1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

55680 Commits

Author SHA1 Message Date
Evgeny Vereshchagin
013de49db5 tests: ignore dbus-broker-launcher
There are memory leaks there https://github.com/bus1/dbus-broker/issues/289
and it crashes from time to time
https://github.com/matusmarhefka/dfuzzer/issues/20#issuecomment-1114097840
so let's just skip it by analogy with dbus-daemon to avoid
reports that have nothing to do with systemd itself.

It's kind of a part of https://github.com/systemd/systemd/pull/22547

(cherry picked from commit d0880faa5d)
2022-05-25 16:59:01 +02:00
Zbigniew Jędrzejewski-Szmek
95058a435e logind: fix crash in logind on user-specified message string
This is trivially exploitable (in the sense of causing a crash from SEGV) e.g.
by 'shutdown now "Message %s %s %n"'. The message is settable through polkit,
but is limited to auth_admin:

<action id="org.freedesktop.login1.set-wall-message">
         <description gettext-domain="systemd">Set a wall message</description>
         <message gettext-domain="systemd">Authentication is required to set a wall message</message>
         <defaults>
                <allow_any>auth_admin_keep</allow_any>
                <allow_inactive>auth_admin_keep</allow_inactive>
                <allow_active>auth_admin_keep</allow_active>
        </defaults>
</action>

Bug introduced in 9ef15026c0
('logind/systemctl: introduce SetWallMessage and --message', 2015-09-15).

Based on 0cb09bcb82.
2022-05-25 16:58:23 +02:00
Luca Boccassi
16b95a18e7 test: ignore LXC filesystem when checking for writable locations
test-execute checks that only /var/lib/private/waldo is writable, but there are
some filesystems that are always writable and excluded. Add /sys/devices/system/cpu
which is created by lxcfs.

Fixes https://github.com/systemd/systemd/issues/23263

(cherry picked from commit 646cba5c42)
2022-05-25 16:49:36 +02:00
Kazuo Moriwaka
767cd7c75b man: mention to Age parameter in C Type
(cherry picked from commit 4da5e566e7)
2022-05-25 16:49:03 +02:00
Kazuo Moriwaka
eadea065e7 add missing cleanup-age to quickref
(cherry picked from commit 6f310287db)
2022-05-25 16:48:57 +02:00
Zbigniew Jędrzejewski-Szmek
5fa1f78f71 shared/json: fix memleak in sort
(cherry picked from commit 99b1145aae)
2022-05-25 16:48:30 +02:00
Zbigniew Jędrzejewski-Szmek
dcd7dfa520 shared/json: fix another memleak in normalization
(cherry picked from commit 3b6ce05537)
2022-05-25 16:48:26 +02:00
Zbigniew Jędrzejewski-Szmek
e0241a05d2 shared/json: reduce scope of variables
(cherry picked from commit a4669764f7)
2022-05-25 16:48:20 +02:00
Zbigniew Jędrzejewski-Szmek
ec354e792a shared/json: add helper to ref first, unref second
This normally wouldn't happen, but if some of those places were called
with lhs and rhs being the same object, we could unref the last ref first,
and then try to take the ref again. It's easier to be safe, and with the
helper we save some lines too.

(cherry picked from commit ce913e0ec4)
2022-05-25 16:47:12 +02:00
Zbigniew Jędrzejewski-Szmek
f9029ca7d5 networkctl: open the bus just once
We'd connect to the bus twice: the first time to check networkd namespace,
and then the second time to do the deed we were asked to do. It's nicer
to open the bus just once, for efficience and also to avoid the open call
in all functions.

An ASSERT_PTR helper is added:
- sd_bus *bus = userdata;
  ...
- assert(bus);
+ sd_bus *bus = ASSERT_PTR(userdata);
  ...

It can be used in other place too, but I'm leaving that for a later
refactoring.

(cherry picked from commit d821e40ca9)
2022-05-25 16:47:12 +02:00
Zbigniew Jędrzejewski-Szmek
c1dbf637d7 shared/json: fix memory leak on failed normalization
We need to increase the counter immediately after taking the ref,
otherwise we may not unref it properly if we fail before incrementing.

(cherry picked from commit 7e4be6a584)
2022-05-25 16:44:19 +02:00
Zbigniew Jędrzejewski-Szmek
18b3b28e38 shared/calendarspec: fix formatting of entries which collapse to a star
We canonicalize repeats that cover the whole range: "0:0:0/1" → "0:0:*".  But
we'd also do "0:0:0/1,0" → "0:0:*,0", which we then refuse to parse.  Thus,
first go throug the whole chain, and print a '*' and nothing else if any of the
components covers the whole range.

(cherry picked from commit 8e1e59b9ad)
2022-05-25 16:43:58 +02:00
Zbigniew Jędrzejewski-Szmek
e5cb0c072d shared/calendarspec: fix printing of second ranges which start with 0
0..3 is not the same as 0..infinity, we need to check both ends of the range.
This logic was added in 3215e35c40, and back then
the field was called .value. .stop was added later and apparently wasn't taken
into account here.

(cherry picked from commit 3aff2ae9d5)
2022-05-25 16:43:37 +02:00
Yu Watanabe
38410e13ec core/timer: fix potential use-after-free
(cherry picked from commit 756491af39)
2022-05-25 16:42:51 +02:00
Yu Watanabe
82362b16ac core/timer: fix memleak
Fixes #23326.

(cherry picked from commit d3ab7b8078)
2022-05-25 16:42:47 +02:00
Frantisek Sumsal
66784467a3 core: annotate Reexecute() as NoReply
So we're able to tell from the introspection data that the method
doesn't reply.

(cherry picked from commit 624f685fe8)
2022-05-25 16:42:33 +02:00
Lennart Poettering
7670af4add socket-util: don't reference field by macro parameter name
Let's avoid ambigituies here. (Interesting that the current users
compiled at all, in fact)

(cherry picked from commit b501e42e71)
2022-05-25 16:42:18 +02:00
Yu Watanabe
4617bad0a3 core/slice: make slice_freezer_action() return 0 if freezing state is unchanged
Fixes #23278.

(cherry picked from commit d171e72e7a)
2022-05-25 16:42:09 +02:00
Lennart Poettering
1ebbd665ea test: JSON_BUILD_REAL nowadays expects 'double', not 'long double'
Follow-up for 337712e777, aka "the great
un-long-double-ification of 2021".

(cherry picked from commit f9a1fd2a3b)
2022-05-25 16:41:27 +02:00
Daan De Meyer
5f82701d48 shared: Fix memory leak in bus_append_execute_property()
Fixes #23317

(cherry picked from commit 2aaf6d407e)
2022-05-25 16:41:11 +02:00
Zbigniew Jędrzejewski-Szmek
760881f8e8 shared/bootspec: add missing terminator to table
(cherry picked from commit d4f72d104f)
2022-05-25 16:40:45 +02:00
Zbigniew Jędrzejewski-Szmek
412b89a6e8 shared/bootspec: avoid crashing on config without a value
(cherry picked from commit b6bd2562eb)
2022-05-25 16:40:19 +02:00
Yu Watanabe
3daae87857 core/unit: fix use-after-free
Fixes #23312.

(cherry picked from commit 734582830b)
2022-05-25 16:39:39 +02:00
Yu Watanabe
1a48a63a4e bash-completion: resolvectl: add missing options and verb
(cherry picked from commit 4e5f4733c5)
2022-05-25 16:39:32 +02:00
Daan De Meyer
15c596800b basic: Add some missing headers to compress.h
(cherry picked from commit 746ea80b77)
2022-05-25 16:33:57 +02:00
Matthijs van Duin
0aaceca2d0 Fix placement of TTL TLV in LLDP transmit
The LLDP spec (IEEE 802.1AB) requires the three mandatory TLVs (Chassis
ID, Port ID, and TTL) to be the first three TLVs in the packet, in that
specific order, whereas systemd put the TTL near the end of the packet.

This violation caused the ethernet switch in our office to discard these
packets as malformed, and Wireshark's packet parser also chokes on them.

(cherry picked from commit b0221bb6a4)
2022-05-25 16:33:52 +02:00
Evgeny Vereshchagin
71d2356edf timedatectl: fix a memory leak
```
timedatectl list-timezones --no-pager
...
==164329==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 8192 byte(s) in 1 object(s) allocated from:
    #0 0x7fe8a74b6f8c in reallocarray (/lib64/libasan.so.6+0xaef8c)
    #1 0x7fe8a63485dc in strv_push ../src/basic/strv.c:419
    #2 0x7fe8a6349419 in strv_consume ../src/basic/strv.c:490
    #3 0x7fe8a634958d in strv_extend ../src/basic/strv.c:542
    #4 0x7fe8a643d787 in bus_message_read_strv_extend ../src/libsystemd/sd-bus/bus-message.c:5606
    #5 0x7fe8a643db9d in sd_bus_message_read_strv ../src/libsystemd/sd-bus/bus-message.c:5628
    #6 0x4085fb in list_timezones ../src/timedate/timedatectl.c:314
    #7 0x7fe8a61ef3e1 in dispatch_verb ../src/shared/verbs.c:103
    #8 0x410f91 in timedatectl_main ../src/timedate/timedatectl.c:1025
    #9 0x41111c in run ../src/timedate/timedatectl.c:1043
    #10 0x411242 in main ../src/timedate/timedatectl.c:1046
    #11 0x7fe8a489df1f in __libc_start_call_main (/lib64/libc.so.6+0x40f1f)
```

(cherry picked from commit a2e37d5231)
2022-05-25 16:33:44 +02:00
Yu Watanabe
a5f4849165 man/networkctl: mention initialized state
Closes #23262.

(cherry picked from commit c322cfafba)
2022-05-25 16:33:10 +02:00
Yu Watanabe
5e069e405a sd-lldp: use memcpy_safe() as the buffer size may be zero
(cherry picked from commit 87bd4b79e6)
2022-05-25 16:33:10 +02:00
Yu Watanabe
073eba2319 sd-ndisc: drop unused function
(cherry picked from commit 9a44966e63)
2022-05-25 16:33:10 +02:00
Yu Watanabe
d30d6d8166 libsystemd-network: refuse too large raw_size
Closes #23258.

(cherry picked from commit 4e88a46bfe)
2022-05-25 16:33:10 +02:00
Lennart Poettering
7ccaf3a5df man: document that systemd-fstab-generator actually cares about roothash=/usrhash= on the kernel cmdline
It doesn't really care about the hash value passed (which is processed
by systemd-veritysetup-generator), but it does care about the fact that
it is set (and mounts the DM nodes /dev/mapper/usr + /dev/mapper/root in
that case).

(cherry picked from commit ba4b74cbc7)
2022-05-25 16:33:10 +02:00
Yu Watanabe
a2a0b93574 login: drop non-default value for RuntimeDirectoryInodesMax=
(cherry picked from commit 0bc055cf52)
2022-05-25 16:26:00 +02:00
Yu Watanabe
e0de3d1920 login: make RuntimeDirectoryInodesMax= support K, G, M suffixes
Fixes #23017.

(cherry picked from commit 08a767f1e0)
2022-05-25 16:25:54 +02:00
Zbigniew Jędrzejewski-Szmek
fc589e5a8e oomd: actually fail if configuration is bad
Follow-up for a858355e4a.

(cherry picked from commit c0a96b1b1d)
2022-05-25 16:24:48 +02:00
Jan Janssen
73be964391 bus: Use OrderedSet for introspection
Otherwise, the generated xml files are not reproducible.

(cherry picked from commit acac88340a)
2022-05-12 17:25:59 +01:00
Luca Boccassi
6ce475733a mkosi: add shadow package to SUSE Tumbleweed
[1958/1958] Generating export-dbus-interfaces with a custom command
/root/mkosi.build: line 70: groupadd: command not found

(cherry picked from commit 37b7eef35d)
2022-05-13 01:06:18 +09:00
Luca Boccassi
6d380ae604 networkd-test: lazy umount tmp directories
In Semaphore CI, for some reason, /run/systemd/resolve is busy so the umount
fails at the end of the test run:

Verify link states with Unmanaged= settings, cold-plug. ... umount: /run/systemd/resolve: target is busy.14:57
ok14:57
ERROR14:57
======================================================================14:57
ERROR: tearDownModule (__main__)14:57
----------------------------------------------------------------------14:57
Traceback (most recent call last):14:57
  File /tmp/autopkgtest-lxc.6islza9t/downtmp/build.A9b/src/test/networkd-test.py, line 94, in tearDownModule14:57
    subprocess.check_call([umount, d])14:57
  File /usr/lib/python3.9/subprocess.py, line 373, in check_call14:57
    raise CalledProcessError(retcode, cmd)14:57
subprocess.CalledProcessError: Command '['umount', '/run/systemd/resolve']' returned non-zero exit status 32.14:57
----------------------------------------------------------------------14:58
Ran 35 tests in 138.868s14:58
FAILED (errors=1, skipped=2)

Use lazy umount to avoid erroring out.

(cherry picked from commit 471cac19a6)
2022-04-29 00:13:13 +01:00
Luca Boccassi
8ed918d4e5 semaphoreci: move runner from Bionic to Focal
(cherry picked from commit 16ae198485)
2022-04-29 00:13:13 +01:00
Luca Boccassi
c1c73c64ea semaphoreci: speed up package installation
Disable updating the manpage database, and use dpkg's unsafe-io flag

(cherry picked from commit b6529646e7)
2022-04-29 00:13:13 +01:00
Luca Boccassi
1bf61b5570 semaphoreci: run dhclient manually on setup
For some reason the guest container stopped having its
network interface configured. Run the dhcp client manually.

(cherry picked from commit 9a6260b194)
2022-04-29 00:13:13 +01:00
Luca Boccassi
b3b66a7a0e semaphoreci: check keys.opengpgp.org first
Always resolves and it's faster than the others

+ for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com"
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 1
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 4
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 9
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 16
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 25
+ for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com"
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 1
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 4
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 9
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 16
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.gnupg.net
Setting up the GPG keyring
ERROR: Unable to fetch GPG key from keyserver
lxc-create: bullseye-amd64: lxccontainer.c: create_run_template: 1617 Failed to create container from template
lxc-create: bullseye-amd64: tools/lxc_create.c: main: 327 Failed to create container bullseye-amd64
+ sleep 25
+ for keyserver in "" "keys.gnupg.net" "keys.openpgp.org" "keyserver.ubuntu.com"
+ for retry in {1..5}
+ sudo lxc-create -n bullseye-amd64 -t download -- -d debian -r bullseye -a amd64 --keyserver keys.openpgp.org
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs

(cherry picked from commit 93de997d12)
2022-04-29 00:13:13 +01:00
Zbigniew Jędrzejewski-Szmek
4a31fa2fb0 hwdb: run "update-hwdb-autosuspend" 2022-04-28 19:42:25 +02:00
Zbigniew Jędrzejewski-Szmek
e92e2d0e3b hwdb: run "update-hwdb" 2022-04-28 19:41:59 +02:00
Lennart Poettering
e1e4395775 hwdb: make sure "ninja update-hwdb" works on f35
let's restore compatibility with pyparsing from fedora 35, i.e.:

python3-pyparsing-2.4.7-9.fc35.noarch

(cherry picked from commit 133a000369)
2022-04-28 19:39:08 +02:00
Zbigniew Jędrzejewski-Szmek
1fe496fc3b hwdb: fix parser to work with newer pyparsing
The handling of whitespace in pyparsing is a bother. There's some
global state, and per-element state, and it's hard to get a handle on
things. With python3-pyparsing-2.4.7-10.fc36.noarch the grammar would
not match. After handling of tabs was fixed to not accept duplicate tabs,
the grammar passes.

It seems that the entry for usb:v8087p8087*
was generated incorrectly because we treated the interface line
(with two TABs) as a device line (with one TAB).

(cherry picked from commit f73d689587)
2022-04-28 19:39:01 +02:00
Zbigniew Jędrzejewski-Szmek
32e7c65372 manager: prohibit clone3() in seccomp filters
RestrictNamespaces should block clone3() like flatpak:
a10f52a756

clone3() passes arguments in a structure referenced by a pointer, so we can't
filter on the flags as with clone(). Let's disallow the whole function call.

(cherry picked from commit 30193fe817)
2022-04-28 19:05:30 +02:00
Luca Boccassi
45335a3eed nspawn: fix --ephemeral with --machine
Follow-up for 2362fdde1b

When --machine is specified with --ephemeral, no random suffix is added, so
the recently added assert would fail.

Add a top-level variable with the expected file name for nspawn files, and
compute it when the rest of the names are computed.

(cherry picked from commit 3603f15171)
2022-04-28 19:04:34 +02:00
Luca Boccassi
79b86adcbd nspawn: fix locating config files with --ephemeral
When --ephemeral is used, a random 16 characters suffix is added to the image
name, so matching on .nspawn files based on the image name no longer works.

Fixes https://github.com/systemd/systemd/issues/13297

(cherry picked from commit 2362fdde1b)
2022-04-28 19:03:35 +02:00
Yu Watanabe
c202d402d9 resolve: fix typo in dns_class_is_pseudo()
(cherry picked from commit 98e5a6c93c)
2022-04-28 19:00:46 +02:00