IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
ConfigParser.readfp() has been deprecated since Python 3.2 and was
dropped completely in Python 3.11.
(cherry picked from commit ba4a1cd8a863f65ff016be72e520c323aa1e1a6f)
(cherry picked from commit 7dc6cccc4b3b699ba36da31a410af91badd0f13a)
(cherry picked from commit 6700231d52fed06d90672c74814242527af96608)
For issue #28280.
(cherry picked from commit 86f6760038477e9e27ccea580f1b3b27328a98a7)
(cherry picked from commit f74337b7565348a9bd44baae27917b2a202dcf1a)
(cherry picked from commit 7cf1bc00b02010f7ad89c5804dfa81fd906e44c7)
This also drops the fallback for libacl, libcap, libcrypt, and libgcrypt,
as recent Ubuntu (at least, 20.04 LTS and newer) and Debian (at least, buster
and newer) have relevant .pc files.
Fixes#28161.
(cherry picked from commit d625f717db6e151fd78742593c35eaba4cd2841d)
(cherry picked from commit 49fa7736f7b9dd5518b96c7b4f072dccfc63abd6)
(cherry picked from commit 07b7b5a87e018a7b69718672b8563d34e6c7c48c)
quality_check_password() used to return the same value 0 in two
different cases: when pwq_allocate_context() failed with a
ERRNO_IS_NOT_SUPPORTED() code, and when pwquality_check() rejected the
password. As result, users of quality_check_password() used to report
password weakness also in case when the underlying library was not
available.
Fix this by changing quality_check_password() to forward the
ERRNO_IS_NOT_SUPPORTED() code to its callers, and change the callers
to handle this case gracefully.
(cherry picked from commit 7fc3f9c032cad0690c08fcdee190d83f1c7a6d53)
(cherry picked from commit 9ebacd3f726e0d34afc1fe0d53d82d463aefc9b3)
(cherry picked from commit 74b60f1238299ea7138aabce5a437bdba53cfa99)
Given that ERRNO_IS_*() also match positive values, call
ERRNO_IS_NOT_SUPPORTED() only if the value returned by
pwq_allocate_context() is negative.
(cherry picked from commit 29dd2e253c74c7ab2fed6fb6a67a87089197253f)
(cherry picked from commit ac531ec920275e4a655809cec530ef83cd8db2cc)
(cherry picked from commit c43fef1041315881990a2be853e57cb41791980b)
(cherry picked from commit 983d621e11b94e705bb017e8cad5b7d1442c03e5)
(cherry picked from commit e8731c0ef899bbc38aff2c4b92c9b62463685e31)
(cherry picked from commit bf159bbdf294038d4d06ce9456feafaca03d86d2)
Like fdisk_get_last_lba(), fdisk_partition_get_end() return the last
sector in the partition.
Fixes#28225.
(cherry picked from commit d2eb1f8145dee61c6bddfdcc5dac3591fa03f744)
(cherry picked from commit 2299ca13f9f95659dcd9476bb1138de6c8e5774b)
(cherry picked from commit b797bd189c1db15be2444f26e8594799afcd7dbe)
When the credential dir is backed by an fs that supports ACLs we must be
more careful with adjusting the 'x' bit of the directory, as any chmod()
call on the dir will reset the mask entry of the ACL entirely which we
don't want. Hence, do a manual set of ACL changes, that only add/drop
the 'x' bit but otherwise leave the ACL as it is.
This matters if we use tmpfs rather than ramfs to store credentials.
(cherry picked from commit f76ce81b91db1dac0d0a012e1cc903639002dd0a)
(cherry picked from commit ee3ed28f42605402873ca2169cfb4e6f3cbfbdf9)
(cherry picked from commit ef943b27cfa28e065aa642037e74903e610f265e)
The DBUS property setter overwrites the value of the property but
writes a drop-in that extends the value. Let's make sure the drop-in
overwrites the property value as well by assigning the empty string
first.
(cherry picked from commit 1dbccd6d342d9f8dd8d4a1617e0081b61a553ca8)
(cherry picked from commit 72d6e8912c6ac31297c7dd73e1377556bf6f866d)
(cherry picked from commit 4d2506a18485ecf00aa57726905ff6cb5d2c8a54)
When reexecuting system let's put our arguments carrying deserialization
info first followed by any existing arguments to make sure they get
parsed in case we get weird stuff from the kernel cmdline (like --).
See: https://github.com/systemd/systemd/issues/28184
(cherry picked from commit 06afda6b38d5d730fca3c65449096425933272bc)
(cherry picked from commit 884ab38057dca70b8779c85884f4646057e80921)
(cherry picked from commit 163be31d380fbdcb56ec06c09e81774840df90dc)
(cherry picked from commit 894f4417640286fa350203d70d858e11e261a3e0)
(cherry picked from commit c8c43dc3a73f3a183821b49a47cd259782629b80)
(cherry picked from commit 6ec548485d8ffa6a94b0bf41a12fadcba14a39a3)
Oracle Cloud sends malformed DHCPv6 replies that have an invalid
byte at the end, which cannot be parsed as an option code.
networkd currently can cope with the invalid option (it is ignored),
but the whole packet is ignored altogether because of the additional
null at the end.
It's better to be liberal in what we accept and actually assign an
address, given that the reply contains a valid IA_NA.
Fixes#28183.
(cherry picked from commit 81b7335912ce901c61b923218bcdf06a4fdcea07)
(cherry picked from commit a11a0011a8dea392f157407c144a2a54d8e1c223)
(cherry picked from commit 983f418d98b1a6de330a543dcd26d786e9d45246)
(cherry picked from commit cc8fdd5d307a620700d4729d74143ca434f0707c)
(cherry picked from commit f08c49b33e3ecba9f034dfd3e045b1ef455845a6)
(cherry picked from commit 75d007b618c6a84bc0d2f0912b5ef60eb09efdf0)
(Does not change a single word, just rebreaks a bunch of paragraphs
matching our current line breaking rules)
(cherry picked from commit fa1d34825a9b410275e716b9b70f4fca02c71ba9)
(cherry picked from commit ed87814cdf10581728ad56c8012a1141f5fda289)
(cherry picked from commit 4a54e90a123b370b359ffe972169f6b0d9c7a3eb)
So we're able to detect memory leaks in our NSS modules.
An example after introducing a memory leak in nss-myhostname.c:
testsuite-71.sh[2881]: =================================================================
testsuite-71.sh[2881]: ==2880==ERROR: LeakSanitizer: detected memory leaks
testsuite-71.sh[2881]: Direct leak of 2 byte(s) in 1 object(s) allocated from:
testsuite-71.sh[2881]: #0 0x7fa28907243b in strdup (/usr/lib64/libasan.so.8.0.0+0x7243b)
testsuite-71.sh[2881]: #1 0x7fa286a7bc10 in gethostname_full ../src/basic/hostname-util.c:67
testsuite-71.sh[2881]: #2 0x7fa286a74af9 in gethostname_malloc ../src/basic/hostname-util.h:24
testsuite-71.sh[2881]: #3 0x7fa286a756f4 in _nss_myhostname_gethostbyname4_r ../src/nss-myhostname/nss-myhostname.c:79
testsuite-71.sh[2881]: #4 0x7fa288f17588 in getaddrinfo (/lib64/libc.so.6+0xf4588)
testsuite-71.sh[2881]: #5 0x7fa2890a4d93 in __interceptor_getaddrinfo.part.0 (/usr/lib64/libasan.so.8.0.0+0xa4d93)
testsuite-71.sh[2881]: #6 0x55a54b2b7159 in ahosts_keys_int.part.0 (/usr/bin/getent.orig+0x4159)
testsuite-71.sh[2881]: SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
(cherry picked from commit 2b5e786005d8854600bb43335fd0c4067ce8da08)
(cherry picked from commit 5a29fbba6cdfdb098a9b1ed1ce60ecdbd62f12ac)
(cherry picked from commit 7d667e534151d174565c4b002951316d56f16247)
(cherry picked from commit 228459f5d7da200537895edf82260a79e6e99947)
(cherry picked from commit 178fe977637812735727d080617e8297759d1050)
(cherry picked from commit 746e52c0aef3b479d0e0d5b09dddce1d21932d7c)
Let's make sure that if we load one program we don't prematurely fail,
and continue with the others still.
(cherry picked from commit f81450f2415f8fd77fc8edb3b4baab966aefa9fd)
(cherry picked from commit 9e1e09066a1ada29f63d95d41a01044cd6ac1633)
(cherry picked from commit f84603fc2134990061026f2d08a50783ab7eaf7a)
(cherry picked from commit d512831a3ec93f6f29ccb21cb68f416114270840)
(cherry picked from commit 4592af1d7772390060eba9c75e62fb47a14d4648)
(cherry picked from commit 798e6da867a1749f662755ea1391a539efffa62a)
Prompted by #28015.
(cherry picked from commit 9f4522591e4be076bf309e23b9cec9dddfc99e29)
(cherry picked from commit 750a0c01a2c40b9168dc6211601a31032b89c2d9)
(cherry picked from commit 0f5c453e3fecccd02dd7bd27db349af06d750a53)
on Rawhide at the moment yum is a symlink to dnf5 which is a binary.
(cherry picked from commit 4b95d5effd788ae660691e01144130e432e2f021)
(cherry picked from commit 134e55ef49cd7c6f8b5ebc0a004c8812fe2372eb)
(cherry picked from commit 0fa562530d5c96c0ca00bb5a1e51925cd4c8807b)
The partition seems not to work on Ubuntu for some reason, use a
swap file instead
(cherry picked from commit f434f182ccfd17a214e4b07cec033318e6c4f7b2)
(cherry picked from commit 39459a5d8065ea5ce45dbca39561bd078d801aa0)
(cherry picked from commit 79bfbb0163bd587057e7d5af74b4c1ea97f2a1f4)
The test fails on my machine, running Debian stable, because
testsuite-55-testbloat.service just swaps and never goes over the
limit, so it's not killed. Use 'stress' instead which seems to be
able to overwhelm the swap too.
(cherry picked from commit 937e82cb7d82dbdbd287d82f4708f15d6032eb9f)
(cherry picked from commit 9654140f342df74b8572da1fa4d5969f3d9b4617)
(cherry picked from commit cad0dba2f824ebc26eb44f674955e3cfe9ef2e35)
(cherry picked from commit 191b891bf1b01c1041509b951d9d797ceacb181d)
(cherry picked from commit 69298e3b65b142a40800e3073a0dfbb59288eadf)
(cherry picked from commit 45a5ca8dc5812ed1dad2d7af78bbcd5c43dd8cd6)
(cherry picked from commit dc7e580e64a80e982619fb099ef736cd2379f92a)
(cherry picked from commit b9990ee4a73332b4254c0b24e2807919be0d7ea3)
(cherry picked from commit 140cb87e06798399c5f7a6fa97367f848f916cc4)
If the client never specified the address family, and IPv6 is off in the
kernel, then look only for A, never for AAAA RRs.
Fixes: #23951
(cherry picked from commit 0438aa57751559295fee86d1c1f176486e518455)
(cherry picked from commit 4e3ae43282c0ae47b6affad44554421f0c9b9b1f)
(cherry picked from commit d3763dafca3e4fa3def71096b306809897f042c5)
As hitting an ASan/UBSan error in PID1 results in a crash (and a kernel
panic when running under qemu), we usually lose the stack trace which
makes debugging quite painful. Let's mitigate this by forwarding the
stack trace to multiple places - namely to a file and the syslog.
(cherry picked from commit 88c98cb2614a2893ec2ae7197a1f234b579da7a7)
(cherry picked from commit 68c7905d9ca67548961be83812f76973995aaa0a)
(cherry picked from commit e58874f2e37269e9e451cba82d6438e111cb0766)
(cherry picked from commit 3965f173eae4701a014113cfaf4a28a6bb63bed7)
(cherry picked from commit d0b2fdd513fbb113b5d18fc5fa60f99ae9aa9093)
(cherry picked from commit 78b9ca34ec820b0aff65b9568dacaadfbc58b1fb)
(cherry picked from commit 3ef0103f2265a68e32847deaf84588c2fa711f3a)
(cherry picked from commit 36cf2b76a5f8b945b1ee1480ad442e213fce421b)
(cherry picked from commit 6ab62ade813cce957eb8b8fe17052774493bddcb)
These requests might come in during lookup floods very quickly, since
multiple worker processes might detect that things should be scaled up
at the same time. Hence, let's substantially raise the limit so that it
doesn't get hit in real-life scenarios and acts more like a safety net.
(cherry picked from commit c659d0f55ee5854e40dbaccc20ad0e8da176b271)
(cherry picked from commit 7906d46c5ed9e13ef0292946ced58bdcd897f553)
(cherry picked from commit 3f897557b6e8bf7916e4bbeed47eba88f1805ee0)
(cherry picked from commit 4638e18593bba844e063da1397e2d628c6ad469b)
(cherry picked from commit c0dbec1c9759a41ea254f168f02cf74402cff9f8)
(cherry picked from commit 40a447386f99cc456e98884ceafc51f2ef1cbe1b)
The function sd_id128_get_boot_app_specific is the app specific variant of
sd_id128_get_boot.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
(cherry picked from commit 173d47f7881137a5994a3e3b918169b6c759deaf)
(cherry picked from commit 3c891618b781d23a4aeb9ccee9590df2bb2da3cf)
(cherry picked from commit 08c8bb3acf07e53e7cce4cf871b671eb3e15e0dd)
Commit cd621954ed643c6ee0d869132293e26056a48826 probably forgot to fix the lua
implementation.
(cherry picked from commit e538927918fea3bae0cd1e78563d9b8983c56cea)
(cherry picked from commit 6b7970912bb20d9a8e3779466e8ced95cf8deb97)
(cherry picked from commit aa8abd40c1ad3773baabdb75e24d2eb00ee62b56)
Indeed when iterating over all the PT_LOAD segment of the core dump
while trying to look for the elf headers of a given module, we iterate
over them all and try to use the first one for which we can parse a
package metadata, but the start address is never taken into account,
so absolutely nothing guarantees we actually parse the right ELF header
of the right module we are currently iterating on.
This was tested like this:
- Create a core dump using sleep on a fedora 37 container, with an
explicit LD_PRELOAD of a library having a valid package metadata:
podman run -t -i --rm -v $(pwd):$(pwd) -w $(pwd) fedora:37 bash -x -c \
'LD_PRELOAD=libreadline.so.8 sleep 1000 & SLEEP_PID="$!" && sleep 1 && kill -11 "${SLEEP_PID}" && mv "core.${SLEEP_PID}" the-core'
- Then from a fedora 38 container with systemd installed, the resulting
core dump has been passed to systemd-coredump with and without this
patch. Without this patch, we get:
Module /usr/bin/sleep from rpm bash-5.2.15-3.fc38.x86_64
Module /usr/lib64/libtinfo.so.6.3 from rpm coreutils-9.1-8.fc37.x86_64
Module /usr/lib64/libc.so.6 from rpm coreutils-9.1-8.fc37.x86_64
Module /usr/lib64/libreadline.so.8.2 from rpm coreutils-9.1-8.fc37.x86_64
Module /usr/lib64/ld-linux-x86-64.so.2 from rpm coreutils-9.1-8.fc37.x86_64
While with this patch we get:
Module /usr/bin/sleep from rpm bash-5.2.15-3.fc38.x86_64
Module /usr/lib64/libtinfo.so.6.3 from rpm ncurses-6.3-5.20220501.fc37.x86_64
Module /usr/lib64/libreadline.so.8.2 from rpm readline-8.2-2.fc37.x86_64
So the parsed package metadata reported by systemd-coredump when the module
files are not found on the host (ie the case of crash inside a container) are
now correct. The inconsistency of the first module in the above example
(sleep is indeed not provided by the bash package) can be ignored as it
is a consequence of how this was tested.
In addition to this, this also fixes the performance issue of
systemd-coredump in case of the crashing process uses a large number of
shared libraries and having no package metadata, as reported in
https://sourceware.org/pipermail/elfutils-devel/2023q2/006225.html.
(cherry picked from commit 21a2c735e2bfdc3bfdc42f894d6e3d00f4a38dcd)
(cherry picked from commit 3be0f12277d33d37946532d8f09d8c9c10e893a4)
(cherry picked from commit 310722d3be79ddbbe034d258099716b764f043d8)
If we run in a container we should show info about the container, not
the host.
(cherry picked from commit e7932afe1bb91412c8ff26dba46513605199196e)
(cherry picked from commit 75e96639a6e56b51a7df50f7b4da6ac6caffba8b)
(cherry picked from commit a6f68be6490b160b5db5c9fc16fc62e309779229)
This reverts commit ff32060f2ed37b68dc26256b05e2e69013b0ecfe.
This change is incorrect as we don't want to mark the PID as invalid but
only mark it as dead.
The change in question also breaks user level socket activation for
`podman.service` as the termination of the main `podman system service`
process is not properly handled, causing any application accessing the
socket to hang.
This is because the user-level `podman.service` unit also hosts two
non-main processes: `rootlessport` and `rootlessport-child` which causes
the `cgroup_good` check to still succeed.
The original submitter of this commit is recommended to find another
more correct way to fix the cgroupsv1 issue on CentOS 8.
(cherry picked from commit f29f0877c5abfd03060838d1812ea6fdff3b0b37)
(cherry picked from commit 34e834f496338fdc2a8a8cc771cba4082079cf9a)
bus_wait_for_jobs_new() can fail for various reasons.
(cherry picked from commit b2544bb6e851dabdde106539ba14b86cf4cfa5cb)
(cherry picked from commit 620cab2d4c8223200616abfbbfe8348325e6fe9a)
(cherry picked from commit 6272d0506e6bdb98a6c380a236bef7623a66dbde)
(cherry picked from commit 730bdfed8173d508d4202b0bee957ab70b1e16a1)
(cherry picked from commit b16d01b484a418ec037ac15195cc502d7dadb084)
(cherry picked from commit 36ce0edc5033c0dd2417312ea0c2928a41d3eb88)
(cherry picked from commit 5811490a3f3802c3e4980efe0b7e2d3105d3c505)
(cherry picked from commit 07523a0ea4ba84b48fbc052c9c2bc882b0594cd0)
(cherry picked from commit 6c0712d79fed09b477c66f994ea25c430a97585e)
If the backing storage is LUKS2 on a block device, auto resize mode
is enabled, and disk size is not specified, resize the partition to
the maximum expandable size.
Fixes: #22255, #23967
(cherry picked from commit 5bfc4de6343905743d973834554b49cb60183481)
(cherry picked from commit d682e0975f56f0114a81d8fa7a8f94b0ad8a88a2)
(cherry picked from commit aca5356f6869bbf6a5d42d667bda1b8b6a2e941c)
Necessary (unfortunately) for curl on C8S.
(cherry picked from commit 033601b79ae00784bfaab9ea91fe70ecff83d645)
(cherry picked from commit aaa436c2d7dd9f35b030df46afd48482460ec50a)
(cherry picked from commit 54afbbe343b4dbc903707c63e1ef77481a4f7719)
When trying to log, if we fail we try to close the journal FD. If
it is bad, safe_close() will fail and assert, which will try to log,
which will fail, which will try to close the journal FD...
Infinite recursion looks very pretty live in gdb, but let's avoid
that by immediately invalidating the journal FD before closing it.
(cherry picked from commit 40cdb3b756abbeb66091b8e9f1a3d38308456828)
(cherry picked from commit 228bfcf041e89f09c798af864a93543f9d43ec05)
(cherry picked from commit f62c831ba704119194ecd6aabaaee0ecb8edf559)
(cherry picked from commit 6acbb3f2fb234d9903c15571472d95afee9d08c1)
(cherry picked from commit 3cbc30f3096aa880d57fd7f7a8960fa7f7958085)
(cherry picked from commit d0bdac53cb370f5d64cd271ee29314fc6b3d0ca6)
Make sure configuration is ephemeral if the image is reused
(cherry picked from commit 565b13f8b2895a2656fac677fe4ed3f6344e66b2)
(cherry picked from commit 622c1774508f3f1434b0b732860f76972460030f)
(cherry picked from commit 38677da70062e1440e2a1ddd8640ef9170f13584)
Otherwise, queries may be passed to unexpected DNS servers.
(cherry picked from commit 5063f027ef669a934133465b875fd68f0b4d6794)
(cherry picked from commit a1ea2159afd3f2c0cdd1f9edad8cbee9fffe1abe)
(cherry picked from commit 6ad5e86ff1637240b794203a7d3a7e68e2d492e7)
From changelog of dnsmasq v2.87:
====
Note in manpage the change in behaviour of -address. This behaviour
actually changed in v2.86, but was undocumented there. From 2.86 on,
(eg) --address=/example.com/1.2.3.4 ONLY applies to A queries. All other
types of query will be sent upstream. Pre 2.86, that would catch the
whole example.com domain and queries for other types would get
a local NODATA answer. The pre-2.86 behaviour is still available,
by configuring --address=/example.com/1.2.3.4 --local=/example.com/
====
(cherry picked from commit 55f9d72a5daa3d6f707878c0a50f856543c7de27)
(cherry picked from commit eff4610088526ead6a448195156d86033335755e)
(cherry picked from commit 3068157e3aae6397b158049da1a8cecf3f6feddd)
