From 0bc8e07aa4d8dfaed0ec1eaf603ce8cc24da5908 Mon Sep 17 00:00:00 2001 From: w30023233 Date: Tue, 24 Dec 2024 16:16:41 +0800 Subject: [PATCH] sync patches from systemd community --- ...-treat-all-negative-errnos-as-synthe.patch | 77 ++++++++++++ ...level-of-reexecute-request-to-notice.patch | 40 ++++++ backport-core-Fix-file-descriptor-leak.patch | 30 +++++ ...-scenarios-about-which-process-initi.patch | 71 +++++++++++ ...ce-fix-accept-socket-deserialization.patch | 52 ++++++++ ...vice-use-log_unit_-where-appropriate.patch | 48 +++++++ ...ly-take-tmpfs-size-into-account-for-.patch | 63 ++++++++++ ...-exec-invoke-correct-dont_close-size.patch | 44 +++++++ ...-readlinkat-supports-an-empty-string.patch | 93 ++++++++++++++ ...rnalctl-erase-verify-key-before-free.patch | 40 ++++++ ...or-messages-for-openssl-gnutls-conte.patch | 74 +++++++++++ ...d-event-change-error-code-EINVAL-EIO.patch | 36 ++++++ ...vent-do-not-assert-on-invalid-signal.patch | 36 ++++++ ...ssertion-triggered-when-an-ARP-recei.patch | 36 ++++++ ...rt-shared-log-error-when-execve-fail.patch | 66 ++++++++++ ...ysusers-handle-NSS-errors-gracefully.patch | 118 ++++++++++++++++++ systemd.spec | 21 +++- 17 files changed, 944 insertions(+), 1 deletion(-) create mode 100644 backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch create mode 100644 backport-core-Bump-log-level-of-reexecute-request-to-notice.patch create mode 100644 backport-core-Fix-file-descriptor-leak.patch create mode 100644 backport-core-Log-in-more-scenarios-about-which-process-initi.patch create mode 100644 backport-core-service-fix-accept-socket-deserialization.patch create mode 100644 backport-core-service-use-log_unit_-where-appropriate.patch create mode 100644 backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch create mode 100644 backport-exec-invoke-correct-dont_close-size.patch create mode 100644 backport-fs-util-readlinkat-supports-an-empty-string.patch create mode 100644 backport-journalctl-erase-verify-key-before-free.patch create mode 100644 backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch create mode 100644 backport-sd-event-change-error-code-EINVAL-EIO.patch create mode 100644 backport-sd-event-do-not-assert-on-invalid-signal.patch create mode 100644 backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch create mode 100644 backport-shared-log-error-when-execve-fail.patch create mode 100644 backport-sysusers-handle-NSS-errors-gracefully.patch diff --git a/backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch b/backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch new file mode 100644 index 0000000..3f31594 --- /dev/null +++ b/backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch @@ -0,0 +1,77 @@ +From 1fc7e3473c2fec27bdc0b19753e4ea84cd39644f Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Wed, 24 Jul 2024 16:28:48 +0200 +Subject: [PATCH] basic/log: do not treat all negative errnos as synthetic + +Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos, +because of the two's-complement negative value representation. +Subsequently, ERRNO= is not logged for most of our own code. +Let's fix this, by formatting all synthetic errnos as positive. +Then, treat all negative values as non-synthetic. + +While at it, mark the evaluation order explicitly, and remove +unneeded comment. + +Fixes #33800 + +(cherry picked from commit 268f58076f7e0258dce75f521d08199092279853) +(cherry picked from commit 4ad6b2631d73a574859a62d33715a7bdef810bcf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1fc7e3473c2fec27bdc0b19753e4ea84cd39644f +--- + src/basic/log.h | 5 ++--- + src/test/test-log.c | 14 +++++++++----- + 2 files changed, 11 insertions(+), 8 deletions(-) + +diff --git a/src/basic/log.h b/src/basic/log.h +index 9008d47390..12b310575e 100644 +--- a/src/basic/log.h ++++ b/src/basic/log.h +@@ -34,9 +34,8 @@ typedef enum LogTarget{ + * used a regular log level. */ + #define LOG_NULL (LOG_EMERG - 1) + +-/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */ +-#define SYNTHETIC_ERRNO(num) (1 << 30 | (num)) +-#define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1) ++#define SYNTHETIC_ERRNO(num) (abs(num) | (1 << 30)) ++#define IS_SYNTHETIC_ERRNO(val) (((val) >> 30) == 1) + #define ERRNO_VALUE(val) (abs(val) & ~(1 << 30)) + + /* The callback function to be invoked when syntax warnings are seen +diff --git a/src/test/test-log.c b/src/test/test-log.c +index b5ba67b74b..cc8c400cc1 100644 +--- a/src/test/test-log.c ++++ b/src/test/test-log.c +@@ -13,11 +13,6 @@ + #include "strv.h" + #include "tests.h" + +-assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL))); +-assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL)); +-assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0))); +-assert_cc(!IS_SYNTHETIC_ERRNO(0)); +- + #define X10(x) x x x x x x x x x x + #define X100(x) X10(X10(x)) + #define X1000(x) X100(X10(x)) +@@ -207,6 +202,15 @@ static void test_log_prefix(void) { + int main(int argc, char* argv[]) { + test_setup_logging(LOG_DEBUG); + ++ assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL))); ++ assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(-EINVAL))); ++ assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL)); ++ assert_cc(!IS_SYNTHETIC_ERRNO(-EINVAL)); ++ assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0))); ++ assert_cc(!IS_SYNTHETIC_ERRNO(0)); ++ assert_se(ERRNO_VALUE(EINVAL) == EINVAL); ++ assert_se(ERRNO_VALUE(SYNTHETIC_ERRNO(-EINVAL)) == EINVAL); ++ + test_file(); + + assert_se(log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), "foo") == -EUCLEAN); +-- +2.33.0 + diff --git a/backport-core-Bump-log-level-of-reexecute-request-to-notice.patch b/backport-core-Bump-log-level-of-reexecute-request-to-notice.patch new file mode 100644 index 0000000..6cc543e --- /dev/null +++ b/backport-core-Bump-log-level-of-reexecute-request-to-notice.patch @@ -0,0 +1,40 @@ +From 50e3bc139fc750c7b15bda55807fcb9209787319 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 8 Oct 2024 16:25:52 +0200 +Subject: [PATCH] core: Bump log level of reexecute request to notice + +A daemon-reload is important enough to deserve logging at notice +level. + +(cherry picked from commit 4ee41be82507348fbbc9d3ab28aae6330eb51663) +(cherry picked from commit 31e38b55b2e4bb1aa42fe106ea14df8e82758303) +(cherry picked from commit 79dc77a7ffed671a16c44369df2552cf733dbbef) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/50e3bc139fc750c7b15bda55807fcb9209787319 +--- + src/core/dbus-manager.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 33984f6f0e..90c1daf995 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -1614,10 +1614,10 @@ static void log_caller(sd_bus_message *message, Manager *manager, const char *me + (void) sd_bus_creds_get_comm(creds, &comm); + caller = manager_get_unit_by_pid(manager, pid); + +- log_info("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...", +- method, pid, +- comm ? " ('" : "", strempty(comm), comm ? "')" : "", +- caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : ""); ++ log_notice("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...", ++ method, pid, ++ comm ? " ('" : "", strempty(comm), comm ? "')" : "", ++ caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : ""); + } + + static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) { +-- +2.33.0 + diff --git a/backport-core-Fix-file-descriptor-leak.patch b/backport-core-Fix-file-descriptor-leak.patch new file mode 100644 index 0000000..507df0e --- /dev/null +++ b/backport-core-Fix-file-descriptor-leak.patch @@ -0,0 +1,30 @@ +From 400f0785e92866e5d8fd31ade6ae07a605d0df25 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Wed, 1 May 2024 03:14:45 +0200 +Subject: [PATCH] core: Fix file descriptor leak + +(cherry picked from commit 5bcf0881a322a72c38d518be3e3ae8bff95de5f6) +(cherry picked from commit 844bb02e48be98f4ae594e043c965588be3b138c) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/400f0785e92866e5d8fd31ade6ae07a605d0df25 +--- + src/core/service.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/service.c b/src/core/service.c +index f0763a59eb..e9466ed928 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -414,7 +414,7 @@ static void service_release_fd_store(Service *s) { + static void service_release_stdio_fd(Service *s) { + assert(s); + +- if (s->stdin_fd < 0 && s->stdout_fd < 0 && s->stdout_fd < 0) ++ if (s->stdin_fd < 0 && s->stdout_fd < 0 && s->stderr_fd < 0) + return; + + log_unit_debug(UNIT(s), "Releasing stdin/stdout/stderr file descriptors."); +-- +2.33.0 + diff --git a/backport-core-Log-in-more-scenarios-about-which-process-initi.patch b/backport-core-Log-in-more-scenarios-about-which-process-initi.patch new file mode 100644 index 0000000..c16b3fb --- /dev/null +++ b/backport-core-Log-in-more-scenarios-about-which-process-initi.patch @@ -0,0 +1,71 @@ +From 4389fea50bbb0810ed9193522c487257ca0b5d2d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer +Date: Tue, 8 Oct 2024 16:28:25 +0200 +Subject: [PATCH] core: Log in more scenarios about which process initiated an + operation + +Exit/Reboot/Poweroff and similar operations are invasive enough that +logging about who initiated them is very useful to debug issues. + +(cherry picked from commit acb0f501f4291efce82bcf89d4ad92b6a895f4fa) +(cherry picked from commit 814be7116dda14074749253d94b83387ceff0ff1) +(cherry picked from commit 4ce745446386bae450114c6fc2278577a7cf46f4) + +Conflict:the current code does not have the method_soft_reboot function, so the related code is not combined +Reference:https://github.com/systemd/systemd/commit/acb0f501f4291efce82bcf89d4ad92b6a895f4fa +--- + src/core/dbus-manager.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 90c1daf995..856dd3b5dc 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -1706,6 +1706,8 @@ static int method_exit(sd_bus_message *message, void *userdata, sd_bus_error *er + if (r < 0) + return r; + ++ log_caller(message, m, "Exit"); ++ + /* Exit() (in contrast to SetExitCode()) is actually allowed even if + * we are running on the host. It will fall back on reboot() in + * systemd-shutdown if it cannot do the exit() because it isn't a +@@ -1730,6 +1732,8 @@ static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error * + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, + "Reboot is only supported for system managers."); + ++ log_caller(message, m, "Reboot"); ++ + m->objective = MANAGER_REBOOT; + + return sd_bus_reply_method_return(message, NULL); +@@ -1792,6 +1798,8 @@ static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, + "Powering off is only supported for system managers."); + ++ log_caller(message, m, "Poweroff"); ++ + m->objective = MANAGER_POWEROFF; + + return sd_bus_reply_method_return(message, NULL); +@@ -1811,6 +1819,8 @@ static int method_halt(sd_bus_message *message, void *userdata, sd_bus_error *er + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, + "Halt is only supported for system managers."); + ++ log_caller(message, m, "Halt"); ++ + m->objective = MANAGER_HALT; + + return sd_bus_reply_method_return(message, NULL); +@@ -1830,6 +1840,8 @@ static int method_kexec(sd_bus_message *message, void *userdata, sd_bus_error *e + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, + "KExec is only supported for system managers."); + ++ log_caller(message, m, "Kexec"); ++ + m->objective = MANAGER_KEXEC; + + return sd_bus_reply_method_return(message, NULL); +-- +2.33.0 + diff --git a/backport-core-service-fix-accept-socket-deserialization.patch b/backport-core-service-fix-accept-socket-deserialization.patch new file mode 100644 index 0000000..a770396 --- /dev/null +++ b/backport-core-service-fix-accept-socket-deserialization.patch @@ -0,0 +1,52 @@ +From 8f280216e052c9b9937ba77fad6659fb727535d9 Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Mon, 17 Jun 2024 07:47:20 +0200 +Subject: [PATCH] core/service: fix accept-socket deserialization + +Follow-up for 45b1017488cef2a5bacdf82028ce900a311c9a1c + +(cherry picked from commit 9f5d8c3da4f505346bd1edfae907a2abcdbdc578) +(cherry picked from commit f7d55cc801611781fbff2817f2fd4a16ec96ca85) +(cherry picked from commit 8ead2545bf86bd0fe00b344506e071390ffaa99f) + +Conflict:there is no macro definition ASSERT_PTR, so we use the assert function instead +Reference:https://github.com/systemd/systemd-stable/commit/8f280216e052c9b9937ba77fad6659fb727535d9 +--- + src/core/service.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index de07cde..64bfe17 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -1237,7 +1237,7 @@ static int service_coldplug(Unit *u) { + service_start_watchdog(s); + + if (UNIT_ISSET(s->accept_socket)) { +- Socket* socket = SOCKET(UNIT_DEREF(s->accept_socket)); ++ Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket)); + + if (socket->max_connections_per_source > 0) { + SocketPeer *peer; +@@ -2948,8 +2948,8 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value, + } else if (streq(key, "accept-socket")) { + Unit *socket; + +- if (u->type != UNIT_SOCKET) { +- log_unit_debug(u, "Failed to deserialize accept-socket: unit is not a socket"); ++ if (unit_name_to_type(value) != UNIT_SOCKET) { ++ log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value); + return 0; + } + +@@ -2958,6 +2958,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value, + log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value); + else { + unit_ref_set(&s->accept_socket, u, socket); ++ assert(SOCKET(socket)); + SOCKET(socket)->n_connections++; + } + +-- +2.33.0 + diff --git a/backport-core-service-use-log_unit_-where-appropriate.patch b/backport-core-service-use-log_unit_-where-appropriate.patch new file mode 100644 index 0000000..22fa894 --- /dev/null +++ b/backport-core-service-use-log_unit_-where-appropriate.patch @@ -0,0 +1,48 @@ +From e575661da99de81bf0f07d7efdcf8b4c5d9b779e Mon Sep 17 00:00:00 2001 +From: Mike Yuan +Date: Sat, 26 Oct 2024 17:38:06 +0200 +Subject: [PATCH] core/service: use log_unit_* where appropriate + +(cherry picked from commit 1e8f0beee4272ddc8b25dfa9af8e54bafc4c061a) +(cherry picked from commit b9ff85ece7a6bd9eca158aa0a8af46055ffb6142) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e575661da99de81bf0f07d7efdcf8b4c5d9b779e +--- + src/core/service.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 5f4859e0d3..2894451d7f 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -4642,7 +4642,7 @@ static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, s + e = sd_bus_message_get_error(reply); + if (e) { + r = sd_bus_error_get_errno(e); +- log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r)); ++ log_unit_warning_errno(UNIT(s), r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r)); + return 1; + } + +@@ -4654,7 +4654,7 @@ static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, s + + r = pidref_set_pid(&pidref, pid); + if (r < 0) { +- log_debug_errno(r, "GetConnectionUnixProcessID() returned invalid PID: %m"); ++ log_unit_debug_errno(UNIT(s), r, "GetConnectionUnixProcessID() returned invalid PID: %m"); + return 1; + } + +@@ -4713,7 +4713,7 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) { + "s", + s->bus_name); + if (r < 0) +- log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m"); ++ log_unit_debug_errno(u, r, "Failed to request owner PID of service name, ignoring: %m"); + } + } + +-- +2.33.0 + diff --git a/backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch b/backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch new file mode 100644 index 0000000..7f619e0 --- /dev/null +++ b/backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch @@ -0,0 +1,63 @@ +From 3dacca114bde3a216605ab51d2f5203c4a6b9707 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Tue, 2 Jul 2024 15:28:47 +0100 +Subject: [PATCH] coredump: correctly take tmpfs size into account for + compression + +We calculate the amount of uncompressed data we can write by taking the limits +into account and halving it to ensure there's room for switching to compression +on the fly when storing cores on a tmpfs (eg: due read-only rootfs). + +But the logic is flawed, as taking into account the size of the tmpfs storage +was applied after the halving, so in practice when an uncompressed core file +was larger than the tmpfs, we fill it and then fail. + +Rearrange the logic so that the halving is done after taking into account +the tmpfs size. + +(cherry picked from commit e6b2508275aac2951aedfc842735d8ebc29850bb) +(cherry picked from commit a946258e9df627c675d13b2041ae186babf269dc) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/3dacca114bde3a216605ab51d2f5203c4a6b9707 +--- + src/coredump/coredump.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index 32c17664fd..f4adb32588 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -503,17 +503,21 @@ static int save_external_coredump( + bus_error_message(&error, r)); + } + ++ /* First, ensure we are not going to go over the cgroup limit */ + max_size = MIN(cgroup_limit, max_size); +- max_size = LESS_BY(max_size, 1024U) / 2; /* Account for 1KB metadata overhead for compressing */ +- max_size = MAX(PROCESS_SIZE_MIN, max_size); /* Impose a lower minimum */ +- +- /* tmpfs might get full quickly, so check the available space too. +- * But don't worry about errors here, failing to access the storage +- * location will be better logged when writing to it. */ ++ /* tmpfs might get full quickly, so check the available space too. But don't worry about ++ * errors here, failing to access the storage location will be better logged when writing to ++ * it. */ + if (fstatvfs(fd, &sv) >= 0) + max_size = MIN((uint64_t)sv.f_frsize * (uint64_t)sv.f_bfree, max_size); +- +- log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup memory limits.", max_size); ++ /* Impose a lower minimum, otherwise we will miss the basic headers. */ ++ max_size = MAX(PROCESS_SIZE_MIN, max_size); ++ /* Ensure we can always switch to compressing on the fly in case we are running out of space ++ * by keeping half of the space/memory available, plus 1KB metadata overhead from the ++ * compression algorithm. */ ++ max_size = LESS_BY(max_size, 1024U) / 2; ++ ++ log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup and/or filesystem limits.", max_size); + } + + r = copy_bytes(input_fd, fd, max_size, 0); +-- +2.33.0 + diff --git a/backport-exec-invoke-correct-dont_close-size.patch b/backport-exec-invoke-correct-dont_close-size.patch new file mode 100644 index 0000000..5c331d0 --- /dev/null +++ b/backport-exec-invoke-correct-dont_close-size.patch @@ -0,0 +1,44 @@ +From 8f4dab049074d31c31af2bb9eb76f9f4f08e3711 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 23 Apr 2024 21:49:12 +0200 +Subject: [PATCH] exec-invoke: correct dont_close[] size + +THis needs 15 entries as far as I can count, not just 14. + +Follow-up for: 5686391b006ee82d8a4559067ad9818e3e631247 + +Sniff. + +(cherry picked from commit 07296542d636dcac43f6c9ee45a638fca8c5f3dd) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/8f4dab049074d31c31af2bb9eb76f9f4f08e3711 +--- + src/core/exec-invoke.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c +index 28d6142318..8e6de15c71 100644 +--- a/src/core/exec-invoke.c ++++ b/src/core/exec-invoke.c +@@ -3459,7 +3459,7 @@ static int close_remaining_fds( + const int *fds, size_t n_fds) { + + size_t n_dont_close = 0; +- int dont_close[n_fds + 14]; ++ int dont_close[n_fds + 15]; + + assert(params); + +@@ -3495,6 +3495,8 @@ static int close_remaining_fds( + if (params->user_lookup_fd >= 0) + dont_close[n_dont_close++] = params->user_lookup_fd; + ++ assert(n_dont_close <= ELEMENTSOF(dont_close)); ++ + return close_all_fds(dont_close, n_dont_close); + } + +-- +2.33.0 + diff --git a/backport-fs-util-readlinkat-supports-an-empty-string.patch b/backport-fs-util-readlinkat-supports-an-empty-string.patch new file mode 100644 index 0000000..e85ccb7 --- /dev/null +++ b/backport-fs-util-readlinkat-supports-an-empty-string.patch @@ -0,0 +1,93 @@ +From 7a2349072e165c27ed0655934b05530c19d23779 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 15 Feb 2024 07:01:17 +0900 +Subject: [PATCH] fs-util: readlinkat() supports an empty string + +From readlinkat(2): +Since Linux 2.6.39, pathname can be an empty string, in which case the +call operates on the symbolic link referred to by dirfd (which should +have been obtained using open(2) with the O_PATH and O_NOFOLLOW flags). + +(cherry picked from commit e4c094c05543410ba05a16f757d1e11652f4f6bd) +(cherry picked from commit 30142e781d7afcfa93185d2543f59e9cf90dc882) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/7a2349072e165c27ed0655934b05530c19d23779 +--- + src/basic/fs-util.c | 8 ++++++-- + src/test/test-fs-util.c | 35 +++++++++++++++++++++++++++++++++++ + 2 files changed, 41 insertions(+), 2 deletions(-) + +diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c +index ee38e0266a..9ba9268d77 100644 +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -116,7 +116,11 @@ int rename_noreplace(int olddirfd, const char *oldpath, int newdirfd, const char + int readlinkat_malloc(int fd, const char *p, char **ret) { + size_t l = PATH_MAX; + +- assert(p); ++ assert(fd >= 0 || fd == AT_FDCWD); ++ ++ if (fd < 0 && isempty(p)) ++ return -EISDIR; /* In this case, the fd points to the current working directory, and is ++ * definitely not a symlink. Let's return earlier. */ + + for (;;) { + _cleanup_free_ char *c = NULL; +@@ -126,7 +130,7 @@ int readlinkat_malloc(int fd, const char *p, char **ret) { + if (!c) + return -ENOMEM; + +- n = readlinkat(fd, p, c, l); ++ n = readlinkat(fd, strempty(p), c, l); + if (n < 0) + return -errno; + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 5de1eea0d4..ef335b43ae 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -758,4 +758,39 @@ static int intro(void) { + return EXIT_SUCCESS; + } + ++TEST(readlinkat_malloc) { ++ _cleanup_(rm_rf_physical_and_freep) char *t = NULL; ++ _cleanup_close_ int tfd = -EBADF, fd = -EBADF; ++ _cleanup_free_ char *p = NULL, *q = NULL; ++ const char *expect = "hgoehogefoobar"; ++ ++ tfd = mkdtemp_open(NULL, O_PATH, &t); ++ assert_se(tfd >= 0); ++ ++ assert_se(symlinkat(expect, tfd, "linkname") >= 0); ++ ++ assert_se(readlinkat_malloc(tfd, "linkname", &p) >= 0); ++ assert_se(streq(p, expect)); ++ p = mfree(p); ++ ++ fd = openat(tfd, "linkname", O_PATH | O_NOFOLLOW | O_CLOEXEC); ++ assert_se(fd >= 0); ++ assert_se(readlinkat_malloc(fd, NULL, &p) >= 0); ++ assert_se(streq(p, expect)); ++ p = mfree(p); ++ assert_se(readlinkat_malloc(fd, "", &p) >= 0); ++ assert_se(streq(p, expect)); ++ p = mfree(p); ++ fd = safe_close(fd); ++ ++ assert_se(q = path_join(t, "linkname")); ++ assert_se(readlinkat_malloc(AT_FDCWD, q, &p) >= 0); ++ assert_se(streq(p, expect)); ++ p = mfree(p); ++ assert_se(readlinkat_malloc(INT_MAX, q, &p) >= 0); ++ assert_se(streq(p, expect)); ++ p = mfree(p); ++ q = mfree(q); ++} ++ + DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro); +-- +2.33.0 + diff --git a/backport-journalctl-erase-verify-key-before-free.patch b/backport-journalctl-erase-verify-key-before-free.patch new file mode 100644 index 0000000..035a4d4 --- /dev/null +++ b/backport-journalctl-erase-verify-key-before-free.patch @@ -0,0 +1,40 @@ +From b115781317b6a8c649ae2b92c7839ce8872fdffb Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 16 Oct 2024 19:27:36 +0900 +Subject: [PATCH] journalctl: erase verify key before free + +Even optarg is erased, copied string was not erased. +Let's erase the copied key for safety. + +(cherry picked from commit d0ad4e88d4e6b5e312c359a6505125f7e088f3e3) +(cherry picked from commit 28f7c958fb799887cb67528a85ca59f0ccd9261e) +(cherry picked from commit 6b13398c220a01e2eff5bb25da7d457f445c82e9) + +Conflict:the current code does not use STATIC_DESTRUCTOR_REGISTER instead of free, so the related code is not combined +Reference:https://github.com/systemd/systemd/commit/d0ad4e88d4e6b5e312c359a6505125f7e088f3e3 +--- + src/journal/journalctl.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index decdf14..327e035 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -791,9 +791,11 @@ static int parse_argv(int argc, char *argv[]) { + break; + + case ARG_VERIFY_KEY: +- r = free_and_strdup(&arg_verify_key, optarg); +- if (r < 0) +- return r; ++ erase_and_free(arg_verify_key); ++ arg_verify_key = strdup(optarg); ++ if (!arg_verify_key) ++ return log_oom(); ++ + /* Use memset not explicit_bzero() or similar so this doesn't look confusing + * in ps or htop output. */ + memset(optarg, 'x', strlen(optarg)); +-- +2.33.0 + diff --git a/backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch b/backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch new file mode 100644 index 0000000..662446b --- /dev/null +++ b/backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch @@ -0,0 +1,74 @@ +From 17a3a8e91be80c93347458a1a6508bc19646607d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 3 Nov 2024 12:58:12 +0100 +Subject: [PATCH] resolved: log error messages for openssl/gnutls context + creation + +In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting +an error message: +Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory +I expect that this actually comes from dnstls_manager_init(), the +openssl version. But without real logs it's hard to know for sure. + +Use EIO instead of ENOMEM, because the problem is unlikely to be actually +related to memory. + +(cherry picked from commit ee95e86ae163e436384f1b782a77a7e18deba890) +(cherry picked from commit abd1e408203d5d445b05f4dc0ac07e35114532d1) +(cherry picked from commit 67954b455473b29f8a41be14f5b778044b7cfafa) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ee95e86ae163e436384f1b782a77a7e18deba890 +--- + src/resolve/resolved-dnstls-gnutls.c | 4 +++- + src/resolve/resolved-dnstls-openssl.c | 9 ++++++--- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c +index acdad6fa91..c086e2c198 100644 +--- a/src/resolve/resolved-dnstls-gnutls.c ++++ b/src/resolve/resolved-dnstls-gnutls.c +@@ -236,7 +236,9 @@ int dnstls_manager_init(Manager *manager) { + + r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred); + if (r < 0) +- return -ENOMEM; ++ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), ++ "Failed to allocate SSL credentials: %s", ++ gnutls_strerror(r)); + + r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred); + if (r < 0) +diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c +index 4a0132ad3d..74fb79e58d 100644 +--- a/src/resolve/resolved-dnstls-openssl.c ++++ b/src/resolve/resolved-dnstls-openssl.c +@@ -397,11 +397,15 @@ int dnstls_manager_init(Manager *manager) { + + manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method()); + if (!manager->dnstls_data.ctx) +- return -ENOMEM; ++ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), ++ "Failed to create SSL context: %s", ++ ERR_error_string(ERR_get_error(), NULL)); + + r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION); + if (r == 0) +- return -EIO; ++ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), ++ "Failed to set protocol version on SSL context: %s", ++ ERR_error_string(ERR_get_error(), NULL)); + + (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION); + +@@ -410,7 +414,6 @@ int dnstls_manager_init(Manager *manager) { + return log_warning_errno(SYNTHETIC_ERRNO(EIO), + "Failed to load system trust store: %s", + ERR_error_string(ERR_get_error(), NULL)); +- + return 0; + } + +-- +2.33.0 + diff --git a/backport-sd-event-change-error-code-EINVAL-EIO.patch b/backport-sd-event-change-error-code-EINVAL-EIO.patch new file mode 100644 index 0000000..e60a006 --- /dev/null +++ b/backport-sd-event-change-error-code-EINVAL-EIO.patch @@ -0,0 +1,36 @@ +From 42885ab01726b5937390704f1d6ec33f0321fd53 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Sun, 4 Aug 2024 11:29:03 +0900 +Subject: [PATCH] sd-event: change error code -EINVAL -> -EIO + +EINVAL should be used when a function is called with an invalid +argument. Here, the signal is not a function argument. + +Follow-up for 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9. + +(cherry picked from commit ab9af70edb23f2a66e93e2e16f87cd98873885b7) +(cherry picked from commit 84f0eda3781f49ff7f3035861b02fe247b89d65e) +(cherry picked from commit da81ee2f78526f78b3c57661a59de681d208e35e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ab9af70edb23f2a66e93e2e16f87cd98873885b7 +--- + src/libsystemd/sd-event/sd-event.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 97678a4b5e..cd78d39eb4 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -3831,7 +3831,7 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i + return -EIO; + + if (_unlikely_(!SIGNAL_VALID(si.ssi_signo))) +- return -EINVAL; ++ return -EIO; + + if (e->signal_sources) + s = e->signal_sources[si.ssi_signo]; +-- +2.33.0 + diff --git a/backport-sd-event-do-not-assert-on-invalid-signal.patch b/backport-sd-event-do-not-assert-on-invalid-signal.patch new file mode 100644 index 0000000..f34510e --- /dev/null +++ b/backport-sd-event-do-not-assert-on-invalid-signal.patch @@ -0,0 +1,36 @@ +From 74fa56ebc3d323bd6cd2315eb8b1057f0ea359a8 Mon Sep 17 00:00:00 2001 +From: David Tardon +Date: Thu, 25 Jul 2024 10:06:34 +0200 +Subject: [PATCH] sd-event: do not assert on invalid signal + +The signalfd_siginfo struct is received from outside via a FD, hence +assert() is not appropriate way to check it. Just do a normal runtime +check. + +(cherry picked from commit 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9) +(cherry picked from commit 7a48ea958bf146a45cb4a3b7ff7aeb5885469196) +(cherry picked from commit 5fa8b5d74aa81e884613ba68c6f765834e6dd02c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9 +--- + src/libsystemd/sd-event/sd-event.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 3cc37371b6..97678a4b5e 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -3830,7 +3830,8 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i + if (_unlikely_(n != sizeof(si))) + return -EIO; + +- assert(SIGNAL_VALID(si.ssi_signo)); ++ if (_unlikely_(!SIGNAL_VALID(si.ssi_signo))) ++ return -EINVAL; + + if (e->signal_sources) + s = e->signal_sources[si.ssi_signo]; +-- +2.33.0 + diff --git a/backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch b/backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch new file mode 100644 index 0000000..5326bf4 --- /dev/null +++ b/backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch @@ -0,0 +1,36 @@ +From 8ed0c0bc4899f73934f3fc1c55c5cbb58b789a4d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Fri, 20 Sep 2024 09:58:12 +0900 +Subject: [PATCH] sd-ipv4acd: fix assertion triggered when an ARP received in + STARTED state + +When a network is busy, an ARP may be received before the timer event +source triggered first time. + +Fixes #34489. + +(cherry picked from commit 146b44d0a0001712ced2f22ca76d242eedac26ad) +(cherry picked from commit 06eb9b14829f3a5819f6daefb09fdb855cd868f4) +(cherry picked from commit b054898f12f1987d5c6fae91e664cd7f57f7fdaa) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/146b44d0a0001712ced2f22ca76d242eedac26ad +--- + src/libsystemd-network/sd-ipv4acd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c +index d34c63e854..c7102cc4f6 100644 +--- a/src/libsystemd-network/sd-ipv4acd.c ++++ b/src/libsystemd-network/sd-ipv4acd.c +@@ -396,6 +396,7 @@ static int ipv4acd_on_packet( + } + break; + ++ case IPV4ACD_STATE_STARTED: + case IPV4ACD_STATE_WAITING_PROBE: + case IPV4ACD_STATE_PROBING: + case IPV4ACD_STATE_WAITING_ANNOUNCE: +-- +2.33.0 + diff --git a/backport-shared-log-error-when-execve-fail.patch b/backport-shared-log-error-when-execve-fail.patch new file mode 100644 index 0000000..d4f942b --- /dev/null +++ b/backport-shared-log-error-when-execve-fail.patch @@ -0,0 +1,66 @@ +From 76fe6ebee84c22c96f1c9a96707c7e72706989fd Mon Sep 17 00:00:00 2001 +From: Mauri de Souza Meneguzzo +Date: Mon, 24 Jun 2024 23:47:15 -0300 +Subject: [PATCH] shared: log error when execve fail + +If there is an error with the execv call in fork_agent the +program exits without any meaningful log message. Log the +command and errno so the user gets more information about +the failure. + +Fixes: #33418 + +Signed-off-by: Mauri de Souza Meneguzzo +(cherry picked from commit a408d4453145621902b9a3ef78a552f83b09bd8d) +(cherry picked from commit 7fcfb73d71ed1d4230f58de1a94790e0c28719ea) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/76fe6ebee84c22c96f1c9a96707c7e72706989fd +--- + src/shared/exec-util.c | 1 + + src/shared/spawn-polkit-agent.c | 11 ++++++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c +index c27f3a54c1..b402877d4d 100644 +--- a/src/shared/exec-util.c ++++ b/src/shared/exec-util.c +@@ -601,5 +601,6 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret + va_end(ap); + + execv(path, l); ++ log_error_errno(errno, "Failed to execute %s: %m", path); + _exit(EXIT_FAILURE); + } +diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c +index ce3c5fb948..fd91bd636f 100644 +--- a/src/shared/spawn-polkit-agent.c ++++ b/src/shared/spawn-polkit-agent.c +@@ -43,16 +43,21 @@ int polkit_agent_open(void) { + xsprintf(notify_fd, "%i", pipe_fd[1]); + + r = fork_agent("(polkit-agent)", +- &pipe_fd[1], 1, ++ &pipe_fd[1], ++ 1, + &agent_pid, + POLKIT_AGENT_BINARY_PATH, +- POLKIT_AGENT_BINARY_PATH, "--notify-fd", notify_fd, "--fallback", NULL); ++ POLKIT_AGENT_BINARY_PATH, ++ "--notify-fd", ++ notify_fd, ++ "--fallback", ++ NULL); + + /* Close the writing side, because that's the one for the agent */ + safe_close(pipe_fd[1]); + + if (r < 0) +- log_error_errno(r, "Failed to fork TTY ask password agent: %m"); ++ log_error_errno(r, "Failed to fork polkit agent: %m"); + else + /* Wait until the agent closes the fd */ + (void) fd_wait_for_event(pipe_fd[0], POLLHUP, USEC_INFINITY); +-- +2.33.0 + diff --git a/backport-sysusers-handle-NSS-errors-gracefully.patch b/backport-sysusers-handle-NSS-errors-gracefully.patch new file mode 100644 index 0000000..6736922 --- /dev/null +++ b/backport-sysusers-handle-NSS-errors-gracefully.patch @@ -0,0 +1,118 @@ +From 0f518750a44dc4b2987ecc0cea4b3d848ac46ee9 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi +Date: Thu, 4 Jul 2024 10:23:04 +0100 +Subject: [PATCH] sysusers: handle NSS errors gracefully + +If the io.systemd.DynamicUser or io.systemd.Machine files exist, +but nothing is listening on them, the nss-systemd module returns +ECONNREFUSED and systemd-sysusers fails to creat the user/group. + +This is problematic when ran by packaging scripts, as the package +assumes that after this has run, the user/group exist and can +be used. adduser does not fail in the same situation. + +Change sysusers to print a loud warning but otherwise continue +when NSS returns an error. + +(cherry picked from commit fc9938d6f8e7081df5420bf88bf98f683b1391c0) +(cherry picked from commit abba1e6bc29b7e07354ca23906c6f485ba245a1a) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0f518750a44dc4b2987ecc0cea4b3d848ac46ee9 +--- + src/sysusers/sysusers.c | 12 ++++++------ + test/units/TEST-74-AUX-UTILS.sysusers.sh | 24 ++++++++++++++++++++++++ + 2 files changed, 30 insertions(+), 6 deletions(-) + create mode 100755 test/units/TEST-74-AUX-UTILS.sysusers.sh + +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 514f3c7935..794e09ce53 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -1064,7 +1064,7 @@ static int uid_is_ok( + if (p) + return 0; + if (!IN_SET(errno, 0, ENOENT)) +- return -errno; ++ log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid); + + if (check_with_gid) { + errno = 0; +@@ -1073,7 +1073,7 @@ static int uid_is_ok( + if (!streq(g->gr_name, name)) + return 0; + } else if (!IN_SET(errno, 0, ENOENT)) +- return -errno; ++ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid); + } + } + +@@ -1179,7 +1179,7 @@ static int add_user(Context *c, Item *i) { + return 0; + } + if (!errno_is_not_exists(errno)) +- return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name); ++ log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name); + } + + /* Try to use the suggested numeric UID */ +@@ -1301,7 +1301,7 @@ static int gid_is_ok( + if (g) + return 0; + if (!IN_SET(errno, 0, ENOENT)) +- return -errno; ++ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid); + + if (check_with_uid) { + errno = 0; +@@ -1309,7 +1309,7 @@ static int gid_is_ok( + if (p) + return 0; + if (!IN_SET(errno, 0, ENOENT)) +- return -errno; ++ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid); + } + } + +@@ -1344,7 +1344,7 @@ static int get_gid_by_name( + return 0; + } + if (!errno_is_not_exists(errno)) +- return log_error_errno(errno, "Failed to check if group %s already exists: %m", name); ++ log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name); + } + + return -ENOENT; +diff --git a/test/units/TEST-74-AUX-UTILS.sysusers.sh b/test/units/TEST-74-AUX-UTILS.sysusers.sh +new file mode 100755 +index 0000000000..dcd29938b5 +--- /dev/null ++++ b/test/units/TEST-74-AUX-UTILS.sysusers.sh +@@ -0,0 +1,24 @@ ++#!/usr/bin/env bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++set -eux ++set -o pipefail ++ ++# shellcheck source=test/units/util.sh ++. "$(dirname "$0")"/util.sh ++ ++at_exit() { ++ set +e ++ userdel -r foobarbaz ++ umount /run/systemd/userdb/ ++} ++ ++# Check that we indeed run under root to make the rest of the test work ++[[ "$(id -u)" -eq 0 ]] ++ ++trap at_exit EXIT ++ ++# Ensure that a non-responsive NSS socket doesn't make sysusers fail ++mount -t tmpfs tmpfs /run/systemd/userdb/ ++touch /run/systemd/userdb/io.systemd.DynamicUser ++echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers - ++grep -q foobarbaz /etc/passwd +-- +2.33.0 + diff --git a/systemd.spec b/systemd.spec index c9ecbda..a39542b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -25,7 +25,7 @@ Name: systemd Url: https://systemd.io/ Version: 255 -Release: 34 +Release: 35 License: LGPL-2.1-or-later AND MIT AND GPL-2.0-or-later Summary: System and Service Manager @@ -82,6 +82,22 @@ Patch6026: backport-shutdown-clean-up-sync_with_progress-a-bit.patch Patch6027: backport-shutdown-replace-unbounded-fsync-with-bounded-sync_w.patch Patch6028: backport-shutdown-teach-sync_with_progress-to-optionally-sync.patch Patch6029: backport-core-reliably-check-if-varlink-socket-has-been-deser.patch +Patch6030: backport-fs-util-readlinkat-supports-an-empty-string.patch +Patch6031: backport-exec-invoke-correct-dont_close-size.patch +Patch6032: backport-core-Fix-file-descriptor-leak.patch +Patch6033: backport-core-service-fix-accept-socket-deserialization.patch +Patch6034: backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch +Patch6035: backport-sysusers-handle-NSS-errors-gracefully.patch +Patch6036: backport-shared-log-error-when-execve-fail.patch +Patch6037: backport-sd-event-do-not-assert-on-invalid-signal.patch +Patch6038: backport-sd-event-change-error-code-EINVAL-EIO.patch +Patch6039: backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch +Patch6040: backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch +Patch6041: backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch +Patch6042: backport-journalctl-erase-verify-key-before-free.patch +Patch6043: backport-core-service-use-log_unit_-where-appropriate.patch +Patch6044: backport-core-Bump-log-level-of-reexecute-request-to-notice.patch +Patch6045: backport-core-Log-in-more-scenarios-about-which-process-initi.patch Patch9008: update-rtc-with-system-clock-when-shutdown.patch Patch9009: udev-add-actions-while-rename-netif-failed.patch @@ -1690,6 +1706,9 @@ fi %{_unitdir}/veritysetup.target %changelog +* Tue Dec 24 2024 wangyuhang - 255-35 +- sync patches from systemd community + * Thu Dec 19 2024 Linux_zhang - 255-34 - Fix the varlink connection is disconnected when systemd upgrade -- Gitee