From 49e3c4604e6a7a41bf0bce0a3a11f090b60c0deb89e493c2f7eb299a31d05260 Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Fri, 21 Jan 2022 00:25:13 +0000 Subject: [PATCH] Accepting request 947453 from Base:System - Move the systemd-network-generator stuff in udev package This generator can generate .link files and is mainly used in initrd where udev is mandatory. - Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is true (bsc#1194519) - Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e2ca79dd775d1f7d39861d57f23c43f6cd85a872...3743acbce3bd44208af453fc6dc384a1236dc83c - Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch which are not specific to the handling of 'Required-Start:' and move them into a new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch - Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/458220239c69b8e5fe7be480929348daeccb70d1...e2ca79dd775d1f7d39861d57f23c43f6cd85a872 - Import commit 458220239c69b8e5fe7be480929348daeccb70d1 e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178) 078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit 6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit 6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826) - Drop the following patches as they have been merged into SUSE/v249 branch: 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch - Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of v249.7) OBS-URL: https://build.opensuse.org/request/show/947453 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=344 --- ...ranslate-Required-Start-into-a-Wants.patch | 65 ++--- ...ole-specificities-weirdness-for-s390.patch | 2 +- ...pport-for-all-virtual-facility-and-f.patch | 43 +++ ...actor-rm_rf_children_inner-to-shorte.patch | 66 ----- ...refactor-rm_rf-to-shorten-code-a-bit.patch | 98 ------- ...p-over-nested-directories-instead-of.patch | 273 ------------------ systemd-sysv-install | 16 +- systemd-v249.7+suse.66.ga54f80116c.tar.xz | 3 - systemd-v249.9+suse.75.g3743acbce3.tar.xz | 3 + systemd.changes | 57 +++- systemd.spec | 63 ++-- 11 files changed, 160 insertions(+), 529 deletions(-) create mode 100644 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch delete mode 100644 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch delete mode 100644 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch delete mode 100644 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch delete mode 100644 systemd-v249.7+suse.66.ga54f80116c.tar.xz create mode 100644 systemd-v249.9+suse.75.g3743acbce3.tar.xz diff --git a/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch b/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch index 55b44930..001c0a6c 100644 --- a/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch +++ b/0008-sysv-generator-translate-Required-Start-into-a-Wants.patch @@ -1,59 +1,28 @@ -From 7f59f7b1b506c1394712ad3d6bab81318052a14c Mon Sep 17 00:00:00 2001 +From 9e6a1f4b085b29abaf90ecd05859537b837b39fe Mon Sep 17 00:00:00 2001 From: Thomas Blume Date: Wed, 4 May 2016 17:40:04 +0200 -Subject: [PATCH 08/11] sysv-generator: translate "Required-Start" into a - "Wants" dependency +Subject: [PATCH 8/8] sysv-generator: translate "Required-Start" into a "Wants" + dependency + +'Required-Start:' used to be supported by insserv but this functionality was +dropped when insserv was rewritten into a compat perl wrapper (insserv-compat), +which happened when systemd was introduced in SUSE, I guess. + +It's been decided to add back the support in systemd instead of insserv-compat, +see the comments in bsc#857204. [tblume: Port of SLES12SP1 patch 0018-Make-LSB-Skripts-know-about-Required-and-Should.patch] -[fbui: this is needed probably because insserv's behavior has been - sadly changed since SLE11: it now doesn't failed if a - dependency listed by Required-Start is missing.] - -[fbui: according to Werner "This should fix bnc#858864 and - bnc#857204." (see Base:System changelog)] +[wfink: fixes bsc#857204] --- - src/sysv-generator/sysv-generator.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) + src/sysv-generator/sysv-generator.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c -index fa5355c964..62755f3652 100644 +index bf23c48662..c6e1953839 100644 --- a/src/sysv-generator/sysv-generator.c +++ b/src/sysv-generator/sysv-generator.c -@@ -257,6 +257,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, - "remote_fs", SPECIAL_REMOTE_FS_TARGET, - "syslog", NULL, - "time", SPECIAL_TIME_SYNC_TARGET, -+ "all", SPECIAL_DEFAULT_TARGET, - }; - - const char *filename; -@@ -271,6 +272,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, - - filename = basename(s->path); - -+ n = *name == '+' ? ++name : name; - n = *name == '$' ? name + 1 : name; - - for (i = 0; i < ELEMENTSOF(table); i += 2) { -@@ -407,7 +409,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text - - for (;;) { - _cleanup_free_ char *word = NULL, *m = NULL; -- bool is_before; -+ bool is_before, is_wanted; - - r = extract_first_word(&text, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RELAX); - if (r < 0) -@@ -420,6 +422,7 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text - continue; - - is_before = startswith_no_case(full_text, "X-Start-Before:"); -+ is_wanted = startswith_no_case(full_text, "Required-Start:"); - - if (streq(m, SPECIAL_NETWORK_ONLINE_TARGET) && !is_before) { - /* the network-online target is special, as it needs to be actively pulled in */ -@@ -428,8 +431,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text +@@ -409,8 +409,13 @@ static int handle_dependencies(SysvStub *s, unsigned line, const char *full_text return log_oom(); r = strv_extend(&s->wants, m); @@ -61,7 +30,7 @@ index fa5355c964..62755f3652 100644 + } else { r = strv_extend(is_before ? &s->before : &s->after, m); + -+ if (is_wanted) ++ if (startswith_no_case(full_text, "Required-Start:")) + r = strv_extend(&s->wants, m); + } + @@ -69,5 +38,5 @@ index fa5355c964..62755f3652 100644 return log_oom(); } -- -2.26.2 +2.31.1 diff --git a/0009-pid1-handle-console-specificities-weirdness-for-s390.patch b/0009-pid1-handle-console-specificities-weirdness-for-s390.patch index 6124095d..14354b18 100644 --- a/0009-pid1-handle-console-specificities-weirdness-for-s390.patch +++ b/0009-pid1-handle-console-specificities-weirdness-for-s390.patch @@ -24,7 +24,7 @@ command line option: systemd.log_color=off. See also a short discussion which happened on @systemd-maintainers whose $subject is "[PATCH] support conmode setting on command line". -[ fbui: fixes bsc#860937 ] +[fbui: fixes bsc#860937] --- src/basic/terminal-util.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch b/0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch new file mode 100644 index 00000000..91cc4e55 --- /dev/null +++ b/0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch @@ -0,0 +1,43 @@ +From 6f4d9d9688ad65bb46d09ac09f570c6ee4bc3671 Mon Sep 17 00:00:00 2001 +From: Franck Bui +Date: Fri, 14 Jan 2022 08:17:38 +0100 +Subject: [PATCH 1010/1010] sysv: add back support for '$all' virtual facility + and '+' facitity name prefix + +'$all' was probably a Debian thing and has probably never been supported by RH, +which explains why systemd upstream never supported it too. At least I couldn't +find any reference of this facility name in +http://refspecs.linux-foundation.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic.html#FACILNAME. OTOH +'$all' is described in https://wiki.debian.org/LSBInitScripts + +Regarding the '+' prefix, I couldn't find any mention of it +anywhere. Apparently it was equivalent to '$' in facility names. + +[wfink: bsc#858864] +--- + src/sysv-generator/sysv-generator.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c +index c6e1953839..0aadb397ed 100644 +--- a/src/sysv-generator/sysv-generator.c ++++ b/src/sysv-generator/sysv-generator.c +@@ -243,6 +243,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + "remote_fs", SPECIAL_REMOTE_FS_TARGET, + "syslog", NULL, + "time", SPECIAL_TIME_SYNC_TARGET, ++ "all", SPECIAL_DEFAULT_TARGET, + }; + + const char *filename; +@@ -257,6 +258,7 @@ static int sysv_translate_facility(SysvStub *s, unsigned line, const char *name, + + filename = basename(s->path); + ++ n = *name == '+' ? ++name : name; + n = *name == '$' ? name + 1 : name; + + for (i = 0; i < ELEMENTSOF(table); i += 2) { +-- +2.31.1 + diff --git a/5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch b/5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch deleted file mode 100644 index bb00830b..00000000 --- a/5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 5bc4f2e271c4907af1d3208c5bb33ce795326abc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 15:55:45 +0100 -Subject: [PATCH 5000/5002] shared/rm_rf: refactor rm_rf_children_inner() to - shorten code a bit - ---- - src/shared/rm-rf.c | 27 +++++++++------------------ - 1 file changed, 9 insertions(+), 18 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 19f37e0f19..7362954116 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -124,7 +124,7 @@ static int rm_rf_children_inner( - const struct stat *root_dev) { - - struct stat st; -- int r; -+ int r, q = 0; - - assert(fd >= 0); - assert(fname); -@@ -142,7 +142,6 @@ static int rm_rf_children_inner( - - if (is_dir) { - _cleanup_close_ int subdir_fd = -1; -- int q; - - /* if root_dev is set, remove subdirectories only if device is same */ - if (root_dev && st.st_dev != root_dev->st_dev) -@@ -178,23 +177,15 @@ static int rm_rf_children_inner( - * again for each directory */ - q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); - -- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); -- if (r < 0) -- return r; -- if (q < 0) -- return q; -- -- return 1; -- -- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -- r = unlinkat_harder(fd, fname, 0, flags); -- if (r < 0) -- return r; -- -- return 1; -- } -+ } else if (flags & REMOVE_ONLY_DIRECTORIES) -+ return 0; - -- return 0; -+ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags); -+ if (r < 0) -+ return r; -+ if (q < 0) -+ return q; -+ return 1; - } - - int rm_rf_children( --- -2.31.1 - diff --git a/5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch b/5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch deleted file mode 100644 index 347b5e55..00000000 --- a/5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 8f608df0305355c9b2ddd7c75926a6bd6247e635 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 16:56:42 +0100 -Subject: [PATCH 5001/5002] shared/rm_rf: refactor rm_rf() to shorten code a - bit - ---- - src/shared/rm-rf.c | 53 ++++++++++++++++++++-------------------------- - 1 file changed, 23 insertions(+), 30 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 7362954116..c7d3b8b7ad 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -250,7 +250,7 @@ int rm_rf_children( - } - - int rm_rf(const char *path, RemoveFlags flags) { -- int fd, r; -+ int fd, r, q = 0; - - assert(path); - -@@ -282,49 +282,42 @@ int rm_rf(const char *path, RemoveFlags flags) { - } - - fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -- if (fd < 0) { -+ if (fd >= 0) { -+ /* We have a dir */ -+ r = rm_rf_children(fd, flags, NULL); -+ -+ if (FLAGS_SET(flags, REMOVE_ROOT)) -+ q = RET_NERRNO(rmdir(path)); -+ } else { - if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) - return 0; - - if (!IN_SET(errno, ENOTDIR, ELOOP)) - return -errno; - -- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) -+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) - return 0; - -- if (FLAGS_SET(flags, REMOVE_ROOT)) { -- -- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -- struct statfs s; -- -- if (statfs(path, &s) < 0) -- return -errno; -- if (is_physical_fs(&s)) -- return log_error_errno(SYNTHETIC_ERRNO(EPERM), -- "Attempted to remove files from a disk file system under \"%s\", refusing.", -- path); -- } -- -- if (unlink(path) < 0) { -- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) -- return 0; -+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -+ struct statfs s; - -+ if (statfs(path, &s) < 0) - return -errno; -- } -+ if (is_physical_fs(&s)) -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove files from a disk file system under \"%s\", refusing.", -+ path); - } - -- return 0; -+ r = 0; -+ q = RET_NERRNO(unlink(path)); - } - -- r = rm_rf_children(fd, flags, NULL); -- -- if (FLAGS_SET(flags, REMOVE_ROOT) && -- rmdir(path) < 0 && -- r >= 0 && -- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) -- r = -errno; -- -- return r; -+ if (r < 0) -+ return r; -+ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) -+ return q; -+ return 0; - } - - int rm_rf_child(int fd, const char *name, RemoveFlags flags) { --- -2.31.1 - diff --git a/5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch b/5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch deleted file mode 100644 index 9c7eac68..00000000 --- a/5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch +++ /dev/null @@ -1,273 +0,0 @@ -From c561e2eab3b9b759b7592ea1b8168d4f36ede031 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Wed, 5 Jan 2022 15:08:07 +0100 -Subject: [PATCH 5002/5002] shared/rm-rf: loop over nested directories instead - of instead of recursing - -To remove directory structures, we need to remove the innermost items first, -and then recursively remove higher-level directories. We would recursively -descend into directories and invoke rm_rf_children and rm_rm_children_inner. -This is problematic when too many directories are nested. - -Instead, let's create a "TODO" queue. In the the queue, for each level we -hold the DIR* object we were working on, and the name of the directory. This -allows us to leave a partially-processed directory, and restart the removal -loop one level down. When done with the inner directory, we use the name to -unlinkat() it from the parent, and proceed with the removal of other items. - -Because the nesting is increased by one level, it is best to view this patch -with -b/--ignore-space-change. - -This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. -The issue was reported and patches reviewed by Qualys Team. -Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. - -[fbui: adjust context] -[fbui: fixes CVE-2021-3997] -[fbui: fixes bsc#1194178] ---- - src/shared/rm-rf.c | 159 +++++++++++++++++++++++++++++++-------------- - 1 file changed, 112 insertions(+), 47 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index c7d3b8b7ad..58da213e9f 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -52,7 +52,6 @@ static int patch_dirfd_mode( - } - - int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) { -- - mode_t old_mode; - int r; - -@@ -116,12 +115,13 @@ int fstatat_harder(int dfd, - return 0; - } - --static int rm_rf_children_inner( -+static int rm_rf_inner_child( - int fd, - const char *fname, - int is_dir, - RemoveFlags flags, -- const struct stat *root_dev) { -+ const struct stat *root_dev, -+ bool allow_recursion) { - - struct stat st; - int r, q = 0; -@@ -141,9 +141,7 @@ static int rm_rf_children_inner( - } - - if (is_dir) { -- _cleanup_close_ int subdir_fd = -1; -- -- /* if root_dev is set, remove subdirectories only if device is same */ -+ /* If root_dev is set, remove subdirectories only if device is same */ - if (root_dev && st.st_dev != root_dev->st_dev) - return 0; - -@@ -155,7 +153,6 @@ static int rm_rf_children_inner( - return 0; - - if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { -- - /* This could be a subvolume, try to remove it */ - - r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); -@@ -169,13 +166,16 @@ static int rm_rf_children_inner( - return 1; - } - -- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (!allow_recursion) -+ return -EISDIR; -+ -+ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); - if (subdir_fd < 0) - return -errno; - - /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type - * again for each directory */ -- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); -+ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); - - } else if (flags & REMOVE_ONLY_DIRECTORIES) - return 0; -@@ -188,63 +188,128 @@ static int rm_rf_children_inner( - return 1; - } - -+typedef struct TodoEntry { -+ DIR *dir; /* A directory that we were operating on. */ -+ char *dirname; /* The filename of that directory itself. */ -+} TodoEntry; -+ -+static void free_todo_entries(TodoEntry **todos) { -+ for (TodoEntry *x = *todos; x && x->dir; x++) { -+ closedir(x->dir); -+ free(x->dirname); -+ } -+ -+ freep(todos); -+} -+ - int rm_rf_children( - int fd, - RemoveFlags flags, - const struct stat *root_dev) { - -- _cleanup_closedir_ DIR *d = NULL; -+ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; - struct dirent *de; -+ size_t n_todo = 0; -+ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ - int ret = 0, r; - -- assert(fd >= 0); -+ /* Return the first error we run into, but nevertheless try to go on. -+ * The passed fd is closed in all cases, including on failure. */ -+ -+ for (;;) { /* This loop corresponds to the directory nesting level. */ -+ _cleanup_closedir_ DIR *d = NULL; -+ -+ if (n_todo > 0) { -+ /* We know that we are in recursion here, because n_todo is set. -+ * We need to remove the inner directory we were operating on. */ -+ assert(dirname); -+ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags); -+ if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ dirname = mfree(dirname); -+ -+ /* And now let's back out one level up */ -+ n_todo --; -+ d = TAKE_PTR(todos[n_todo].dir); -+ dirname = TAKE_PTR(todos[n_todo].dirname); -+ -+ assert(d); -+ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ -+ assert(fd >= 0); -+ } else { -+ next_fd: -+ assert(fd >= 0); -+ d = fdopendir(fd); -+ if (!d) { -+ safe_close(fd); -+ return -errno; -+ } -+ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have -+ * the right descriptor even if it were to internally invalidate the -+ * one we passed. */ -+ -+ if (!(flags & REMOVE_PHYSICAL)) { -+ struct statfs sfs; -+ -+ if (fstatfs(fd, &sfs) < 0) -+ return -errno; -+ -+ if (is_physical_fs(&sfs)) { -+ /* We refuse to clean physical file systems with this call, unless -+ * explicitly requested. This is extra paranoia just to be sure we -+ * never ever remove non-state data. */ -+ -+ _cleanup_free_ char *path = NULL; -+ -+ (void) fd_get_path(fd, &path); -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove disk file system under \"%s\", and we can't allow that.", -+ strna(path)); -+ } -+ } -+ } - -- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -- * fd, in all cases, including on failure. */ -+ FOREACH_DIRENT_ALL(de, d, return -errno) { -+ int is_dir; - -- d = fdopendir(fd); -- if (!d) { -- safe_close(fd); -- return -errno; -- } -+ if (dot_or_dot_dot(de->d_name)) -+ continue; - -- if (!(flags & REMOVE_PHYSICAL)) { -- struct statfs sfs; -+ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; - -- if (fstatfs(dirfd(d), &sfs) < 0) -- return -errno; -+ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); -+ if (r == -EISDIR) { -+ /* Push the current working state onto the todo list */ - -- if (is_physical_fs(&sfs)) { -- /* We refuse to clean physical file systems with this call, unless explicitly -- * requested. This is extra paranoia just to be sure we never ever remove non-state -- * data. */ -+ if (!GREEDY_REALLOC0(todos, n_todo + 2)) -+ return log_oom(); - -- _cleanup_free_ char *path = NULL; -+ _cleanup_free_ char *newdirname = strdup(de->d_name); -+ if (!newdirname) -+ return log_oom(); - -- (void) fd_get_path(fd, &path); -- return log_error_errno(SYNTHETIC_ERRNO(EPERM), -- "Attempted to remove disk file system under \"%s\", and we can't allow that.", -- strna(path)); -- } -- } -+ int newfd = openat(fd, de->d_name, -+ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (newfd >= 0) { -+ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; -+ fd = newfd; -+ dirname = TAKE_PTR(newdirname); - -- FOREACH_DIRENT_ALL(de, d, return -errno) { -- int is_dir; -+ goto next_fd; - -- if (dot_or_dot_dot(de->d_name)) -- continue; -+ } else if (errno != -ENOENT && ret == 0) -+ ret = -errno; - -- is_dir = -- de->d_type == DT_UNKNOWN ? -1 : -- de->d_type == DT_DIR; -+ } else if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ } - -- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -- } -+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) -+ ret = -errno; - -- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) -- ret = -errno; -+ if (n_todo == 0) -+ break; -+ } - - return ret; - } -@@ -336,5 +401,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) { - if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) - return -EINVAL; - -- return rm_rf_children_inner(fd, name, -1, flags, NULL); -+ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); - } --- -2.31.1 - diff --git a/systemd-sysv-install b/systemd-sysv-install index 403fc632..cffe4c8f 100644 --- a/systemd-sysv-install +++ b/systemd-sysv-install @@ -2,15 +2,15 @@ # This script is called by "systemctl enable/disable" when the given unit is a # SysV init.d script. It needs to call the distribution's mechanism for -# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This -# can optionally take a --root argument for enabling a SysV init script -# in a chroot or similar. +# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This can +# optionally take a --root argument for enabling a SysV init script in a chroot +# or similar. # -# chkconfig(8) and insserv(8) are no more available hence let's do the -# bare minimum and create/remote the symlinks for the well known -# runlevels and nothing more. Note that we don't take care of -# enabling/disabling the service dependencies as the sysv-generator -# will take care of them for us (openSUSE specific). +# chkconfig(8) and insserv(8) are no more available hence let's do the bare +# minimum and create/remove the symlinks for the well known runlevels and +# nothing more. Note that we don't take care of enabling/disabling the service +# dependencies as the sysv-generator will take care of them for us (openSUSE +# specific). # set -e diff --git a/systemd-v249.7+suse.66.ga54f80116c.tar.xz b/systemd-v249.7+suse.66.ga54f80116c.tar.xz deleted file mode 100644 index e1babceb..00000000 --- a/systemd-v249.7+suse.66.ga54f80116c.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:91b2f8c8492b03612c3148615a39d7553632798941456e7702306837f0118dd8 -size 7276848 diff --git a/systemd-v249.9+suse.75.g3743acbce3.tar.xz b/systemd-v249.9+suse.75.g3743acbce3.tar.xz new file mode 100644 index 00000000..0adfea70 --- /dev/null +++ b/systemd-v249.9+suse.75.g3743acbce3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:64320468ebe2502773e1365b50c369de2520ec4b614c623a4ca1339e26968ec2 +size 7278924 diff --git a/systemd.changes b/systemd.changes index b3e7e524..65d3231c 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,56 @@ +------------------------------------------------------------------- +Wed Jan 19 14:25:46 UTC 2022 - Franck Bui + +- Move the systemd-network-generator stuff in udev package + + This generator can generate .link files and is mainly used in initrd where + udev is mandatory. + +------------------------------------------------------------------- +Tue Jan 18 17:57:43 UTC 2022 - Franck Bui + +- Restore /sbin/udevadm and /bin/systemctl (obsolete) paths when split_usr is + true (bsc#1194519) + +------------------------------------------------------------------- +Mon Jan 17 09:16:13 UTC 2022 - Franck Bui + +- Import commit 3743acbce3bd44208af453fc6dc384a1236dc83c (merge of v249.9) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/e2ca79dd775d1f7d39861d57f23c43f6cd85a872...3743acbce3bd44208af453fc6dc384a1236dc83c + +------------------------------------------------------------------- +Fri Jan 14 14:55:56 UTC 2022 - Franck Bui + +- Extract bits from 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch + which are not specific to the handling of 'Required-Start:' and move them into a + new patch 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch + +------------------------------------------------------------------- +Thu Jan 13 21:54:06 UTC 2022 - Franck Bui + +- Import commit e2ca79dd775d1f7d39861d57f23c43f6cd85a872 (merge of v249.8) + + For a complete list of changes, visit: + https://github.com/openSUSE/systemd/compare/458220239c69b8e5fe7be480929348daeccb70d1...e2ca79dd775d1f7d39861d57f23c43f6cd85a872 + +------------------------------------------------------------------- +Thu Jan 13 20:03:51 UTC 2022 - Franck Bui + +- Import commit 458220239c69b8e5fe7be480929348daeccb70d1 + + e95df40b09 shared/rm-rf: loop over nested directories instead of instead of recursing (CVE-2021-3997 bsc#1194178) + 078e04305d shared/rm_rf: refactor rm_rf() to shorten code a bit + 6d560d0aca shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit + 6666ff056c localectl: don't omit keymaps files that are symlinks (bsc#1191826) + +- Drop the following patches as they have been merged into SUSE/v249 branch: + + 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch + 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch + 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch + ------------------------------------------------------------------- Tue Jan 11 08:06:11 UTC 2022 - Franck Bui @@ -49,7 +102,7 @@ Wed Nov 24 10:40:01 UTC 2021 - Ludwig Nussel ------------------------------------------------------------------- Mon Nov 22 08:48:12 UTC 2021 - Franck Bui -- Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of 249.7) +- Import commit 523f32df573d459551760b072cb62906f4a2cf23 (merge of v249.7) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/c34c98712600bc206919ec6ed136195f75ac1967...523f32df573d459551760b072cb62906f4a2cf23 @@ -69,7 +122,7 @@ Mon Nov 22 08:43:25 UTC 2021 - Franck Bui ------------------------------------------------------------------- Mon Nov 15 09:35:08 UTC 2021 - Franck Bui -- Import commit 61c79e68381801428c0bc00a56b9e2e9cfa68373 (merge of 249.6) +- Import commit 61c79e68381801428c0bc00a56b9e2e9cfa68373 (merge of v249.6) bcdeee7b4c virt: Support detection for ARM64 Hyper-V guests (bsc#1186071) [...] diff --git a/systemd.spec b/systemd.spec index 2219cded..1dbeb761 100644 --- a/systemd.spec +++ b/systemd.spec @@ -32,7 +32,7 @@ %endif %define min_kernel_version 4.5 -%define suse_version +suse.66.ga54f80116c +%define suse_version +suse.75.g3743acbce3 %define _testsuitedir /usr/lib/systemd/tests %if 0%{?bootstrap} @@ -69,7 +69,7 @@ Name: systemd%{?mini} URL: http://www.freedesktop.org/wiki/Software/systemd -Version: 249.7 +Version: 249.9 Release: 0 Summary: A System and Session Manager License: LGPL-2.1-or-later @@ -198,10 +198,11 @@ Patch5: 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch Patch6: 0006-sysv-generator-add-back-support-for-SysV-scripts-for.patch Patch7: 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch Patch8: 0008-sysv-generator-translate-Required-Start-into-a-Wants.patch -Patch9: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch +Patch9: 0009-sysv-add-back-support-for-all-virtual-facility-and-f.patch Patch10: 0001-conf-parser-introduce-early-drop-ins.patch Patch11: 0011-core-disable-session-keyring-per-system-sevice-entir.patch Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch +Patch13: 0009-pid1-handle-console-specificities-weirdness-for-s390.patch # Patches listed below are put in quarantine. Normally all changes # must go to upstream first and then are cherry-picked in the SUSE git @@ -210,12 +211,6 @@ Patch12: 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch # temporary and should be removed as soon as a fix is merged by # upstream. -# The following patches address CVE-2021-3997. They will be moved to the git -# repo once the issue will become public and upstream will release them. -Patch5000: 5000-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch -Patch5001: 5001-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch -Patch5002: 5002-shared-rm-rf-loop-over-nested-directories-instead-of.patch - %description Systemd is a system and service manager, compatible with SysV and LSB init scripts for Linux. systemd provides aggressive parallelization @@ -746,8 +741,11 @@ for s in %{SOURCE100} %{SOURCE101} %{SOURCE102}; do done %if %{with split_usr} +mkdir -p %{buildroot}/{bin,sbin} +# Legacy paths +ln -s ../usr/bin/udevadm %{buildroot}/sbin/ +ln -s ../usr/bin/systemctl %{buildroot}/bin/ # Legacy sysvinit tools -mkdir -p %{buildroot}/sbin ln -s ../usr/lib/systemd/systemd %{buildroot}/sbin/init ln -s ../usr/bin/systemctl %{buildroot}/sbin/reboot ln -s ../usr/bin/systemctl %{buildroot}/sbin/halt @@ -787,8 +785,8 @@ mv %{buildroot}%{_datadir}/polkit-1/rules.d/systemd-networkd.rules \ # /usr/lib/sysctl.d/99-sysctl.conf. ln -s ../../../etc/sysctl.conf %{buildroot}%{_sysctldir}/99-sysctl.conf -# The definition of the basic users/groups are defined by system-user -# on SUSE (bsc#1006978). +# The definitions of the basic users/groups are given by system-user package on +# SUSE (bsc#1006978). rm -f %{buildroot}%{_sysusersdir}/basic.conf # Remove README file in init.d as (SUSE) rpm requires executable files @@ -1281,6 +1279,9 @@ fi %{_bindir}/systemd-cgls %{_bindir}/systemd-cgtop %{_bindir}/systemd-cat +%if %{with split_usr} +/bin/systemctl +%endif %dir %{_prefix}/lib/kernel %dir %{_prefix}/lib/kernel/install.d %{_prefix}/lib/kernel/install.d/00-entry-directory.install @@ -1290,6 +1291,8 @@ fi %dir %{_prefix}/lib/systemd/network %dir %{_unitdir} %{_userunitdir} +%exclude %{_prefix}/lib/systemd/systemd-network-generator +%exclude %{_unitdir}/systemd-network-generator.service %if %{with coredump} %exclude %{_prefix}/lib/systemd/systemd-coredump %exclude %{_unitdir}/systemd-coredump* @@ -1302,6 +1305,7 @@ fi %exclude %{_prefix}/lib/systemd/systemd-journal-gatewayd %exclude %{_prefix}/lib/systemd/systemd-journal-remote %exclude %{_prefix}/lib/systemd/systemd-journal-upload +%exclude %{_datadir}/systemd/gatewayd %endif %exclude %{_prefix}/lib/systemd/systemd-udevd %exclude %{_unitdir}/systemd-udev*.* @@ -1330,10 +1334,8 @@ fi %exclude %{_unitdir}/dbus-org.freedesktop.import1.service %endif %if %{with networkd} -%exclude %{_prefix}/lib/systemd/systemd-network-generator %exclude %{_prefix}/lib/systemd/systemd-networkd %exclude %{_prefix}/lib/systemd/systemd-networkd-wait-online -%exclude %{_unitdir}/systemd-network-generator.service %exclude %{_unitdir}/systemd-networkd.service %exclude %{_unitdir}/systemd-networkd.socket %exclude %{_unitdir}/systemd-networkd-wait-online.service @@ -1475,10 +1477,6 @@ fi %{_datadir}/systemd %{_datadir}/factory -%if %{with journal_remote} -%exclude %{_datadir}/systemd/gatewayd -%endif - %{_datadir}/dbus-1/system-services/org.freedesktop.systemd1.service %{_datadir}/dbus-1/system-services/org.freedesktop.locale1.service %{_datadir}/dbus-1/system-services/org.freedesktop.login1.service @@ -1503,12 +1501,13 @@ fi %{_mandir}/man7/[bdfks]* %{_mandir}/man8/kern* %{_mandir}/man8/pam_* -%{_mandir}/man8//rc-local.* +%{_mandir}/man8/rc-local.* %{_mandir}/man8/systemd-[a-gik-tvx]* %{_mandir}/man8/systemd-h[aioy]* %{_mandir}/man8/systemd-journald* %{_mandir}/man8/systemd-u[ps]* %{_mandir}/man8/30-systemd-environment-d-generator.* +%exclude %{_mandir}/man8/systemd-network-generator.* %if %{with coredump} %exclude %{_mandir}/man1/coredumpctl* %exclude %{_mandir}/man5/coredump.conf* @@ -1623,6 +1622,9 @@ fi %defattr(-,root,root) %{_bindir}/udevadm %{_bindir}/systemd-hwdb +%if %{with split_usr} +/sbin/udevadm +%endif %dir %{_prefix}/lib/udev/ %{_prefix}/lib/udev/ata_id %{_prefix}/lib/udev/cdrom_id @@ -1636,6 +1638,8 @@ fi %{_prefix}/lib/udev/scsi_id %{_prefix}/lib/udev/v4l_id %ghost %attr(644, root, root) %{_prefix}/lib/udev/compat-symlink-generation +%{_prefix}/lib/systemd/systemd-udevd +%{_prefix}/lib/systemd/systemd-network-generator %dir %{_udevrulesdir}/ %doc %{_udevrulesdir}/README %exclude %{_udevrulesdir}/70-uaccess.rules @@ -1648,16 +1652,7 @@ fi %dir %{_sysconfdir}/udev/rules.d/ %ghost %attr(444, root, root) %{_sysconfdir}/udev/hwdb.bin %config(noreplace) %{_sysconfdir}/udev/udev.conf -%if ! 0%{?bootstrap} -%{_mandir}/man5/udev* -%{_mandir}/man7/hwdb* -%{_mandir}/man7/udev* -%{_mandir}/man8/systemd-hwdb* -%{_mandir}/man8/systemd-udev* -%{_mandir}/man8/udev* -%endif %dir %{_unitdir} -%{_prefix}/lib/systemd/systemd-udevd %{_unitdir}/kmod-static-nodes.service %{_unitdir}/sysinit.target.wants/kmod-static-nodes.service %{_tmpfilesdir}/static-nodes-permissions.conf @@ -1665,6 +1660,7 @@ fi %{_unitdir}/systemd-udevd*.socket %{_unitdir}/systemd-hwdb*.* %{_unitdir}/initrd-udevadm-cleanup-db.service +%{_unitdir}/systemd-network-generator.service %dir %{_unitdir}/sysinit.target.wants %{_unitdir}/sysinit.target.wants/systemd-udev*.service %dir %{_unitdir}/sockets.target.wants @@ -1672,6 +1668,15 @@ fi %{_unitdir}/*.target.wants/systemd-hwdb*.* %{_prefix}/lib/systemd/network/99-default.link %{_datadir}/pkgconfig/udev.pc +%if ! 0%{?bootstrap} +%{_mandir}/man5/udev* +%{_mandir}/man7/hwdb* +%{_mandir}/man7/udev* +%{_mandir}/man8/systemd-hwdb* +%{_mandir}/man8/systemd-udev* +%{_mandir}/man8/udev* +%{_mandir}/man8/systemd-network-generator.* +%endif %files -n libsystemd0%{?mini} %defattr(-,root,root) @@ -1813,10 +1818,8 @@ fi %{_datadir}/polkit-1/rules.d/60-systemd-networkd.rules %{_prefix}/lib/systemd/network/*.network %{_prefix}/lib/systemd/network/*.network.example -%{_prefix}/lib/systemd/systemd-network-generator %{_prefix}/lib/systemd/systemd-networkd %{_prefix}/lib/systemd/systemd-networkd-wait-online -%{_unitdir}/systemd-network-generator.service %{_unitdir}/systemd-networkd.service %{_unitdir}/systemd-networkd.socket %{_unitdir}/systemd-networkd-wait-online.service