diff options
| author | Nicolas Iooss | 2015-02-22 09:17:22 +0800 |
|---|---|---|
| committer | Nicolas Iooss | 2015-06-27 11:44:59 +0800 |
| commit | 8090a768165b77f07e81eacd0c64d90614127bfc (patch) | |
| tree | 4e724a2b7200c1253bfb31e573dc378c8701fc07 | |
| parent | bb5a76b47a420e5d9c40e5509b81fb667a7cad39 (diff) | |
| download | aur-8090a768165b77f07e81eacd0c64d90614127bfc.tar.gz | |
systemd-selinux 218-2 update
21 files changed, 967 insertions, 13 deletions
@@ -1,6 +1,6 @@ pkgbase = systemd-selinux pkgver = 218 - pkgrel = 1 + pkgrel = 2 url = http://www.freedesktop.org/wiki/Software/systemd arch = i686 arch = x86_64 @@ -35,10 +35,46 @@ pkgbase = systemd-selinux source = initcpio-hook-udev source = initcpio-install-systemd source = initcpio-install-udev + source = 0001-journal-fix-dangling-else-ambiguity.patch + source = 0002-nspawn-properly-validate-machine-names.patch + source = 0003-systemctl-fix-argument-handling-when-invoked-as-shut.patch + source = 0004-systemctl-properly-iterate-through-service-array-whe.patch + source = 0005-nss-myhostname-always-will-in-canonical-hostname-fie.patch + source = 0010-log-fix-log_full_errno-with-custom-facilities.patch + source = 0014-timesyncd-consider-too-long-packets-as-invalid.patch + source = 0016-logind-fix-sd_eviocrevoke-ioctl-call.patch + source = 0019-sd-bus-fix-handling-of-double-parameters-in-sd_bus_m.patch + source = 0021-units-fix-all-TTY-paths-for-container-gettys.patch + source = 0024-sd-dhcp-chop-of-trailing-dot-of-DHCP-supplied-host-a.patch + source = 0025-logind-handle-closing-sessions-over-daemon-restarts.patch + source = 0026-core-make-setting-the-shutdown-watchdog-configuratio.patch + source = 0027-sd-rtnl-don-t-fail-event-handler-when-callback-fails.patch + source = 0029-config_parse_set_status-put-signals-in-the-correct-s.patch + source = 0030-network-address-test-network-avoid-undefined-behavio.patch + source = 0033-core-disarm-shutdown-watchdog-if-we-fail-to-set-time.patch + source = 0034-exit-on-idle-only-exit-if-actually-idle.patch md5sums = 4e2c511b0a7932d7fc9d79822273aac6 md5sums = 90ea67a7bb237502094914622a39e281 md5sums = c9db3010602913559295de3481019681 md5sums = bde43090d4ac0ef048e3eaee8202a407 + md5sums = 22920ff32e345a26a9c05662ec274314 + md5sums = 6960b43aaec4f899fdf0fe87d0457901 + md5sums = 715cefd0e803d8b441811688fd4da1c3 + md5sums = 3bb57f2812572ee999928ba33b489afe + md5sums = 5d42fda1f10c02861ee454277b516716 + md5sums = a079c6e5c8d0184adf47794aaf338ac4 + md5sums = c9b4e7bff3d1c073852c3d1b3bb8002e + md5sums = ae4d820582570ceb7b7c80b6810596f1 + md5sums = 5b212435622f69c2a24b01ef7380bc94 + md5sums = 0523c9ae27abdd30b847625b1c9c7a03 + md5sums = c0d236b41dd4afad3f91dee72bb296a8 + md5sums = 25e191463fb877fd5dabecb95f15ee8f + md5sums = 5911ef7d3ab5c5a06076fdea221ea27e + md5sums = ab7baf675e224cf19b9194fc1e4ea5ff + md5sums = 1d6cb563b3864fd8d724982bc2007f16 + md5sums = 529c4fba7e0a709fda9e108e658e76c3 + md5sums = 9d0d909507294afb879965e74fef79c8 + md5sums = c0b68cefe7f00ea5ec856c64f799cca4 pkgname = systemd-selinux pkgdesc = system and service manager with SELinux support @@ -73,7 +109,7 @@ pkgname = systemd-selinux provides = nss-myhostname provides = systemd-tools=218 provides = udev=218 - provides = systemd=218-1 + provides = systemd=218-2 conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev @@ -115,15 +151,15 @@ pkgname = libsystemd-selinux provides = libsystemd-journal.so provides = libsystemd-login.so provides = libudev.so - provides = libsystemd=218-1 + provides = libsystemd=218-2 conflicts = libsystemd pkgname = systemd-sysvcompat-selinux pkgdesc = sysvinit compat for systemd with SELinux support license = GPL2 depends = systemd-selinux - provides = systemd-sysvcompat=218-1 - provides = selinux-systemd-sysvcompat=218-1 + provides = systemd-sysvcompat=218-2 + provides = selinux-systemd-sysvcompat=218-2 conflicts = sysvinit conflicts = systemd-sysvcompat conflicts = selinux-systemd-sysvcompat diff --git a/0001-journal-fix-dangling-else-ambiguity.patch b/0001-journal-fix-dangling-else-ambiguity.patch new file mode 100644 index 000000000000..d05e8c295a32 --- /dev/null +++ b/0001-journal-fix-dangling-else-ambiguity.patch @@ -0,0 +1,44 @@ +From 8d1c8bd746a6a14dec7470f93f843bcb0699f4b8 Mon Sep 17 00:00:00 2001 +From: David Herrmann <dh.herrmann@gmail.com> +Date: Fri, 12 Dec 2014 09:52:06 +0100 +Subject: [PATCH] journal: fix dangling 'else' ambiguity + +Rework the sd-journal iterators to avoid dangling 'else' ambiguity. For a +detailed explanation, see: + + commit bff686e2a981ccd0888cdf1981977d24320f1770 + Author: David Herrmann <dh.herrmann@gmail.com> + Date: Fri Dec 12 09:43:54 2014 +0100 + + hwdb: fix dangling 'else' ambuguity +--- + src/systemd/sd-journal.h | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/systemd/sd-journal.h b/src/systemd/sd-journal.h +index eb24372..00237a2 100644 +--- a/src/systemd/sd-journal.h ++++ b/src/systemd/sd-journal.h +@@ -138,13 +138,15 @@ int sd_journal_reliable_fd(sd_journal *j); + int sd_journal_get_catalog(sd_journal *j, char **text); + int sd_journal_get_catalog_for_message_id(sd_id128_t id, char **text); + ++/* the inverse condition avoids ambiguity of danling 'else' after the macro */ + #define SD_JOURNAL_FOREACH(j) \ +- if (sd_journal_seek_head(j) >= 0) \ +- while (sd_journal_next(j) > 0) ++ if (sd_journal_seek_head(j) < 0) { } \ ++ else while (sd_journal_next(j) > 0) + ++/* the inverse condition avoids ambiguity of danling 'else' after the macro */ + #define SD_JOURNAL_FOREACH_BACKWARDS(j) \ +- if (sd_journal_seek_tail(j) >= 0) \ +- while (sd_journal_previous(j) > 0) ++ if (sd_journal_seek_tail(j) < 0) { } \ ++ else while (sd_journal_previous(j) > 0) + + #define SD_JOURNAL_FOREACH_DATA(j, data, l) \ + for (sd_journal_restart_data(j); sd_journal_enumerate_data((j), &(data), &(l)) > 0; ) +-- +2.3.0 + diff --git a/0002-nspawn-properly-validate-machine-names.patch b/0002-nspawn-properly-validate-machine-names.patch new file mode 100644 index 000000000000..ae404bd24d6c --- /dev/null +++ b/0002-nspawn-properly-validate-machine-names.patch @@ -0,0 +1,35 @@ +From 0c3c42847da2f614f1a3f93c7cc96cd241e17e3a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 12 Dec 2014 02:49:40 +0100 +Subject: [PATCH] nspawn: properly validate machine names + +--- + src/nspawn/nspawn.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 0466ddb..e1e1c36 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -369,15 +369,13 @@ static int parse_argv(int argc, char *argv[]) { + free(arg_machine); + arg_machine = NULL; + } else { +- +- if (!hostname_is_valid(optarg)) { ++ if (!machine_name_is_valid(optarg)) { + log_error("Invalid machine name: %s", optarg); + return -EINVAL; + } + +- free(arg_machine); +- arg_machine = strdup(optarg); +- if (!arg_machine) ++ r = free_and_strdup(&arg_machine, optarg); ++ if (r < 0) + return log_oom(); + + break; +-- +2.3.0 + diff --git a/0003-systemctl-fix-argument-handling-when-invoked-as-shut.patch b/0003-systemctl-fix-argument-handling-when-invoked-as-shut.patch new file mode 100644 index 000000000000..d961b1699913 --- /dev/null +++ b/0003-systemctl-fix-argument-handling-when-invoked-as-shut.patch @@ -0,0 +1,34 @@ +From 75836b9d2071aab978ee78d7d797126a18a32052 Mon Sep 17 00:00:00 2001 +From: Jan Synacek <jsynacek@redhat.com> +Date: Mon, 15 Dec 2014 10:39:00 +0100 +Subject: [PATCH] systemctl: fix argument handling when invoked as "shutdown" + +--- + src/systemctl/systemctl.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 649fb5c..4c4648f 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -6926,7 +6926,7 @@ static int shutdown_parse_argv(int argc, char *argv[]) { + assert(argc >= 0); + assert(argv); + +- while ((c = getopt_long(argc, argv, "HPrhkt:afFc", options, NULL)) >= 0) ++ while ((c = getopt_long(argc, argv, "HPrhkKt:afFc", options, NULL)) >= 0) + switch (c) { + + case ARG_HELP: +@@ -6967,6 +6967,8 @@ static int shutdown_parse_argv(int argc, char *argv[]) { + + case 't': + case 'a': ++ case 'f': ++ case 'F': + /* Compatibility nops */ + break; + +-- +2.3.0 + diff --git a/0004-systemctl-properly-iterate-through-service-array-whe.patch b/0004-systemctl-properly-iterate-through-service-array-whe.patch new file mode 100644 index 000000000000..c04fb75b15b0 --- /dev/null +++ b/0004-systemctl-properly-iterate-through-service-array-whe.patch @@ -0,0 +1,31 @@ +From aba843317d8acc4634417becebaedcfe5805d49d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 5 Jan 2015 01:56:47 +0100 +Subject: [PATCH] systemctl: properly iterate through service array when + dispatching to sysv + +https://bugzilla.redhat.com/show_bug.cgi?id=1175734 +--- + src/systemctl/systemctl.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 9c4b9ed..3d939f0 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -5188,8 +5188,10 @@ static int enable_sysv_units(const char *verb, char **args) { + return -EPROTO; + + /* Remove this entry, so that we don't try enabling it as native unit */ +- assert(f > 0 && streq(args[f-1], name)); +- assert_se(strv_remove(args + f - 1, name)); ++ assert(f > 0); ++ f--; ++ assert(args[f] == name); ++ strv_remove(args, name); + } + + #endif +-- +2.3.0 + diff --git a/0005-nss-myhostname-always-will-in-canonical-hostname-fie.patch b/0005-nss-myhostname-always-will-in-canonical-hostname-fie.patch new file mode 100644 index 000000000000..acb1ed82830a --- /dev/null +++ b/0005-nss-myhostname-always-will-in-canonical-hostname-fie.patch @@ -0,0 +1,113 @@ +From 3fdcecc87eb381ef300719e419d5863dd8a64a97 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 5 Jan 2015 16:23:21 +0100 +Subject: [PATCH] nss-myhostname: always will in canonical hostname field when + resolving addresses to hostnames + +https://bugs.freedesktop.org/show_bug.cgi?id=87634 +--- + src/nss-myhostname/nss-myhostname.c | 36 +++++++++++++++++++----------------- + 1 file changed, 19 insertions(+), 17 deletions(-) + +diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c +index dcf7c1f..a939bb2 100644 +--- a/src/nss-myhostname/nss-myhostname.c ++++ b/src/nss-myhostname/nss-myhostname.c +@@ -38,7 +38,7 @@ + /* We use 127.0.0.2 as IPv4 address. This has the advantage over + * 127.0.0.1 that it can be translated back to the local hostname. For + * IPv6 we use ::1 which unfortunately will not translate back to the +- * hostname but instead something like "localhost6" or so. */ ++ * hostname but instead something like "localhost" or so. */ + + #define LOCALADDRESS_IPV4 (htonl(0x7F000002)) + #define LOCALADDRESS_IPV6 &in6addr_loopback +@@ -415,6 +415,7 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( + _cleanup_free_ char *hn = NULL; + int n_addresses = 0; + struct local_address *a; ++ bool additional_from_hostname = false; + unsigned n; + + assert(addr); +@@ -436,7 +437,6 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( + } + + if (af == AF_INET) { +- + if ((*(uint32_t*) addr) == LOCALADDRESS_IPV4) + goto found; + +@@ -450,10 +450,10 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( + assert(af == AF_INET6); + + if (memcmp(addr, LOCALADDRESS_IPV6, 16) == 0) { +- additional = "localhost"; ++ canonical = "localhost"; ++ additional_from_hostname = true; + goto found; + } +- + } + + n_addresses = local_addresses(NULL, 0, AF_UNSPEC, &addresses); +@@ -462,18 +462,8 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( + if (af != a->family) + continue; + +- if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0) { +- +- hn = gethostname_malloc(); +- if (!hn) { +- *errnop = ENOMEM; +- *h_errnop = NO_RECOVERY; +- return NSS_STATUS_TRYAGAIN; +- } +- +- canonical = hn; ++ if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0) + goto found; +- } + } + } + +@@ -487,7 +477,6 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( + continue; + + if (memcmp(addr, &a->address, FAMILY_ADDRESS_SIZE(af)) == 0) { +- + canonical = "gateway"; + goto found; + } +@@ -500,6 +489,20 @@ enum nss_status _nss_myhostname_gethostbyaddr2_r( + return NSS_STATUS_NOTFOUND; + + found: ++ if (!canonical || (!additional && additional_from_hostname)) { ++ hn = gethostname_malloc(); ++ if (!hn) { ++ *errnop = ENOMEM; ++ *h_errnop = NO_RECOVERY; ++ return NSS_STATUS_TRYAGAIN; ++ } ++ ++ if (!canonical) ++ canonical = hn; ++ ++ if (!additional && additional_from_hostname) ++ additional = hn; ++ } + + return fill_in_hostent( + canonical, additional, +@@ -511,7 +514,6 @@ found: + errnop, h_errnop, + ttlp, + NULL); +- + } + + NSS_GETHOSTBYNAME_FALLBACKS(myhostname); +-- +2.3.0 + diff --git a/0010-log-fix-log_full_errno-with-custom-facilities.patch b/0010-log-fix-log_full_errno-with-custom-facilities.patch new file mode 100644 index 000000000000..4bbf937b6d4f --- /dev/null +++ b/0010-log-fix-log_full_errno-with-custom-facilities.patch @@ -0,0 +1,29 @@ +From 24b759c5d79c1a4993c05c1ef7f44f9ff6d7f463 Mon Sep 17 00:00:00 2001 +From: David Herrmann <dh.herrmann@gmail.com> +Date: Sun, 11 Jan 2015 03:13:46 +0100 +Subject: [PATCH] log: fix log_full_errno() with custom facilities + +Make sure to extract the log-priority when comparing against +max-log-level, otherwise, we will always drop those messages. + +This fixes bus-proxyd to properly send warnings on policy blocks. +--- + src/shared/log.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/log.h b/src/shared/log.h +index 2b6971f..d15d7c8 100644 +--- a/src/shared/log.h ++++ b/src/shared/log.h +@@ -158,7 +158,7 @@ void log_assert_failed_return( + #define log_full_errno(level, error, ...) \ + ({ \ + int _l = (level), _e = (error); \ +- (log_get_max_level() >= _l) \ ++ (log_get_max_level() >= LOG_PRI(_l)) \ + ? log_internal(_l, _e, __FILE__, __LINE__, __func__, __VA_ARGS__) \ + : -abs(_e); \ + }) +-- +2.3.0 + diff --git a/0014-timesyncd-consider-too-long-packets-as-invalid.patch b/0014-timesyncd-consider-too-long-packets-as-invalid.patch new file mode 100644 index 000000000000..b940d2d2e729 --- /dev/null +++ b/0014-timesyncd-consider-too-long-packets-as-invalid.patch @@ -0,0 +1,31 @@ +From 43fcd650e5cb0836cfc9f667ed74b3bc0283a81c Mon Sep 17 00:00:00 2001 +From: Topi Miettinen <toiwoton@gmail.com> +Date: Sun, 18 Jan 2015 16:01:25 +0200 +Subject: [PATCH] timesyncd: consider too long packets as invalid + +If the received NTP message from server didn't fit to our buffer, either +it is doing something nasty or we don't know the protocol. Consider the +packet as invalid. + +(David: add parantheses around conditional) +--- + src/timesync/timesyncd-manager.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c +index 117ea8c..bc35662 100644 +--- a/src/timesync/timesyncd-manager.c ++++ b/src/timesync/timesyncd-manager.c +@@ -525,7 +525,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re + return manager_connect(m); + } + +- if (iov.iov_len < sizeof(struct ntp_msg)) { ++ /* Too short or too long packet? */ ++ if (iov.iov_len < sizeof(struct ntp_msg) || (msghdr.msg_flags & MSG_TRUNC)) { + log_warning("Invalid response from server. Disconnecting."); + return manager_connect(m); + } +-- +2.3.0 + diff --git a/0016-logind-fix-sd_eviocrevoke-ioctl-call.patch b/0016-logind-fix-sd_eviocrevoke-ioctl-call.patch new file mode 100644 index 000000000000..f32ba066098e --- /dev/null +++ b/0016-logind-fix-sd_eviocrevoke-ioctl-call.patch @@ -0,0 +1,30 @@ +From 8dbce34b0373923c7aa7d795024bbedb0a85c7ea Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Thu, 22 Jan 2015 11:36:02 +1000 +Subject: [PATCH] logind: fix sd_eviocrevoke ioctl call + +If the third argument is non-null, the kernel will always error out with +EINVAL and devices won't get revoked. + +Reported-by: Benjamin Tissoires <benjamin.tissoires@gmail.com> +Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net> +--- + src/login/logind-session-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 932abb8..c2de862 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -107,7 +107,7 @@ static int sd_eviocrevoke(int fd) { + + assert(fd >= 0); + +- r = ioctl(fd, EVIOCREVOKE, 1); ++ r = ioctl(fd, EVIOCREVOKE, NULL); + if (r < 0) { + r = -errno; + if (r == -EINVAL && !warned) { +-- +2.3.0 + diff --git a/0019-sd-bus-fix-handling-of-double-parameters-in-sd_bus_m.patch b/0019-sd-bus-fix-handling-of-double-parameters-in-sd_bus_m.patch new file mode 100644 index 000000000000..35fd52ec1f3d --- /dev/null +++ b/0019-sd-bus-fix-handling-of-double-parameters-in-sd_bus_m.patch @@ -0,0 +1,91 @@ +From 6cd37a5e59e01f4a2b3f02d9746b3e7417d424e6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 23 Jan 2015 01:13:09 +0100 +Subject: [PATCH] sd-bus: fix handling of double parameters in + sd_bus_message_append() + +We really need to use va_arg() with the right type here as uint64_t and +double might have the same size, but are passed differently as +arguments. +--- + src/libsystemd/sd-bus/bus-message.c | 11 +++++++++-- + src/libsystemd/sd-bus/test-bus-marshal.c | 13 +++++++++++++ + 2 files changed, 22 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 23076d2..9ae65be 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -2350,8 +2350,7 @@ int bus_message_append_ap( + } + + case SD_BUS_TYPE_INT64: +- case SD_BUS_TYPE_UINT64: +- case SD_BUS_TYPE_DOUBLE: { ++ case SD_BUS_TYPE_UINT64: { + uint64_t x; + + x = va_arg(ap, uint64_t); +@@ -2359,6 +2358,14 @@ int bus_message_append_ap( + break; + } + ++ case SD_BUS_TYPE_DOUBLE: { ++ double x; ++ ++ x = va_arg(ap, double); ++ r = sd_bus_message_append_basic(m, *t, &x); ++ break; ++ } ++ + case SD_BUS_TYPE_STRING: + case SD_BUS_TYPE_OBJECT_PATH: + case SD_BUS_TYPE_SIGNATURE: { +diff --git a/src/libsystemd/sd-bus/test-bus-marshal.c b/src/libsystemd/sd-bus/test-bus-marshal.c +index 8cefc7a..d95a03c 100644 +--- a/src/libsystemd/sd-bus/test-bus-marshal.c ++++ b/src/libsystemd/sd-bus/test-bus-marshal.c +@@ -22,6 +22,7 @@ + #include <assert.h> + #include <stdlib.h> + #include <byteswap.h> ++#include <math.h> + + #ifdef HAVE_GLIB + #include <gio/gio.h> +@@ -94,6 +95,8 @@ int main(int argc, char *argv[]) { + _cleanup_fclose_ FILE *ms = NULL; + size_t first_size = 0, second_size = 0, third_size = 0; + _cleanup_bus_unref_ sd_bus *bus = NULL; ++ double dbl; ++ uint64_t u64; + + r = sd_bus_default_system(&bus); + if (r < 0) +@@ -145,6 +148,9 @@ int main(int argc, char *argv[]) { + r = sd_bus_message_append_array(m, 'u', NULL, 0); + assert_se(r >= 0); + ++ r = sd_bus_message_append(m, "a(stdo)", 1, "foo", 815ULL, 47.0, "/"); ++ assert_se(r >= 0); ++ + r = bus_message_seal(m, 4711, 0); + assert_se(r >= 0); + +@@ -268,6 +274,13 @@ int main(int argc, char *argv[]) { + assert_se(r > 0); + assert_se(sz == 0); + ++ r = sd_bus_message_read(m, "a(stdo)", 1, &x, &u64, &dbl, &y); ++ assert_se(r > 0); ++ assert_se(streq(x, "foo")); ++ assert_se(u64 == 815ULL); ++ assert_se(fabs(dbl - 47.0) < 0.1); ++ assert_se(streq(y, "/")); ++ + r = sd_bus_message_peek_type(m, NULL, NULL); + assert_se(r == 0); + +-- +2.3.0 + diff --git a/0021-units-fix-all-TTY-paths-for-container-gettys.patch b/0021-units-fix-all-TTY-paths-for-container-gettys.patch new file mode 100644 index 000000000000..aefc34311623 --- /dev/null +++ b/0021-units-fix-all-TTY-paths-for-container-gettys.patch @@ -0,0 +1,30 @@ +From e87bc3ef67a892e2b3dba753190675e5f9b592b5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 27 Jan 2015 14:28:45 +0100 +Subject: [PATCH] units: fix all TTY paths for container gettys + +Spotted by Christian Seiler: + +http://lists.freedesktop.org/archives/systemd-devel/2015-January/027441.html +--- + units/container-getty@.service.m4.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/units/container-getty@.service.m4.in b/units/container-getty@.service.m4.in +index 5120466..e126f3a 100644 +--- a/units/container-getty@.service.m4.in ++++ b/units/container-getty@.service.m4.in +@@ -21,8 +21,8 @@ ExecStart=-/sbin/agetty --noclear --keep-baud pts/%I 115200,38400,9600 $TERM + Type=idle + Restart=always + RestartSec=0 +-UtmpIdentifier=%I +-TTYPath=/dev/%I ++UtmpIdentifier=pts/%I ++TTYPath=/dev/pts/%I + TTYReset=yes + TTYVHangup=yes + KillMode=process +-- +2.3.0 + diff --git a/0024-sd-dhcp-chop-of-trailing-dot-of-DHCP-supplied-host-a.patch b/0024-sd-dhcp-chop-of-trailing-dot-of-DHCP-supplied-host-a.patch new file mode 100644 index 000000000000..113d20ef497d --- /dev/null +++ b/0024-sd-dhcp-chop-of-trailing-dot-of-DHCP-supplied-host-a.patch @@ -0,0 +1,55 @@ +From f50f01f4b738f2f00b30d0e02e8cf54ab99a9f27 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 28 Jan 2015 17:47:37 +0100 +Subject: [PATCH] sd-dhcp: chop of trailing dot of DHCP supplied host and + domain nams + +--- + src/libsystemd-network/sd-dhcp-lease.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index 00fef16..34aa36c 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -497,11 +497,20 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const uint8_t *option, + case DHCP_OPTION_DOMAIN_NAME: + { + _cleanup_free_ char *domainname = NULL; ++ char *e; + + r = lease_parse_string(option, len, &domainname); + if (r < 0) + return r; + ++ /* Chop off trailing dot of domain name that some DHCP ++ * servers send us back. Internally we want to store ++ * host names without trailing dots and ++ * host_name_is_valid() doesn't accept them. */ ++ e = endswith(domainname, "."); ++ if (e) ++ *e = 0; ++ + if (!hostname_is_valid(domainname) || is_localhost(domainname)) + break; + +@@ -514,11 +523,16 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const uint8_t *option, + case DHCP_OPTION_HOST_NAME: + { + _cleanup_free_ char *hostname = NULL; ++ char *e; + + r = lease_parse_string(option, len, &hostname); + if (r < 0) + return r; + ++ e = endswith(hostname, "."); ++ if (e) ++ *e = 0; ++ + if (!hostname_is_valid(hostname) || is_localhost(hostname)) + break; + +-- +2.3.0 + diff --git a/0025-logind-handle-closing-sessions-over-daemon-restarts.patch b/0025-logind-handle-closing-sessions-over-daemon-restarts.patch new file mode 100644 index 000000000000..01d8507f2806 --- /dev/null +++ b/0025-logind-handle-closing-sessions-over-daemon-restarts.patch @@ -0,0 +1,103 @@ +From be94d95499bf9c63fe9331e9b9ecc64f32fe9d79 Mon Sep 17 00:00:00 2001 +From: Martin Pitt <martin.pitt@ubuntu.com> +Date: Wed, 28 Jan 2015 18:14:01 +0100 +Subject: [PATCH] logind: handle closing sessions over daemon restarts + +It may happen that you have several sessions with the same VT: + + - Open a session c1 which leaves some processes around, and log out. The + session will stay in State=closing and become Active=no. + - Log back in on the same VT, get a new session "c2" which is State=active and + Active=yes. + +When restarting logind after that, the first session that matches the current +VT becomes Active=yes, which will be c1; c2 thus is Active=no and does not get +the usual polkit/device ACL privileges. + +Restore the "closing" state in session_load(), to avoid treating all restored +sessions as State=active. In seat_active_vt_changed(), prefer active sessions +over closing ones if more than one session matches the current VT. + +Finally, fix the confusing comment in session_load() and explain it a bit +better. + +https://launchpad.net/bugs/1415104 +--- + src/login/logind-seat.c | 14 +++++++++++++- + src/login/logind-session.c | 11 +++++++++-- + 2 files changed, 22 insertions(+), 3 deletions(-) + +diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c +index 197138c..126c5b8 100644 +--- a/src/login/logind-seat.c ++++ b/src/login/logind-seat.c +@@ -340,12 +340,24 @@ int seat_active_vt_changed(Seat *s, unsigned int vtnr) { + + log_debug("VT changed to %u", vtnr); + ++ /* we might have earlier closing sessions on the same VT, so try to ++ * find a running one first */ + LIST_FOREACH(sessions_by_seat, i, s->sessions) +- if (i->vtnr == vtnr) { ++ if (i->vtnr == vtnr && !i->stopping) { + new_active = i; + break; + } + ++ if (!new_active) { ++ /* no running one? then we can't decide which one is the ++ * active one, let the first one win */ ++ LIST_FOREACH(sessions_by_seat, i, s->sessions) ++ if (i->vtnr == vtnr) { ++ new_active = i; ++ break; ++ } ++ } ++ + r = seat_set_active(s, new_active); + manager_spawn_autovt(s->manager, vtnr); + +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index a51f9f3..a02a537 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -301,6 +301,7 @@ int session_load(Session *s) { + _cleanup_free_ char *remote = NULL, + *seat = NULL, + *vtnr = NULL, ++ *state = NULL, + *pos = NULL, + *leader = NULL, + *type = NULL, +@@ -327,6 +328,7 @@ int session_load(Session *s) { + "SERVICE", &s->service, + "DESKTOP", &s->desktop, + "VTNR", &vtnr, ++ "STATE", &state, + "POS", &pos, + "LEADER", &leader, + "TYPE", &type, +@@ -415,13 +417,18 @@ int session_load(Session *s) { + s->class = c; + } + ++ if (state && streq(state, "closing")) ++ s->stopping = true; ++ + if (s->fifo_path) { + int fd; + + /* If we open an unopened pipe for reading we will not + get an EOF. to trigger an EOF we hence open it for +- reading, but close it right-away which then will +- trigger the EOF. */ ++ writing, but close it right away which then will ++ trigger the EOF. This will happen immediately if no ++ other process has the FIFO open for writing, i. e. ++ when the session died before logind (re)started. */ + + fd = session_create_fifo(s); + safe_close(fd); +-- +2.3.0 + diff --git a/0026-core-make-setting-the-shutdown-watchdog-configuratio.patch b/0026-core-make-setting-the-shutdown-watchdog-configuratio.patch new file mode 100644 index 000000000000..2f3758b1ec20 --- /dev/null +++ b/0026-core-make-setting-the-shutdown-watchdog-configuratio.patch @@ -0,0 +1,27 @@ +From 81f5fc2d43800c23a4440ed94cfe38d579e896fe Mon Sep 17 00:00:00 2001 +From: Maxim Mikityanskiy <maxtram95@gmail.com> +Date: Thu, 29 Jan 2015 01:23:07 +0100 +Subject: [PATCH] core: make setting the shutdown watchdog configuration via + dbus work + +https://bugs.freedesktop.org/show_bug.cgi?id=88284 +--- + src/core/main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/core/main.c b/src/core/main.c +index ce37c59..0df1f64 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1829,6 +1829,8 @@ int main(int argc, char *argv[]) { + finish: + pager_close(); + ++ if (m) ++ arg_shutdown_watchdog = m->shutdown_watchdog; + m = manager_free(m); + + for (j = 0; j < ELEMENTSOF(arg_default_rlimit); j++) { +-- +2.3.0 + diff --git a/0027-sd-rtnl-don-t-fail-event-handler-when-callback-fails.patch b/0027-sd-rtnl-don-t-fail-event-handler-when-callback-fails.patch new file mode 100644 index 000000000000..a03367d08536 --- /dev/null +++ b/0027-sd-rtnl-don-t-fail-event-handler-when-callback-fails.patch @@ -0,0 +1,67 @@ +From 233ba5c3a0f73e01fe6149fd8c377826a83c2a0a Mon Sep 17 00:00:00 2001 +From: Tom Gundersen <teg@jklm.no> +Date: Thu, 29 Jan 2015 07:26:58 +0100 +Subject: [PATCH] sd-rtnl: don't fail event handler when callback fails + +As in sd-bus, simply log at debug level when a callback fails, but don't fail the event handler. +Otherwise any error returned by any callback will disable the rtnl event handler. We should +only do that on serious internal errors in sd-rtnl that we know cannot be recovered from. +--- + src/libsystemd/sd-rtnl/sd-rtnl.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/src/libsystemd/sd-rtnl/sd-rtnl.c b/src/libsystemd/sd-rtnl/sd-rtnl.c +index 5778ea5..7f1ec30 100644 +--- a/src/libsystemd/sd-rtnl/sd-rtnl.c ++++ b/src/libsystemd/sd-rtnl/sd-rtnl.c +@@ -379,9 +379,12 @@ static int process_timeout(sd_rtnl *rtnl) { + hashmap_remove(rtnl->reply_callbacks, &c->serial); + + r = c->callback(rtnl, m, c->userdata); ++ if (r < 0) ++ log_debug_errno(r, "sd-rtnl: timedout callback failed: %m"); ++ + free(c); + +- return r < 0 ? r : 1; ++ return 1; + } + + static int process_reply(sd_rtnl *rtnl, sd_rtnl_message *m) { +@@ -404,9 +407,12 @@ static int process_reply(sd_rtnl *rtnl, sd_rtnl_message *m) { + prioq_remove(rtnl->reply_callbacks_prioq, c, &c->prioq_idx); + + r = c->callback(rtnl, m, c->userdata); ++ if (r < 0) ++ log_debug_errno(r, "sd-rtnl: callback failed: %m"); ++ + free(c); + +- return r; ++ return 1; + } + + static int process_match(sd_rtnl *rtnl, sd_rtnl_message *m) { +@@ -424,12 +430,16 @@ static int process_match(sd_rtnl *rtnl, sd_rtnl_message *m) { + LIST_FOREACH(match_callbacks, c, rtnl->match_callbacks) { + if (type == c->type) { + r = c->callback(rtnl, m, c->userdata); +- if (r != 0) +- return r; ++ if (r != 0) { ++ if (r < 0) ++ log_debug_errno(r, "sd-rtnl: match callback failed: %m"); ++ ++ break; ++ } + } + } + +- return 0; ++ return 1; + } + + static int process_running(sd_rtnl *rtnl, sd_rtnl_message **ret) { +-- +2.3.0 + diff --git a/0029-config_parse_set_status-put-signals-in-the-correct-s.patch b/0029-config_parse_set_status-put-signals-in-the-correct-s.patch new file mode 100644 index 000000000000..a0553469929f --- /dev/null +++ b/0029-config_parse_set_status-put-signals-in-the-correct-s.patch @@ -0,0 +1,53 @@ +From 615938651d3a4fd9253b08da00db22d451a8cef8 Mon Sep 17 00:00:00 2001 +From: Michael Olbrich <m.olbrich@pengutronix.de> +Date: Fri, 30 Jan 2015 09:49:55 +0100 +Subject: [PATCH] config_parse_set_status: put signals in the correct set + +This was broken when the code was rearranged in "1e2fd62d70ff +core/load-fragment.c: correct argument sign and split up long lines" +--- + src/core/load-fragment.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 98794bf..90bf563 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3150,6 +3150,7 @@ int config_parse_set_status( + FOREACH_WORD(word, l, rvalue, state) { + _cleanup_free_ char *temp; + int val; ++ Set **set; + + temp = strndup(word, l); + if (!temp) +@@ -3162,21 +3163,23 @@ int config_parse_set_status( + if (val <= 0) { + log_syntax(unit, LOG_ERR, filename, line, -val, + "Failed to parse value, ignoring: %s", word); +- return 0; ++ continue; + } ++ set = &status_set->signal; + } else { + if (val < 0 || val > 255) { + log_syntax(unit, LOG_ERR, filename, line, ERANGE, + "Value %d is outside range 0-255, ignoring", val); + continue; + } ++ set = &status_set->status; + } + +- r = set_ensure_allocated(&status_set->status, NULL); ++ r = set_ensure_allocated(set, NULL); + if (r < 0) + return log_oom(); + +- r = set_put(status_set->status, INT_TO_PTR(val)); ++ r = set_put(*set, INT_TO_PTR(val)); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, -r, + "Unable to store: %s", word); +-- +2.3.0 + diff --git a/0030-network-address-test-network-avoid-undefined-behavio.patch b/0030-network-address-test-network-avoid-undefined-behavio.patch new file mode 100644 index 000000000000..640fa5a17c81 --- /dev/null +++ b/0030-network-address-test-network-avoid-undefined-behavio.patch @@ -0,0 +1,44 @@ +From 6cb8e687f038424ef54b5c5c3c433be974fbe371 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 2 Feb 2015 21:32:28 -0500 +Subject: [PATCH] network-address,test-network: avoid undefined behaviour + +--- + src/network/networkd-address.c | 4 ++++ + src/network/test-network.c | 3 +-- + 2 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index ce0e923..47033ac 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -592,6 +592,10 @@ bool address_equal(Address *a1, Address *a2) { + case AF_INET: + if (a1->prefixlen != a2->prefixlen) + return false; ++ else if (a1->prefixlen == 0) ++ /* make sure we don't try to shift by 32. ++ * See ISO/IEC 9899:TC3 ยง 6.5.7.3. */ ++ return true; + else { + uint32_t b1, b2; + +diff --git a/src/network/test-network.c b/src/network/test-network.c +index ea9f938..b4a7be0 100644 +--- a/src/network/test-network.c ++++ b/src/network/test-network.c +@@ -158,10 +158,9 @@ static void test_address_equality(void) { + assert_se(address_equal(a1, a2)); + + assert_se(inet_pton(AF_INET, "192.168.3.9", &a1->in_addr.in)); +- assert_se(!address_equal(a1, a2)); ++ assert_se(address_equal(a1, a2)); + assert_se(inet_pton(AF_INET, "192.168.3.9", &a2->in_addr.in)); + assert_se(address_equal(a1, a2)); +- + a1->prefixlen = 10; + assert_se(!address_equal(a1, a2)); + a2->prefixlen = 10; +-- +2.3.0 + diff --git a/0033-core-disarm-shutdown-watchdog-if-we-fail-to-set-time.patch b/0033-core-disarm-shutdown-watchdog-if-we-fail-to-set-time.patch new file mode 100644 index 000000000000..a10627aabdf6 --- /dev/null +++ b/0033-core-disarm-shutdown-watchdog-if-we-fail-to-set-time.patch @@ -0,0 +1,31 @@ +From c2cc6b9aefb6f2085d3ca7eb9743093a17f751da Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 12 Feb 2015 12:28:48 +0100 +Subject: [PATCH] core: disarm shutdown watchdog if we fail to set timeout + +Better safe than sorry, if drivers are stupid, and reset immediately on +device closing if the timeout could not be initialized. + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777735 +--- + src/core/main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 0749f04..ba2de85 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2021,8 +2021,8 @@ finish: + /* If we reboot let's set the shutdown + * watchdog and tell the shutdown binary to + * repeatedly ping it */ +- watchdog_set_timeout(&arg_shutdown_watchdog); +- watchdog_close(false); ++ r = watchdog_set_timeout(&arg_shutdown_watchdog); ++ watchdog_close(r < 0); + + /* Tell the binary how often to ping, ignore failure */ + if (asprintf(&e, "WATCHDOG_USEC="USEC_FMT, arg_shutdown_watchdog) > 0) +-- +2.3.0 + diff --git a/0034-exit-on-idle-only-exit-if-actually-idle.patch b/0034-exit-on-idle-only-exit-if-actually-idle.patch new file mode 100644 index 000000000000..3a22433cea51 --- /dev/null +++ b/0034-exit-on-idle-only-exit-if-actually-idle.patch @@ -0,0 +1,29 @@ +From a8ba6cd15d3a5edf1f9fbb4fd08dc428c3939072 Mon Sep 17 00:00:00 2001 +From: Tom Gundersen <teg@jklm.no> +Date: Fri, 13 Feb 2015 16:20:45 +0100 +Subject: [PATCH] exit-on-idle: only exit if actually idle + +sd_event_wait() returning 0 usually means that it timed out, which means it must +have been idle. However, sd_event_wait() may return 0 in case an event was triggered +but it turned out there was nothing to do. Make the check for idle explicit to avoid +this edge-case. +--- + src/libsystemd/sd-bus/bus-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c +index c9d8713..52d4ebe 100644 +--- a/src/libsystemd/sd-bus/bus-util.c ++++ b/src/libsystemd/sd-bus/bus-util.c +@@ -123,7 +123,7 @@ int bus_event_loop_with_idle( + if (r < 0) + return r; + +- if (r == 0 && !exiting) { ++ if (r == 0 && !exiting && idle) { + + r = sd_bus_try_close(bus); + if (r == -EBUSY) +-- +2.3.0 + @@ -7,7 +7,7 @@ pkgbase=systemd-selinux pkgname=('systemd-selinux' 'libsystemd-selinux' 'systemd-sysvcompat-selinux') pkgver=218 -pkgrel=1 +pkgrel=2 arch=('i686' 'x86_64') url="http://www.freedesktop.org/wiki/Software/systemd" groups=('selinux') @@ -19,11 +19,56 @@ options=('strip' 'debug') source=("http://www.freedesktop.org/software/${pkgname/-selinux}/${pkgname/-selinux}-$pkgver.tar.xz" 'initcpio-hook-udev' 'initcpio-install-systemd' - 'initcpio-install-udev') + 'initcpio-install-udev' + 0001-journal-fix-dangling-else-ambiguity.patch + 0002-nspawn-properly-validate-machine-names.patch + 0003-systemctl-fix-argument-handling-when-invoked-as-shut.patch + 0004-systemctl-properly-iterate-through-service-array-whe.patch + 0005-nss-myhostname-always-will-in-canonical-hostname-fie.patch + 0010-log-fix-log_full_errno-with-custom-facilities.patch + 0014-timesyncd-consider-too-long-packets-as-invalid.patch + 0016-logind-fix-sd_eviocrevoke-ioctl-call.patch + 0019-sd-bus-fix-handling-of-double-parameters-in-sd_bus_m.patch + 0021-units-fix-all-TTY-paths-for-container-gettys.patch + 0024-sd-dhcp-chop-of-trailing-dot-of-DHCP-supplied-host-a.patch + 0025-logind-handle-closing-sessions-over-daemon-restarts.patch + 0026-core-make-setting-the-shutdown-watchdog-configuratio.patch + 0027-sd-rtnl-don-t-fail-event-handler-when-callback-fails.patch + 0029-config_parse_set_status-put-signals-in-the-correct-s.patch + 0030-network-address-test-network-avoid-undefined-behavio.patch + 0033-core-disarm-shutdown-watchdog-if-we-fail-to-set-time.patch + 0034-exit-on-idle-only-exit-if-actually-idle.patch) md5sums=('4e2c511b0a7932d7fc9d79822273aac6' '90ea67a7bb237502094914622a39e281' 'c9db3010602913559295de3481019681' - 'bde43090d4ac0ef048e3eaee8202a407') + 'bde43090d4ac0ef048e3eaee8202a407' + '22920ff32e345a26a9c05662ec274314' + '6960b43aaec4f899fdf0fe87d0457901' + '715cefd0e803d8b441811688fd4da1c3' + '3bb57f2812572ee999928ba33b489afe' + '5d42fda1f10c02861ee454277b516716' + 'a079c6e5c8d0184adf47794aaf338ac4' + 'c9b4e7bff3d1c073852c3d1b3bb8002e' + 'ae4d820582570ceb7b7c80b6810596f1' + '5b212435622f69c2a24b01ef7380bc94' + '0523c9ae27abdd30b847625b1c9c7a03' + 'c0d236b41dd4afad3f91dee72bb296a8' + '25e191463fb877fd5dabecb95f15ee8f' + '5911ef7d3ab5c5a06076fdea221ea27e' + 'ab7baf675e224cf19b9194fc1e4ea5ff' + '1d6cb563b3864fd8d724982bc2007f16' + '529c4fba7e0a709fda9e108e658e76c3' + '9d0d909507294afb879965e74fef79c8' + 'c0b68cefe7f00ea5ec856c64f799cca4') + +prepare() { + cd "${pkgname/-selinux}-$pkgver" + + for p in "${source[@]}"; do + [[ $p = *.patch ]] || continue + patch -Np1 <"../$p" + done +} build() { cd "${pkgname/-selinux}-$pkgver" diff --git a/systemd.install b/systemd.install index 8957a3336fea..3e510c5361e9 100644 --- a/systemd.install +++ b/systemd.install @@ -147,11 +147,7 @@ _216_2_changes() { } post_install() { - # because systemd can't sanely manage this meanial task... - uuidgen | { - read - echo "${REPLY//-}">etc/machine-id - } + systemd-machine-id-setup post_common "$@" |