Package: systemd / 241-7~deb10u4

Metadata

Package Version Patches format
systemd 241-7~deb10u4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
sd bus enforce a size limit on D Bus object paths.patch | (download)

src/libsystemd/sd-bus/bus-internal.c | 2 1 + 1 - 0 !
src/libsystemd/sd-bus/bus-internal.h | 4 4 + 0 - 0 !
src/libsystemd/sd-bus/bus-objects.c | 64 50 + 14 - 0 !
3 files changed, 55 insertions(+), 15 deletions(-)

 sd-bus: enforce a size limit on d-bus object paths

Replace stack with heap allocation. This avoids accessing/modifying
memory outside of the allocated stack region by sending specially
crafted D-Bus messages with very large object paths.

Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>,
patch provided by Riccardo Schirone <rschiron@redhat.com>.

CVE-2019-6454

udev network drop unused parent_driver argument from net_.patch | (download)

src/libsystemd-network/network-internal.c | 1 0 + 1 - 0 !
src/libsystemd-network/network-internal.h | 1 0 + 1 - 0 !
src/network/netdev/netdev.c | 2 1 + 1 - 0 !
src/network/networkd-network.c | 9 2 + 7 - 0 !
src/udev/net/link-config.c | 6 1 + 5 - 0 !
5 files changed, 4 insertions(+), 15 deletions(-)

 udev,network: drop unused parent_driver argument from
 net_match_config()

The argument has never been used.

(cherry picked from commit 4f4daf418f2e750caae6bc26cd49daafc23ad4de)

sd device also store properties read from udev database t.patch | (download)

src/libsystemd/sd-device/sd-device.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 sd-device: also store properties read from udev database to
 sd_device::properties_db

Follow-up for a3ce813697bcc1c4644e097a2f1cd0459326d6ee and
5ce41697bd3ddc19cd6e1e6834751082ca0c8b02.

Before a3ce813697bcc1c4644e097a2f1cd0459326d6ee, all properties in
src->properties and src->properties_db are mixed and copied to
dst->properties_db by device_copy_properties().
So, it is not necessary to store data from udev database file to
sd_device::properties_db before copying properties.

But now, properties are not mixed. So, the read data need to be
stored to also ::properties_db.

Fixes #11721.

(cherry picked from commit 03dd7b7ddec1b0e06f254972a2e05f516a05edaf)

networkd test disable DNSSEC in domain restricted DNS tes.patch | (download)

test/networkd-test.py | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 networkd-test: disable dnssec in domain-restricted dns test

dnsmasq 2.80 changed behaviour when being queried by resolved with
enabled DNSSEC: It returns errors for SOA and DS queries which cause the
entire query to fail. As we don't configure DNSSEC in this test anyway,
just disable it so that we retain compatibility with old and new dnsmasq
versions.

(cherry picked from commit 6592c9c850675fb20236271efc4f65acbe3bfa00)

networkd test use a complete domain name in test_route_on.patch | (download)

test/networkd-test.py | 32 16 + 16 - 0 !
1 file changed, 16 insertions(+), 16 deletions(-)

 networkd-test: use a complete domain name in test_route_only_dns()

Since version 241 (commit ea4678?), querying MX type records for
single-label domains does not actually forward the query to the DNS
server any more. Use "example.com" instead, which is the recommended
test domain anyway.

(cherry picked from commit ca56805c8de43fc21ab4657cf5ebd1e0248527ac)

networkd test fix test_dropin.patch | (download)

test/networkd-test.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 networkd-test: fix test_dropin()

 - This test needs resolved, so make sure it is started. In some Debian
   environments it is not.
 - It was an unnecessary, and now failing assumption that name servers
   get atomically written to the resolved's resolv.conf. Wait until both
   expected name servers are in the file.

(cherry picked from commit f5cf985e9cc6fff747ca17acadb1b4751076103b)

networkd test ignore failures of test_route_only_dns in c.patch | (download)

test/networkd-test.py | 23 19 + 4 - 0 !
1 file changed, 19 insertions(+), 4 deletions(-)

 networkd-test: ignore failures of test_route_only_dns* in containers

This test exposes a race condition when running in LXC, see issue #11848
for details. Until that is understood and fixed, skip the test as it's
not a recent regression.

(cherry picked from commit 09b8826ea371e027c76a573a226bfd8f8c5652a2)

timedate fix emitted value when ntp client is enabled dis.patch | (download)

src/timedate/timedated.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 timedate: fix emitted value when ntp client is enabled/disabled
 (#11951)

This fixes a regression originall caused by cf3872bd2 and
triggered by b4356b5720a.

Fixes #11944

(cherry picked from commit 49942d6b1eac12f3157c628ee6249c3bbb3602aa)

cgtop Fix processing of controllers other than CPU.patch | (download)

src/cgtop/cgtop.c | 130 65 + 65 - 0 !
1 file changed, 65 insertions(+), 65 deletions(-)

 cgtop: fix processing of controllers other than cpu

After debugging the issue with gdb, I found that the following change

 94ddb08 "cgtop: Still try to get CPU statistics if controller-free"

has introduced a bug, which prevents process(..) method processing
memory and io controllers when cpu_accounting_is_cheap() is true.
The obvious fix is to move this branch to be the last one, keeping
the intended behavior of the above change, without having a negative
effect on the other controllers.

Fixes #11773 [systemd-cgtop no longer shows memory (and io) usage]

(cherry picked from commit 5fe74e893c7939a360dc4eb75dbf3f540526c968)

udev restore debug level when logging a failure in the ex.patch | (download)

src/udev/udev-rules.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 udev: restore debug level when logging a failure in the external
 prog called by IMPORT{program}

It was already the case before commit a75211421fc9366068e6d9446e8e567246c72feb,
which upgraded the log to warning.

This seems an unintended side effect as the commit message doesn't mention it
and the old behavior looks more appropriate.

(cherry picked from commit 3c37dadf627677eef62fcfc0c0f07cc67c748a9e)

remove . path components from required mount paths.patch | (download)

src/core/unit.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove "." path components from required mount paths

unit_require_mounts_for may be passed path arguments that contain "."
components like for user's home directories where "." is sometimes used
to specify some form of anchor point.

This change stops considering such path as an error and removes the "."
components instead.

Closes: #11910
(cherry picked from commit 106bf8e445a797f9d9c88b827ed42193f2f6b838)

Re add uaccess tag for dev dri renderD.patch | (download)

meson.build | 4 3 + 1 - 0 !
src/login/70-uaccess.rules.m4 | 4 4 + 0 - 0 !
2 files changed, 7 insertions(+), 1 deletion(-)

 re-add uaccess tag for /dev/dri/renderd*

Setting an access mode != 0666 is explicitly supported via -Dgroup-render-mode
In such a case, re-add the uaccess tag.

This is basically the same change that was done for /dev/kvm in
commit fa53e24130af3a389573acb9585eadbf7192955f and
ace5e3111c0b8d8bfd84b32f2c689b0a4d92c061
and partially reverts the changes from
4e15a7343cb389e97f3eb4f49699161862d8b8b2

(cherry picked from commit 055a083a47de968744c4988fe305592477118c86)

udev run programs in the specified order.patch | (download)

src/udev/udev-event.c | 6 3 + 3 - 0 !
src/udev/udev-node.c | 6 3 + 3 - 0 !
src/udev/udev-node.h | 2 1 + 1 - 0 !
src/udev/udev-rules.c | 12 6 + 6 - 0 !
src/udev/udev.h | 4 2 + 2 - 0 !
src/udev/udevadm-test.c | 2 1 + 1 - 0 !
6 files changed, 16 insertions(+), 16 deletions(-)

 udev: run programs in the specified order

This fixes bugs introduced by 29448498c724da7ade1b5efb20d7472c1b128d2c
and d838e14515c82b05a07f2bf393cce057b45b2b53.

Previously, RUN and SECLABEL keys are stored in udev_list with its unique
flag is false. If the flag is false, then udev_list is just a linked
list and new entries are always added in the last.
So, we should use OrderedHashmap instead of Hashmap.

Fixes #11368.

(cherry picked from commit 39a15c8a8dad26deda140867f03e44a535b7bd8d)

bash completion use default completion for redirect opera.patch | (download)

shell-completion/bash/journalctl | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 bash-completion: use default completion for redirect operators

(cherry picked from commit 1413763ea540a897852494259cb949fe01e1e7e7)

networkd clarify that IPv6 RA uses our own stack no the k.patch | (download)

man/systemd.network.xml | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 networkd: clarify that ipv6 ra uses our own stack, no the kernel's

Fixes: #8906
(cherry picked from commit c4a05aa1a8338013108d099de805f3262a871c0f)

network remove routing policy rule from foreign rule data.patch | (download)

src/network/networkd-routing-policy-rule.c | 19 11 + 8 - 0 !
1 file changed, 11 insertions(+), 8 deletions(-)

 network: remove routing policy rule from foreign rule database when
 it is removed

Previously, When the first link configures rules, it removes all saved
rules, which were configured by networkd previously, in the foreign rule
database, but the rules themselves are still in the database.
Thus, when the second or later link configures rules, it errnously
treats the rules already exist.
This is the root of issue #11280.

This removes rules from the foreign database when they are removed.

Fixes #11280.

(cherry picked from commit 92cd00b9749141907a1110044cc7d1f01caff545)

network do not remove rule when it is requested by existi.patch | (download)

src/network/networkd-routing-policy-rule.c | 26 26 + 0 - 0 !
1 file changed, 26 insertions(+)

 network: do not remove rule when it is requested by existing links

Otherwise, the first link once removes all saved rules in the foreign
rule database, and the second or later links create again...

(cherry picked from commit 031fb59a984e5b51f3c72aa8125ecc50b08011fe)

pam systemd use secure_getenv rather than getenv.patch | (download)

src/login/pam_systemd.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 pam-systemd: use secure_getenv() rather than getenv()

And explain why in a comment.

(cherry picked from commit 83d4ab55336ff8a0643c6aa627b31e351a24040a)

journal remote do not request Content Length if Transfer .patch | (download)

src/journal-remote/journal-remote-main.c | 41 27 + 14 - 0 !
1 file changed, 27 insertions(+), 14 deletions(-)

 journal-remote: do not request content-length if transfer-encoding
 is chunked

This fixes a bug introduced by 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd.

Closes #11571.

(cherry picked from commit a289dfd69b3ff4bccdde93e84b67c947bafa27e1)

systemctl restore systemctl reboot ARG functionality.patch | (download)

src/core/emergency-action.c | 4 2 + 2 - 0 !
src/shared/reboot-util.c | 5 4 + 1 - 0 !
src/shared/reboot-util.h | 2 1 + 1 - 0 !
src/systemctl/systemctl.c | 4 2 + 2 - 0 !
4 files changed, 9 insertions(+), 6 deletions(-)

 systemctl: restore "systemctl reboot arg" functionality

Commit d85515edcf9700dc068201ab9f7103f04f3b25b2 changed logic how reboot is
executed. That commit changed behavior to use emergency action reboot code path
to perform the reboot.

This inadvertently broke rebooting with argument:
$ systemctl reboot custom-reason

Restore original behavior so that if reboot service unit similar to
systemd-reboot.service is executed it is possible to override reboot reason
with "systemctl reboot ARG".

When "systemctl reboot ARG" is executed ARG is placed in file
/run/systemd/reboot-param and reboot is issued using logind's Reboot
dbus-service.

If RebootArgument is specified in systemd-reboot.service it takes precedence
over what systemctl sets.

Fixes: #11828
(cherry picked from commit 77defcf5382a557189350f928967d676510e362c)

random util eat up bad RDRAND values seen on AMD CPUs.patch | (download)

src/basic/random-util.c | 15 14 + 1 - 0 !
1 file changed, 14 insertions(+), 1 deletion(-)

 random-util: eat up bad rdrand values seen on amd cpus

An ugly, ugly work-around for #11810. And no, we shouldn't have to do
this. This is something for AMD, the firmware or the kernel to
fix/work-around, not us. But nonetheless, this should do it for now.

Fixes: #11810
(cherry picked from commit 1c53d4a070edbec8ad2d384ba0014d0eb6bae077)

ask password prevent buffer overflow when reading from ke.patch | (download)

src/shared/ask-password-api.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 ask-password: prevent buffer overflow when reading from keyring

When we read from keyring, a temporary buffer is allocated in order to
determine the size needed for the entire data. However, when zeroing that area,
we use the data size returned by the read instead of the lesser size allocate
for the buffer.

That will cause memory corruption that causes systemd-cryptsetup to crash
either when a single large password is used or when multiple passwords have
already been pushed to the keyring.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
(cherry picked from commit 59c55e73eaee345e1ee67c23eace8895ed499693)

core unset HOME that the kernel gives us.patch | (download)

src/core/main.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 core: unset home=/ that the kernel gives us

Partially fixes #12389.

%h would return "/" in a machine, but "/root" in a container. Let's fix
this by resetting $HOME to the expected value.

(cherry picked from commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db)

man add note that h u U are mostly useless.patch | (download)

man/systemd.unit.xml | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

 man: add note that %h/%u/%u are mostly useless

Fixes #12389.

(cherry picked from commit b4e2407716731d1ce099bad1c2778f7a4424ed2e)

sysctl util add sysctl_read_ip_property.patch | (download)

src/shared/sysctl-util.c | 22 22 + 0 - 0 !
src/shared/sysctl-util.h | 1 1 + 0 - 0 !
2 files changed, 23 insertions(+)

 sysctl-util: add sysctl_read_ip_property()

(cherry picked from commit a6b3b0aace152b77682d68d99b3e41580c955efb)

network check whether ipv6 is enabled in sysctl.patch | (download)

src/network/networkd-link.c | 12 12 + 0 - 0 !
src/network/networkd-manager.c | 18 18 + 0 - 0 !
src/network/networkd-manager.h | 4 4 + 0 - 0 !
3 files changed, 34 insertions(+)

 network: check whether ipv6 is enabled in sysctl

Currently, the value is read only once.

Fixes #11711.

(cherry picked from commit 4b600505dda8af6c43496f9e93e420a192d9a38b)

network ignore requested ipv6 addresses when ipv6 is disa.patch | (download)

src/network/networkd-address.c | 7 6 + 1 - 0 !
src/network/networkd-link.c | 4 2 + 2 - 0 !
src/network/networkd-ndisc.c | 4 2 + 2 - 0 !
3 files changed, 10 insertions(+), 5 deletions(-)

 network: ignore requested ipv6 addresses when ipv6 is disabled by
 sysctl

(cherry picked from commit 54a1a535bd60f13964bbddd8f381601e33e8e56f)

network ignore requested ipv6 route when ipv6 is disabled.patch | (download)

src/network/networkd-link.c | 4 2 + 2 - 0 !
src/network/networkd-ndisc.c | 12 6 + 6 - 0 !
src/network/networkd-route.c | 7 6 + 1 - 0 !
3 files changed, 14 insertions(+), 9 deletions(-)

 network: ignore requested ipv6 route when ipv6 is disabled by sysctl

(cherry picked from commit c442331750a2a9711036080f7590e190b9b0eb54)

network ignore requested ipv6 routing policy rule when ip.patch | (download)

src/network/networkd-link.c | 4 2 + 2 - 0 !
src/network/networkd-routing-policy-rule.c | 7 6 + 1 - 0 !
2 files changed, 8 insertions(+), 3 deletions(-)

 network: ignore requested ipv6 routing policy rule when ipv6 is
 disabled by sysctl

(cherry picked from commit 7ef7e5509b637e660e89ba8a938930ec01de6e54)

network read link specific sysctl value.patch | (download)

src/network/networkd-address.c | 2 1 + 1 - 0 !
src/network/networkd-link.c | 24 20 + 4 - 0 !
src/network/networkd-link.h | 4 4 + 0 - 0 !
src/network/networkd-manager.c | 17 0 + 17 - 0 !
src/network/networkd-manager.h | 4 0 + 4 - 0 !
src/network/networkd-route.c | 2 1 + 1 - 0 !
src/network/networkd-routing-policy-rule.c | 2 1 + 1 - 0 !
7 files changed, 27 insertions(+), 28 deletions(-)

 network: read link specific sysctl value

This introduce link_sysctl_ipv6_enabled() and replaces
manager_sysctl_ipv6_enabled() with it.

(cherry picked from commit bafa9641446852f7fa15ca12d08a223d345c78ea)

networkd fix link_up 12505.patch | (download)

src/network/networkd-link.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 networkd: fix link_up() (#12505)

Fillup IFLA_INET6_ADDR_GEN_MODE while we do link_up.

Fixes the following error:
```
dummy-test: Could not bring up interface: Invalid argument
```

After reading the kernel code when we do a link up
```
net/core/rtnetlink.c
IFLA_AF_SPEC
 af_ops->set_link_af(dev, af);
  inet6_set_link_af
   if (tb[IFLA_INET6_ADDR_GEN_MODE])
             Here it looks for IFLA_INET6_ADDR_GEN_MODE
```
Since link up we didn't filling up that it's failing.

Closes #12504.

(cherry picked from commit 4eb086a38712ea98faf41e075b84555b11b54362)

network do not send ipv6 token to kernel.patch | (download)

src/network/networkd-link.c | 51 6 + 45 - 0 !
1 file changed, 6 insertions(+), 45 deletions(-)

 network: do not send ipv6 token to kernel

We disabled kernel RA support. Then, we should not send
IFLA_INET6_TOKEN.
Thus, we do not need to send IFLA_INET6_ADDR_GEN_MODE twice.

Follow-up for 0e2fdb83bb5e22047e0c7cc058b415d0e93f02cf and
4eb086a38712ea98faf41e075b84555b11b54362.

(cherry picked from commit 9f6e82e6eb3b6e73d66d00d1d6eee60691fb702f)

meson make nologin path build time configurable.patch | (download)

man/nss-mymachines.xml | 4 2 + 2 - 0 !
man/sysusers.d.xml | 4 2 + 2 - 0 !
meson.build | 1 1 + 0 - 0 !
meson_options.txt | 1 1 + 0 - 0 !
src/basic/user-util.c | 4 2 + 2 - 0 !
src/nss-mymachines/nss-mymachines.c | 4 2 + 2 - 0 !
src/nss-systemd/nss-systemd.c | 4 2 + 2 - 0 !
src/sysusers/sysusers.c | 2 1 + 1 - 0 !
src/test/test-user-util.c | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test-1.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-10.expected-passwd | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test-11.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-12.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-2.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-3.expected-passwd | 8 4 + 4 - 0 !
test/TEST-21-SYSUSERS/test-4.expected-passwd | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test-5.expected-passwd | 34 17 + 17 - 0 !
test/TEST-21-SYSUSERS/test-6.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-7.expected-passwd | 10 5 + 5 - 0 !
test/TEST-21-SYSUSERS/test-8.expected-passwd | 2 1 + 1 - 0 !
test/TEST-21-SYSUSERS/test-9.expected-passwd | 4 2 + 2 - 0 !
test/TEST-21-SYSUSERS/test.sh | 9 8 + 1 - 0 !
22 files changed, 61 insertions(+), 52 deletions(-)

 meson: make nologin path build time configurable

Some distros install nologin as /usr/sbin/nologin, others as
/sbin/nologin.
Since we can't really on merged-usr everywhere (where the path wouldn't
matter), make the path build time configurable via -Dnologin-path=.

Closes #13028

(cherry picked from commit 6db904625d413739c480ddbe7667d3f40acc4ae0)

core never propagate reload failure to service result.patch | (download)

src/core/service.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 core: never propagate reload failure to service result

Fixes: #11238
(cherry picked from commit d611cfa748aaf600832160132774074e808c82c7)

shared seccomp add sync_file_range2.patch | (download)

src/shared/seccomp-util.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 shared/seccomp: add sync_file_range2

Some architectures need the arguments to be reordered because of alignment
issues. Otherwise, it's the same as sync_file_range.

(cherry picked from commit a8fb09f57395613d472d7b555db6e0ce802a8c84)

core factor root_directory application out of apply_worki.patch | (download)

src/core/execute.c | 38 28 + 10 - 0 !
1 file changed, 28 insertions(+), 10 deletions(-)

 core: factor root_directory application out of
 apply_working_directory

Fixes: #12498
(cherry picked from commit fa97f63067a05b4e793fd4e0a2b54797459b4812)

shared bus util drop trusted annotation from bus_open_sys.patch | (download)

src/shared/bus-util.c | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 shared/bus-util: drop trusted annotation from
 bus_open_system_watch_bind_with_description()

https://bugzilla.redhat.com/show_bug.cgi?id=1746057

This only affects systemd-resolved. bus_open_system_watch_bind_with_description()
is also used in timesyncd, but it has no methods, only read-only properties, and
in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does
polkit checks.

(cherry picked from commit 35e528018f315798d3bffcb592b32a0d8f5162bd)

login add a missing error check for session_set_leader.patch | (download)

src/login/logind-dbus.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 login: add a missing error check for session_set_leader()

session_set_leader() may fail. If it fails, then manager_start_scope()
will trigger assertion.

This may be related to RHBZ#1663704.

(cherry picked from commit fe3ab8458b9c0ead4b3e14ac25b342d8c34376fe)

namespace make MountFlags shared work again.patch | (download)

src/core/execute.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 namespace: make mountflags=shared work again

Since commit 0722b359342d2a9f9e0d453875624387a0ba1be2, the root mountpoint is
unconditionnally turned to slave which breaks units that are using explicitly
MountFlags=shared (and no other options that would implicitly require a slave
root mountpoint).

Here is a test case:

  $ systemctl cat test-shared-mount-flag.service
  # /etc/systemd/system/test-shared-mount-flag.service
  [Service]
  Type=simple
  ExecStartPre=/usr/bin/mkdir -p /mnt/tmp
  ExecStart=/bin/sh -c "/usr/bin/mount -t tmpfs -o size=10M none /mnt/tmp && sleep infinity"
  ExecStop=-/bin/sh -c "/usr/bin/umount /mnt/tmp"
  MountFlags=shared

  $ systemctl start test-shared-mount-flag.service
  $ findmnt /mnt/tmp
  $

Mount on /mnt/tmp is not visible from the host although MountFlags=shared was
used.

This patch fixes that and turns the root mountpoint to slave when it's really
required.

(cherry picked from commit 37ed15d7edaf59a1fc7c9e3552cd93a83f3814ef)

mount generators do not make unit wanted by its device un.patch | (download)

src/core/mount.c | 6 1 + 5 - 0 !
src/cryptsetup/cryptsetup-generator.c | 4 0 + 4 - 0 !
2 files changed, 1 insertion(+), 9 deletions(-)

 mount/generators: do not make unit wanted by its device unit

As device units will be reloaded by systemd whenever the corresponding device generates a "changed" event, if the mount unit / cryptsetup service is wanted by its device unit, the former can be restarted by systemd unexpectedly after the user stopped them explicitly. It is not sensible at all and can be considered dangerous. Neither is the behaviour conventional (as `auto` in fstab should only affect behaviour on boot and `mount -a`) or ever documented at all (not even in systemd, see systemd.mount(5) and crypttab(5)).

(cherry picked from commit 142b8142d7bb84f07ac33fc00527a4d48ac8ef9f)

mount remove unused mount_is_auto and mount_is_automount.patch | (download)

src/core/mount.c | 14 0 + 14 - 0 !
1 file changed, 14 deletions(-)

 mount: remove unused mount_is_auto and mount_is_automount

(cherry picked from commit d0fe45cb151774827a3aca4ea5a19856dec9f600)

core set fs.file max sysctl to LONG_MAX rather than ULONG.patch | (download)

src/core/main.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 core: set fs.file-max sysctl to long_max rather than ulong_max

Since kernel 5.2 the kernel thankfully returns proper errors when we
write a value out of range to the sysctl. Which however breaks writing
ULONG_MAX to request the maximum value. Hence let's write the new
maximum value instead, LONG_MAX.

/cc @brauner

Fixes: #12803
(cherry picked from commit 6e2f78948403a4cce45b9e34311c9577c624f066)

execute remove one redundant comparison check.patch | (download)

src/core/execute.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 execute: remove one redundant comparison check

(cherry picked from commit d484580ca6f0e79abe6f3f5c677323a22d9e22d7)

core change ownership mode of the execution directories a.patch | (download)

src/core/execute.c | 47 26 + 21 - 0 !
1 file changed, 26 insertions(+), 21 deletions(-)

 core: change ownership/mode of the execution directories also for
 static users

It's probably unexpected if we do a recursive chown() when dynamic users
are used but not on static users.

hence, let's tweak the logic slightly, and recursively chown in both
cases, except when operating on the configuration directory.

Fixes: #11842
(cherry picked from commit 206e9864de460dd79d9edd7bedb47dee168765e1)

bus util treat org.freedesktop.DBus.Error.ServiceUnknown .patch | (download)

src/shared/bus-util.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 bus-util: treat org.freedesktop.dbus.error.serviceunknown nicely
 when polkit does not exist

Fixes #12209.

(cherry picked from commit 8c69fe79df6394f6b8b8d0bb536a265caf417868)
(cherry picked from commit 0bb488b22144aeb87d93e97123f71babe116261f)

resolve fix memleak.patch | (download)

src/resolve/resolved-manager.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 resolve: fix memleak

(cherry picked from commit 2400ae29a55aab8659fa778f02d1884b86a95062)
(cherry picked from commit 7727e6c0ae1769ba7ea9959aa721236c025adbdf)
(cherry picked from commit 9755ac0744f858cfa952033552ac6f2401e0f2d0)

shared split out polkit stuff from bus util.c bus polkit..patch | (download)

src/core/dbus-unit.c | 1 1 + 0 - 0 !
src/core/dbus.c | 2 1 + 1 - 0 !
src/hostname/hostnamed.c | 2 1 + 1 - 0 !
src/import/importd.c | 2 1 + 1 - 0 !
src/locale/keymap-util.c | 2 2 + 0 - 0 !
src/locale/localed.c | 2 1 + 1 - 0 !
src/login/logind-dbus.c | 1 1 + 0 - 0 !
src/login/logind-seat-dbus.c | 1 1 + 0 - 0 !
src/login/logind-session-dbus.c | 1 1 + 0 - 0 !
src/login/logind-user-dbus.c | 1 1 + 0 - 0 !
src/login/logind.c | 2 1 + 1 - 0 !
src/machine/image-dbus.c | 1 1 + 0 - 0 !
src/machine/machine-dbus.c | 1 1 + 0 - 0 !
src/machine/machined-dbus.c | 1 1 + 0 - 0 !
src/machine/machined.c | 2 1 + 1 - 0 !
src/network/networkd-link-bus.c | 2 2 + 0 - 0 !
src/network/networkd-manager-bus.c | 3 3 + 0 - 0 !
src/network/networkd-manager.c | 1 1 + 0 - 0 !
src/portable/portabled-bus.c | 2 1 + 1 - 0 !
src/portable/portabled-image-bus.c | 1 1 + 0 - 0 !
src/portable/portabled.c | 2 1 + 1 - 0 !
src/resolve/resolved-bus.c | 1 1 + 0 - 0 !
src/resolve/resolved-dnssd-bus.c | 5 3 + 2 - 0 !
src/resolve/resolved-link-bus.c | 1 1 + 0 - 0 !
src/resolve/resolved-manager.c | 2 1 + 1 - 0 !
src/shared/bus-polkit.c | 358 358 + 0 - 0 !
src/shared/bus-polkit.h | 11 11 + 0 - 0 !
src/shared/bus-util.c | 357 2 + 355 - 0 !
src/shared/bus-util.h | 7 1 + 6 - 0 !
src/shared/meson.build | 2 2 + 0 - 0 !
src/timedate/timedated.c | 2 1 + 1 - 0 !
31 files changed, 406 insertions(+), 373 deletions(-)

 =?utf-8?q?shared=3a_split_out_polkit_stuff_from_bus-util=2ec_?=
 =?utf-8?q?=E2=86=92_bus-polkit=2Ec?=

It's enough, complex stuff to warrant its own source file.

No other changes, just splitting out.

(cherry picked from commit 269e4d2d6b75329ae39a71ebe2c14500e03cda95)
(cherry picked from commit 0a19ff7004e4a567566a0a7be6b050cf34c0bfe5)
(cherry picked from commit 31a1d569db43af04669ec487f3e741ddc6d12969)
(cherry picked from commit a4722a8df23f6612c47f1bb848a6a7c81dcbdccb)

bus polkit rename return error parameter to ret_error.patch | (download)

src/shared/bus-polkit.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 bus-polkit: rename return error parameter to ret_error

(cherry picked from commit 773b1a7916bfce3aa2a21ecf534d475032e8528e)
(cherry picked from commit 5b2442d5c3ec1c86a3a8d1c1abe3234a570ba5e6)
(cherry picked from commit 4441844d5889a39d9d059c30e5d94c916d9d6735)
(cherry picked from commit 816d5e2d6dd83a3bd0ff56a352295831cb937198)

polkit reuse some common bus message appending code.patch | (download)

src/shared/bus-polkit.c | 56 32 + 24 - 0 !
1 file changed, 32 insertions(+), 24 deletions(-)

 polkit: reuse some common bus message appending code

(cherry picked from commit 95f82ae9d774f3508ce89dcbdd0714ef7385df59)
(cherry picked from commit 2589995acdb297a073270b54d8fff54b98fa57e9)
(cherry picked from commit 81532beddcc3b7946a573e15641742c452c66db7)
(cherry picked from commit 18b7b7fe307f03928bfea3ef0663048b7be6e4fb)

polkit on async pk requests re validate action details.patch | (download)

src/shared/bus-polkit.c | 30 27 + 3 - 0 !
1 file changed, 27 insertions(+), 3 deletions(-)

 polkit: on async pk requests, re-validate action/details

When we do an async pk request, let's store which action/details we used
for the original request, and when we are called for the second time,
let's compare. If the action/details changed, let's not allow the access
to go through.

(cherry picked from commit 7f56982289275ce84e20f0554475864953e6aaab)
(cherry picked from commit 0697d0d972c8d91395eb539a8e87e4aec8b37b75)
(cherry picked from commit 54791aff01aa93a8b621808d80ab506b54f245c8)
(cherry picked from commit 70d0f5ea5952a0cedd84c352070613df4ba5fc8f)

polkit use structured initialization.patch | (download)

src/shared/bus-polkit.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 polkit: use structured initialization

(cherry picked from commit f4425c72c7395ec93ae00052916a66e2f60f200b)
(cherry picked from commit 5926f9f1723fd753a0c524ed96a13538c851395e)
(cherry picked from commit 4d80c8f158333117dabb0e6f7592059cddb1d6d0)
(cherry picked from commit 9131bb3d45e6384309eea42affd1aa757ef28cd7)

sd bus introduce API for re enqueuing incoming messages.patch | (download)

src/libsystemd/sd-bus/bus-message.h | 1 1 + 0 - 0 !
src/libsystemd/sd-bus/sd-bus.c | 24 24 + 0 - 0 !
2 files changed, 25 insertions(+)

 sd-bus: introduce api for re-enqueuing incoming messages

When authorizing via PolicyKit we want to process incoming method calls
twice: once to process and figure out that we need PK authentication,
and a second time after we acquired PK authentication to actually execute
the operation. With this new call sd_bus_enqueue_for_read() we have a
way to put an incoming message back into the read queue for this
purpose.

This might have other uses too, for example debugging.

(cherry picked from commit 1068447e6954dc6ce52f099ed174c442cb89ed54)

zjs: patch modified to not make the function public
(cherry picked from commit 83bfc0d8dd026814d23e3fdfa46806394f775526)
(cherry picked from commit 2e504c92d195d407cec3ba9ed156b195c31a5f3f)
(cherry picked from commit 351627d4bfa39dd05f28d889967383af2372de6d)

polkit when authorizing via PK let s re resolve callback .patch | (download)

src/shared/bus-polkit.c | 78 52 + 26 - 0 !
1 file changed, 52 insertions(+), 26 deletions(-)

 polkit: when authorizing via pk let's re-resolve callback/userdata
 instead of caching it

Previously, when doing an async PK query we'd store the original
callback/userdata pair and call it again after the PK request is
complete. This is problematic, since PK queries might be slow and in the
meantime the userdata might be released and re-acquired. Let's avoid
this by always traversing through the message handlers so that we always
re-resolve the callback and userdata pair and thus can be sure it's
up-to-date and properly valid.

(cherry picked from commit 637486261528e8aa3da9f26a4487dc254f4b7abb)
(cherry picked from commit e2d4cb9843c50eff76e9104fec6b448c0d7c8814)
(cherry picked from commit fb21e13e8ecbe25d80c1219b14e6495795df18ef)
(cherry picked from commit c3141774dfb84b1526c4991bb775457c739eb179)

Fix typo in function name.patch | (download)

TODO | 2 1 + 1 - 0 !
src/libsystemd/sd-bus/bus-message.h | 2 1 + 1 - 0 !
src/libsystemd/sd-bus/sd-bus.c | 8 4 + 4 - 0 !
src/shared/bus-polkit.c | 2 1 + 1 - 0 !
4 files changed, 7 insertions(+), 7 deletions(-)

 fix typo in function name

(cherry picked from commit bc130b6858327b382b07b3985cf48e2aa9016b2d)
(cherry picked from commit b4eb8848240c3540180e4768216a0b884a5ed783)
(cherry picked from commit f14fa558ae9e139c94ee3af4a1ef1df313b2ff66)
(cherry picked from commit dd8aa0871d9cafa60a916d4ec01dd82d64edf7ed)

debian/Use Debian specific config files.patch | (download)

src/basic/time-util.c | 21 19 + 2 - 0 !
src/core/locale-setup.c | 21 21 + 0 - 0 !
src/locale/keymap-util.c | 209 104 + 105 - 0 !
src/timedate/timedated.c | 10 10 + 0 - 0 !
4 files changed, 154 insertions(+), 107 deletions(-)

 use debian specific config files

Use /etc/default/locale instead of /etc/locale.conf for locale settings.

Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.

Read/write /etc/timezone if /etc/localtime does not exist.

debian/Bring tmpfiles.d tmp.conf in line with Debian defaul.patch | (download)

tmpfiles.d/tmp.conf | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 bring tmpfiles.d/tmp.conf in line with debian defaults

Closes: #675422

debian/Make run lock tmpfs an API fs.patch | (download)

src/core/mount-setup.c | 2 2 + 0 - 0 !
tmpfiles.d/legacy.conf | 1 0 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 make /run/lock tmpfs an api fs

The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.

Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.

Closes: #751392

debian/Revert udev network device renaming immediately give.patch | (download)

src/udev/udev-event.c | 51 46 + 5 - 0 !
1 file changed, 46 insertions(+), 5 deletions(-)

 revert "udev: network device renaming - immediately give up if the
 target name isn't available"

This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.

We need to keep supporting systems with 75-persistent-net-generator.rules
generated names for a while after switching to net.ifnames. Re-apply this old
hack to make the renaming less likely to fail.

debian/Add support for TuxOnIce hibernation.patch | (download)

src/shared/sleep-config.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 add support for tuxonice hibernation

systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.

debian/Re enable journal forwarding to syslog.patch | (download)

man/journald.conf.xml | 2 1 + 1 - 0 !
src/journal/journald-server.c | 1 1 + 0 - 0 !
src/journal/journald.conf | 2 1 + 1 - 0 !
3 files changed, 3 insertions(+), 2 deletions(-)

 re-enable journal forwarding to syslog

Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See

  http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html

for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.