IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
When running tests in a mkosi container, /run/systemd might not
exist yet in the container which causes test-execute to fail.
Fixes#17842.
(cherry picked from commit 77f16dbd6d93f2b4a96984254cca25cab03479af)
DNS-over-TLS being in use isn't precisely the same as "UDP not
supported". Let's make this clearer.
(cherry picked from commit 6c0bacc146f1eea16f3b177a02fadf28901f9302)
After fe841414ef157f7f01d339c5d5730126e7b5fe0a, broadcast address is
also compared with existing one to determine whether the address is
foregin or not. So, the address object should not contain unnecessary
information.
Fixes#17803.
(cherry picked from commit df8aa086420e6ce61e32898b2bb7c88b87fd1c43)
Make them rather fail than go to the network.
Previously we'd filter them on LLMNR (explicitly) and MDNS (implicitly,
because it doesn't have .local suffix), but not on DNS.
In order to make _gateway truly reliable, let's not allow it to go to
DNS either, and keep it local.
This is particular relevant, as clients can now request lookups without
local RR synthesis, where we'd rather have NXDOMAIN returned for
_gateway than have it hit the network.
(cherry picked from commit fbbc72189f7844df8500bb10a58988f70bf90c99)
Apparently 30s is a bit too long for some cases, see #5552. But not
caching SERVFAIL at all also breaks stuff, see explanation in
201d99584ed7af8078bb243ce2587e5455074713.
Let's try to find some middle ground, by lowering the cache timeout to
10s. This should be ample for the problem
201d99584ed7af8078bb243ce2587e5455074713 attackes, but not as long as
half a miute, as #5552 complains.
Fixes: #5552
(cherry picked from commit 19bcef9dc3fde342f138394333ab04d7e44b7da2)
This follows more closely what web browsers do, and makes sure emojis in
domains work.
Fixes: #14483
(cherry picked from commit d80e72ec602c2af2983842ad87e4443fce89d423)
UML runs as a user-process so it can quite easily be ran inside of
another hypervisor, for instance inside a KVM instance. UML passes
through the CPUID from the host machine so in this case detect_vm
incorrectly identifies as running under KVM. So check we are running
a UML kernel first, before we check any other hypervisors.
Resolves: #17754
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
(cherry picked from commit c8037dbf05da586b6a210ac04f145d99f424971f)
We need to check for parent domains too. We did this correctly for the
system-wide NTA list, but not for the per-link one. Let's fix that.
(cherry picked from commit 7e8a93b77c3c4d4df1e8c3177dc9553c94fac759)
Follow-up for d448888924c1d4815cb97bcd5d94419812c053b9 and ca121e20c42219e3bc4e5cb63dcc96cc5eae2879.
Fixes#17568.
(cherry picked from commit 0f82a2ab5c8d812791aca9686bdcc45f39c62431)
In some cases it is not defined. Eg in a yocto build:
src/systemd/meson.build:61:15: ERROR: Unknown variable cxx.
(cherry picked from commit 442bc2afee6c5f731c7b3e76ccab7301703a45a7)
Commit 428a9f6f1d0396b9eacde2b38d667cbe3f15eb55 freed u->pids which is
problematic since the references to this unit in m->watch_pids were no more
removed when the unit was freed.
This patch makes sure to clean all this refs up before freeing u->pids by
calling unit_unwatch_all_pids().
(cherry picked from commit e9eec8b5d2c106c5dd51382a155e6045c7c17c1a)
This reverts the gist of da1921a5c396547261c8c7fcd94173346eb3b718 and
0d9fca76bb69e162265b2d25cb79f1890c0da31b (for ppc).
Quoting #17559:
> libseccomp 2.5 added socket syscall multiplexing on ppc64(el):
> https://github.com/seccomp/libseccomp/pull/229
>
> Like with i386, s390 and s390x this breaks socket argument filtering, so
> RestrictAddressFamilies doesn't work.
>
> This causes the unit test to fail:
> /* test_restrict_address_families */
> Operating on architecture: ppc
> Failed to install socket family rules for architecture ppc, skipping: Operation canceled
> Operating on architecture: ppc64
> Failed to add socket() rule for architecture ppc64, skipping: Invalid argument
> Operating on architecture: ppc64-le
> Failed to add socket() rule for architecture ppc64-le, skipping: Invalid argument
> Assertion 'fd < 0' failed at src/test/test-seccomp.c:424, function test_restrict_address_families(). Aborting.
>
> The socket filters can't be added so `socket(AF_UNIX, SOCK_DGRAM, 0);` still
> works, triggering the assertion.
Fixes#17559.
Only some small changes, because we updated recently. As usual, it seems that there are mostly
additions with a smaller amount of corrections, no big removals.
This test assumes capability_list_length() is an invalid cap number,
but that isn't true if the running kernel supports more caps than we were
compiled with, which results in the test failing.
Instead use cap_last_cap() + 1.
If cap_last_cap() is 63, there are no more 'invalid' cap numbers to test with,
so the invalid cap number test part is skipped.
