IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Added bash and zsh completions for oomctl arguments and commands.
Related To: #22118
(cherry picked from commit de0988f9d2b23580d31e857991337927a5735fe1)
(cherry picked from commit 0d9e6d76be9afb32a694cb3b00e2028048910d96)
(cherry picked from commit 31bb2ef7ea6a9cb3759ef09f7ee668434036a507)
(cherry picked from commit 1ee30b0ea98ec3e69faec54a107af8a06c61dca6)
The test depends on /sys being writable, so let's skip it when /sys
is read-only.
(cherry picked from commit 34b5977015a557840988e825ac116a7f09d0be75)
(cherry picked from commit 4dc37994e283d2e8af612519fd3fac195fc47e56)
(cherry picked from commit 0acf4d71e02d99b64c1644c2df3775c07a82aba1)
linux/btrfs.h needs to be included after sys/mount.h, as since [0]
linux/btrfs.h includes linux/fs.h causing build errors:
```
In file included from /usr/include/linux/fs.h:19,
from ../src/basic/linux/btrfs.h:29,
from ../src/partition/growfs.c:6:
/usr/include/sys/mount.h:35:3: error: expected identifier before numeric constant
35 | MS_RDONLY = 1, /* Mount read-only. */
| ^~~~~~~~~
[1222/2169] Compiling C object systemd-creds.p/src_creds_creds.c.o
ninja: build stopped: subcommand failed.
```
See: https://github.com/systemd/systemd/issues/8507
[0] a28135303a
(cherry picked from commit ed614f17fc9f3876b2178db949df42a2605f6895)
(cherry picked from commit 8f84df0da357128f1275933cd8aab4c5efad5767)
(cherry picked from commit 1fc632e15162e0cd02cadc2b8f7fcf1d3b718cbb)
IPPROTO_L2TP was moved from linux/l2tp.h to linux/in.h [0], so let's
reflect that change to fix build with newer kernels:
```
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:10:
../src/basic/linux/l2tp.h:16: error: "IPPROTO_L2TP" redefined [-Werror]
16 | #define IPPROTO_L2TP 115
|
In file included from ../src/libsystemd/sd-netlink/netlink-types-genl.c:3:
/usr/include/netinet/in.h:85: note: this is the location of the previous definition
85 | #define IPPROTO_L2TP IPPROTO_L2TP
|
cc1: all warnings being treated as errors
```
When at it, update the rest of the headers we ship as well.
[0] 65b32f801b
(cherry picked from commit a95ff98ec40edad2825c824a186f44454120cf1f)
(cherry picked from commit 240513cecaeca035706a618161d0141a9f1267be)
(cherry picked from commit 4bc291c1d4a97de93eb4015115516d6e7c07da00)
(cherry picked from commit 84e5b9225d12f8a1a7d414ef01f97fcd6881c14f)
(cherry picked from commit 07e4787106fb0a551f73d0a0ec4c6c8e7c958c7d)
(cherry picked from commit bd32bbebd5ea7bb5ae5fefe9d9a26e7f0bf5c635)
If we add a drop-in for init.scope (e.g.: to set some memory limit),
it will be loaded long after the cgroup has already been realized.
Do it again when creating the special unit.
(cherry picked from commit 020b2e41ea776cff73392da8084a0725b590d245)
(cherry picked from commit 786b7a7208cfb585b70659a8e3ac5180e85d0647)
(cherry picked from commit ffa329c45c945256f1ee397c1a5f56ce8dded412)
Since c78d18215b D-Bus services now have 60s to start, but the client
side (sd-bus) still waits only for 25s before giving up:
```
[ 226.196380] testsuite-71.sh[556]: + assert_in 'Static hostname: H' ''
[ 226.332965] testsuite-71.sh[576]: + set +ex
[ 226.332965] testsuite-71.sh[576]: FAIL: 'Static hostname: H' not found in:
[ 228.910782] sh[577]: + systemctl poweroff --no-block
[ 232.255584] hostnamectl[565]: Failed to query system properties: Connection timed out
[ 236.827514] systemd[1]: end.service: Consumed 2.131s CPU time.
[ 237.476969] dbus-daemon[566]: [system] Successfully activated service 'org.freedesktop.hostname1'
[ 237.516308] systemd[1]: system-modprobe.slice: Consumed 1.533s CPU time.
[ 237.794635] systemd[1]: testsuite-71.service: Main process exited, code=exited, status=1/FAILURE
[ 237.818469] systemd[1]: testsuite-71.service: Failed with result 'exit-code'.
[ 237.931415] systemd[1]: Failed to start testsuite-71.service.
[ 238.000833] systemd[1]: testsuite-71.service: Consumed 5.651s CPU time.
[ 238.181030] systemd[1]: Reached target testsuite.target.
```
Let's override the timeout in sd-bus as well to mitigate this.
Follow-up to c78d18215b3e5b0f0896ddb1d0d72c666b5e830b.
(cherry picked from commit e0cbb739113b9e2fbb67b27099430c351f03315c)
(cherry picked from commit e4ed752f2313c74b9d5ae3aeb947c150babe061a)
(cherry picked from commit f69dc64d38810ab8dbc5d0932dd5145be5a5fd14)
Unit that requires its own mount namespace creates a temporary directory
to implement dynamic bind mounts (org.freedesktop.systemd1.Manager.BindMountUnit).
However, this directory is never removed and they will accumulate for
each unique unit (e.g. templated units of systemd-coredump@).
Attach the auxiliary runtime directory existence to lifetime of other
"runtime" only per-unit directories.
(cherry picked from commit b9f976fb45635e09cd709dbedd0afb03d4b73c05)
(cherry picked from commit 80e8340ec49d0da3744cdf81f82202e13b0fad3b)
(cherry picked from commit fd260cb37e3441b851c7fee4825d5b6af17f66ca)
Currently, sd-dhcp-server accepts spurious client IDs, then the leases
exposed by networkd may be invalid. Let's make networkctl gracefully
show such leases.
Fixes#25984.
(cherry picked from commit 841dfd3dc0dd370a21f190a5b7b870db1c95f7e6)
(cherry picked from commit a674a398e707a821e4148ace80cfdf68d2fd496f)
(cherry picked from commit 088d6c8521a6aaf16b774a2a6e02eca2cb876534)
When the target (Where=) of a mount does not exist, systemd tries to
create it. But previously, it'd always been created as a directory. That
doesn't work if one wants to bind-mount a file to a target that doesn't
exist.
Fixes: #17184
(cherry picked from commit 218cfe23354397ded28ac898f82b52724f48dae7)
(cherry picked from commit 25e30725d7d31d747a40a5c0ab387dc9f48f09e3)
(cherry picked from commit 48251e428fc7fb2cd718c5864138df59f0b692a7)
In make_credential_host_secret, the credential.secret file is generated
first as a temporary anonymous file that is later instantiated with
linkat(2). This system call requires CAP_DAC_READ_SEARCH capability
when the flag AT_EMPTY_PATH is used.
This patch check if the capability is effective, and if not uses the
alternative codepath for creating named temporary files.
Non-root users can now create per-user credentials with:
export SYSTEMD_CREDENTIAL_SECRET=$HOME/.config/systemd/credential.secret
systemd-creds setup
Signed-off-by: Alberto Planas <aplanas@suse.com>
(cherry picked from commit 1615578f2792fdeecaf65606861bd3db9eb949c3)
(cherry picked from commit 432ec5a654d5b8b123472ab64b29d9b5baf3cbf2)
(cherry picked from commit d7c8b1b7095b3e80b4e0dc354e1d69cb987c075e)
When these partitions are probed by gpt-auto,
they will always be hardened with such options.
See also: https://github.com/systemd/systemd/issues/25776#issuecomment-1364115711Closes#25776
(cherry picked from commit d708293d436516823e0e4bfb02c54365820fd8c6)
(cherry picked from commit 49804cfb71d3a79f433096e4cfb5616980171336)
(cherry picked from commit ebe67b6e885f2f8d0b9a9b72da9d7ce9b6f18b92)
Follow-up for f2f7785d7a47ffa48ac929648794e1288509ddd8.
Fixes#26033.
(cherry picked from commit 2cbb171d20a07ec0a25296f167b0385de102d74e)
(cherry picked from commit 89e86ad8df4b87092264e49bcfba8053eb74822d)
(cherry picked from commit abcd25b66e9f929572552f53337c65ddc16c24af)
CURLOPT_PROTOCOLS [0] was deprecated in libcurl 7.85.0 with
CURLOPT_PROTOCOLS_STR [1] as a replacement, causing build warnings/errors:
../build/src/import/curl-util.c: In function ‘curl_glue_make’:
../build/src/import/curl-util.c:255:9: error: ‘CURLOPT_PROTOCOLS’ is deprecated: since 7.85.0. Use CURLOPT_PROTOCOLS_STR [-Werror=deprecated-declarations]
255 | if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK)
| ^~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/curl-util.c:6:
/usr/include/curl/curl.h:1749:3: note: declared here
1749 | CURLOPTDEPRECATED(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181,
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since there's no grace period between the two symbols, let's resort
to a light if-def-ery to resolve this.
[0] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS.html
[1] https://curl.se/libcurl/c/CURLOPT_PROTOCOLS_STR.html
(cherry picked from commit e61a4c0b7c79eabbe4eb50ff2e663734fde769f0)
(cherry picked from commit 14f573175aa6a026c03fd09dea5952f3755b799a)
(cherry picked from commit 4768110a2e051edeb9432283d009d12da81b13fd)
CURLINFO_PROTOCOL has been deprecated in curl 7.85.0 causing compilation
warnings/errors:
../build/src/import/pull-job.c: In function ‘pull_job_curl_on_finished’:
../build/src/import/pull-job.c:142:9: error: ‘CURLINFO_PROTOCOL’ is deprecated: since 7.85.0. Use CURLINFO_SCHEME [-Werror=deprecated-declarations]
142 | code = curl_easy_getinfo(curl, CURLINFO_PROTOCOL, &protocol);
| ^~~~
In file included from ../build/src/import/curl-util.h:4,
from ../build/src/import/pull-job.h:6,
from ../build/src/import/pull-common.h:7,
from ../build/src/import/pull-job.c:16:
/usr/include/curl/curl.h:2896:3: note: declared here
2896 | CURLINFO_PROTOCOL CURL_DEPRECATED(7.85.0, "Use CURLINFO_SCHEME")
| ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Since both CURLINFO_SCHEME and CURLINFO_PROTOCOL were introduced in
the same curl version (7.52.0 [0][1]) we don't have to worry about
backwards compatibility.
[0] https://curl.se/libcurl/c/CURLINFO_SCHEME.html
[1] https://curl.se/libcurl/c/CURLINFO_PROTOCOL.html
(cherry picked from commit 2285c462ebb0b5d9a7043719a4f0d684a5dc37c2)
(cherry picked from commit 4ab37502b35c76441b7be656b67ef53024af8a9f)
(cherry picked from commit c2be553868972c3bfe4033f2e0c90592608c7033)
Inspired by #25957 there's one other place where we don't guard
acl_free() calls with a NULL check.
Fix that.
(cherry picked from commit 34680637e838415204850f77c93ca6ca219abaf1)
(cherry picked from commit 4dabf90526d4573144a51bdd87c1203b25265b33)
(cherry picked from commit d8b4ac7a1783a29435cb3dfee3dfdee37c1b1ac8)
When built with ACL support, we might be processing a tmpfiles
entry where there's no cause for us to call parse_acls_from_arg,
then we get to the end of parse_line without having ever populated
i.{acl_access, acl_default}.
Then we pass a null pointer into acl_free().
From UBSAN w/ GCC 13.0.0_pre20230101:
```
$ systemd-tmpfiles --clean
/var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44:14: runtime error: applying non-zero offset 18446744073709551608 to null pointer
#0 0x7f65d868b482 in acl_free /var/tmp/portage/sys-apps/acl-2.3.1-r1/work/acl-2.3.1/libacl/acl_free.c:44
#1 0x55fe7e592249 in item_free_contents ../systemd-9999/src/tmpfiles/tmpfiles.c:2855
#2 0x55fe7e5a347a in parse_line ../systemd-9999/src/tmpfiles/tmpfiles.c:3158
#3 0x55fe7e5a347a in read_config_file ../systemd-9999/src/tmpfiles/tmpfiles.c:3897
#4 0x55fe7e590c61 in read_config_files ../systemd-9999/src/tmpfiles/tmpfiles.c:3985
#5 0x55fe7e590c61 in run ../systemd-9999/src/tmpfiles/tmpfiles.c:4157
#6 0x55fe7e590c61 in main ../systemd-9999/src/tmpfiles/tmpfiles.c:4218
#7 0x7f65d7ebe289 (/usr/lib64/libc.so.6+0x23289)
#8 0x7f65d7ebe344 in __libc_start_main (/usr/lib64/libc.so.6+0x23344)
#9 0x55fe7e591900 in _start (/usr/bin/systemd-tmpfiles+0x11900)
```
(cherry picked from commit 9f804ab04d566ff745849e1c4ced680a0447cf76)
(cherry picked from commit a11a949c43def70ec5d3f57f561884c3f652603e)
(cherry picked from commit 455193605d22a171c0f9b599a105be9ac18f433f)
Let's pass USEC_INFINITY from sd_event_source_set_time_relative() to
sd_event_source_set_time() instead of raising EOVERFLOW.
We should raise EOVERFLOW only if your addition fails, but not if the
input already is USEC_INFINITY, since it's an entirely valid operation
to have an infinite time-out, and we should support that.
(cherry picked from commit ef8591951aefccb668201f24aa481aa6cda834da)
(cherry picked from commit 9769d84fe51573b4f2d5cb8f76664e886c7daf88)
(cherry picked from commit 5fe49d0fb88b779d5096713627ce54757bff70b2)
(cherry picked from commit dd003f1621967f114a6a808bb1f729386dc3a154)
(cherry picked from commit 8ec0142c1345d86e2b169ebb80ae49f40610a778)
(cherry picked from commit 04d29e1c903cba5bfbf9b326e7927e44e8b2d782)
The second argument to dump_list() actually ends up in a TABLE_FIELD
cell now, where we implicitly append a ":". Hence drop it from the
strings.
Follow-up for: 37a50123fac050c7ccde4afcf3f37ee77aad012c
(cherry picked from commit ef503f1cec53f654780591adee6e3e223b575f56)
(cherry picked from commit c01cdcfb8a38e8e0eadf6feab71fe6547b1acc1d)
(cherry picked from commit 2ac8824885ebbcea89a0e90e2bd9ae00e3580b28)
Previously, if a client disconnected after sending a lookup request but
before waiting for the reply we'd log at LOG_ERR level. That's
confusing, since it's entirely OK for the client to lose interest.
Hence, let's downgrade to debug level.
Fixes: #25892
(cherry picked from commit 40557509be084f27d48bc5fc51286a664b96942e)
(cherry picked from commit a3ceaf0f1d844b27c2b11704b43e9da59a0ef39d)
(cherry picked from commit 51d6ffb854dc14de463c291ceffe093221972707)
cannot pass false as argument because function wants a pointer to bool
instead, use NULL instead
(cherry picked from commit 2cc697d7400446a7ea823bc38061501cd85b046a)
(cherry picked from commit e78a1489a8c2b398ad30a8d868754601876ba3d2)
(cherry picked from commit d857665a54cb8a959d19786c198acf2426563381)
GCC-13 -std=gnu2x FTBS with:
error: incompatible type for argument 3 of ‘_hashmap_free’
(cherry picked from commit a4a1569ff1e9ab62996f8b42dcc14a09f91b5715)
(cherry picked from commit 921bff2f856762c4c98912394f1b6b54ed063bbd)
(cherry picked from commit db147b6d2b6ab3b2983ddd8cd0c7b2fa3513f8ab)
../src/basic/cgroup-util.c: In function ‘skip_session’:
../src/basic/cgroup-util.c:1241:32: error: incompatible types when returning type ‘_Bool’ but ‘const char *’ was expected
1241 | return false;
(cherry picked from commit db8e720984269a050a7a78aeb503a7402ef567f7)
(cherry picked from commit ad647734c7cffeab0f44b12411f0e123083e9db1)
(cherry picked from commit 9ca9f95122c8bf31e95095afa2d9468d3f4bd5b1)
(cherry picked from commit 0941ccae3cf28d84db87fb9d50cc10750bc1c962)
(cherry picked from commit addeb4699353636a5f48442dedb624602c370d69)
(cherry picked from commit 3fe7a6534c11706390a096cb6e7a1c00e7f80028)
(cherry picked from commit 8b23242989b7048b2a4439068c4804e457bbd7a8)
(cherry picked from commit ec82fdc645b0c9689167764f6627189cf0cf2495)
(cherry picked from commit 688bc823e2ba9b928d2a02a89e6941fee38f70b4)
We treat any negative value as "invalid fd", but signalfd only
accepts -1.
(cherry picked from commit cbff793ffb280d9d11e5d7b1dc3964276491bee8)
(cherry picked from commit 54c840ea58c578060e941f754a4fed2931483820)
(cherry picked from commit 4178457f0ec07452f856894988e5490bbc91cc36)
If the page size of a swap space doesn't match the page size of the
currently running kernel, swapon will fail. Let's instruct it to
reinitialize the swap space instead.
(cherry picked from commit cc137d53e36da5e57b060be5e621864f572b2cac)
(cherry picked from commit a0ac79bce9255cf33b0f208b18d888f0f700133c)
(cherry picked from commit 8be5a12c7170ed7e7b4303c16573e463ef997e23)
(cherry picked from commit 5e5fce3e918ebba5d0cbf0b64bb97f0eaeae70a3)
(cherry picked from commit 613994c10b19f02c0764aa1d5865730f3af99267)
(cherry picked from commit 46a7e30cb9f274763657d40193c2a03a02c687ab)
This ensures that services with `RemainAfterExit` but without any
process running won't cause failure during freeze.
(cherry picked from commit fcb0878f7563df9701a4d066378995c0b7ec32be)
(cherry picked from commit 2eb040f36f65c316c0d015d024faf9d27db10821)
(cherry picked from commit 9a0bd2ff7004fbc3c801430ec48054a48ae77b59)
Explicitly set __attribute__ ((noinline)) so that the compiler does not
attempt to inline expand_to_usable, even with LTO.
(cherry picked from commit 4f79f545b3c46c358666c9f5f2b384fe50aac4b4)
(cherry picked from commit e998c9d7c1a52ab02ff6e9c363c1cfe0b76cd6f4)
(cherry picked from commit 40146884585707fb5e84055d4882f735caac469b)
systemd uses malloc_usable_size() everywhere to use memory blocks
obtained through malloc, but that is abuse since the
malloc_usable_size() interface isn't meant for this kind of use, it is
for diagnostics only. This is also why systemd behaviour is flaky when
built with _FORTIFY_SOURCE.
One way to make this more standard (and hence safer) is to, at every
malloc_usable_size() call, also 'reallocate' the block so that the
compiler can see the larger size. This is done through a dummy
reallocator whose only purpose is to tell the compiler about the larger
usable size, it doesn't do any actual reallocation.
Florian Weimer pointed out that this doesn't solve the problem of an
allocator potentially growing usable size at will, which will break the
implicit assumption in systemd use that the value returned remains
constant as long as the object is valid. The safest way to fix that is
for systemd to step away from using malloc_usable_size() like this.
Resolves#22801.
(cherry picked from commit 7929e180aa47a2692ad4f053afac2857d7198758)
(cherry picked from commit 34b9eddfc12936917fab000b780a451d6277c2b4)
(cherry picked from commit 70653ebeb6aa09ca6e3bad5aacf8ff950bf6d001)
gcc 13 -Wenum-int-mismatch reminds us that enum != int
(cherry picked from commit e14afe31c3e8380496dc85b57103b2f648bc7d43)
(cherry picked from commit ba5f7915d25a400f0651bc9e8546a3ec6a738eaa)
(cherry picked from commit 85ad47e172dcba386234a93103cb6b9f3a77fefc)
Fixes gcc 13 -Wenum-int-mismatch which are enabled by default.
(cherry picked from commit aa70dd624bff6280ab6f2871f62d313bdb1e1bcc)
(cherry picked from commit b1b7667a44c4e8635b6d8dc070fb2446187fcdc5)
(cherry picked from commit ecb0b018d25fa7489c2535f32660a882fc44d3b7)
This reverts commit 64f0e5385139a86f2df7f78fa67ade2075726db5.
On Wed, Dec 21, 2022 at 06:19:08PM +0100, Marius Schwarz wrote:
> That patch made things worse and is disfunctional for both, usb drive and
> password.
>
> No idea if more patches are needed, but this build does not unlock a drive
> at all, if usb is configured.
(cherry picked from commit 253cc95c6439f348bbc39c1fa663880387054d6b)
This function does not expect a password, but a key file path. The
cryptsetup helper binary even calls it that.
No Code changes.
Follow up on: 6e41f4dd916293f35d7d35cea7eed1807d7ea771
Fixes: https://github.com/systemd/systemd/security/code-scanning/81
(cherry picked from commit b7de9651db7bdbb42befa653791980daa50448bb)
In both cases, the json string is short, so we can print it, which is useful
for diagnosing invalid data in packages. But we need escape non-printable
characters.
https://bugzilla.redhat.com/show_bug.cgi?id=2152685
I went over the rest of the codebase, and it seems that other calls to
json_parse() don't have this problem.
(cherry picked from commit c5966ab5bf43b4fb45998760beaffa6c7f9e8a9e)
(cherry picked from commit 57ab4e2d47dd7c03113b66b78175242a597bd0dc)
(cherry picked from commit 6208326afb592e901d5fc8cf1b09fb764e1fdb6b)
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.
Reported-by: Matthias Gerstner <mgerstner@suse.de>
This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.
Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.
We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.
I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.
(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03)
(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c)
(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57)
(cherry picked from commit 510a146634f3e095b34e2a26023b1b1f99dcb8c0)
(cherry picked from commit cc2eb7a9b5fd6d9dd8ea35fb045ce6e5e16e1187)
(cherry picked from commit cb044d734c44cd3c05a6e438b5b995b2a9cfa73c)
If udevd broadcasts a processed device with huge amount of properties,
then clients cannot receive the device.
Fixes#24987.
(cherry picked from commit efbd4b3ca84c0426b6ff98d6352f82f3b7c090b2)
(cherry picked from commit cf21555d6df5d9eed0bf5699262deb6e9388b63b)
Follow-up to c9615f7352 and 70666e28a1.
(cherry picked from commit 1ca1bb03dec9ae3e8d734bd40eeb60210ffd7a0a)
(cherry picked from commit ee42e84968e9a69e8dfc9d25839477227d697cbb)
