Accepting request 947453 from Base:System

- Move the systemd-network-generator stuff in udev package
  This generator can generate .link files and is mainly used in initrd where
  udev is mandatory.

- Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is
  true (bsc#1194519)

- Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9)
  For a complete list of changes, visit:
  e2ca79dd77...3743acbce3

- Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
  which are not specific to the handling of 'Required-Start:' and move them into a
  new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch

- Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8)
  For a complete list of changes, visit:
  458220239c...e2ca79dd77

- Import commit 458220239c69b8e5fe7be480929348daeccb70d1
  e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
  078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit
  6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
  6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Drop the following patches as they have been merged into SUSE/v249 branch:
  5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
  5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
  5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch

- Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of v249.7)

OBS-URL: https://build.opensuse.org/request/show/947453
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=344
This commit is contained in:
Dominique Leuenberger 2022-01-21 00:25:13 +00:00 committed by Git OBS Bridge
commit e028e9dcc1
11 changed files with 160 additions and 529 deletions

View File

@ -1,59 +1,28 @@
From 7f59f7b1b506c1394712ad3d6bab81318052a14c Mon Sep 17 00:00:00 2001 From 9e6a1f4b085b29abaf90ecd05859537b837b39fe Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com> From: Thomas Blume <Thomas.Blume@suse.com>
Date: Wed, 4 May 2016 17:40:04 +0200 Date: Wed, 4 May 2016 17:40:04 +0200
Subject: [PATCH 08/11] sysv-generator: translate "Required-Start" into a Subject: [PATCH 8/8] sysv-generator: translate "Required-Start" into a "Wants"
"Wants" dependency dependency
'Required-Start:' used to be supported by insserv but this functionality was
dropped when insserv was rewritten into a compat perl wrapper (insserv-compat),
which happened when systemd was introduced in SUSE, I guess.
It's been decided to add back the support in systemd instead of insserv-compat,
see the comments in bsc#857204.
[tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch] [tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch]
[fbui: this is needed probably because insserv's behavior has been [wfink: fixes bsc#857204]
sadly changed since SLE11: it now doesn't failed if a
dependency listed by Required-Start is missing.]
[fbui: according to Werner "This should fix bnc#858864 and
bnc#857204." (see Base:System changelog)]
--- ---
src/sysv-generator/sysv-generator.c | 12 ++++++++++-- src/sysv-generator/sysv-generator.c | 7 ++++++-
1 file changed, 10 insertions(+), 2 deletions(-) 1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index fa5355c964..62755f3652 100644 index bf23c48662..c6e1953839 100644
--- a/src/sysv-generator/sysv-generator.c --- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c +++ b/src/sysv-generator/sysv-generator.c
@@ -257,6 +257,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, @@ -409,8 +409,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
"remote_fs", SPECIAL_REMOTE_FS_TARGET,
"syslog", NULL,
"time", SPECIAL_TIME_SYNC_TARGET,
+ "all", SPECIAL_DEFAULT_TARGET,
};
const char *filename;
@@ -271,6 +272,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
filename = basename(s->path);
+ n = *name == '+' ? ++name : name;
n = *name == '$' ? name + 1 : name;
for (i = 0; i < ELEMENTSOF(table); i += 2) {
@@ -407,7 +409,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
for (;;) {
_cleanup_free_ char *word = NULL, *m = NULL;
- bool is_before;
+ bool is_before, is_wanted;
r = extract_first_word(&text, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RELAX);
if (r < 0)
@@ -420,6 +422,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
continue;
is_before = startswith_no_case(full_text, "X-Start-Before:");
+ is_wanted = startswith_no_case(full_text, "Required-Start:");
if (streq(m, SPECIAL_NETWORK_ONLINE_TARGET) && !is_before) {
/* the network-online target is special, as it needs to be actively pulled in */
@@ -428,8 +431,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text
return log_oom(); return log_oom();
r = strv_extend(&s->wants, m); r = strv_extend(&s->wants, m);
@ -61,7 +30,7 @@ index fa5355c964..62755f3652 100644
+ } else { + } else {
r = strv_extend(is_before ? &s->before : &s->after, m); r = strv_extend(is_before ? &s->before : &s->after, m);
+ +
+ if (is_wanted) + if (startswith_no_case(full_text, "Required-Start:"))
+ r = strv_extend(&s->wants, m); + r = strv_extend(&s->wants, m);
+ } + }
+ +
@ -69,5 +38,5 @@ index fa5355c964..62755f3652 100644
return log_oom(); return log_oom();
} }
-- --
2.26.2 2.31.1

View File

@ -0,0 +1,43 @@
From 6f4d9d9688ad65bb46d09ac09f570c6ee4bc3671 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 14 Jan 2022 08:17:38 +0100
Subject: [PATCH 1010/1010] sysv: add back support for '$all' virtual facility
and '+' facitity name prefix
'$all' was probably a Debian thing and has probably never been supported by RH,
which explains why systemd upstream never supported it too. At least I couldn't
find any reference of this facility name in
http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic.html#FACILNAME. OTOH
'$all' is described in https://wiki.debian.org/LSBInitScripts
Regarding the '+' prefix, I couldn't find any mention of it
anywhere. Apparently it was equivalent to '$' in facility names.
[wfink: bsc#858864]
---
src/sysv-generator/sysv-generator.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
index c6e1953839..0aadb397ed 100644
--- a/src/sysv-generator/sysv-generator.c
+++ b/src/sysv-generator/sysv-generator.c
@@ -243,6 +243,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
"remote_fs", SPECIAL_REMOTE_FS_TARGET,
"syslog", NULL,
"time", SPECIAL_TIME_SYNC_TARGET,
+ "all", SPECIAL_DEFAULT_TARGET,
};
const char *filename;
@@ -257,6 +258,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name,
filename = basename(s->path);
+ n = *name == '+' ? ++name : name;
n = *name == '$' ? name + 1 : name;
for (i = 0; i < ELEMENTSOF(table); i += 2) {
--
2.31.1

View File

@ -1,66 +0,0 @@
From 5bc4f2e271c4907af1d3208c5bb33ce795326abc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Nov 2021 15:55:45 +0100
Subject: [PATCH 5000/5002] shared/rm_rf: refactor rm_rf_children_inner() to
shorten code a bit
---
src/shared/rm-rf.c | 27 +++++++++------------------
1 file changed, 9 insertions(+), 18 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 19f37e0f19..7362954116 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -124,7 +124,7 @@ static int rm_rf_children_inner(
const struct stat *root_dev) {
struct stat st;
- int r;
+ int r, q = 0;
assert(fd >= 0);
assert(fname);
@@ -142,7 +142,6 @@ static int rm_rf_children_inner(
if (is_dir) {
_cleanup_close_ int subdir_fd = -1;
- int q;
/* if root_dev is set, remove subdirectories only if device is same */
if (root_dev && st.st_dev != root_dev->st_dev)
@@ -178,23 +177,15 @@ static int rm_rf_children_inner(
* again for each directory */
q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags);
- if (r < 0)
- return r;
- if (q < 0)
- return q;
-
- return 1;
-
- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
- r = unlinkat_harder(fd, fname, 0, flags);
- if (r < 0)
- return r;
-
- return 1;
- }
+ } else if (flags & REMOVE_ONLY_DIRECTORIES)
+ return 0;
- return 0;
+ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags);
+ if (r < 0)
+ return r;
+ if (q < 0)
+ return q;
+ return 1;
}
int rm_rf_children(
--
2.31.1

View File

@ -1,98 +0,0 @@
From 8f608df0305355c9b2ddd7c75926a6bd6247e635 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Nov 2021 16:56:42 +0100
Subject: [PATCH 5001/5002] shared/rm_rf: refactor rm_rf() to shorten code a
bit
---
src/shared/rm-rf.c | 53 ++++++++++++++++++++--------------------------
1 file changed, 23 insertions(+), 30 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 7362954116..c7d3b8b7ad 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -250,7 +250,7 @@ int rm_rf_children(
}
int rm_rf(const char *path, RemoveFlags flags) {
- int fd, r;
+ int fd, r, q = 0;
assert(path);
@@ -282,49 +282,42 @@ int rm_rf(const char *path, RemoveFlags flags) {
}
fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
- if (fd < 0) {
+ if (fd >= 0) {
+ /* We have a dir */
+ r = rm_rf_children(fd, flags, NULL);
+
+ if (FLAGS_SET(flags, REMOVE_ROOT))
+ q = RET_NERRNO(rmdir(path));
+ } else {
if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
return 0;
if (!IN_SET(errno, ENOTDIR, ELOOP))
return -errno;
- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES))
+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT))
return 0;
- if (FLAGS_SET(flags, REMOVE_ROOT)) {
-
- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
- struct statfs s;
-
- if (statfs(path, &s) < 0)
- return -errno;
- if (is_physical_fs(&s))
- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
- "Attempted to remove files from a disk file system under \"%s\", refusing.",
- path);
- }
-
- if (unlink(path) < 0) {
- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
- return 0;
+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+ struct statfs s;
+ if (statfs(path, &s) < 0)
return -errno;
- }
+ if (is_physical_fs(&s))
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+ "Attempted to remove files from a disk file system under \"%s\", refusing.",
+ path);
}
- return 0;
+ r = 0;
+ q = RET_NERRNO(unlink(path));
}
- r = rm_rf_children(fd, flags, NULL);
-
- if (FLAGS_SET(flags, REMOVE_ROOT) &&
- rmdir(path) < 0 &&
- r >= 0 &&
- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT))
- r = -errno;
-
- return r;
+ if (r < 0)
+ return r;
+ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK)))
+ return q;
+ return 0;
}
int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
--
2.31.1

View File

@ -1,273 +0,0 @@
From c561e2eab3b9b759b7592ea1b8168d4f36ede031 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Wed, 5 Jan 2022 15:08:07 +0100
Subject: [PATCH 5002/5002] shared/rm-rf: loop over nested directories instead
of instead of recursing
To remove directory structures, we need to remove the innermost items first,
and then recursively remove higher-level directories. We would recursively
descend into directories and invoke rm_rf_children and rm_rm_children_inner.
This is problematic when too many directories are nested.
Instead, let's create a "TODO" queue. In the the queue, for each level we
hold the DIR* object we were working on, and the name of the directory. This
allows us to leave a partially-processed directory, and restart the removal
loop one level down. When done with the inner directory, we use the name to
unlinkat() it from the parent, and proceed with the removal of other items.
Because the nesting is increased by one level, it is best to view this patch
with -b/--ignore-space-change.
This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639.
The issue was reported and patches reviewed by Qualys Team.
Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure.
[fbui: adjust context]
[fbui: fixes CVE-2021-3997]
[fbui: fixes bsc#1194178]
---
src/shared/rm-rf.c | 159 +++++++++++++++++++++++++++++++--------------
1 file changed, 112 insertions(+), 47 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index c7d3b8b7ad..58da213e9f 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -52,7 +52,6 @@ static int patch_dirfd_mode(
}
int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) {
-
mode_t old_mode;
int r;
@@ -116,12 +115,13 @@ int fstatat_harder(int dfd,
return 0;
}
-static int rm_rf_children_inner(
+static int rm_rf_inner_child(
int fd,
const char *fname,
int is_dir,
RemoveFlags flags,
- const struct stat *root_dev) {
+ const struct stat *root_dev,
+ bool allow_recursion) {
struct stat st;
int r, q = 0;
@@ -141,9 +141,7 @@ static int rm_rf_children_inner(
}
if (is_dir) {
- _cleanup_close_ int subdir_fd = -1;
-
- /* if root_dev is set, remove subdirectories only if device is same */
+ /* If root_dev is set, remove subdirectories only if device is same */
if (root_dev && st.st_dev != root_dev->st_dev)
return 0;
@@ -155,7 +153,6 @@ static int rm_rf_children_inner(
return 0;
if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
-
/* This could be a subvolume, try to remove it */
r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
@@ -169,13 +166,16 @@ static int rm_rf_children_inner(
return 1;
}
- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ if (!allow_recursion)
+ return -EISDIR;
+
+ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
if (subdir_fd < 0)
return -errno;
/* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type
* again for each directory */
- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
+ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev);
} else if (flags & REMOVE_ONLY_DIRECTORIES)
return 0;
@@ -188,63 +188,128 @@ static int rm_rf_children_inner(
return 1;
}
+typedef struct TodoEntry {
+ DIR *dir; /* A directory that we were operating on. */
+ char *dirname; /* The filename of that directory itself. */
+} TodoEntry;
+
+static void free_todo_entries(TodoEntry **todos) {
+ for (TodoEntry *x = *todos; x && x->dir; x++) {
+ closedir(x->dir);
+ free(x->dirname);
+ }
+
+ freep(todos);
+}
+
int rm_rf_children(
int fd,
RemoveFlags flags,
const struct stat *root_dev) {
- _cleanup_closedir_ DIR *d = NULL;
+ _cleanup_(free_todo_entries) TodoEntry *todos = NULL;
struct dirent *de;
+ size_t n_todo = 0;
+ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */
int ret = 0, r;
- assert(fd >= 0);
+ /* Return the first error we run into, but nevertheless try to go on.
+ * The passed fd is closed in all cases, including on failure. */
+
+ for (;;) { /* This loop corresponds to the directory nesting level. */
+ _cleanup_closedir_ DIR *d = NULL;
+
+ if (n_todo > 0) {
+ /* We know that we are in recursion here, because n_todo is set.
+ * We need to remove the inner directory we were operating on. */
+ assert(dirname);
+ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags);
+ if (r < 0 && r != -ENOENT && ret == 0)
+ ret = r;
+ dirname = mfree(dirname);
+
+ /* And now let's back out one level up */
+ n_todo --;
+ d = TAKE_PTR(todos[n_todo].dir);
+ dirname = TAKE_PTR(todos[n_todo].dirname);
+
+ assert(d);
+ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */
+ assert(fd >= 0);
+ } else {
+ next_fd:
+ assert(fd >= 0);
+ d = fdopendir(fd);
+ if (!d) {
+ safe_close(fd);
+ return -errno;
+ }
+ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have
+ * the right descriptor even if it were to internally invalidate the
+ * one we passed. */
+
+ if (!(flags & REMOVE_PHYSICAL)) {
+ struct statfs sfs;
+
+ if (fstatfs(fd, &sfs) < 0)
+ return -errno;
+
+ if (is_physical_fs(&sfs)) {
+ /* We refuse to clean physical file systems with this call, unless
+ * explicitly requested. This is extra paranoia just to be sure we
+ * never ever remove non-state data. */
+
+ _cleanup_free_ char *path = NULL;
+
+ (void) fd_get_path(fd, &path);
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+ "Attempted to remove disk file system under \"%s\", and we can't allow that.",
+ strna(path));
+ }
+ }
+ }
- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
- * fd, in all cases, including on failure. */
+ FOREACH_DIRENT_ALL(de, d, return -errno) {
+ int is_dir;
- d = fdopendir(fd);
- if (!d) {
- safe_close(fd);
- return -errno;
- }
+ if (dot_or_dot_dot(de->d_name))
+ continue;
- if (!(flags & REMOVE_PHYSICAL)) {
- struct statfs sfs;
+ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR;
- if (fstatfs(dirfd(d), &sfs) < 0)
- return -errno;
+ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false);
+ if (r == -EISDIR) {
+ /* Push the current working state onto the todo list */
- if (is_physical_fs(&sfs)) {
- /* We refuse to clean physical file systems with this call, unless explicitly
- * requested. This is extra paranoia just to be sure we never ever remove non-state
- * data. */
+ if (!GREEDY_REALLOC0(todos, n_todo + 2))
+ return log_oom();
- _cleanup_free_ char *path = NULL;
+ _cleanup_free_ char *newdirname = strdup(de->d_name);
+ if (!newdirname)
+ return log_oom();
- (void) fd_get_path(fd, &path);
- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
- "Attempted to remove disk file system under \"%s\", and we can't allow that.",
- strna(path));
- }
- }
+ int newfd = openat(fd, de->d_name,
+ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ if (newfd >= 0) {
+ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) };
+ fd = newfd;
+ dirname = TAKE_PTR(newdirname);
- FOREACH_DIRENT_ALL(de, d, return -errno) {
- int is_dir;
+ goto next_fd;
- if (dot_or_dot_dot(de->d_name))
- continue;
+ } else if (errno != -ENOENT && ret == 0)
+ ret = -errno;
- is_dir =
- de->d_type == DT_UNKNOWN ? -1 :
- de->d_type == DT_DIR;
+ } else if (r < 0 && r != -ENOENT && ret == 0)
+ ret = r;
+ }
- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev);
- if (r < 0 && r != -ENOENT && ret == 0)
- ret = r;
- }
+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0)
+ ret = -errno;
- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0)
- ret = -errno;
+ if (n_todo == 0)
+ break;
+ }
return ret;
}
@@ -336,5 +401,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
return -EINVAL;
- return rm_rf_children_inner(fd, name, -1, flags, NULL);
+ return rm_rf_inner_child(fd, name, -1, flags, NULL, true);
}
--
2.31.1

View File

@ -2,15 +2,15 @@
# This script is called by "systemctl enable/disable" when the given unit is a # This script is called by "systemctl enable/disable" when the given unit is a
# SysV init.d script. It needs to call the distribution's mechanism for # SysV init.d script. It needs to call the distribution's mechanism for
# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This # enabling/disabling those, such as chkconfig, update-rc.d, or similar. This can
# can optionally take a --root argument for enabling a SysV init script # optionally take a --root argument for enabling a SysV init script in a chroot
# in a chroot or similar. # or similar.
# #
# chkconfig(8) and insserv(8) are no more available hence let's do the # chkconfig(8) and insserv(8) are no more available hence let's do the bare
# bare minimum and create/remote the symlinks for the well known # minimum and create/remove the symlinks for the well known runlevels and
# runlevels and nothing more. Note that we don't take care of # nothing more. Note that we don't take care of enabling/disabling the service
# enabling/disabling the service dependencies as the sysv-generator # dependencies as the sysv-generator will take care of them for us (openSUSE
# will take care of them for us (openSUSE specific). # specific).
# #
set -e set -e

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:91b2f8c8492b03612c3148615a39d7553632798941456e7702306837f0118dd8
size 7276848

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:64320468ebe2502773e1365b50c369de2520ec4b614c623a4ca1339e26968ec2
size 7278924

View File

@ -1,3 +1,56 @@
-------------------------------------------------------------------
Wed Jan 19 14:25:46 UTC 2022 - Franck Bui <fbui@suse.com>
- Move the systemd-network-generator stuff in udev package
This generator can generate .link files and is mainly used in initrd where
udev is mandatory.
-------------------------------------------------------------------
Tue Jan 18 17:57:43 UTC 2022 - Franck Bui <fbui@suse.com>
- Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is
true (bsc#1194519)
-------------------------------------------------------------------
Mon Jan 17 09:16:13 UTC 2022 - Franck Bui <fbui@suse.com>
- Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/e2ca79dd775d1f7d39861d57f23c43f6cd85a872...3743acbce3bd44208af453fc6dc384a1236dc83c
-------------------------------------------------------------------
Fri Jan 14 14:55:56 UTC 2022 - Franck Bui <fbui@suse.com>
- Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
which are not specific to the handling of 'Required-Start:' and move them into a
new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch
-------------------------------------------------------------------
Thu Jan 13 21:54:06 UTC 2022 - Franck Bui <fbui@suse.com>
- Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/458220239c69b8e5fe7be480929348daeccb70d1...e2ca79dd775d1f7d39861d57f23c43f6cd85a872
-------------------------------------------------------------------
Thu Jan 13 20:03:51 UTC 2022 - Franck Bui <fbui@suse.com>
- Import commit 458220239c69b8e5fe7be480929348daeccb70d1
e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178)
078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit
6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826)
- Drop the following patches as they have been merged into SUSE/v249 branch:
5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 11 08:06:11 UTC 2022 - Franck Bui <fbui@suse.com> Tue Jan 11 08:06:11 UTC 2022 - Franck Bui <fbui@suse.com>
@ -49,7 +102,7 @@ Wed Nov 24 10:40:01 UTC 2021 - Ludwig Nussel <lnussel@suse.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 22 08:48:12 UTC 2021 - Franck Bui <fbui@suse.com> Mon Nov 22 08:48:12 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of 249.7) - Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of v249.7)
For a complete list of changes, visit: For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/c34c98712600bc206919ec6ed136195f75ac1967...523f32df573d459551760b072cb62906f4a2cf23 https://github.com/openSUSE/systemd/compare/c34c98712600bc206919ec6ed136195f75ac1967...523f32df573d459551760b072cb62906f4a2cf23
@ -69,7 +122,7 @@ Mon Nov 22 08:43:25 UTC 2021 - Franck Bui <fbui@suse.com>
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 15 09:35:08 UTC 2021 - Franck Bui <fbui@suse.com> Mon Nov 15 09:35:08 UTC 2021 - Franck Bui <fbui@suse.com>
- Import commit 61c79e68381801428c0bc00a56b9e2e9cfa68373 (merge of 249.6) - Import commit 61c79e68381801428c0bc00a56b9e2e9cfa68373 (merge of v249.6)
bcdeee7b4c virt: Support detection for ARM64 Hyper-V guests (bsc#1186071) bcdeee7b4c virt: Support detection for ARM64 Hyper-V guests (bsc#1186071)
[...] [...]

View File

@ -32,7 +32,7 @@
%endif %endif
%define min_kernel_version 4.5 %define min_kernel_version 4.5
%define suse_version +suse.66.ga54f80116c %define suse_version +suse.75.g3743acbce3
%define _testsuitedir /usr/lib/systemd/tests %define _testsuitedir /usr/lib/systemd/tests
%if 0%{?bootstrap} %if 0%{?bootstrap}
@ -69,7 +69,7 @@
Name: systemd%{?mini} Name: systemd%{?mini}
URL: http://www.freedesktop.org/wiki/Software/systemd URL: http://www.freedesktop.org/wiki/Software/systemd
Version: 249.7 Version: 249.9
Release: 0 Release: 0
Summary: A System and Session Manager Summary: A System and Session Manager
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
@ -198,10 +198,11 @@ Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch
Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch
Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch Patch9: 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch
Patch10: 0001-conf-parser-introduce-early-drop-ins.patch Patch10: 0001-conf-parser-introduce-early-drop-ins.patch
Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch
Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
Patch13: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch
# Patches listed below are put in quarantine. Normally all changes # Patches listed below are put in quarantine. Normally all changes
# must go to upstream first and then are cherry-picked in the SUSE git # must go to upstream first and then are cherry-picked in the SUSE git
@ -210,12 +211,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch
# temporary and should be removed as soon as a fix is merged by # temporary and should be removed as soon as a fix is merged by
# upstream. # upstream.
# The following patches address CVE-2021-3997. They will be moved to the git
# repo once the issue will become public and upstream will release them.
Patch5000: 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
Patch5001: 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
Patch5002: 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch
%description %description
Systemd is a system and service manager, compatible with SysV and LSB Systemd is a system and service manager, compatible with SysV and LSB
init scripts for Linux. systemd provides aggressive parallelization init scripts for Linux. systemd provides aggressive parallelization
@ -746,8 +741,11 @@ for s in %{SOURCE100} %{SOURCE101} %{SOURCE102}; do
done done
%if %{with split_usr} %if %{with split_usr}
mkdir -p %{buildroot}/{bin,sbin}
# Legacy paths
ln -s ../usr/bin/udevadm %{buildroot}/sbin/
ln -s ../usr/bin/systemctl %{buildroot}/bin/
# Legacy sysvinit tools # Legacy sysvinit tools
mkdir -p %{buildroot}/sbin
ln -s ../usr/lib/systemd/systemd %{buildroot}/sbin/init ln -s ../usr/lib/systemd/systemd %{buildroot}/sbin/init
ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot
ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt
@ -787,8 +785,8 @@ mv %{buildroot}%{_datadir}/polkit-1/rules.d/systemd-networkd.rules \
# /usr/lib/sysctl.d/99-sysctl.conf. # /usr/lib/sysctl.d/99-sysctl.conf.
ln -s ../../../etc/sysctl.conf %{buildroot}%{_sysctldir}/99-sysctl.conf ln -s ../../../etc/sysctl.conf %{buildroot}%{_sysctldir}/99-sysctl.conf
# The definition of the basic users/groups are defined by system-user # The definitions of the basic users/groups are given by system-user package on
# on SUSE (bsc#1006978). # SUSE (bsc#1006978).
rm -f %{buildroot}%{_sysusersdir}/basic.conf rm -f %{buildroot}%{_sysusersdir}/basic.conf
# Remove README file in init.d as (SUSE) rpm requires executable files # Remove README file in init.d as (SUSE) rpm requires executable files
@ -1281,6 +1279,9 @@ fi
%{_bindir}/systemd-cgls %{_bindir}/systemd-cgls
%{_bindir}/systemd-cgtop %{_bindir}/systemd-cgtop
%{_bindir}/systemd-cat %{_bindir}/systemd-cat
%if %{with split_usr}
/bin/systemctl
%endif
%dir %{_prefix}/lib/kernel %dir %{_prefix}/lib/kernel
%dir %{_prefix}/lib/kernel/install.d %dir %{_prefix}/lib/kernel/install.d
%{_prefix}/lib/kernel/install.d/00-entry-directory.install %{_prefix}/lib/kernel/install.d/00-entry-directory.install
@ -1290,6 +1291,8 @@ fi
%dir %{_prefix}/lib/systemd/network %dir %{_prefix}/lib/systemd/network
%dir %{_unitdir} %dir %{_unitdir}
%{_userunitdir} %{_userunitdir}
%exclude %{_prefix}/lib/systemd/systemd-network-generator
%exclude %{_unitdir}/systemd-network-generator.service
%if %{with coredump} %if %{with coredump}
%exclude %{_prefix}/lib/systemd/systemd-coredump %exclude %{_prefix}/lib/systemd/systemd-coredump
%exclude %{_unitdir}/systemd-coredump* %exclude %{_unitdir}/systemd-coredump*
@ -1302,6 +1305,7 @@ fi
%exclude %{_prefix}/lib/systemd/systemd-journal-gatewayd %exclude %{_prefix}/lib/systemd/systemd-journal-gatewayd
%exclude %{_prefix}/lib/systemd/systemd-journal-remote %exclude %{_prefix}/lib/systemd/systemd-journal-remote
%exclude %{_prefix}/lib/systemd/systemd-journal-upload %exclude %{_prefix}/lib/systemd/systemd-journal-upload
%exclude %{_datadir}/systemd/gatewayd
%endif %endif
%exclude %{_prefix}/lib/systemd/systemd-udevd %exclude %{_prefix}/lib/systemd/systemd-udevd
%exclude %{_unitdir}/systemd-udev*.* %exclude %{_unitdir}/systemd-udev*.*
@ -1330,10 +1334,8 @@ fi
%exclude %{_unitdir}/dbus-org.freedesktop.import1.service %exclude %{_unitdir}/dbus-org.freedesktop.import1.service
%endif %endif
%if %{with networkd} %if %{with networkd}
%exclude %{_prefix}/lib/systemd/systemd-network-generator
%exclude %{_prefix}/lib/systemd/systemd-networkd %exclude %{_prefix}/lib/systemd/systemd-networkd
%exclude %{_prefix}/lib/systemd/systemd-networkd-wait-online %exclude %{_prefix}/lib/systemd/systemd-networkd-wait-online
%exclude %{_unitdir}/systemd-network-generator.service
%exclude %{_unitdir}/systemd-networkd.service %exclude %{_unitdir}/systemd-networkd.service
%exclude %{_unitdir}/systemd-networkd.socket %exclude %{_unitdir}/systemd-networkd.socket
%exclude %{_unitdir}/systemd-networkd-wait-online.service %exclude %{_unitdir}/systemd-networkd-wait-online.service
@ -1475,10 +1477,6 @@ fi
%{_datadir}/systemd %{_datadir}/systemd
%{_datadir}/factory %{_datadir}/factory
%if %{with journal_remote}
%exclude %{_datadir}/systemd/gatewayd
%endif
%{_datadir}/dbus-1/system-services/org.freedesktop.systemd1.service %{_datadir}/dbus-1/system-services/org.freedesktop.systemd1.service
%{_datadir}/dbus-1/system-services/org.freedesktop.locale1.service %{_datadir}/dbus-1/system-services/org.freedesktop.locale1.service
%{_datadir}/dbus-1/system-services/org.freedesktop.login1.service %{_datadir}/dbus-1/system-services/org.freedesktop.login1.service
@ -1503,12 +1501,13 @@ fi
%{_mandir}/man7/[bdfks]* %{_mandir}/man7/[bdfks]*
%{_mandir}/man8/kern* %{_mandir}/man8/kern*
%{_mandir}/man8/pam_* %{_mandir}/man8/pam_*
%{_mandir}/man8//rc-local.* %{_mandir}/man8/rc-local.*
%{_mandir}/man8/systemd-[a-gik-tvx]* %{_mandir}/man8/systemd-[a-gik-tvx]*
%{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-h[aioy]*
%{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-journald*
%{_mandir}/man8/systemd-u[ps]* %{_mandir}/man8/systemd-u[ps]*
%{_mandir}/man8/30-systemd-environment-d-generator.* %{_mandir}/man8/30-systemd-environment-d-generator.*
%exclude %{_mandir}/man8/systemd-network-generator.*
%if %{with coredump} %if %{with coredump}
%exclude %{_mandir}/man1/coredumpctl* %exclude %{_mandir}/man1/coredumpctl*
%exclude %{_mandir}/man5/coredump.conf* %exclude %{_mandir}/man5/coredump.conf*
@ -1623,6 +1622,9 @@ fi
%defattr(-,root,root) %defattr(-,root,root)
%{_bindir}/udevadm %{_bindir}/udevadm
%{_bindir}/systemd-hwdb %{_bindir}/systemd-hwdb
%if %{with split_usr}
/sbin/udevadm
%endif
%dir %{_prefix}/lib/udev/ %dir %{_prefix}/lib/udev/
%{_prefix}/lib/udev/ata_id %{_prefix}/lib/udev/ata_id
%{_prefix}/lib/udev/cdrom_id %{_prefix}/lib/udev/cdrom_id
@ -1636,6 +1638,8 @@ fi
%{_prefix}/lib/udev/scsi_id %{_prefix}/lib/udev/scsi_id
%{_prefix}/lib/udev/v4l_id %{_prefix}/lib/udev/v4l_id
%ghost %attr(644, root, root) %{_prefix}/lib/udev/compat-symlink-generation %ghost %attr(644, root, root) %{_prefix}/lib/udev/compat-symlink-generation
%{_prefix}/lib/systemd/systemd-udevd
%{_prefix}/lib/systemd/systemd-network-generator
%dir %{_udevrulesdir}/ %dir %{_udevrulesdir}/
%doc %{_udevrulesdir}/README %doc %{_udevrulesdir}/README
%exclude %{_udevrulesdir}/70-uaccess.rules %exclude %{_udevrulesdir}/70-uaccess.rules
@ -1648,16 +1652,7 @@ fi
%dir %{_sysconfdir}/udev/rules.d/ %dir %{_sysconfdir}/udev/rules.d/
%ghost %attr(444, root, root) %{_sysconfdir}/udev/hwdb.bin %ghost %attr(444, root, root) %{_sysconfdir}/udev/hwdb.bin
%config(noreplace) %{_sysconfdir}/udev/udev.conf %config(noreplace) %{_sysconfdir}/udev/udev.conf
%if ! 0%{?bootstrap}
%{_mandir}/man5/udev*
%{_mandir}/man7/hwdb*
%{_mandir}/man7/udev*
%{_mandir}/man8/systemd-hwdb*
%{_mandir}/man8/systemd-udev*
%{_mandir}/man8/udev*
%endif
%dir %{_unitdir} %dir %{_unitdir}
%{_prefix}/lib/systemd/systemd-udevd
%{_unitdir}/kmod-static-nodes.service %{_unitdir}/kmod-static-nodes.service
%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service %{_unitdir}/sysinit.target.wants/kmod-static-nodes.service
%{_tmpfilesdir}/static-nodes-permissions.conf %{_tmpfilesdir}/static-nodes-permissions.conf
@ -1665,6 +1660,7 @@ fi
%{_unitdir}/systemd-udevd*.socket %{_unitdir}/systemd-udevd*.socket
%{_unitdir}/systemd-hwdb*.* %{_unitdir}/systemd-hwdb*.*
%{_unitdir}/initrd-udevadm-cleanup-db.service %{_unitdir}/initrd-udevadm-cleanup-db.service
%{_unitdir}/systemd-network-generator.service
%dir %{_unitdir}/sysinit.target.wants %dir %{_unitdir}/sysinit.target.wants
%{_unitdir}/sysinit.target.wants/systemd-udev*.service %{_unitdir}/sysinit.target.wants/systemd-udev*.service
%dir %{_unitdir}/sockets.target.wants %dir %{_unitdir}/sockets.target.wants
@ -1672,6 +1668,15 @@ fi
%{_unitdir}/*.target.wants/systemd-hwdb*.* %{_unitdir}/*.target.wants/systemd-hwdb*.*
%{_prefix}/lib/systemd/network/99-default.link %{_prefix}/lib/systemd/network/99-default.link
%{_datadir}/pkgconfig/udev.pc %{_datadir}/pkgconfig/udev.pc
%if ! 0%{?bootstrap}
%{_mandir}/man5/udev*
%{_mandir}/man7/hwdb*
%{_mandir}/man7/udev*
%{_mandir}/man8/systemd-hwdb*
%{_mandir}/man8/systemd-udev*
%{_mandir}/man8/udev*
%{_mandir}/man8/systemd-network-generator.*
%endif
%files -n libsystemd0%{?mini} %files -n libsystemd0%{?mini}
%defattr(-,root,root) %defattr(-,root,root)
@ -1813,10 +1818,8 @@ fi
%{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules %{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules
%{_prefix}/lib/systemd/network/*.network %{_prefix}/lib/systemd/network/*.network
%{_prefix}/lib/systemd/network/*.network.example %{_prefix}/lib/systemd/network/*.network.example
%{_prefix}/lib/systemd/systemd-network-generator
%{_prefix}/lib/systemd/systemd-networkd %{_prefix}/lib/systemd/systemd-networkd
%{_prefix}/lib/systemd/systemd-networkd-wait-online %{_prefix}/lib/systemd/systemd-networkd-wait-online
%{_unitdir}/systemd-network-generator.service
%{_unitdir}/systemd-networkd.service %{_unitdir}/systemd-networkd.service
%{_unitdir}/systemd-networkd.socket %{_unitdir}/systemd-networkd.socket
%{_unitdir}/systemd-networkd-wait-online.service %{_unitdir}/systemd-networkd-wait-online.service