From 2b682337e7b15b56537fb30483c8fe97bbeb46e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 4 Mar 2016 11:53:37 -0500 Subject: [PATCH] Backport a bunch of patches --- ...ARM-clockids-to-non-ALARM-clockids-i.patch | 11 +- 0002-core-fix-indenting-in-dump-output.patch | 24 ++ ...READ-is-not-reliable-on-some-sockets.patch | 238 ++++++++++++++++ ...ork-idle-detection-logic-of-networkd.patch | 55 ++++ 0005-core-fix-assertion-check.patch | 24 ++ ...-fix-cg_unified-return-code-checking.patch | 26 ++ ...-resolve-specifier-in-config_parse_e.patch | 54 ++++ 0008-activate-fix-E-option-parsing.patch | 25 ++ ...not-call-bsearch-with-a-null-argumen.patch | 30 ++ ...rect-segmentation-fault-due-to-missi.patch | 30 ++ ...re-we-allocate-the-NTA-set-before-we.patch | 27 ++ 0012-networkd-tunnel-fix-tunnel-address.patch | 70 +++++ ...darspec-fix-find_next-skipping-times.patch | 47 ++++ ...-.slice-units-from-systemctl-isolate.patch | 52 ++++ ...ame-before-checking-for-trailing-dot.patch | 35 +++ ...oid-and-uint8_t-for-generic-pointers.patch | 81 ++++++ ...ification-iteration-logic-when-trans.patch | 260 ++++++++++++++++++ ...ways-try-to-load-the-full-selinux-db.patch | 249 +++++++++++++++++ ...variants-of-security_compute_create-.patch | 45 +++ systemd.spec | 19 ++ 20 files changed, 1394 insertions(+), 8 deletions(-) create mode 100644 0002-core-fix-indenting-in-dump-output.patch create mode 100644 0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch create mode 100644 0004-networkd-rework-idle-detection-logic-of-networkd.patch create mode 100644 0005-core-fix-assertion-check.patch create mode 100644 0006-udev-fix-cg_unified-return-code-checking.patch create mode 100644 0007-core-revert-core-resolve-specifier-in-config_parse_e.patch create mode 100644 0008-activate-fix-E-option-parsing.patch create mode 100644 0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch create mode 100644 0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch create mode 100644 0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch create mode 100644 0012-networkd-tunnel-fix-tunnel-address.patch create mode 100644 0013-calendarspec-fix-find_next-skipping-times.patch create mode 100644 0014-core-exclude-.slice-units-from-systemctl-isolate.patch create mode 100644 0015-shorten-hostname-before-checking-for-trailing-dot.patch create mode 100644 0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch create mode 100644 0017-resolved-fix-notification-iteration-logic-when-trans.patch create mode 100644 0018-selinux-always-try-to-load-the-full-selinux-db.patch create mode 100644 0019-selinux-use-raw-variants-of-security_compute_create-.patch diff --git a/0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch b/0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch index 2439083..2b8fe9b 100644 --- a/0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch +++ b/0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch @@ -1,19 +1,17 @@ -From 2ed3d130986501e1db27d57be424d5fd82755ca5 Mon Sep 17 00:00:00 2001 +From d15dd311752fcafa92d2e6a00c582020dc0f6ac3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 12 Feb 2016 21:29:01 +0100 Subject: [PATCH] time-util: map ALARM clockids to non-ALARM clockids in now() Fixes: #2597 (cherry picked from commit 32c1f5a57998f2a9e1992af006b83e39e3155830) - -Resolves: #1310800 --- src/basic/time-util.c | 24 ++++++++++++++++++++++-- src/libsystemd/sd-event/sd-event.c | 6 +++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 3973850..510f018 100644 +index 3973850b44..510f018d9b 100644 --- a/src/basic/time-util.c +++ b/src/basic/time-util.c @@ -42,10 +42,30 @@ @@ -58,7 +56,7 @@ index 3973850..510f018 100644 return timespec_load_nsec(&ts); } diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index deef6ba..2b46a1f 100644 +index deef6ba9d3..2b46a1ff06 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -2780,9 +2780,13 @@ _public_ int sd_event_now(sd_event *e, clockid_t clock, uint64_t *usec) { @@ -76,6 +74,3 @@ index deef6ba..2b46a1f 100644 } return 0; --- -2.5.0 - diff --git a/0002-core-fix-indenting-in-dump-output.patch b/0002-core-fix-indenting-in-dump-output.patch new file mode 100644 index 0000000..42070f4 --- /dev/null +++ b/0002-core-fix-indenting-in-dump-output.patch @@ -0,0 +1,24 @@ +From 3e1d3577dd20a49d6eb5007c65b4efb7862df903 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 12 Feb 2016 21:33:39 +0100 +Subject: [PATCH] core: fix indenting in dump output + +Fixes: #2593 +(cherry picked from commit b895d15511526b7046c8c51e6689684144a63ae0) +--- + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index d39e3dcaeb..3c4f85e744 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -888,7 +888,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + "%s\tInstance: %s\n" + "%s\tUnit Load State: %s\n" + "%s\tUnit Active State: %s\n" +- "%s\nState Change Timestamp: %s\n" ++ "%s\tState Change Timestamp: %s\n" + "%s\tInactive Exit Timestamp: %s\n" + "%s\tActive Enter Timestamp: %s\n" + "%s\tActive Exit Timestamp: %s\n" diff --git a/0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch b/0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch new file mode 100644 index 0000000..b2aec3f --- /dev/null +++ b/0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch @@ -0,0 +1,238 @@ +From 66a35872a2429a095f8cdfd5b00f94d0b28daa0f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 15 Feb 2016 22:50:01 +0100 +Subject: [PATCH] networkd: FIONREAD is not reliable on some sockets + +Fixes: #2457 +(cherry picked from commit 4edc2c9b6b5b921873eb82e58719ed4d9e0d69bf) +--- + src/basic/socket-util.c | 34 ++++++++++++++++++++++++++++++++ + src/basic/socket-util.h | 2 ++ + src/libsystemd-network/sd-dhcp-client.c | 23 +++++++++------------ + src/libsystemd-network/sd-dhcp-server.c | 9 ++++----- + src/libsystemd-network/sd-dhcp6-client.c | 13 ++++++------ + src/libsystemd-network/sd-ndisc.c | 13 +++++------- + src/resolve/resolved-manager.c | 10 ++++------ + 7 files changed, 64 insertions(+), 40 deletions(-) + +diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c +index 49e5f5b125..58512686e3 100644 +--- a/src/basic/socket-util.c ++++ b/src/basic/socket-util.c +@@ -936,3 +936,37 @@ int receive_one_fd(int transport_fd, int flags) { + + return *(int*) CMSG_DATA(found); + } ++ ++ssize_t next_datagram_size_fd(int fd) { ++ ssize_t l; ++ int k; ++ ++ /* This is a bit like FIONREAD/SIOCINQ, however a bit more powerful. The difference being: recv(MSG_PEEK) will ++ * actually cause the next datagram in the queue to be validated regarding checksums, which FIONREAD dosn't ++ * do. This difference is actually of major importance as we need to be sure that the size returned here ++ * actually matches what we will read with recvmsg() next, as otherwise we might end up allocating a buffer of ++ * the wrong size. */ ++ ++ l = recv(fd, NULL, 0, MSG_PEEK|MSG_TRUNC); ++ if (l < 0) { ++ if (errno == EOPNOTSUPP) ++ goto fallback; ++ ++ return -errno; ++ } ++ if (l == 0) ++ goto fallback; ++ ++ return l; ++ ++fallback: ++ k = 0; ++ ++ /* Some sockets (AF_PACKET) do not support null-sized recv() with MSG_TRUNC set, let's fall back to FIONREAD ++ * for them. Checksums don't matter for raw sockets anyway, hence this should be fine. */ ++ ++ if (ioctl(fd, FIONREAD, &k) < 0) ++ return -errno; ++ ++ return (ssize_t) k; ++} +diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h +index 92edc1dc22..d17a2f35f8 100644 +--- a/src/basic/socket-util.h ++++ b/src/basic/socket-util.h +@@ -133,5 +133,7 @@ int send_one_fd_sa(int transport_fd, + #define send_one_fd(transport_fd, fd, flags) send_one_fd_sa(transport_fd, fd, NULL, 0, flags) + int receive_one_fd(int transport_fd, int flags); + ++ssize_t next_datagram_size_fd(int fd); ++ + #define CMSG_FOREACH(cmsg, mh) \ + for ((cmsg) = CMSG_FIRSTHDR(mh); (cmsg); (cmsg) = CMSG_NXTHDR((mh), (cmsg))) +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index cad1a52c09..729ef880ce 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -1525,20 +1525,17 @@ static int client_receive_message_udp(sd_event_source *s, int fd, + uint32_t revents, void *userdata) { + sd_dhcp_client *client = userdata; + _cleanup_free_ DHCPMessage *message = NULL; +- int buflen = 0, len, r; + const struct ether_addr zero_mac = { { 0, 0, 0, 0, 0, 0 } }; + const struct ether_addr *expected_chaddr = NULL; + uint8_t expected_hlen = 0; ++ ssize_t len, buflen; + + assert(s); + assert(client); + +- r = ioctl(fd, FIONREAD, &buflen); +- if (r < 0) +- return -errno; +- else if (buflen < 0) +- /* this can't be right */ +- return -EIO; ++ buflen = next_datagram_size_fd(fd); ++ if (buflen < 0) ++ return buflen; + + message = malloc0(buflen); + if (!message) +@@ -1616,17 +1613,15 @@ static int client_receive_message_raw(sd_event_source *s, int fd, + }; + struct cmsghdr *cmsg; + bool checksum = true; +- int buflen = 0, len, r; ++ ssize_t buflen, len; ++ int r; + + assert(s); + assert(client); + +- r = ioctl(fd, FIONREAD, &buflen); +- if (r < 0) +- return -errno; +- else if (buflen < 0) +- /* this can't be right */ +- return -EIO; ++ buflen = next_datagram_size_fd(fd); ++ if (buflen < 0) ++ return buflen; + + packet = malloc0(buflen); + if (!packet) +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index ad3a37b722..54ff1a3f28 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c ++++ b/src/libsystemd-network/sd-dhcp-server.c +@@ -955,14 +955,13 @@ static int server_receive_message(sd_event_source *s, int fd, + .msg_controllen = sizeof(cmsgbuf), + }; + struct cmsghdr *cmsg; +- int buflen = 0, len; ++ ssize_t buflen, len; + + assert(server); + +- if (ioctl(fd, FIONREAD, &buflen) < 0) +- return -errno; +- else if (buflen < 0) +- return -EIO; ++ buflen = next_datagram_size_fd(fd); ++ if (buflen < 0) ++ return buflen; + + message = malloc(buflen); + if (!message) +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index 5b6b9cbcac..7d56d4cc60 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -33,6 +33,7 @@ + #include "in-addr-util.h" + #include "network-internal.h" + #include "random-util.h" ++#include "socket-util.h" + #include "string-table.h" + #include "util.h" + +@@ -891,18 +892,16 @@ static int client_receive_message(sd_event_source *s, int fd, uint32_t revents, + sd_dhcp6_client *client = userdata; + DHCP6_CLIENT_DONT_DESTROY(client); + _cleanup_free_ DHCP6Message *message = NULL; +- int r, buflen, len; ++ ssize_t buflen, len; ++ int r = 0; + + assert(s); + assert(client); + assert(client->event); + +- r = ioctl(fd, FIONREAD, &buflen); +- if (r < 0) +- return -errno; +- else if (buflen < 0) +- /* This really should not happen */ +- return -EIO; ++ buflen = next_datagram_size_fd(fd); ++ if (buflen < 0) ++ return buflen; + + message = malloc(buflen); + if (!message) +diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c +index 519d2aa36b..bae6a49fe6 100644 +--- a/src/libsystemd-network/sd-ndisc.c ++++ b/src/libsystemd-network/sd-ndisc.c +@@ -491,19 +491,16 @@ static int ndisc_router_advertisment_recv(sd_event_source *s, int fd, uint32_t r + struct cmsghdr *cmsg; + struct in6_addr *gw; + unsigned lifetime; +- ssize_t len; +- int r, pref, stateful, buflen = 0; ++ ssize_t len, buflen; ++ int r, pref, stateful; + + assert(s); + assert(nd); + assert(nd->event); + +- r = ioctl(fd, FIONREAD, &buflen); +- if (r < 0) +- return -errno; +- else if (buflen < 0) +- /* This really should not happen */ +- return -EIO; ++ buflen = next_datagram_size_fd(fd); ++ if (buflen < 0) ++ return buflen; + + iov.iov_len = buflen; + +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index bf5efe4cfa..7f9073448a 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -617,18 +617,16 @@ int manager_recv(Manager *m, int fd, DnsProtocol protocol, DnsPacket **ret) { + struct msghdr mh = {}; + struct cmsghdr *cmsg; + struct iovec iov; +- int ms = 0, r; +- ssize_t l; ++ ssize_t ms, l; ++ int r; + + assert(m); + assert(fd >= 0); + assert(ret); + +- r = ioctl(fd, FIONREAD, &ms); +- if (r < 0) +- return -errno; ++ ms = next_datagram_size_fd(fd); + if (ms < 0) +- return -EIO; ++ return ms; + + r = dns_packet_new(&p, protocol, ms); + if (r < 0) diff --git a/0004-networkd-rework-idle-detection-logic-of-networkd.patch b/0004-networkd-rework-idle-detection-logic-of-networkd.patch new file mode 100644 index 0000000..698c2f0 --- /dev/null +++ b/0004-networkd-rework-idle-detection-logic-of-networkd.patch @@ -0,0 +1,55 @@ +From 1b8cc9fb6cac9d5882ab33b79f880d03d1859efb Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 15 Feb 2016 19:11:18 +0100 +Subject: [PATCH] networkd: rework idle detection logic of networkd + +This patch makes networkd stay around as long as there is more than just a +loopback interface around, or the loopback device isn't fully probed yet, or +the loopback device has a .network file attached. + +In essence, this means networkd stays around now continously as it should, +unless it is running in some (container?) environment that really has no +interface except a loopback device. + +Fixes #2577. + +(cherry picked from commit 9dc907f9c93636cb63ca90300fa3b8c03812701f) +--- + src/network/networkd-manager.c | 19 ++++++++----------- + 1 file changed, 8 insertions(+), 11 deletions(-) + +diff --git a/src/network/networkd-manager.c b/src/network/networkd-manager.c +index b527191a5a..b8cb7f875d 100644 +--- a/src/network/networkd-manager.c ++++ b/src/network/networkd-manager.c +@@ -1091,22 +1091,19 @@ static bool manager_check_idle(void *userdata) { + + assert(m); + ++ /* Check whether we are idle now. The only case when we decide to be idle is when there's only a loopback ++ * device around, for which we have no configuration, and which already left the PENDING state. In all other ++ * cases we are not idle. */ ++ + HASHMAP_FOREACH(link, m->links, i) { +- /* we are not woken on udev activity, so let's just wait for the +- * pending udev event */ ++ /* We are not woken on udev activity, so let's just wait for the pending udev event */ + if (link->state == LINK_STATE_PENDING) + return false; + +- if (!link->network) +- continue; ++ if ((link->flags & IFF_LOOPBACK) == 0) ++ return false; + +- /* we are not woken on netork activity, so let's stay around */ +- if (link_lldp_enabled(link) || +- link_ipv4ll_enabled(link) || +- link_dhcp4_server_enabled(link) || +- link_dhcp4_enabled(link) || +- link_dhcp6_enabled(link) || +- link_ipv6_accept_ra_enabled(link)) ++ if (link->network) + return false; + } + diff --git a/0005-core-fix-assertion-check.patch b/0005-core-fix-assertion-check.patch new file mode 100644 index 0000000..588751e --- /dev/null +++ b/0005-core-fix-assertion-check.patch @@ -0,0 +1,24 @@ +From 84494c062524f39771cc9363597daa29d5d041b6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 16 Feb 2016 13:18:36 +0100 +Subject: [PATCH] core: fix assertion check + +Fixes: #2632 +(cherry picked from commit 3f51aec8647fe13f4b1e46b2f75ff635403adf91) +--- + src/core/timer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index 6f3e6a8db3..3d0bae16e5 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -334,7 +334,7 @@ static void add_random(Timer *t, usec_t *v) { + usec_t add; + + assert(t); +- assert(*v); ++ assert(v); + + if (t->random_usec == 0) + return; diff --git a/0006-udev-fix-cg_unified-return-code-checking.patch b/0006-udev-fix-cg_unified-return-code-checking.patch new file mode 100644 index 0000000..1153630 --- /dev/null +++ b/0006-udev-fix-cg_unified-return-code-checking.patch @@ -0,0 +1,26 @@ +From 19bc96f7cdda48ca331d5cb0060d3a7eaad59a16 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 16 Feb 2016 14:03:47 +0100 +Subject: [PATCH] udev: fix cg_unified() return code checking + +Fixes fall-out from 8b3aa503c171acdb9ec63484a8c50e2680d31e79. + +Fixes: #2635 +(cherry picked from commit 6d2353394fc33e923d1ab464c8f88df2a5105ffb) +--- + src/udev/udevd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index 2c1c4a967b..bb92f16352 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -1715,7 +1715,7 @@ int main(int argc, char *argv[]) { + by PID1. otherwise we are not guaranteed to have a dedicated cgroup */ + r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup); + if (r < 0) { +- if (r == -ENOENT || r == -ENOEXEC) ++ if (r == -ENOENT || r == -ENOMEDIUM) + log_debug_errno(r, "did not find dedicated cgroup: %m"); + else + log_warning_errno(r, "failed to get cgroup: %m"); diff --git a/0007-core-revert-core-resolve-specifier-in-config_parse_e.patch b/0007-core-revert-core-resolve-specifier-in-config_parse_e.patch new file mode 100644 index 0000000..a9c1c78 --- /dev/null +++ b/0007-core-revert-core-resolve-specifier-in-config_parse_e.patch @@ -0,0 +1,54 @@ +From 31acc428d9bfa04582ca7c5ec3580ef2b7aed172 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin +Date: Wed, 17 Feb 2016 22:32:36 +0000 +Subject: [PATCH] core: revert "core: resolve specifier in config_parse_exec()" + +This reverts commit cb48dfca6a8bc15d9081651001a16bf51e03838a. + +Exec*-settings resolve specifiers twice: +%%U -> config_parse_exec [cb48dfca6a8] -> %U -> service_spawn -> 0 + +Fixes #2637 + +(cherry picked from commit bd1b973fb326e9b7587494fd6108e5ded46e9163) +--- + src/core/load-fragment.c | 11 +---------- + 1 file changed, 1 insertion(+), 10 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index b3dec7b8cc..8804b3ac41 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -574,9 +574,7 @@ int config_parse_exec( + void *data, + void *userdata) { + +- _cleanup_free_ char *cmd = NULL; + ExecCommand **e = data; +- Unit *u = userdata; + const char *p; + bool semicolon; + int r; +@@ -585,7 +583,6 @@ int config_parse_exec( + assert(lvalue); + assert(rvalue); + assert(e); +- assert(u); + + e += ltype; + rvalue += strspn(rvalue, WHITESPACE); +@@ -596,13 +593,7 @@ int config_parse_exec( + return 0; + } + +- r = unit_full_printf(u, rvalue, &cmd); +- if (r < 0) { +- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to resolve unit specifiers on %s, ignoring: %m", rvalue); +- return 0; +- } +- +- p = cmd; ++ p = rvalue; + do { + _cleanup_free_ char *path = NULL, *firstword = NULL; + bool separate_argv0 = false, ignore = false; diff --git a/0008-activate-fix-E-option-parsing.patch b/0008-activate-fix-E-option-parsing.patch new file mode 100644 index 0000000..cba8b41 --- /dev/null +++ b/0008-activate-fix-E-option-parsing.patch @@ -0,0 +1,25 @@ +From 3ea302d20b1c60f469ed7315611d002a0d88f57d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 18 Feb 2016 21:54:31 -0500 +Subject: [PATCH] activate: fix -E option parsing + +Fixes #2658. + +(cherry picked from commit b722348d050aa2754cd9f903e8c3ce810c616b06) +--- + src/activate/activate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/activate/activate.c b/src/activate/activate.c +index 0db4967edb..4b3d0e5371 100644 +--- a/src/activate/activate.c ++++ b/src/activate/activate.c +@@ -379,7 +379,7 @@ static int parse_argv(int argc, char *argv[]) { + assert(argc >= 0); + assert(argv); + +- while ((c = getopt_long(argc, argv, "+hl:aEd", options, NULL)) >= 0) ++ while ((c = getopt_long(argc, argv, "+hl:aE:d", options, NULL)) >= 0) + switch(c) { + case 'h': + help(); diff --git a/0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch b/0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch new file mode 100644 index 0000000..6888c9f --- /dev/null +++ b/0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch @@ -0,0 +1,30 @@ +From 328e8daf82c4e82ebcd06ae87bb825d5060cb94b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 18 Feb 2016 17:33:10 -0500 +Subject: [PATCH] basic/strbuf: do not call bsearch with a null argument + +Das ist verboten! + +src/basic/strbuf.c:162:23: runtime error: null pointer passed as argument 2, + which is declared to never be null + +(cherry picked from commit 82501b3fc40dae2660a86ab07462f33fe26347ad) +--- + src/basic/strbuf.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/basic/strbuf.c b/src/basic/strbuf.c +index 77220c0251..dac2881603 100644 +--- a/src/basic/strbuf.c ++++ b/src/basic/strbuf.c +@@ -156,6 +156,10 @@ ssize_t strbuf_add_string(struct strbuf *str, const char *s, size_t len) { + return off; + } + ++ /* bsearch is not allowed on a NULL sequence */ ++ if (node->children_count == 0) ++ break; ++ + /* lookup child node */ + c = s[len - 1 - depth]; + search.c = c; diff --git a/0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch b/0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch new file mode 100644 index 0000000..5c3442e --- /dev/null +++ b/0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch @@ -0,0 +1,30 @@ +From 28c6938992e05238fa077ff820015bb37e1ecae6 Mon Sep 17 00:00:00 2001 +From: Hendrik Brueckner +Date: Fri, 19 Feb 2016 15:21:18 +0100 +Subject: [PATCH] udev/path_id: correct segmentation fault due to missing NULL + check + +Running "udevadm test-builtin path_id /sys/devices/platform/" results +in a segmentation fault. + +The problem is that udev_device_get_subsystem(dev) might return NULL +in a streq() call. Solve this problem by using streq_ptr() instead. + +(cherry picked from commit 5181ab917d6407cb57043e98955f0de1614366ea) +--- + src/udev/udev-builtin-path_id.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c +index b6ed45d8ba..6e9adc6e96 100644 +--- a/src/udev/udev-builtin-path_id.c ++++ b/src/udev/udev-builtin-path_id.c +@@ -712,7 +712,7 @@ static int builtin_path_id(struct udev_device *dev, int argc, char *argv[], bool + * devices do not expose their buses and do not provide a unique + * and predictable name that way. + */ +- if (streq(udev_device_get_subsystem(dev), "block") && !supported_transport) ++ if (streq_ptr(udev_device_get_subsystem(dev), "block") && !supported_transport) + path = mfree(path); + + if (path != NULL) { diff --git a/0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch b/0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch new file mode 100644 index 0000000..95ac776 --- /dev/null +++ b/0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch @@ -0,0 +1,27 @@ +From 319dadd4b39ed03271848ca649e4d76de0fbf8ff Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sun, 21 Feb 2016 22:27:01 +0100 +Subject: [PATCH] networkd: make sure we allocate the NTA set before we add + items to it + +See: #2683 +(cherry picked from commit cbbf38aefc7a3d18d68f0d8fffb6b59d77948690) +--- + src/network/networkd-network.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 4315790093..54f76fe206 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -994,6 +994,10 @@ int config_parse_dnssec_negative_trust_anchors( + continue; + } + ++ r = set_ensure_allocated(&n->dnssec_negative_trust_anchors, &dns_name_hash_ops); ++ if (r < 0) ++ return log_oom(); ++ + r = set_put(n->dnssec_negative_trust_anchors, w); + if (r < 0) + return log_oom(); diff --git a/0012-networkd-tunnel-fix-tunnel-address.patch b/0012-networkd-tunnel-fix-tunnel-address.patch new file mode 100644 index 0000000..69fdb9f --- /dev/null +++ b/0012-networkd-tunnel-fix-tunnel-address.patch @@ -0,0 +1,70 @@ +From f432f7f9037833d77e6e0d16c275b950e1cd8e03 Mon Sep 17 00:00:00 2001 +From: Susant Sahani +Date: Sat, 20 Feb 2016 18:03:31 +0530 +Subject: [PATCH] networkd: tunnel fix tunnel address + +this fixes 2655 + +(cherry picked from commit 07dcb085893a2fe212b7e158028725876d2ab98f) +--- + src/network/networkd-netdev-tunnel.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c +index 46ff2974f4..7aaa041ba3 100644 +--- a/src/network/networkd-netdev-tunnel.c ++++ b/src/network/networkd-netdev-tunnel.c +@@ -54,7 +54,7 @@ static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlin + assert(link); + assert(m); + assert(t); +- assert(t->family == AF_INET || t->family != -1); ++ assert(IN_SET(t->family, AF_INET, AF_UNSPEC)); + + r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex); + if (r < 0) +@@ -87,7 +87,7 @@ static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink + assert(link); + assert(m); + assert(t); +- assert(t->family == AF_INET || t->family != -1); ++ assert(IN_SET(t->family, AF_INET, AF_UNSPEC)); + + r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex); + if (r < 0) +@@ -124,7 +124,7 @@ static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink + t = GRETAP(netdev); + + assert(t); +- assert(t->family == AF_INET || t->family != -1); ++ assert(IN_SET(t->family, AF_INET, AF_UNSPEC)); + assert(link); + assert(m); + +@@ -497,7 +497,7 @@ static void ipip_init(NetDev *n) { + assert(t); + + t->pmtudisc = true; +- t->family = -1; ++ t->family = AF_UNSPEC; + } + + static void sit_init(NetDev *n) { +@@ -507,7 +507,7 @@ static void sit_init(NetDev *n) { + assert(t); + + t->pmtudisc = true; +- t->family = -1; ++ t->family = AF_UNSPEC; + } + + static void vti_init(NetDev *n) { +@@ -538,7 +538,7 @@ static void gre_init(NetDev *n) { + assert(t); + + t->pmtudisc = true; +- t->family = -1; ++ t->family = AF_UNSPEC; + } + + static void ip6gre_init(NetDev *n) { diff --git a/0013-calendarspec-fix-find_next-skipping-times.patch b/0013-calendarspec-fix-find_next-skipping-times.patch new file mode 100644 index 0000000..18ba97f --- /dev/null +++ b/0013-calendarspec-fix-find_next-skipping-times.patch @@ -0,0 +1,47 @@ +From 182b69ec5eade7b2accc09d58128b6d286067299 Mon Sep 17 00:00:00 2001 +From: Hristo Venev +Date: Mon, 22 Feb 2016 08:02:48 -0500 +Subject: [PATCH] calendarspec: fix find_next skipping times + +reset usec when bumping hours/minutes + +(cherry picked from commit a022d76e6a7c711954be5535e6308d0a470e232a) +--- + src/basic/calendarspec.c | 4 ++-- + src/test/test-calendarspec.c | 1 + + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/basic/calendarspec.c b/src/basic/calendarspec.c +index 775879076d..ac7b7c4c87 100644 +--- a/src/basic/calendarspec.c ++++ b/src/basic/calendarspec.c +@@ -1027,7 +1027,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { + + r = find_matching_component(spec->hour, &c.tm_hour); + if (r > 0) +- c.tm_min = c.tm_sec = 0; ++ c.tm_min = c.tm_sec = tm_usec = 0; + if (r < 0 || tm_out_of_bounds(&c, spec->utc)) { + c.tm_mday ++; + c.tm_hour = c.tm_min = c.tm_sec = tm_usec = 0; +@@ -1036,7 +1036,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) { + + r = find_matching_component(spec->minute, &c.tm_min); + if (r > 0) +- c.tm_sec = 0; ++ c.tm_sec = tm_usec = 0; + if (r < 0 || tm_out_of_bounds(&c, spec->utc)) { + c.tm_hour ++; + c.tm_min = c.tm_sec = tm_usec = 0; +diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c +index 8754cb3381..5a8c6cbfb6 100644 +--- a/src/test/test-calendarspec.c ++++ b/src/test/test-calendarspec.c +@@ -137,6 +137,7 @@ int main(int argc, char* argv[]) { + test_next("2015-11-13 09:11:23.42", "EET", 12345, 1447398683420000); + test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683420000, 1447398685190000); + test_next("2015-11-13 09:11:23.42/1.77", "EET", 1447398683419999, 1447398683420000); ++ test_next("Sun 16:00:00", "CET", 1456041600123456, 1456066800000000); + + assert_se(calendar_spec_from_string("test", &c) < 0); + assert_se(calendar_spec_from_string("", &c) < 0); diff --git a/0014-core-exclude-.slice-units-from-systemctl-isolate.patch b/0014-core-exclude-.slice-units-from-systemctl-isolate.patch new file mode 100644 index 0000000..5dee7f0 --- /dev/null +++ b/0014-core-exclude-.slice-units-from-systemctl-isolate.patch @@ -0,0 +1,52 @@ +From 3d08427e07af2419f542c3786db2e78f0ed7c282 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 18 Feb 2016 22:51:23 +0100 +Subject: [PATCH] core: exclude .slice units from "systemctl isolate" + +Fixes: #1969 +(cherry picked from commit 1b4cd0cf11feb7d41f2eff17f86fa55b31bb6841) +--- + src/core/scope.c | 3 +-- + src/core/slice.c | 8 ++++++++ + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/core/scope.c b/src/core/scope.c +index c5d0ecef04..361695c3f9 100644 +--- a/src/core/scope.c ++++ b/src/core/scope.c +@@ -50,8 +50,7 @@ static void scope_init(Unit *u) { + assert(u->load_state == UNIT_STUB); + + s->timeout_stop_usec = u->manager->default_timeout_stop_usec; +- +- UNIT(s)->ignore_on_isolate = true; ++ u->ignore_on_isolate = true; + } + + static void scope_done(Unit *u) { +diff --git a/src/core/slice.c b/src/core/slice.c +index d65364c6f4..667f61bde5 100644 +--- a/src/core/slice.c ++++ b/src/core/slice.c +@@ -34,6 +34,13 @@ static const UnitActiveState state_translation_table[_SLICE_STATE_MAX] = { + [SLICE_ACTIVE] = UNIT_ACTIVE + }; + ++static void slice_init(Unit *u) { ++ assert(u); ++ assert(u->load_state == UNIT_STUB); ++ ++ u->ignore_on_isolate = true; ++} ++ + static void slice_set_state(Slice *t, SliceState state) { + SliceState old_state; + assert(t); +@@ -305,6 +312,7 @@ const UnitVTable slice_vtable = { + .no_instances = true, + .can_transient = true, + ++ .init = slice_init, + .load = slice_load, + + .coldplug = slice_coldplug, diff --git a/0015-shorten-hostname-before-checking-for-trailing-dot.patch b/0015-shorten-hostname-before-checking-for-trailing-dot.patch new file mode 100644 index 0000000..9298bc4 --- /dev/null +++ b/0015-shorten-hostname-before-checking-for-trailing-dot.patch @@ -0,0 +1,35 @@ +From 414c46af13efbb4b0eeb0c7d429e1941742f120e Mon Sep 17 00:00:00 2001 +From: Thomas Blume +Date: Mon, 29 Feb 2016 10:19:01 +0100 +Subject: [PATCH] shorten hostname before checking for trailing dot + +Shortening can lead to a hostname that has a trailing dot. +Therefore it should be done before checking from trailing dots. + +(cherry picked from commit 46e1a2278116e2f5067c35127ccbd8589335f734) +--- + src/basic/hostname-util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c +index 7bb23448ed..123cee3125 100644 +--- a/src/basic/hostname-util.c ++++ b/src/basic/hostname-util.c +@@ -122,6 +122,8 @@ char* hostname_cleanup(char *s) { + + assert(s); + ++ strshorten(s, HOST_NAME_MAX); ++ + for (p = s, d = s, dot = true; *p; p++) { + if (*p == '.') { + if (dot) +@@ -141,8 +143,6 @@ char* hostname_cleanup(char *s) { + else + *d = 0; + +- strshorten(s, HOST_NAME_MAX); +- + return s; + } + diff --git a/0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch b/0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch new file mode 100644 index 0000000..4c811ee --- /dev/null +++ b/0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch @@ -0,0 +1,81 @@ +From 270eaf14c4905a9635bd1d009cb1565cd4f3626f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 22 Feb 2016 18:40:28 +0100 +Subject: [PATCH] hashmap: use void* and uint8_t* for generic pointers + +As suggested by CODING_STYLE we should use "void*" as type for generic memory, +and uint8_t* for generic bytes. Hence use that instead of "char*", which should +really be used only for strings these days. + +(cherry picked from commit 1a39bc8c650802630696c38e510a4a2a4c6bda92) +--- + src/basic/hashmap.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c +index 6f1a049d47..85b8d812b3 100644 +--- a/src/basic/hashmap.c ++++ b/src/basic/hashmap.c +@@ -176,7 +176,7 @@ enum HashmapType { + }; + + struct _packed_ indirect_storage { +- char *storage; /* where buckets and DIBs are stored */ ++ void *storage; /* where buckets and DIBs are stored */ + uint8_t hash_key[HASH_KEY_SIZE]; /* hash key; changes during resize */ + + unsigned n_entries; /* number of stored entries */ +@@ -193,7 +193,7 @@ struct direct_storage { + /* This gives us 39 bytes on 64bit, or 35 bytes on 32bit. + * That's room for 4 set_entries + 4 DIB bytes + 3 unused bytes on 64bit, + * or 7 set_entries + 7 DIB bytes + 0 unused bytes on 32bit. */ +- char storage[sizeof(struct indirect_storage)]; ++ uint8_t storage[sizeof(struct indirect_storage)]; + }; + + #define DIRECT_BUCKETS(entry_t) \ +@@ -302,7 +302,7 @@ static void n_entries_dec(HashmapBase *h) { + h->n_direct_entries--; + } + +-static char *storage_ptr(HashmapBase *h) { ++static void *storage_ptr(HashmapBase *h) { + return h->has_indirect ? h->indirect.storage + : h->direct.storage; + } +@@ -347,7 +347,7 @@ static void get_hash_key(uint8_t hash_key[HASH_KEY_SIZE], bool reuse_is_ok) { + + static struct hashmap_base_entry *bucket_at(HashmapBase *h, unsigned idx) { + return (struct hashmap_base_entry*) +- (storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size); ++ ((uint8_t*) storage_ptr(h) + idx * hashmap_type_info[h->type].entry_size); + } + + static struct plain_hashmap_entry *plain_bucket_at(Hashmap *h, unsigned idx) { +@@ -381,7 +381,7 @@ static struct hashmap_base_entry *bucket_at_virtual(HashmapBase *h, struct swap_ + + static dib_raw_t *dib_raw_ptr(HashmapBase *h) { + return (dib_raw_t*) +- (storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h)); ++ ((uint8_t*) storage_ptr(h) + hashmap_type_info[h->type].entry_size * n_buckets(h)); + } + + static unsigned bucket_distance(HashmapBase *h, unsigned idx, unsigned from) { +@@ -1028,7 +1028,7 @@ static int hashmap_base_put_boldly(HashmapBase *h, unsigned idx, + */ + static int resize_buckets(HashmapBase *h, unsigned entries_add) { + struct swap_entries swap; +- char *new_storage; ++ void *new_storage; + dib_raw_t *old_dibs, *new_dibs; + const struct hashmap_type_info *hi; + unsigned idx, optimal_idx; +@@ -1095,7 +1095,7 @@ static int resize_buckets(HashmapBase *h, unsigned entries_add) { + h->indirect.n_buckets = (1U << new_shift) / + (hi->entry_size + sizeof(dib_raw_t)); + +- old_dibs = (dib_raw_t*)(new_storage + hi->entry_size * old_n_buckets); ++ old_dibs = (dib_raw_t*)((uint8_t*) new_storage + hi->entry_size * old_n_buckets); + new_dibs = dib_raw_ptr(h); + + /* diff --git a/0017-resolved-fix-notification-iteration-logic-when-trans.patch b/0017-resolved-fix-notification-iteration-logic-when-trans.patch new file mode 100644 index 0000000..c4e627c --- /dev/null +++ b/0017-resolved-fix-notification-iteration-logic-when-trans.patch @@ -0,0 +1,260 @@ +From 61596a9aac5f0d4cef3845b04d61f2dad4aa0814 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 22 Feb 2016 20:39:45 +0100 +Subject: [PATCH] resolved: fix notification iteration logic when transactions + are completed + +When a transaction is complete, and we notify its owners, make sure we deal +correctly with the requesters removing themselves from the list of owners while +we continue iterating. + +This was previously already dealt with with transactions that require other +transactions for DNSSEC purposes, fix this for other possibly transaction +owners too now. + +Since iterating through "Set" objects is not safe regarding removal of entries +from it, rework the logic to use two Sets, and move each entry we notified from +one set to the other set before we dispatch the notification. This move operation +requires no additional memory, and enables us to ensure that we don't notify +any object twice. + +Fixes: #2676 +(cherry picked from commit 35aa04e9edf422beac3493afa555d29575b3046c) +--- + src/basic/macro.h | 6 ++++ + src/basic/set.h | 3 ++ + src/resolve/resolved-dns-query.c | 5 +++ + src/resolve/resolved-dns-transaction.c | 62 ++++++++++++++++------------------ + src/resolve/resolved-dns-transaction.h | 6 ++-- + src/resolve/resolved-dns-zone.c | 5 +++ + 6 files changed, 52 insertions(+), 35 deletions(-) + +diff --git a/src/basic/macro.h b/src/basic/macro.h +index 2695d0edb7..ab5cc97e17 100644 +--- a/src/basic/macro.h ++++ b/src/basic/macro.h +@@ -361,6 +361,12 @@ static inline unsigned long ALIGN_POWER2(unsigned long u) { + _found; \ + }) + ++#define SWAP_TWO(x, y) do { \ ++ typeof(x) _t = (x); \ ++ (x) = (y); \ ++ (y) = (_t); \ ++ } while (false) ++ + /* Define C11 thread_local attribute even on older gcc compiler + * version */ + #ifndef thread_local +diff --git a/src/basic/set.h b/src/basic/set.h +index 2bff5062da..e0d9dd001c 100644 +--- a/src/basic/set.h ++++ b/src/basic/set.h +@@ -126,6 +126,9 @@ int set_put_strdupv(Set *s, char **l); + #define SET_FOREACH(e, s, i) \ + for ((i) = ITERATOR_FIRST; set_iterate((s), &(i), (void**)&(e)); ) + ++#define SET_FOREACH_MOVE(e, d, s) \ ++ for (; ({ e = set_first(s); assert_se(!e || set_move_one(d, s, e) >= 0); e; }); ) ++ + DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free); + DEFINE_TRIVIAL_CLEANUP_FUNC(Set*, set_free_free); + +diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c +index a378b2b7f7..2a02544eb6 100644 +--- a/src/resolve/resolved-dns-query.c ++++ b/src/resolve/resolved-dns-query.c +@@ -62,6 +62,7 @@ static void dns_query_candidate_stop(DnsQueryCandidate *c) { + + while ((t = set_steal_first(c->transactions))) { + set_remove(t->notify_query_candidates, c); ++ set_remove(t->notify_query_candidates_done, c); + dns_transaction_gc(t); + } + } +@@ -139,6 +140,10 @@ static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResource + if (r < 0) + goto gc; + ++ r = set_ensure_allocated(&t->notify_query_candidates_done, NULL); ++ if (r < 0) ++ goto gc; ++ + r = set_put(t->notify_query_candidates, c); + if (r < 0) + goto gc; +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index d48fdd1281..4f5cbab702 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -52,6 +52,7 @@ static void dns_transaction_flush_dnssec_transactions(DnsTransaction *t) { + + while ((z = set_steal_first(t->dnssec_transactions))) { + set_remove(z->notify_transactions, t); ++ set_remove(z->notify_transactions_done, t); + dns_transaction_gc(z); + } + } +@@ -100,14 +101,26 @@ DnsTransaction* dns_transaction_free(DnsTransaction *t) { + set_remove(c->transactions, t); + set_free(t->notify_query_candidates); + ++ while ((c = set_steal_first(t->notify_query_candidates_done))) ++ set_remove(c->transactions, t); ++ set_free(t->notify_query_candidates_done); ++ + while ((i = set_steal_first(t->notify_zone_items))) + i->probe_transaction = NULL; + set_free(t->notify_zone_items); + ++ while ((i = set_steal_first(t->notify_zone_items_done))) ++ i->probe_transaction = NULL; ++ set_free(t->notify_zone_items_done); ++ + while ((z = set_steal_first(t->notify_transactions))) + set_remove(z->dnssec_transactions, t); + set_free(t->notify_transactions); + ++ while ((z = set_steal_first(t->notify_transactions_done))) ++ set_remove(z->dnssec_transactions, t); ++ set_free(t->notify_transactions_done); ++ + dns_transaction_flush_dnssec_transactions(t); + set_free(t->dnssec_transactions); + +@@ -128,8 +141,11 @@ bool dns_transaction_gc(DnsTransaction *t) { + return true; + + if (set_isempty(t->notify_query_candidates) && ++ set_isempty(t->notify_query_candidates_done) && + set_isempty(t->notify_zone_items) && +- set_isempty(t->notify_transactions)) { ++ set_isempty(t->notify_zone_items_done) && ++ set_isempty(t->notify_transactions) && ++ set_isempty(t->notify_transactions_done)) { + dns_transaction_free(t); + return false; + } +@@ -266,6 +282,7 @@ static void dns_transaction_tentative(DnsTransaction *t, DnsPacket *p) { + log_debug("We have the lexicographically larger IP address and thus lost in the conflict."); + + t->block_gc++; ++ + while ((z = set_first(t->notify_zone_items))) { + /* First, make sure the zone item drops the reference + * to us */ +@@ -284,7 +301,6 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) { + DnsQueryCandidate *c; + DnsZoneItem *z; + DnsTransaction *d; +- Iterator i; + const char *st; + + assert(t); +@@ -329,39 +345,17 @@ void dns_transaction_complete(DnsTransaction *t, DnsTransactionState state) { + * transaction isn't freed while we are still looking at it */ + t->block_gc++; + +- SET_FOREACH(c, t->notify_query_candidates, i) ++ SET_FOREACH_MOVE(c, t->notify_query_candidates_done, t->notify_query_candidates) + dns_query_candidate_notify(c); +- SET_FOREACH(z, t->notify_zone_items, i) +- dns_zone_item_notify(z); ++ SWAP_TWO(t->notify_query_candidates, t->notify_query_candidates_done); + +- if (!set_isempty(t->notify_transactions)) { +- DnsTransaction **nt; +- unsigned j, n = 0; +- +- /* We need to be careful when notifying other +- * transactions, as that might destroy other +- * transactions in our list. Hence, in order to be +- * able to safely iterate through the list of +- * transactions, take a GC lock on all of them +- * first. Then, in a second loop, notify them, but +- * first unlock that specific transaction. */ +- +- nt = newa(DnsTransaction*, set_size(t->notify_transactions)); +- SET_FOREACH(d, t->notify_transactions, i) { +- nt[n++] = d; +- d->block_gc++; +- } +- +- assert(n == set_size(t->notify_transactions)); ++ SET_FOREACH_MOVE(z, t->notify_zone_items_done, t->notify_zone_items) ++ dns_zone_item_notify(z); ++ SWAP_TWO(t->notify_zone_items, t->notify_zone_items_done); + +- for (j = 0; j < n; j++) { +- if (set_contains(t->notify_transactions, nt[j])) +- dns_transaction_notify(nt[j], t); +- +- nt[j]->block_gc--; +- dns_transaction_gc(nt[j]); +- } +- } ++ SET_FOREACH_MOVE(d, t->notify_transactions_done, t->notify_transactions) ++ dns_transaction_notify(d, t); ++ SWAP_TWO(t->notify_transactions, t->notify_transactions_done); + + t->block_gc--; + dns_transaction_gc(t); +@@ -1619,6 +1613,10 @@ static int dns_transaction_add_dnssec_transaction(DnsTransaction *t, DnsResource + if (r < 0) + goto gc; + ++ r = set_ensure_allocated(&aux->notify_transactions_done, NULL); ++ if (r < 0) ++ goto gc; ++ + r = set_put(t->dnssec_transactions, aux); + if (r < 0) + goto gc; +diff --git a/src/resolve/resolved-dns-transaction.h b/src/resolve/resolved-dns-transaction.h +index 4617194711..fd0237d166 100644 +--- a/src/resolve/resolved-dns-transaction.h ++++ b/src/resolve/resolved-dns-transaction.h +@@ -119,17 +119,17 @@ struct DnsTransaction { + /* Query candidates this transaction is referenced by and that + * shall be notified about this specific transaction + * completing. */ +- Set *notify_query_candidates; ++ Set *notify_query_candidates, *notify_query_candidates_done; + + /* Zone items this transaction is referenced by and that shall + * be notified about completion. */ +- Set *notify_zone_items; ++ Set *notify_zone_items, *notify_zone_items_done; + + /* Other transactions that this transactions is referenced by + * and that shall be notified about completion. This is used + * when transactions want to validate their RRsets, but need + * another DNSKEY or DS RR to do so. */ +- Set *notify_transactions; ++ Set *notify_transactions, *notify_transactions_done; + + /* The opposite direction: the transactions this transaction + * created in order to request DNSKEY or DS RRs. */ +diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c +index f52383cfd1..be535cff14 100644 +--- a/src/resolve/resolved-dns-zone.c ++++ b/src/resolve/resolved-dns-zone.c +@@ -38,6 +38,7 @@ void dns_zone_item_probe_stop(DnsZoneItem *i) { + i->probe_transaction = NULL; + + set_remove(t->notify_zone_items, i); ++ set_remove(t->notify_zone_items_done, i); + dns_transaction_gc(t); + } + +@@ -186,6 +187,10 @@ static int dns_zone_item_probe_start(DnsZoneItem *i) { + if (r < 0) + goto gc; + ++ r = set_ensure_allocated(&t->notify_zone_items_done, NULL); ++ if (r < 0) ++ goto gc; ++ + r = set_put(t->notify_zone_items, i); + if (r < 0) + goto gc; diff --git a/0018-selinux-always-try-to-load-the-full-selinux-db.patch b/0018-selinux-always-try-to-load-the-full-selinux-db.patch new file mode 100644 index 0000000..dd82e1e --- /dev/null +++ b/0018-selinux-always-try-to-load-the-full-selinux-db.patch @@ -0,0 +1,249 @@ +From a4feb275ce859fb63e1153cb2eb16ed276f3a96f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 1 Mar 2016 20:35:55 -0500 +Subject: [PATCH] selinux: always try to load the full selinux db + +https://github.com/systemd/systemd/pull/2508#issuecomment-190901170 +Maybe fixes https://bugzilla.redhat.com/show_bug.cgi?id=1308771. + +(cherry picked from commit c3dacc8bbf2dc2f5d498072418289c3ba79160ac) +--- + src/basic/selinux-util.c | 16 ++++------------ + src/basic/selinux-util.h | 2 +- + src/core/main.c | 2 +- + src/hostname/hostnamed.c | 2 +- + src/locale/localed.c | 2 +- + src/login/logind.c | 2 +- + src/resolve/resolved.c | 2 +- + src/sysusers/sysusers.c | 2 +- + src/test/test-udev.c | 2 +- + src/timedate/timedated.c | 2 +- + src/tmpfiles/tmpfiles.c | 2 +- + src/udev/udevadm.c | 2 +- + src/udev/udevd.c | 2 +- + src/update-done/update-done.c | 2 +- + src/user-sessions/user-sessions.c | 2 +- + 15 files changed, 18 insertions(+), 26 deletions(-) + +diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c +index 6c63b9d652..71ceac1bcd 100644 +--- a/src/basic/selinux-util.c ++++ b/src/basic/selinux-util.c +@@ -80,31 +80,23 @@ void mac_selinux_retest(void) { + #endif + } + +-int mac_selinux_init(const char *prefix) { ++int mac_selinux_init(void) { + int r = 0; + + #ifdef HAVE_SELINUX + usec_t before_timestamp, after_timestamp; + struct mallinfo before_mallinfo, after_mallinfo; + +- if (!mac_selinux_use()) ++ if (label_hnd) + return 0; + +- if (label_hnd) ++ if (!mac_selinux_use()) + return 0; + + before_mallinfo = mallinfo(); + before_timestamp = now(CLOCK_MONOTONIC); + +- if (prefix) { +- struct selinux_opt options[] = { +- { .type = SELABEL_OPT_SUBSET, .value = prefix }, +- }; +- +- label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options)); +- } else +- label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); +- ++ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); + if (!label_hnd) { + log_enforcing("Failed to initialize SELinux context: %m"); + r = security_getenforce() == 1 ? -errno : 0; +diff --git a/src/basic/selinux-util.h b/src/basic/selinux-util.h +index 27e8edb41b..ce6bc8e44c 100644 +--- a/src/basic/selinux-util.h ++++ b/src/basic/selinux-util.h +@@ -29,7 +29,7 @@ bool mac_selinux_use(void); + bool mac_selinux_have(void); + void mac_selinux_retest(void); + +-int mac_selinux_init(const char *prefix); ++int mac_selinux_init(void); + void mac_selinux_finish(void); + + int mac_selinux_fix(const char *path, bool ignore_enoent, bool ignore_erofs); +diff --git a/src/core/main.c b/src/core/main.c +index e2088574c0..d861960c6d 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1382,7 +1382,7 @@ int main(int argc, char *argv[]) { + dual_timestamp_get(&security_finish_timestamp); + } + +- if (mac_selinux_init(NULL) < 0) { ++ if (mac_selinux_init() < 0) { + error_message = "Failed to initialize SELinux policy"; + goto finish; + } +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index c37e32e96b..d11756e615 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -706,7 +706,7 @@ int main(int argc, char *argv[]) { + log_open(); + + umask(0022); +- mac_selinux_init("/etc"); ++ mac_selinux_init(); + + if (argc != 1) { + log_error("This program takes no arguments."); +diff --git a/src/locale/localed.c b/src/locale/localed.c +index f0fe59cc67..a2fc6af4c9 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -1296,7 +1296,7 @@ int main(int argc, char *argv[]) { + log_open(); + + umask(0022); +- mac_selinux_init("/etc"); ++ mac_selinux_init(); + + if (argc != 1) { + log_error("This program takes no arguments."); +diff --git a/src/login/logind.c b/src/login/logind.c +index 933602eb08..d5f6757bd3 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -1126,7 +1126,7 @@ int main(int argc, char *argv[]) { + goto finish; + } + +- r = mac_selinux_init("/run"); ++ r = mac_selinux_init(); + if (r < 0) { + log_error_errno(r, "Could not initialize labelling: %m"); + goto finish; +diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c +index c7e2ab14d6..161ea03412 100644 +--- a/src/resolve/resolved.c ++++ b/src/resolve/resolved.c +@@ -48,7 +48,7 @@ int main(int argc, char *argv[]) { + + umask(0022); + +- r = mac_selinux_init(NULL); ++ r = mac_selinux_init(); + if (r < 0) { + log_error_errno(r, "SELinux setup failed: %m"); + goto finish; +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 863c628323..4377f1b910 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -1820,7 +1820,7 @@ int main(int argc, char *argv[]) { + + umask(0022); + +- r = mac_selinux_init(NULL); ++ r = mac_selinux_init(); + if (r < 0) { + log_error_errno(r, "SELinux setup failed: %m"); + goto finish; +diff --git a/src/test/test-udev.c b/src/test/test-udev.c +index 9cc64f7c68..d01789fe08 100644 +--- a/src/test/test-udev.c ++++ b/src/test/test-udev.c +@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) { + return EXIT_FAILURE; + + log_debug("version %s", VERSION); +- mac_selinux_init("/dev"); ++ mac_selinux_init(); + + action = argv[1]; + if (action == NULL) { +diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c +index 2a10135fba..a522d0c5f9 100644 +--- a/src/timedate/timedated.c ++++ b/src/timedate/timedated.c +@@ -159,7 +159,7 @@ static int context_write_data_local_rtc(Context *c) { + } + } + +- mac_selinux_init("/etc"); ++ mac_selinux_init(); + return write_string_file_atomic_label("/etc/adjtime", w); + } + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 7b105a6bd4..f3487013cf 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -2288,7 +2288,7 @@ int main(int argc, char *argv[]) { + + umask(0022); + +- mac_selinux_init(NULL); ++ mac_selinux_init(); + + items = ordered_hashmap_new(&string_hash_ops); + globs = ordered_hashmap_new(&string_hash_ops); +diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c +index 7bd2c1ea42..a6a873e5de 100644 +--- a/src/udev/udevadm.c ++++ b/src/udev/udevadm.c +@@ -93,7 +93,7 @@ int main(int argc, char *argv[]) { + + log_parse_environment(); + log_open(); +- mac_selinux_init("/dev"); ++ mac_selinux_init(); + + while ((c = getopt_long(argc, argv, "+dhV", options, NULL)) >= 0) + switch (c) { +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index bb92f16352..243df7386f 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -1695,7 +1695,7 @@ int main(int argc, char *argv[]) { + + umask(022); + +- r = mac_selinux_init("/dev"); ++ r = mac_selinux_init(); + if (r < 0) { + log_error_errno(r, "could not initialize labelling: %m"); + goto exit; +diff --git a/src/update-done/update-done.c b/src/update-done/update-done.c +index 931e583785..da306a4444 100644 +--- a/src/update-done/update-done.c ++++ b/src/update-done/update-done.c +@@ -101,7 +101,7 @@ int main(int argc, char *argv[]) { + return EXIT_FAILURE; + } + +- r = mac_selinux_init(NULL); ++ r = mac_selinux_init(); + if (r < 0) { + log_error_errno(r, "SELinux setup failed: %m"); + goto finish; +diff --git a/src/user-sessions/user-sessions.c b/src/user-sessions/user-sessions.c +index 8bf44e2100..9b29b5ba1d 100644 +--- a/src/user-sessions/user-sessions.c ++++ b/src/user-sessions/user-sessions.c +@@ -40,7 +40,7 @@ int main(int argc, char*argv[]) { + + umask(0022); + +- mac_selinux_init(NULL); ++ mac_selinux_init(); + + if (streq(argv[1], "start")) { + int r = 0; diff --git a/0019-selinux-use-raw-variants-of-security_compute_create-.patch b/0019-selinux-use-raw-variants-of-security_compute_create-.patch new file mode 100644 index 0000000..ca2521b --- /dev/null +++ b/0019-selinux-use-raw-variants-of-security_compute_create-.patch @@ -0,0 +1,45 @@ +From 4f1ae61da9eda1115c1461e77a44101d96532700 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 2 Mar 2016 10:16:39 -0500 +Subject: [PATCH] selinux: use raw variants of security_compute_create and + setfscreatecon + +As suggested by Evgeny Vereshchagin as a follow up for +https://github.com/systemd/systemd/pull/2781#issuecomment-191043402. + +(cherry picked from commit 5c5433ad32c3d911f0c66cc124d190d40a2b5f5b) +--- + src/basic/selinux-util.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c +index 71ceac1bcd..5e6181f662 100644 +--- a/src/basic/selinux-util.c ++++ b/src/basic/selinux-util.c +@@ -217,7 +217,7 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) { + return -errno; + + sclass = string_to_security_class("process"); +- r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label); ++ r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label); + if (r < 0) + return -errno; + #endif +@@ -296,7 +296,7 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char * + return -ENOMEM; + + sclass = string_to_security_class("process"); +- r = security_compute_create(mycon, fcon, sclass, (security_context_t *) label); ++ r = security_compute_create_raw(mycon, fcon, sclass, (security_context_t *) label); + if (r < 0) + return -errno; + #endif +@@ -350,7 +350,7 @@ int mac_selinux_create_file_prepare(const char *path, mode_t mode) { + + log_enforcing("Failed to determine SELinux security context for %s: %m", path); + } else { +- if (setfscreatecon(filecon) >= 0) ++ if (setfscreatecon_raw(filecon) >= 0) + return 0; /* Success! */ + + log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path); diff --git a/systemd.spec b/systemd.spec index 3c7f09f..ea58dc7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -35,6 +35,24 @@ Source8: systemd-journal-gatewayd.xml Source9: 20-yama-ptrace.conf Patch0001: 0001-time-util-map-ALARM-clockids-to-non-ALARM-clockids-i.patch +Patch0002: 0002-core-fix-indenting-in-dump-output.patch +Patch0003: 0003-networkd-FIONREAD-is-not-reliable-on-some-sockets.patch +Patch0004: 0004-networkd-rework-idle-detection-logic-of-networkd.patch +Patch0005: 0005-core-fix-assertion-check.patch +Patch0006: 0006-udev-fix-cg_unified-return-code-checking.patch +Patch0007: 0007-core-revert-core-resolve-specifier-in-config_parse_e.patch +Patch0008: 0008-activate-fix-E-option-parsing.patch +Patch0009: 0009-basic-strbuf-do-not-call-bsearch-with-a-null-argumen.patch +Patch0010: 0010-udev-path_id-correct-segmentation-fault-due-to-missi.patch +Patch0011: 0011-networkd-make-sure-we-allocate-the-NTA-set-before-we.patch +Patch0012: 0012-networkd-tunnel-fix-tunnel-address.patch +Patch0013: 0013-calendarspec-fix-find_next-skipping-times.patch +Patch0014: 0014-core-exclude-.slice-units-from-systemctl-isolate.patch +Patch0015: 0015-shorten-hostname-before-checking-for-trailing-dot.patch +Patch0016: 0016-hashmap-use-void-and-uint8_t-for-generic-pointers.patch +Patch0017: 0017-resolved-fix-notification-iteration-logic-when-trans.patch +Patch0018: 0018-selinux-always-try-to-load-the-full-selinux-db.patch +Patch0019: 0019-selinux-use-raw-variants-of-security_compute_create-.patch Patch0999: 0999-Add-a-workaround-for-linux-net-if.h-conflict.patch @@ -911,6 +929,7 @@ getent passwd systemd-journal-upload >/dev/null 2>&1 || useradd -r -l -g systemd * Fri Mar 4 2016 Zbigniew Jędrzejewski-Szmek - 229-5 - Split out systemd-container subpackage (#1163412) - Split out system-udev subpackage +- Add various bugfix patches, incl. a tentative fix for #1308771 * Tue Mar 1 2016 Peter Robinson 229-4 - Power64 and s390(x) now have libseccomp support