dgit.raspbian.org Git - systemd.git/log

pam_systemd: suppress LOG_DEBUG log messages if debugging is off

In the PAM module we need to suppress LOG_DEBUG messages manually, if
debug logging is not on, as PAM won't do this for us. We did this
correctly for most log messages already, but two were missing. Let's fix
those too.

Fixes: #10822
(cherry picked from commit 2675747f3cdd6f1e6236bbb2f79abfa53fb307f1)

Gbp-Pq: Name pam_systemd-suppress-LOG_DEBUG-log-messages-if-debugging-.patch

tree-wide: port over other candidates for namespace_fork()

Let's always use the same, correct, way to join a namespace.

(cherry picked from commit 1edcb6a91ce459aed9abdf63b2724745a7cf8f45)

Gbp-Pq: Name tree-wide-port-over-other-candidates-for-namespace_fork.patch

machined: when reading os-release file, join PID namespace too

This is required for /proc/self/fd/xyz to work, but that's what we need
to convert the O_PATH fd returned by chase_symlinks() back to a regular
file fd. Hence, let's do the joining of the namespaces fully and
correctly, by doing fork()+setns()+fork() with the PID and fs
namespaces.

This makes use of the new namespace_fork() helper we just added.

Fixes: #10549
(cherry picked from commit 2bb21fc9288100e12f3dc1a0ede1e8487f7f5223)

Gbp-Pq: Name machined-when-reading-os-release-file-join-PID-namespace-.patch

sd-bus: port over to namespace_fork()

This is pretty similar code, let's replace it with the generic
namespace_fork() implementation.

(cherry picked from commit 0a885dd055d30200021f7de188e2228c4d824518)

Gbp-Pq: Name sd-bus-port-over-to-namespace_fork.patch

core: add namespace_fork() helper, that forks, joins a set of namespaces and forks again

This helper is useful to ensure pidns/userns joining is properly
executed (as that requires a fork after the setns()). This is
particularly important when it comes to /proc/self/ access or
SCM_CREDENTIALS, but is generally the safer mode of operation.

(cherry picked from commit 27096982798e4f4d1498f9ce75c317b8d3376125)

Gbp-Pq: Name core-add-namespace_fork-helper-that-forks-joins-a-set-of-.patch

systemd: do not pass .wants fragment path to manager_load_unit

When loading units, sometimes we'd first encounter a unit from .wants or
.requires directory. A typical case would be when multi-user.target.wants/
contains a symlink to some unit. We would prepare to load this unit using
/etc/systemd/system/multi-user.target.wants/foo.service as the fragment
path. This is always wrong. Instead, let's use NULL as the path and let
manager_load_unit() figure out the path on its own.

Fixes #9921.

    path=0x5625ed9b01a0 "/usr/lib/systemd/system/local-fs.target.wants/systemd-remount-fs.service", e=0x0,
    _ret=0x7ffe64645000) at ../src/core/manager.c:1887
    name=0x5625ed9b01ce "systemd-remount-fs.service",
    path=0x5625ed9b01a0 "/usr/lib/systemd/system/local-fs.target.wants/systemd-remount-fs.service", e=0x0,
    _ret=0x7ffe64645000) at ../src/core/manager.c:1961
    name=0x5625ed9b01ce "systemd-remount-fs.service",
    path=0x5625ed9b01a0 "/usr/lib/systemd/system/local-fs.target.wants/systemd-remount-fs.service",
    add_reference=true, mask=UNIT_DEPENDENCY_FILE) at ../src/core/unit.c:2946
    dir_suffix=0x5625ebb179ed ".wants") at ../src/core/load-dropin.c:95
    path=0x0, e=0x0, _ret=0x7ffe646452c0) at ../src/core/manager.c:1965
    name=0x5625ebb186f8 "local-fs.target", path=0x0, add_reference=true,
    mask=UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT) at ../src/core/unit.c:2946
    where=0x5625ed9b3cc0 "/tmp", options=0x5625ed947110 "rw,nosuid,nodev,seclabel",
    fstype=0x5625ed95be90 "tmpfs", flags=0x7ffe64645395) at ../src/core/mount.c:1439
    where=0x5625ed9b3cc0 "/tmp", options=0x5625ed947110 "rw,nosuid,nodev,seclabel",
    fstype=0x5625ed95be90 "tmpfs", set_flags=false) at ../src/core/mount.c:1567
    at ../src/core/mount.c:1635
    ret_retval=0x7ffe64645660, ret_shutdown_verb=0x7ffe646456c0, ret_fds=0x7ffe646456d8,
    ret_switch_root_dir=0x7ffe646456b0, ret_switch_root_init=0x7ffe646456b8,
    ret_error_message=0x7ffe646456c8) at ../src/core/main.c:1669

(cherry picked from commit 0c062fd3eb3988822ffcf1f87c45f7c168fe92ef)

Gbp-Pq: Name systemd-do-not-pass-.wants-fragment-path-to-manager_load_.patch

meson: avoid calling the shell to resolve efi_libdir

(cherry picked from commit 5f723125aece111f1990f9ff6d3572fb2509ad19)

Gbp-Pq: Name meson-avoid-calling-the-shell-to-resolve-efi_libdir.patch

meson: use an array option for efi-cc

Fixes: https://github.com/systemd/systemd/issues/10211
(cherry picked from commit 595343fb4c99c2679d347ef7c19debfbfed6342e)

Gbp-Pq: Name meson-use-an-array-option-for-efi-cc.patch

meson: use the host architecture compiler/linker for src/boot/efi

cross building systemd to arm64 presently fails, because the build
system uses plain gcc and plain ld (build architecture compiler and
linker respectively) for building src/boot/efi. These values come from
the efi-cc and efi-ld options respectively. It rather should be using
host tools here.

Fixes: b710072da441 ("add support for building efi modules")
(cherry picked from commit df7cacae696ae3c1d13d2f9a4db24815e07e29a1)

Gbp-Pq: Name meson-use-the-host-architecture-compiler-linker-for-src-b.patch

core: when deserializing state always use read_line(…, LONG_LINE_MAX, …)

This should be much better than fgets(), as we can read substantially
longer lines and overly long lines result in proper errors.

Fixes a vulnerability discovered by Jann Horn at Google.

CVE-2018-15686
LP: #1796402
https://bugzilla.redhat.com/show_bug.cgi?id=1639071

(cherry picked from commit 8948b3415d762245ebf5e19d80b97d4d8cc208c1)
(cherry picked from commit 1a05ff4948d778280ec155a9abe69d3360bfddd9)

Gbp-Pq: Name core-when-deserializing-state-always-use-read_line-LONG_L.patch

chown-recursive: TAKE_FD() is your friend

(cherry picked from commit cd6b7d50c337b3676a3d5fc2188ff298dcbdb939)

Gbp-Pq: Name chown-recursive-TAKE_FD-is-your-friend.patch

chown-recursive: also drop ACLs when recursively chown()ing

Let's better be safe than sorry and also drop ACLs.

(cherry picked from commit f89bc84f3242449cbc308892c87573b131f121df)

Gbp-Pq: Name chown-recursive-also-drop-ACLs-when-recursively-chown-ing.patch

chown-recursive: let's rework the recursive logic to use O_PATH

That way we can pin a specific inode and analyze it and manipulate it
without it being swapped out beneath our hands.

Fixes a vulnerability originally found by Jann Horn from Google.

CVE-2018-15687
LP: #1796692
https://bugzilla.redhat.com/show_bug.cgi?id=1639076

(cherry picked from commit 5de6cce58b3e8b79239b6e83653459d91af6e57c)

Gbp-Pq: Name chown-recursive-let-s-rework-the-recursive-logic-to-use-O.patch

dhcp6: make sure we have enough space for the DHCP6 option header

Fixes a vulnerability originally discovered by Felix Wilhelm from
Google.

CVE-2018-15688
LP: #1795921
https://bugzilla.redhat.com/show_bug.cgi?id=1639067

(cherry picked from commit 4dac5eaba4e419b29c97da38a8b1f82336c2c892)

Gbp-Pq: Name dhcp6-make-sure-we-have-enough-space-for-the-DHCP6-option.patch

meson: rename -Ddebug to -Ddebug-extra

Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.

Fixes #9883.

(cherry picked from commit 8f6b442a78d0b485f044742ad90b2e8271b4e68e)

Gbp-Pq: Name meson-rename-Ddebug-to-Ddebug-extra.patch

test: use ${builddir}/systemd-runtest.env for $SYSTEMD_CATALOG_DIR

This makes it so that tests no longer need to know the absolute paths to the
source and build dirs, instead using the systemd-runtest.env file to get these
paths when running from the build tree.

Confirmed that test-catalog works on `ninja test`, when called standalone and
also when the environment file is not present, in which case it will use the
installed location under /usr/lib/systemd/catalog.

The location can now also be overridden for this test by setting the
$SYSTEMD_CATALOG_DIR environment variable.

(cherry picked from commit 49cdae63d168b2fe0e19f9f090b90d79de3c39bb)

Gbp-Pq: Name test-use-builddir-systemd-runtest.env-for-SYSTEMD_CATALOG.patch

test: use ${builddir}/systemd-runtest.env to set $SYSTEMD_TEST_DATA

This simplifies get_testdata_dir() to simply checking for an environment
variable, with an additional function to locate a systemd-runtest.env file in
the same directory as the test binary and reading environment variable
assignments from that file if it exists.

This makes it possible to:
- Run `ninja test` from the build dir and have it use ${srcdir}/test for
  test unit definitions.
- Run a test directly, such as `build/test-execute` and have it locate
  them correctly.
- Run installed tests (from systemd-tests package) and locate the test
  units in the installed location (/usr/lib/systemd/tests/testdata), in
  which case the absence of the systemd-runtest.env file will have
  get_testdata_dir() use the installed location hardcoded into the
  binaries.

Explicit setting of $SYSTEMD_TEST_DATA still overrides the contents of
systemd-runtest.env.

(cherry picked from commit e2d413707fc68ed033a83e10a055ca638a1e1e18)

Gbp-Pq: Name test-use-builddir-systemd-runtest.env-to-set-SYSTEMD_TEST.patch

test: remove support for suffix in get_testdata_dir()

Instead, use path_join() in callers wherever needed.

(cherry picked from commit 55890a40c3ec0c061c04d1395a38c26313132d12)

Gbp-Pq: Name test-remove-support-for-suffix-in-get_testdata_dir.patch

test: make test-catalog relocatable

Fixes #10045.

(cherry picked from commit d9b6baa69968132d33e4ad8627c7fe0bd527c859)

Gbp-Pq: Name test-make-test-catalog-relocatable.patch

test: introduce test_is_running_from_builddir()

(cherry picked from commit 8cb10a4f4dabc508a04f76ea55f23ef517881b61)

Gbp-Pq: Name test-introduce-test_is_running_from_builddir.patch

core: fix gid when DynamicUser=yes with static User=

When DynamicUser=yes and static User= are set, and the user has
different uid and gid, then as the storage socket for the dynamic
user does not contains gid, we need to obtain gid.

Follow-up for 9ec655cbbd7505ef465e0444da0622e46099ce42.

Fixes #9702.

(cherry picked from commit 25a1df7c652d180eb716412885c3ce3fcc1bbded)

Gbp-Pq: Name core-fix-gid-when-DynamicUser-yes-with-static-User.patch

user-runtime-dir: fix selinux regression

Fix #9993. When this code was split out to user-runtime-dir, it forgot to
include the call to mac_selinux_init(). So mkdir_label() stopped working.

Fixes: a9f0f5e50104 ("logind: split %t directory creation to a helper
unit")

(cherry picked from commit 81375d802672f34205bef9f301c58854af5fc568)

Gbp-Pq: Name user-runtime-dir-fix-selinux-regression.patch

timedate: defer the property changed signal until job of starting/stopping NTP service is finished

Before this, the property changed signal is emitted immediately after
StartUnit/StopUnit method is called. So, the running state of the NTP
client service may not updated.
This makes the timing of emitting property changed signal is deferred
until job of starting/stopping NTP client service is completed.

Fixes #9672.

(cherry picked from commit 3af0a96c0fcc623bd16649fc3640396a657cf9ef)

Gbp-Pq: Name timedate-defer-the-property-changed-signal-until-job-of-s.patch

timedate: increment reference count of sd_bus_message

The commit 5d280742b645a69a19e7f9131adc0c95f5c7fa07 introduces a
barrier to suppress calling context_update_ntp_status() multiple times.
However, it just stores the address of sd_bus_message object. So,
when an address is reused on the subsequent message, then the status
of NTP clients are not updated.

This makes the stored message object is referenced by the context
object. So, the subsequent message is on cirtainly different address.

(cherry picked from commit 2770af85ac04fd14af2f6bcdf4d3967ed6f2e36f)

Gbp-Pq: Name timedate-increment-reference-count-of-sd_bus_message.patch

Do not apply uaccess tag for /dev/kvm if mode is 0666

(cherry picked from commit ace5e3111c0b8d8bfd84b32f2c689b0a4d92c061)

Gbp-Pq: Name Do-not-apply-uaccess-tag-for-dev-kvm-if-mode-is-0666.patch

Re-add uaccess tag for /dev/kvm

If --dev-kvm-mode is set to something different then 0666, which we
explicitly support, it makes sense to still apply the uaccess tag to
/dev/kvm. For distros which opt to use the default 0666, this change is
a nop.

This partially reverts commit b8fd3d82205f632ce001fade74fed287e1564a1a.

(cherry picked from commit fa53e24130af3a389573acb9585eadbf7192955f)

Gbp-Pq: Name Re-add-uaccess-tag-for-dev-kvm.patch

network/link: Fix logic error in matching devices by MAC

Prior to this commit, a .link file with a [Match] section containing
MACAddress= would match any device without a MAC. This restores the
matching logic prior to e90d037.

(cherry picked from commit 25ea58d37385af27301b7ad25e985eb15f421614)

Gbp-Pq: Name network-link-Fix-logic-error-in-matching-devices-by-MAC.patch

test: Drop SKIP_INITRD for QEMU-based tests

Not all distros support booting without an initrd. E.g. the Debian
kernel builds ext4 as a module and so relies on an initrd to
successfully start the QEMU-based images.

(cherry picked from commit c2d4da002095fe6f86f89a508a81e48fb6d3196f)

Gbp-Pq: Name test-Drop-SKIP_INITRD-for-QEMU-based-tests.patch

sysusers,tmpfiles: re-create systemd-network, systemd-resolve and systemd-timesync

This partially reverts d4e9e574ea0b5d23598a317e68399584d229568b,
0187368cadea183e18c6d575a9d6b7f491a402af, and
4240cb02fda90ba11dfc0114201e42691132c6a9.
The services systemd-networkd, systemd-resolved, and systemd-timesyncd
enable DynamicUsers= and have bus interfaces. Unfortunately, these
has many problems now. Let us create the relevant users, at least,
tentatively.

Fixes #9503.

(cherry picked from commit 5b5d82615011b9827466b7cd5756da35627a1608)

Gbp-Pq: Name sysusers-tmpfiles-re-create-systemd-network-systemd-resol.patch

test: fix networkd-test.py rate limiting and dynamic user

- Reset systemd-networkd.service before each test run, to avoid running
   into restart limits.
- Our networkd-test-router.service unit needs to run as root and thus
   can't use `User=`; but networkd still insists on the
   `systemd-network` system user to exist, so create it.

(cherry picked from commit c44c1b8ab5274c7cdb93d9a80c79bcddb503c235)

Gbp-Pq: Name test-fix-networkd-test.py-rate-limiting-and-dynamic-user.patch

tmpfiles: specify access mode for /run/systemd/netif

This partially reverts 2af767729489f6baa98a2641b2007acab44ed353.
As the directories are certainly readable and not-writable by
non-privileged users.

(cherry picked from commit 400d8461381c5748a97fccb8a022a20f40063a7d)

Gbp-Pq: Name tmpfiles-specify-access-mode-for-run-systemd-netif.patch

bus-util: make log level lower in request_name_destroy_callback()

Fixes #9442.

(cherry picked from commit 04e075b572b168a183cde29480dbb30d027d4fe7)

Gbp-Pq: Name bus-util-make-log-level-lower-in-request_name_destroy_cal.patch

basic: add missing comma in raw_clone assembly for sparc

Fixes: 96f64eb5741b157f26a9089816fdd992e959792e
Closes: https://github.com/systemd/systemd/issues/9444
(cherry picked from commit 358248caa3eca525751694de7c34b16bb46d5a9c)

Gbp-Pq: Name basic-add-missing-comma-in-raw_clone-assembly-for-sparc.patch

sleep: fix one more printf format of a fiemap field

Use PRIu64 constant to get the format right on LP-64 architectures,
cast to (uint64_t) to solve incompatibility of __u64.

This was missed in ad4bc3352285f467f4ffa03c3171b19fa0a8758d, so fix it
with this follow up.

(cherry picked from commit d7af62d52cd3b58c5fe7d410e907e01fed71c02e)

Gbp-Pq: Name sleep-fix-one-more-printf-format-of-a-fiemap-field.patch

timesync: changes type of drift_freq to int64_t

drift_freq is used for storing timex.freq, and is a 64bit integer.
To support x32 ABI, this changes the type of drift_freq to int64_t.

Fixes #9387.

(cherry picked from commit 75ca1621db4647a4d62d7873cd6715e28fe0f9fa)

Gbp-Pq: Name timesync-changes-type-of-drift_freq-to-int64_t.patch

sleep: fix printf format of fiemap fields

Use PRIu64 and PRIu32 constants to also get the format right on LP-64
architectures.

For the 64-bit fields, we need a cast to (uint64_t), since __u64 is
defined as a `long long unsigned` and PRIu64 expects a `long unsigned`.
In practice, both are the same, so the cast should be OK.

(cherry picked from commit ad4bc3352285f467f4ffa03c3171b19fa0a8758d)

Gbp-Pq: Name sleep-fix-printf-format-of-fiemap-fields.patch

systemd (239-15) unstable; urgency=medium

  [ Felipe Sateler ]
  * Fix container check in udev init script.
    Udev needs writable /sys, so the init script tried to check before
    starting. Unfortunately, the check was inverted. Let's add the missing
    '!' to negate the check.
    (Closes: #915261)
  * Add myself to uploaders

  [ Michael Biebl ]
  * Remove obsolete systemd-shim conffile on upgrades.
    The D-Bus policy file was dropped from the systemd-shim package in
    version 8-4, but apparently there are cases where users removed the
    package before that cleanup happened. The D-Bus policy file that was
    shipped by systemd-shim was much more restrictive and now prevents
    calling GetDynamicUsers() and other recent APIs on systemd Manager.
    (Closes: #914285)

[dgit import unpatched systemd 239-15]

Import systemd_239-15.debian.tar.xz

[dgit import tarball systemd 239-15 systemd_239-15.debian.tar.xz]

Import systemd_239.orig.tar.gz

[dgit import orig systemd_239.orig.tar.gz]