IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
dns_resource_record_copy() assumes that NSEC types bitmap is non-empty
which results in a null pointer dereference inside bitmap_copy() in some
cases. Fix this by calling bitmap_copy() conditionally.
(cherry picked from commit 1f00a50c695fe3b55dee38fbd02a902a6c703c87)
(cherry picked from commit fc7be6db131a5062dde76ee7857c2f91e1c402cb)
(cherry picked from commit 3422b16ef9a85ab0a31558a68db67f148961d4a1)
We checked the wrong field, which was always NULL here, so we would always
reject the assignment. We would also print the wrong string in the error
message:
$ sudo systemd-run --socket-property ListenFIFO=/tmp/fifo3 cat
Failed to start transient socket unit: Invalid socket path: FIFO
(cherry picked from commit aeecab3804aae973577f36880af4b7799e4eb7d5)
(cherry picked from commit 78fb13b38572f6649f1e9822ef6acb8ca4952c12)
(cherry picked from commit 7bdc7ff0bb2d1dde1a81b2cbc76e424d1c50b7aa)
Only treat interface names containing dots specially when resolvectl is
pretending to be resolvconf to fix
https://github.com/systemd/systemd/issues/20014 .
Move the special suffix-stripping behaviour of ifname_mangle out to the
new ifname_resolvconf_mangle to be called from resolvconf only.
(cherry picked from commit 7875170f01991a1d28cfe284cc7075630cd69055)
(cherry picked from commit 6ec5680beaa8df4b4b87e9aa614d29561c0e98fe)
(cherry picked from commit 0d18f706a3816464053003b706bb6b2c27de12d1)
(cherry picked from commit 0c651d32d49e66ea0152eea5e65dd19fe01e7a06)
(cherry picked from commit b6811758288fd53266028885d46f5a5f7d8c49a7)
(cherry picked from commit 7ebb0f11eaae93cbf54af40d66a6cab36ba29d72)
(cherry picked from commit 6abd991c718dbc1480ab7e71103a8b3e886bd3a3)
(cherry picked from commit 3dabd7f816fa0465c08745ce76f459c4c2a7c3d5)
(cherry picked from commit 912ae8fa70888747273d7226e9cc9a22c962dd8f)
This makes DHCP client ignore FORCERENEW requests, as unauthenticated
FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529).
Let's re-enable this after RFC3118 (Authentication for DHCP Messages)
and/or RFC6704 (Forcerenew Nonce Authentication) are implemented.
Fixes#16774.
(cherry picked from commit 38e980a6a5a3442c2f48b1f827284388096d8ca5)
(cherry picked from commit 3ec1234d1e3195849088b2a3c70fbdefebeadc35)
(cherry picked from commit f53d610144ca729a7e727fc6d3e86e3a4a2a53ed)
(cherry picked from commit 6a0667d2b6f05682c2ced1b53132274049b9ea5c)
(cherry picked from commit 0aed618942b0bcc5946d15c91f3518fc5024789a)
(cherry picked from commit b9b3d623fc919757d48f89394c0c325355eefde9)
format_timestamp_relative currently returns the plural form of
years and months no matter the quantity, and in many cases (for
durations > 1 week) this is the same with days.
This patch changes this so that the function takes the quantity into account,
returning "1 month 1 week ago" instead of "1 months 1 weeks ago".
(cherry picked from commit 45eb4d2261ed0d943fd503a6d79ee3b7b7558c09)
(cherry picked from commit e74329ce9fa7ccb025960f9b220dff9e556a80e5)
(cherry picked from commit f3f4ace8ea15ada14495a92b24e207769955b1e5)
Cgroups may be unnecessarily realized when they are not needed. This
happens, e.g. for mount units parsed from /proc/$PID/mountinfo, check
touch /run/ns_mount
unshare -n sh -c "mount --bind /proc/self/ns/net /run/ns_mount"
# no cgroup exists
file /sys/fs/cgroup/system.slice/run-ns_mount.mount
systemctl daemon-reload
# the vain cgroup exists
file /sys/fs/cgroup/system.slice/run-ns_mount.mount
. (Such cgroups can account to a large number with many similar mounts.)
The code already accounts for "lazy" realization (see various checks for
Unit.cgroup_realized) but the unit_deserialize() in the reload/reexec
path performs unconditional realization.
Invalidate (and queue) the units for realization only if we know that
they were already realized in the past. This is a safe thing to do even
in the case the reload brings some new cgroup setting (controllers, BPF)
because units that aren't realized will use the updated setting when the
time for their realization comes. (It's not even needed to add a code
comment because the current formulation suggests the changed behavior.)
(cherry picked from commit cc815b7fea0ade5331e8dd22ef6b5183edb77608)
(cherry picked from commit 94f501805db8b272fd2d8d2c4eab0c5291db50e0)
(cherry picked from commit 8712fc5a181d1453840014d765c20c45dbf83b5f)
(cherry picked from commit 9dfb429a44b0c7e4c50f35f888ac8ba3c677a994)
(cherry picked from commit 9f7274055762c8ab31248489e7236c1a51154f62)
(cherry picked from commit 79f50bd61696e41fc45f31996ccafa2d7844cd81)
(cherry picked from commit 3c3335c7146a43137c46acfa18417cca101cb088)
(cherry picked from commit 12600fdc423c0d06906204795230314d5dbfde82)
(cherry picked from commit aed5fb1dc7688bb1cc24d9845140782bcf554ba5)
When suppressing duplicate fields between files we so far tried to reuse
the already known hash value of the data fields between files. This was
fine as long as we used the same hash function everywhere. However,
since addition of the keyed hash feature for journal files this doesn't
work anymore, since the hashes will be different for different files.
Fixes: #19172
(cherry picked from commit 2e1a8a5dab8b5519c079c9bed54fc682aa4095b0)
(cherry picked from commit d804bcadcb448879f31c32363970d9b70b742b9a)
(cherry picked from commit 0f110a75efb789d131ec96cbc4967b7fb1b1d628)
(cherry picked from commit d8671b1c6f036ce270b9631973314e7de24e74b1)
(cherry picked from commit 84e1819ec104a168f7904134b6212669133c955f)
(cherry picked from commit 03af9b1476ff56c67cb84d14927f1ac7b1a534e3)
(cherry picked from commit 34254e599a28529bdb89f91571adeaf7c76d9f43)
(cherry picked from commit daaf9273294f133ab9c970b3172608686de6f86a)
(cherry picked from commit e2950d261dd45fa039ed8f305bf869d65a966cec)
Otherwise, if a socket address is duplicated, then the previous fd is
closed.
Fixes#19843.
(cherry picked from commit 3da0caf5bbf3c8cab716c4d7adf0eb25907dc951)
(cherry picked from commit 11acee8a00f1e04952f86088078041849d8f9819)
(cherry picked from commit 1f5600df9cf5c3dcd4b4ff822e2de916d137e5e2)
(cherry picked from commit d27e6aee5050da17bc9531fb62ac11aba4b15ceb)
(cherry picked from commit 98af14bf53e0aeebf9d88b8f1c202a31ae7bb753)
(cherry picked from commit e8e2c93ed92b6cace68a4fd46bb6d6404a4f1353)
This is currently our only .automount unit. We wouldn't want to trigger it
accidentally during shutdown, so let's stop it too.
(cherry picked from commit dc16846c26287fd2081eb3c4a73487c9b186e2b7)
(cherry picked from commit b1ce5653fac2766c4b4a070fec2126f211d49efa)
(cherry picked from commit 9a8023994ef873dcb2f27ce0a00f7ac9e5248fc2)
We support that tmp.mount being masked, and this should not be considered an
error.
(cherry picked from commit b2c7d1bbc2243a425d9b825859bbd0647eecd050)
(cherry picked from commit 6a3a8c70686ab6da80dd87d0bd816a8c18980b71)
(cherry picked from commit 8d8b959cd418f1f91550c7ff5578bfc5af16dbd0)
With the previous commit, we would not complain about the not-found path, but
the check is still not useful. We use a libc function to resolve the glob, and
it has no notion of treating autofs specially. So we can't avoid touching
autofs when resolving globs. But usually the glob is found in the last
component of the path, so if we strip the glob part, we can still do a useful
check in many cases. (E.g. if /var/tmp is on autofs, something like
"/var/tmp/<glob>" is much more likely than "/var/<glob-that-matches-tmp>/<something>".)
With the system config in F34, we check the following prefixes:
/var/tmp/abrt/* → /var/tmp/abrt/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/tmp/podman-run-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/containers-user-* → /tmp/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/abrt/* → /var/tmp/abrt/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/tmp/podman-run-* → /tmp/
/tmp/containers-user-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
(cherry picked from commit bd6d28f21ad212e141b5e74bd0b7ad517f64a711)
(cherry picked from commit 399a00be3536cb5fbf3f96058c2a88a2a634d466)
(cherry picked from commit 4a78d0a80fe0eaf8bc0d6579ef96bb31e6afaf48)
(cherry picked from commit 1e472a6ce4747a1f10954fb239df73580c8e7411)
(cherry picked from commit 82fcf663cf2cec519185330964c9fdee956047d8)
(cherry picked from commit ae2ff72e34bf21d3d3e70dbfbe585470d18912ed)
systemd-tmpfiles[328]: Failed to determine whether '/run/cryptsetup' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/etc/resolv.conf' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/lock/subsys' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/setrans' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/console' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/faillock' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/sepermit' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/motd.d' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/motd.d' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/motd' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/run/nologin' is below autofs, ignoring: No such file or directory
systemd-tmpfiles[328]: Failed to determine whether '/var/lib/systemd/pstore' is below autofs, ignoring: No such file or directory
... and so on and so on.
(cherry picked from commit 16eff8271b402f2705d4329fa4cf5a0435e65996)
(cherry picked from commit a2861e9b9c60bb697854a1aa317c0c365204aab1)
(cherry picked from commit eafd9394b0d4ad6bf5b72f2959a0c54e319189e5)
This mimics what we do for device units: if there's a device we cannot
synthesize a good swap unit name for, then proceed without failure.
(cherry picked from commit e82c6e8b6230b237c838f053d52baa3297668eaa)
(cherry picked from commit 5fbb002c65c5dbfb9e789caf3bea1dc6e63ee7ae)
(cherry picked from commit 0049b74fb7eeb275992f6a129d90fff82b7f3a9f)
This basically does what 2c905207db37c691d4abef868165ad5ea2dd0f4f did
for mount units
Fixes: #16161
(cherry picked from commit ad172d19d5ef8b5a3631a8484cc3d1a28dba26c2)
(cherry picked from commit 7f035c549fdc0660431d48f1f7dcb7fc41bad22c)
(cherry picked from commit 8a20311c6d145b0d6738a54d827b9df0b34f187e)
This reverts 72dc626b3d6905b105ae61ca2c60f51a6f74070e and replace glibc
specific macros with compiler's pre-defined macros.
(cherry picked from commit ffc36c276c47a9b3f21e83947090f11039628676)
(cherry picked from commit cab22cae2addcbfaa42621440bd7cb4b1a56c84f)
(cherry picked from commit 1733a1fbb6aa30531445145f2b0e761c8363ba7d)
The value is set dynamically when sd_device_get_subsystem() is called
first time.
Fixes the following issue:
```
$ build/udevadm test /sys/class/block/dm-1
...
Assertion '_subsystem' failed at src/libsystemd/sd-device/sd-device.c:767, function device_set_subsystem(). Aborting.
Program received signal SIGABRT, Aborted.
```
(cherry picked from commit 2255e8adee37c490bf8cf2daab791b6f746bb0a0)
(cherry picked from commit 93cf1abc60b774eb5c19e327a2079f67e80011df)
(cherry picked from commit 5930ef617350614df5cb71df8c66c54b0b2fa74a)
I always found this a bit annoying.
With the patch:
$ SYSTEMD_LOG_LEVEL=debug build/udevadm test /sys/class/block/dm-1
...
Loaded timestamp for '/etc/systemd/network'.
Loaded timestamp for '/usr/lib/systemd/network'.
Parsed configuration file /usr/lib/systemd/network/99-default.link
Parsed configuration file /etc/systemd/network/10-eth0.link
Created link configuration context.
Loaded timestamp for '/etc/udev/rules.d'.
Loaded timestamp for '/usr/lib/udev/rules.d'.
...
(cherry picked from commit 0d5a24beaedb161d4f7fe07361d2a5abdbd6e736)
(cherry picked from commit 688b311f5c6c0b20a3811f6a135bf87e11f36502)
(cherry picked from commit c2592a1b81eade894c28dbe874c0ca3d4cb81002)
We had:
systemd[1]: varlink-36: New incoming message: {"method":"io.systemd.UserDatabase.GetMemberships","parameters":{"userName":"gdm","service":"io.systemd.DynamicUser"},"more":true}
systemd[1]: varlink-36: varlink: changing state idle-server → processing-method-more
systemd[1]: varlink-36: Sending message: {"error":"io.systemd.UserDatabase.NoRecordFound","parameters":{}}
systemd[1]: varlink-36: varlink: changing state processing-method-more → processed-method
systemd[1]: varlink-36: varlink: changing state processed-method → idle-server
systemd[1]: varlink-36: Got POLLHUP from socket.
systemd[1]: varlink-36: varlink: changing state idle-server → pending-disconnect
systemd[1]: varlink-36: varlink: changing state pending-disconnect → processing-disconnect
systemd[1]: varlink-36: varlink: changing state processing-disconnect → disconnected
So let's drop the "varlink:" prefix and use capitalized sentences like in other messages.
(cherry picked from commit 953394e3bb1f1ead3c1d80237b97b71835b0755a)
(cherry picked from commit 780768328a755057f955f36bac56e1da01e090f0)
(cherry picked from commit b80573f32b6c2c63e3f159d444c1b607401ae695)
For new connections, we log something like this:
systemd[1]: n/a: New incoming connection.
systemd[1]: n/a: Connections of user 997: 0 (of 1024 max)
systemd[1]: varlink-22: varlink: setting state idle-server
systemd[1]: varlink-22: New incoming message: ...
This "n/a" is not very pretty, and without context it would be hard to even
figure out this is a varlink connection.
(cherry picked from commit f35e9b101d80c05d5a5eaece6e62e8eeb5743691)
(cherry picked from commit b5691dd6f83d99e0588532940c1c24e5647662f7)
(cherry picked from commit f6203648f2e1231549da61ba63a3c92b398411b4)
See #19788.
(cherry picked from commit 6be1feb1d7e30c0e7591121b74d4c3c7079de6b3)
(cherry picked from commit b4ad8b418f65e8fbe8719344415758e6e62602f6)
(cherry picked from commit 20d8495281acfe0f202bb2fed0e1acb3e0d7438d)
The macro __BYTE_ORDER__ is defined in endian.h.
(cherry picked from commit 72dc626b3d6905b105ae61ca2c60f51a6f74070e)
(cherry picked from commit 326e3ae2af0254c0d489ee053610fbbdc60a1f8b)
(cherry picked from commit cebb255e6afec63bcd6ba9ec1d2c9718b54ffc8a)
This is prompted by #17684: let's very explicitly say that the name is
too long for us, and that we'll ignore it.
(cherry picked from commit 3ebc9b9b30b04a3aeec55a11022b337ec5fdb5cf)
(cherry picked from commit 264f179b692843fbb5de2e111b85e6e8bb837e68)
(cherry picked from commit 71b879ad15cbd5d76d1006cce44757de780165cd)
(cherry picked from commit 598a6a8491abd311d36b11caf262123fbbffb2c0)
(cherry picked from commit f564342089ab56e44bf7240d19b860f2ed003e58)
(cherry picked from commit ed9ab6a264d3dfb344b233e32269d46ae83f75d3)
(cherry picked from commit 9d5acfab20c5f1177d877d0bec18063c0a6c5929)
(cherry picked from commit 1579dce2c2a162bb09afb9a8a46fd4f7e8fbf1d5)
(cherry picked from commit 0488b743e9c6ab1e885933eebda4ba9232003a2a)
Without this parameter, we would allow user@ to start if the user
has no password (i.e. the password is "locked"). But when the user does have a password,
and it is marked as expired, we would refuse to start the service.
There are other authentication mechanisms and we should not tie this service to
the password state.
The documented way to disable an *account* is to call 'chage -E0'. With a disabled
account, user@.service will still refuse to start:
systemd[16598]: PAM failed: User account has expired
systemd[16598]: PAM failed: User account has expired
systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted
systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM
systemd[1]: user@1005.service: Failed with result 'exit-code'.
systemd[1]: Failed to start user@1005.service.
systemd[1]: Stopping user-runtime-dir@1005.service...
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1961746.
(cherry picked from commit 71889176e4372b443018584c3520c1ff3efe2711)
(cherry picked from commit 0af5a8921f6019dc35057482711f0fbe347b0c06)
(cherry picked from commit 050dd460e83ca10b56b11533a60b6a5f40d42203)
This fixes a bug introduced by e8630e695232bdfcd16b55f3faafb4329c961104.
Fixes CID#1453292.
(cherry picked from commit 7f1238bd04000f3333e8e2fcb82c9c6e18ee3ffc)
(cherry picked from commit 218117da2a8b4f1eccfc61353fdbe01219696378)
(cherry picked from commit 5c86f9e0381dadc06650492cd68b28ed800d376d)
(cherry picked from commit fb906b00c68e34b8692e207a658bcfa3df62456c)
(cherry picked from commit 2aefb7beff0601c8785625784ace2f0d93214321)
(cherry picked from commit 6eeeaa533ad4aa86540af2abb79798c45f05370d)
(cherry picked from commit 1d406dceb769da2123417e6a06c85a99ebead7b1)
(cherry picked from commit 409c6a89e475e05776003cd43cb032050b6efa1e)
(cherry picked from commit ff298cffcce97c8976a0912ec518a7ffbc6425e2)
The manpage says that exiting 77 is the same as exiting 0,
then skipping all other hooks, but the behaviour heretofor
was to exit 0, skip all, and behave as if all hooks exited 0
(cherry picked from commit 44230fa2b050d63fce49b4bfbbb93c42940754cc)
(cherry picked from commit 954f6ae49a6dc8a7994ff7ca3c86551a8748c2d1)
(cherry picked from commit 68ccbef7f0c6b6a81e5d8ad21f1ab9618e3000c5)
Add quotes around use of $env{MODALIAS} in rules.d/80-drivers.rules. The
modalias can contain whitespace, for example when it is dynamically generated
using device or vendor IDs.
(cherry picked from commit 07c0e5eeaf3183963f4d680555d2289a33735d6e)
(cherry picked from commit 1151d6f55dd5cc4925a52e0faeca98963114df9b)
(cherry picked from commit 219710d990e5ea8add3819aa239e15d13e518b04)
If the journal file being processed is archivied, seqnum_id will not be
initialized before being passed on, and coverity complains.
Initialize it to zero.
CID #1453235
(cherry picked from commit 06a368e8198a9cbfad86ba17bba6a76a33f15492)
(cherry picked from commit b97c113704056c386574c047928e410c6c1e89ae)
(cherry picked from commit f7b76d56968811b5ee7951f9d29261748c81a337)
And update test-keymap-util accordingly.
While at it, make sure to use tabs everywhere.
(cherry picked from commit 0495728429096a405b1d2cf1fa283a90c30ebaa9)
(cherry picked from commit 644a8ca3e026d22e71cb1f37034e6713bb8ee982)
(cherry picked from commit b47bc5bd13e79dde173740d894c6d06d596c1003)
(cherry picked from commit 410477a78f598e753996e3b7ee40176b219b8379)
(cherry picked from commit d6f6f9e578ed120222e84d2ebfda5e37d6827e58)
(cherry picked from commit 1c6da0da3f428989d26d83a12b36710fd47984aa)
Let's rename it a bit, to be more explanatory while exporting it.
(And let's bump the CNAME limit to 16 — 8 just sounded so little)
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1949670.
(cherry picked from commit e0ae456a554d0fce250f9a009c561b97f20c41f8)
(cherry picked from commit 0e1e59674da060af421aed4f2a6a97b899e20054)
