/Europe/Berlin$"
grep -q "hostname-overwrite" "$ROOT/etc/hostname"
grep -q "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" "$ROOT/etc/machine-id"
grep -q "^root:x:0:0:.*:/bin/barshell$" "$ROOT/etc/passwd"
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/test/units/testsuite-74.sysusers.sh systemd-252.32/test/units/testsuite-74.sysusers.sh
--- systemd-252.31/test/units/testsuite-74.sysusers.sh 1970-01-01 01:00:00.000000000 +0100
+++ systemd-252.32/test/units/testsuite-74.sysusers.sh 2024-11-16 18:30:43.000000000 +0000
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+at_exit() {
+ set +e
+ userdel -r foobarbaz
+ umount /run/systemd/userdb/
+}
+
+# Check that we indeed run under root to make the rest of the test work
+[[ "$(id -u)" -eq 0 ]]
+
+trap at_exit EXIT
+
+# Ensure that a non-responsive NSS socket doesn't make sysusers fail
+mount -t tmpfs tmpfs /run/systemd/userdb/
+touch /run/systemd/userdb/io.systemd.DynamicUser
+echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
+grep -q foobarbaz /etc/passwd
diff -Nru --exclude pnp_id_registry.html --exclude acpi_id_registry.html --exclude parse_hwdb.py --exclude acpi_id_registry.csv --exclude pnp_id_registry.csv --exclude usb.ids --exclude pci.ids --exclude ma-large.txt --exclude ma-medium.txt --exclude ma-small.txt --exclude '*hwdb.patch' --exclude '*hwdb' systemd-252.31/units/systemd-logind.service.in systemd-252.32/units/systemd-logind.service.in
--- systemd-252.31/units/systemd-logind.service.in 2024-10-10 18:34:03.000000000 +0100
+++ systemd-252.32/units/systemd-logind.service.in 2024-11-16 18:30:43.000000000 +0000
@@ -27,6 +27,7 @@
DeviceAllow=block-* r
DeviceAllow=char-/dev/console rw
DeviceAllow=char-drm rw
+DeviceAllow=char-hvc rw
DeviceAllow=char-input rw
DeviceAllow=char-tty rw
DeviceAllow=char-vcs rw
