diffstat for systemd-237 systemd-237 changelog | 852 +++ control | 6 extra/dhclient-enter-resolved-hook | 72 extra/modprobe.d-udeb/scsi-mod-scan-sync.conf | 4 extra/start-udev | 6 extra/systemd-sysv-install | 3 extra/units/systemd-resolved.service.d/resolvconf.conf | 8 extra/write_persistent_net_s390x_virtio | 41 gbp.conf | 2 libnss-resolve.postrm | 4 patches/0001-logind-trivial-improvements.patch | 166 patches/0002-logind-rework-sd_eviocrevoke.patch | 39 patches/0003-logind-propagate-the-right-error-don-t-make-up-ENOME.patch | 26 patches/0004-logind-let-s-reduce-one-level-of-indentation.patch | 72 patches/0005-logind-fd-0-is-a-valid-fd.patch | 22 patches/0006-logind-let-s-pack-a-few-struct-fields-we-can-pack.patch | 26 patches/0007-logind-check-file-is-device-node-before-using-.st_rd.patch | 27 patches/0008-logind-make-sure-we-don-t-trip-up-on-half-initialize.patch | 24 patches/0009-logind-voidify-a-function-we-never-check-the-return-.patch | 32 patches/0010-logind-cast-away-return-value-we-don-t-care-about.patch | 22 patches/0011-logind-open-device-if-needed.patch | 39 patches/0012-logind-fix-typo-in-comment.patch | 54 patches/0013-login-fix-FDNAME-in-call-to-sd_pid_notify_with_fds.patch | 35 patches/0014-login-remember-that-fds-received-from-PID1-need-to-b.patch | 24 patches/0015-login-correct-comment-in-session_device_free.patch | 26 patches/0016-login-we-only-allow-opening-character-devices.patch | 28 patches/0017-login-don-t-remove-all-devices-from-PID1-when-only-o.patch | 196 patches/0018-login-effectively-revert-open-device-if-needed.patch | 64 patches/0019-logind-fix-borked-r-check.patch | 36 patches/CVE-2018-15686.patch | 217 patches/CVE-2018-15687.patch | 234 + patches/CVE-2018-15688.patch | 29 patches/CVE-2018-16864.patch | 186 patches/CVE-2018-16865_1.patch | 46 patches/CVE-2018-16865_2.patch | 69 patches/CVE-2018-16866.patch | 60 patches/CVE-2018-6954.patch | 623 ++ patches/CVE-2018-6954_2.patch | 2228 ++++++++++ patches/CVE-2019-3842.patch | 35 patches/CVE-2019-6454.patch | 199 patches/Gettextize-policy-files.patch | 895 ++++ patches/Support-system-image-read-only-etc.patch | 153 patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch | 46 patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch | 27 patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch | 28 patches/debian/UBUNTU-Introduce-suspend-to-hibernate-8274.patch | 900 ++++ patches/debian/UBUNTU-Rename-suspend-to-hibernate-to-suspend-then-hibernat.patch | 671 +++ patches/debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch | 181 patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch | 42 patches/debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch | 24 patches/debian/UBUNTU-introduce-TAKE_PTR-macro.patch | 34 patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch | 22 patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch | 66 patches/debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch | 50 patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch | 40 patches/debian/UBUNTU-shared-sleep-config-fix-unitialized-variable-and-use.patch | 53 patches/debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch | 390 + patches/debian/UBUNTU-test-fs-utils-detect-container.patch | 33 patches/debian/UBUNTU-test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch | 26 patches/debian/UBUNTU-test-test-functions-drop-all-prefixes.patch | 45 patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch | 23 patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch | 42 patches/debian/Ubuntu-UseDomains-by-default.patch | 75 patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch | 39 patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch | 22 patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch | 8 patches/fix-race-daemon-reload-11121.patch | 362 + patches/hwdb-Use-wlan-keycode-for-all-Dell-systems-8762.patch | 31 patches/install-detect-masked-unit-with-drop-ins.patch | 26 patches/journal-do-not-remove-multiple-spaces-after-identifi.patch | 60 patches/l10n-Update-POTFILES.in-and-POTFILES.skip.patch | 52 patches/l10n-update-POTFILES.in-8163.patch | 20 patches/meson-drop-double-.in-suffix-for-o.fd.systemd1.policy-fil.patch | 185 patches/meson-drop-unnecessary-transformation-of-policy-files.patch | 1695 +++++++ patches/meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch | 37 patches/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch | 37 patches/resolved-Increase-size-of-TCP-stub-replies.patch | 35 patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch | 74 patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch | 50 patches/series | 76 patches/stop-mount-error-propagation.patch | 48 patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch | 22 patches/test-masked-unit-with-drop-ins.patch | 30 patches/test-test-functions-Debian-Ubuntu-now-ship-95-dm-notify.r.patch | 27 patches/test-test-functions-on-PP64-use-vmlinux.patch | 33 patches/test-test-functions-on-PPC64-use-hvc0-console.patch | 39 patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch | 116 patches/virt-if-we-detect-Xen-by-DMI-trust-that-over-CPUID.patch | 39 rules | 16 systemd.postinst | 51 systemd.prerm | 15 tests/boot-and-services | 11 tests/boot-smoke | 49 tests/control | 21 tests/root-unittests | 9 tests/systemd-fsckd | 29 tests/upstream | 17 udev-udeb.install | 1 udev.postinst | 8 99 files changed, 13070 insertions(+), 68 deletions(-) diff -Nru systemd-237/debian/changelog systemd-237/debian/changelog --- systemd-237/debian/changelog 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/changelog 2019-03-29 16:40:26.000000000 +0000 @@ -1,3 +1,284 @@ +systemd (237-3ubuntu10.19) bionic-security; urgency=medium + + * SECURITY UDPATE: Unsafe environment usage in pam_systemd.so leads to + incorrect Policykit authorization + - debian/patches/CVE-2019-3842.patch: Use secure_getenv() rather than + getenv() in pam_systemd.c + - CVE-2019-3842 + + -- Chris Coulson Fri, 29 Mar 2019 16:40:26 +0000 + +systemd (237-3ubuntu10.17) bionic; urgency=medium + + [ Michael Vogt ] + * d/p/Support-system-image-read-only-etc.patch: + - re-add support for /etc/writable for core18 (LP: #1778936) + * d/p/fix-race-daemon-reload-8803.patch: + - backport systemd upstream PR#8803 and PR#11121 to fix race + when doing systemctl and systemctl daemon-reload at the + same time LP: #1819728 + + [ Balint Reczey ] + * d/p/virt-detect-WSL-environment-as-a-container.patch: + - virt: detect WSL environment as a container (LP: #1816753) + + -- Michael Vogt Mon, 18 Mar 2019 08:40:44 +0100 + +systemd (237-3ubuntu10.16) bionic; urgency=medium + + * d/p/Support-system-image-read-only-etc.patch: + - re-add support for /etc/writable for core18 (LP: #1778936) + * d/p/fix-race-daemon-reload-8803.patch: + - backport systemd upstream PR#8803 to fix race when doing + systemctl and systemctl daemon-reload at the same time + LP: #1819728 + + -- Michael Vogt Wed, 13 Mar 2019 07:42:11 +0100 + +systemd (237-3ubuntu10.15) bionic; urgency=medium + + [ Victor Tapia ] + * d/p/stop-mount-error-propagation.patch: + keep mount errors local to the failing mount point instead of blocking + the processing of all mounts (LP: #1755863) + + -- Dan Streetman Thu, 28 Feb 2019 16:03:40 -0500 + +systemd (237-3ubuntu10.13) bionic-security; urgency=medium + + * SECURITY UPDATE: denial of service via crafted dbus message + - debian/patches/CVE-2019-6454.patch: sd-bus: enforce a size limit for + dbus paths, and don't allocate them on the stack + - debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch: + sd-bus: if we receive an invalid dbus message, ignore and proceeed + - CVE-2019-6454 + + * Do not remove multiple spaces after identifier in syslog message + - add debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch + + -- Chris Coulson Wed, 13 Feb 2019 21:32:34 +0000 + +systemd (237-3ubuntu10.12) bionic; urgency=medium + + * d/p/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch + getaddrinfo() failures when fallback to dns tcp queries, so enable + edns0 in resolv.conf (LP: #1811471) + + [ Victor Tapia ] + * d/p/resolved-Increase-size-of-TCP-stub-replies.patch + dns failures with edns0 disabled and truncated response (LP: #1804487) + + -- Dan Streetman Tue, 29 Jan 2019 14:26:48 -0500 + +systemd (237-3ubuntu10.11) bionic-security; urgency=medium + + * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca + - debian/patches/CVE-2018-16864.patch: journald: do not store the iovec + entry for process commandline on the stack + - CVE-2018-16864 + * SECURITY UPDATE: memory corruption in journald via attacker controlled alloca + - debian/patches/CVE-2018-16865_1.patch: journald: set a limit on the + number of fields (1k) + - debian/patches/CVE-2018-16865_2.patch: journal-remote: set a limit on the + number of fields in a message + - CVE-2018-16865 + * SECURITY UPDATE: out-of-bounds read in journald + - debian/patches/CVE-2018-16866.patch: journal: fix syslog_parse_identifier() + - CVE-2018-16866 + + * Fix LP: #1804603 - btrfs-util: unbreak tmpfiles' subvol creation + - add debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch + - update debian/patches/series + * Fix LP: #1804864 - test: Set executable bits on TEST-22-TMPFILES shell scripts + - add debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch + - update debian/patches/series + + -- Chris Coulson Wed, 09 Jan 2019 15:11:53 +0000 + +systemd (237-3ubuntu10.9) bionic-security; urgency=medium + + [ Chris Coulson ] + * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles + - debian/patches/CVE-2018-6954_2.patch: backport the remaining patches to + resolve this completely + - CVE-2018-6954 + + [ Balint Reczey ] + * Fix LP: #1803391 - Skip daemon-reexec and try-restarts during shutdown + - update debian/systemd.postinst + + -- Chris Coulson Thu, 15 Nov 2018 20:45:11 +0000 + +systemd (237-3ubuntu10.6) bionic-security; urgency=medium + + * SECURITY UPDATE: reexec state injection + - debian/patches/CVE-2018-15686.patch: when deserializing state always use + read_line(…, LONG_LINE_MAX, …) rather than fgets() + - CVE-2018-15686 + * SECURITY UPDATE: chown_one() can dereference symlinks + - debian/patches/CVE-2018-15687.patch: rework recursive logic to use O_PATH + - CVE-2018-15687 + * SECURITY UPDATE: symlink mishandling in systemd-tmpfiles + - debian/patches/CVE-2018-6954.patch: don't resolve pathnames when traversing + recursively through directory trees + - CVE-2018-6954 + + -- Chris Coulson Tue, 06 Nov 2018 22:32:27 +0000 + +systemd (237-3ubuntu10.4) bionic-security; urgency=medium + + * SECURITY UPDATE: buffer overflow in dhcp6 client + - debian/patches/CVE-2018-15688.patch: make sure we have enough space + for the DHCP6 option header in src/libsystemd-network/dhcp6-option.c. + - CVE-2018-15688 + + -- Marc Deslauriers Wed, 31 Oct 2018 11:38:31 -0400 + +systemd (237-3ubuntu10.3) bionic; urgency=medium + + * debian/extra/start-udev: Set scsi_mod scan=sync even if it's builtin + to the kernel (we previously only set it in modprobe.d) LP: #1779815 + + -- Adam Conrad Fri, 20 Jul 2018 11:13:58 -0600 + +systemd (237-3ubuntu10.2) bionic; urgency=medium + + * logind: backport v238/v239 fixes for handling DRM devices. + These changes introduce all the fixes that correct handling of open fd's + related to the DRM devices, as used by for example NVIDIA GPUs. This backport + includes some refactoring, corrections, and comment updates. This to insure + that correct history is preserved, code comments match reality, and to ease + backporting logind fixes in the future SRUs. (LP: #1777099) + * Disable dh_installinit generation of tmpfiles for the systemd package. + Replace with a manual safe call to systemd-tmpfiles which will process any + updates to the tmpfiles shipped by systemd package, taking into account any + overrides shipped by other packages, sysadmin, or specified in the runtime + directories. (LP: #1748147) + + -- Dimitri John Ledkov 🌈 Fri, 22 Jun 2018 13:55:09 +0100 + +systemd (237-3ubuntu10.1) bionic; urgency=medium + + [ Dimitri John Ledkov ] + * hwdb: Fix wlan/rfkill keycode on Dell systems. (LP: #1762385) + * Cherrypick upstream fix for corrected detection of Virtualbox & Xen. + (LP: #1768104) + * Further improve captive portal workarounds. + Retry any NXDOMAIN results with lower feature levels, instead of just those + with 'secure' in the domain name. (LP: #1766969) + + [ Michael Biebl ] + * Add dependencies of libsystemd-shared to Pre-Depends. + This is necessary so systemctl is functional at all times during a + dist-upgrade. (Closes: #897986) (LP: #1771791) + + [ Mario Limonciello ] + * Fix hibernate disk offsets. + Configure resume offset via sysfs, to enable resume from a swapfile. + (LP: #1760106) + + -- Dimitri John Ledkov Mon, 21 May 2018 16:30:12 +0100 + +systemd (237-3ubuntu10) bionic; urgency=medium + + * Create tmpfiles for persistent journal in postinst only when running + systemd (LP: #1748659) + + -- Balint Reczey Fri, 20 Apr 2018 18:55:56 +0200 + +systemd (237-3ubuntu9) bionic; urgency=medium + + * networkd: if RA was implicit, do not await ndisc_configured. + If RA was iplicit, meaning not otherwise requested, and a kernel default was in + use. Do not prevent link entering configured state, whilst ndisc configuration + is pending. Implicit kernel RA, is expected to be asynchronous and + non-blocking. (LP: #1765173) + * udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i. + This ensures that all scans are completed, before installer reaches + partitioning stage. (LP: #1751813) + + -- Dimitri John Ledkov Fri, 20 Apr 2018 04:35:33 +0100 + +systemd (237-3ubuntu8) bionic; urgency=medium + + * Workaround captive portals not responding to EDNS0 queries (DVE-2018-0001). + (LP: #1727237) + * resolved: Listen on both TCP and UDP by default. (LP: #1731522) + * Recommend networkd-dispatcher (LP: #1762386) + * Refresh patches + + -- Dimitri John Ledkov Thu, 12 Apr 2018 12:12:24 +0100 + +systemd (237-3ubuntu7) bionic; urgency=medium + + * Introduce suspend then hibernate (LP: #1756006) + + -- Mario Limonciello Mon, 02 Apr 2018 14:25:04 -0500 + +systemd (237-3ubuntu6) bionic; urgency=medium + + * Adjust the new dropin test, for v237 systemd. + * Refresh the keyring patch, to the one merged. + + -- Dimitri John Ledkov Tue, 27 Mar 2018 13:40:09 +0100 + +systemd (237-3ubuntu5) bionic; urgency=medium + + * Drop old keyring/invocation_id patch, which made keyring setup be skipped in containers. + * Use new patch, which sets up session keyring without relying on chown operation. + * Drop systemd.prerm safety check. + On Ubuntu, systemd is the only choice, and is essential, via init -> + systemd-sysv -> systemd dependency chain, thus removing systemd is already + quite hard, and appropriate warnings are emitted by dpkg. (LP: #1758438) + * Detect Masked unit with drop-ins. (LP: #1752722) + * wait-online: do not wait, if no links are managed (neither configured, or failed). + (LP: #1728181) + * journald.service: set Nice=-1 to dodge watchdog on soft lockups. + (LP: #1696970) + * Refresh all patches. + + -- Dimitri John Ledkov Mon, 26 Mar 2018 15:55:25 +0100 + +systemd (237-3ubuntu4) bionic; urgency=medium + + * systemd-sysv-install: fix name initialisation. + Only initialise NAME, after --root optional argument has been parsed, otherwise + NAME is initialized to e.g. `enable', instead of to the `unit-name`, resulting + in failures. (LP: #1752882) + + -- Dimitri John Ledkov Mon, 05 Mar 2018 09:57:58 +0100 + +systemd (237-3ubuntu3) bionic; urgency=medium + + * tests/control: drop qemu-system-ppc. + Whilst some tests pass, many regress / fail to boot. This is not a regression, + as qemu-based tests were not run previously. + + -- Dimitri John Ledkov Tue, 20 Feb 2018 17:40:02 +0000 + +systemd (237-3ubuntu2) bionic; urgency=medium + + * tests/boot-smoke: ignore udevd connection timeouts resolving colord group. + * tests/systemd-fsckd: ignore systemd_fsck_with_plymouth_failure. + * tests/control: ensure boot-smoke uses latest systemd & udev. + * test/test-functions: on PPC64 use hvc0 console. + + -- Dimitri John Ledkov Tue, 20 Feb 2018 12:03:14 +0000 + +systemd (237-3ubuntu1) bionic; urgency=medium + + [ Gunnar Hjalmarsson ] + * Fix PO template creation. + Cherry-pick upstream patches to build a correct systemd.pot including + the polkit policy files even without policykit-1 being installed. + (LP: #1707898) + + [ Dimitri John Ledkov ] + * Blacklist TEST-16-EXTEND-TIMEOUT + * test/test-functions: use vmlinux for ppc64 tests. + + -- Dimitri John Ledkov Mon, 19 Feb 2018 21:15:23 +0000 + systemd (237-3) unstable; urgency=medium [ Martin Pitt ] @@ -20,6 +301,52 @@ -- Michael Biebl Wed, 14 Feb 2018 23:07:17 +0100 +systemd (237-2ubuntu3) bionic; urgency=medium + + * test/test-fs-util: detect container, in addition to root. + On armhf, during autopkgtests, whilst root is avilable, full capabilities in + parent namespace are not, since the tests are run in an LXD container. + This should resolve armhf autopkgtest failure. + * test/test-functions: launch qemu-system with -vga none. + Should resolve booting qemu-system-ppc64 without seabios. + * tests/upstream: skip parts of extend time out tests, regressed. + (LP: #1750364) + + -- Dimitri John Ledkov Mon, 19 Feb 2018 13:32:07 +0000 + +systemd (237-2ubuntu2) bionic; urgency=medium + + * Fix cryptsetup tests by shipping 95-dm-notify udev rule. (LP: #1749432) + * debian/tests/systemd-fsckd: update assertions expectations for v237 + fsck got rewritten to use "safe_fork" and whilst previously it would ignore the + error, when fsck is terminated by signal PIPE, it no longer does so. Thus one + should expect systemd-fsck-root.service to have failed in certain test cases. + + -- Dimitri John Ledkov Thu, 15 Feb 2018 00:32:54 +0000 + +systemd (237-2ubuntu1) bionic; urgency=medium + + [ Michael Vogt ] + * Add "AssumedApparmorLabel=unconfined" to timedate1 dbus service file + (LP: #1749000) + + [ Martin Pitt ] + * debian/tests/boot-smoke: More robust journal checking. + Also fail the test if calling journalctl fails, and avoid calling it + twice. See https://github.com/systemd/systemd/pull/8032 + + [ Gunnar Hjalmarsson ] + * Fix creation of translation template + - State the gettext package domain "systemd" explicitly, as with the + move to meson it ended up as "untitled.pot" + - Call xgettext to extract strings from polkit *.policy.in files, which + intltool-update ignores. (LP: #1707898) + + [ Dimitri John Ledkov ] + * Enable qemu tests on all architectures LP: #1749540 + + -- Dimitri John Ledkov Wed, 14 Feb 2018 16:43:12 +0000 + systemd (237-2) unstable; urgency=medium * Drop debian/extra/rules/70-debian-uaccess.rules. @@ -32,6 +359,47 @@ -- Michael Biebl Fri, 09 Feb 2018 23:35:31 +0100 +systemd (237-1ubuntu3) bionic; urgency=medium + + * Re-enable gnu-efi on arm64, binutils is fixed + * Cherrpick PR8133 to resolve too strict PidFile handling, which breaks + services starting with potentially insecure pidfiles e.g. munin + * Disable LLMNR and MulticastDNS by default LP: #1739672 + + -- Dimitri John Ledkov Fri, 09 Feb 2018 15:49:01 +0000 + +systemd (237-1ubuntu2) bionic; urgency=medium + + * Disable gnu-efi on arm64, due to FTBFS. LP: #1746765 + + -- Dimitri John Ledkov Fri, 02 Feb 2018 23:30:05 +0000 + +systemd (237-1ubuntu1) bionic; urgency=medium + + * Remaining delta from Debian: + - ship dhclient enter hook for dhclient integration with resolved + - Use stub-resolv.conf as the default provider of /etc/resolv.conf + - ship s390x virtio interface names migration + - do not disable systemd-resolved upon libnss-resolve removal + - do not remount fs in containers, for non-degrated boot + - Unlink invocation id key, upon chown failure in containers + - Change default to UseDomains by default + - Do not treat failure to set Nice= setting as error in containers + - Add a condition to systemd-journald-audit.socet to not start in + containers (fails) + - Build without any built-in/fallback DNS server setting + - Enable resolved by default + - Update autopkgtests for reliability/raciness, and testing for typical + defaults + - Always upgrade udev, when running adt tests + - Skip test-execute on armhf + - Cherry-pick a few testsuite fixes + - Do not use nested kvm during ADT tests + - Fix ADT systemd-fsckd tests to work on s390x too + - Enable persistent journal by default + + -- Dimitri John Ledkov Tue, 30 Jan 2018 13:52:27 +0000 + systemd (237-1) unstable; urgency=medium * New upstream version 237 @@ -140,6 +508,51 @@ -- Michael Biebl Sun, 17 Dec 2017 21:45:51 +0100 +systemd (235-3ubuntu3) bionic; urgency=medium + + * netwokrd: add support for RequiredForOnline stanza. (LP: #1737570) + * resolved.service: set DefaultDependencies=no (LP: #1734167) + * systemd.postinst: enable persistent journal. (LP: #1618188) + * core: add support for non-writable unified cgroup hierarchy for container support. + (LP: #1734410) + + -- Dimitri John Ledkov Tue, 12 Dec 2017 13:25:32 +0000 + +systemd (235-3ubuntu2) bionic; urgency=medium + + * systemd-fsckd: Fix ADT tests to work on s390x too. + + -- Dimitri John Ledkov Tue, 21 Nov 2017 16:41:15 +0000 + +systemd (235-3ubuntu1) bionic; urgency=medium + + * Merge 235-3 from debian: + - Drop UBUNTU-CVE-2017-15908 included in Debian. + + * Remaining delta from Debian: + - ship dhclient enter hook for dhclient integration with resolved + - ship resolvconf integration via stub-resolv.conf + - ship s390x virtio interface names migration + - do not disable systemd-resolved upon libnss-resolve removal + - do not remote fs in containers, for non-degrated boot + - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types + - Unlink invocation id key, upon chown failure in containers + - Change default to UseDomains by default + - Do not treat failure to set Nice= setting as error in containers + - Add a condition to systemd-journald-audit.socet to not start in + containers (fails) + - Build without any built-in/fallback DNS server setting + - Enable resolved by default + - Update autopkgtests for reliability/raciness, and testing for typical + defaults + - Always upgrade udev, when running adt tests + - Skip test-execute on armhf + - Cherry-pick a few testsuite fixes + + * UBUNTU Do not use nested kvm during ADT tests. + + -- Dimitri John Ledkov Tue, 21 Nov 2017 09:34:14 +0000 + systemd (235-3) unstable; urgency=medium [ Michael Biebl ] @@ -180,6 +593,63 @@ -- Martin Pitt Wed, 15 Nov 2017 09:34:00 +0100 +systemd (235-2ubuntu3) bionic; urgency=medium + + * Revert "Skip test-bpf in autopkgtest, currently is failing." + This reverts commit 75cf986e450e062a3d5780d1976e9efef41e6c4c. + * Fix test-bpf test case on ubuntu. + * Skip rename tests in containers, crude fix for now. + + -- Dimitri John Ledkov Mon, 13 Nov 2017 00:06:42 +0000 + +systemd (235-2ubuntu2) bionic; urgency=medium + + * Fix test-functions failing with Ubuntu units. + * tests: switch to using ext4 by default, instead of ext3. + * Skip test-bpf in autopkgtest, currently is failing. + + -- Dimitri John Ledkov Mon, 06 Nov 2017 18:33:39 +0000 + +systemd (235-2ubuntu1) bionic; urgency=medium + + [ Dimitri John Ledkov ] + * Merge 235-2 from debian: + - Drop all upstream cherry-picks + - Drop test-copy dh_strip size override, fixed upstream + + * Remaining delta from Debian: + - ship dhclient enter hook for dhclient integration with resolved + - ship resolvconf integration via stub-resolv.conf + - ship s390x virtio interface names migration + - do not disable systemd-resolved upon libnss-resolve removal + - do not remote fs in containers, for non-degrated boot + - CVE-2017-15908 in resolved fix loop on packets with pseudo dns types + - Unlink invocation id key, upon chown failure in containers + - Change default to UseDomains by default + - Do not treat failure to set Nice= setting as error in containers + - Add a condition to systemd-journald-audit.socet to not start in + containers (fails) + - Build without any built-in/fallback DNS server setting + - Enable resolved by default + - Update autopkgtests for reliability/raciness, and testing for typical + defaults + - Always upgrade udev, when running adt tests + - Skip test-execute on armhf + + * Fix up write_persistent_net_s390x for nullglob + + * Ship systemd sysctl settings. + Patch systemd's default sysctl settings to drop things that are set + elsewhere already. The promote secondary IP addresses is required for + networkd to successfully renew DHCP leases with a change of an IP address. + Set default package scheduler to Fair Queue CoDel. (LP: #1721223) + + [ Michael Biebl ] + * Install modprobe configuration file to /lib/modprobe.d. + Otherwise it is not read by kmod. (Closes: #879191) + + -- Dimitri John Ledkov Mon, 30 Oct 2017 17:20:54 +0000 + systemd (235-2) unstable; urgency=medium * Revert "tests: when running a manager object in a test, migrate to private @@ -289,6 +759,187 @@ -- Cyril Brulebois Wed, 23 Aug 2017 20:41:33 +0200 +systemd (234-2ubuntu12.1) artful-security; urgency=medium + + * SECURITY UPDATE: remote DoS in resolve (LP: #1725351) + - debian/patches/CVE-2017-15908.patch: fix loop on packets with pseudo + dns types in src/resolve/resolved-dns-packet.c. + - CVE-2017-15908 + + -- Marc Deslauriers Thu, 26 Oct 2017 07:56:42 -0400 + +systemd (234-2ubuntu12) artful; urgency=medium + + [ Dimitri John Ledkov ] + * debian/rules: do not strip test-copy. + This insures test-copy is large enough for test-copy tests to pass. + (LP: #1721203) + + [ Michael Biebl ] + * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf. + All major NTP implementations ship a native service file nowadays with a + Conflicts=systemd-timesyncd.service so this drop-in is no longer + necessary. (Closes: #873185) (LP: #1721204) + + -- Dimitri John Ledkov Wed, 04 Oct 2017 13:28:34 +0100 + +systemd (234-2ubuntu11) artful; urgency=medium + + * Ubuntu/extra: ship dhclient-enter hook. + This allows isc-dhcp dhclient to set search domains and nameservers via + resolved. + * Disable systemd-networkd-wait-online by default. + Currently it is not fit for purpose, as it leads to long boot times when + networking is unplugged or not yet configured on boot. (LP: #1714301) + * networkd: change UseMTU default to true. + Cherry-pick upstream change. (LP: #1717471) + * postinst: drop empty/stock /etc/rc.local (LP: #1716979) + * Imporve resolvconf integration. + Make the .path|.service unit that feed resolved data into resolvconf not + generate failures if resolvconf is not installed. + Add a check to make sure that resolved does not read /etc/resolv.conf when that + is symlinked to stub-resolv.conf. (LP: #1717995) + * core: gracefully bail out keyring operations when chown fails (LP: #1691096) + + -- Dimitri John Ledkov Tue, 26 Sep 2017 11:38:02 -0400 + +systemd (234-2ubuntu10) artful; urgency=medium + + * Do not fail debootstrap if /etc/resolv.conf is immutable. (LP: #1713212) + * Revert "Create /etc/resolv.conf on resolved start, if it is an empty file." + As it is ineffective, and correct creation of /etc/resolv.conf has been fixed. + This reverts commit ccba42504f216f6ffbc54eb2c9af347355f8d86b. + * initramfs-tools: trigger udevadm add actions with subsystems first. + This updates the initramfs-tools init-top udev script to trigger udevadm + actions with type specified. This mimicks the + systemd-udev-trigger.service. Without type specified only devices are + triggered, but triggering subsystems may also be required and should happen + before triggering the devices. This is the case for example on s390x with zdev + generated udev rules. (LP: #1713536) + + -- Dimitri John Ledkov Wed, 30 Aug 2017 11:22:41 +0100 + +systemd (234-2ubuntu9) artful; urgency=medium + + * boot-and-services: skip gdm3 tests when absent, as it is on s390x. + + -- Dimitri John Ledkov Wed, 23 Aug 2017 11:58:57 +0100 + +systemd (234-2ubuntu8) artful; urgency=medium + + * Enable systemd-networkd by default. + + -- Dimitri John Ledkov Tue, 22 Aug 2017 17:50:59 +0100 + +systemd (234-2ubuntu7) artful; urgency=medium + + * Always setup /etc/resolv.conf on new installations. + On new installations, /etc/resolv.conf will always exist. Move it to /run + and replace it with the desired final symlink. (LP: #1712283) + * Create /etc/resolv.conf on resolved start, if it is an empty file. + + -- Dimitri John Ledkov Tue, 22 Aug 2017 16:13:35 +0100 + +systemd (234-2ubuntu6) artful; urgency=medium + + * Disable KillUserProcesses, yet again, with meson this time. + * Re-enable reboot tests. + + -- Dimitri John Ledkov Thu, 17 Aug 2017 15:22:35 +0100 + +systemd (234-2ubuntu5) artful; urgency=medium + + * debian/tests: disable i386 & amd64 systemd-fsck test, and add environment + overrides to allow force execution of those tests locally. LP: #1708051. + + -- Dimitri John Ledkov Wed, 16 Aug 2017 13:04:48 +0100 + +systemd (234-2ubuntu4) artful; urgency=medium + + * debian/tests: disable i386 & amd64 boot-smoke, passes locally. LP: + #1708051. + + -- Dimitri John Ledkov Tue, 15 Aug 2017 14:20:12 +0100 + +systemd (234-2ubuntu3) artful; urgency=medium + + * debian/tests: Switch to gdm, enforce udev upgrade. + + -- Dimitri John Ledkov Mon, 14 Aug 2017 12:02:37 +0100 + +systemd (234-2ubuntu2) artful; urgency=medium + + * Ignore failures to set Nice priority on services in containers. + * Disable execute test on armhf. + * units: set ConditionVirtualization=!private-users on journald audit socket. + It fails to start in unprivileged containers. + * boot-smoke: refactor ADT test. + Wait for system to settle down and get to either running or degraded state, + then collect all metrics, and exit with an error if any of the tests failed. + + -- Dimitri John Ledkov Wed, 02 Aug 2017 03:02:03 +0100 + +systemd (234-2ubuntu1) artful; urgency=medium + + [ Dimitri John Ledkov ] + * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x. + New udev generates stable interface names on s390x kvm instances, however, upon + upgrades existing ethX names should be preserved to prevent breaking networking + and software configurations. + This patch only affects Ubuntu systems. (Closes: #860246) (LP: #1682437) + * Set UseDomains to true, by default, on Ubuntu. + On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries + to a preset 3rd party by default. In resolved, dnssec is also disabled by + default, as too much of the internet is broken and using Ubuntu users to debug + the internet is not very productive - most of the time the end-user cannot fix + or know how to notify the site owners about the dnssec mistakes. Inherintally + the DHCP acquired DNS servers are therefore trusted, and are free to spoof + records. Not trusting DNS search domains, in such scenario, provides limited + security or privacy benefits. From user point of view, this also appears to be + a regression from previous Ubuntu releases which do trust DHCP acquired search + domains by default. + Therefore we are enabling UseDomains by default on Ubuntu. + Users may override this setting in the .network files by specifying + [DHCP|IPv6AcceptRA] UseDomains=no|route options. + * resolved: create private stub resolve file for integration with resolvconf. + The stub-resolve.conf file points at resolved stub resolver, but also lists the + available search domains. This is required to correctly resolve domains without + using resolve nss module. + * Enable systemd-resolved by default + * Create /etc/resolv.conf at postinst, pointing at the stub resolver. + The stub resolver file is dynamically managed by systemd-resolved. It points at + the stub resolver as the nameserver, however it also dynamically updates the + search stanza, thus non-nss dns tools work correctly with unqualified names and + correctly use the DHCP acquired search domains. + * libnss-resolve: do not disable and stop systemd-resolved + resolved is always used by default on ubuntu via stub resolver, therefore it + should continue to operate without libnss-resolve module installed. + * modprobe.d: set max_bonds=0 for bonding module to prevent bond0 creation. + This prevents confusing networkd, and allows networkd to manage bond0. + * Cherrypick upstream networkd-test.py assertion/check fixes. + This resolves ADT test suite failures, when running tests under lxc/lxd + providers. + * Cherrypick arm* seccomp fixes. + This should resolve ADT test failures, on arm64, when running as root. + * Re-enable seccomp and execute tests on arm. + + [ Balint Reczey ] + * Skip starting systemd-remount-fs.service in containers + even when /etc/fstab is present. + This allows entering fully running state even when /etc/fstab + lists / to be mounted from a device which is not present in the + container. (LP: #1576341) + + [ Michael Biebl ] + * selinux: Enable labeling and access checks for unprivileged users. + Revert commit that inadvertently broke a lot of SELinux related + functionality for both unprivileged users and systemd instances running + as MANAGER_USER and instead deal with the auditd issue by checking for + the CAP_AUDIT_WRITE capability before opening an audit netlink socket. + (Closes: #863800) + + -- Dimitri John Ledkov Tue, 25 Jul 2017 13:30:58 +0100 + systemd (234-2) unstable; urgency=medium [ Martin Pitt ] @@ -309,6 +960,64 @@ -- Michael Biebl Thu, 20 Jul 2017 15:13:42 +0200 +systemd (234-1ubuntu2) artful; urgency=medium + + * Set UseDomains to true, by default, on Ubuntu. + On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries + to a preset 3rd party by default. In resolved, dnssec is also disabled by + default, as too much of the internet is broken and using Ubuntu users to debug + the internet is not very productive - most of the time the end-user cannot fix + or know how to notify the site owners about the dnssec mistakes. Inherintally + the DHCP acquired DNS servers are therefore trusted, and are free to spoof + records. Not trusting DNS search domains, in such scenario, provides limited + security or privacy benefits. From user point of view, this also appears to be + a regression from previous Ubuntu releases which do trust DHCP acquired search + domains by default. + Therefore we are enabling UseDomains by default on Ubuntu. + Users may override this setting in the .network files by specifying + [DHCP|IPv6AcceptRA] UseDomains=no|route options. + * resolved: create private stub resolve file for integration with resolvconf. + The stub-resolve.conf file points at resolved stub resolver, but also lists the + available search domains. This is required to correctly resolve domains without + using resolve nss module. + * Enable systemd-resolved by default + * Create /etc/resolv.conf at postinst, pointing at the stub resolver. + The stub resolver file is dynamically managed by systemd-resolved. It points at + the stub resolver as the nameserver, however it also dynamically updates the + search stanza, thus non-nss dns tools work correctly with unqualified names and + correctly use the DHCP acquired search domains. + * libnss-resolve: do not disable and stop systemd-resolved + resolved is always used by default on ubuntu via stub resolver, therefore it + should continue to operate without libnss-resolve module installed. + + -- Dimitri John Ledkov Fri, 21 Jul 2017 17:07:17 +0100 + +systemd (234-1ubuntu1) artful; urgency=medium + + [ Dimitri John Ledkov ] + * Merge with debian, outstanding delta below. + * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x. + New udev generates stable interface names on s390x kvm instances, however, upon + upgrades existing ethX names should be preserved to prevent breaking networking + and software configurations. + This patch only affects Ubuntu systems. (Closes: #860246) (LP: #1682437) + * debian/tests/root-unittests: disable execute and seccomp tests on arm + test-seccomp and test-execute fail on arm64 kernels. Marking both tests as + expected failures. An upstream bug report is filed to resolve these. + (LP: #1672499) + * Disable fallback DNS servers. + This causes resolved to call-home to google, attempt to access network when + none is available, and spams logs. (LP: #1449001, #1698734) + + [ Balint Reczey ] + * Skip starting systemd-remount-fs.service in containers + even when /etc/fstab is present. + This allows entering fully running state even when /etc/fstab + lists / to be mounted from a device which is not present in the + container. (LP: #1576341) + + -- Dimitri John Ledkov Mon, 17 Jul 2017 10:59:34 +0100 + systemd (234-1) unstable; urgency=medium [ Michael Biebl ] @@ -390,6 +1099,52 @@ -- Michael Biebl Mon, 19 Jun 2017 15:10:14 +0200 +systemd (233-8ubuntu2) artful; urgency=medium + + * Disable fallback DNS servers. + This causes resolved to call-home to google, attempt to access network when + none is available, and spams logs. (LP: #1449001, #1698734) + * SECURITY UPDATE: Out-of-bounds write in systemd-resolved. + CVE-2017-9445 (LP: #1695546) + + -- Dimitri John Ledkov Wed, 28 Jun 2017 13:27:28 +0100 + +systemd (233-8ubuntu1) artful; urgency=medium + + Merge from experimental. Existing Ubuntu cherry-picks: + * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd. + * networkd: cherry-pick support for setting bridge port's priority. + This is a useful feature/bugfix to improve feature parity of networkd with + ifupdown. This matches netplan's expectations to be able to set bridge port's + priorities via networked. This featue is to be used by netplan/MAAS/OpenStack. + * Cherrypick upstream commit to enable system use kernel maximum limit for RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536. + * debian/tests/root-unittests: disable execute and seccomp tests on arm + test-seccomp and test-execute fail on arm64 kernels. Marking both tests as + expected failures. An upstream bug report is filed to resolve these. + * Cherrypick upstream patch for vio predictable interface names. + * Cherrypick upstream patch for platform predictable interface names. + + Ubuntu cherry-picks, now also applied in Debian: + * resolved: fix null pointer dereference crash + + Remaining Ubuntu delta: + * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x. + New udev generates stable interface names on s390x kvm instances, however, upon + upgrades existing ethX names should be preserved to prevent breaking networking + and software configurations. + This patch only affects Ubuntu systems. + * Skip starting systemd-remount-fs.service in containers + even when /etc/fstab is present. + This allows entering fully running state even when /etc/fstab + lists / to be mounted from a device which is not present in the + container. + + New Ubuntu cherry-picks: + * loginctl: Chrerry-pick upstream fix to not ignore multiple session ids. + (LP: #1682154) + + -- Dimitri John Ledkov Mon, 19 Jun 2017 15:24:30 +0100 + systemd (233-8) experimental; urgency=medium * Bump debhelper compatibility level to 10 @@ -428,6 +1183,57 @@ -- Michael Biebl Wed, 24 May 2017 12:26:18 +0200 +systemd (233-6ubuntu3) artful; urgency=medium + + * resolved: fix null pointer dereference crash (LP: #1621396) + + -- Dimitri John Ledkov Mon, 22 May 2017 09:29:22 +0100 + +systemd (233-6ubuntu2) artful; urgency=medium + + [ Michael Biebl ] + * basic/journal-importer: Fix unaligned access in get_data_size() + (Closes: #862062) + + [ Dimitri John Ledkov ] + * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605) + * Cherrypick upstream patch for vio predictable interface names. + * Cherrypick upstream patch for platform predictable interface names. + (LP: #1686784) + + [ Balint Reczey ] + * Skip starting systemd-remount-fs.service in containers + even when /etc/fstab is present. + This allows entering fully running state even when /etc/fstab + lists / to be mounted from a device which is not present in the + container. (LP: #1576341) + + -- Dimitri John Ledkov Wed, 17 May 2017 19:24:03 +0100 + +systemd (233-6ubuntu1) artful; urgency=medium + + Merge from Debian, existing changes: + * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x. + New udev generates stable interface names on s390x kvm instances, however, upon + upgrades existing ethX names should be preserved to prevent breaking networking + and software configurations. + This patch only affects Ubuntu systems. (Closes: #860246) (LP: #1682437) + * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd. + * networkd: cherry-pick support for setting bridge port's priority. + This is a useful feature/bugfix to improve feature parity of networkd with + ifupdown. This matches netplan's expectations to be able to set bridge port's + priorities via networked. This featue is to be used by netplan/MAAS/OpenStack. + + New changes: + * Cherrypick upstream commit to enable system use kernel maximum limit for + RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536. (LP: #1686361) + * debian/tests/root-unittests: disable execute and seccomp tests on arm + test-seccomp and test-execute fail on arm64 kernels. Marking both tests as + expected failures. An upstream bug report is filed to resolve these. + (LP: #1672499) + + -- Dimitri John Ledkov Tue, 02 May 2017 11:23:19 +0100 + systemd (233-6) experimental; urgency=medium [ Felipe Sateler ] @@ -468,6 +1274,52 @@ -- Michael Biebl Fri, 28 Apr 2017 21:47:14 +0200 +systemd (233-5ubuntu1) artful; urgency=medium + + [ Felipe Sateler ] + * Backport upstream PR #5531. + This delays opening the mdns and llmnr sockets until a network has enabled them. + This silences annoying messages when networkd receives such packets without + expecting them: + Got mDNS UDP packet on unknown scope. + + [ Martin Pitt ] + * resolved: Disable DNSSEC by default on stretch and zesty. + Both Debian stretch and Ubuntu zesty are close to releasing, switch to + DNSSEC=off by default for those. Users can still turn it back on with + DNSSEC=allow-downgrade (or even "yes"). + + [ Michael Biebl ] + * Add Conflicts against hal. + Since v183, udev no longer supports RUN+="socket:". This feature is + still used by hal, but now generates vast amounts of errors in the + journal. Thus force the removal of hal by adding a Conflicts to the udev + package. This is safe, as hal is long dead and no longer useful. + * Drop systemd-ui Suggests + systemd-ui is unmaintained upstream and not particularly useful anymore. + * journal: fix up syslog facility when forwarding native messages. + Native journal messages (_TRANSPORT=journal) typically don't have a + syslog facility attached to it. As a result when forwarding the + messages to syslog they ended up with facility 0 (LOG_KERN). + Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893) + * Split upstream tests into systemd-tests binary package (Closes: #859152) + * Get PACKAGE_VERSION from config.h. + This also works with meson and is not autotools specific. + + [ Dimitri John Ledkov ] + * ubuntu: udev.postinst preserve virtio interfaces names on upgrades, on s390x. + New udev generates stable interface names on s390x kvm instances, however, upon + upgrades existing ethX names should be preserved to prevent breaking networking + and software configurations. + This patch only affects Ubuntu systems. (Closes: #860246) (LP: #1682437) + * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd. + * networkd: cherry-pick support for setting bridge port's priority. + This is a useful feature/bugfix to improve feature parity of networkd with + ifupdown. This matches netplan's expectations to be able to set bridge port's + priorities via networked. This featue is to be used by netplan/MAAS/OpenStack. + + -- Dimitri John Ledkov Fri, 21 Apr 2017 14:36:34 +0100 + systemd (233-5) experimental; urgency=medium * Do not throw a warning in emergency and rescue mode if plymouth is not diff -Nru systemd-237/debian/control systemd-237/debian/control --- systemd-237/debian/control 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/control 2019-02-28 21:03:40.000000000 +0000 @@ -1,7 +1,8 @@ Source: systemd Section: admin Priority: optional -Maintainer: Debian systemd Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian systemd Maintainers Uploaders: Michael Biebl , Marco d'Itri , Sjoerd Simons , @@ -62,7 +63,8 @@ Section: admin Priority: important Recommends: libpam-systemd, - dbus + dbus, + networkd-dispatcher Suggests: systemd-container, policykit-1 Pre-Depends: ${shlibs:Pre-Depends}, diff -Nru systemd-237/debian/extra/dhclient-enter-resolved-hook systemd-237/debian/extra/dhclient-enter-resolved-hook --- systemd-237/debian/extra/dhclient-enter-resolved-hook 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/extra/dhclient-enter-resolved-hook 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,72 @@ +# +# Script fragment to make dhclient supply nameserver information to resolvconf +# + +# Tips: +# * Be careful about changing the environment since this is sourced +# * This script fragment uses bash features +# * As of isc-dhcp-client 4.2 the "reason" (for running the script) can be one of the following. +# (Listed on man page:) MEDIUM(0) PREINIT(0) BOUND(M) RENEW(M) REBIND(M) REBOOT(M) EXPIRE(D) FAIL(D) RELEASE(D) STOP(D) NBI(-) TIMEOUT(M) +# (Also used in master script:) ARPCHECK(0), ARPSEND(0) +# (Also used in master script:) PREINIT6(0) BOUND6(M) RENEW6(M) REBIND6(M) DEPREF6(0) EXPIRE6(D) RELEASE6(D) STOP6(D) +# (0) = master script does not run make_resolv_conf +# (M) = master script runs make_resolv_conf +# (D) = master script downs interface +# (-) = master script does nothing with this + +if [ -x /lib/systemd/systemd-resolved ] ; then + # For safety, first undefine the nasty default make_resolv_conf() + make_resolv_conf() { : ; } + case "$reason" in + BOUND|RENEW|REBIND|REBOOT|TIMEOUT|BOUND6|RENEW6|REBIND6) + # Define a resolvconf-compatible m_r_c() function + # It gets run later (or, in the TIMEOUT case, MAY get run later) + make_resolv_conf() { + local statedir + if [ ! "$interface" ] ; then + return + fi + statedir="/run/systemd/resolved.conf.d" + mkdir -p $statedir + if [ -n "$new_domain_name_servers" ] ; then + cat <$statedir/isc-dhcp-v4-$interface.conf +[Resolve] +DNS=$new_domain_name_servers +EOF + if [ -n "$new_domain_name" ] || [ -n "$new_domain_search" ] ; then + cat <>$statedir/isc-dhcp-v4-$interface.conf +Domains=$new_domain_search $new_domain_name +EOF + fi + fi + if [ -n "$new_dhcp6_name_servers" ] ; then + cat <$statedir/isc-dhcp-v6-$interface.conf +[Resolve] +DNS=$new_dhcp6_name_servers +EOF + if [ -n "$new_dhcp6_domain_search" ] ; then + cat <>$statedir/isc-dhcp-v6-$interface.conf +Domains=$new_dhcp6_domain_search +EOF + fi + fi + systemctl try-reload-or-restart systemd-resolved.service + } + ;; + + EXPIRE|FAIL|RELEASE|STOP) + if [ ! "$interface" ] ; then + return + fi + rm -f /run/systemd/resolved.conf.d/isc-dhcp-v4-$interface.conf + systemctl try-reload-or-restart systemd-resolved.service + ;; + EXPIRE6|RELEASE6|STOP6) + if [ ! "$interface" ] ; then + return + fi + rm -f /run/systemd/resolved.conf.d/isc-dhcp-v6-$interface.conf + systemctl try-reload-or-restart systemd-resolved.service + ;; + esac +fi diff -Nru systemd-237/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf systemd-237/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf --- systemd-237/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,4 @@ +# Use synchronous scanning, to block update-dev in d-i/hw-detect until after the scan is done +# This ensures that partitioning stage has all the drives detected + +options scsi_mod scan=sync diff -Nru systemd-237/debian/extra/start-udev systemd-237/debian/extra/start-udev --- systemd-237/debian/extra/start-udev 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/extra/start-udev 2019-02-28 21:03:40.000000000 +0000 @@ -8,6 +8,12 @@ mount -n -o mode=0755 -t devtmpfs devtmpfs /dev fi +# This covers the same case as lib/modprobe.d/scsi-mod-scan-sync.conf +# in the event that scsi_mod is built in to the kernel, not a module: +if [ -f /sys/module/scsi_mod/parameters/scan ]; then + echo sync > /sys/module/scsi_mod/parameters/scan +fi + SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never udevadm trigger --action=add diff -Nru systemd-237/debian/extra/systemd-sysv-install systemd-237/debian/extra/systemd-sysv-install --- systemd-237/debian/extra/systemd-sysv-install 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/extra/systemd-sysv-install 2019-02-28 21:03:40.000000000 +0000 @@ -12,7 +12,6 @@ } ROOT= -NAME="${2:-}" # parse options eval set -- "$(getopt -o r: --long root: -- "$@")" @@ -26,6 +25,8 @@ esac done +NAME="${2:-}" + run() { if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then chroot "$ROOT" /usr/sbin/update-rc.d "$@" diff -Nru systemd-237/debian/extra/units/systemd-resolved.service.d/resolvconf.conf systemd-237/debian/extra/units/systemd-resolved.service.d/resolvconf.conf --- systemd-237/debian/extra/units/systemd-resolved.service.d/resolvconf.conf 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/extra/units/systemd-resolved.service.d/resolvconf.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -# tell resolvconf about resolved's builtin DNS server, so that DNS servers -# picked up via networkd are respected when using resolvconf, and that software -# like Chrome that does not do NSS (libnss-resolve) still gets proper DNS -# resolution; do not remove the entry after stop though, as that leads to -# timeouts on shutdown via the resolvconf hooks (see LP: #1648068) -[Service] -ExecStartPost=+/bin/sh -c '[ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved' -ReadWritePaths=-/run/resolvconf diff -Nru systemd-237/debian/extra/write_persistent_net_s390x_virtio systemd-237/debian/extra/write_persistent_net_s390x_virtio --- systemd-237/debian/extra/write_persistent_net_s390x_virtio 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/extra/write_persistent_net_s390x_virtio 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,41 @@ +#!/bin/sh +set -e + +# +# udevd since 232-20 learned to generate stable interface names for network +# interfaces in kvm/qemu. However, existing machines upgrading will be using +# the ethX names instead. The most risk-averse action is to encode +# "persistent-net-rules" like rules to keep the ethX names on upgrades, since +# the interface names (ethX) may be in use not only in /etc/network/interfaces +# but in other configurations too (daemons, firewalls, etc). +# +# This is a one time action, and can be removed after the next stable & LTS +# releases. (~ May 2018) +# + +rulesfile=/etc/udev/rules.d/70-persistent-net.rules + +if [ `uname -m` != 's390x' ] +then + exit 0 +fi + +if [ `systemd-detect-virt` != 'kvm' ] +then + exit 0 +fi + +if [ -f $rulesfile ] +then + exit 0 +fi + +for interface in /sys/class/net/eth* +do + [ -d $interface ] || continue + name=$(basename $interface) + address=$(cat $interface/address) + cat <>$rulesfile +SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="$address", KERNEL=="eth*", NAME="$name" +EOF +done diff -Nru systemd-237/debian/gbp.conf systemd-237/debian/gbp.conf --- systemd-237/debian/gbp.conf 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/gbp.conf 2019-02-28 21:03:40.000000000 +0000 @@ -1,7 +1,7 @@ [DEFAULT] pristine-tar = True patch-numbers = False -debian-branch = master +debian-branch = ubuntu-bionic [dch] full = True diff -Nru systemd-237/debian/libnss-resolve.postrm systemd-237/debian/libnss-resolve.postrm --- systemd-237/debian/libnss-resolve.postrm 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/libnss-resolve.postrm 2019-02-28 21:03:40.000000000 +0000 @@ -23,10 +23,6 @@ if [ "$1" = remove ]; then remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve - systemctl disable systemd-resolved.service - if [ -d /run/systemd/system ]; then - deb-systemd-invoke stop systemd-resolved.service || true - fi fi #DEBHELPER# diff -Nru systemd-237/debian/patches/0001-logind-trivial-improvements.patch systemd-237/debian/patches/0001-logind-trivial-improvements.patch --- systemd-237/debian/patches/0001-logind-trivial-improvements.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0001-logind-trivial-improvements.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,166 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:31:06 +0100 +Subject: [PATCH 01/19] logind: trivial improvements + +Just some addition whitespace, some additional assert()s, and removal of +redundant variables. + +(cherry picked from commit 864fe630a7a1f11b735d818b8c79d2d1068e2f3f) +--- + src/login/logind-session-device.c | 51 ++++++++++++++++++++------------------- + src/login/logind.c | 2 +- + 2 files changed, 27 insertions(+), 26 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 067e67a..b1bac04 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -74,20 +74,25 @@ static int session_device_notify(SessionDevice *sd, enum SessionDeviceNotificati + return r; + + switch (type) { ++ + case SESSION_DEVICE_RESUME: + r = sd_bus_message_append(m, "uuh", major, minor, sd->fd); + if (r < 0) + return r; + break; ++ + case SESSION_DEVICE_TRY_PAUSE: + t = "pause"; + break; ++ + case SESSION_DEVICE_PAUSE: + t = "force"; + break; ++ + case SESSION_DEVICE_RELEASE: + t = "gone"; + break; ++ + default: + return -EINVAL; + } +@@ -120,24 +125,18 @@ static int sd_eviocrevoke(int fd) { + } + + static int sd_drmsetmaster(int fd) { +- int r; +- + assert(fd >= 0); + +- r = ioctl(fd, DRM_IOCTL_SET_MASTER, 0); +- if (r < 0) ++ if (ioctl(fd, DRM_IOCTL_SET_MASTER, 0) < 0) + return -errno; + + return 0; + } + + static int sd_drmdropmaster(int fd) { +- int r; +- + assert(fd >= 0); + +- r = ioctl(fd, DRM_IOCTL_DROP_MASTER, 0); +- if (r < 0) ++ if (ioctl(fd, DRM_IOCTL_DROP_MASTER, 0) < 0) + return -errno; + + return 0; +@@ -146,7 +145,9 @@ static int sd_drmdropmaster(int fd) { + static int session_device_open(SessionDevice *sd, bool active) { + int fd, r; + ++ assert(sd); + assert(sd->type != DEVICE_TYPE_UNKNOWN); ++ assert(sd->node); + + /* open device and try to get an udev_device from it */ + fd = open(sd->node, O_RDWR|O_CLOEXEC|O_NOCTTY|O_NONBLOCK); +@@ -154,28 +155,27 @@ static int session_device_open(SessionDevice *sd, bool active) { + return -errno; + + switch (sd->type) { ++ + case DEVICE_TYPE_DRM: + if (active) { +- /* Weird legacy DRM semantics might return an error +- * even though we're master. No way to detect that so +- * fail at all times and let caller retry in inactive +- * state. */ ++ /* Weird legacy DRM semantics might return an error even though we're master. No way to detect ++ * that so fail at all times and let caller retry in inactive state. */ + r = sd_drmsetmaster(fd); + if (r < 0) { + close_nointr(fd); + return r; + } +- } else { +- /* DRM-Master is granted to the first user who opens a +- * device automatically (ughh, racy!). Hence, we just +- * drop DRM-Master in case we were the first. */ ++ } else ++ /* DRM-Master is granted to the first user who opens a device automatically (ughh, ++ * racy!). Hence, we just drop DRM-Master in case we were the first. */ + sd_drmdropmaster(fd); +- } + break; ++ + case DEVICE_TYPE_EVDEV: + if (!active) + sd_eviocrevoke(fd); + break; ++ + case DEVICE_TYPE_UNKNOWN: + default: + /* fallback for devices wihout synchronizations */ +@@ -195,26 +195,27 @@ static int session_device_start(SessionDevice *sd) { + return 0; + + switch (sd->type) { ++ + case DEVICE_TYPE_DRM: +- /* Device is kept open. Simply call drmSetMaster() and hope +- * there is no-one else. In case it fails, we keep the device +- * paused. Maybe at some point we have a drmStealMaster(). */ ++ /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we ++ * keep the device paused. Maybe at some point we have a drmStealMaster(). */ + r = sd_drmsetmaster(sd->fd); + if (r < 0) + return r; + break; ++ + case DEVICE_TYPE_EVDEV: +- /* Evdev devices are revoked while inactive. Reopen it and we +- * are fine. */ ++ /* Evdev devices are revoked while inactive. Reopen it and we are fine. */ + r = session_device_open(sd, true); + if (r < 0) + return r; +- /* For evdev devices, the file descriptor might be left +- * uninitialized. This might happen while resuming into a +- * session and logind has been restarted right before. */ ++ ++ /* For evdev devices, the file descriptor might be left uninitialized. This might happen while resuming ++ * into a session and logind has been restarted right before. */ + safe_close(sd->fd); + sd->fd = r; + break; ++ + case DEVICE_TYPE_UNKNOWN: + default: + /* fallback for devices wihout synchronizations */ +diff --git a/src/login/logind.c b/src/login/logind.c +index d15d4ce..4fa14b7 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -455,7 +455,7 @@ static int manager_attach_fds(Manager *m) { + + sd = hashmap_get(s->devices, &st.st_rdev); + if (!sd) { +- /* Weird we got an fd for a session device which wasn't ++ /* Weird, we got an fd for a session device which wasn't + * recorded in the session state file... */ + log_warning("Got fd for missing session device [%u:%u] in session %s", + major(st.st_rdev), minor(st.st_rdev), s->id); diff -Nru systemd-237/debian/patches/0002-logind-rework-sd_eviocrevoke.patch systemd-237/debian/patches/0002-logind-rework-sd_eviocrevoke.patch --- systemd-237/debian/patches/0002-logind-rework-sd_eviocrevoke.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0002-logind-rework-sd_eviocrevoke.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,39 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:32:07 +0100 +Subject: [PATCH 02/19] logind: rework sd_eviocrevoke() + +Let's initialize static variables properly and get rid of redundant +variables. + +(cherry picked from commit 5d5330a8e4c6f5926d74f1e0f4bfad2e6355235a) +--- + src/login/logind-session-device.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index b1bac04..0992f26 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -107,17 +107,15 @@ static int session_device_notify(SessionDevice *sd, enum SessionDeviceNotificati + } + + static int sd_eviocrevoke(int fd) { +- static bool warned; +- int r; ++ static bool warned = false; + + assert(fd >= 0); + +- r = ioctl(fd, EVIOCREVOKE, NULL); +- if (r < 0) { +- r = -errno; +- if (r == -EINVAL && !warned) { ++ if (ioctl(fd, EVIOCREVOKE, NULL) < 0) { ++ ++ if (errno == EINVAL && !warned) { ++ log_warning_errno(errno, "Kernel does not support evdev-revocation: %m"); + warned = true; +- log_warning("kernel does not support evdev-revocation"); + } + } + diff -Nru systemd-237/debian/patches/0003-logind-propagate-the-right-error-don-t-make-up-ENOME.patch systemd-237/debian/patches/0003-logind-propagate-the-right-error-don-t-make-up-ENOME.patch --- systemd-237/debian/patches/0003-logind-propagate-the-right-error-don-t-make-up-ENOME.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0003-logind-propagate-the-right-error-don-t-make-up-ENOME.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,26 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:33:05 +0100 +Subject: [PATCH 03/19] logind: propagate the right error, + don't make up ENOMEM + +(cherry picked from commit e38aa66426ad657b6a9adcbd041fab27e216594b) +--- + src/login/logind-session-device.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 0992f26..30e29e1 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -370,10 +370,8 @@ int session_device_new(Session *s, dev_t dev, bool open_device, SessionDevice ** + goto error; + + r = hashmap_put(s->devices, &sd->dev, sd); +- if (r < 0) { +- r = -ENOMEM; ++ if (r < 0) + goto error; +- } + + if (open_device) { + /* Open the device for the first time. We need a valid fd to pass back diff -Nru systemd-237/debian/patches/0004-logind-let-s-reduce-one-level-of-indentation.patch systemd-237/debian/patches/0004-logind-let-s-reduce-one-level-of-indentation.patch --- systemd-237/debian/patches/0004-logind-let-s-reduce-one-level-of-indentation.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0004-logind-let-s-reduce-one-level-of-indentation.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,72 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:33:20 +0100 +Subject: [PATCH 04/19] logind: let's reduce one level of indentation + +(cherry picked from commit d7ba71f4b44a10507c53f64834124545663eee17) +--- + src/login/logind-session-device.c | 35 +++++++++++++++++++---------------- + 1 file changed, 19 insertions(+), 16 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 30e29e1..64162f6 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -455,13 +455,14 @@ void session_device_resume_all(Session *s) { + assert(s); + + HASHMAP_FOREACH(sd, s->devices, i) { +- if (!sd->active) { +- if (session_device_start(sd) < 0) +- continue; +- if (session_device_save(sd) < 0) +- continue; +- session_device_notify(sd, SESSION_DEVICE_RESUME); +- } ++ if (sd->active) ++ continue; ++ ++ if (session_device_start(sd) < 0) ++ continue; ++ if (session_device_save(sd) < 0) ++ continue; ++ session_device_notify(sd, SESSION_DEVICE_RESUME); + } + } + +@@ -472,25 +473,27 @@ void session_device_pause_all(Session *s) { + assert(s); + + HASHMAP_FOREACH(sd, s->devices, i) { +- if (sd->active) { +- session_device_stop(sd); +- session_device_notify(sd, SESSION_DEVICE_PAUSE); +- } ++ if (!sd->active) ++ continue; ++ ++ session_device_stop(sd); ++ session_device_notify(sd, SESSION_DEVICE_PAUSE); + } + } + + unsigned int session_device_try_pause_all(Session *s) { ++ unsigned num_pending = 0; + SessionDevice *sd; + Iterator i; +- unsigned int num_pending = 0; + + assert(s); + + HASHMAP_FOREACH(sd, s->devices, i) { +- if (sd->active) { +- session_device_notify(sd, SESSION_DEVICE_TRY_PAUSE); +- ++num_pending; +- } ++ if (!sd->active) ++ continue; ++ ++ session_device_notify(sd, SESSION_DEVICE_TRY_PAUSE); ++ num_pending++; + } + + return num_pending; diff -Nru systemd-237/debian/patches/0005-logind-fd-0-is-a-valid-fd.patch systemd-237/debian/patches/0005-logind-fd-0-is-a-valid-fd.patch --- systemd-237/debian/patches/0005-logind-fd-0-is-a-valid-fd.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0005-logind-fd-0-is-a-valid-fd.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,22 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:33:51 +0100 +Subject: [PATCH 05/19] logind: fd 0 is a valid fd + +(cherry picked from commit 4c9cb12c0536503979f44d04491ea7bbe118a4cc) +--- + src/login/logind-session-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 64162f6..f160af1 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -527,7 +527,7 @@ int session_device_save(SessionDevice *sd) { + } + + void session_device_attach_fd(SessionDevice *sd, int fd, bool active) { +- assert(fd > 0); ++ assert(fd >= 0); + assert(sd); + assert(sd->fd < 0); + assert(!sd->active); diff -Nru systemd-237/debian/patches/0006-logind-let-s-pack-a-few-struct-fields-we-can-pack.patch systemd-237/debian/patches/0006-logind-let-s-pack-a-few-struct-fields-we-can-pack.patch --- systemd-237/debian/patches/0006-logind-let-s-pack-a-few-struct-fields-we-can-pack.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0006-logind-let-s-pack-a-few-struct-fields-we-can-pack.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,26 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:34:13 +0100 +Subject: [PATCH 06/19] logind: let's pack a few struct fields we can pack + +(cherry picked from commit 0410444446c84a759a8f2d0917710849fc91384c) +--- + src/login/logind-session-device.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/login/logind-session-device.h b/src/login/logind-session-device.h +index a1cf17a..a9ead7b 100644 +--- a/src/login/logind-session-device.h ++++ b/src/login/logind-session-device.h +@@ -39,9 +39,9 @@ struct SessionDevice { + dev_t dev; + char *node; + int fd; +- bool active; +- DeviceType type; +- bool pushed_fd; ++ DeviceType type:3; ++ bool active:1; ++ bool pushed_fd:1; + + LIST_FIELDS(struct SessionDevice, sd_by_device); + }; diff -Nru systemd-237/debian/patches/0007-logind-check-file-is-device-node-before-using-.st_rd.patch systemd-237/debian/patches/0007-logind-check-file-is-device-node-before-using-.st_rd.patch --- systemd-237/debian/patches/0007-logind-check-file-is-device-node-before-using-.st_rd.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0007-logind-check-file-is-device-node-before-using-.st_rd.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,27 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:34:43 +0100 +Subject: [PATCH 07/19] logind: check file is device node before using + .st_rdev + +(cherry picked from commit 51ead3e3774aa9306d637723d92bbddf2258d2cb) +--- + src/login/logind.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/login/logind.c b/src/login/logind.c +index 4fa14b7..bf4e55d 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -453,6 +453,12 @@ static int manager_attach_fds(Manager *m) { + continue; + } + ++ if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) { ++ log_debug("Device fd doesn't actually point to device node: %m"); ++ close_nointr(fd); ++ continue; ++ } ++ + sd = hashmap_get(s->devices, &st.st_rdev); + if (!sd) { + /* Weird, we got an fd for a session device which wasn't diff -Nru systemd-237/debian/patches/0008-logind-make-sure-we-don-t-trip-up-on-half-initialize.patch systemd-237/debian/patches/0008-logind-make-sure-we-don-t-trip-up-on-half-initialize.patch --- systemd-237/debian/patches/0008-logind-make-sure-we-don-t-trip-up-on-half-initialize.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0008-logind-make-sure-we-don-t-trip-up-on-half-initialize.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,24 @@ +From: Lennart Poettering +Date: Mon, 26 Feb 2018 18:34:49 +0100 +Subject: [PATCH 08/19] logind: make sure we don't trip up on half-initialized + session devices + +Fixes: #8035 +(cherry picked from commit 4d219f5343b1924e7c519c2c178aeb5d1a5ab924) +--- + src/login/logind-session-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index f160af1..65b4bb8 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -420,7 +420,7 @@ void session_device_free(SessionDevice *sd) { + + session_device_stop(sd); + session_device_notify(sd, SESSION_DEVICE_RELEASE); +- close_nointr(sd->fd); ++ safe_close(sd->fd); + + LIST_REMOVE(sd_by_device, sd->device->session_devices, sd); + diff -Nru systemd-237/debian/patches/0009-logind-voidify-a-function-we-never-check-the-return-.patch systemd-237/debian/patches/0009-logind-voidify-a-function-we-never-check-the-return-.patch --- systemd-237/debian/patches/0009-logind-voidify-a-function-we-never-check-the-return-.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0009-logind-voidify-a-function-we-never-check-the-return-.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,32 @@ +From: Lennart Poettering +Date: Fri, 2 Mar 2018 11:55:16 +0100 +Subject: [PATCH 09/19] logind: voidify a function we never check the return + value of + +(cherry picked from commit a3ddf73c0e4abf8e3c1b8fd91eac469220a5b44b) +--- + src/login/logind-session-device.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 65b4bb8..706245d 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -106,7 +106,7 @@ static int session_device_notify(SessionDevice *sd, enum SessionDeviceNotificati + return sd_bus_send(sd->session->manager->bus, m, NULL); + } + +-static int sd_eviocrevoke(int fd) { ++static void sd_eviocrevoke(int fd) { + static bool warned = false; + + assert(fd >= 0); +@@ -118,8 +118,6 @@ static int sd_eviocrevoke(int fd) { + warned = true; + } + } +- +- return 0; + } + + static int sd_drmsetmaster(int fd) { diff -Nru systemd-237/debian/patches/0010-logind-cast-away-return-value-we-don-t-care-about.patch systemd-237/debian/patches/0010-logind-cast-away-return-value-we-don-t-care-about.patch --- systemd-237/debian/patches/0010-logind-cast-away-return-value-we-don-t-care-about.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0010-logind-cast-away-return-value-we-don-t-care-about.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,22 @@ +From: Lennart Poettering +Date: Fri, 2 Mar 2018 11:55:33 +0100 +Subject: [PATCH 10/19] logind: cast away return value we don't care about + +(cherry picked from commit 4804600b6a38994ce4157163fe8af68a0c83e3f0) +--- + src/login/logind-session-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 706245d..db148d1 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -164,7 +164,7 @@ static int session_device_open(SessionDevice *sd, bool active) { + } else + /* DRM-Master is granted to the first user who opens a device automatically (ughh, + * racy!). Hence, we just drop DRM-Master in case we were the first. */ +- sd_drmdropmaster(fd); ++ (void) sd_drmdropmaster(fd); + break; + + case DEVICE_TYPE_EVDEV: diff -Nru systemd-237/debian/patches/0011-logind-open-device-if-needed.patch systemd-237/debian/patches/0011-logind-open-device-if-needed.patch --- systemd-237/debian/patches/0011-logind-open-device-if-needed.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0011-logind-open-device-if-needed.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,39 @@ +From: Lennart Poettering +Date: Fri, 2 Mar 2018 11:55:51 +0100 +Subject: [PATCH 11/19] logind: open device if needed + +Fixes: #8291 +(cherry picked from commit 4d3900f1b7ccce03366f9a57d259d0735c1cfbcf) +--- + src/login/logind-session-device.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index db148d1..b7476e7 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -193,11 +193,19 @@ static int session_device_start(SessionDevice *sd) { + switch (sd->type) { + + case DEVICE_TYPE_DRM: +- /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we +- * keep the device paused. Maybe at some point we have a drmStealMaster(). */ +- r = sd_drmsetmaster(sd->fd); +- if (r < 0) +- return r; ++ ++ if (sd->fd < 0) { ++ /* Open device if it isn't open yet */ ++ sd->fd = session_device_open(sd, true); ++ if (sd->fd < 0) ++ return sd->fd; ++ } else { ++ /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we ++ * keep the device paused. Maybe at some point we have a drmStealMaster(). */ ++ r = sd_drmsetmaster(sd->fd); ++ if (r < 0) ++ return r; ++ } + break; + + case DEVICE_TYPE_EVDEV: diff -Nru systemd-237/debian/patches/0012-logind-fix-typo-in-comment.patch systemd-237/debian/patches/0012-logind-fix-typo-in-comment.patch --- systemd-237/debian/patches/0012-logind-fix-typo-in-comment.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0012-logind-fix-typo-in-comment.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,54 @@ +From: Lennart Poettering +Date: Fri, 2 Mar 2018 11:56:15 +0100 +Subject: [PATCH 12/19] logind: fix typo in comment + +(cherry picked from commit 340aff15f89351b118a717967418c218b3dd0279) +--- + src/login/logind-session-device.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index b7476e7..c64fb43 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -222,7 +222,7 @@ static int session_device_start(SessionDevice *sd) { + + case DEVICE_TYPE_UNKNOWN: + default: +- /* fallback for devices wihout synchronizations */ ++ /* fallback for devices without synchronizations */ + break; + } + +@@ -237,6 +237,7 @@ static void session_device_stop(SessionDevice *sd) { + return; + + switch (sd->type) { ++ + case DEVICE_TYPE_DRM: + /* On DRM devices we simply drop DRM-Master but keep it open. + * This allows the user to keep resources allocated. The +@@ -244,6 +245,7 @@ static void session_device_stop(SessionDevice *sd) { + * circumventing this. */ + sd_drmdropmaster(sd->fd); + break; ++ + case DEVICE_TYPE_EVDEV: + /* Revoke access on evdev file-descriptors during deactivation. + * This will basically prevent any operations on the fd and +@@ -251,6 +253,7 @@ static void session_device_stop(SessionDevice *sd) { + * protection this way. */ + sd_eviocrevoke(sd->fd); + break; ++ + case DEVICE_TYPE_UNKNOWN: + default: + /* fallback for devices without synchronization */ +@@ -468,6 +471,7 @@ void session_device_resume_all(Session *s) { + continue; + if (session_device_save(sd) < 0) + continue; ++ + session_device_notify(sd, SESSION_DEVICE_RESUME); + } + } diff -Nru systemd-237/debian/patches/0013-login-fix-FDNAME-in-call-to-sd_pid_notify_with_fds.patch systemd-237/debian/patches/0013-login-fix-FDNAME-in-call-to-sd_pid_notify_with_fds.patch --- systemd-237/debian/patches/0013-login-fix-FDNAME-in-call-to-sd_pid_notify_with_fds.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0013-login-fix-FDNAME-in-call-to-sd_pid_notify_with_fds.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,35 @@ +From: Alan Jenkins +Date: Sat, 3 Mar 2018 18:37:50 +0000 +Subject: [PATCH 13/19] login: fix FDNAME in call to sd_pid_notify_with_fds() + +$ git grep FDNAME +logind-session-device.c: ... "FDNAME=session-", sd->session->id); +logind-session-device.c: ... "FDNAME=session", sd->session->id); + +Oops. + +Fixes #8343. Or at least a more minimal reproducer. Xorg still +dies when logind is restarted, but the Xorg message says this +is entirely deliberate. + +(This could also be the reason I hit #8035, instead of the race +condition I originally suggested). + +(cherry picked from commit b5cdfa40ca6aae5e98a69da7a8b350215f807649) +--- + src/login/logind-session-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index c64fb43..7253f95 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -526,7 +526,7 @@ int session_device_save(SessionDevice *sd) { + return 0; + + m = strjoina("FDSTORE=1\n" +- "FDNAME=session", sd->session->id); ++ "FDNAME=session-", sd->session->id); + + r = sd_pid_notify_with_fds(0, false, m, &sd->fd, 1); + if (r < 0) diff -Nru systemd-237/debian/patches/0014-login-remember-that-fds-received-from-PID1-need-to-b.patch systemd-237/debian/patches/0014-login-remember-that-fds-received-from-PID1-need-to-b.patch --- systemd-237/debian/patches/0014-login-remember-that-fds-received-from-PID1-need-to-b.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0014-login-remember-that-fds-received-from-PID1-need-to-b.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,24 @@ +From: Alan Jenkins +Date: Sat, 3 Mar 2018 18:44:39 +0000 +Subject: [PATCH 14/19] login: remember that fds received from PID1 need to be + removed eventually + +Remember to set sd->pushed_fd when we receive an fd from PID1 on startup, +the same as we set it when we send an fd to PID1. + +(cherry picked from commit f8f9419e8765dd427301fa479fb014c5f92250ed) +--- + src/login/logind-session-device.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 7253f95..73eee72 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -543,5 +543,6 @@ void session_device_attach_fd(SessionDevice *sd, int fd, bool active) { + assert(!sd->active); + + sd->fd = fd; ++ sd->pushed_fd = true; + sd->active = active; + } diff -Nru systemd-237/debian/patches/0015-login-correct-comment-in-session_device_free.patch systemd-237/debian/patches/0015-login-correct-comment-in-session_device_free.patch --- systemd-237/debian/patches/0015-login-correct-comment-in-session_device_free.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0015-login-correct-comment-in-session_device_free.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,26 @@ +From: Alan Jenkins +Date: Tue, 6 Mar 2018 20:16:10 +0000 +Subject: [PATCH 15/19] login: correct comment in session_device_free() + +We're not removing the pushed fd "again"; this is the only place +logind removes it from PID1. (And stopping the fd doesn't always +cause PID1 to remove the fd itself; it depends on the device type). + +(cherry picked from commit a94c162021bbb0d6065b433040cef693d76162cb) +--- + src/login/logind-session-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 73eee72..de7d963 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -419,7 +419,7 @@ void session_device_free(SessionDevice *sd) { + if (sd->pushed_fd) { + const char *m; + +- /* Remove the pushed fd again, just in case. */ ++ /* Make sure to remove the pushed fd. */ + + m = strjoina("FDSTOREREMOVE=1\n" + "FDNAME=session-", sd->session->id); diff -Nru systemd-237/debian/patches/0016-login-we-only-allow-opening-character-devices.patch systemd-237/debian/patches/0016-login-we-only-allow-opening-character-devices.patch --- systemd-237/debian/patches/0016-login-we-only-allow-opening-character-devices.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0016-login-we-only-allow-opening-character-devices.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,28 @@ +From: Alan Jenkins +Date: Tue, 6 Mar 2018 16:16:00 +0000 +Subject: [PATCH 16/19] login: we only allow opening character devices + +We already don't allow directly opening block devices attached to the seat. +They are handled by udisks instead. Clarify the code used when restarting +logind. + +(cherry picked from commit 8b983cc74a85bda4d662fd822b433327fc568d40) +--- + src/login/logind.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/login/logind.c b/src/login/logind.c +index bf4e55d..953e1fc 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -453,8 +453,8 @@ static int manager_attach_fds(Manager *m) { + continue; + } + +- if (!S_ISCHR(st.st_mode) && !S_ISBLK(st.st_mode)) { +- log_debug("Device fd doesn't actually point to device node: %m"); ++ if (!S_ISCHR(st.st_mode)) { ++ log_debug("Device fd doesn't point to a character device node"); + close_nointr(fd); + continue; + } diff -Nru systemd-237/debian/patches/0017-login-don-t-remove-all-devices-from-PID1-when-only-o.patch systemd-237/debian/patches/0017-login-don-t-remove-all-devices-from-PID1-when-only-o.patch --- systemd-237/debian/patches/0017-login-don-t-remove-all-devices-from-PID1-when-only-o.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0017-login-don-t-remove-all-devices-from-PID1-when-only-o.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,196 @@ +From: Alan Jenkins +Date: Tue, 6 Mar 2018 15:59:38 +0000 +Subject: [PATCH 17/19] login: don't remove all devices from PID1 when only + one was removed + +FDSTOREREMOVE=1 removes all fds with the specified name. And we had named +the fds after the session. Better fix that. + +Closes #8344. + +AFAICT there's no point providing compatibility code for this transition. +No-one would be restarting logind on a system with a GUI (where the +session devices are used), because doing so has been killing the GUI, and +even causing startup of the GUI to fail leading to a restart loop. + +Upgrading logind on a running system with a GUI might start being possible +after this commit (and after also fixing the display server of your +choice). + +(cherry picked from commit 1bef256cf5838d4bbc55654206aa6254d7fddb59) +--- + src/login/logind-session-device.c | 38 +++++++++++++++++--------- + src/login/logind.c | 56 ++++++++++++++++++++++++++++++++------- + 2 files changed, 73 insertions(+), 21 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index de7d963..04063c3 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -416,15 +416,21 @@ error: + void session_device_free(SessionDevice *sd) { + assert(sd); + ++ /* Make sure to remove the pushed fd. */ + if (sd->pushed_fd) { +- const char *m; +- +- /* Make sure to remove the pushed fd. */ +- +- m = strjoina("FDSTOREREMOVE=1\n" +- "FDNAME=session-", sd->session->id); +- +- (void) sd_notify(false, m); ++ _cleanup_free_ char *m = NULL; ++ const char *id; ++ int r; ++ ++ /* Session ID does not contain separators. */ ++ id = sd->session->id; ++ assert(*(id + strcspn(id, "-\n")) == '\0'); ++ ++ r = asprintf(&m, "FDSTOREREMOVE=1\n" ++ "FDNAME=session-%s-device-%u-%u\n", ++ id, major(sd->dev), minor(sd->dev)); ++ if (r >= 0) ++ (void) sd_notify(false, m); + } + + session_device_stop(sd); +@@ -510,7 +516,8 @@ unsigned int session_device_try_pause_all(Session *s) { + } + + int session_device_save(SessionDevice *sd) { +- const char *m; ++ _cleanup_free_ char *m = NULL; ++ const char *id; + int r; + + assert(sd); +@@ -524,9 +531,16 @@ int session_device_save(SessionDevice *sd) { + + if (sd->pushed_fd) + return 0; +- +- m = strjoina("FDSTORE=1\n" +- "FDNAME=session-", sd->session->id); ++ ++ /* Session ID does not contain separators. */ ++ id = sd->session->id; ++ assert(*(id + strcspn(id, "-\n")) == '\0'); ++ ++ r = asprintf(&m, "FDSTORE=1\n" ++ "FDNAME=session-%s-device-%u-%u\n", ++ id, major(sd->dev), minor(sd->dev)); ++ if (r < 0) ++ return r; + + r = sd_pid_notify_with_fds(0, false, m, &sd->fd, 1); + if (r < 0) +diff --git a/src/login/logind.c b/src/login/logind.c +index 953e1fc..0b5e222 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -36,6 +36,7 @@ + #include "fd-util.h" + #include "format-util.h" + #include "logind.h" ++#include "parse-util.h" + #include "process-util.h" + #include "selinux-util.h" + #include "signal-util.h" +@@ -411,6 +412,38 @@ static int manager_enumerate_users(Manager *m) { + return r; + } + ++static int parse_fdname(const char *fdname, char **session_id, dev_t *dev) { ++ _cleanup_strv_free_ char **parts = NULL; ++ _cleanup_free_ char *id = NULL; ++ unsigned int major, minor; ++ int r; ++ ++ parts = strv_split(fdname, "-"); ++ if (!parts) ++ return -ENOMEM; ++ if (strv_length(parts) != 5) ++ return -EINVAL; ++ ++ if (!streq(parts[0], "session")) ++ return -EINVAL; ++ id = strdup(parts[1]); ++ if (!id) ++ return -ENOMEM; ++ ++ if (!streq(parts[2], "device")) ++ return -EINVAL; ++ r = safe_atou(parts[3], &major) || ++ safe_atou(parts[4], &minor); ++ if (r < 0) ++ return r; ++ ++ *dev = makedev(major, minor); ++ *session_id = id; ++ id = NULL; ++ ++ return 0; ++} ++ + static int manager_attach_fds(Manager *m) { + _cleanup_strv_free_ char **fdnames = NULL; + int n, i, fd; +@@ -424,16 +457,21 @@ static int manager_attach_fds(Manager *m) { + return n; + + for (i = 0; i < n; i++) { ++ _cleanup_free_ char *id = NULL; ++ dev_t dev; + struct stat st; + SessionDevice *sd; + Session *s; +- char *id; ++ int r; + + fd = SD_LISTEN_FDS_START + i; + +- id = startswith(fdnames[i], "session-"); +- if (!id) ++ r = parse_fdname(fdnames[i], &id, &dev); ++ if (r < 0) { ++ log_debug_errno(r, "Failed to parse fd name %s: %m", fdnames[i]); ++ close_nointr(fd); + continue; ++ } + + s = hashmap_get(m->sessions, id); + if (!s) { +@@ -453,24 +491,24 @@ static int manager_attach_fds(Manager *m) { + continue; + } + +- if (!S_ISCHR(st.st_mode)) { +- log_debug("Device fd doesn't point to a character device node"); ++ if (!S_ISCHR(st.st_mode) || st.st_rdev != dev) { ++ log_debug("Device fd doesn't point to the expected character device node"); + close_nointr(fd); + continue; + } + +- sd = hashmap_get(s->devices, &st.st_rdev); ++ sd = hashmap_get(s->devices, &dev); + if (!sd) { + /* Weird, we got an fd for a session device which wasn't +- * recorded in the session state file... */ ++ * recorded in the session state file... */ + log_warning("Got fd for missing session device [%u:%u] in session %s", +- major(st.st_rdev), minor(st.st_rdev), s->id); ++ major(dev), minor(dev), s->id); + close_nointr(fd); + continue; + } + + log_debug("Attaching fd to session device [%u:%u] for session %s", +- major(st.st_rdev), minor(st.st_rdev), s->id); ++ major(dev), minor(dev), s->id); + + session_device_attach_fd(sd, fd, s->was_active); + } diff -Nru systemd-237/debian/patches/0018-login-effectively-revert-open-device-if-needed.patch systemd-237/debian/patches/0018-login-effectively-revert-open-device-if-needed.patch --- systemd-237/debian/patches/0018-login-effectively-revert-open-device-if-needed.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0018-login-effectively-revert-open-device-if-needed.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,64 @@ +From: Alan Jenkins +Date: Tue, 6 Mar 2018 12:28:54 +0000 +Subject: [PATCH 18/19] login: effectively revert "open device if needed" + +This replaces commit 4d3900f1b7ccce03366f9a57d259d0735c1cfbcf. +The underlying cause of issue #8291 has been fixed, so there is no reason +to paper over it any more. + +But it might still be useful not to crash in the face of bad restart data. +That can cause several restarts, or maybe at some point an infinite loop +of restarts. Fail the start (or stop!) request, and write an error to the +system log. Each time reflects a user request where we fail to resume the +display server's access (or revoke it), and it can be useful if the log +shows the most recent one. + +(cherry picked from commit f27053376074fc6d325e01e699e0125f5d03192a) +--- + src/login/logind-session-device.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +diff --git a/src/login/logind-session-device.c b/src/login/logind-session-device.c +index 04063c3..9f01497 100644 +--- a/src/login/logind-session-device.c ++++ b/src/login/logind-session-device.c +@@ -193,19 +193,16 @@ static int session_device_start(SessionDevice *sd) { + switch (sd->type) { + + case DEVICE_TYPE_DRM: +- + if (sd->fd < 0) { +- /* Open device if it isn't open yet */ +- sd->fd = session_device_open(sd, true); +- if (sd->fd < 0) +- return sd->fd; +- } else { +- /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we +- * keep the device paused. Maybe at some point we have a drmStealMaster(). */ +- r = sd_drmsetmaster(sd->fd); +- if (r < 0) +- return r; ++ log_error("Failed to re-activate DRM fd, as the fd was lost (maybe logind restart went wrong?)"); ++ return -EBADF; + } ++ ++ /* Device is kept open. Simply call drmSetMaster() and hope there is no-one else. In case it fails, we ++ * keep the device paused. Maybe at some point we have a drmStealMaster(). */ ++ r = sd_drmsetmaster(sd->fd); ++ if (r < 0) ++ return r; + break; + + case DEVICE_TYPE_EVDEV: +@@ -239,6 +236,11 @@ static void session_device_stop(SessionDevice *sd) { + switch (sd->type) { + + case DEVICE_TYPE_DRM: ++ if (sd->fd < 0) { ++ log_error("Failed to de-activate DRM fd, as the fd was lost (maybe logind restart went wrong?)"); ++ return; ++ } ++ + /* On DRM devices we simply drop DRM-Master but keep it open. + * This allows the user to keep resources allocated. The + * CAP_SYS_ADMIN restriction to DRM-Master prevents users from diff -Nru systemd-237/debian/patches/0019-logind-fix-borked-r-check.patch systemd-237/debian/patches/0019-logind-fix-borked-r-check.patch --- systemd-237/debian/patches/0019-logind-fix-borked-r-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/0019-logind-fix-borked-r-check.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,36 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Thu, 10 May 2018 01:34:33 +0200 +Subject: [PATCH 19/19] logind: fix borked r check + +CID #1390947, #1390952. + +(cherry picked from commit 36591e108093a16892d8521babc18ad246fb594b) +--- + src/login/logind.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/login/logind.c b/src/login/logind.c +index 0b5e222..17cfdc2 100644 +--- a/src/login/logind.c ++++ b/src/login/logind.c +@@ -426,14 +426,18 @@ static int parse_fdname(const char *fdname, char **session_id, dev_t *dev) { + + if (!streq(parts[0], "session")) + return -EINVAL; ++ + id = strdup(parts[1]); + if (!id) + return -ENOMEM; + + if (!streq(parts[2], "device")) + return -EINVAL; +- r = safe_atou(parts[3], &major) || +- safe_atou(parts[4], &minor); ++ ++ r = safe_atou(parts[3], &major); ++ if (r < 0) ++ return r; ++ r = safe_atou(parts[4], &minor); + if (r < 0) + return r; + diff -Nru systemd-237/debian/patches/CVE-2018-15686.patch systemd-237/debian/patches/CVE-2018-15686.patch --- systemd-237/debian/patches/CVE-2018-15686.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-15686.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,217 @@ +Description: core: when deserializing state always use read_line(…, LONG_LINE_MAX, …) + + This should be much better than fgets(), as we can read substantially + longer lines and overly long lines result in proper errors. + + Fixes a vulnerability discovered by Jann Horn at Google. + + CVE-2018-15686 + +Origin: upstream, https://github.com/poettering/systemd/commit/8948b3415d762245ebf5e19d80b97d4d8cc208c1 +Bug-Ubuntu: https://launchpad.net/bugs/1796402 + +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -28,6 +28,7 @@ + #include "dbus-job.h" + #include "dbus.h" + #include "escape.h" ++#include "fileio.h" + #include "job.h" + #include "log.h" + #include "macro.h" +@@ -1067,24 +1068,26 @@ + } + + int job_deserialize(Job *j, FILE *f) { ++ int r; ++ + assert(j); + assert(f); + + for (;;) { +- char line[LINE_MAX], *l, *v; ++ _cleanup_free_ char *line = NULL; ++ char *l, *v; + size_t k; + +- if (!fgets(line, sizeof(line), f)) { +- if (feof(f)) +- return 0; +- return -errno; +- } ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return log_error_errno(r, "Failed to read serialization line: %m"); ++ if (r == 0) ++ return 0; + +- char_array_0(line); + l = strstrip(line); + + /* End marker */ +- if (l[0] == 0) ++ if (isempty(l)) + return 0; + + k = strcspn(l, "="); +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3346,21 +3346,19 @@ + rt = (ExecRuntime**) ((uint8_t*) u + offset); + + for (;;) { +- char line[LINE_MAX], *l, *v; ++ _cleanup_free_ char *line = NULL; + CGroupIPAccountingMetric m; ++ char *l, *v; + size_t k; + +- if (!fgets(line, sizeof(line), f)) { +- if (feof(f)) +- return 0; +- return -errno; +- } ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return log_error_errno(r, "Failed to read serialization line: %m"); ++ if (r == 0) /* eof */ ++ break; + +- char_array_0(line); + l = strstrip(line); +- +- /* End marker */ +- if (isempty(l)) ++ if (isempty(l)) /* End marker */ + break; + + k = strcspn(l, "="); +@@ -3637,23 +3635,27 @@ + return 0; + } + +-void unit_deserialize_skip(FILE *f) { ++int unit_deserialize_skip(FILE *f) { ++ int r; + assert(f); + + /* Skip serialized data for this unit. We don't know what it is. */ + + for (;;) { +- char line[LINE_MAX], *l; ++ _cleanup_free_ char *line = NULL; ++ char *l; + +- if (!fgets(line, sizeof line, f)) +- return; ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return log_error_errno(r, "Failed to read serialization line: %m"); ++ if (r == 0) ++ return 0; + +- char_array_0(line); + l = strstrip(line); + + /* End marker */ + if (isempty(l)) +- return; ++ return 1; + } + } + +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -689,7 +689,7 @@ + + int unit_serialize(Unit *u, FILE *f, FDSet *fds, bool serialize_jobs); + int unit_deserialize(Unit *u, FILE *f, FDSet *fds); +-void unit_deserialize_skip(FILE *f); ++int unit_deserialize_skip(FILE *f); + + int unit_serialize_item(Unit *u, FILE *f, const char *key, const char *value); + int unit_serialize_item_escaped(Unit *u, FILE *f, const char *key, const char *value); +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -2841,22 +2841,19 @@ + m->n_reloading++; + + for (;;) { +- char line[LINE_MAX]; ++ _cleanup_free_ char *line = NULL; + const char *val, *l; + +- if (!fgets(line, sizeof(line), f)) { +- if (feof(f)) +- r = 0; +- else +- r = -errno; +- ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) { ++ r = log_error_errno(r, "Failed to read serialization line: %m"); + goto finish; + } ++ if (r == 0) ++ break; + +- char_array_0(line); + l = strstrip(line); +- +- if (l[0] == 0) ++ if (isempty(l)) /* end marker */ + break; + + if ((val = startswith(l, "current-job-id="))) { +@@ -3004,28 +3001,30 @@ + + for (;;) { + Unit *u; +- char name[UNIT_NAME_MAX+2]; ++ _cleanup_free_ char *line = NULL; + const char* unit_name; + + /* Start marker */ +- if (!fgets(name, sizeof(name), f)) { +- if (feof(f)) +- r = 0; +- else +- r = -errno; +- ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) { ++ r = log_error_errno(r, "Failed to read serialization line: %m"); + goto finish; + } ++ if (r == 0) ++ break; + +- char_array_0(name); +- unit_name = strstrip(name); ++ unit_name = strstrip(line); + + r = manager_load_unit(m, unit_name, NULL, NULL, &u); + if (r < 0) { + log_notice_errno(r, "Failed to load unit \"%s\", skipping deserialization: %m", unit_name); + if (r == -ENOMEM) + goto finish; +- unit_deserialize_skip(f); ++ ++ r = unit_deserialize_skip(f); ++ if (r < 0) ++ goto finish; ++ + continue; + } + +@@ -3038,9 +3037,6 @@ + } + + finish: +- if (ferror(f)) +- r = -EIO; +- + assert(m->n_reloading > 0); + m->n_reloading--; + diff -Nru systemd-237/debian/patches/CVE-2018-15687.patch systemd-237/debian/patches/CVE-2018-15687.patch --- systemd-237/debian/patches/CVE-2018-15687.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-15687.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,234 @@ +Description: chown-recursive: let's rework the recursive logic to use O_PATH + + That way we can pin a specific inode and analyze it and manipulate it + without it being swapped out beneath our hands. + + Fixes a vulnerability originally found by Jann Horn from Google. + + CVE-2018-15687 + +Origin: upstream, https://github.com/poettering/systemd/commit/5de6cce58b3e8b79239b6e83653459d91af6e57c +Bug-Ubuntu: https://launchpad.net/bugs/1796692 + +--- a/src/core/chown-recursive.c ++++ b/src/core/chown-recursive.c +@@ -18,18 +18,20 @@ + along with systemd; If not, see . + ***/ + +-#include +-#include + #include ++#include ++#include + +-#include "user-util.h" +-#include "macro.h" +-#include "fd-util.h" +-#include "dirent-util.h" + #include "chown-recursive.h" ++#include "dirent-util.h" ++#include "fd-util.h" ++#include "macro.h" ++#include "stdio-util.h" ++#include "strv.h" ++#include "user-util.h" + +-static int chown_one(int fd, const char *name, const struct stat *st, uid_t uid, gid_t gid) { +- int r; ++static int chown_one(int fd, const struct stat *st, uid_t uid, gid_t gid) { ++ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; + + assert(fd >= 0); + assert(st); +@@ -38,90 +40,82 @@ + (!gid_is_valid(gid) || st->st_gid == gid)) + return 0; + +- if (name) +- r = fchownat(fd, name, uid, gid, AT_SYMLINK_NOFOLLOW); +- else +- r = fchown(fd, uid, gid); +- if (r < 0) +- return -errno; ++ /* We change ownership through the /proc/self/fd/%i path, so that we have a stable reference that works with ++ * O_PATH. (Note: fchown() and fchmod() do not work with O_PATH, the kernel refuses that. */ ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); + +- /* The linux kernel alters the mode in some cases of chown(). Let's undo this. */ +- if (name) { +- if (!S_ISLNK(st->st_mode)) +- r = fchmodat(fd, name, st->st_mode, 0); +- else /* There's currently no AT_SYMLINK_NOFOLLOW for fchmodat() */ +- r = 0; +- } else +- r = fchmod(fd, st->st_mode); +- if (r < 0) ++ if (chown(procfs_path, uid, gid) < 0) + return -errno; + ++ /* The linux kernel alters the mode in some cases of chown(). Let's undo this. We do this only for non-symlinks ++ * however. That's because for symlinks the access mode is ignored anyway and because on some kernels/file ++ * systems trying to change the access mode will succeed but has no effect while on others it actively ++ * fails. */ ++ if (!S_ISLNK(st->st_mode)) ++ if (chmod(procfs_path, st->st_mode & 07777) < 0) ++ return -errno; ++ + return 1; + } + + static int chown_recursive_internal(int fd, const struct stat *st, uid_t uid, gid_t gid) { ++ _cleanup_closedir_ DIR *d = NULL; + bool changed = false; ++ struct dirent *de; + int r; + + assert(fd >= 0); + assert(st); + +- if (S_ISDIR(st->st_mode)) { +- _cleanup_closedir_ DIR *d = NULL; +- struct dirent *de; +- +- d = fdopendir(fd); +- if (!d) { +- r = -errno; +- goto finish; +- } +- fd = -1; +- +- FOREACH_DIRENT_ALL(de, d, r = -errno; goto finish) { +- struct stat fst; +- +- if (dot_or_dot_dot(de->d_name)) +- continue; ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } + +- if (fstatat(dirfd(d), de->d_name, &fst, AT_SYMLINK_NOFOLLOW) < 0) { +- r = -errno; +- goto finish; +- } +- +- if (S_ISDIR(fst.st_mode)) { +- int subdir_fd; +- +- subdir_fd = openat(dirfd(d), de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (subdir_fd < 0) { +- r = -errno; +- goto finish; +- } +- +- r = chown_recursive_internal(subdir_fd, &fst, uid, gid); +- if (r < 0) +- goto finish; +- if (r > 0) +- changed = true; +- } else { +- r = chown_one(dirfd(d), de->d_name, &fst, uid, gid); +- if (r < 0) +- goto finish; +- if (r > 0) +- changed = true; +- } ++ FOREACH_DIRENT_ALL(de, d, return -errno) { ++ _cleanup_close_ int path_fd = -1; ++ struct stat fst; ++ ++ if (dot_or_dot_dot(de->d_name)) ++ continue; ++ ++ /* Let's pin the child inode we want to fix now with an O_PATH fd, so that it cannot be swapped out ++ * while we manipulate it. */ ++ path_fd = openat(dirfd(d), de->d_name, O_PATH|O_CLOEXEC|O_NOFOLLOW); ++ if (path_fd < 0) ++ return -errno; ++ ++ if (fstat(path_fd, &fst) < 0) ++ return -errno; ++ ++ if (S_ISDIR(fst.st_mode)) { ++ int subdir_fd; ++ ++ /* Convert it to a "real" (i.e. non-O_PATH) fd now */ ++ subdir_fd = fd_reopen(path_fd, O_RDONLY|O_CLOEXEC|O_NOATIME); ++ if (subdir_fd < 0) ++ return subdir_fd; ++ ++ r = chown_recursive_internal(subdir_fd, &fst, uid, gid); /* takes possession of subdir_fd even on failure */ ++ if (r < 0) ++ return r; ++ if (r > 0) ++ changed = true; ++ } else { ++ r = chown_one(path_fd, &fst, uid, gid); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ changed = true; + } ++ } + +- r = chown_one(dirfd(d), NULL, st, uid, gid); +- } else +- r = chown_one(fd, NULL, st, uid, gid); ++ r = chown_one(dirfd(d), st, uid, gid); + if (r < 0) +- goto finish; +- +- r = r > 0 || changed; ++ return r; + +-finish: +- safe_close(fd); +- return r; ++ return r > 0 || changed; + } + + int path_chown_recursive(const char *path, uid_t uid, gid_t gid) { +@@ -129,7 +123,7 @@ + struct stat st; + int r; + +- fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); + if (fd < 0) + return -errno; + +--- a/src/basic/fd-util.c ++++ b/src/basic/fd-util.c +@@ -578,3 +578,22 @@ + + return -EOPNOTSUPP; + } ++ ++int fd_reopen(int fd, int flags) { ++ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ int new_fd; ++ ++ /* Reopens the specified fd with new flags. This is useful for convert an O_PATH fd into a regular one, or to ++ * turn O_RDWR fds into O_RDONLY fds. ++ * ++ * This doesn't work on sockets (since they cannot be open()ed, ever). ++ * ++ * This implicitly resets the file read index to 0. */ ++ ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ new_fd = open(procfs_path, flags); ++ if (new_fd < 0) ++ return -errno; ++ ++ return new_fd; ++} +--- a/src/basic/fd-util.h ++++ b/src/basic/fd-util.h +@@ -91,3 +91,5 @@ + /* Hint: ENETUNREACH happens if we try to connect to "non-existing" special IP addresses, such as ::5 */ + #define ERRNO_IS_DISCONNECT(r) \ + IN_SET(r, ENOTCONN, ECONNRESET, ECONNREFUSED, ECONNABORTED, EPIPE, ENETUNREACH) ++ ++int fd_reopen(int fd, int flags); diff -Nru systemd-237/debian/patches/CVE-2018-15688.patch systemd-237/debian/patches/CVE-2018-15688.patch --- systemd-237/debian/patches/CVE-2018-15688.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-15688.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,29 @@ +From 4dac5eaba4e419b29c97da38a8b1f82336c2c892 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 19 Oct 2018 12:12:33 +0200 +Subject: [PATCH 4/5] dhcp6: make sure we have enough space for the DHCP6 + option header + +Fixes a vulnerability originally discovered by Felix Wilhelm from +Google. + +CVE-2018-15688 +LP: #1795921 +https://bugzilla.redhat.com/show_bug.cgi?id=1639067 +--- + src/libsystemd-network/dhcp6-option.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: systemd-237/src/libsystemd-network/dhcp6-option.c +=================================================================== +--- systemd-237.orig/src/libsystemd-network/dhcp6-option.c 2018-10-31 11:38:26.996004319 -0400 ++++ systemd-237/src/libsystemd-network/dhcp6-option.c 2018-10-31 11:38:26.988004293 -0400 +@@ -118,7 +118,7 @@ int dhcp6_option_append_ia(uint8_t **buf + return -EINVAL; + } + +- if (*buflen < len) ++ if (*buflen < offsetof(DHCP6Option, data) + len) + return -ENOBUFS; + + ia_hdr = *buf; diff -Nru systemd-237/debian/patches/CVE-2018-16864.patch systemd-237/debian/patches/CVE-2018-16864.patch --- systemd-237/debian/patches/CVE-2018-16864.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-16864.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,186 @@ +From c29b44cb90e2cc521533e6169cf847553ebefd81 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 5 Dec 2018 18:38:39 +0100 +Subject: [PATCH 03/11] journald: do not store the iovec entry for process + commandline on stack + +This fixes a crash where we would read the commandline, whose length is under +control of the sending program, and then crash when trying to create a stack +allocation for it. + +CVE-2018-16864 +https://bugzilla.redhat.com/show_bug.cgi?id=1653855 + +The message actually doesn't get written to disk, because +journal_file_append_entry() returns -E2BIG. +--- + src/basic/io-util.c | 10 ++++++++++ + src/basic/io-util.h | 2 ++ + src/coredump/coredump.c | 31 +++++++++++-------------------- + src/journal/journald-server.c | 25 +++++++++++++++---------- + 4 files changed, 38 insertions(+), 30 deletions(-) + +--- a/src/basic/io-util.c ++++ b/src/basic/io-util.c +@@ -26,6 +26,7 @@ + #include + + #include "io-util.h" ++#include "string-util.h" + #include "time-util.h" + + int flush_fd(int fd) { +@@ -270,3 +271,12 @@ + + return q - (const uint8_t*) p; + } ++ ++char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) { ++ char *x; ++ ++ x = strappend(field, value); ++ if (x) ++ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x); ++ return x; ++} +--- a/src/basic/io-util.h ++++ b/src/basic/io-util.h +@@ -91,3 +91,5 @@ + #define IOVEC_MAKE(base, len) (struct iovec) IOVEC_INIT(base, len) + #define IOVEC_INIT_STRING(string) IOVEC_INIT((char*) string, strlen(string)) + #define IOVEC_MAKE_STRING(string) (struct iovec) IOVEC_INIT_STRING(string) ++ ++char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value); +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -1067,19 +1067,10 @@ + return 0; + } + +-static char* set_iovec_field(struct iovec iovec[27], size_t *n_iovec, const char *field, const char *value) { +- char *x; +- +- x = strappend(field, value); +- if (x) +- iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x); +- return x; +-} +- + static char* set_iovec_field_free(struct iovec iovec[27], size_t *n_iovec, const char *field, char *value) { + char *x; + +- x = set_iovec_field(iovec, n_iovec, field, value); ++ x = set_iovec_string_field(iovec, n_iovec, field, value); + free(value); + return x; + } +@@ -1129,33 +1120,33 @@ + disable_coredumps(); + } + +- set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]); ++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]); + } + + if (cg_pid_get_user_unit(pid, &t) >= 0) + set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t); + + /* The next few are mandatory */ +- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID])) + return log_oom(); + +- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID])) + return log_oom(); + +- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID])) + return log_oom(); + +- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL])) + return log_oom(); + +- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT])) + return log_oom(); + +- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM])) ++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM])) + return log_oom(); + + if (context[CONTEXT_EXE] && +- !set_iovec_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE])) ++ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE])) + return log_oom(); + + if (sd_pid_get_session(pid, &t) >= 0) +@@ -1223,7 +1214,7 @@ + iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t); + + if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo)) +- set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo)); ++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo)); + + return 0; /* we successfully acquired all metadata */ + } +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -769,6 +769,7 @@ + pid_t object_pid) { + + char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)]; ++ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; + uid_t journal_uid; + ClientContext *o; + +@@ -785,20 +786,23 @@ + IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID"); + IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID"); + +- IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); +- IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); +- IOVEC_ADD_STRING_FIELD(iovec, n, c->cmdline, "_CMDLINE"); +- IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); ++ IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */ ++ IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */ + +- IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT"); ++ if (c->cmdline) ++ /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack. ++ * Let's use a heap allocation for this one. */ ++ cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline); + ++ IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */ ++ IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT"); + IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION"); + IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID"); + +- IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); ++ IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */ + IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION"); + IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID"); +- IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); ++ IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */ + IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT"); + IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE"); + IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE"); +@@ -819,13 +823,14 @@ + IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID"); + IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID"); + ++ /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */ + IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM"); + IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE"); +- IOVEC_ADD_STRING_FIELD(iovec, n, o->cmdline, "OBJECT_CMDLINE"); +- IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE"); ++ if (o->cmdline) ++ cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline); + ++ IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE"); + IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT"); +- + IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION"); + IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID"); + diff -Nru systemd-237/debian/patches/CVE-2018-16865_1.patch systemd-237/debian/patches/CVE-2018-16865_1.patch --- systemd-237/debian/patches/CVE-2018-16865_1.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-16865_1.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,46 @@ +From 4489ac6683386805742f7ee678cb8580d669556b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 5 Dec 2018 22:45:02 +0100 +Subject: [PATCH 06/11] journald: set a limit on the number of fields (1k) + +We allocate a iovec entry for each field, so with many short entries, +our memory usage and processing time can be large, even with a relatively +small message size. Let's refuse overly long entries. + +CVE-2018-16865 +https://bugzilla.redhat.com/show_bug.cgi?id=1653861 + +What from I can see, the problem is not from an alloca, despite what the CVE +description says, but from the attack multiplication that comes from creating +many very small iovecs: (void* + size_t) for each three bytes of input message. +--- + src/journal/journald-native.c | 5 +++++ + src/shared/journal-importer.h | 3 +++ + 2 files changed, 8 insertions(+) + +--- a/src/journal/journald-native.c ++++ b/src/journal/journald-native.c +@@ -140,6 +140,11 @@ + } + + /* A property follows */ ++ if (n > ENTRY_FIELD_COUNT_MAX) { ++ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry."); ++ r = 1; ++ goto finish; ++ } + + /* n existing properties, 1 new, +1 for _TRANSPORT */ + if (!GREEDY_REALLOC(iovec, m, +--- a/src/basic/journal-importer.h ++++ b/src/basic/journal-importer.h +@@ -16,6 +16,9 @@ + #define DATA_SIZE_MAX (1024*1024*768u) + #define LINE_CHUNK 8*1024u + ++/* The maximum number of fields in an entry */ ++#define ENTRY_FIELD_COUNT_MAX 1024 ++ + struct iovec_wrapper { + struct iovec *iovec; + size_t size_bytes; diff -Nru systemd-237/debian/patches/CVE-2018-16865_2.patch systemd-237/debian/patches/CVE-2018-16865_2.patch --- systemd-237/debian/patches/CVE-2018-16865_2.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-16865_2.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,69 @@ +From ce1475b4f69f0a4382c6190f55e080d91de84611 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 7 Dec 2018 10:48:10 +0100 +Subject: [PATCH 11/11] journal-remote: set a limit on the number of fields in + a message + +Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is +reused for the new error condition (too many fields). + +This matches the change done for systemd-journald, hence forming the second +part of the fix for CVE-2018-16865 +(https://bugzilla.redhat.com/show_bug.cgi?id=1653861). +--- + src/journal-remote/journal-remote-main.c | 7 +++++-- + src/journal-remote/journal-remote.c | 3 +++ + src/shared/journal-importer.c | 5 ++++- + 3 files changed, 12 insertions(+), 3 deletions(-) + +--- a/src/basic/journal-importer.c ++++ b/src/basic/journal-importer.c +@@ -38,6 +38,9 @@ + }; + + static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) { ++ if (iovw->count >= ENTRY_FIELD_COUNT_MAX) ++ return -E2BIG; ++ + if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1)) + return log_oom(); + +@@ -113,7 +116,7 @@ + imp->scanned = imp->filled; + if (imp->scanned >= DATA_SIZE_MAX) { + log_error("Entry is bigger than %u bytes.", DATA_SIZE_MAX); +- return -E2BIG; ++ return -ENOBUFS; + } + + if (imp->passive_fd) +--- a/src/journal-remote/journal-remote.c ++++ b/src/journal-remote/journal-remote.c +@@ -517,10 +517,16 @@ + break; + else if (r < 0) { + log_warning("Failed to process data for connection %p", connection); +- if (r == -E2BIG) ++ if (r == -ENOBUFS) + return mhd_respondf(connection, + r, MHD_HTTP_PAYLOAD_TOO_LARGE, + "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes."); ++ ++ else if (r == -E2BIG) ++ return mhd_respondf(connection, ++ r, MHD_HTTP_REQUEST_ENTITY_TOO_LARGE, ++ "Entry with more fields than the maximum of " STRINGIFY(ENTRY_FIELD_COUNT_MAX) "."); ++ + else + return mhd_respondf(connection, + r, MHD_HTTP_UNPROCESSABLE_ENTITY, +@@ -1090,6 +1096,9 @@ + log_debug("%zu active sources remaining", s->active); + return 0; + } else if (r == -E2BIG) { ++ log_notice("Entry with too many fields, skipped"); ++ return 1; ++ } else if (r == -ENOBUFS) { + log_notice_errno(E2BIG, "Entry too big, skipped"); + return 1; + } else if (r == -EAGAIN) { diff -Nru systemd-237/debian/patches/CVE-2018-16866.patch systemd-237/debian/patches/CVE-2018-16866.patch --- systemd-237/debian/patches/CVE-2018-16866.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-16866.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,60 @@ +From a6aadf4ae0bae185dc4c414d492a4a781c80ffe5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 8 Aug 2018 15:06:36 +0900 +Subject: [PATCH] journal: fix syslog_parse_identifier() + +Fixes #9829. +--- + src/journal/journald-syslog.c | 6 +++--- + src/journal/test-journal-syslog.c | 10 ++++++++-- + 2 files changed, 11 insertions(+), 5 deletions(-) + +--- a/src/journal/journald-syslog.c ++++ b/src/journal/journald-syslog.c +@@ -212,7 +212,7 @@ + e = l; + l--; + +- if (p[l-1] == ']') { ++ if (l > 0 && p[l-1] == ']') { + size_t k = l-1; + + for (;;) { +@@ -237,8 +237,8 @@ + if (t) + *identifier = t; + +- if (strchr(WHITESPACE, p[e])) +- e++; ++ e += strspn(p + e, WHITESPACE); ++ + *buf = p + e; + return e; + } +--- a/src/journal/test-journal-syslog.c ++++ b/src/journal/test-journal-syslog.c +@@ -23,8 +23,8 @@ + #include "macro.h" + #include "string-util.h" + +-static void test_syslog_parse_identifier(const char* str, +- const char *ident, const char*pid, int ret) { ++static void test_syslog_parse_identifier(const char *str, ++ const char *ident, const char *pid, int ret) { + const char *buf = str; + _cleanup_free_ char *ident2 = NULL, *pid2 = NULL; + int ret2; +@@ -39,7 +39,13 @@ + int main(void) { + test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", 11); + test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 6); ++ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 7); + test_syslog_parse_identifier("pidu xxx", NULL, NULL, 0); ++ test_syslog_parse_identifier(":", "", NULL, 1); ++ test_syslog_parse_identifier(": ", "", NULL, 3); ++ test_syslog_parse_identifier("pidu:", "pidu", NULL, 5); ++ test_syslog_parse_identifier("pidu: ", "pidu", NULL, 6); ++ test_syslog_parse_identifier("pidu : ", NULL, NULL, 0); + + return 0; + } diff -Nru systemd-237/debian/patches/CVE-2018-6954.patch systemd-237/debian/patches/CVE-2018-6954.patch --- systemd-237/debian/patches/CVE-2018-6954.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-6954.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,623 @@ +Description: tmpfiles: don't resolve pathnames when traversing recursively + through directory trees + + Otherwise we can be fooled if one path component is replaced underneath us. + + The patch achieves that by always operating at file descriptor level (by using + *at() helpers) and by making sure we do not any path resolution when traversing + direcotry trees. + + However this is not always possible, for instance when listing the content of a + directory or some operations don't provide the *at() helpers or others (such as + fchmodat()) don't have the AT_EMPTY_PATH flag. In such cases we operate on + /proc/self/fd/%i pseudo-symlink instead, which works the same for all kinds of + objects and requires no checking of type beforehand. + + Also O_PATH flag is used when opening file objects in order to prevent + undesired behaviors: device nodes from reacting, automounts from + triggering, etc... + + Fixes: CVE-2018-6954 + +Origin: upstream, https://github.com/systemd/systemd/commit/936f6bdb803c432578e2cdcc5f93f3bfff93aff0 +Bug: https://github.com/systemd/systemd/issues/7986 + +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -786,94 +786,105 @@ + return !S_ISDIR(st->st_mode) && st->st_nlink > 1 && dangerous_hardlinks(); + } + +-static int path_set_perms(Item *i, const char *path) { +- char fn[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; +- _cleanup_close_ int fd = -1; +- struct stat st; ++static int fd_set_perms(Item *i, int fd, const struct stat *st) { ++ _cleanup_free_ char *path = NULL; ++ int r; + + assert(i); +- assert(path); ++ assert(fd); + +- if (!i->mode_set && !i->uid_set && !i->gid_set) +- goto shortcut; +- +- /* We open the file with O_PATH here, to make the operation +- * somewhat atomic. Also there's unfortunately no fchmodat() +- * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via +- * O_PATH. */ +- +- fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); +- if (fd < 0) { +- int level = LOG_ERR, r = -errno; +- +- /* Option "e" operates only on existing objects. Do not +- * print errors about non-existent files or directories */ +- if (i->type == EMPTY_DIRECTORY && errno == ENOENT) { +- level = LOG_DEBUG; +- r = 0; +- } +- +- log_full_errno(level, errno, "Adjusting owner and mode for %s failed: %m", path); ++ r = fd_get_path(fd, &path); ++ if (r < 0) + return r; +- } + +- if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0) +- return log_error_errno(errno, "Failed to fstat() file %s: %m", path); ++ if (!i->mode_set && !i->uid_set && !i->gid_set) ++ goto shortcut; + +- if (hardlink_vulnerable(&st)) { ++ if (hardlink_vulnerable(st)) { + log_error("Refusing to set permissions on hardlinked file %s while the fs.protected_hardlinks sysctl is turned off.", path); + return -EPERM; + } + +- xsprintf(fn, "/proc/self/fd/%i", fd); +- + if (i->mode_set) { +- if (S_ISLNK(st.st_mode)) ++ if (S_ISLNK(st->st_mode)) + log_debug("Skipping mode fix for symlink %s.", path); + else { + mode_t m = i->mode; + + if (i->mask_perms) { +- if (!(st.st_mode & 0111)) ++ if (!(st->st_mode & 0111)) + m &= ~0111; +- if (!(st.st_mode & 0222)) ++ if (!(st->st_mode & 0222)) + m &= ~0222; +- if (!(st.st_mode & 0444)) ++ if (!(st->st_mode & 0444)) + m &= ~0444; +- if (!S_ISDIR(st.st_mode)) ++ if (!S_ISDIR(st->st_mode)) + m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */ + } + +- if (m == (st.st_mode & 07777)) +- log_debug("\"%s\" has correct mode %o already.", path, st.st_mode); ++ if (m == (st->st_mode & 07777)) ++ log_debug("\"%s\" has correct mode %o already.", path, st->st_mode); + else { ++ char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ + log_debug("Changing \"%s\" to mode %o.", path, m); + +- if (chmod(fn, m) < 0) +- return log_error_errno(errno, "chmod() of %s via %s failed: %m", path, fn); ++ /* fchmodat() still doesn't have AT_EMPTY_PATH flag. */ ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ ++ if (chmod(procfs_path, m) < 0) ++ return log_error_errno(errno, "chmod() of %s via %s failed: %m", path, procfs_path); + } + } + } + +- if ((i->uid_set && i->uid != st.st_uid) || +- (i->gid_set && i->gid != st.st_gid)) { ++ if ((i->uid_set && i->uid != st->st_uid) || ++ (i->gid_set && i->gid != st->st_gid)) { + log_debug("Changing \"%s\" to owner "UID_FMT":"GID_FMT, + path, + i->uid_set ? i->uid : UID_INVALID, + i->gid_set ? i->gid : GID_INVALID); + +- if (chown(fn, +- i->uid_set ? i->uid : UID_INVALID, +- i->gid_set ? i->gid : GID_INVALID) < 0) +- return log_error_errno(errno, "chown() of %s via %s failed: %m", path, fn); ++ if (fchownat(fd, ++ "", ++ i->uid_set ? i->uid : UID_INVALID, ++ i->gid_set ? i->gid : GID_INVALID, ++ AT_EMPTY_PATH) < 0) ++ return log_error_errno(errno, "fchownat() of %s failed: %m", path); + } + +- fd = safe_close(fd); +- + shortcut: + return label_fix(path, false, false); + } + ++static int path_set_perms(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1; ++ struct stat st; ++ ++ assert(i); ++ assert(path); ++ ++ fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) { ++ int level = LOG_ERR, r = -errno; ++ ++ /* Option "e" operates only on existing objects. Do not ++ * print errors about non-existent files or directories */ ++ if (i->type == EMPTY_DIRECTORY && errno == ENOENT) { ++ level = LOG_DEBUG; ++ r = 0; ++ } ++ ++ log_full_errno(level, errno, "Adjusting owner and mode for %s failed: %m", path); ++ return r; ++ } ++ ++ if (fstat(fd, &st) < 0) ++ return log_error_errno(errno, "Failed to fstat() file %s: %m", path); ++ ++ return fd_set_perms(i, fd, &st); ++} ++ + static int parse_xattrs_from_arg(Item *i) { + const char *p; + int r; +@@ -912,21 +923,43 @@ + return 0; + } + +-static int path_set_xattrs(Item *i, const char *path) { ++static int fd_set_xattrs(Item *i, int fd, const struct stat *st) { ++ char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ _cleanup_free_ char *path = NULL; + char **name, **value; ++ int r; + + assert(i); +- assert(path); ++ assert(fd); ++ ++ r = fd_get_path(fd, &path); ++ if (r < 0) ++ return r; ++ ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); + + STRV_FOREACH_PAIR(name, value, i->xattrs) { + log_debug("Setting extended attribute '%s=%s' on %s.", *name, *value, path); +- if (lsetxattr(path, *name, *value, strlen(*value), 0) < 0) ++ if (setxattr(procfs_path, *name, *value, strlen(*value), 0) < 0) + return log_error_errno(errno, "Setting extended attribute %s=%s on %s failed: %m", + *name, *value, path); + } + return 0; + } + ++static int path_set_xattrs(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1; ++ ++ assert(i); ++ assert(path); ++ ++ fd = open(path, O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ if (fd < 0) ++ return log_error_errno(errno, "Cannot open '%s': %m", path); ++ ++ return fd_set_xattrs(i, fd, NULL); ++} ++ + static int parse_acls_from_arg(Item *item) { + #if HAVE_ACL + int r; +@@ -992,52 +1025,71 @@ + } + #endif + +-static int path_set_acls(Item *item, const char *path) { ++static int fd_set_acls(Item *item, int fd, const struct stat *st) { + int r = 0; + #if HAVE_ACL +- char fn[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; +- _cleanup_close_ int fd = -1; +- struct stat st; ++ char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ _cleanup_free_ char *path = NULL; + + assert(item); +- assert(path); ++ assert(fd); ++ assert(st); + +- fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); +- if (fd < 0) +- return log_error_errno(errno, "Adjusting ACL of %s failed: %m", path); +- +- if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0) +- return log_error_errno(errno, "Failed to fstat() file %s: %m", path); ++ r = fd_get_path(fd, &path); ++ if (r < 0) ++ return r; + +- if (hardlink_vulnerable(&st)) { ++ if (hardlink_vulnerable(st)) { + log_error("Refusing to set ACLs on hardlinked file %s while the fs.protected_hardlinks sysctl is turned off.", path); + return -EPERM; + } + +- if (S_ISLNK(st.st_mode)) { ++ if (S_ISLNK(st->st_mode)) { + log_debug("Skipping ACL fix for symlink %s.", path); + return 0; + } + +- xsprintf(fn, "/proc/self/fd/%i", fd); ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); + + if (item->acl_access) +- r = path_set_acl(fn, path, ACL_TYPE_ACCESS, item->acl_access, item->force); ++ r = path_set_acl(procfs_path, path, ACL_TYPE_ACCESS, item->acl_access, item->force); + + if (r == 0 && item->acl_default) +- r = path_set_acl(fn, path, ACL_TYPE_DEFAULT, item->acl_default, item->force); ++ r = path_set_acl(procfs_path, path, ACL_TYPE_DEFAULT, item->acl_default, item->force); + + if (r > 0) + return -r; /* already warned */ +- else if (r == -EOPNOTSUPP) { ++ if (r == -EOPNOTSUPP) { + log_debug_errno(r, "ACLs not supported by file system at %s", path); + return 0; +- } else if (r < 0) +- log_error_errno(r, "ACL operation on \"%s\" failed: %m", path); ++ } ++ if (r < 0) ++ return log_error_errno(r, "ACL operation on \"%s\" failed: %m", path); + #endif + return r; + } + ++static int path_set_acls(Item *item, const char *path) { ++ int r = 0; ++#ifdef HAVE_ACL ++ _cleanup_close_ int fd = -1; ++ struct stat st; ++ ++ assert(item); ++ assert(path); ++ ++ fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) ++ return log_error_errno(errno, "Adjusting ACL of %s failed: %m", path); ++ ++ if (fstat(fd, &st) < 0) ++ return log_error_errno(errno, "Failed to fstat() file %s: %m", path); ++ ++ r = fd_set_acls(item, fd, &st); ++ #endif ++ return r; ++ } ++ + #define ATTRIBUTES_ALL \ + (FS_NOATIME_FL | \ + FS_SYNC_FL | \ +@@ -1137,30 +1189,24 @@ + return 0; + } + +-static int path_set_attribute(Item *item, const char *path) { +- _cleanup_close_ int fd = -1; +- struct stat st; ++static int fd_set_attribute(Item *item, int fd, const struct stat *st) { ++ char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ _cleanup_close_ int procfs_fd = -1; ++ _cleanup_free_ char *path = NULL; + unsigned f; + int r; + + if (!item->attribute_set || item->attribute_mask == 0) + return 0; + +- fd = open(path, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOATIME|O_NOFOLLOW); +- if (fd < 0) { +- if (errno == ELOOP) +- return log_error_errno(errno, "Skipping file attributes adjustment on symlink %s.", path); +- +- return log_error_errno(errno, "Cannot open '%s': %m", path); +- } +- +- if (fstat(fd, &st) < 0) +- return log_error_errno(errno, "Cannot stat '%s': %m", path); ++ r = fd_get_path(fd, &path); ++ if (r < 0) ++ return r; + + /* Issuing the file attribute ioctls on device nodes is not + * safe, as that will be delivered to the drivers, not the + * file system containing the device node. */ +- if (!S_ISREG(st.st_mode) && !S_ISDIR(st.st_mode)) { ++ if (!S_ISREG(st->st_mode) && !S_ISDIR(st->st_mode)) { + log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path); + return -EINVAL; + } +@@ -1168,10 +1214,16 @@ + f = item->attribute_value & item->attribute_mask; + + /* Mask away directory-specific flags */ +- if (!S_ISDIR(st.st_mode)) ++ if (!S_ISDIR(st->st_mode)) + f &= ~FS_DIRSYNC_FL; + +- r = chattr_fd(fd, f, item->attribute_mask); ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ ++ procfs_fd = open(procfs_path, O_RDONLY|O_CLOEXEC|O_NOATIME); ++ if (procfs_fd < 0) ++ return -errno; ++ ++ r = chattr_fd(procfs_fd, f, item->attribute_mask); + if (r < 0) + log_full_errno(IN_SET(r, -ENOTTY, -EOPNOTSUPP) ? LOG_DEBUG : LOG_WARNING, + r, +@@ -1181,6 +1233,23 @@ + return 0; + } + ++static int path_set_attribute(Item *item, const char *path) { ++ _cleanup_close_ int fd = -1; ++ struct stat st; ++ ++ if (!item->attribute_set || item->attribute_mask == 0) ++ return 0; ++ ++ fd = open(path, O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ if (fd < 0) ++ return log_error_errno(errno, "Cannot open '%s': %m", path); ++ ++ if (fstat(fd, &st) < 0) ++ return log_error_errno(errno, "Cannot stat '%s': %m", path); ++ ++ return fd_set_attribute(item, fd, &st); ++} ++ + static int write_one_file(Item *i, const char *path) { + _cleanup_close_ int fd = -1; + int flags, r = 0; +@@ -1245,48 +1314,58 @@ + } + + typedef int (*action_t)(Item *, const char *); ++typedef int (*fdaction_t)(Item *, int fd, const struct stat *st); + +-static int item_do_children(Item *i, const char *path, action_t action) { +- _cleanup_closedir_ DIR *d; +- struct dirent *de; +- int r = 0; ++static int item_do(Item *i, int fd, const struct stat *st, fdaction_t action) { ++ int r = 0, q; + + assert(i); +- assert(path); ++ assert(fd >= 0); ++ assert(st); + + /* This returns the first error we run into, but nevertheless + * tries to go on */ ++ r = action(i, fd, st); + +- d = opendir_nomod(path); +- if (!d) +- return IN_SET(errno, ENOENT, ENOTDIR, ELOOP) ? 0 : -errno; +- +- FOREACH_DIRENT_ALL(de, d, r = -errno) { +- _cleanup_free_ char *p = NULL; +- int q; +- +- if (dot_or_dot_dot(de->d_name)) +- continue; ++ if (S_ISDIR(st->st_mode)) { ++ char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ _cleanup_closedir_ DIR *d = NULL; ++ struct dirent *de; ++ ++ /* The passed 'fd' was opened with O_PATH. We need to convert ++ * it into a 'regular' fd before reading the directory content. */ ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ ++ d = opendir(procfs_path); ++ if (!d) { ++ r = r ?: -errno; ++ goto finish; ++ } + +- p = strjoin(path, "/", de->d_name); +- if (!p) +- return -ENOMEM; +- +- q = action(i, p); +- if (q < 0 && q != -ENOENT && r == 0) +- r = q; ++ FOREACH_DIRENT_ALL(de, d, q = -errno; goto finish) { ++ struct stat de_st; ++ int de_fd; ++ ++ if (dot_or_dot_dot(de->d_name)) ++ continue; ++ ++ de_fd = openat(fd, de->d_name, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (de_fd >= 0 && fstat(de_fd, &de_st) >= 0) ++ /* pass ownership of dirent fd over */ ++ q = item_do(i, de_fd, &de_st, action); ++ else ++ q = -errno; + +- if (IN_SET(de->d_type, DT_UNKNOWN, DT_DIR)) { +- q = item_do_children(i, p, action); + if (q < 0 && r == 0) + r = q; + } + } +- ++finish: ++ safe_close(fd); + return r; + } + +-static int glob_item(Item *i, action_t action, bool recursive) { ++static int glob_item(Item *i, action_t action) { + _cleanup_globfree_ glob_t g = { + .gl_opendir = (void *(*)(const char *)) opendir_nomod, + }; +@@ -1301,12 +1380,48 @@ + k = action(i, *fn); + if (k < 0 && r == 0) + r = k; ++ } ++ ++ return r; ++} + +- if (recursive) { +- k = item_do_children(i, *fn, action); +- if (k < 0 && r == 0) +- r = k; ++static int glob_item_recursively(Item *i, fdaction_t action) { ++ _cleanup_globfree_ glob_t g = { ++ .gl_opendir = (void *(*)(const char *)) opendir_nomod, ++ }; ++ int r = 0, k; ++ char **fn; ++ ++ k = safe_glob(i->path, GLOB_NOSORT|GLOB_BRACE, &g); ++ if (k < 0 && k != -ENOENT) ++ return log_error_errno(k, "glob(%s) failed: %m", i->path); ++ ++ STRV_FOREACH(fn, g.gl_pathv) { ++ _cleanup_close_ int fd = -1; ++ struct stat st; ++ ++ /* Make sure we won't trigger/follow file object (such as ++ * device nodes, automounts, ...) pointed out by 'fn' with ++ * O_PATH. Note, when O_PATH is used, flags other than ++ * O_CLOEXEC, O_DIRECTORY, and O_NOFOLLOW are ignored. */ ++ ++ fd = open(*fn, O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ if (fd < 0) { ++ r = r ?: -errno; ++ continue; ++ } ++ ++ if (fstat(fd, &st) < 0) { ++ r = r ?: -errno; ++ continue; + } ++ ++ k = item_do(i, fd, &st, action); ++ if (k < 0 && r == 0) ++ r = k; ++ ++ /* we passed fd ownership to the previous call */ ++ fd = -1; + } + + return r; +@@ -1395,7 +1510,7 @@ + break; + + case WRITE_FILE: +- r = glob_item(i, write_one_file, false); ++ r = glob_item(i, write_one_file); + if (r < 0) + return r; + +@@ -1654,49 +1769,49 @@ + + case ADJUST_MODE: + case RELABEL_PATH: +- r = glob_item(i, path_set_perms, false); ++ r = glob_item(i, path_set_perms); + if (r < 0) + return r; + break; + + case RECURSIVE_RELABEL_PATH: +- r = glob_item(i, path_set_perms, true); ++ r = glob_item_recursively(i, fd_set_perms); + if (r < 0) + return r; + break; + + case SET_XATTR: +- r = glob_item(i, path_set_xattrs, false); ++ r = glob_item(i, path_set_xattrs); + if (r < 0) + return r; + break; + + case RECURSIVE_SET_XATTR: +- r = glob_item(i, path_set_xattrs, true); ++ r = glob_item_recursively(i, fd_set_xattrs); + if (r < 0) + return r; + break; + + case SET_ACL: +- r = glob_item(i, path_set_acls, false); ++ r = glob_item(i, path_set_acls); + if (r < 0) + return r; + break; + + case RECURSIVE_SET_ACL: +- r = glob_item(i, path_set_acls, true); ++ r = glob_item_recursively(i, fd_set_acls); + if (r < 0) + return r; + break; + + case SET_ATTRIBUTE: +- r = glob_item(i, path_set_attribute, false); ++ r = glob_item(i, path_set_attribute); + if (r < 0) + return r; + break; + + case RECURSIVE_SET_ATTRIBUTE: +- r = glob_item(i, path_set_attribute, true); ++ r = glob_item_recursively(i, fd_set_attribute); + if (r < 0) + return r; + break; +@@ -1746,7 +1861,7 @@ + case REMOVE_PATH: + case TRUNCATE_DIRECTORY: + case RECURSIVE_REMOVE_PATH: +- return glob_item(i, remove_item_instance, false); ++ return glob_item(i, remove_item_instance); + + default: + return 0; +@@ -1820,7 +1935,7 @@ + return 0; + case EMPTY_DIRECTORY: + case IGNORE_DIRECTORY_PATH: +- return glob_item(i, clean_item_instance, false); ++ return glob_item(i, clean_item_instance); + default: + return 0; + } diff -Nru systemd-237/debian/patches/CVE-2018-6954_2.patch systemd-237/debian/patches/CVE-2018-6954_2.patch --- systemd-237/debian/patches/CVE-2018-6954_2.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2018-6954_2.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,2228 @@ +Description: Make tmpfiles safe + + In addition to backporting the changesets in #8822, this also backports + e04fc13 (test: add tests for systemd-tmpfiles), as well as empty_to_root() + from v239. + +Origin: upstream, https://github.com/systemd/systemd/pull/8822/commits +Bug: https://github.com/systemd/systemd/issues/7986 + +--- a/src/basic/btrfs-util.c ++++ b/src/basic/btrfs-util.c +@@ -150,8 +150,25 @@ + return btrfs_is_subvol_fd(fd); + } + +-int btrfs_subvol_make(const char *path) { ++int btrfs_subvol_make_fd(int fd, const char *subvolume) { + struct btrfs_ioctl_vol_args args = {}; ++ int r; ++ ++ assert(subvolume); ++ ++ r = validate_subvolume_name(subvolume); ++ if (r < 0) ++ return r; ++ ++ strncpy(args.name, subvolume, sizeof(args.name)-1); ++ ++ if (ioctl(fd, BTRFS_IOC_SUBVOL_CREATE, &args) < 0) ++ return -errno; ++ ++ return 0; ++} ++ ++int btrfs_subvol_make(const char *path) { + _cleanup_close_ int fd = -1; + const char *subvolume; + int r; +@@ -166,12 +183,7 @@ + if (fd < 0) + return fd; + +- strncpy(args.name, subvolume, sizeof(args.name)-1); +- +- if (ioctl(fd, BTRFS_IOC_SUBVOL_CREATE, &args) < 0) +- return -errno; +- +- return 0; ++ return btrfs_subvol_make_fd(fd, subvolume); + } + + int btrfs_subvol_set_read_only_fd(int fd, bool b) { +--- a/src/basic/btrfs-util.h ++++ b/src/basic/btrfs-util.h +@@ -84,6 +84,7 @@ + int btrfs_resize_loopback(const char *path, uint64_t size, bool grow_only); + + int btrfs_subvol_make(const char *path); ++int btrfs_subvol_make_fd(int fd, const char *subvolume); + + int btrfs_subvol_snapshot_fd(int old_fd, const char *new_path, BtrfsSnapshotFlags flags); + int btrfs_subvol_snapshot(const char *old_path, const char *new_path, BtrfsSnapshotFlags flags); +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -1304,7 +1304,10 @@ + if (!t) + return -ENOMEM; + +- x = stpcpy(stpcpy(stpcpy(t, p), "/.#"), extra); ++ if (isempty(p)) ++ x = stpcpy(stpcpy(t, ".#"), extra); ++ else ++ x = stpcpy(stpcpy(stpcpy(t, p), "/.#"), extra); + + u = random_u64(); + for (i = 0; i < 16; i++) { +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -465,6 +465,31 @@ + return 0; + } + ++int mkfifoat_atomic(int dirfd, const char *path, mode_t mode) { ++ _cleanup_free_ char *t = NULL; ++ int r; ++ ++ assert(path); ++ ++ if (path_is_absolute(path)) ++ return mkfifo_atomic(path, mode); ++ ++ /* We're only interested in the (random) filename. */ ++ r = tempfn_random_child("", NULL, &t); ++ if (r < 0) ++ return r; ++ ++ if (mkfifoat(dirfd, t, mode) < 0) ++ return -errno; ++ ++ if (renameat(dirfd, t, dirfd, path) < 0) { ++ unlink_noerrno(t); ++ return -errno; ++ } ++ ++ return 0; ++} ++ + int get_files_in_directory(const char *path, char ***list) { + _cleanup_closedir_ DIR *d = NULL; + struct dirent *de; +@@ -808,7 +833,7 @@ + fd_is_fs_type(child, AUTOFS_SUPER_MAGIC) > 0) + return -EREMOTE; + +- if (S_ISLNK(st.st_mode)) { ++ if (S_ISLNK(st.st_mode) && !((flags & CHASE_NOFOLLOW) && isempty(todo))) { + char *joined; + + _cleanup_free_ char *destination = NULL; +--- a/src/basic/fs-util.h ++++ b/src/basic/fs-util.h +@@ -60,6 +60,7 @@ + int symlink_atomic(const char *from, const char *to); + int mknod_atomic(const char *path, mode_t mode, dev_t dev); + int mkfifo_atomic(const char *path, mode_t mode); ++int mkfifoat_atomic(int dir_fd, const char *path, mode_t mode); + + int get_files_in_directory(const char *path, char ***list); + +@@ -86,6 +87,7 @@ + CHASE_NO_AUTOFS = 1U << 2, /* If set, return -EREMOTE if autofs mount point found */ + CHASE_SAFE = 1U << 3, /* If set, return EPERM if we ever traverse from unprivileged to privileged files or directories */ + CHASE_OPEN = 1U << 4, /* If set, return an O_PATH object to the final component */ ++ CHASE_NOFOLLOW = 1U << 7, /* Only valid with CHASE_OPEN: when the path's right-most component refers to symlink return O_PATH fd of the symlink, rather than following it. */ + }; + + int chase_symlinks(const char *path_with_prefix, const char *root, unsigned flags, char **ret); +--- a/src/basic/label.h ++++ b/src/basic/label.h +@@ -26,6 +26,7 @@ + int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs); + + int mkdir_label(const char *path, mode_t mode); ++int mkdirat_label(int dirfd, const char *path, mode_t mode); + int symlink_label(const char *old_path, const char *new_path); + + int btrfs_subvol_make_label(const char *path); +--- a/src/basic/mkdir-label.c ++++ b/src/basic/mkdir-label.c +@@ -47,6 +47,23 @@ + return mac_smack_fix(path, false, false); + } + ++int mkdirat_label(int dirfd, const char *path, mode_t mode) { ++ int r; ++ ++ assert(path); ++ ++ r = mac_selinux_create_file_prepare_at(dirfd, path, S_IFDIR); ++ if (r < 0) ++ return r; ++ ++ r = mkdirat_errno_wrapper(dirfd, path, mode); ++ mac_selinux_create_file_clear(); ++ if (r < 0) ++ return r; ++ ++ return mac_smack_fix_at(dirfd, path, false, false); ++} ++ + int mkdir_safe_label(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) { + return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_label); + } +--- a/src/basic/mkdir.c ++++ b/src/basic/mkdir.c +@@ -76,6 +76,12 @@ + return 0; + } + ++int mkdirat_errno_wrapper(int dirfd, const char *pathname, mode_t mode) { ++ if (mkdirat(dirfd, pathname, mode) < 0) ++ return -errno; ++ return 0; ++} ++ + int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink) { + return mkdir_safe_internal(path, mode, uid, gid, follow_symlink, mkdir_errno_wrapper); + } +--- a/src/basic/mkdir.h ++++ b/src/basic/mkdir.h +@@ -24,6 +24,7 @@ + #include + + int mkdir_errno_wrapper(const char *pathname, mode_t mode); ++int mkdirat_errno_wrapper(int dirfd, const char *pathname, mode_t mode); + int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid, bool follow_symlink); + int mkdir_parents(const char *path, mode_t mode); + int mkdir_p(const char *path, mode_t mode); +--- a/src/basic/path-util.c ++++ b/src/basic/path-util.c +@@ -127,10 +127,7 @@ + if (r < 0) + return r; + +- if (endswith(cwd, "/")) +- c = strjoin(cwd, p); +- else +- c = strjoin(cwd, "/", p); ++ c = path_join(NULL, cwd, p); + } + if (!c) + return -ENOMEM; +--- a/src/basic/path-util.h ++++ b/src/basic/path-util.h +@@ -156,3 +156,7 @@ + + return e ?: p; + } ++static inline const char *empty_to_root(const char *path) { ++ return isempty(path) ? "/" : path; ++} ++ +--- a/src/basic/selinux-util.c ++++ b/src/basic/selinux-util.c +@@ -34,6 +34,7 @@ + #endif + + #include "alloc-util.h" ++#include "fd-util.h" + #include "log.h" + #include "macro.h" + #include "path-util.h" +@@ -311,48 +312,89 @@ + return NULL; + } + +-int mac_selinux_create_file_prepare(const char *path, mode_t mode) { +- + #if HAVE_SELINUX ++static int selinux_create_file_prepare_abspath(const char *abspath, mode_t mode) { + _cleanup_freecon_ char *filecon = NULL; ++ _cleanup_free_ char *path = NULL; + int r; + +- assert(path); +- +- if (!label_hnd) +- return 0; +- +- if (path_is_absolute(path)) +- r = selabel_lookup_raw(label_hnd, &filecon, path, mode); +- else { +- _cleanup_free_ char *newpath = NULL; +- +- r = path_make_absolute_cwd(path, &newpath); +- if (r < 0) +- return r; +- +- r = selabel_lookup_raw(label_hnd, &filecon, newpath, mode); +- } ++ assert(abspath); ++ assert(path_is_absolute(abspath)); + ++ r = selabel_lookup_raw(label_hnd, &filecon, abspath, mode); + if (r < 0) { + /* No context specified by the policy? Proceed without setting it. */ + if (errno == ENOENT) + return 0; + +- log_enforcing("Failed to determine SELinux security context for %s: %m", path); ++ log_enforcing("Failed to determine SELinux security context for %s: %m", abspath); + } else { + if (setfscreatecon_raw(filecon) >= 0) + return 0; /* Success! */ + +- log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, path); ++ log_enforcing("Failed to set SELinux security context %s for %s: %m", filecon, abspath); + } + + if (security_getenforce() > 0) + return -errno; + +-#endif + return 0; + } ++#endif ++ ++int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode) { ++ int r = 0; ++ ++#if HAVE_SELINUX ++ _cleanup_free_ char *abspath = NULL; ++ _cleanup_close_ int fd = -1; ++ ++ assert(path); ++ ++ if (!label_hnd) ++ return 0; ++ ++ if (!path_is_absolute(path)) { ++ _cleanup_free_ char *p = NULL; ++ ++ if (dirfd == AT_FDCWD) ++ r = safe_getcwd(&p); ++ else ++ r = fd_get_path(dirfd, &p); ++ if (r < 0) ++ return r; ++ ++ abspath = path_join(NULL, p, path); ++ if (!abspath) ++ return -ENOMEM; ++ ++ path = abspath; ++ } ++ ++ r = selinux_create_file_prepare_abspath(path, mode); ++#endif ++ return r; ++} ++ ++int mac_selinux_create_file_prepare(const char *path, mode_t mode) { ++ int r = 0; ++ ++#if HAVE_SELINUX ++ _cleanup_free_ char *abspath = NULL; ++ ++ assert(path); ++ ++ if (!label_hnd) ++ return 0; ++ ++ r = path_make_absolute_cwd(path, &abspath); ++ if (r < 0) ++ return r; ++ ++ r = selinux_create_file_prepare_abspath(abspath, mode); ++#endif ++ return r; ++} + + void mac_selinux_create_file_clear(void) { + +--- a/src/basic/selinux-util.h ++++ b/src/basic/selinux-util.h +@@ -41,6 +41,7 @@ + char* mac_selinux_free(char *label); + + int mac_selinux_create_file_prepare(const char *path, mode_t mode); ++int mac_selinux_create_file_prepare_at(int dirfd, const char *path, mode_t mode); + void mac_selinux_create_file_clear(void); + + int mac_selinux_create_socket_prepare(const char *label); +--- a/src/basic/smack-util.c ++++ b/src/basic/smack-util.c +@@ -21,18 +21,21 @@ + ***/ + + #include ++#include + #include + #include + #include + #include + + #include "alloc-util.h" ++#include "fd-util.h" + #include "fileio.h" + #include "log.h" + #include "macro.h" + #include "path-util.h" + #include "process-util.h" + #include "smack-util.h" ++#include "stdio-util.h" + #include "string-table.h" + #include "xattr-util.h" + +@@ -134,59 +137,111 @@ + return r; + } + +-int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { ++static int smack_fix_fd(int fd , const char *abspath, bool ignore_erofs) { ++ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ const char *label; + struct stat st; + int r; + +- assert(path); ++ /* The caller should have done the sanity checks. */ ++ assert(abspath); ++ assert(path_is_absolute(abspath)); + +- if (!mac_smack_use()) ++ /* Path must be in /dev. */ ++ if (!path_startswith(abspath, "/dev")) + return 0; + ++ if (fstat(fd, &st) < 0) ++ return -errno; ++ + /* +- * Path must be in /dev and must exist ++ * Label directories and character devices "*". ++ * Label symlinks "_". ++ * Don't change anything else. + */ +- if (!path_startswith(path, "/dev")) ++ ++ if (S_ISDIR(st.st_mode)) ++ label = SMACK_STAR_LABEL; ++ else if (S_ISLNK(st.st_mode)) ++ label = SMACK_FLOOR_LABEL; ++ else if (S_ISCHR(st.st_mode)) ++ label = SMACK_STAR_LABEL; ++ else + return 0; + +- r = lstat(path, &st); +- if (r >= 0) { +- const char *label; +- +- /* +- * Label directories and character devices "*". +- * Label symlinks "_". +- * Don't change anything else. +- */ +- +- if (S_ISDIR(st.st_mode)) +- label = SMACK_STAR_LABEL; +- else if (S_ISLNK(st.st_mode)) +- label = SMACK_FLOOR_LABEL; +- else if (S_ISCHR(st.st_mode)) +- label = SMACK_STAR_LABEL; +- else +- return 0; ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ if (setxattr(procfs_path, "security.SMACK64", label, strlen(label), 0) < 0) { ++ _cleanup_free_ char *old_label = NULL; + +- r = lsetxattr(path, "security.SMACK64", label, strlen(label), 0); ++ r = -errno; + + /* If the FS doesn't support labels, then exit without warning */ +- if (r < 0 && errno == EOPNOTSUPP) ++ if (r == -EOPNOTSUPP) ++ return 0; ++ ++ /* It the FS is read-only and we were told to ignore failures caused by that, suppress error */ ++ if (r == -EROFS && ignore_erofs) ++ return 0; ++ ++ /* If the old label is identical to the new one, suppress any kind of error */ ++ if (getxattr_malloc(procfs_path, "security.SMACK64", &old_label, false) >= 0 && ++ streq(old_label, label)) + return 0; ++ ++ return log_debug_errno(r, "Unable to fix SMACK label of %s: %m", abspath); + } + +- if (r < 0) { +- /* Ignore ENOENT in some cases */ ++ return r; ++} ++ ++int mac_smack_fix_at(int dirfd, const char *path, bool ignore_enoent, bool ignore_erofs) { ++ _cleanup_free_ char *p = NULL; ++ _cleanup_close_ int fd = -1; ++ int r; ++ ++ assert(path); ++ ++ if (!mac_smack_use()) ++ return 0; ++ ++ fd = openat(dirfd, path, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) { + if (ignore_enoent && errno == ENOENT) + return 0; + +- if (ignore_erofs && errno == EROFS) ++ return -errno; ++ } ++ ++ r = fd_get_path(fd, &p); ++ if (r < 0) ++ return r; ++ ++ return smack_fix_fd(fd, p, ignore_erofs); ++} ++ ++int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { ++ _cleanup_free_ char *abspath = NULL; ++ _cleanup_close_ int fd = -1; ++ int r; ++ ++ assert(path); ++ ++ if (!mac_smack_use()) ++ return 0; ++ ++ r = path_make_absolute_cwd(path, &abspath); ++ if (r < 0) ++ return r; ++ ++ fd = open(abspath, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) { ++ if (ignore_enoent && errno == ENOENT) + return 0; + +- r = log_debug_errno(errno, "Unable to fix SMACK label of %s: %m", path); ++ return -errno; + } + +- return r; ++ return smack_fix_fd(fd, abspath, ignore_erofs); + } + + int mac_smack_copy(const char *dest, const char *src) { +@@ -236,6 +291,10 @@ + return 0; + } + ++int mac_smack_fix_at(int dirfd, const char *path, bool ignore_enoent, bool ignore_erofs) { ++ return 0; ++} ++ + int mac_smack_copy(const char *dest, const char *src) { + return 0; + } +--- a/src/basic/smack-util.h ++++ b/src/basic/smack-util.h +@@ -44,6 +44,7 @@ + bool mac_smack_use(void); + + int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs); ++int mac_smack_fix_at(int dirfd, const char *path, bool ignore_enoent, bool ignore_erofs); + + const char* smack_attr_to_string(SmackAttr i) _const_; + SmackAttr smack_attr_from_string(const char *s) _pure_; +--- a/src/basic/stat-util.c ++++ b/src/basic/stat-util.c +@@ -63,6 +63,17 @@ + return !!S_ISDIR(st.st_mode); + } + ++int is_dir_fd(int fd) { ++ struct stat st; ++ int r; ++ ++ r = fstat(fd, &st); ++ if (r < 0) ++ return -errno; ++ ++ return !!S_ISDIR(st.st_mode); ++} ++ + int is_device_node(const char *path) { + struct stat info; + +--- a/src/basic/stat-util.h ++++ b/src/basic/stat-util.h +@@ -31,6 +31,7 @@ + + int is_symlink(const char *path); + int is_dir(const char *path, bool follow); ++int is_dir_fd(int fd); + int is_device_node(const char *path); + + int dir_is_empty(const char *path); +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -41,6 +41,7 @@ + _cleanup_free_ char *result = NULL; + char temp[] = "/tmp/test-chase.XXXXXX"; + const char *top, *p, *pslash, *q, *qslash; ++ struct stat st; + int r, pfd; + + assert_se(mkdtemp(temp)); +@@ -290,6 +291,30 @@ + */ + } + ++ /* Test CHASE_NOFOLLOW */ ++ ++ p = strjoina(temp, "/target"); ++ q = strjoina(temp, "/symlink"); ++ assert_se(symlink(p, q) >= 0); ++ pfd = chase_symlinks(q, NULL, CHASE_OPEN|CHASE_NOFOLLOW, &result); ++ assert_se(pfd > 0); ++ assert_se(path_equal(result, q)); ++ assert_se(fstat(pfd, &st) >= 0); ++ assert_se(S_ISLNK(st.st_mode)); ++ result = mfree(result); ++ ++ /* s1 -> s2 -> nonexistent */ ++ q = strjoina(temp, "/s1"); ++ assert_se(symlink("s2", q) >= 0); ++ p = strjoina(temp, "/s2"); ++ assert_se(symlink("nonexistent", p) >= 0); ++ pfd = chase_symlinks(q, NULL, CHASE_OPEN|CHASE_NOFOLLOW, &result); ++ assert_se(pfd > 0); ++ assert_se(path_equal(result, q)); ++ assert_se(fstat(pfd, &st) >= 0); ++ assert_se(S_ISLNK(st.st_mode)); ++ result = mfree(result); ++ + assert_se(rm_rf(temp, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0); + } + +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -788,6 +788,7 @@ + + static int fd_set_perms(Item *i, int fd, const struct stat *st) { + _cleanup_free_ char *path = NULL; ++ struct stat stbuf; + int r; + + assert(i); +@@ -800,6 +801,12 @@ + if (!i->mode_set && !i->uid_set && !i->gid_set) + goto shortcut; + ++ if (!st) { ++ if (fstat(fd, &stbuf) < 0) ++ return log_error_errno(errno, "fstat(%s) failed: %m", path); ++ st = &stbuf; ++ } ++ + if (hardlink_vulnerable(st)) { + log_error("Refusing to set permissions on hardlinked file %s while the fs.protected_hardlinks sysctl is turned off.", path); + return -EPERM; +@@ -857,32 +864,62 @@ + return label_fix(path, false, false); + } + +-static int path_set_perms(Item *i, const char *path) { +- _cleanup_close_ int fd = -1; +- struct stat st; ++static int path_open_parent_safe(const char *path) { ++ _cleanup_free_ char *dn = NULL; ++ int fd; + +- assert(i); +- assert(path); ++ if (path_equal(path, "/") || !path_is_normalized(path)) { ++ log_error("Failed to open parent of '%s': invalid path.", path); ++ return -EINVAL; ++ } + +- fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); +- if (fd < 0) { +- int level = LOG_ERR, r = -errno; ++ dn = dirname_malloc(path); ++ if (!dn) ++ return log_oom(); ++ ++ fd = chase_symlinks(dn, NULL, CHASE_OPEN|CHASE_SAFE, NULL); ++ if (fd == -EPERM) ++ return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path); ++ if (fd < 0) ++ return log_error_errno(fd, "Failed to validate path %s: %m", path); + +- /* Option "e" operates only on existing objects. Do not +- * print errors about non-existent files or directories */ +- if (i->type == EMPTY_DIRECTORY && errno == ENOENT) { +- level = LOG_DEBUG; +- r = 0; +- } ++ return fd; ++} + +- log_full_errno(level, errno, "Adjusting owner and mode for %s failed: %m", path); +- return r; ++static int path_open_safe(const char *path) { ++ int fd; ++ ++ /* path_open_safe() returns a file descriptor opened with O_PATH after ++ * verifying that the path doesn't contain unsafe transitions, except ++ * for its final component as the function does not follow symlink. */ ++ ++ assert(path); ++ ++ if (!path_is_normalized(path)) { ++ log_error("Failed to open invalid path '%s'.", path); ++ return -EINVAL; + } + +- if (fstat(fd, &st) < 0) +- return log_error_errno(errno, "Failed to fstat() file %s: %m", path); ++ fd = chase_symlinks(path, NULL, CHASE_OPEN|CHASE_SAFE|CHASE_NOFOLLOW, NULL); ++ if (fd == -EPERM) ++ return log_error_errno(fd, "Unsafe symlinks encountered in %s, refusing.", path); ++ if (fd < 0) ++ return log_error_errno(fd, "Failed to validate path %s: %m", path); + +- return fd_set_perms(i, fd, &st); ++ return fd; ++} ++ ++static int path_set_perms(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1; ++ ++ assert(i); ++ assert(path); ++ ++ fd = path_open_safe(path); ++ if (fd < 0) ++ return fd; ++ ++ return fd_set_perms(i, fd, NULL); + } + + static int parse_xattrs_from_arg(Item *i) { +@@ -953,9 +990,9 @@ + assert(i); + assert(path); + +- fd = open(path, O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ fd = path_open_safe(path); + if (fd < 0) +- return log_error_errno(errno, "Cannot open '%s': %m", path); ++ return fd; + + return fd_set_xattrs(i, fd, NULL); + } +@@ -1030,15 +1067,21 @@ + #if HAVE_ACL + char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; + _cleanup_free_ char *path = NULL; ++ struct stat stbuf; + + assert(item); + assert(fd); +- assert(st); + + r = fd_get_path(fd, &path); + if (r < 0) + return r; + ++ if (!st) { ++ if (fstat(fd, &stbuf) < 0) ++ return log_error_errno(errno, "fstat(%s) failed: %m", path); ++ st = &stbuf; ++ } ++ + if (hardlink_vulnerable(st)) { + log_error("Refusing to set ACLs on hardlinked file %s while the fs.protected_hardlinks sysctl is turned off.", path); + return -EPERM; +@@ -1073,19 +1116,15 @@ + int r = 0; + #ifdef HAVE_ACL + _cleanup_close_ int fd = -1; +- struct stat st; + + assert(item); + assert(path); + +- fd = open(path, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ fd = path_open_safe(path); + if (fd < 0) +- return log_error_errno(errno, "Adjusting ACL of %s failed: %m", path); +- +- if (fstat(fd, &st) < 0) +- return log_error_errno(errno, "Failed to fstat() file %s: %m", path); ++ return fd; + +- r = fd_set_acls(item, fd, &st); ++ r = fd_set_acls(item, fd, NULL); + #endif + return r; + } +@@ -1193,6 +1232,7 @@ + char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; + _cleanup_close_ int procfs_fd = -1; + _cleanup_free_ char *path = NULL; ++ struct stat stbuf; + unsigned f; + int r; + +@@ -1203,6 +1243,12 @@ + if (r < 0) + return r; + ++ if (!st) { ++ if (fstat(fd, &stbuf) < 0) ++ return log_error_errno(errno, "fstat(%s) failed: %m", path); ++ st = &stbuf; ++ } ++ + /* Issuing the file attribute ioctls on device nodes is not + * safe, as that will be delivered to the drivers, not the + * file system containing the device node. */ +@@ -1235,99 +1281,558 @@ + + static int path_set_attribute(Item *item, const char *path) { + _cleanup_close_ int fd = -1; +- struct stat st; + + if (!item->attribute_set || item->attribute_mask == 0) + return 0; + +- fd = open(path, O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ fd = path_open_safe(path); + if (fd < 0) +- return log_error_errno(errno, "Cannot open '%s': %m", path); +- +- if (fstat(fd, &st) < 0) +- return log_error_errno(errno, "Cannot stat '%s': %m", path); ++ return fd; + +- return fd_set_attribute(item, fd, &st); ++ return fd_set_attribute(item, fd, NULL); + } + + static int write_one_file(Item *i, const char *path) { +- _cleanup_close_ int fd = -1; +- int flags, r = 0; +- struct stat st; ++ _cleanup_close_ int fd = -1, dir_fd = -1; ++ char *bn; ++ int r; + + assert(i); + assert(path); ++ assert(i->argument); ++ assert(i->type == WRITE_FILE); ++ ++ /* Validate the path and keep the fd on the directory for opening the ++ * file so we're sure that it can't be changed behind our back. */ ++ dir_fd = path_open_parent_safe(path); ++ if (dir_fd < 0) ++ return dir_fd; + +- flags = i->type == CREATE_FILE ? O_CREAT|O_EXCL|O_NOFOLLOW : +- i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC|O_NOFOLLOW : 0; ++ bn = basename(path); ++ ++ /* Follows symlinks */ ++ fd = openat(dir_fd, bn, O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode); ++ if (fd < 0) { ++ if (errno == ENOENT) { ++ log_debug_errno(errno, "Not writing missing file \"%s\": %m", path); ++ return 0; ++ } ++ return log_error_errno(errno, "Failed to open file \"%s\": %m", path); ++ } ++ ++ /* 'w' is allowed to write into any kind of files. */ ++ log_debug("Writing to \"%s\".", path); ++ ++ r = loop_write(fd, i->argument, strlen(i->argument), false); ++ if (r < 0) ++ return log_error_errno(r, "Failed to write file \"%s\": %m", path); ++ ++ return fd_set_perms(i, fd, NULL); ++} ++ ++static int create_file(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1, dir_fd = -1; ++ struct stat stbuf, *st = NULL; ++ int r = 0; ++ char *bn; ++ ++ assert(i); ++ assert(path); ++ assert(i->type == CREATE_FILE); ++ ++ /* 'f' operates on regular files exclusively. */ ++ ++ /* Validate the path and keep the fd on the directory for opening the ++ * file so we're sure that it can't be changed behind our back. */ ++ dir_fd = path_open_parent_safe(path); ++ if (dir_fd < 0) ++ return dir_fd; ++ ++ bn = basename(path); + + RUN_WITH_UMASK(0000) { + mac_selinux_create_file_prepare(path, S_IFREG); +- fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode); ++ fd = openat(dir_fd, bn, O_CREAT|O_EXCL|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode); + mac_selinux_create_file_clear(); + } + + if (fd < 0) { +- if (i->type == WRITE_FILE && errno == ENOENT) { +- log_debug_errno(errno, "Not writing missing file \"%s\": %m", path); +- return 0; ++ /* Even on a read-only filesystem, open(2) returns EEXIST if the ++ * file already exists. It returns EROFS only if it needs to ++ * create the file. */ ++ if (errno != EEXIST) ++ return log_error_errno(errno, "Failed to create file %s: %m", path); ++ ++ /* Re-open the file. At that point it must exist since open(2) ++ * failed with EEXIST. We still need to check if the perms/mode ++ * need to be changed. For read-only filesystems, we let ++ * fd_set_perms() report the error if the perms need to be ++ * modified. */ ++ fd = openat(dir_fd, bn, O_NOFOLLOW|O_CLOEXEC|O_PATH, i->mode); ++ if (fd < 0) ++ return log_error_errno(errno, "Failed to re-open file %s: %m", path); ++ ++ if (fstat(fd, &stbuf) < 0) ++ return log_error_errno(errno, "stat(%s) failed: %m", path); ++ ++ if (!S_ISREG(stbuf.st_mode)) { ++ log_error("%s exists and is not a regular file.", path); ++ return -EEXIST; + } +- if (i->type == CREATE_FILE && errno == EEXIST) { +- log_debug_errno(errno, "Not writing to pre-existing file \"%s\": %m", path); +- goto done; ++ ++ st = &stbuf; ++ } else { ++ ++ log_debug("\"%s\" has been created.", path); ++ ++ if (i->argument) { ++ log_debug("Writing to \"%s\".", path); ++ ++ r = loop_write(fd, i->argument, strlen(i->argument), false); ++ if (r < 0) ++ return log_error_errno(r, "Failed to write file \"%s\": %m", path); + } ++ } + +- r = -errno; +- if (!i->argument && errno == EROFS && stat(path, &st) == 0 && +- (i->type == CREATE_FILE || st.st_size == 0)) +- goto check_mode; ++ return fd_set_perms(i, fd, st); ++} ++ ++static int truncate_file(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1, dir_fd = -1; ++ struct stat stbuf, *st = NULL; ++ bool erofs = false; ++ int r = 0; ++ char *bn; ++ ++ assert(i); ++ assert(path); ++ assert(i->type == TRUNCATE_FILE); ++ ++ /* We want to operate on regular file exclusively especially since ++ * O_TRUNC is unspecified if the file is neither a regular file nor a ++ * fifo nor a terminal device. Therefore we first open the file and make ++ * sure it's a regular one before truncating it. */ ++ ++ /* Validate the path and keep the fd on the directory for opening the ++ * file so we're sure that it can't be changed behind our back. */ ++ dir_fd = path_open_parent_safe(path); ++ if (dir_fd < 0) ++ return dir_fd; ++ ++ bn = basename(path); + +- return log_error_errno(r, "Failed to create file %s: %m", path); ++ RUN_WITH_UMASK(0000) { ++ mac_selinux_create_file_prepare(path, S_IFREG); ++ fd = openat(dir_fd, bn, O_CREAT|O_NOFOLLOW|O_NONBLOCK|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode); ++ mac_selinux_create_file_clear(); + } + +- if (i->argument) { +- log_debug("%s to \"%s\".", i->type == CREATE_FILE ? "Appending" : "Writing", path); ++ if (fd < 0) { ++ if (errno != EROFS) ++ return log_error_errno(errno, "Failed to open/create file %s: %m", path); + +- r = loop_write(fd, i->argument, strlen(i->argument), false); +- if (r < 0) +- return log_error_errno(r, "Failed to write file \"%s\": %m", path); +- } else +- log_debug("\"%s\" has been created.", path); ++ /* On a read-only filesystem, we don't want to fail if the ++ * target is already empty and the perms are set. So we still ++ * proceed with the sanity checks and let the remaining ++ * operations fail with EROFS if they try to modify the target ++ * file. */ + +- fd = safe_close(fd); ++ fd = openat(dir_fd, bn, O_NOFOLLOW|O_CLOEXEC|O_PATH, i->mode); ++ if (fd < 0) { ++ if (errno == ENOENT) { ++ log_error("Cannot create file %s on a read-only file system.", path); ++ return -EROFS; ++ } ++ ++ return log_error_errno(errno, "Failed to re-open file %s: %m", path); ++ } ++ ++ erofs = true; ++ } + +-done: +- if (stat(path, &st) < 0) ++ if (fstat(fd, &stbuf) < 0) + return log_error_errno(errno, "stat(%s) failed: %m", path); + +- check_mode: +- if (!S_ISREG(st.st_mode)) { +- log_error("%s is not a file.", path); ++ if (!S_ISREG(stbuf.st_mode)) { ++ log_error("%s exists and is not a regular file.", path); + return -EEXIST; + } + +- r = path_set_perms(i, path); ++ if (stbuf.st_size > 0) { ++ if (ftruncate(fd, 0) < 0) { ++ r = erofs ? -EROFS : -errno; ++ return log_error_errno(r, "Failed to truncate file %s: %m", path); ++ } ++ } else ++ st = &stbuf; ++ ++ log_debug("\"%s\" has been created.", path); ++ ++ if (i->argument) { ++ log_debug("Writing to \"%s\".", path); ++ ++ r = loop_write(fd, i->argument, strlen(i->argument), false); ++ if (r < 0) { ++ r = erofs ? -EROFS : r; ++ return log_error_errno(r, "Failed to write file %s: %m", path); ++ } ++ } ++ ++ return fd_set_perms(i, fd, st); ++} ++ ++static int copy_files(Item *i) { ++ _cleanup_close_ int dfd = -1, fd = -1; ++ char *bn; ++ int r; ++ ++ log_debug("Copying tree \"%s\" to \"%s\".", i->argument, i->path); ++ ++ bn = basename(i->path); ++ ++ /* Validate the path and use the returned directory fd for copying the ++ * target so we're sure that the path can't be changed behind our ++ * back. */ ++ dfd = path_open_parent_safe(i->path); ++ if (dfd < 0) ++ return dfd; ++ ++ r = copy_tree_at(AT_FDCWD, i->argument, ++ dfd, bn, ++ i->uid_set ? i->uid : UID_INVALID, ++ i->gid_set ? i->gid : GID_INVALID, ++ COPY_REFLINK); ++ if (r < 0) { ++ struct stat a, b; ++ ++ /* If the target already exists on read-only filesystems, trying ++ * to create the target will not fail with EEXIST but with ++ * EROFS. */ ++ if (r == -EROFS && faccessat(dfd, bn, F_OK, AT_SYMLINK_NOFOLLOW) == 0) ++ r = -EEXIST; ++ ++ if (r != -EEXIST) ++ return log_error_errno(r, "Failed to copy files to %s: %m", i->path); ++ ++ if (stat(i->argument, &a) < 0) ++ return log_error_errno(errno, "stat(%s) failed: %m", i->argument); ++ ++ if (fstatat(dfd, bn, &b, AT_SYMLINK_NOFOLLOW) < 0) ++ return log_error_errno(errno, "stat(%s) failed: %m", i->path); ++ ++ if ((a.st_mode ^ b.st_mode) & S_IFMT) { ++ log_debug("Can't copy to %s, file exists already and is of different type", i->path); ++ return 0; ++ } ++ } ++ ++ fd = openat(dfd, bn, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) ++ return log_error_errno(errno, "Failed to openat(%s): %m", i->path); ++ ++ return fd_set_perms(i, fd, NULL); ++} ++ ++typedef enum { ++ CREATION_NORMAL, ++ CREATION_EXISTING, ++ CREATION_FORCE, ++ _CREATION_MODE_MAX, ++ _CREATION_MODE_INVALID = -1 ++} CreationMode; ++ ++static const char *creation_mode_verb_table[_CREATION_MODE_MAX] = { ++ [CREATION_NORMAL] = "Created", ++ [CREATION_EXISTING] = "Found existing", ++ [CREATION_FORCE] = "Created replacement", ++}; ++ ++DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb, CreationMode); ++ ++static int create_directory_or_subvolume(const char *path, mode_t mode, bool subvol) { ++ _cleanup_close_ int pfd = -1; ++ CreationMode creation; ++ int r; ++ ++ assert(path); ++ ++ pfd = path_open_parent_safe(path); ++ if (pfd < 0) ++ return pfd; ++ ++ if (subvol) { ++ if (btrfs_is_subvol(empty_to_root(arg_root)) <= 0) ++ ++ /* Don't create a subvolume unless the root directory is ++ * one, too. We do this under the assumption that if the ++ * root directory is just a plain directory (i.e. very ++ * light-weight), we shouldn't try to split it up into ++ * subvolumes (i.e. more heavy-weight). Thus, chroot() ++ * environments and suchlike will get a full brtfs ++ * subvolume set up below their tree only if they ++ * specifically set up a btrfs subvolume for the root ++ * dir too. */ ++ ++ subvol = false; ++ else { ++ RUN_WITH_UMASK((~mode) & 0777) ++ r = btrfs_subvol_make_fd(pfd, basename(path)); ++ } ++ } else ++ r = 0; ++ ++ if (!subvol || r == -ENOTTY) ++ RUN_WITH_UMASK(0000) ++ r = mkdirat_label(pfd, basename(path), mode); ++ ++ if (r < 0) { ++ int k; ++ ++ if (!IN_SET(r, -EEXIST, -EROFS)) ++ return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path); ++ ++ k = is_dir_fd(pfd); ++ if (k == -ENOENT && r == -EROFS) ++ return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path); ++ if (k < 0) ++ return log_error_errno(k, "Failed to check if %s exists: %m", path); ++ if (!k) { ++ log_warning("\"%s\" already exists and is not a directory.", path); ++ return -EEXIST; ++ } ++ ++ creation = CREATION_EXISTING; ++ } else ++ creation = CREATION_NORMAL; ++ ++ log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation), path); ++ ++ r = openat(pfd, basename(path), O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (r < 0) +- return r; ++ return -errno; ++ return r; ++} + +- return 0; ++static int create_directory(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1; ++ ++ assert(i); ++ assert(IN_SET(i->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY)); ++ ++ fd = create_directory_or_subvolume(path, i->mode, false); ++ if (fd == -EEXIST) ++ return 0; ++ if (fd < 0) ++ return fd; ++ ++ return fd_set_perms(i, fd, NULL); ++} ++ ++static int create_subvolume(Item *i, const char *path) { ++ _cleanup_close_ int fd = -1; ++ int r, q = 0; ++ ++ assert(i); ++ assert(IN_SET(i->type, CREATE_SUBVOLUME, CREATE_SUBVOLUME_NEW_QUOTA, CREATE_SUBVOLUME_INHERIT_QUOTA)); ++ ++ fd = create_directory_or_subvolume(path, i->mode, true); ++ if (fd == -EEXIST) ++ return 0; ++ if (fd < 0) ++ return fd; ++ ++ if (IN_SET(i->type, CREATE_SUBVOLUME_NEW_QUOTA, CREATE_SUBVOLUME_INHERIT_QUOTA)) { ++ r = btrfs_subvol_auto_qgroup_fd(fd, 0, i->type == CREATE_SUBVOLUME_NEW_QUOTA); ++ if (r == -ENOTTY) ++ log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" (unsupported fs or dir not a subvolume): %m", i->path); ++ else if (r == -EROFS) ++ log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" (fs is read-only).", i->path); ++ else if (r == -ENOPROTOOPT) ++ log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" (quota support is disabled).", i->path); ++ else if (r < 0) ++ q = log_error_errno(r, "Failed to adjust quota for subvolume \"%s\": %m", i->path); ++ else if (r > 0) ++ log_debug("Adjusted quota for subvolume \"%s\".", i->path); ++ else if (r == 0) ++ log_debug("Quota for subvolume \"%s\" already in place, no change made.", i->path); ++ } ++ ++ r = fd_set_perms(i, fd, NULL); ++ if (q < 0) ++ return q; ++ ++ return r; ++} ++ ++static int empty_directory(Item *i, const char *path) { ++ int r; ++ ++ assert(i); ++ assert(i->type == EMPTY_DIRECTORY); ++ ++ r = is_dir(path, false); ++ if (r == -ENOENT) { ++ /* Option "e" operates only on existing objects. Do not ++ * print errors about non-existent files or directories */ ++ log_debug("Skipping missing directory: %s", path); ++ return 0; ++ } ++ if (r < 0) ++ return log_error_errno(r, "is_dir() failed on path %s: %m", path); ++ ++ return path_set_perms(i, path); ++} ++ ++static int create_device(Item *i, mode_t file_type) { ++ _cleanup_close_ int dfd = -1, fd = -1; ++ CreationMode creation; ++ char *bn; ++ int r; ++ ++ assert(i); ++ assert(IN_SET(file_type, S_IFBLK, S_IFCHR)); ++ ++ bn = basename(i->path); ++ ++ /* Validate the path and use the returned directory fd for copying the ++ * target so we're sure that the path can't be changed behind our ++ * back. */ ++ dfd = path_open_parent_safe(i->path); ++ if (dfd < 0) ++ return dfd; ++ ++ RUN_WITH_UMASK(0000) { ++ mac_selinux_create_file_prepare(i->path, file_type); ++ r = mknodat(dfd, bn, i->mode | file_type, i->major_minor); ++ mac_selinux_create_file_clear(); ++ } ++ ++ if (r < 0) { ++ struct stat st; ++ ++ if (errno == EPERM) { ++ log_debug("We lack permissions, possibly because of cgroup configuration; " ++ "skipping creation of device node %s.", i->path); ++ return 0; ++ } ++ ++ if (errno != EEXIST) ++ return log_error_errno(errno, "Failed to create device node %s: %m", i->path); ++ ++ if (fstatat(dfd, bn, &st, 0) < 0) ++ return log_error_errno(errno, "stat(%s) failed: %m", i->path); ++ ++ if ((st.st_mode & S_IFMT) != file_type) { ++ ++ if (i->force) { ++ ++ RUN_WITH_UMASK(0000) { ++ mac_selinux_create_file_prepare(i->path, file_type); ++ /* FIXME: need to introduce mknodat_atomic() */ ++ r = mknod_atomic(i->path, i->mode | file_type, i->major_minor); ++ mac_selinux_create_file_clear(); ++ } ++ ++ if (r < 0) ++ return log_error_errno(r, "Failed to create device node \"%s\": %m", i->path); ++ creation = CREATION_FORCE; ++ } else { ++ log_debug("%s is not a device node.", i->path); ++ return 0; ++ } ++ } else ++ creation = CREATION_EXISTING; ++ } else ++ creation = CREATION_NORMAL; ++ ++ log_debug("%s %s device node \"%s\" %u:%u.", ++ creation_mode_verb_to_string(creation), ++ i->type == CREATE_BLOCK_DEVICE ? "block" : "char", ++ i->path, major(i->mode), minor(i->mode)); ++ ++ fd = openat(dfd, bn, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) ++ return log_error_errno(errno, "Failed to openat(%s): %m", i->path); ++ ++ return fd_set_perms(i, fd, NULL); ++} ++ ++static int create_fifo(Item *i, const char *path) { ++ _cleanup_close_ int pfd = -1, fd = -1; ++ CreationMode creation; ++ struct stat st; ++ char *bn; ++ int r; ++ ++ pfd = path_open_parent_safe(path); ++ if (pfd < 0) ++ return pfd; ++ ++ bn = basename(path); ++ ++ RUN_WITH_UMASK(0000) { ++ mac_selinux_create_file_prepare(path, S_IFIFO); ++ r = mkfifoat(pfd, bn, i->mode); ++ mac_selinux_create_file_clear(); ++ } ++ ++ if (r < 0) { ++ if (errno != EEXIST) ++ return log_error_errno(errno, "Failed to create fifo %s: %m", path); ++ ++ if (fstatat(pfd, bn, &st, AT_SYMLINK_NOFOLLOW) < 0) ++ return log_error_errno(errno, "stat(%s) failed: %m", path); ++ ++ if (!S_ISFIFO(st.st_mode)) { ++ ++ if (i->force) { ++ RUN_WITH_UMASK(0000) { ++ mac_selinux_create_file_prepare(path, S_IFIFO); ++ r = mkfifoat_atomic(pfd, bn, i->mode); ++ mac_selinux_create_file_clear(); ++ } ++ ++ if (r < 0) ++ return log_error_errno(r, "Failed to create fifo %s: %m", path); ++ creation = CREATION_FORCE; ++ } else { ++ log_warning("\"%s\" already exists and is not a fifo.", path); ++ return 0; ++ } ++ } else ++ creation = CREATION_EXISTING; ++ } else ++ creation = CREATION_NORMAL; ++ ++ log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation), path); ++ ++ fd = openat(pfd, bn, O_NOFOLLOW|O_CLOEXEC|O_PATH); ++ if (fd < 0) ++ return log_error_errno(fd, "Failed to openat(%s): %m", path); ++ ++ return fd_set_perms(i, fd, NULL); + } + + typedef int (*action_t)(Item *, const char *); + typedef int (*fdaction_t)(Item *, int fd, const struct stat *st); + +-static int item_do(Item *i, int fd, const struct stat *st, fdaction_t action) { ++static int item_do(Item *i, int fd, fdaction_t action) { ++ struct stat st; + int r = 0, q; + + assert(i); + assert(fd >= 0); +- assert(st); ++ ++ if (fstat(fd, &st) < 0) { ++ r = -errno; ++ goto finish; ++ } + + /* This returns the first error we run into, but nevertheless + * tries to go on */ +- r = action(i, fd, st); ++ r = action(i, fd, &st); + +- if (S_ISDIR(st->st_mode)) { ++ if (S_ISDIR(st.st_mode)) { + char procfs_path[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; + _cleanup_closedir_ DIR *d = NULL; + struct dirent *de; +@@ -1343,16 +1848,15 @@ + } + + FOREACH_DIRENT_ALL(de, d, q = -errno; goto finish) { +- struct stat de_st; + int de_fd; + + if (dot_or_dot_dot(de->d_name)) + continue; + + de_fd = openat(fd, de->d_name, O_NOFOLLOW|O_CLOEXEC|O_PATH); +- if (de_fd >= 0 && fstat(de_fd, &de_st) >= 0) ++ if (de_fd >= 0) + /* pass ownership of dirent fd over */ +- q = item_do(i, de_fd, &de_st, action); ++ q = item_do(i, de_fd, action); + else + q = -errno; + +@@ -1398,7 +1902,6 @@ + + STRV_FOREACH(fn, g.gl_pathv) { + _cleanup_close_ int fd = -1; +- struct stat st; + + /* Make sure we won't trigger/follow file object (such as + * device nodes, automounts, ...) pointed out by 'fn' with +@@ -1411,12 +1914,7 @@ + continue; + } + +- if (fstat(fd, &st) < 0) { +- r = r ?: -errno; +- continue; +- } +- +- k = item_do(i, fd, &st, action); ++ k = item_do(i, fd, action); + if (k < 0 && r == 0) + r = k; + +@@ -1427,27 +1925,9 @@ + return r; + } + +-typedef enum { +- CREATION_NORMAL, +- CREATION_EXISTING, +- CREATION_FORCE, +- _CREATION_MODE_MAX, +- _CREATION_MODE_INVALID = -1 +-} CreationMode; +- +-static const char *creation_mode_verb_table[_CREATION_MODE_MAX] = { +- [CREATION_NORMAL] = "Created", +- [CREATION_EXISTING] = "Found existing", +- [CREATION_FORCE] = "Created replacement", +-}; +- +-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb, CreationMode); +- + static int create_item(Item *i) { +- struct stat st; +- int r = 0; +- int q = 0; + CreationMode creation; ++ int r = 0; + + assert(i); + +@@ -1462,51 +1942,31 @@ + return 0; + + case CREATE_FILE: +- case TRUNCATE_FILE: + RUN_WITH_UMASK(0000) + (void) mkdir_parents_label(i->path, 0755); + +- r = write_one_file(i, i->path); ++ r = create_file(i, i->path); + if (r < 0) + return r; + break; + +- case COPY_FILES: { +- ++ case TRUNCATE_FILE: + RUN_WITH_UMASK(0000) + (void) mkdir_parents_label(i->path, 0755); + +- log_debug("Copying tree \"%s\" to \"%s\".", i->argument, i->path); +- r = copy_tree(i->argument, i->path, +- i->uid_set ? i->uid : UID_INVALID, +- i->gid_set ? i->gid : GID_INVALID, +- COPY_REFLINK); +- +- if (r == -EROFS && stat(i->path, &st) == 0) +- r = -EEXIST; +- +- if (r < 0) { +- struct stat a, b; +- +- if (r != -EEXIST) +- return log_error_errno(r, "Failed to copy files to %s: %m", i->path); +- +- if (stat(i->argument, &a) < 0) +- return log_error_errno(errno, "stat(%s) failed: %m", i->argument); ++ r = truncate_file(i, i->path); ++ if (r < 0) ++ return r; ++ break; + +- if (stat(i->path, &b) < 0) +- return log_error_errno(errno, "stat(%s) failed: %m", i->path); ++ case COPY_FILES: { + +- if ((a.st_mode ^ b.st_mode) & S_IFMT) { +- log_debug("Can't copy to %s, file exists already and is of different type", i->path); +- return 0; +- } +- } ++ RUN_WITH_UMASK(0000) ++ (void) mkdir_parents_label(i->path, 0755); + +- r = path_set_perms(i, i->path); ++ r = copy_files(i); + if (r < 0) + return r; +- + break; + + case WRITE_FILE: +@@ -1518,132 +1978,39 @@ + + case CREATE_DIRECTORY: + case TRUNCATE_DIRECTORY: ++ RUN_WITH_UMASK(0000) ++ (void) mkdir_parents_label(i->path, 0755); ++ ++ r = create_directory(i, i->path); ++ if (r < 0) ++ return r; ++ break; ++ + case CREATE_SUBVOLUME: + case CREATE_SUBVOLUME_INHERIT_QUOTA: + case CREATE_SUBVOLUME_NEW_QUOTA: + RUN_WITH_UMASK(0000) + (void) mkdir_parents_label(i->path, 0755); + +- if (IN_SET(i->type, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA)) { +- +- if (btrfs_is_subvol(isempty(arg_root) ? "/" : arg_root) <= 0) +- +- /* Don't create a subvolume unless the +- * root directory is one, too. We do +- * this under the assumption that if +- * the root directory is just a plain +- * directory (i.e. very light-weight), +- * we shouldn't try to split it up +- * into subvolumes (i.e. more +- * heavy-weight). Thus, chroot() +- * environments and suchlike will get +- * a full brtfs subvolume set up below +- * their tree only if they +- * specifically set up a btrfs +- * subvolume for the root dir too. */ +- +- r = -ENOTTY; +- else { +- RUN_WITH_UMASK((~i->mode) & 0777) +- r = btrfs_subvol_make(i->path); +- } +- } else +- r = 0; +- +- if (IN_SET(i->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY) || r == -ENOTTY) +- RUN_WITH_UMASK(0000) +- r = mkdir_label(i->path, i->mode); +- +- if (r < 0) { +- int k; +- +- if (!IN_SET(r, -EEXIST, -EROFS)) +- return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", i->path); +- +- k = is_dir(i->path, false); +- if (k == -ENOENT && r == -EROFS) +- return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", i->path); +- if (k < 0) +- return log_error_errno(k, "Failed to check if %s exists: %m", i->path); +- if (!k) { +- log_warning("\"%s\" already exists and is not a directory.", i->path); +- return 0; +- } +- +- creation = CREATION_EXISTING; +- } else +- creation = CREATION_NORMAL; +- +- log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation), i->path); +- +- if (IN_SET(i->type, CREATE_SUBVOLUME_NEW_QUOTA, CREATE_SUBVOLUME_INHERIT_QUOTA)) { +- r = btrfs_subvol_auto_qgroup(i->path, 0, i->type == CREATE_SUBVOLUME_NEW_QUOTA); +- if (r == -ENOTTY) +- log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" (unsupported fs or dir not a subvolume): %m", i->path); +- else if (r == -EROFS) +- log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" (fs is read-only).", i->path); +- else if (r == -ENOPROTOOPT) +- log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" (quota support is disabled).", i->path); +- else if (r < 0) +- q = log_error_errno(r, "Failed to adjust quota for subvolume \"%s\": %m", i->path); +- else if (r > 0) +- log_debug("Adjusted quota for subvolume \"%s\".", i->path); +- else if (r == 0) +- log_debug("Quota for subvolume \"%s\" already in place, no change made.", i->path); +- } ++ r = create_subvolume(i, i->path); ++ if (r < 0) ++ return r; ++ break; + +- _fallthrough_; + case EMPTY_DIRECTORY: +- r = path_set_perms(i, i->path); +- if (q < 0) +- return q; ++ r = empty_directory(i, i->path); + if (r < 0) + return r; + + break; + + case CREATE_FIFO: +- RUN_WITH_UMASK(0000) { ++ RUN_WITH_UMASK(0000) + (void) mkdir_parents_label(i->path, 0755); + +- mac_selinux_create_file_prepare(i->path, S_IFIFO); +- r = mkfifo(i->path, i->mode); +- mac_selinux_create_file_clear(); +- } +- +- if (r < 0) { +- if (errno != EEXIST) +- return log_error_errno(errno, "Failed to create fifo %s: %m", i->path); +- +- if (lstat(i->path, &st) < 0) +- return log_error_errno(errno, "stat(%s) failed: %m", i->path); +- +- if (!S_ISFIFO(st.st_mode)) { +- +- if (i->force) { +- RUN_WITH_UMASK(0000) { +- mac_selinux_create_file_prepare(i->path, S_IFIFO); +- r = mkfifo_atomic(i->path, i->mode); +- mac_selinux_create_file_clear(); +- } +- +- if (r < 0) +- return log_error_errno(r, "Failed to create fifo %s: %m", i->path); +- creation = CREATION_FORCE; +- } else { +- log_warning("\"%s\" already exists and is not a fifo.", i->path); +- return 0; +- } +- } else +- creation = CREATION_EXISTING; +- } else +- creation = CREATION_NORMAL; +- log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation), i->path); +- +- r = path_set_perms(i, i->path); ++ r = create_fifo(i, i->path); + if (r < 0) + return r; +- + break; + } + +@@ -1696,9 +2063,7 @@ + } + + case CREATE_BLOCK_DEVICE: +- case CREATE_CHAR_DEVICE: { +- mode_t file_type; +- ++ case CREATE_CHAR_DEVICE: + if (have_effective_cap(CAP_MKNOD) == 0) { + /* In a container we lack CAP_MKNOD. We + shouldn't attempt to create the device node in +@@ -1712,60 +2077,11 @@ + RUN_WITH_UMASK(0000) + (void) mkdir_parents_label(i->path, 0755); + +- file_type = i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR; +- +- RUN_WITH_UMASK(0000) { +- mac_selinux_create_file_prepare(i->path, file_type); +- r = mknod(i->path, i->mode | file_type, i->major_minor); +- mac_selinux_create_file_clear(); +- } +- +- if (r < 0) { +- if (errno == EPERM) { +- log_debug("We lack permissions, possibly because of cgroup configuration; " +- "skipping creation of device node %s.", i->path); +- return 0; +- } +- +- if (errno != EEXIST) +- return log_error_errno(errno, "Failed to create device node %s: %m", i->path); +- +- if (lstat(i->path, &st) < 0) +- return log_error_errno(errno, "stat(%s) failed: %m", i->path); +- +- if ((st.st_mode & S_IFMT) != file_type) { +- +- if (i->force) { +- +- RUN_WITH_UMASK(0000) { +- mac_selinux_create_file_prepare(i->path, file_type); +- r = mknod_atomic(i->path, i->mode | file_type, i->major_minor); +- mac_selinux_create_file_clear(); +- } +- +- if (r < 0) +- return log_error_errno(r, "Failed to create device node \"%s\": %m", i->path); +- creation = CREATION_FORCE; +- } else { +- log_debug("%s is not a device node.", i->path); +- return 0; +- } +- } else +- creation = CREATION_EXISTING; +- } else +- creation = CREATION_NORMAL; +- +- log_debug("%s %s device node \"%s\" %u:%u.", +- creation_mode_verb_to_string(creation), +- i->type == CREATE_BLOCK_DEVICE ? "block" : "char", +- i->path, major(i->mode), minor(i->mode)); +- +- r = path_set_perms(i, i->path); ++ r = create_device(i, i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR); + if (r < 0) + return r; + + break; +- } + + case ADJUST_MODE: + case RELABEL_PATH: +--- /dev/null ++++ b/test/TEST-22-TMPFILES/Makefile +@@ -0,0 +1,4 @@ ++BUILD_DIR=$(shell ../../tools/find-build-dir.sh) ++ ++all setup clean run: ++ @basedir=../.. TEST_BASE_DIR=../ BUILD_DIR=$(BUILD_DIR) ./test.sh --$@ +--- /dev/null ++++ b/test/TEST-22-TMPFILES/run-tmpfiles-tests.sh +@@ -0,0 +1,13 @@ ++#!/bin/bash ++ ++set -x ++set -e ++ ++>/failed ++ ++for t in test-*.sh; do ++ echo "Running $t"; ./$t ++done ++ ++touch /testok ++rm /failed +--- /dev/null ++++ b/test/TEST-22-TMPFILES/test-01.sh +@@ -0,0 +1,13 @@ ++#! /bin/bash ++# ++# With "e" don't attempt to set permissions when file doesn't exist, see ++# https://github.com/systemd/systemd/pull/6682. ++# ++ ++set -e ++ ++rm -fr /tmp/test ++ ++echo "e /tmp/test - root root 1d" | systemd-tmpfiles --create - ++ ++! test -e /tmp/test +--- /dev/null ++++ b/test/TEST-22-TMPFILES/test-02.sh +@@ -0,0 +1,95 @@ ++#! /bin/bash ++# ++# Basic tests for types creating directories ++# ++ ++set -e ++set -x ++ ++rm -fr /tmp/{d,D,e} ++mkdir /tmp/{d,D,e} ++ ++# ++# 'd' ++# ++mkdir /tmp/d/2 ++chmod 777 /tmp/d/2 ++ ++systemd-tmpfiles --create - </tmp/F/truncated ++echo "This should be truncated" >/tmp/F/truncated-with-content ++ ++systemd-tmpfiles --create - </tmp/F/rw-fs/foo ++! systemd-tmpfiles --create - </tmp/F/rw-fs/foo ++! systemd-tmpfiles --create - < fails. ++! systemd-tmpfiles --create - </dev/null ++ inst_binary mv ++ inst_binary stat ++ inst_binary seq ++ inst_binary xargs ++ inst_binary mkfifo ++ inst_binary readlink ++ ++ # mask some services that we do not want to run in these tests ++ ln -fs /dev/null $initdir/etc/systemd/system/systemd-hwdb-update.service ++ ln -fs /dev/null $initdir/etc/systemd/system/systemd-journal-catalog-update.service ++ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.service ++ ln -fs /dev/null $initdir/etc/systemd/system/systemd-networkd.socket ++ ln -fs /dev/null $initdir/etc/systemd/system/systemd-resolved.service ++ ln -fs /dev/null $initdir/etc/systemd/system/systemd-machined.service ++ ++ # setup the testsuite service ++ cp testsuite.service $initdir/etc/systemd/system/ ++ setup_testsuite ++ ++ mkdir -p $initdir/testsuite ++ cp run-tmpfiles-tests.sh $initdir/testsuite/ ++ cp test-*.sh $initdir/testsuite/ ++ ++ # create dedicated rootfs for nspawn (located in $TESTDIR/nspawn-root) ++ setup_nspawn_root ++} ++ ++do_test "$@" +--- /dev/null ++++ b/test/TEST-22-TMPFILES/testsuite.service +@@ -0,0 +1,8 @@ ++[Unit] ++Description=Testsuite service ++After=multi-user.target ++ ++[Service] ++WorkingDirectory=/testsuite ++ExecStart=/testsuite/run-tmpfiles-tests.sh ++Type=oneshot diff -Nru systemd-237/debian/patches/CVE-2019-3842.patch systemd-237/debian/patches/CVE-2019-3842.patch --- systemd-237/debian/patches/CVE-2019-3842.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2019-3842.patch 2019-03-29 16:40:21.000000000 +0000 @@ -0,0 +1,35 @@ +--- a/src/login/pam_systemd.c ++++ b/src/login/pam_systemd.c +@@ -354,27 +354,27 @@ + + seat = pam_getenv(handle, "XDG_SEAT"); + if (isempty(seat)) +- seat = getenv("XDG_SEAT"); ++ seat = secure_getenv("XDG_SEAT"); + + cvtnr = pam_getenv(handle, "XDG_VTNR"); + if (isempty(cvtnr)) +- cvtnr = getenv("XDG_VTNR"); ++ cvtnr = secure_getenv("XDG_VTNR"); + + type = pam_getenv(handle, "XDG_SESSION_TYPE"); + if (isempty(type)) +- type = getenv("XDG_SESSION_TYPE"); ++ type = secure_getenv("XDG_SESSION_TYPE"); + if (isempty(type)) + type = type_pam; + + class = pam_getenv(handle, "XDG_SESSION_CLASS"); + if (isempty(class)) +- class = getenv("XDG_SESSION_CLASS"); ++ class = secure_getenv("XDG_SESSION_CLASS"); + if (isempty(class)) + class = class_pam; + + desktop = pam_getenv(handle, "XDG_SESSION_DESKTOP"); + if (isempty(desktop)) +- desktop = getenv("XDG_SESSION_DESKTOP"); ++ desktop = secure_getenv("XDG_SESSION_DESKTOP"); + + tty = strempty(tty); + diff -Nru systemd-237/debian/patches/CVE-2019-6454.patch systemd-237/debian/patches/CVE-2019-6454.patch --- systemd-237/debian/patches/CVE-2019-6454.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/CVE-2019-6454.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,199 @@ +Description: sd-bus: enforce a size limit for dbus paths, and don't allocate + them on the stacka +Forwarded: no + +--- a/src/libsystemd/sd-bus/bus-internal.c ++++ b/src/libsystemd/sd-bus/bus-internal.c +@@ -61,7 +61,7 @@ + if (slash) + return false; + +- return true; ++ return (q - p) <= BUS_PATH_SIZE_MAX; + } + + char* object_path_startswith(const char *a, const char *b) { +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -339,6 +339,10 @@ + + #define BUS_MESSAGE_SIZE_MAX (64*1024*1024) + #define BUS_AUTH_SIZE_MAX (64*1024) ++/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one ++ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, ++ * to not clash unnecessarily with real-life applications. */ ++#define BUS_PATH_SIZE_MAX (64*1024) + + #define BUS_CONTAINER_DEPTH 128 + +--- a/src/libsystemd/sd-bus/bus-objects.c ++++ b/src/libsystemd/sd-bus/bus-objects.c +@@ -1150,7 +1150,8 @@ + const char *path, + sd_bus_error *error) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -1166,7 +1167,12 @@ + return 0; + + /* Second, add fallback vtables registered for any of the prefixes */ +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_manager_serialize_path(bus, reply, prefix, path, true, error); + if (r < 0) +@@ -1362,6 +1368,7 @@ + } + + int bus_process_object(sd_bus *bus, sd_bus_message *m) { ++ _cleanup_free_ char *prefix = NULL; + int r; + size_t pl; + bool found_object = false; +@@ -1386,9 +1393,12 @@ + assert(m->member); + + pl = strlen(m->path); +- do { +- char prefix[pl+1]; ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + ++ do { + bus->nodes_modified = false; + + r = object_find_and_run(bus, m, m->path, false, &found_object); +@@ -1516,9 +1526,15 @@ + + n = hashmap_get(bus->nodes, path); + if (!n) { +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; ++ ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; + +- prefix = alloca(strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + n = hashmap_get(bus->nodes, prefix); + if (n) +@@ -2108,8 +2124,9 @@ + char **names) { + + BUS_DONT_DESTROY(bus); ++ _cleanup_free_ char *prefix = NULL; + bool found_interface = false; +- char *prefix; ++ size_t pl; + int r; + + assert_return(bus, -EINVAL); +@@ -2128,6 +2145,12 @@ + if (names && names[0] == NULL) + return 0; + ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + do { + bus->nodes_modified = false; + +@@ -2137,7 +2160,6 @@ + if (bus->nodes_modified) + continue; + +- prefix = alloca(strlen(path) + 1); + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names); + if (r != 0) +@@ -2269,7 +2291,8 @@ + + static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2314,7 +2337,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_added_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2453,7 +2481,8 @@ + + static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { + _cleanup_set_free_ Set *s = NULL; +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2485,7 +2514,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); + if (r < 0) +@@ -2635,7 +2669,8 @@ + const char *path, + const char *interface) { + +- char *prefix; ++ _cleanup_free_ char *prefix = NULL; ++ size_t pl; + int r; + + assert(bus); +@@ -2649,7 +2684,12 @@ + if (bus->nodes_modified) + return 0; + +- prefix = alloca(strlen(path) + 1); ++ pl = strlen(path); ++ assert(pl <= BUS_PATH_SIZE_MAX); ++ prefix = new(char, pl + 1); ++ if (!prefix) ++ return -ENOMEM; ++ + OBJECT_PATH_FOREACH_PREFIX(prefix, path) { + r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); + if (r != 0) diff -Nru systemd-237/debian/patches/Gettextize-policy-files.patch systemd-237/debian/patches/Gettextize-policy-files.patch --- systemd-237/debian/patches/Gettextize-policy-files.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/Gettextize-policy-files.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,895 @@ +From: Gunnar Hjalmarsson +Date: Thu, 15 Feb 2018 21:21:58 +0100 +Subject: Gettextize policy files + +* Don't merge translations into the files +* Add gettext-domain="systemd" to description and message + +Closes #8162, replaces #8118. + +(cherry picked from commit 264d8dcc161e276d31dcde98a088d15cebbebbef) +--- + src/core/meson.build | 15 +-- + src/core/org.freedesktop.systemd1.policy.in.in | 20 ++-- + src/hostname/meson.build | 10 +- + src/hostname/org.freedesktop.hostname1.policy.in | 12 +-- + src/import/meson.build | 10 +- + src/import/org.freedesktop.import1.policy.in | 12 +-- + src/locale/meson.build | 10 +- + src/locale/org.freedesktop.locale1.policy.in | 8 +- + src/login/meson.build | 10 +- + src/login/org.freedesktop.login1.policy.in | 128 +++++++++++------------ + src/machine/meson.build | 10 +- + src/machine/org.freedesktop.machine1.policy.in | 32 +++--- + src/resolve/meson.build | 10 +- + src/resolve/org.freedesktop.resolve1.policy.in | 8 +- + src/timedate/meson.build | 10 +- + src/timedate/org.freedesktop.timedate1.policy.in | 16 +-- + 16 files changed, 150 insertions(+), 171 deletions(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index bc03408..c58893b 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -211,19 +211,12 @@ install_data('org.freedesktop.systemd1.conf', + install_data('org.freedesktop.systemd1.service', + install_dir : dbussystemservicedir) + +-policy_in = configure_file( ++policy = configure_file( + input : 'org.freedesktop.systemd1.policy.in.in', +- output : 'org.freedesktop.systemd1.policy.in', +- configuration : substs) +- +-i18n.merge_file( +- 'org.freedesktop.systemd1.policy', +- input : policy_in, + output : 'org.freedesktop.systemd1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++install_data(policy, ++ install_dir : polkitpolicydir) + + install_data('system.conf', + 'user.conf', +diff --git a/src/core/org.freedesktop.systemd1.policy.in.in b/src/core/org.freedesktop.systemd1.policy.in.in +index 2c6ed74..648221b 100644 +--- a/src/core/org.freedesktop.systemd1.policy.in.in ++++ b/src/core/org.freedesktop.systemd1.policy.in.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Send passphrase back to system +- Authentication is required to send the entered passphrase back to the system. ++ Send passphrase back to system ++ Authentication is required to send the entered passphrase back to the system. + + no + no +@@ -30,8 +30,8 @@ + + + +- Manage system services or other units +- Authentication is required to manage system services or other units. ++ Manage system services or other units ++ Authentication is required to manage system services or other units. + + auth_admin + auth_admin +@@ -40,8 +40,8 @@ + + + +- Manage system service or unit files +- Authentication is required to manage system service or unit files. ++ Manage system service or unit files ++ Authentication is required to manage system service or unit files. + + auth_admin + auth_admin +@@ -50,8 +50,8 @@ + + + +- Set or unset system and service manager environment variables +- Authentication is required to set or unset system and service manager environment variables. ++ Set or unset system and service manager environment variables ++ Authentication is required to set or unset system and service manager environment variables. + + auth_admin + auth_admin +@@ -60,8 +60,8 @@ + + + +- Reload the systemd state +- Authentication is required to reload the systemd state. ++ Reload the systemd state ++ Authentication is required to reload the systemd state. + + auth_admin + auth_admin +diff --git a/src/hostname/meson.build b/src/hostname/meson.build +index 75cc948..c35c668 100644 +--- a/src/hostname/meson.build ++++ b/src/hostname/meson.build +@@ -21,12 +21,10 @@ if conf.get('ENABLE_HOSTNAMED') == 1 + install_data('org.freedesktop.hostname1.service', + install_dir : dbussystemservicedir) + +- i18n.merge_file( +- 'org.freedesktop.hostname1.policy', ++ policy = configure_file( + input : 'org.freedesktop.hostname1.policy.in', + output : 'org.freedesktop.hostname1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + endif +diff --git a/src/hostname/org.freedesktop.hostname1.policy.in b/src/hostname/org.freedesktop.hostname1.policy.in +index b10ca31..4ac82c6 100644 +--- a/src/hostname/org.freedesktop.hostname1.policy.in ++++ b/src/hostname/org.freedesktop.hostname1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Set host name +- Authentication is required to set the local host name. ++ Set host name ++ Authentication is required to set the local host name. + + auth_admin_keep + auth_admin_keep +@@ -29,8 +29,8 @@ + + + +- Set static host name +- Authentication is required to set the statically configured local host name, as well as the pretty host name. ++ Set static host name ++ Authentication is required to set the statically configured local host name, as well as the pretty host name. + + auth_admin_keep + auth_admin_keep +@@ -40,8 +40,8 @@ + + + +- Set machine information +- Authentication is required to set local machine information. ++ Set machine information ++ Authentication is required to set local machine information. + + auth_admin_keep + auth_admin_keep +diff --git a/src/import/meson.build b/src/import/meson.build +index 2dcc0bc..e5088b3 100644 +--- a/src/import/meson.build ++++ b/src/import/meson.build +@@ -71,14 +71,12 @@ if conf.get('ENABLE_IMPORTD') == 1 + install_data('org.freedesktop.import1.service', + install_dir : dbussystemservicedir) + +- i18n.merge_file( +- 'org.freedesktop.import1.policy', ++ policy = configure_file( + input : 'org.freedesktop.import1.policy.in', + output : 'org.freedesktop.import1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + + install_data('import-pubring.gpg', + install_dir : rootlibexecdir) +diff --git a/src/import/org.freedesktop.import1.policy.in b/src/import/org.freedesktop.import1.policy.in +index d96ca2d..beea5fe 100644 +--- a/src/import/org.freedesktop.import1.policy.in ++++ b/src/import/org.freedesktop.import1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Import a VM or container image +- Authentication is required to import a VM or container image ++ Import a VM or container image ++ Authentication is required to import a VM or container image + + auth_admin + auth_admin +@@ -29,8 +29,8 @@ + + + +- Export a VM or container image +- Authentication is required to export a VM or container image ++ Export a VM or container image ++ Authentication is required to export a VM or container image + + auth_admin + auth_admin +@@ -39,8 +39,8 @@ + + + +- Download a VM or container image +- Authentication is required to download a VM or container image ++ Download a VM or container image ++ Authentication is required to download a VM or container image + + auth_admin + auth_admin +diff --git a/src/locale/meson.build b/src/locale/meson.build +index dca2c51..30882cc 100644 +--- a/src/locale/meson.build ++++ b/src/locale/meson.build +@@ -29,14 +29,12 @@ if conf.get('ENABLE_LOCALED') == 1 + install_data('org.freedesktop.locale1.service', + install_dir : dbussystemservicedir) + +- i18n.merge_file( +- 'org.freedesktop.locale1.policy', ++ policy = configure_file( + input : 'org.freedesktop.locale1.policy.in', + output : 'org.freedesktop.locale1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + endif + + # If you know a way that allows the same variables to be used +diff --git a/src/locale/org.freedesktop.locale1.policy.in b/src/locale/org.freedesktop.locale1.policy.in +index 4c1c34d..f924174 100644 +--- a/src/locale/org.freedesktop.locale1.policy.in ++++ b/src/locale/org.freedesktop.locale1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Set system locale +- Authentication is required to set the system locale. ++ Set system locale ++ Authentication is required to set the system locale. + + auth_admin_keep + auth_admin_keep +@@ -30,8 +30,8 @@ + + + +- Set system keyboard settings +- Authentication is required to set the system keyboard settings. ++ Set system keyboard settings ++ Authentication is required to set the system keyboard settings. + + auth_admin_keep + auth_admin_keep +diff --git a/src/login/meson.build b/src/login/meson.build +index e8e4f7b..599c44e 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -88,14 +88,12 @@ if conf.get('ENABLE_LOGIND') == 1 + install_data('org.freedesktop.login1.service', + install_dir : dbussystemservicedir) + +- i18n.merge_file( +- 'org.freedesktop.login1.policy', ++ policy = configure_file( + input : 'org.freedesktop.login1.policy.in', + output : 'org.freedesktop.login1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + + install_data('70-power-switch.rules', install_dir : udevrulesdir) + +diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in +index 4716202..f1d1f95 100644 +--- a/src/login/org.freedesktop.login1.policy.in ++++ b/src/login/org.freedesktop.login1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Allow applications to inhibit system shutdown +- Authentication is required for an application to inhibit system shutdown. ++ Allow applications to inhibit system shutdown ++ Authentication is required for an application to inhibit system shutdown. + + no + yes +@@ -30,8 +30,8 @@ + + + +- Allow applications to delay system shutdown +- Authentication is required for an application to delay system shutdown. ++ Allow applications to delay system shutdown ++ Authentication is required for an application to delay system shutdown. + + yes + yes +@@ -41,8 +41,8 @@ + + + +- Allow applications to inhibit system sleep +- Authentication is required for an application to inhibit system sleep. ++ Allow applications to inhibit system sleep ++ Authentication is required for an application to inhibit system sleep. + + no + yes +@@ -52,8 +52,8 @@ + + + +- Allow applications to delay system sleep +- Authentication is required for an application to delay system sleep. ++ Allow applications to delay system sleep ++ Authentication is required for an application to delay system sleep. + + yes + yes +@@ -62,8 +62,8 @@ + + + +- Allow applications to inhibit automatic system suspend +- Authentication is required for an application to inhibit automatic system suspend. ++ Allow applications to inhibit automatic system suspend ++ Authentication is required for an application to inhibit automatic system suspend. + + yes + yes +@@ -72,8 +72,8 @@ + + + +- Allow applications to inhibit system handling of the power key +- Authentication is required for an application to inhibit system handling of the power key. ++ Allow applications to inhibit system handling of the power key ++ Authentication is required for an application to inhibit system handling of the power key. + + no + yes +@@ -83,8 +83,8 @@ + + + +- Allow applications to inhibit system handling of the suspend key +- Authentication is required for an application to inhibit system handling of the suspend key. ++ Allow applications to inhibit system handling of the suspend key ++ Authentication is required for an application to inhibit system handling of the suspend key. + + no + yes +@@ -94,8 +94,8 @@ + + + +- Allow applications to inhibit system handling of the hibernate key +- Authentication is required for an application to inhibit system handling of the hibernate key. ++ Allow applications to inhibit system handling of the hibernate key ++ Authentication is required for an application to inhibit system handling of the hibernate key. + + no + yes +@@ -104,8 +104,8 @@ + + + +- Allow applications to inhibit system handling of the lid switch +- Authentication is required for an application to inhibit system handling of the lid switch. ++ Allow applications to inhibit system handling of the lid switch ++ Authentication is required for an application to inhibit system handling of the lid switch. + + no + yes +@@ -114,8 +114,8 @@ + + + +- Allow non-logged-in user to run programs +- Explicit request is required to run programs as a non-logged-in user. ++ Allow non-logged-in user to run programs ++ Explicit request is required to run programs as a non-logged-in user. + + yes + yes +@@ -124,8 +124,8 @@ + + + +- Allow non-logged-in users to run programs +- Authentication is required to run programs as a non-logged-in user. ++ Allow non-logged-in users to run programs ++ Authentication is required to run programs as a non-logged-in user. + + auth_admin_keep + auth_admin_keep +@@ -134,8 +134,8 @@ + + + +- Allow attaching devices to seats +- Authentication is required for attaching a device to a seat. ++ Allow attaching devices to seats ++ Authentication is required for attaching a device to a seat. + + auth_admin_keep + auth_admin_keep +@@ -145,8 +145,8 @@ + + + +- Flush device to seat attachments +- Authentication is required for resetting how devices are attached to seats. ++ Flush device to seat attachments ++ Authentication is required for resetting how devices are attached to seats. + + auth_admin_keep + auth_admin_keep +@@ -155,8 +155,8 @@ + + + +- Power off the system +- Authentication is required for powering off the system. ++ Power off the system ++ Authentication is required for powering off the system. + + auth_admin_keep + auth_admin_keep +@@ -166,8 +166,8 @@ + + + +- Power off the system while other users are logged in +- Authentication is required for powering off the system while other users are logged in. ++ Power off the system while other users are logged in ++ Authentication is required for powering off the system while other users are logged in. + + auth_admin_keep + auth_admin_keep +@@ -177,8 +177,8 @@ + + + +- Power off the system while an application asked to inhibit it +- Authentication is required for powering off the system while an application asked to inhibit it. ++ Power off the system while an application asked to inhibit it ++ Authentication is required for powering off the system while an application asked to inhibit it. + + auth_admin_keep + auth_admin_keep +@@ -188,8 +188,8 @@ + + + +- Reboot the system +- Authentication is required for rebooting the system. ++ Reboot the system ++ Authentication is required for rebooting the system. + + auth_admin_keep + auth_admin_keep +@@ -199,8 +199,8 @@ + + + +- Reboot the system while other users are logged in +- Authentication is required for rebooting the system while other users are logged in. ++ Reboot the system while other users are logged in ++ Authentication is required for rebooting the system while other users are logged in. + + auth_admin_keep + auth_admin_keep +@@ -210,8 +210,8 @@ + + + +- Reboot the system while an application asked to inhibit it +- Authentication is required for rebooting the system while an application asked to inhibit it. ++ Reboot the system while an application asked to inhibit it ++ Authentication is required for rebooting the system while an application asked to inhibit it. + + auth_admin_keep + auth_admin_keep +@@ -221,8 +221,8 @@ + + + +- Halt the system +- Authentication is required for halting the system. ++ Halt the system ++ Authentication is required for halting the system. + + auth_admin_keep + auth_admin_keep +@@ -232,8 +232,8 @@ + + + +- Halt the system while other users are logged in +- Authentication is required for halting the system while other users are logged in. ++ Halt the system while other users are logged in ++ Authentication is required for halting the system while other users are logged in. + + auth_admin_keep + auth_admin_keep +@@ -243,8 +243,8 @@ + + + +- Halt the system while an application asked to inhibit it +- Authentication is required for halting the system while an application asked to inhibit it. ++ Halt the system while an application asked to inhibit it ++ Authentication is required for halting the system while an application asked to inhibit it. + + auth_admin_keep + auth_admin_keep +@@ -254,8 +254,8 @@ + + + +- Suspend the system +- Authentication is required for suspending the system. ++ Suspend the system ++ Authentication is required for suspending the system. + + auth_admin_keep + auth_admin_keep +@@ -264,8 +264,8 @@ + + + +- Suspend the system while other users are logged in +- Authentication is required for suspending the system while other users are logged in. ++ Suspend the system while other users are logged in ++ Authentication is required for suspending the system while other users are logged in. + + auth_admin_keep + auth_admin_keep +@@ -275,8 +275,8 @@ + + + +- Suspend the system while an application asked to inhibit it +- Authentication is required for suspending the system while an application asked to inhibit it. ++ Suspend the system while an application asked to inhibit it ++ Authentication is required for suspending the system while an application asked to inhibit it. + + auth_admin_keep + auth_admin_keep +@@ -286,8 +286,8 @@ + + + +- Hibernate the system +- Authentication is required for hibernating the system. ++ Hibernate the system ++ Authentication is required for hibernating the system. + + auth_admin_keep + auth_admin_keep +@@ -296,8 +296,8 @@ + + + +- Hibernate the system while other users are logged in +- Authentication is required for hibernating the system while other users are logged in. ++ Hibernate the system while other users are logged in ++ Authentication is required for hibernating the system while other users are logged in. + + auth_admin_keep + auth_admin_keep +@@ -307,8 +307,8 @@ + + + +- Hibernate the system while an application asked to inhibit it +- Authentication is required for hibernating the system while an application asked to inhibit it. ++ Hibernate the system while an application asked to inhibit it ++ Authentication is required for hibernating the system while an application asked to inhibit it. + + auth_admin_keep + auth_admin_keep +@@ -318,8 +318,8 @@ + + + +- Manage active sessions, users and seats +- Authentication is required for managing active sessions, users and seats. ++ Manage active sessions, users and seats ++ Authentication is required for managing active sessions, users and seats. + + auth_admin_keep + auth_admin_keep +@@ -328,8 +328,8 @@ + + + +- Lock or unlock active sessions +- Authentication is required to lock or unlock active sessions. ++ Lock or unlock active sessions ++ Authentication is required to lock or unlock active sessions. + + auth_admin_keep + auth_admin_keep +@@ -338,8 +338,8 @@ + + + +- Allow indication to the firmware to boot to setup interface +- Authentication is required to indicate to the firmware to boot to setup interface. ++ Allow indication to the firmware to boot to setup interface ++ Authentication is required to indicate to the firmware to boot to setup interface. + + auth_admin_keep + auth_admin_keep +@@ -348,8 +348,8 @@ + + + +- Set a wall message +- Authentication is required to set a wall message ++ Set a wall message ++ Authentication is required to set a wall message + + auth_admin_keep + auth_admin_keep +diff --git a/src/machine/meson.build b/src/machine/meson.build +index 7ea5d9d..0f2944c 100644 +--- a/src/machine/meson.build ++++ b/src/machine/meson.build +@@ -44,14 +44,12 @@ if conf.get('ENABLE_MACHINED') == 1 + install_data('org.freedesktop.machine1.service', + install_dir : dbussystemservicedir) + +- i18n.merge_file( +- 'org.freedesktop.machine1.policy', ++ policy = configure_file( + input : 'org.freedesktop.machine1.policy.in', + output : 'org.freedesktop.machine1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + endif + + tests += [ +diff --git a/src/machine/org.freedesktop.machine1.policy.in b/src/machine/org.freedesktop.machine1.policy.in +index eeeeb4c..039c3d4 100644 +--- a/src/machine/org.freedesktop.machine1.policy.in ++++ b/src/machine/org.freedesktop.machine1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Log into a local container +- Authentication is required to log into a local container. ++ Log into a local container ++ Authentication is required to log into a local container. + + auth_admin + auth_admin +@@ -29,8 +29,8 @@ + + + +- Log into the local host +- Authentication is required to log into the local host. ++ Log into the local host ++ Authentication is required to log into the local host. + + auth_admin + auth_admin +@@ -39,8 +39,8 @@ + + + +- Acquire a shell in a local container +- Authentication is required to acquire a shell in a local container. ++ Acquire a shell in a local container ++ Authentication is required to acquire a shell in a local container. + + auth_admin + auth_admin +@@ -50,8 +50,8 @@ + + + +- Acquire a shell on the local host +- Authentication is required to acquire a shell on the local host. ++ Acquire a shell on the local host ++ Authentication is required to acquire a shell on the local host. + + auth_admin + auth_admin +@@ -61,8 +61,8 @@ + + + +- Acquire a pseudo TTY in a local container +- Authentication is required to acquire a pseudo TTY in a local container. ++ Acquire a pseudo TTY in a local container ++ Authentication is required to acquire a pseudo TTY in a local container. + + auth_admin + auth_admin +@@ -71,8 +71,8 @@ + + + +- Acquire a pseudo TTY on the local host +- Authentication is required to acquire a pseudo TTY on the local host. ++ Acquire a pseudo TTY on the local host ++ Authentication is required to acquire a pseudo TTY on the local host. + + auth_admin + auth_admin +@@ -81,8 +81,8 @@ + + + +- Manage local virtual machines and containers +- Authentication is required to manage local virtual machines and containers. ++ Manage local virtual machines and containers ++ Authentication is required to manage local virtual machines and containers. + + auth_admin + auth_admin +@@ -92,8 +92,8 @@ + + + +- Manage local virtual machine and container images +- Authentication is required to manage local virtual machine and container images. ++ Manage local virtual machine and container images ++ Authentication is required to manage local virtual machine and container images. + + auth_admin + auth_admin +diff --git a/src/resolve/meson.build b/src/resolve/meson.build +index 15752d2..7e7876d 100644 +--- a/src/resolve/meson.build ++++ b/src/resolve/meson.build +@@ -165,14 +165,12 @@ if conf.get('ENABLE_RESOLVE') == 1 + install_data('resolv.conf', + install_dir : rootlibexecdir) + +- i18n.merge_file( +- 'org.freedesktop.resolve1.policy', ++ policy = configure_file( + input : 'org.freedesktop.resolve1.policy.in', + output : 'org.freedesktop.resolve1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + endif + + tests += [ +diff --git a/src/resolve/org.freedesktop.resolve1.policy.in b/src/resolve/org.freedesktop.resolve1.policy.in +index da948eb..b65ba3e 100644 +--- a/src/resolve/org.freedesktop.resolve1.policy.in ++++ b/src/resolve/org.freedesktop.resolve1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Register a DNS-SD service +- Authentication is required to register a DNS-SD service ++ Register a DNS-SD service ++ Authentication is required to register a DNS-SD service + + auth_admin + auth_admin +@@ -30,8 +30,8 @@ + + + +- Unregister a DNS-SD service +- Authentication is required to unregister a DNS-SD service ++ Unregister a DNS-SD service ++ Authentication is required to unregister a DNS-SD service + + auth_admin + auth_admin +diff --git a/src/timedate/meson.build b/src/timedate/meson.build +index 80e5cd2..6892596 100644 +--- a/src/timedate/meson.build ++++ b/src/timedate/meson.build +@@ -21,12 +21,10 @@ if conf.get('ENABLE_TIMEDATED') == 1 + install_data('org.freedesktop.timedate1.service', + install_dir : dbussystemservicedir) + +- i18n.merge_file( +- 'org.freedesktop.timedate1.policy', ++ policy = configure_file( + input : 'org.freedesktop.timedate1.policy.in', + output : 'org.freedesktop.timedate1.policy', +- po_dir : po_dir, +- data_dirs : po_dir, +- install : install_polkit, +- install_dir : polkitpolicydir) ++ configuration : substs) ++ install_data(policy, ++ install_dir : polkitpolicydir) + endif +diff --git a/src/timedate/org.freedesktop.timedate1.policy.in b/src/timedate/org.freedesktop.timedate1.policy.in +index cc2e165..d488572 100644 +--- a/src/timedate/org.freedesktop.timedate1.policy.in ++++ b/src/timedate/org.freedesktop.timedate1.policy.in +@@ -19,8 +19,8 @@ + http://www.freedesktop.org/wiki/Software/systemd + + +- Set system time +- Authentication is required to set the system time. ++ Set system time ++ Authentication is required to set the system time. + + auth_admin_keep + auth_admin_keep +@@ -30,8 +30,8 @@ + + + +- Set system timezone +- Authentication is required to set the system timezone. ++ Set system timezone ++ Authentication is required to set the system timezone. + + auth_admin_keep + auth_admin_keep +@@ -40,8 +40,8 @@ + + + +- Set RTC to local timezone or UTC +- Authentication is required to control whether ++ Set RTC to local timezone or UTC ++ Authentication is required to control whether + the RTC stores the local or UTC time. + + auth_admin_keep +@@ -51,8 +51,8 @@ + + + +- Turn network time synchronization on or off +- Authentication is required to control whether ++ Turn network time synchronization on or off ++ Authentication is required to control whether + network time synchronization shall be enabled. + + auth_admin_keep diff -Nru systemd-237/debian/patches/Support-system-image-read-only-etc.patch systemd-237/debian/patches/Support-system-image-read-only-etc.patch --- systemd-237/debian/patches/Support-system-image-read-only-etc.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/Support-system-image-read-only-etc.patch 2019-03-13 06:42:11.000000000 +0000 @@ -0,0 +1,153 @@ +From: Martin Pitt +Date: Sat, 26 Apr 2014 23:49:32 +0200 +Subject: Support system-image read-only /etc + +On Ubuntu Phone with readonly /etc we symlink +/etc/{adjtime,localtime,timezone,hostname,machine-info} to /etc/writable/, so +we need to update those files instead if the original files are symlinks into +/etc/writable/. + +Forwarded: OMGno, this is a rather nasty hack until we fix system-image to get a writable /etc +Bug-Ubuntu: https://launchpad.net/bugs/1227520 +--- + src/hostname/hostnamed.c | 28 ++++++++++++++++++++++++---- + src/timedate/timedated.c | 31 +++++++++++++++++++++++++------ + 2 files changed, 49 insertions(+), 10 deletions(-) + +Index: systemd-237/src/hostname/hostnamed.c +=================================================================== +--- systemd-237.orig/src/hostname/hostnamed.c ++++ systemd-237/src/hostname/hostnamed.c +@@ -31,6 +31,7 @@ + #include "hostname-util.h" + #include "parse-util.h" + #include "path-util.h" ++#include "fs-util.h" + #include "selinux-util.h" + #include "strv.h" + #include "user-util.h" +@@ -76,6 +77,25 @@ static void context_free(Context *c) { + bus_verify_polkit_async_registry_free(c->polkit_registry); + } + ++/* Hack for Ubuntu phone: check if path is an existing symlink to ++ * /etc/writable; if it is, update that instead */ ++static const char* writable_filename(const char *path) { ++ ssize_t r; ++ static char realfile_buf[PATH_MAX]; ++ _cleanup_free_ char *realfile = NULL; ++ const char *result = path; ++ int orig_errno = errno; ++ ++ r = readlink_and_make_absolute(path, &realfile); ++ if (r >= 0 && startswith(realfile, "/etc/writable")) { ++ snprintf(realfile_buf, sizeof(realfile_buf), "%s", realfile); ++ result = realfile_buf; ++ } ++ ++ errno = orig_errno; ++ return result; ++} ++ + static int context_read_data(Context *c) { + int r; + struct utsname u; +@@ -303,12 +323,12 @@ static int context_write_data_static_hos + + if (isempty(c->data[PROP_STATIC_HOSTNAME])) { + +- if (unlink("/etc/hostname") < 0) ++ if (unlink(writable_filename("/etc/hostname")) < 0) + return errno == ENOENT ? 0 : -errno; + + return 0; + } +- return write_string_file_atomic_label("/etc/hostname", c->data[PROP_STATIC_HOSTNAME]); ++ return write_string_file_atomic_label(writable_filename("/etc/hostname"), c->data[PROP_STATIC_HOSTNAME]); + } + + static int context_write_data_machine_info(Context *c) { +@@ -354,13 +374,13 @@ static int context_write_data_machine_in + } + + if (strv_isempty(l)) { +- if (unlink("/etc/machine-info") < 0) ++ if (unlink(writable_filename("/etc/machine-info")) < 0) + return errno == ENOENT ? 0 : -errno; + + return 0; + } + +- return write_env_file_label("/etc/machine-info", l); ++ return write_env_file_label(writable_filename("/etc/machine-info"), l); + } + + static int property_get_icon_name( +Index: systemd-237/src/timedate/timedated.c +=================================================================== +--- systemd-237.orig/src/timedate/timedated.c ++++ systemd-237/src/timedate/timedated.c +@@ -82,6 +82,25 @@ static int context_read_data(Context *c) + return 0; + } + ++/* Hack for Ubuntu phone: check if path is an existing symlink to ++ * /etc/writable; if it is, update that instead */ ++static const char* writable_filename(const char *path) { ++ ssize_t r; ++ static char realfile_buf[PATH_MAX]; ++ _cleanup_free_ char *realfile = NULL; ++ const char *result = path; ++ int orig_errno = errno; ++ ++ r = readlink_and_make_absolute(path, &realfile); ++ if (r >= 0 && startswith(realfile, "/etc/writable")) { ++ snprintf(realfile_buf, sizeof(realfile_buf), "%s", realfile); ++ result = realfile_buf; ++ } ++ ++ errno = orig_errno; ++ return result; ++} ++ + static int context_write_data_timezone(Context *c) { + _cleanup_free_ char *p = NULL; + int r = 0; +@@ -90,10 +109,10 @@ static int context_write_data_timezone(C + assert(c); + + if (isempty(c->zone)) { +- if (unlink("/etc/localtime") < 0 && errno != ENOENT) ++ if (unlink(writable_filename("/etc/localtime")) < 0 && errno != ENOENT) + r = -errno; + +- if (unlink("/etc/timezone") < 0 && errno != ENOENT) ++ if (unlink(writable_filename("/etc/timezone")) < 0 && errno != ENOENT) + r = -errno; + + return r; +@@ -103,12 +122,12 @@ static int context_write_data_timezone(C + if (!p) + return log_oom(); + +- r = symlink_atomic(p, "/etc/localtime"); ++ r = symlink_atomic(p, writable_filename("/etc/localtime")); + if (r < 0) + return r; + +- if (stat("/etc/timezone", &st) == 0 && S_ISREG(st.st_mode)) { +- r = write_string_file("/etc/timezone", c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); ++ if (stat(writable_filename("/etc/timezone"), &st) == 0 && S_ISREG(st.st_mode)) { ++ r = write_string_file(writable_filename("/etc/timezone"), c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); + if (r < 0) + return r; + } +@@ -174,7 +193,7 @@ static int context_write_data_local_rtc( + *(char*) mempcpy(stpcpy(stpcpy(mempcpy(w, s, a), prepend), c->local_rtc ? "LOCAL" : "UTC"), e, b) = 0; + + if (streq(w, NULL_ADJTIME_UTC)) { +- if (unlink("/etc/adjtime") < 0) ++ if (unlink(writable_filename("/etc/adjtime")) < 0) + if (errno != ENOENT) + return -errno; + diff -Nru systemd-237/debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch systemd-237/debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch --- systemd-237/debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/btrfs-util-unbreak-tmpfiles-subvol-creation.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,46 @@ +From: Lennart Poettering +Date: Mon, 6 Aug 2018 19:32:00 +0200 +Subject: btrfs-util: unbreak tmpfiles' subvol creation + +tmpfiles now passes an O_PATH fd to btrfs_subvol_make_fd() under the +assumption it will accept it like mkdirat() does. So far this assumption +was wrong, let's correct that. + +Without that tmpfiles' on btrfs file systems failed systematically... + +(cherry picked from commit 2e6e61688748473c4230ca49b402aea2bec9b8ab) +--- + src/basic/btrfs-util.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/src/basic/btrfs-util.c ++++ b/src/basic/btrfs-util.c +@@ -152,6 +152,7 @@ + + int btrfs_subvol_make_fd(int fd, const char *subvolume) { + struct btrfs_ioctl_vol_args args = {}; ++ _cleanup_close_ int real_fd = -1; + int r; + + assert(subvolume); +@@ -160,6 +161,20 @@ + if (r < 0) + return r; + ++ r = fcntl(fd, F_GETFL); ++ if (r < 0) ++ return -errno; ++ if (r & O_PATH) { ++ /* An O_PATH fd was specified, let's convert here to a proper one, as btrfs ioctl's can't deal with ++ * O_PATH. */ ++ ++ real_fd = fd_reopen(fd, O_RDONLY|O_CLOEXEC|O_DIRECTORY); ++ if (real_fd < 0) ++ return real_fd; ++ ++ fd = real_fd; ++ } ++ + strncpy(args.name, subvolume, sizeof(args.name)-1); + + if (ioctl(fd, BTRFS_IOC_SUBVOL_CREATE, &args) < 0) diff -Nru systemd-237/debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch systemd-237/debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch --- systemd-237/debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/Skip-starting-systemd-remount-fs.service-in-containers.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,27 @@ +From: Balint Reczey +Date: Mon, 8 May 2017 17:02:03 +0200 +Subject: Skip starting systemd-remount-fs.service in containers + +even when /etc/fstab is present. + +This allows entering fully running state even when /etc/fstab +lists / to be mounted from a device which is not present in the +container. + +LP: #1576341 +--- + units/systemd-remount-fs.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-remount-fs.service.in b/units/systemd-remount-fs.service.in +index 2e5b75e..fb3e30b 100644 +--- a/units/systemd-remount-fs.service.in ++++ b/units/systemd-remount-fs.service.in +@@ -17,6 +17,7 @@ After=systemd-fsck-root.service + Before=local-fs-pre.target local-fs.target shutdown.target + Wants=local-fs-pre.target + ConditionPathExists=/etc/fstab ++ConditionVirtualization=!container + + [Service] + Type=oneshot diff -Nru systemd-237/debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch systemd-237/debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch --- systemd-237/debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,28 @@ +From: Michael Vogt +Date: Wed, 14 Feb 2018 16:38:13 +0000 +Subject: Add "AssumedApparmorLabel=unconfined" to timedate1 dbus service file + +A change in apparmor mediates auto-activation attempts now through +AppArmor: https://cgit.freedesktop.org/dbus/dbus/commit/?id=dc25979eb + +This breaks the snapd time{zone,server}-control interfaces which limt +sending dbus message to a (label=unconfined) org.freedesktop.timedate1 +peers. + +By adding the AssumedApparmorLabel=unconfined label the snapd interfaces +work again. + +LP: #1749000 +--- + src/timedate/org.freedesktop.timedate1.service | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/timedate/org.freedesktop.timedate1.service b/src/timedate/org.freedesktop.timedate1.service +index 1a15dcd..62802a5 100644 +--- a/src/timedate/org.freedesktop.timedate1.service ++++ b/src/timedate/org.freedesktop.timedate1.service +@@ -12,3 +12,4 @@ Name=org.freedesktop.timedate1 + Exec=/lib/systemd/systemd-timedated + User=root + SystemdService=dbus-org.freedesktop.timedate1.service ++AssumedAppArmorLabel=unconfined diff -Nru systemd-237/debian/patches/debian/UBUNTU-Introduce-suspend-to-hibernate-8274.patch systemd-237/debian/patches/debian/UBUNTU-Introduce-suspend-to-hibernate-8274.patch --- systemd-237/debian/patches/debian/UBUNTU-Introduce-suspend-to-hibernate-8274.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-Introduce-suspend-to-hibernate-8274.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,900 @@ +From: Mario Limonciello +Date: Thu, 8 Mar 2018 21:17:33 +0800 +Subject: [PATCH] Introduce suspend-to-hibernate (#8274) + +Suspend to Hibernate is a new sleep method that invokes suspend +for a predefined period of time before automatically waking up +and hibernating the system. + +It's similar to HybridSleep however there isn't a performance +impact on every suspend cycle. + +It's intended to use with systems that may have a higher power +drain in their supported suspend states to prevent battery and +data loss over an extended suspend cycle. + +Signed-off-by: Mario Limonciello +--- + man/logind.conf.xml | 6 +- + man/rules/meson.build | 1 + + man/systemd-sleep.conf.xml | 33 ++++++++-- + man/systemd-suspend.service.xml | 17 +++-- + man/systemd.special.xml | 10 +++ + shell-completion/bash/systemctl.in | 5 +- + shell-completion/zsh/_systemctl.in | 1 + + src/basic/special.h | 1 + + src/login/logind-action.c | 13 +++- + src/login/logind-action.h | 1 + + src/login/logind-dbus.c | 29 +++++++++ + src/login/org.freedesktop.login1.conf | 8 +++ + src/shared/sleep-config.c | 54 +++++++++++++-- + src/shared/sleep-config.h | 4 +- + src/sleep/sleep.c | 94 +++++++++++++++++++++++++-- + src/systemctl/systemctl.c | 46 ++++++++----- + src/test/test-sleep.c | 1 + + units/meson.build | 2 + + units/suspend-to-hibernate.target | 16 +++++ + units/systemd-suspend-to-hibernate.service.in | 19 ++++++ + 20 files changed, 315 insertions(+), 46 deletions(-) + create mode 100644 units/suspend-to-hibernate.target + create mode 100644 units/systemd-suspend-to-hibernate.service.in + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 8d2bfc5..5fb430f 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -175,7 +175,8 @@ + kexec, + suspend, + hibernate, +- hybrid-sleep, and ++ hybrid-sleep, ++ suspend-to-hibernate, and + lock. + Defaults to ignore. + +@@ -223,7 +224,8 @@ + kexec, + suspend, + hibernate, +- hybrid-sleep, and ++ hybrid-sleep, ++ suspend-to-hibernate, and + lock. + If ignore, logind will never handle these + keys. If lock, all running sessions will be +diff --git a/man/rules/meson.build b/man/rules/meson.build +index 79fc914..5e584cc 100644 +--- a/man/rules/meson.build ++++ b/man/rules/meson.build +@@ -626,6 +626,7 @@ manpages = [ + '8', + ['systemd-hibernate.service', + 'systemd-hybrid-sleep.service', ++ 'systemd-suspend-to-hibernate.service', + 'systemd-sleep'], + ''], + ['systemd-sysctl.service', '8', ['systemd-sysctl'], ''], +diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml +index 7fecd66..6ad9ff4 100644 +--- a/man/systemd-sleep.conf.xml ++++ b/man/systemd-sleep.conf.xml +@@ -60,7 +60,7 @@ + + Description + +- systemd supports three general ++ systemd supports four general + power-saving modes: + + +@@ -102,6 +102,17 @@ + suspend-to-both by the kernel. + + ++ ++ ++ suspend-to-hibernate ++ ++ A low power state where the system is initially suspended ++ (the state is stored in RAM). If not interrupted within the delay specified by ++ HibernateDelaySec=, the system will be woken using an RTC ++ alarm and hibernated (the state is then stored on disk). ++ ++ ++ + + + Settings in these files determine what strings +@@ -134,8 +145,9 @@ + /sys/power/disk by, + respectively, + systemd-suspend.service8, +- systemd-hibernate.service8, or +- systemd-hybrid-sleep.service8. ++ systemd-hibernate.service8, ++ systemd-hybrid-sleep.service8, or ++ systemd-suspend-to-hibernate.service8. + More than one value can be specified by separating + multiple values with whitespace. They will be tried + in turn, until one is written without error. If +@@ -152,14 +164,24 @@ + /sys/power/state by, + respectively, + systemd-suspend.service8, +- systemd-hibernate.service8, or +- systemd-hybrid-sleep.service8. ++ systemd-hibernate.service8, ++ systemd-hybrid-sleep.service8, or ++ systemd-suspend-to-hibernate.service8. + More than one value can be specified by separating + multiple values with whitespace. They will be tried + in turn, until one is written without error. If + neither succeeds, the operation will be aborted. + + ++ ++ HibernateDelaySec= ++ ++ The amount of time in seconds ++ that will pass before the system is automatically ++ put into hibernate when using ++ systemd-suspend-to-hibernate.service8. ++ ++ + + + +@@ -180,6 +202,7 @@ SuspendState=freeze + systemd-suspend.service8, + systemd-hibernate.service8, + systemd-hybrid-sleep.service8, ++ systemd-suspend-to-hibernate.service8, + systemd1, + systemd.directives7 + +diff --git a/man/systemd-suspend.service.xml b/man/systemd-suspend.service.xml +index 24c213e..2455baa 100644 +--- a/man/systemd-suspend.service.xml ++++ b/man/systemd-suspend.service.xml +@@ -50,6 +50,7 @@ + systemd-suspend.service + systemd-hibernate.service + systemd-hybrid-sleep.service ++ systemd-suspend-to-hibernate.service + systemd-sleep + System sleep state logic + +@@ -58,6 +59,7 @@ + systemd-suspend.service + systemd-hibernate.service + systemd-hybrid-sleep.service ++ systemd-suspend-to-hibernate.service + /usr/lib/systemd/system-sleep + + +@@ -72,7 +74,9 @@ + hibernation. Finally, + systemd-hybrid-sleep.service is pulled in by + hybrid-sleep.target to execute hybrid +- hibernation with system suspend. ++ hibernation with system suspend and pulled in by ++ suspend-to-hibernate.target to execute system suspend ++ with a timeout that will activate hibernate later. + + Immediately before entering system suspend and/or + hibernation systemd-suspend.service (and the +@@ -80,8 +84,9 @@ + /usr/lib/systemd/system-sleep/ and pass two + arguments to them. The first argument will be + pre, the second either +- suspend, hibernate, or +- hybrid-sleep depending on the chosen action. ++ suspend, hibernate, ++ hybrid-sleep, or suspend-to-hibernate ++ depending on the chosen action. + Immediately after leaving system suspend and/or hibernation the + same executables are run, but the first argument is now + post. All executables in this directory are +@@ -100,6 +105,7 @@ + systemd-suspend.service, + systemd-hibernate.service, and + systemd-hybrid-sleep.service ++ systemd-suspend-to-hibernate.service + should never be executed directly. Instead, trigger system sleep + states with a command such as systemctl suspend + or similar. +@@ -128,9 +134,10 @@ + + + ++ + +- Suspend, hibernate, or put the system to +- hybrid sleep. ++ Suspend, hibernate, suspend to hibernate, or put the ++ system to hybrid sleep. + + + +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index 2810d6f..75e3027 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -65,6 +65,7 @@ + halt.target, + hibernate.target, + hybrid-sleep.target, ++ suspend-to-hibernate.target, + initrd-fs.target, + initrd-root-device.target, + initrd-root-fs.target, +@@ -307,6 +308,15 @@ + sleep.target. + + ++ ++ suspend-to-hibernate.target ++ ++ A special target unit for suspending the system for a period ++ of time, waking it and putting it into hibernate. This pulls in ++ sleep.target. ++ ++ ++ + + halt.target + +diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in +index 080deea..de2648a 100644 +--- a/shell-completion/bash/systemctl.in ++++ b/shell-completion/bash/systemctl.in +@@ -205,8 +205,9 @@ _systemctl () { + [JOBS]='cancel' + [ENVS]='set-environment unset-environment import-environment' + [STANDALONE]='daemon-reexec daemon-reload default +- emergency exit halt hibernate hybrid-sleep kexec list-jobs +- list-sockets list-timers list-units list-unit-files poweroff ++ emergency exit halt hibernate hybrid-sleep ++ suspend-to-hibernate kexec list-jobs list-sockets ++ list-timers list-units list-unit-files poweroff + reboot rescue show-environment suspend get-default + is-system-running preset-all' + [FILE]='link switch-root' +diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in +index a3df9a0..ca07444 100644 +--- a/shell-completion/zsh/_systemctl.in ++++ b/shell-completion/zsh/_systemctl.in +@@ -18,6 +18,7 @@ + "force-reload:Reload one or more units if possible, otherwise restart if active" + "hibernate:Hibernate the system" + "hybrid-sleep:Hibernate and suspend the system" ++ "suspend-to-hibernate:Suspend the system for a period of time, and then hibernate it" + "try-reload-or-restart:Reload one or more units if possible, otherwise restart if active" + "isolate:Start one unit and stop all others" + "kill:Send signal to processes of a unit" +diff --git a/src/basic/special.h b/src/basic/special.h +index c058b1d..81078ff 100644 +--- a/src/basic/special.h ++++ b/src/basic/special.h +@@ -37,6 +37,7 @@ + #define SPECIAL_SUSPEND_TARGET "suspend.target" + #define SPECIAL_HIBERNATE_TARGET "hibernate.target" + #define SPECIAL_HYBRID_SLEEP_TARGET "hybrid-sleep.target" ++#define SPECIAL_SUSPEND_TO_HIBERNATE_TARGET "suspend-to-hibernate.target" + + /* Special boot targets */ + #define SPECIAL_RESCUE_TARGET "rescue.target" +diff --git a/src/login/logind-action.c b/src/login/logind-action.c +index 852ea9f..0e8e0b2 100644 +--- a/src/login/logind-action.c ++++ b/src/login/logind-action.c +@@ -47,7 +47,8 @@ int manager_handle_action( + [HANDLE_KEXEC] = "Rebooting via kexec...", + [HANDLE_SUSPEND] = "Suspending...", + [HANDLE_HIBERNATE] = "Hibernating...", +- [HANDLE_HYBRID_SLEEP] = "Hibernating and suspending..." ++ [HANDLE_HYBRID_SLEEP] = "Hibernating and suspending...", ++ [HANDLE_SUSPEND_TO_HIBERNATE] = "Suspending to hibernate...", + }; + + static const char * const target_table[_HANDLE_ACTION_MAX] = { +@@ -57,7 +58,8 @@ int manager_handle_action( + [HANDLE_KEXEC] = SPECIAL_KEXEC_TARGET, + [HANDLE_SUSPEND] = SPECIAL_SUSPEND_TARGET, + [HANDLE_HIBERNATE] = SPECIAL_HIBERNATE_TARGET, +- [HANDLE_HYBRID_SLEEP] = SPECIAL_HYBRID_SLEEP_TARGET ++ [HANDLE_HYBRID_SLEEP] = SPECIAL_HYBRID_SLEEP_TARGET, ++ [HANDLE_SUSPEND_TO_HIBERNATE] = SPECIAL_SUSPEND_TO_HIBERNATE_TARGET, + }; + + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; +@@ -110,6 +112,8 @@ int manager_handle_action( + supported = can_sleep("hibernate") > 0; + else if (handle == HANDLE_HYBRID_SLEEP) + supported = can_sleep("hybrid-sleep") > 0; ++ else if (handle == HANDLE_SUSPEND_TO_HIBERNATE) ++ supported = can_sleep("suspend-to-hibernate") > 0; + else if (handle == HANDLE_KEXEC) + supported = access(KEXEC, X_OK) >= 0; + else +@@ -125,7 +129,9 @@ int manager_handle_action( + return -EALREADY; + } + +- inhibit_operation = IN_SET(handle, HANDLE_SUSPEND, HANDLE_HIBERNATE, HANDLE_HYBRID_SLEEP) ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN; ++ inhibit_operation = IN_SET(handle, HANDLE_SUSPEND, HANDLE_HIBERNATE, ++ HANDLE_HYBRID_SLEEP, ++ HANDLE_SUSPEND_TO_HIBERNATE) ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN; + + /* If the actual operation is inhibited, warn and fail */ + if (!ignore_inhibited && +@@ -172,6 +178,7 @@ static const char* const handle_action_table[_HANDLE_ACTION_MAX] = { + [HANDLE_SUSPEND] = "suspend", + [HANDLE_HIBERNATE] = "hibernate", + [HANDLE_HYBRID_SLEEP] = "hybrid-sleep", ++ [HANDLE_SUSPEND_TO_HIBERNATE] = "suspend-to-hibernate", + [HANDLE_LOCK] = "lock" + }; + +diff --git a/src/login/logind-action.h b/src/login/logind-action.h +index 8c31ec4..1ee8c81 100644 +--- a/src/login/logind-action.h ++++ b/src/login/logind-action.h +@@ -29,6 +29,7 @@ typedef enum HandleAction { + HANDLE_SUSPEND, + HANDLE_HIBERNATE, + HANDLE_HYBRID_SLEEP, ++ HANDLE_SUSPEND_TO_HIBERNATE, + HANDLE_LOCK, + _HANDLE_ACTION_MAX, + _HANDLE_ACTION_INVALID = -1 +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index ae36ece..51617d6 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1924,6 +1924,20 @@ static int method_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_e + error); + } + ++static int method_suspend_to_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) { ++ Manager *m = userdata; ++ ++ return method_do_shutdown_or_sleep( ++ m, message, ++ SPECIAL_SUSPEND_TO_HIBERNATE_TARGET, ++ INHIBIT_SLEEP, ++ "org.freedesktop.login1.hibernate", ++ "org.freedesktop.login1.hibernate-multiple-sessions", ++ "org.freedesktop.login1.hibernate-ignore-inhibit", ++ "hybrid-sleep", ++ error); ++} ++ + static int nologin_timeout_handler( + sd_event_source *s, + uint64_t usec, +@@ -2381,6 +2395,19 @@ static int method_can_hybrid_sleep(sd_bus_message *message, void *userdata, sd_b + error); + } + ++static int method_can_suspend_to_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) { ++ Manager *m = userdata; ++ ++ return method_can_shutdown_or_sleep( ++ m, message, ++ INHIBIT_SLEEP, ++ "org.freedesktop.login1.hibernate", ++ "org.freedesktop.login1.hibernate-multiple-sessions", ++ "org.freedesktop.login1.hibernate-ignore-inhibit", ++ "suspend-to-hibernate", ++ error); ++} ++ + static int property_get_reboot_to_firmware_setup( + sd_bus *bus, + const char *path, +@@ -2700,12 +2727,14 @@ const sd_bus_vtable manager_vtable[] = { + SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED), ++ SD_BUS_METHOD("SuspendToHibernate", "b", NULL, method_suspend_to_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanHalt", NULL, "s", method_can_halt, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanHibernate", NULL, "s", method_can_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanHybridSleep", NULL, "s", method_can_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED), ++ SD_BUS_METHOD("CanSuspendToHibernate", NULL, "s", method_can_suspend_to_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("ScheduleShutdown", "st", NULL, method_schedule_shutdown, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CancelScheduledShutdown", NULL, "b", method_cancel_scheduled_shutdown, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Inhibit", "ssss", "h", method_inhibit, SD_BUS_VTABLE_UNPRIVILEGED), +diff --git a/src/login/org.freedesktop.login1.conf b/src/login/org.freedesktop.login1.conf +index d842411..970a217 100644 +--- a/src/login/org.freedesktop.login1.conf ++++ b/src/login/org.freedesktop.login1.conf +@@ -150,6 +150,10 @@ + send_interface="org.freedesktop.login1.Manager" + send_member="HybridSleep"/> + ++ ++ + +@@ -174,6 +178,10 @@ + send_interface="org.freedesktop.login1.Manager" + send_member="CanHybridSleep"/> + ++ ++ + +diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c +index 8b091c4..4a365b1 100644 +--- a/src/shared/sleep-config.c ++++ b/src/shared/sleep-config.c +@@ -3,6 +3,7 @@ + This file is part of systemd. + + Copyright 2013 Zbigniew Jędrzejewski-Szmek ++ Copyright 2018 Dell Inc. + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by +@@ -41,13 +42,14 @@ + + #define USE(x, y) do { (x) = (y); (y) = NULL; } while (0) + +-int parse_sleep_config(const char *verb, char ***_modes, char ***_states) { ++int parse_sleep_config(const char *verb, char ***_modes, char ***_states, usec_t *_delay) { + + _cleanup_strv_free_ char + **suspend_mode = NULL, **suspend_state = NULL, + **hibernate_mode = NULL, **hibernate_state = NULL, + **hybrid_mode = NULL, **hybrid_state = NULL; + char **modes, **states; ++ usec_t delay; + + const ConfigTableItem items[] = { + { "Sleep", "SuspendMode", config_parse_strv, 0, &suspend_mode }, +@@ -56,6 +58,7 @@ int parse_sleep_config(const char *verb, char ***_modes, char ***_states) { + { "Sleep", "HibernateState", config_parse_strv, 0, &hibernate_state }, + { "Sleep", "HybridSleepMode", config_parse_strv, 0, &hybrid_mode }, + { "Sleep", "HybridSleepState", config_parse_strv, 0, &hybrid_state }, ++ { "Sleep", "HibernateDelaySec", config_parse_sec, 0, &delay}, + {} + }; + +@@ -94,18 +97,26 @@ int parse_sleep_config(const char *verb, char ***_modes, char ***_states) { + USE(states, hybrid_state); + else + states = strv_new("disk", NULL); +- ++ } else if (streq(verb, "suspend-to-hibernate")) { ++ if (delay == 0) ++ delay = 180 * USEC_PER_MINUTE; + } else + assert_not_reached("what verb"); + +- if ((!modes && !streq(verb, "suspend")) || !states) { ++ if ((!modes && (streq(verb, "hibernate") || streq(verb, "hybrid-sleep"))) || ++ (!states && !streq(verb, "suspend-to-hibernate"))) { + strv_free(modes); + strv_free(states); + return log_oom(); + } + +- *_modes = modes; +- *_states = states; ++ if (_modes) ++ *_modes = modes; ++ if (_states) ++ *_states = states; ++ if (_delay) ++ *_delay = delay; ++ + return 0; + } + +@@ -266,15 +277,44 @@ static bool enough_memory_for_hibernation(void) { + return r; + } + ++static bool can_s2h(void) { ++ int r; ++ ++ r = access("/sys/class/rtc/rtc0/wakealarm", W_OK); ++ if (r < 0) { ++ log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, ++ "/sys/class/rct/rct0/wakealarm is not writable %m"); ++ return false; ++ } ++ ++ r = can_sleep("suspend"); ++ if (r < 0) { ++ log_debug_errno(r, "Unable to suspend system."); ++ return false; ++ } ++ ++ r = can_sleep("hibernate"); ++ if (r < 0) { ++ log_debug_errno(r, "Unable to hibernate system."); ++ return false; ++ } ++ ++ return true; ++} ++ + int can_sleep(const char *verb) { + _cleanup_strv_free_ char **modes = NULL, **states = NULL; + int r; + + assert(streq(verb, "suspend") || + streq(verb, "hibernate") || +- streq(verb, "hybrid-sleep")); ++ streq(verb, "hybrid-sleep") || ++ streq(verb, "suspend-to-hibernate")); ++ ++ if (streq(verb, "suspend-to-hibernate")) ++ return can_s2h(); + +- r = parse_sleep_config(verb, &modes, &states); ++ r = parse_sleep_config(verb, &modes, &states, NULL); + if (r < 0) + return false; + +diff --git a/src/shared/sleep-config.h b/src/shared/sleep-config.h +index fc5a81d..3dacda0 100644 +--- a/src/shared/sleep-config.h ++++ b/src/shared/sleep-config.h +@@ -20,7 +20,9 @@ + along with systemd; If not, see . + ***/ + +-int parse_sleep_config(const char *verb, char ***modes, char ***states); ++#include "time-util.h" ++ ++int parse_sleep_config(const char *verb, char ***modes, char ***states, usec_t *delay); + + int can_sleep(const char *verb); + int can_sleep_disk(char **types); +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index 518032e..48e7c38 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -4,6 +4,7 @@ + + Copyright 2012 Lennart Poettering + Copyright 2013 Zbigniew Jędrzejewski-Szmek ++ Copyright 2018 Dell Inc. + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by +@@ -25,12 +26,14 @@ + + #include "sd-messages.h" + ++#include "parse-util.h" + #include "def.h" + #include "exec-util.h" + #include "fd-util.h" + #include "fileio.h" + #include "log.h" + #include "sleep-config.h" ++#include "stdio-util.h" + #include "string-util.h" + #include "strv.h" + #include "util.h" +@@ -135,6 +138,83 @@ static int execute(char **modes, char **states) { + return r; + } + ++static int read_wakealarm(uint64_t *result) { ++ _cleanup_free_ char *t = NULL; ++ ++ if (read_one_line_file("/sys/class/rtc/rtc0/since_epoch", &t) >= 0) ++ return safe_atou64(t, result); ++ return -EBADF; ++} ++ ++static int write_wakealarm(const char *str) { ++ ++ _cleanup_fclose_ FILE *f = NULL; ++ int r; ++ ++ f = fopen("/sys/class/rtc/rtc0/wakealarm", "we"); ++ if (!f) ++ return log_error_errno(errno, "Failed to open /sys/class/rtc/rtc0/wakealarm: %m"); ++ ++ r = write_string_stream(f, str, 0); ++ if (r < 0) ++ return log_error_errno(r, "Failed to write '%s' to /sys/class/rtc/rtc0/wakealarm: %m", str); ++ ++ return 0; ++} ++ ++static int execute_s2h(usec_t hibernate_delay_sec) { ++ ++ _cleanup_strv_free_ char **hibernate_modes = NULL, **hibernate_states = NULL, ++ **suspend_modes = NULL, **suspend_states = NULL; ++ usec_t orig_time, cmp_time; ++ char time_str[DECIMAL_STR_MAX(uint64_t)]; ++ int r; ++ ++ r = parse_sleep_config("suspend", &suspend_modes, &suspend_states, ++ NULL); ++ if (r < 0) ++ return r; ++ ++ r = parse_sleep_config("hibernate", &hibernate_modes, ++ &hibernate_states, NULL); ++ if (r < 0) ++ return r; ++ ++ r = read_wakealarm(&orig_time); ++ if (r < 0) ++ return log_error_errno(errno, "Failed to read time: %d", r); ++ ++ orig_time += hibernate_delay_sec / USEC_PER_SEC; ++ xsprintf(time_str, "%" PRIu64, orig_time); ++ ++ r = write_wakealarm(time_str); ++ if (r < 0) ++ return r; ++ ++ log_debug("Set RTC wake alarm for %s", time_str); ++ ++ r = execute(suspend_modes, suspend_states); ++ if (r < 0) ++ return r; ++ ++ r = read_wakealarm(&cmp_time); ++ if (r < 0) ++ return log_error_errno(errno, "Failed to read time: %d", r); ++ ++ /* reset RTC */ ++ r = write_wakealarm("0"); ++ if (r < 0) ++ return r; ++ ++ log_debug("Woke up at %"PRIu64, cmp_time); ++ ++ /* if woken up after alarm time, hibernate */ ++ if (cmp_time >= orig_time) ++ r = execute(hibernate_modes, hibernate_states); ++ ++ return r; ++} ++ + static void help(void) { + printf("%s COMMAND\n\n" + "Suspend the system, hibernate the system, or both.\n\n" +@@ -144,6 +224,8 @@ static void help(void) { + " suspend Suspend the system\n" + " hibernate Hibernate the system\n" + " hybrid-sleep Both hibernate and suspend the system\n" ++ " suspend-to-hibernate Initially suspend and then hibernate\n" ++ " the system after a fixed period of time\n" + , program_invocation_short_name); + } + +@@ -189,7 +271,8 @@ static int parse_argv(int argc, char *argv[]) { + + if (!streq(arg_verb, "suspend") && + !streq(arg_verb, "hibernate") && +- !streq(arg_verb, "hybrid-sleep")) { ++ !streq(arg_verb, "hybrid-sleep") && ++ !streq(arg_verb, "suspend-to-hibernate")) { + log_error("Unknown command '%s'.", arg_verb); + return -EINVAL; + } +@@ -199,6 +282,7 @@ static int parse_argv(int argc, char *argv[]) { + + int main(int argc, char *argv[]) { + _cleanup_strv_free_ char **modes = NULL, **states = NULL; ++ usec_t delay = 0; + int r; + + log_set_target(LOG_TARGET_AUTO); +@@ -209,12 +293,14 @@ int main(int argc, char *argv[]) { + if (r <= 0) + goto finish; + +- r = parse_sleep_config(arg_verb, &modes, &states); ++ r = parse_sleep_config(arg_verb, &modes, &states, &delay); + if (r < 0) + goto finish; + +- r = execute(modes, states); +- ++ if (streq(arg_verb, "suspend-to-hibernate")) ++ r = execute_s2h(delay); ++ else ++ r = execute(modes, states); + finish: + return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; + } +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 75198a5..c27116f 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -160,6 +160,7 @@ static enum action { + ACTION_SUSPEND, + ACTION_HIBERNATE, + ACTION_HYBRID_SLEEP, ++ ACTION_SUSPEND_TO_HIBERNATE, + ACTION_RUNLEVEL2, + ACTION_RUNLEVEL3, + ACTION_RUNLEVEL4, +@@ -3032,21 +3033,22 @@ static const struct { + const char *verb; + const char *mode; + } action_table[_ACTION_MAX] = { +- [ACTION_HALT] = { SPECIAL_HALT_TARGET, "halt", "replace-irreversibly" }, +- [ACTION_POWEROFF] = { SPECIAL_POWEROFF_TARGET, "poweroff", "replace-irreversibly" }, +- [ACTION_REBOOT] = { SPECIAL_REBOOT_TARGET, "reboot", "replace-irreversibly" }, +- [ACTION_KEXEC] = { SPECIAL_KEXEC_TARGET, "kexec", "replace-irreversibly" }, +- [ACTION_RUNLEVEL2] = { SPECIAL_MULTI_USER_TARGET, NULL, "isolate" }, +- [ACTION_RUNLEVEL3] = { SPECIAL_MULTI_USER_TARGET, NULL, "isolate" }, +- [ACTION_RUNLEVEL4] = { SPECIAL_MULTI_USER_TARGET, NULL, "isolate" }, +- [ACTION_RUNLEVEL5] = { SPECIAL_GRAPHICAL_TARGET, NULL, "isolate" }, +- [ACTION_RESCUE] = { SPECIAL_RESCUE_TARGET, "rescue", "isolate" }, +- [ACTION_EMERGENCY] = { SPECIAL_EMERGENCY_TARGET, "emergency", "isolate" }, +- [ACTION_DEFAULT] = { SPECIAL_DEFAULT_TARGET, "default", "isolate" }, +- [ACTION_EXIT] = { SPECIAL_EXIT_TARGET, "exit", "replace-irreversibly" }, +- [ACTION_SUSPEND] = { SPECIAL_SUSPEND_TARGET, "suspend", "replace-irreversibly" }, +- [ACTION_HIBERNATE] = { SPECIAL_HIBERNATE_TARGET, "hibernate", "replace-irreversibly" }, +- [ACTION_HYBRID_SLEEP] = { SPECIAL_HYBRID_SLEEP_TARGET, "hybrid-sleep", "replace-irreversibly" }, ++ [ACTION_HALT] = { SPECIAL_HALT_TARGET, "halt", "replace-irreversibly" }, ++ [ACTION_POWEROFF] = { SPECIAL_POWEROFF_TARGET, "poweroff", "replace-irreversibly" }, ++ [ACTION_REBOOT] = { SPECIAL_REBOOT_TARGET, "reboot", "replace-irreversibly" }, ++ [ACTION_KEXEC] = { SPECIAL_KEXEC_TARGET, "kexec", "replace-irreversibly" }, ++ [ACTION_RUNLEVEL2] = { SPECIAL_MULTI_USER_TARGET, NULL, "isolate" }, ++ [ACTION_RUNLEVEL3] = { SPECIAL_MULTI_USER_TARGET, NULL, "isolate" }, ++ [ACTION_RUNLEVEL4] = { SPECIAL_MULTI_USER_TARGET, NULL, "isolate" }, ++ [ACTION_RUNLEVEL5] = { SPECIAL_GRAPHICAL_TARGET, NULL, "isolate" }, ++ [ACTION_RESCUE] = { SPECIAL_RESCUE_TARGET, "rescue", "isolate" }, ++ [ACTION_EMERGENCY] = { SPECIAL_EMERGENCY_TARGET, "emergency", "isolate" }, ++ [ACTION_DEFAULT] = { SPECIAL_DEFAULT_TARGET, "default", "isolate" }, ++ [ACTION_EXIT] = { SPECIAL_EXIT_TARGET, "exit", "replace-irreversibly" }, ++ [ACTION_SUSPEND] = { SPECIAL_SUSPEND_TARGET, "suspend", "replace-irreversibly" }, ++ [ACTION_HIBERNATE] = { SPECIAL_HIBERNATE_TARGET, "hibernate", "replace-irreversibly" }, ++ [ACTION_HYBRID_SLEEP] = { SPECIAL_HYBRID_SLEEP_TARGET, "hybrid-sleep", "replace-irreversibly" }, ++ [ACTION_SUSPEND_TO_HIBERNATE] = { SPECIAL_SUSPEND_TO_HIBERNATE_TARGET, "suspend-to-hibernate", "replace-irreversibly" }, + }; + + static enum action verb_to_action(const char *verb) { +@@ -3277,6 +3279,11 @@ static int logind_reboot(enum action a) { + description = "put system into hybrid sleep"; + break; + ++ case ACTION_SUSPEND_TO_HIBERNATE: ++ method = "SuspendToHibernate"; ++ description = "put system into suspend followed by hibernate"; ++ break; ++ + default: + return -EINVAL; + } +@@ -3628,7 +3635,8 @@ static int start_special(int argc, char *argv[], void *userdata) { + ACTION_HALT, + ACTION_SUSPEND, + ACTION_HIBERNATE, +- ACTION_HYBRID_SLEEP)) { ++ ACTION_HYBRID_SLEEP, ++ ACTION_SUSPEND_TO_HIBERNATE)) { + + r = logind_reboot(a); + if (r >= 0) +@@ -7305,7 +7313,9 @@ static void systemctl_help(void) { + " switch-root ROOT [INIT] Change to a different root file system\n" + " suspend Suspend the system\n" + " hibernate Hibernate the system\n" +- " hybrid-sleep Hibernate and suspend the system\n", ++ " hybrid-sleep Hibernate and suspend the system\n" ++ " suspend-to-hibernate Suspend the system, wake after a period of\n" ++ " time and put it into hibernate\n", + program_invocation_short_name); + } + +@@ -8397,6 +8407,7 @@ static int systemctl_main(int argc, char *argv[]) { + { "suspend", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "hibernate", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "hybrid-sleep", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, ++ { "suspend-to-hibernate", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "default", VERB_ANY, 1, VERB_ONLINE_ONLY, start_special }, + { "rescue", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "emergency", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, +@@ -8750,6 +8761,7 @@ int main(int argc, char*argv[]) { + case ACTION_SUSPEND: + case ACTION_HIBERNATE: + case ACTION_HYBRID_SLEEP: ++ case ACTION_SUSPEND_TO_HIBERNATE: + case ACTION_EMERGENCY: + case ACTION_DEFAULT: + /* systemctl verbs with no equivalent in the legacy commands. +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index 3c2b115..e49ecbe 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -48,6 +48,7 @@ static void test_sleep(void) { + log_info("Suspend configured and possible: %s", yes_no(can_sleep("suspend") > 0)); + log_info("Hibernation configured and possible: %s", yes_no(can_sleep("hibernate") > 0)); + log_info("Hybrid-sleep configured and possible: %s", yes_no(can_sleep("hybrid-sleep") > 0)); ++ log_info("Suspend-to-Hibernate configured and possible: %s", yes_no(can_sleep("suspend-to-hibernate") > 0)); + } + + int main(int argc, char* argv[]) { +diff --git a/units/meson.build b/units/meson.build +index d58abfe..20fb90d 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -36,6 +36,7 @@ units = [ + ['halt.target', ''], + ['hibernate.target', 'ENABLE_HIBERNATE'], + ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], ++ ['suspend-to-hibernate.target', 'ENABLE_HIBERNATE'], + ['initrd-fs.target', ''], + ['initrd-root-device.target', ''], + ['initrd-root-fs.target', ''], +@@ -158,6 +159,7 @@ in_units = [ + ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'], + ['systemd-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hybrid-sleep.service', 'ENABLE_HIBERNATE'], ++ ['systemd-suspend-to-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hostnamed.service', 'ENABLE_HOSTNAMED', + 'dbus-org.freedesktop.hostname1.service'], + ['systemd-hwdb-update.service', 'ENABLE_HWDB', +diff --git a/units/suspend-to-hibernate.target b/units/suspend-to-hibernate.target +new file mode 100644 +index 0000000..b9ab6d1 +--- /dev/null ++++ b/units/suspend-to-hibernate.target +@@ -0,0 +1,16 @@ ++# SPDX-License-Identifier: LGPL-2.1+ ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Suspend; Idle into hibernate ++Documentation=man:systemd.special(7) ++DefaultDependencies=no ++Requires=systemd-suspend-to-hibernate.service ++After=systemd-suspend-to-hibernate.service ++StopWhenUnneeded=yes +diff --git a/units/systemd-suspend-to-hibernate.service.in b/units/systemd-suspend-to-hibernate.service.in +new file mode 100644 +index 0000000..9bec9f6 +--- /dev/null ++++ b/units/systemd-suspend-to-hibernate.service.in +@@ -0,0 +1,19 @@ ++# SPDX-License-Identifier: LGPL-2.1+ ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Suspend; Idle into hibernate ++Documentation=man:systemd-suspend.service(8) ++DefaultDependencies=no ++Requires=sleep.target ++After=sleep.target ++ ++[Service] ++Type=oneshot ++ExecStart=@rootlibexecdir@/systemd-sleep suspend-to-hibernate diff -Nru systemd-237/debian/patches/debian/UBUNTU-Rename-suspend-to-hibernate-to-suspend-then-hibernat.patch systemd-237/debian/patches/debian/UBUNTU-Rename-suspend-to-hibernate-to-suspend-then-hibernat.patch --- systemd-237/debian/patches/debian/UBUNTU-Rename-suspend-to-hibernate-to-suspend-then-hibernat.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-Rename-suspend-to-hibernate-to-suspend-then-hibernat.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,671 @@ +From: Mario Limonciello +Date: Wed, 28 Mar 2018 11:00:06 -0500 +Subject: [PATCH] Rename suspend-to-hibernate to suspend-then-hibernate + +Per some discussion with Gnome folks, they would prefer this name +as it's more descriptive of what's happening. +--- + man/logind.conf.xml | 4 +-- + man/rules/meson.build | 2 +- + man/systemd-sleep.conf.xml | 10 +++--- + man/systemd-suspend.service.xml | 14 ++++---- + man/systemd.special.xml | 4 +-- + shell-completion/bash/systemctl.in | 2 +- + shell-completion/zsh/_systemctl.in | 2 +- + src/basic/special.h | 2 +- + src/login/logind-action.c | 12 +++---- + src/login/logind-action.h | 2 +- + src/login/logind-dbus.c | 12 +++---- + src/login/org.freedesktop.login1.conf | 4 +-- + src/shared/sleep-config.c | 8 ++--- + src/sleep/sleep.c | 6 ++-- + src/systemctl/systemctl.c | 46 ++++++++++++------------- + src/test/test-sleep.c | 2 +- + units/meson.build | 4 +-- + units/suspend-then-hibernate.target | 16 +++++++++ + units/suspend-to-hibernate.target | 16 --------- + units/systemd-suspend-then-hibernate.service.in | 19 ++++++++++ + units/systemd-suspend-to-hibernate.service.in | 19 ---------- + 21 files changed, 103 insertions(+), 103 deletions(-) + create mode 100644 units/suspend-then-hibernate.target + delete mode 100644 units/suspend-to-hibernate.target + create mode 100644 units/systemd-suspend-then-hibernate.service.in + delete mode 100644 units/systemd-suspend-to-hibernate.service.in + +diff --git a/man/logind.conf.xml b/man/logind.conf.xml +index 5fb430f..04b89b0 100644 +--- a/man/logind.conf.xml ++++ b/man/logind.conf.xml +@@ -176,7 +176,7 @@ + suspend, + hibernate, + hybrid-sleep, +- suspend-to-hibernate, and ++ suspend-then-hibernate, and + lock. + Defaults to ignore. + +@@ -225,7 +225,7 @@ + suspend, + hibernate, + hybrid-sleep, +- suspend-to-hibernate, and ++ suspend-then-hibernate, and + lock. + If ignore, logind will never handle these + keys. If lock, all running sessions will be +diff --git a/man/rules/meson.build b/man/rules/meson.build +index 5e584cc..67f3f17 100644 +--- a/man/rules/meson.build ++++ b/man/rules/meson.build +@@ -626,7 +626,7 @@ manpages = [ + '8', + ['systemd-hibernate.service', + 'systemd-hybrid-sleep.service', +- 'systemd-suspend-to-hibernate.service', ++ 'systemd-suspend-then-hibernate.service', + 'systemd-sleep'], + ''], + ['systemd-sysctl.service', '8', ['systemd-sysctl'], ''], +diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml +index 6ad9ff4..3d94a45 100644 +--- a/man/systemd-sleep.conf.xml ++++ b/man/systemd-sleep.conf.xml +@@ -104,7 +104,7 @@ + + + +- suspend-to-hibernate ++ suspend-then-hibernate + + A low power state where the system is initially suspended + (the state is stored in RAM). If not interrupted within the delay specified by +@@ -147,7 +147,7 @@ + systemd-suspend.service8, + systemd-hibernate.service8, + systemd-hybrid-sleep.service8, or +- systemd-suspend-to-hibernate.service8. ++ systemd-suspend-then-hibernate.service8. + More than one value can be specified by separating + multiple values with whitespace. They will be tried + in turn, until one is written without error. If +@@ -166,7 +166,7 @@ + systemd-suspend.service8, + systemd-hibernate.service8, + systemd-hybrid-sleep.service8, or +- systemd-suspend-to-hibernate.service8. ++ systemd-suspend-then-hibernate.service8. + More than one value can be specified by separating + multiple values with whitespace. They will be tried + in turn, until one is written without error. If +@@ -179,7 +179,7 @@ + The amount of time in seconds + that will pass before the system is automatically + put into hibernate when using +- systemd-suspend-to-hibernate.service8. ++ systemd-suspend-then-hibernate.service8. + + + +@@ -202,7 +202,7 @@ SuspendState=freeze + systemd-suspend.service8, + systemd-hibernate.service8, + systemd-hybrid-sleep.service8, +- systemd-suspend-to-hibernate.service8, ++ systemd-suspend-then-hibernate.service8, + systemd1, + systemd.directives7 + +diff --git a/man/systemd-suspend.service.xml b/man/systemd-suspend.service.xml +index 2455baa..8b9a11c 100644 +--- a/man/systemd-suspend.service.xml ++++ b/man/systemd-suspend.service.xml +@@ -50,7 +50,7 @@ + systemd-suspend.service + systemd-hibernate.service + systemd-hybrid-sleep.service +- systemd-suspend-to-hibernate.service ++ systemd-suspend-then-hibernate.service + systemd-sleep + System sleep state logic + +@@ -59,7 +59,7 @@ + systemd-suspend.service + systemd-hibernate.service + systemd-hybrid-sleep.service +- systemd-suspend-to-hibernate.service ++ systemd-suspend-then-hibernate.service + /usr/lib/systemd/system-sleep + + +@@ -75,7 +75,7 @@ + systemd-hybrid-sleep.service is pulled in by + hybrid-sleep.target to execute hybrid + hibernation with system suspend and pulled in by +- suspend-to-hibernate.target to execute system suspend ++ suspend-then-hibernate.target to execute system suspend + with a timeout that will activate hibernate later. + + Immediately before entering system suspend and/or +@@ -85,7 +85,7 @@ + arguments to them. The first argument will be + pre, the second either + suspend, hibernate, +- hybrid-sleep, or suspend-to-hibernate ++ hybrid-sleep, or suspend-then-hibernate + depending on the chosen action. + Immediately after leaving system suspend and/or hibernation the + same executables are run, but the first argument is now +@@ -105,7 +105,7 @@ + systemd-suspend.service, + systemd-hibernate.service, and + systemd-hybrid-sleep.service +- systemd-suspend-to-hibernate.service ++ systemd-suspend-then-hibernate.service + should never be executed directly. Instead, trigger system sleep + states with a command such as systemctl suspend + or similar. +@@ -134,9 +134,9 @@ + + + +- ++ + +- Suspend, hibernate, suspend to hibernate, or put the ++ Suspend, hibernate, suspend then hibernate, or put the + system to hybrid sleep. + + +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index 75e3027..1ad2aff 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -65,7 +65,7 @@ + halt.target, + hibernate.target, + hybrid-sleep.target, +- suspend-to-hibernate.target, ++ suspend-then-hibernate.target, + initrd-fs.target, + initrd-root-device.target, + initrd-root-fs.target, +@@ -309,7 +309,7 @@ + + + +- suspend-to-hibernate.target ++ suspend-then-hibernate.target + + A special target unit for suspending the system for a period + of time, waking it and putting it into hibernate. This pulls in +diff --git a/shell-completion/bash/systemctl.in b/shell-completion/bash/systemctl.in +index de2648a..c3b9769 100644 +--- a/shell-completion/bash/systemctl.in ++++ b/shell-completion/bash/systemctl.in +@@ -206,7 +206,7 @@ _systemctl () { + [ENVS]='set-environment unset-environment import-environment' + [STANDALONE]='daemon-reexec daemon-reload default + emergency exit halt hibernate hybrid-sleep +- suspend-to-hibernate kexec list-jobs list-sockets ++ suspend-then-hibernate kexec list-jobs list-sockets + list-timers list-units list-unit-files poweroff + reboot rescue show-environment suspend get-default + is-system-running preset-all' +diff --git a/shell-completion/zsh/_systemctl.in b/shell-completion/zsh/_systemctl.in +index ca07444..6957a84 100644 +--- a/shell-completion/zsh/_systemctl.in ++++ b/shell-completion/zsh/_systemctl.in +@@ -18,7 +18,7 @@ + "force-reload:Reload one or more units if possible, otherwise restart if active" + "hibernate:Hibernate the system" + "hybrid-sleep:Hibernate and suspend the system" +- "suspend-to-hibernate:Suspend the system for a period of time, and then hibernate it" ++ "suspend-then-hibernate:Suspend the system for a period of time, and then hibernate it" + "try-reload-or-restart:Reload one or more units if possible, otherwise restart if active" + "isolate:Start one unit and stop all others" + "kill:Send signal to processes of a unit" +diff --git a/src/basic/special.h b/src/basic/special.h +index 81078ff..808d889 100644 +--- a/src/basic/special.h ++++ b/src/basic/special.h +@@ -37,7 +37,7 @@ + #define SPECIAL_SUSPEND_TARGET "suspend.target" + #define SPECIAL_HIBERNATE_TARGET "hibernate.target" + #define SPECIAL_HYBRID_SLEEP_TARGET "hybrid-sleep.target" +-#define SPECIAL_SUSPEND_TO_HIBERNATE_TARGET "suspend-to-hibernate.target" ++#define SPECIAL_SUSPEND_THEN_HIBERNATE_TARGET "suspend-then-hibernate.target" + + /* Special boot targets */ + #define SPECIAL_RESCUE_TARGET "rescue.target" +diff --git a/src/login/logind-action.c b/src/login/logind-action.c +index 0e8e0b2..da38a2c 100644 +--- a/src/login/logind-action.c ++++ b/src/login/logind-action.c +@@ -48,7 +48,7 @@ int manager_handle_action( + [HANDLE_SUSPEND] = "Suspending...", + [HANDLE_HIBERNATE] = "Hibernating...", + [HANDLE_HYBRID_SLEEP] = "Hibernating and suspending...", +- [HANDLE_SUSPEND_TO_HIBERNATE] = "Suspending to hibernate...", ++ [HANDLE_SUSPEND_THEN_HIBERNATE] = "Suspending, then hibernating...", + }; + + static const char * const target_table[_HANDLE_ACTION_MAX] = { +@@ -59,7 +59,7 @@ int manager_handle_action( + [HANDLE_SUSPEND] = SPECIAL_SUSPEND_TARGET, + [HANDLE_HIBERNATE] = SPECIAL_HIBERNATE_TARGET, + [HANDLE_HYBRID_SLEEP] = SPECIAL_HYBRID_SLEEP_TARGET, +- [HANDLE_SUSPEND_TO_HIBERNATE] = SPECIAL_SUSPEND_TO_HIBERNATE_TARGET, ++ [HANDLE_SUSPEND_THEN_HIBERNATE] = SPECIAL_SUSPEND_THEN_HIBERNATE_TARGET, + }; + + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; +@@ -112,8 +112,8 @@ int manager_handle_action( + supported = can_sleep("hibernate") > 0; + else if (handle == HANDLE_HYBRID_SLEEP) + supported = can_sleep("hybrid-sleep") > 0; +- else if (handle == HANDLE_SUSPEND_TO_HIBERNATE) +- supported = can_sleep("suspend-to-hibernate") > 0; ++ else if (handle == HANDLE_SUSPEND_THEN_HIBERNATE) ++ supported = can_sleep("suspend-then-hibernate") > 0; + else if (handle == HANDLE_KEXEC) + supported = access(KEXEC, X_OK) >= 0; + else +@@ -131,7 +131,7 @@ int manager_handle_action( + + inhibit_operation = IN_SET(handle, HANDLE_SUSPEND, HANDLE_HIBERNATE, + HANDLE_HYBRID_SLEEP, +- HANDLE_SUSPEND_TO_HIBERNATE) ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN; ++ HANDLE_SUSPEND_THEN_HIBERNATE) ? INHIBIT_SLEEP : INHIBIT_SHUTDOWN; + + /* If the actual operation is inhibited, warn and fail */ + if (!ignore_inhibited && +@@ -178,7 +178,7 @@ static const char* const handle_action_table[_HANDLE_ACTION_MAX] = { + [HANDLE_SUSPEND] = "suspend", + [HANDLE_HIBERNATE] = "hibernate", + [HANDLE_HYBRID_SLEEP] = "hybrid-sleep", +- [HANDLE_SUSPEND_TO_HIBERNATE] = "suspend-to-hibernate", ++ [HANDLE_SUSPEND_THEN_HIBERNATE] = "suspend-then-hibernate", + [HANDLE_LOCK] = "lock" + }; + +diff --git a/src/login/logind-action.h b/src/login/logind-action.h +index 1ee8c81..9f5dee6 100644 +--- a/src/login/logind-action.h ++++ b/src/login/logind-action.h +@@ -29,7 +29,7 @@ typedef enum HandleAction { + HANDLE_SUSPEND, + HANDLE_HIBERNATE, + HANDLE_HYBRID_SLEEP, +- HANDLE_SUSPEND_TO_HIBERNATE, ++ HANDLE_SUSPEND_THEN_HIBERNATE, + HANDLE_LOCK, + _HANDLE_ACTION_MAX, + _HANDLE_ACTION_INVALID = -1 +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 51617d6..2222f19 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1924,12 +1924,12 @@ static int method_hybrid_sleep(sd_bus_message *message, void *userdata, sd_bus_e + error); + } + +-static int method_suspend_to_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) { ++static int method_suspend_then_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) { + Manager *m = userdata; + + return method_do_shutdown_or_sleep( + m, message, +- SPECIAL_SUSPEND_TO_HIBERNATE_TARGET, ++ SPECIAL_SUSPEND_THEN_HIBERNATE_TARGET, + INHIBIT_SLEEP, + "org.freedesktop.login1.hibernate", + "org.freedesktop.login1.hibernate-multiple-sessions", +@@ -2395,7 +2395,7 @@ static int method_can_hybrid_sleep(sd_bus_message *message, void *userdata, sd_b + error); + } + +-static int method_can_suspend_to_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) { ++static int method_can_suspend_then_hibernate(sd_bus_message *message, void *userdata, sd_bus_error *error) { + Manager *m = userdata; + + return method_can_shutdown_or_sleep( +@@ -2404,7 +2404,7 @@ static int method_can_suspend_to_hibernate(sd_bus_message *message, void *userda + "org.freedesktop.login1.hibernate", + "org.freedesktop.login1.hibernate-multiple-sessions", + "org.freedesktop.login1.hibernate-ignore-inhibit", +- "suspend-to-hibernate", ++ "suspend-then-hibernate", + error); + } + +@@ -2727,14 +2727,14 @@ const sd_bus_vtable manager_vtable[] = { + SD_BUS_METHOD("Suspend", "b", NULL, method_suspend, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Hibernate", "b", NULL, method_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("HybridSleep", "b", NULL, method_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED), +- SD_BUS_METHOD("SuspendToHibernate", "b", NULL, method_suspend_to_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), ++ SD_BUS_METHOD("SuspendThenHibernate", "b", NULL, method_suspend_then_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanPowerOff", NULL, "s", method_can_poweroff, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanReboot", NULL, "s", method_can_reboot, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanHalt", NULL, "s", method_can_halt, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanSuspend", NULL, "s", method_can_suspend, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanHibernate", NULL, "s", method_can_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CanHybridSleep", NULL, "s", method_can_hybrid_sleep, SD_BUS_VTABLE_UNPRIVILEGED), +- SD_BUS_METHOD("CanSuspendToHibernate", NULL, "s", method_can_suspend_to_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), ++ SD_BUS_METHOD("CanSuspendThenHibernate", NULL, "s", method_can_suspend_then_hibernate, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("ScheduleShutdown", "st", NULL, method_schedule_shutdown, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("CancelScheduledShutdown", NULL, "b", method_cancel_scheduled_shutdown, SD_BUS_VTABLE_UNPRIVILEGED), + SD_BUS_METHOD("Inhibit", "ssss", "h", method_inhibit, SD_BUS_VTABLE_UNPRIVILEGED), +diff --git a/src/login/org.freedesktop.login1.conf b/src/login/org.freedesktop.login1.conf +index 970a217..f880f3e 100644 +--- a/src/login/org.freedesktop.login1.conf ++++ b/src/login/org.freedesktop.login1.conf +@@ -152,7 +152,7 @@ + + ++ send_member="SuspendThenHibernate"/> + + ++ send_member="CanSuspendThenHibernate"/> + + = 0) +@@ -7314,7 +7314,7 @@ static void systemctl_help(void) { + " suspend Suspend the system\n" + " hibernate Hibernate the system\n" + " hybrid-sleep Hibernate and suspend the system\n" +- " suspend-to-hibernate Suspend the system, wake after a period of\n" ++ " suspend-then-hibernate Suspend the system, wake after a period of\n" + " time and put it into hibernate\n", + program_invocation_short_name); + } +@@ -8407,7 +8407,7 @@ static int systemctl_main(int argc, char *argv[]) { + { "suspend", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "hibernate", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "hybrid-sleep", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, +- { "suspend-to-hibernate", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, ++ { "suspend-then-hibernate",VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "default", VERB_ANY, 1, VERB_ONLINE_ONLY, start_special }, + { "rescue", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, + { "emergency", VERB_ANY, 1, VERB_ONLINE_ONLY, start_system_special }, +@@ -8761,7 +8761,7 @@ int main(int argc, char*argv[]) { + case ACTION_SUSPEND: + case ACTION_HIBERNATE: + case ACTION_HYBRID_SLEEP: +- case ACTION_SUSPEND_TO_HIBERNATE: ++ case ACTION_SUSPEND_THEN_HIBERNATE: + case ACTION_EMERGENCY: + case ACTION_DEFAULT: + /* systemctl verbs with no equivalent in the legacy commands. +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index e49ecbe..cea511d 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -48,7 +48,7 @@ static void test_sleep(void) { + log_info("Suspend configured and possible: %s", yes_no(can_sleep("suspend") > 0)); + log_info("Hibernation configured and possible: %s", yes_no(can_sleep("hibernate") > 0)); + log_info("Hybrid-sleep configured and possible: %s", yes_no(can_sleep("hybrid-sleep") > 0)); +- log_info("Suspend-to-Hibernate configured and possible: %s", yes_no(can_sleep("suspend-to-hibernate") > 0)); ++ log_info("Suspend-then-Hibernate configured and possible: %s", yes_no(can_sleep("suspend-then-hibernate") > 0)); + } + + int main(int argc, char* argv[]) { +diff --git a/units/meson.build b/units/meson.build +index 20fb90d..da22fa8 100644 +--- a/units/meson.build ++++ b/units/meson.build +@@ -36,7 +36,7 @@ units = [ + ['halt.target', ''], + ['hibernate.target', 'ENABLE_HIBERNATE'], + ['hybrid-sleep.target', 'ENABLE_HIBERNATE'], +- ['suspend-to-hibernate.target', 'ENABLE_HIBERNATE'], ++ ['suspend-then-hibernate.target', 'ENABLE_HIBERNATE'], + ['initrd-fs.target', ''], + ['initrd-root-device.target', ''], + ['initrd-root-fs.target', ''], +@@ -159,7 +159,7 @@ in_units = [ + ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'], + ['systemd-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hybrid-sleep.service', 'ENABLE_HIBERNATE'], +- ['systemd-suspend-to-hibernate.service', 'ENABLE_HIBERNATE'], ++ ['systemd-suspend-then-hibernate.service', 'ENABLE_HIBERNATE'], + ['systemd-hostnamed.service', 'ENABLE_HOSTNAMED', + 'dbus-org.freedesktop.hostname1.service'], + ['systemd-hwdb-update.service', 'ENABLE_HWDB', +diff --git a/units/suspend-then-hibernate.target b/units/suspend-then-hibernate.target +new file mode 100644 +index 0000000..8c45510 +--- /dev/null ++++ b/units/suspend-then-hibernate.target +@@ -0,0 +1,16 @@ ++# SPDX-License-Identifier: LGPL-2.1+ ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Suspend; Idle into hibernate ++Documentation=man:systemd.special(7) ++DefaultDependencies=no ++Requires=systemd-suspend-then-hibernate.service ++After=systemd-suspend-then-hibernate.service ++StopWhenUnneeded=yes +diff --git a/units/suspend-to-hibernate.target b/units/suspend-to-hibernate.target +deleted file mode 100644 +index b9ab6d1..0000000 +--- a/units/suspend-to-hibernate.target ++++ /dev/null +@@ -1,16 +0,0 @@ +-# SPDX-License-Identifier: LGPL-2.1+ +-# +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Suspend; Idle into hibernate +-Documentation=man:systemd.special(7) +-DefaultDependencies=no +-Requires=systemd-suspend-to-hibernate.service +-After=systemd-suspend-to-hibernate.service +-StopWhenUnneeded=yes +diff --git a/units/systemd-suspend-then-hibernate.service.in b/units/systemd-suspend-then-hibernate.service.in +new file mode 100644 +index 0000000..441ff16 +--- /dev/null ++++ b/units/systemd-suspend-then-hibernate.service.in +@@ -0,0 +1,19 @@ ++# SPDX-License-Identifier: LGPL-2.1+ ++# ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Suspend; Idle into hibernate ++Documentation=man:systemd-suspend.service(8) ++DefaultDependencies=no ++Requires=sleep.target ++After=sleep.target ++ ++[Service] ++Type=oneshot ++ExecStart=@rootlibexecdir@/systemd-sleep suspend-then-hibernate +diff --git a/units/systemd-suspend-to-hibernate.service.in b/units/systemd-suspend-to-hibernate.service.in +deleted file mode 100644 +index 9bec9f6..0000000 +--- a/units/systemd-suspend-to-hibernate.service.in ++++ /dev/null +@@ -1,19 +0,0 @@ +-# SPDX-License-Identifier: LGPL-2.1+ +-# +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Suspend; Idle into hibernate +-Documentation=man:systemd-suspend.service(8) +-DefaultDependencies=no +-Requires=sleep.target +-After=sleep.target +- +-[Service] +-Type=oneshot +-ExecStart=@rootlibexecdir@/systemd-sleep suspend-to-hibernate diff -Nru systemd-237/debian/patches/debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch systemd-237/debian/patches/debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch --- systemd-237/debian/patches/debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,181 @@ +From: Dimitri John Ledkov +Date: Tue, 13 Mar 2018 23:03:37 +0000 +Subject: core: use setreuid/setregid trick to create session keyring with + right ownership + +Re-use the hacks used to link user keyring, when creating the session +keyring. This way changing ownership of the keyring is not required, and thus +incovation_id can be correctly created in restricted environments. + +Creating invocation_id with root permissions works and linking it into session +keyring works, as at that point session keyring is possessed. + +Simple way to validate this is with following commands: + +$ journalctl -f & +$ sudo systemd-run --uid 1000 /bin/sh -c 'keyctl describe @s; keyctl list @s; keyctl read `keyctl search @s user invocation_id`' + +which now works in LXD containers as well as on the host. + +Fixes: https://github.com/systemd/systemd/issues/7655 +--- + src/core/execute.c | 117 +++++++++++++++++++++++++++-------------------------- + 1 file changed, 59 insertions(+), 58 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 0b5aa53..2919bc1 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2443,7 +2443,9 @@ static int setup_keyring( + uid_t uid, gid_t gid) { + + key_serial_t keyring; +- int r; ++ int r = 0; ++ uid_t saved_uid; ++ gid_t saved_gid; + + assert(u); + assert(context); +@@ -2462,6 +2464,26 @@ static int setup_keyring( + if (context->keyring_mode == EXEC_KEYRING_INHERIT) + return 0; + ++ /* Acquiring a reference to the user keyring is nasty. We briefly change identity in order to get things set up ++ * properly by the kernel. If we don't do that then we can't create it atomically, and that sucks for parallel ++ * execution. This mimics what pam_keyinit does, too. Setting up session keyring, to be owned by the right user ++ * & group is just as nasty as acquiring a reference to the user keyring. */ ++ ++ saved_uid = getuid(); ++ saved_gid = getgid(); ++ ++ if (gid_is_valid(gid) && gid != saved_gid) { ++ if (setregid(gid, -1) < 0) ++ return log_unit_error_errno(u, errno, "Failed to change GID for user keyring: %m"); ++ } ++ ++ if (uid_is_valid(uid) && uid != saved_uid) { ++ if (setreuid(uid, -1) < 0) { ++ r = log_unit_error_errno(u, errno, "Failed to change UID for user keyring: %m"); ++ goto out; ++ } ++ } ++ + keyring = keyctl(KEYCTL_JOIN_SESSION_KEYRING, 0, 0, 0, 0); + if (keyring == -1) { + if (errno == ENOSYS) +@@ -2471,12 +2493,36 @@ static int setup_keyring( + else if (errno == EDQUOT) + log_unit_debug_errno(u, errno, "Out of kernel keyrings to allocate, ignoring."); + else +- return log_unit_error_errno(u, errno, "Setting up kernel keyring failed: %m"); ++ r = log_unit_error_errno(u, errno, "Setting up kernel keyring failed: %m"); + +- return 0; ++ goto out; + } + +- /* Populate they keyring with the invocation ID by default. */ ++ /* When requested link the user keyring into the session keyring. */ ++ if (context->keyring_mode == EXEC_KEYRING_SHARED) { ++ ++ if (keyctl(KEYCTL_LINK, ++ KEY_SPEC_USER_KEYRING, ++ KEY_SPEC_SESSION_KEYRING, 0, 0) < 0) { ++ r = log_unit_error_errno(u, errno, "Failed to link user keyring into session keyring: %m"); ++ goto out; ++ } ++ } ++ ++ /* Restore uid/gid back */ ++ if (uid_is_valid(uid) && uid != saved_uid) { ++ if (setreuid(saved_uid, -1) < 0) { ++ r = log_unit_error_errno(u, errno, "Failed to change UID back for user keyring: %m"); ++ goto out; ++ } ++ } ++ ++ if (gid_is_valid(gid) && gid != saved_gid) { ++ if (setregid(saved_gid, -1) < 0) ++ return log_unit_error_errno(u, errno, "Failed to change GID back for user keyring: %m"); ++ } ++ ++ /* Populate they keyring with the invocation ID by default, as original saved_uid. */ + if (!sd_id128_is_null(u->invocation_id)) { + key_serial_t key; + +@@ -2487,65 +2533,20 @@ static int setup_keyring( + if (keyctl(KEYCTL_SETPERM, key, + KEY_POS_VIEW|KEY_POS_READ|KEY_POS_SEARCH| + KEY_USR_VIEW|KEY_USR_READ|KEY_USR_SEARCH, 0, 0) < 0) +- return log_unit_error_errno(u, errno, "Failed to restrict invocation ID permission: %m"); ++ r = log_unit_error_errno(u, errno, "Failed to restrict invocation ID permission: %m"); + } + } + +- /* And now, make the keyring owned by the service's user */ +- if (uid_is_valid(uid) || gid_is_valid(gid)) +- if (keyctl(KEYCTL_CHOWN, keyring, uid, gid, 0) < 0) +- return log_unit_error_errno(u, errno, "Failed to change ownership of session keyring: %m"); +- +- /* When requested link the user keyring into the session keyring. */ +- if (context->keyring_mode == EXEC_KEYRING_SHARED) { +- uid_t saved_uid; +- gid_t saved_gid; ++out: ++ /* Revert back uid & gid for the the last time, and exit */ ++ /* no extra logging, as only the first already reported error matters */ ++ if (getuid() != saved_uid) ++ (void) setreuid(saved_uid, -1); + +- /* Acquiring a reference to the user keyring is nasty. We briefly change identity in order to get things +- * set up properly by the kernel. If we don't do that then we can't create it atomically, and that +- * sucks for parallel execution. This mimics what pam_keyinit does, too.*/ ++ if (getgid() != saved_gid) ++ (void) setregid(saved_gid, -1); + +- saved_uid = getuid(); +- saved_gid = getgid(); +- +- if (gid_is_valid(gid) && gid != saved_gid) { +- if (setregid(gid, -1) < 0) +- return log_unit_error_errno(u, errno, "Failed to change GID for user keyring: %m"); +- } +- +- if (uid_is_valid(uid) && uid != saved_uid) { +- if (setreuid(uid, -1) < 0) { +- (void) setregid(saved_gid, -1); +- return log_unit_error_errno(u, errno, "Failed to change UID for user keyring: %m"); +- } +- } +- +- if (keyctl(KEYCTL_LINK, +- KEY_SPEC_USER_KEYRING, +- KEY_SPEC_SESSION_KEYRING, 0, 0) < 0) { +- +- r = -errno; +- +- (void) setreuid(saved_uid, -1); +- (void) setregid(saved_gid, -1); +- +- return log_unit_error_errno(u, r, "Failed to link user keyring into session keyring: %m"); +- } +- +- if (uid_is_valid(uid) && uid != saved_uid) { +- if (setreuid(saved_uid, -1) < 0) { +- (void) setregid(saved_gid, -1); +- return log_unit_error_errno(u, errno, "Failed to change UID back for user keyring: %m"); +- } +- } +- +- if (gid_is_valid(gid) && gid != saved_gid) { +- if (setregid(saved_gid, -1) < 0) +- return log_unit_error_errno(u, errno, "Failed to change GID back for user keyring: %m"); +- } +- } +- +- return 0; ++ return r; + } + + static void append_socket_pair(int *array, unsigned *n, int pair[2]) { diff -Nru systemd-237/debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch systemd-237/debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch --- systemd-237/debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,42 @@ +From: Dimitri John Ledkov +Date: Wed, 11 Oct 2017 12:17:03 +0100 +Subject: UBUNTU: drop unrelated settings from sysctl defaults shipped by + systemd. + +--- + sysctl.d/50-default.conf | 20 -------------------- + 1 file changed, 20 deletions(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index e263cf0..36ae524 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -11,28 +11,8 @@ + # (e.g. /etc/sysctl.d/90-override.conf), and put any assignments + # there. + +-# System Request functionality of the kernel (SYNC) +-# +-# Use kernel.sysrq = 1 to allow all keys. +-# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list +-# of values and keys. +-kernel.sysrq = 16 +- +-# Append the PID to the core filename +-kernel.core_uses_pid = 1 +- +-# Source route verification +-net.ipv4.conf.all.rp_filter = 1 +- +-# Do not accept source routing +-net.ipv4.conf.all.accept_source_route = 0 +- + # Promote secondary addresses when the primary address is removed + net.ipv4.conf.all.promote_secondaries = 1 + + # Fair Queue CoDel packet scheduler to fight bufferbloat + net.core.default_qdisc = fq_codel +- +-# Enable hard and soft link protection +-fs.protected_hardlinks = 1 +-fs.protected_symlinks = 1 diff -Nru systemd-237/debian/patches/debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch systemd-237/debian/patches/debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch --- systemd-237/debian/patches/debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,24 @@ +From: Dimitri John Ledkov +Date: Tue, 21 Nov 2017 09:06:31 +0000 +Subject: UBUNTU: drop using kvm for qemu tests, + as this currently results in unreliable nested kvm. + +--- + test/test-functions | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/test/test-functions b/test/test-functions +index 22066d9..ab0f87e 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -148,10 +148,6 @@ $KERNEL_APPEND \ + QEMU_OPTIONS="$QEMU_OPTIONS -initrd $INITRD" + fi + +- if [ -c /dev/kvm ]; then +- QEMU_OPTIONS="$QEMU_OPTIONS -machine accel=kvm -enable-kvm -cpu host" +- fi +- + if [[ "$QEMU_TIMEOUT" != "infinity" ]]; then + QEMU_BIN="timeout --foreground $QEMU_TIMEOUT $QEMU_BIN" + fi diff -Nru systemd-237/debian/patches/debian/UBUNTU-introduce-TAKE_PTR-macro.patch systemd-237/debian/patches/debian/UBUNTU-introduce-TAKE_PTR-macro.patch --- systemd-237/debian/patches/debian/UBUNTU-introduce-TAKE_PTR-macro.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-introduce-TAKE_PTR-macro.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,34 @@ +From: Lennart Poettering +Date: Thu, 22 Mar 2018 16:53:26 +0100 +Subject: [PATCH] macro: introduce TAKE_PTR() macro + +This macro will read a pointer of any type, return it, and set the +pointer to NULL. This is useful as an explicit concept of passing +ownership of a memory area between pointers. + +This takes inspiration from Rust: + +https://doc.rust-lang.org/std/option/enum.Option.html#method.take + +and was suggested by Alan Jenkins (@sourcejedi). +--- + src/basic/alloc-util.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h +index 02dee37..3a3a7a9 100644 +--- a/src/basic/alloc-util.h ++++ b/src/basic/alloc-util.h +@@ -128,3 +128,12 @@ void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size); + _new_ = alloca_align(_size_, (align)); \ + (void*)memset(_new_, 0, _size_); \ + }) ++ ++/* Takes inspiration from Rusts's Option::take() method: reads and returns a pointer, but at the same time resets it to ++ * NULL. See: https://doc.rust-lang.org/std/option/enum.Option.html#method.take */ ++#define TAKE_PTR(ptr) \ ++ ({ \ ++ typeof(ptr) _ptr_ = (ptr); \ ++ (ptr) = NULL; \ ++ _ptr_; \ ++ }) diff -Nru systemd-237/debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch systemd-237/debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch --- systemd-237/debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,22 @@ +From: Dimitri John Ledkov +Date: Mon, 26 Mar 2018 13:41:15 +0100 +Subject: journald.service: set Nice=-1 to dodge watchdog on soft lockups. + +LP: #1696970 +(cherry picked from commit c5b77c35b4ec0e1812702240f272fbeea3ad4152) +--- + units/systemd-journald.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index df76fe4..24c0150 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -22,6 +22,7 @@ ExecStart=@rootlibexecdir@/systemd-journald + Restart=always + RestartSec=0 + StandardOutput=null ++Nice=-1 + WatchdogSec=3min + FileDescriptorStoreMax=4224 + CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE diff -Nru systemd-237/debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch systemd-237/debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch --- systemd-237/debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,66 @@ +From: Dimitri John Ledkov +Date: Fri, 20 Apr 2018 03:24:13 +0100 +Subject: UBUNTU: networkd: if RA was implicit, do not await ndisc_configured. + +If RA was iplicit, meaning not otherwise requested, and a kernel default was in +use. Do not prevent link entering configured state, whilst ndisc configuration +is pending. Implicit kernel RA, is expected to be asynchronous and +non-blocking. + +LP: #1765173 +(cherry picked from commit 4b784890d000aab33a36f95e565469d5b76e6cbf) +--- + src/network/networkd-link.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 64c4508..19eaac2 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -222,7 +222,7 @@ static bool link_proxy_arp_enabled(Link *link) { + return true; + } + +-static bool link_ipv6_accept_ra_enabled(Link *link) { ++static bool link_ipv6_accept_ra_enabled_implicit(Link *link, bool * implicit) { + assert(link); + + if (!socket_ipv6_is_supported()) +@@ -241,9 +241,12 @@ static bool link_ipv6_accept_ra_enabled(Link *link) { + * disabled if local forwarding is enabled). + * If set, ignore or enforce RA independent of local forwarding state. + */ +- if (link->network->ipv6_accept_ra < 0) ++ if (link->network->ipv6_accept_ra < 0) { + /* default to accept RA if ip_forward is disabled and ignore RA if ip_forward is enabled */ ++ if (implicit) ++ *implicit = true; + return !link_ipv6_forward_enabled(link); ++ } + else if (link->network->ipv6_accept_ra > 0) + /* accept RA even if ip_forward is enabled */ + return true; +@@ -252,6 +255,10 @@ static bool link_ipv6_accept_ra_enabled(Link *link) { + return false; + } + ++static bool link_ipv6_accept_ra_enabled(Link *link) { ++ return link_ipv6_accept_ra_enabled_implicit(link, NULL); ++} ++ + static IPv6PrivacyExtensions link_ipv6_privacy_extensions(Link *link) { + assert(link); + +@@ -771,8 +778,10 @@ void link_check_ready(Link *link) { + !link->dhcp4_configured && !link->dhcp6_configured)) + return; + +- if (link_ipv6_accept_ra_enabled(link) && !link->ndisc_configured) +- return; ++ bool implicit = false; ++ if (link_ipv6_accept_ra_enabled_implicit(link, &implicit) && !link->ndisc_configured) ++ if (!implicit) ++ return; + } + + SET_FOREACH(a, link->addresses, i) diff -Nru systemd-237/debian/patches/debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch systemd-237/debian/patches/debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch --- systemd-237/debian/patches/debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,50 @@ +From: Dimitri John Ledkov +Date: Fri, 6 Apr 2018 14:53:39 +0100 +Subject: UBUNTU resolved: Listen on both TCP and UDP by default. + +LP: #1731522 +--- + man/resolved.conf.xml | 4 ++-- + src/resolve/resolved-manager.c | 2 +- + src/resolve/resolved.conf.in | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/man/resolved.conf.xml b/man/resolved.conf.xml +index 451b9cd..bf88c0e 100644 +--- a/man/resolved.conf.xml ++++ b/man/resolved.conf.xml +@@ -233,9 +233,9 @@ + + DNSStubListener= + Takes a boolean argument or one of udp and tcp. If +- udp (the default), a DNS stub resolver will listen for UDP requests on address 127.0.0.53 ++ udp, a DNS stub resolver will listen for UDP requests on address 127.0.0.53 + port 53. If tcp, the stub will listen for TCP requests on the same address and port. If +- yes, the stub listens for both UDP and TCP requests. If no, the stub ++ yes (the default), the stub listens for both UDP and TCP requests. If no, the stub + listener is disabled. + + Note that the DNS stub listener is turned off implicitly when its listening address and port are already +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index 37cef3f..12a9d17 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -600,7 +600,7 @@ int manager_new(Manager **ret) { + m->mdns_support = RESOLVE_SUPPORT_NO; + m->dnssec_mode = DEFAULT_DNSSEC_MODE; + m->enable_cache = true; +- m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP; ++ m->dns_stub_listener_mode = DNS_STUB_LISTENER_YES; + m->read_resolv_conf = true; + m->need_builtin_fallbacks = true; + m->etc_hosts_last = m->etc_hosts_mtime = USEC_INFINITY; +diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in +index bcd7a92..945760a 100644 +--- a/src/resolve/resolved.conf.in ++++ b/src/resolve/resolved.conf.in +@@ -19,4 +19,4 @@ + #MulticastDNS=no + #DNSSEC=@DEFAULT_DNSSEC_MODE@ + #Cache=yes +-#DNSStubListener=udp ++#DNSStubListener=yes diff -Nru systemd-237/debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch systemd-237/debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch --- systemd-237/debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,40 @@ +From: Dimitri John Ledkov +Date: Fri, 9 Feb 2018 15:57:54 +0000 +Subject: UBUNTU: resolved: disable global LLMNR and MulticastDNS by default. + +LP: #1739672 +--- + src/resolve/resolved-manager.c | 4 ++-- + src/resolve/resolved.conf.in | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index 2ee0277..37cef3f 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -596,8 +596,8 @@ int manager_new(Manager **ret) { + m->dns_stub_udp_fd = m->dns_stub_tcp_fd = -1; + m->hostname_fd = -1; + +- m->llmnr_support = RESOLVE_SUPPORT_YES; +- m->mdns_support = RESOLVE_SUPPORT_YES; ++ m->llmnr_support = RESOLVE_SUPPORT_NO; ++ m->mdns_support = RESOLVE_SUPPORT_NO; + m->dnssec_mode = DEFAULT_DNSSEC_MODE; + m->enable_cache = true; + m->dns_stub_listener_mode = DNS_STUB_LISTENER_UDP; +diff --git a/src/resolve/resolved.conf.in b/src/resolve/resolved.conf.in +index e6b2062..bcd7a92 100644 +--- a/src/resolve/resolved.conf.in ++++ b/src/resolve/resolved.conf.in +@@ -15,8 +15,8 @@ + #DNS= + #FallbackDNS=@DNS_SERVERS@ + #Domains= +-#LLMNR=yes +-#MulticastDNS=yes ++#LLMNR=no ++#MulticastDNS=no + #DNSSEC=@DEFAULT_DNSSEC_MODE@ + #Cache=yes + #DNSStubListener=udp diff -Nru systemd-237/debian/patches/debian/UBUNTU-shared-sleep-config-fix-unitialized-variable-and-use.patch systemd-237/debian/patches/debian/UBUNTU-shared-sleep-config-fix-unitialized-variable-and-use.patch --- systemd-237/debian/patches/debian/UBUNTU-shared-sleep-config-fix-unitialized-variable-and-use.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-shared-sleep-config-fix-unitialized-variable-and-use.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,53 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Sun, 11 Mar 2018 09:13:03 +0100 +Subject: [PATCH] shared/sleep-config: fix unitialized variable and use + STR_IN_SET (#8416) + +--- + src/shared/sleep-config.c | 17 +++++++---------- + 1 file changed, 7 insertions(+), 10 deletions(-) + +diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c +index 4a365b1..94e3e26 100644 +--- a/src/shared/sleep-config.c ++++ b/src/shared/sleep-config.c +@@ -49,7 +49,7 @@ int parse_sleep_config(const char *verb, char ***_modes, char ***_states, usec_t + **hibernate_mode = NULL, **hibernate_state = NULL, + **hybrid_mode = NULL, **hybrid_state = NULL; + char **modes, **states; +- usec_t delay; ++ usec_t delay = 180 * USEC_PER_MINUTE; + + const ConfigTableItem items[] = { + { "Sleep", "SuspendMode", config_parse_strv, 0, &suspend_mode }, +@@ -97,13 +97,13 @@ int parse_sleep_config(const char *verb, char ***_modes, char ***_states, usec_t + USE(states, hybrid_state); + else + states = strv_new("disk", NULL); +- } else if (streq(verb, "suspend-to-hibernate")) { +- if (delay == 0) +- delay = 180 * USEC_PER_MINUTE; +- } else ++ ++ } else if (streq(verb, "suspend-to-hibernate")) ++ modes = states = NULL; ++ else + assert_not_reached("what verb"); + +- if ((!modes && (streq(verb, "hibernate") || streq(verb, "hybrid-sleep"))) || ++ if ((!modes && STR_IN_SET(verb, "hibernate", "hybrid-sleep")) || + (!states && !streq(verb, "suspend-to-hibernate"))) { + strv_free(modes); + strv_free(states); +@@ -306,10 +306,7 @@ int can_sleep(const char *verb) { + _cleanup_strv_free_ char **modes = NULL, **states = NULL; + int r; + +- assert(streq(verb, "suspend") || +- streq(verb, "hibernate") || +- streq(verb, "hybrid-sleep") || +- streq(verb, "suspend-to-hibernate")); ++ assert(STR_IN_SET(verb, "suspend", "hibernate", "hybrid-sleep", "suspend-to-hibernate")); + + if (streq(verb, "suspend-to-hibernate")) + return can_s2h(); diff -Nru systemd-237/debian/patches/debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch systemd-237/debian/patches/debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch --- systemd-237/debian/patches/debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,390 @@ +From: Mario Limonciello +Date: Thu, 8 Mar 2018 02:41:50 -0600 +Subject: [PATCH] sleep: Add support for setting a disk offset when + hibernating + +The Linux kernel is adding support for configuring the offset +into a disk. This allows swapfiles to be more usable as users +will no longer need to set the offset on their kernel command +line. + +Use this API in systemd when hibernating as well. + +Signed-off-by: Mario Limonciello +--- + src/shared/sleep-config.c | 116 +++++++++++++++++++++++++++++++++++++++++----- + src/shared/sleep-config.h | 3 ++ + src/sleep/sleep.c | 74 +++++++++++++++++++++++++++-- + src/test/test-sleep.c | 43 ++++++++++++++++- + 4 files changed, 220 insertions(+), 16 deletions(-) + +diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c +index b430120..d6d13ee 100644 +--- a/src/shared/sleep-config.c ++++ b/src/shared/sleep-config.c +@@ -20,6 +20,7 @@ + ***/ + + #include ++#include + #include + #include + #include +@@ -187,13 +188,10 @@ int can_sleep_disk(char **types) { + + #define HIBERNATION_SWAP_THRESHOLD 0.98 + +-static int hibernation_partition_size(size_t *size, size_t *used) { ++int find_hibernate_location(char **device, char **type, size_t *size, size_t *used) { + _cleanup_fclose_ FILE *f; + unsigned i; + +- assert(size); +- assert(used); +- + f = fopen("/proc/swaps", "re"); + if (!f) { + log_full(errno == ENOENT ? LOG_DEBUG : LOG_WARNING, +@@ -205,7 +203,7 @@ static int hibernation_partition_size(size_t *size, size_t *used) { + (void) fscanf(f, "%*s %*s %*s %*s %*s\n"); + + for (i = 1;; i++) { +- _cleanup_free_ char *dev = NULL, *type = NULL; ++ _cleanup_free_ char *dev_field = NULL, *type_field = NULL; + size_t size_field, used_field; + int k; + +@@ -215,7 +213,7 @@ static int hibernation_partition_size(size_t *size, size_t *used) { + "%zu " /* swap size */ + "%zu " /* used */ + "%*i\n", /* priority */ +- &dev, &type, &size_field, &used_field); ++ &dev_field, &type_field, &size_field, &used_field); + if (k != 4) { + if (k == EOF) + break; +@@ -224,13 +222,18 @@ static int hibernation_partition_size(size_t *size, size_t *used) { + continue; + } + +- if (streq(type, "partition") && endswith(dev, "\\040(deleted)")) { +- log_warning("Ignoring deleted swapfile '%s'.", dev); ++ if (streq(type_field, "partition") && endswith(dev_field, "\\040(deleted)")) { ++ log_warning("Ignoring deleted swapfile '%s'.", dev_field); + continue; + } +- +- *size = size_field; +- *used = used_field; ++ if (device) ++ *device = TAKE_PTR(dev_field); ++ if (type) ++ *type = TAKE_PTR(type_field); ++ if (size) ++ *size = size_field; ++ if (used) ++ *used = used_field; + return 0; + } + +@@ -253,7 +256,7 @@ static bool enough_memory_for_hibernation(void) { + if (access("/sys/power/tuxonice", F_OK) == 0) + return true; + +- r = hibernation_partition_size(&size, &used); ++ r = find_hibernate_location(NULL, NULL, &size, &used); + if (r < 0) + return false; + +@@ -277,6 +280,95 @@ static bool enough_memory_for_hibernation(void) { + return r; + } + ++int read_fiemap(int fd, struct fiemap **ret) { ++ _cleanup_free_ struct fiemap *fiemap = NULL, *result_fiemap = NULL; ++ int extents_size; ++ struct stat statinfo; ++ uint32_t result_extents = 0; ++ uint64_t fiemap_start = 0, fiemap_length; ++ size_t fiemap_size = 1, result_fiemap_size = 1; ++ ++ if (fstat(fd, &statinfo) < 0) ++ return log_debug_errno(errno, "Cannot determine file size: %m"); ++ if (!S_ISREG(statinfo.st_mode)) ++ return -ENOTTY; ++ fiemap_length = statinfo.st_size; ++ ++ /* zero this out in case we run on a file with no extents */ ++ fiemap = new0(struct fiemap, 1); ++ if (!fiemap) ++ return -ENOMEM; ++ ++ result_fiemap = new(struct fiemap, 1); ++ if (!result_fiemap) ++ return -ENOMEM; ++ ++ /* XFS filesystem has incorrect implementation of fiemap ioctl and ++ * returns extents for only one block-group at a time, so we need ++ * to handle it manually, starting the next fiemap call from the end ++ * of the last extent ++ */ ++ while (fiemap_start < fiemap_length) { ++ *fiemap = (struct fiemap) { ++ .fm_start = fiemap_start, ++ .fm_length = fiemap_length, ++ .fm_flags = FIEMAP_FLAG_SYNC, ++ }; ++ ++ /* Find out how many extents there are */ ++ if (ioctl(fd, FS_IOC_FIEMAP, fiemap) < 0) ++ return log_debug_errno(errno, "Failed to read extents: %m"); ++ ++ /* Nothing to process */ ++ if (fiemap->fm_mapped_extents == 0) ++ break; ++ ++ /* Result fiemap has to hold all the extents for the whole file */ ++ extents_size = DIV_ROUND_UP(sizeof(struct fiemap_extent) * fiemap->fm_mapped_extents, ++ sizeof(struct fiemap)); ++ ++ /* Resize fiemap to allow us to read in the extents */ ++ if (!GREEDY_REALLOC0(fiemap, fiemap_size, extents_size)) ++ return -ENOMEM; ++ ++ fiemap->fm_extent_count = fiemap->fm_mapped_extents; ++ fiemap->fm_mapped_extents = 0; ++ ++ if (ioctl(fd, FS_IOC_FIEMAP, fiemap) < 0) ++ return log_debug_errno(errno, "Failed to read extents: %m"); ++ ++ extents_size = DIV_ROUND_UP(sizeof(struct fiemap_extent) * (result_extents + fiemap->fm_mapped_extents), ++ sizeof(struct fiemap)); ++ ++ /* Resize result_fiemap to allow us to read in the extents */ ++ if (!GREEDY_REALLOC(result_fiemap, result_fiemap_size, ++ extents_size)) ++ return -ENOMEM; ++ ++ memcpy(result_fiemap->fm_extents + result_extents, ++ fiemap->fm_extents, ++ sizeof(struct fiemap_extent) * fiemap->fm_mapped_extents); ++ ++ result_extents += fiemap->fm_mapped_extents; ++ ++ /* Highly unlikely that it is zero */ ++ if (fiemap->fm_mapped_extents > 0) { ++ uint32_t i = fiemap->fm_mapped_extents - 1; ++ ++ fiemap_start = fiemap->fm_extents[i].fe_logical + ++ fiemap->fm_extents[i].fe_length; ++ ++ if (fiemap->fm_extents[i].fe_flags & FIEMAP_EXTENT_LAST) ++ break; ++ } ++ } ++ ++ memcpy(result_fiemap, fiemap, sizeof(struct fiemap)); ++ result_fiemap->fm_mapped_extents = result_extents; ++ *ret = TAKE_PTR(result_fiemap); ++ return 0; ++} ++ + static bool can_s2h(void) { + int r; + +diff --git a/src/shared/sleep-config.h b/src/shared/sleep-config.h +index 3dacda0..b91a4b2 100644 +--- a/src/shared/sleep-config.h ++++ b/src/shared/sleep-config.h +@@ -20,9 +20,12 @@ + along with systemd; If not, see . + ***/ + ++#include + #include "time-util.h" + ++int read_fiemap(int fd, struct fiemap **ret); + int parse_sleep_config(const char *verb, char ***modes, char ***states, usec_t *delay); ++int find_hibernate_location(char **device, char **type, size_t *size, size_t *used); + + int can_sleep(const char *verb); + int can_sleep_disk(char **types); +diff --git a/src/sleep/sleep.c b/src/sleep/sleep.c +index 2830b23..1163a0f 100644 +--- a/src/sleep/sleep.c ++++ b/src/sleep/sleep.c +@@ -4,6 +4,7 @@ + + Copyright 2012 Lennart Poettering + Copyright 2013 Zbigniew Jędrzejewski-Szmek ++ Copyright 2010-2017 Canonical + Copyright 2018 Dell Inc. + + systemd is free software; you can redistribute it and/or modify it +@@ -22,6 +23,7 @@ + + #include + #include ++#include + #include + + #include "sd-messages.h" +@@ -40,6 +42,67 @@ + + static char* arg_verb = NULL; + ++static int write_hibernate_location_info(void) { ++ _cleanup_free_ char *device = NULL, *type = NULL; ++ _cleanup_free_ struct fiemap *fiemap = NULL; ++ char offset_str[DECIMAL_STR_MAX(uint64_t)]; ++ char device_str[DECIMAL_STR_MAX(uint64_t)]; ++ _cleanup_close_ int fd = -1; ++ struct stat stb; ++ uint64_t offset; ++ int r; ++ ++ r = find_hibernate_location(&device, &type, NULL, NULL); ++ if (r < 0) ++ return log_debug_errno(r, "Unable to find hibernation location: %m"); ++ ++ /* if it's a swap partition, we just write the disk to /sys/power/resume */ ++ if (streq(type, "partition")) ++ return write_string_file("/sys/power/resume", device, 0); ++ else if (!streq(type, "file")) ++ return log_debug_errno(EINVAL, "Invalid hibernate type %s: %m", ++ type); ++ ++ /* Only available in 4.17+ */ ++ if (access("/sys/power/resume_offset", F_OK) < 0) { ++ if (errno == ENOENT) ++ return 0; ++ return log_debug_errno(errno, "/sys/power/resume_offset unavailable: %m"); ++ } ++ ++ r = access("/sys/power/resume_offset", W_OK); ++ if (r < 0) ++ return log_debug_errno(errno, "/sys/power/resume_offset not writeable: %m"); ++ ++ fd = open(device, O_RDONLY | O_CLOEXEC | O_NONBLOCK); ++ if (fd < 0) ++ return log_debug_errno(errno, "Unable to open '%s': %m", device); ++ r = fstat(fd, &stb); ++ if (r < 0) ++ return log_debug_errno(errno, "Unable to stat %s: %m", device); ++ r = read_fiemap(fd, &fiemap); ++ if (r < 0) ++ return log_debug_errno(r, "Unable to read extent map for '%s': %m", ++ device); ++ if (fiemap->fm_mapped_extents == 0) { ++ log_debug("No extents found in '%s'", device); ++ return -EINVAL; ++ } ++ offset = fiemap->fm_extents[0].fe_physical / page_size(); ++ xsprintf(offset_str, "%" PRIu64, offset); ++ r = write_string_file("/sys/power/resume_offset", offset_str, 0); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to write offset '%s': %m", ++ offset_str); ++ ++ xsprintf(device_str, "%lx", (unsigned long)stb.st_dev); ++ r = write_string_file("/sys/power/resume", device_str, 0); ++ if (r < 0) ++ return log_debug_errno(r, "Failed to write device '%s': %m", ++ device_str); ++ return 0; ++} ++ + static int write_mode(char **modes) { + int r = 0; + char **mode; +@@ -110,9 +173,14 @@ static int execute(char **modes, char **states) { + return log_error_errno(errno, "Failed to open /sys/power/state: %m"); + + /* Configure the hibernation mode */ +- r = write_mode(modes); +- if (r < 0) +- return r; ++ if (!strv_isempty(modes)) { ++ r = write_hibernate_location_info(); ++ if (r < 0) ++ return log_error_errno(r, "Failed to write hibernation disk offset: %m"); ++ r = write_mode(modes); ++ if (r < 0) ++ return r; ++ } + + execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments); + +diff --git a/src/test/test-sleep.c b/src/test/test-sleep.c +index cea511d..05fd6c0 100644 +--- a/src/test/test-sleep.c ++++ b/src/test/test-sleep.c +@@ -18,13 +18,43 @@ + along with systemd; If not, see . + ***/ + ++#include + #include + ++#include "fd-util.h" + #include "log.h" + #include "sleep-config.h" + #include "strv.h" + #include "util.h" + ++static int test_fiemap(const char *path) { ++ _cleanup_free_ struct fiemap *fiemap = NULL; ++ _cleanup_close_ int fd = -1; ++ int r; ++ ++ fd = open(path, O_RDONLY | O_CLOEXEC | O_NONBLOCK); ++ if (fd < 0) ++ return log_error_errno(errno, "failed to open %s: %m", path); ++ r = read_fiemap(fd, &fiemap); ++ if (r == -ENOTSUP) { ++ log_info("Skipping test, not supported"); ++ exit(EXIT_TEST_SKIP); ++ } ++ if (r < 0) ++ return log_error_errno(r, "Unable to read extent map for '%s': %m", path); ++ log_info("extent map information for %s:", path); ++ log_info("\t start: %llu", fiemap->fm_start); ++ log_info("\t length: %llu", fiemap->fm_length); ++ log_info("\t flags: %u", fiemap->fm_flags); ++ log_info("\t number of mapped extents: %u", fiemap->fm_mapped_extents); ++ log_info("\t extent count: %u", fiemap->fm_extent_count); ++ if (fiemap->fm_extent_count > 0) ++ log_info("\t first extent location: %llu", ++ fiemap->fm_extents[0].fe_physical / page_size()); ++ ++ return 0; ++} ++ + static void test_sleep(void) { + _cleanup_strv_free_ char + **standby = strv_new("standby", NULL), +@@ -52,6 +82,8 @@ static void test_sleep(void) { + } + + int main(int argc, char* argv[]) { ++ int i, r = 0, k; ++ + log_parse_environment(); + log_open(); + +@@ -60,5 +92,14 @@ int main(int argc, char* argv[]) { + + test_sleep(); + +- return 0; ++ if (argc <= 1) ++ assert_se(test_fiemap(argv[0]) == 0); ++ else ++ for (i = 1; i < argc; i++) { ++ k = test_fiemap(argv[i]); ++ if (r == 0) ++ r = k; ++ } ++ ++ return r; + } diff -Nru systemd-237/debian/patches/debian/UBUNTU-test-fs-utils-detect-container.patch systemd-237/debian/patches/debian/UBUNTU-test-fs-utils-detect-container.patch --- systemd-237/debian/patches/debian/UBUNTU-test-fs-utils-detect-container.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-test-fs-utils-detect-container.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,33 @@ +From: Dimitri John Ledkov +Date: Fri, 16 Feb 2018 13:22:49 +0000 +Subject: test/test-fs-util: detect container, in addition to root. + +On armhf, during autopkgtests, whilst root is avilable, full capabilities in +parent namespace are not, since the tests are run in an LXD container. + +This should resolve armhf test failure. +--- + src/test/test-fs-util.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 2525c47..10ecc60 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -35,6 +35,7 @@ + #include "strv.h" + #include "user-util.h" + #include "util.h" ++#include "virt.h" + + static void test_chase_symlinks(void) { + _cleanup_free_ char *result = NULL; +@@ -495,7 +496,7 @@ static void test_touch_file(void) { + assert_se((st.st_mode & 0777) == 0640); + assert_se(timespec_load(&st.st_mtim) == test_mtime); + +- if (geteuid() == 0) { ++ if (geteuid() == 0 && !detect_container()) { + a = strjoina(p, "/cdev"); + assert_se(mknod(a, 0775 | S_IFCHR, makedev(0, 0)) >= 0); + assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0); diff -Nru systemd-237/debian/patches/debian/UBUNTU-test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch systemd-237/debian/patches/debian/UBUNTU-test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch --- systemd-237/debian/patches/debian/UBUNTU-test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,26 @@ +From: Dimitri John Ledkov +Date: Wed, 8 Nov 2017 16:25:45 +0000 +Subject: UBUNTU: test-process-util: fails to verify cmdline changes in unpriv + user-namespace. + +Thus skip these asserts when running $ sudo ./test-process-util in an +unpriviledged user namespaced containers. + +(cherry picked from commit 86a4129d308602a1d2ba80b47863b32bec2059df) +--- + src/test/test-process-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 72edcbb..8286b66 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -381,7 +381,7 @@ static void test_rename_process_now(const char *p, int ret) { + + assert_se(get_process_cmdline(0, 0, false, &cmdline) >= 0); + /* we cannot expect cmdline to be renamed properly without privileges */ +- if (geteuid() == 0) { ++ if (geteuid() == 0 && !running_in_userns()) { + log_info("cmdline = <%s>", cmdline); + assert_se(strneq(p, cmdline, STRLEN("test-process-util"))); + assert_se(startswith(p, cmdline)); diff -Nru systemd-237/debian/patches/debian/UBUNTU-test-test-functions-drop-all-prefixes.patch systemd-237/debian/patches/debian/UBUNTU-test-test-functions-drop-all-prefixes.patch --- systemd-237/debian/patches/debian/UBUNTU-test-test-functions-drop-all-prefixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-test-test-functions-drop-all-prefixes.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,45 @@ +From: Dimitri John Ledkov +Date: Mon, 6 Nov 2017 16:00:13 +0000 +Subject: UBUNTU: test/test-functions: drop all prefixes + +When parsing and installing binaries mentioned in Exec*= lines the +5ed0dcf4d552271115d96d8d22b1a25494b85277 commit added parsing logic to drop +prefixes, including handling duplicate exclamation marks. But this did not +handle arbitrary combination of multiple prefixes, ie. StartExec=+-/bin/sh was +parsed as -/bin/sh which then would fail to install. + +Instead of using egrep and shell replacements, replace both with sed command +that does it all. This sed script extract a group of characters starting with a +/ up to the first space (if any) after the equals sign. This correctly handles +existing non-prefixed, prefixed, multiple-prefixed commands. + +About half commands seem to repeat themself, thus sort -u cuts the list of +binaries to install about in half. + +To validate change of behaviour both old and new functions were modified to +echo parsed binaries into separate files, and then diffed. The incorrect +-/bin/sh was missing in the new output. + +Without this patch tests fail on default Ubuntu installs. + +(cherry picked from commit 84c0a34987d00158e943e3151a1fe21caa78d40c) +--- + test/test-functions | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/test/test-functions b/test/test-functions +index ab0f87e..0b7575b 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -432,9 +432,8 @@ install_execs() { + export PKG_CONFIG_PATH=$BUILD_DIR/src/core/ + systemdsystemunitdir=$(pkg-config --variable=systemdsystemunitdir systemd) + systemduserunitdir=$(pkg-config --variable=systemduserunitdir systemd) +- egrep -ho '^Exec[^ ]*=[^ ]+' $initdir/{$systemdsystemunitdir,$systemduserunitdir}/*.service \ +- | while read i; do +- i=${i##Exec*=}; i=${i##[@+\!-]}; i=${i##\!} ++ sed -n 's|^Exec[a-zA-Z]*=[^/]*\(/[^ ]*\).*|\1|gp' $initdir/{$systemdsystemunitdir,$systemduserunitdir}/*.service \ ++ | sort -u | while read i; do + # some {rc,halt}.local scripts and programs are okay to not exist, the rest should + inst $i || [ "${i%.local}" != "$i" ] || [ "${i%systemd-update-done}" != "$i" ] + done diff -Nru systemd-237/debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch systemd-237/debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch --- systemd-237/debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,23 @@ +From: Dimitri John Ledkov +Date: Fri, 16 Feb 2018 13:28:31 +0000 +Subject: test/test-functions: launch qemu with -vga none + +When booting ppc64el virtual machines, they require seabios, unless -vga none +is specified. Since we do a direct kernel & initrd boot, with -nographic, we +really have no need for vga or seabios in this case. +--- + test/test-functions | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/test/test-functions b/test/test-functions +index 0b7575b..f5f789c 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -140,6 +140,7 @@ $KERNEL_APPEND \ + -net none \ + -m 512M \ + -nographic \ ++-vga none \ + -kernel $KERNEL_BIN \ + -drive format=raw,cache=unsafe,file=${TESTDIR}/rootdisk.img \ + " diff -Nru systemd-237/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch systemd-237/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch --- systemd-237/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,42 @@ +From: Dimitri John Ledkov +Date: Mon, 26 Mar 2018 13:17:01 +0100 +Subject: wait-online: exit, if no links are managed. + +(cherry picked from commit 19d11f607ac0f8b1e31f72a8e9d3d44371b9dadb) +--- + src/network/wait-online/manager.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c +index 05f030d..aa963cb 100644 +--- a/src/network/wait-online/manager.c ++++ b/src/network/wait-online/manager.c +@@ -54,6 +54,7 @@ bool manager_all_configured(Manager *m) { + Link *l; + char **ifname; + bool one_ready = false; ++ bool none_managed = true; + + /* wait for all the links given on the command line to appear */ + STRV_FOREACH(ifname, m->interfaces) { +@@ -84,6 +85,11 @@ bool manager_all_configured(Manager *m) { + return false; + } + ++ if (STR_IN_SET(l->state, "configured", "failed")) { ++ log_info("managing: %s", l->ifname); ++ none_managed = false; ++ } ++ + if (l->operational_state && + STR_IN_SET(l->operational_state, "degraded", "routable")) + /* we wait for at least one link to be ready, +@@ -91,7 +97,7 @@ bool manager_all_configured(Manager *m) { + one_ready = true; + } + +- return one_ready; ++ return one_ready || none_managed; + } + + static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) { diff -Nru systemd-237/debian/patches/debian/Ubuntu-UseDomains-by-default.patch systemd-237/debian/patches/debian/Ubuntu-UseDomains-by-default.patch --- systemd-237/debian/patches/debian/Ubuntu-UseDomains-by-default.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/Ubuntu-UseDomains-by-default.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,75 @@ +From: Dimitri John Ledkov +Date: Thu, 20 Jul 2017 13:48:31 +0100 +Subject: Set UseDomains to true, by default, on Ubuntu. + +On Ubuntu, fallback DNS servers are disabled, therefore we do not leak queries +to a preset 3rd party by default. In resolved, dnssec is also disabled by +default, as too much of the internet is broken and using Ubuntu users to debug +the internet is not very productive - most of the time the end-user cannot fix +or know how to notify the site owners about the dnssec mistakes. Inherintally +the DHCP acquired DNS servers are therefore trusted, and are free to spoof +records. Not trusting DNS search domains, in such scenario, provides limited +security or privacy benefits. From user point of view, this also appears to be +a regression from previous Ubuntu releases which do trust DHCP acquired search +domains by default. + +Therefore we are enabling UseDomains by default on Ubuntu. + +Users may override this setting in the .network files by specifying +[DHCP|IPv6AcceptRA] UseDomains=no|route options. +--- + man/systemd.network.xml | 6 +++--- + src/network/networkd-network.c | 2 ++ + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index 80d2802..d91346e 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -310,7 +310,7 @@ + IPv6AcceptRA=. + + Furthermore, note that by default the domain name +- specified through DHCP is not used for name resolution. ++ specified through DHCP, on Ubuntu, are used for name resolution. + See option below. + + See the [DHCP] section below for further configuration options for the DHCP client +@@ -1192,7 +1192,7 @@ + the setting. If set to route, the domain name received from + the DHCP server will be used for routing DNS queries only, but not for searching, similar to the effect of + the setting when the argument is prefixed with ~. Defaults to +- false. ++ true on Ubuntu. + + It is recommended to enable this option only on trusted networks, as setting this affects resolution + of all host names, in particular of single-label names. It is generally safer to use the supplied domain +@@ -1355,7 +1355,7 @@ + the effect of the setting. If set to route, the domain name + received via IPv6 RA will be used for routing DNS queries only, but not for searching, similar to the + effect of the setting when the argument is prefixed with +- ~. Defaults to false. ++ ~. Defaults to true on Ubuntu. + + It is recommended to enable this option only on trusted networks, as setting this affects resolution + of all host names, in particular of single-label names. It is generally safer to use the supplied domain +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 2dc3de3..e320c04 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -213,6 +213,7 @@ static int network_load_one(Manager *manager, const char *filename) { + network->dhcp_use_routes = true; + /* NOTE: this var might be overwriten by network_apply_anonymize_if_set */ + network->dhcp_send_hostname = true; ++ network->dhcp_use_domains = DHCP_USE_DOMAINS_YES; + /* To enable/disable RFC7844 Anonymity Profiles */ + network->dhcp_anonymize = false; + network->dhcp_route_metric = DHCP_ROUTE_METRIC; +@@ -260,6 +261,7 @@ static int network_load_one(Manager *manager, const char *filename) { + network->proxy_arp = -1; + network->arp = -1; + network->ipv6_accept_ra_use_dns = true; ++ network->ipv6_accept_ra_use_domains = DHCP_USE_DOMAINS_YES; + network->ipv6_accept_ra_route_table = RT_TABLE_MAIN; + + dropin_dirname = strjoina(network->name, ".network.d"); diff -Nru systemd-237/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch systemd-237/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch --- systemd-237/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,39 @@ +From: Dimitri John Ledkov +Date: Tue, 1 Aug 2017 17:38:05 +0100 +Subject: core: in execute, soft fail setting Nice priority, + when permissions are denied + +In unpriviledged containers Nice priority setting may not be permitted. Thus +log and ignore permission failure to set Nice priority in such +environments. This is similar to how OOMScoreAdjust is treated. +--- + src/core/execute.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 0df3971..0b5aa53 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -2953,11 +2953,17 @@ static int exec_child( + } + } + +- if (context->nice_set) +- if (setpriority(PRIO_PROCESS, 0, context->nice) < 0) { +- *exit_status = EXIT_NICE; +- return log_unit_error_errno(unit, errno, "Failed to set up process scheduling priority (nice level): %m"); +- } ++ if (context->nice_set) { ++ r = setpriority(PRIO_PROCESS, 0, context->nice); ++ if (r == -EPERM || r == -EACCES) { ++ log_open(); ++ log_unit_debug_errno(unit, r, "Failed to adjust Nice setting, assuming containerized execution, ignoring: %m"); ++ log_close(); ++ } else if (r < 0) { ++ *exit_status = EXIT_NICE; ++ return log_unit_error_errno(unit, errno, "Failed to set up process scheduling priority (nice level): %m"); ++ } ++ } + + if (context->cpu_sched_set) { + struct sched_param param = { diff -Nru systemd-237/debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch systemd-237/debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch --- systemd-237/debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,22 @@ +From: Dimitri John Ledkov +Date: Wed, 2 Aug 2017 00:40:28 +0100 +Subject: units: set ConditionVirtualization=!private-users on journald audit + socket + +As it fails to start in an unpriviledged container. +--- + units/systemd-journald-audit.socket | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-journald-audit.socket b/units/systemd-journald-audit.socket +index cb8b774..6649934 100644 +--- a/units/systemd-journald-audit.socket ++++ b/units/systemd-journald-audit.socket +@@ -14,6 +14,7 @@ DefaultDependencies=no + Before=sockets.target + ConditionSecurity=audit + ConditionCapability=CAP_AUDIT_READ ++ConditionVirtualization=!private-users + + [Socket] + Service=systemd-journald.service diff -Nru systemd-237/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch systemd-237/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch --- systemd-237/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch 2019-02-28 21:03:40.000000000 +0000 @@ -258,12 +258,12 @@ 'src/sleep/sleep.c', include_directories : includes, diff --git a/po/POTFILES.in b/po/POTFILES.in -index f33c53f..4b8ef2e 100644 +index 470829a..55edf97 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in -@@ -6,3 +6,4 @@ src/login/org.freedesktop.login1.policy.in - src/machine/org.freedesktop.machine1.policy.in - src/timedate/org.freedesktop.timedate1.policy.in +@@ -7,3 +7,4 @@ src/machine/org.freedesktop.machine1.policy + src/resolve/org.freedesktop.resolve1.policy + src/timedate/org.freedesktop.timedate1.policy src/core/dbus-unit.c +src/fsckd/fsckd.c diff --git a/src/fsckd/fsckd.c b/src/fsckd/fsckd.c diff -Nru systemd-237/debian/patches/fix-race-daemon-reload-11121.patch systemd-237/debian/patches/fix-race-daemon-reload-11121.patch --- systemd-237/debian/patches/fix-race-daemon-reload-11121.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/fix-race-daemon-reload-11121.patch 2019-03-18 07:40:44.000000000 +0000 @@ -0,0 +1,362 @@ +From: Michael Vogt +Date: Mon, 18 Mar 2019 08:30:41 +0100 +Subject: Backport daemon reload race fix (PR#11121) + +There is a race in the systemd code when daemon-reload happens +in parallel with other systemctl operations (like start/stop). +Upstream fixed this first in PR#8803 but the fix is incomplete +and sometimes causes a segfault (see systemd issue #10716). +The full fix is in PR#11121 and this patch first applied #8803 +and then PR #11121 on top. +Index: systemd-237/src/core/job.c +=================================================================== +--- systemd-237.orig/src/core/job.c ++++ systemd-237/src/core/job.c +@@ -78,7 +78,7 @@ Job* job_new(Unit *unit, JobType type) { + return j; + } + +-void job_free(Job *j) { ++void job_unlink(Job *j) { + assert(j); + assert(!j->installed); + assert(!j->transaction_prev); +@@ -86,21 +86,38 @@ void job_free(Job *j) { + assert(!j->subject_list); + assert(!j->object_list); + +- if (j->in_run_queue) ++ if (j->in_run_queue) { + LIST_REMOVE(run_queue, j->manager->run_queue, j); ++ j->in_run_queue = false; ++ } + +- if (j->in_dbus_queue) ++ if (j->in_dbus_queue) { + LIST_REMOVE(dbus_queue, j->manager->dbus_job_queue, j); ++ j->in_dbus_queue = false; ++ } + +- if (j->in_gc_queue) ++ if (j->in_gc_queue) { + LIST_REMOVE(gc_queue, j->manager->gc_job_queue, j); ++ j->in_gc_queue = false; ++ } + +- sd_event_source_unref(j->timer_event_source); ++ j->timer_event_source = sd_event_source_unref(j->timer_event_source); ++} ++ ++Job* job_free(Job *j) { ++ assert(j); ++ assert(!j->installed); ++ assert(!j->transaction_prev); ++ assert(!j->transaction_next); ++ assert(!j->subject_list); ++ assert(!j->object_list); ++ ++ job_unlink(j); + + sd_bus_track_unref(j->bus_track); + strv_free(j->deserialized_clients); + +- free(j); ++ return mfree(j); + } + + static void job_set_state(Job *j, JobState state) { +@@ -149,7 +166,7 @@ void job_uninstall(Job *j) { + + unit_add_to_gc_queue(j->unit); + +- hashmap_remove(j->manager->jobs, UINT32_TO_PTR(j->id)); ++ hashmap_remove_value(j->manager->jobs, UINT32_TO_PTR(j->id), j); + j->installed = false; + } + +@@ -239,6 +256,7 @@ Job* job_install(Job *j) { + + int job_install_deserialized(Job *j) { + Job **pj; ++ int r; + + assert(!j->installed); + +@@ -248,10 +266,15 @@ int job_install_deserialized(Job *j) { + } + + pj = (j->type == JOB_NOP) ? &j->unit->nop_job : &j->unit->job; +- if (*pj) { +- log_unit_debug(j->unit, "Unit already has a job installed. Not installing deserialized job."); +- return -EEXIST; +- } ++ if (*pj) ++ return log_unit_debug_errno(j->unit, EEXIST, ++ "Unit already has a job installed. Not installing deserialized job."); ++ ++ r = hashmap_put(j->manager->jobs, UINT32_TO_PTR(j->id), j); ++ if (r == -EEXIST) ++ return log_unit_debug_errno(j->unit, r, "Job ID %" PRIu32 " already used, cannot deserialize job.", j->id); ++ if (r < 0) ++ return log_unit_debug_errno(j->unit, r, "Failed to insert job into jobs hash table: %m"); + + *pj = j; + j->installed = true; +Index: systemd-237/src/core/job.h +=================================================================== +--- systemd-237.orig/src/core/job.h ++++ systemd-237/src/core/job.h +@@ -178,7 +178,8 @@ struct Job { + + Job* job_new(Unit *unit, JobType type); + Job* job_new_raw(Unit *unit); +-void job_free(Job *job); ++void job_unlink(Job *job); ++Job* job_free(Job *job); + Job* job_install(Job *j); + int job_install_deserialized(Job *j); + void job_uninstall(Job *j); +@@ -239,6 +240,8 @@ void job_add_to_gc_queue(Job *j); + int job_get_before(Job *j, Job*** ret); + int job_get_after(Job *j, Job*** ret); + ++DEFINE_TRIVIAL_CLEANUP_FUNC(Job*, job_free); ++ + const char* job_type_to_string(JobType t) _const_; + JobType job_type_from_string(const char *s) _pure_; + +Index: systemd-237/src/core/unit.c +=================================================================== +--- systemd-237.orig/src/core/unit.c ++++ systemd-237/src/core/unit.c +@@ -2325,9 +2325,77 @@ static void unit_update_on_console(Unit + + } + ++static bool unit_process_job(Job *j, UnitActiveState ns, bool reload_success) { ++ bool unexpected = false; ++ ++ assert(j); ++ ++ if (j->state == JOB_WAITING) ++ ++ /* So we reached a different state for this ++ * job. Let's see if we can run it now if it ++ * failed previously due to EAGAIN. */ ++ job_add_to_run_queue(j); ++ ++ /* Let's check whether this state change constitutes a ++ * finished job, or maybe contradicts a running job and ++ * hence needs to invalidate jobs. */ ++ ++ switch (j->type) { ++ ++ case JOB_START: ++ case JOB_VERIFY_ACTIVE: ++ ++ if (UNIT_IS_ACTIVE_OR_RELOADING(ns)) ++ job_finish_and_invalidate(j, JOB_DONE, true, false); ++ else if (j->state == JOB_RUNNING && ns != UNIT_ACTIVATING) { ++ unexpected = true; ++ ++ if (UNIT_IS_INACTIVE_OR_FAILED(ns)) ++ job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false); ++ } ++ ++ break; ++ ++ case JOB_RELOAD: ++ case JOB_RELOAD_OR_START: ++ case JOB_TRY_RELOAD: ++ ++ if (j->state == JOB_RUNNING) { ++ if (ns == UNIT_ACTIVE) ++ job_finish_and_invalidate(j, reload_success ? JOB_DONE : JOB_FAILED, true, false); ++ else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING)) { ++ unexpected = true; ++ ++ if (UNIT_IS_INACTIVE_OR_FAILED(ns)) ++ job_finish_and_invalidate(j, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false); ++ } ++ } ++ ++ break; ++ ++ case JOB_STOP: ++ case JOB_RESTART: ++ case JOB_TRY_RESTART: ++ ++ if (UNIT_IS_INACTIVE_OR_FAILED(ns)) ++ job_finish_and_invalidate(j, JOB_DONE, true, false); ++ else if (j->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) { ++ unexpected = true; ++ job_finish_and_invalidate(j, JOB_FAILED, true, false); ++ } ++ ++ break; ++ ++ default: ++ assert_not_reached("Job type unknown"); ++ } ++ ++ return unexpected; ++} ++ + void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_success) { + Manager *m; +- bool unexpected; + + assert(u); + assert(os < _UNIT_ACTIVE_STATE_MAX); +@@ -2367,74 +2435,18 @@ void unit_notify(Unit *u, UnitActiveStat + + unit_update_on_console(u); + +- if (u->job) { +- unexpected = false; +- +- if (u->job->state == JOB_WAITING) +- +- /* So we reached a different state for this +- * job. Let's see if we can run it now if it +- * failed previously due to EAGAIN. */ +- job_add_to_run_queue(u->job); +- +- /* Let's check whether this state change constitutes a +- * finished job, or maybe contradicts a running job and +- * hence needs to invalidate jobs. */ +- +- switch (u->job->type) { +- +- case JOB_START: +- case JOB_VERIFY_ACTIVE: +- +- if (UNIT_IS_ACTIVE_OR_RELOADING(ns)) +- job_finish_and_invalidate(u->job, JOB_DONE, true, false); +- else if (u->job->state == JOB_RUNNING && ns != UNIT_ACTIVATING) { +- unexpected = true; +- +- if (UNIT_IS_INACTIVE_OR_FAILED(ns)) +- job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false); +- } +- +- break; +- +- case JOB_RELOAD: +- case JOB_RELOAD_OR_START: +- case JOB_TRY_RELOAD: +- +- if (u->job->state == JOB_RUNNING) { +- if (ns == UNIT_ACTIVE) +- job_finish_and_invalidate(u->job, reload_success ? JOB_DONE : JOB_FAILED, true, false); +- else if (!IN_SET(ns, UNIT_ACTIVATING, UNIT_RELOADING)) { +- unexpected = true; +- +- if (UNIT_IS_INACTIVE_OR_FAILED(ns)) +- job_finish_and_invalidate(u->job, ns == UNIT_FAILED ? JOB_FAILED : JOB_DONE, true, false); +- } +- } +- +- break; +- +- case JOB_STOP: +- case JOB_RESTART: +- case JOB_TRY_RESTART: +- +- if (UNIT_IS_INACTIVE_OR_FAILED(ns)) +- job_finish_and_invalidate(u->job, JOB_DONE, true, false); +- else if (u->job->state == JOB_RUNNING && ns != UNIT_DEACTIVATING) { +- unexpected = true; +- job_finish_and_invalidate(u->job, JOB_FAILED, true, false); +- } +- +- break; ++ if (!MANAGER_IS_RELOADING(m)) { ++ bool unexpected; + +- default: +- assert_not_reached("Job type unknown"); +- } ++ /* Let's propagate state changes to the job */ ++ if (u->job) ++ unexpected = unit_process_job(u->job, ns, reload_success); ++ else ++ unexpected = true; + +- } else +- unexpected = true; +- +- if (!MANAGER_IS_RELOADING(m)) { ++ /* If this state change happened without being requested by a job, then let's retroactively start or ++ * stop dependencies. We skip that step when deserializing, since we don't want to create any ++ * additional jobs just because something is already activated. */ + + /* If this state change happened without being + * requested by a job, then let's retroactively start +@@ -3332,6 +3344,29 @@ void unit_serialize_item_format(Unit *u, + fputc('\n', f); + } + ++static int unit_deserialize_job(Unit *u, FILE *f) { ++ _cleanup_(job_freep) Job *j = NULL; ++ int r; ++ ++ assert(u); ++ assert(f); ++ ++ j = job_new_raw(u); ++ if (!j) ++ return log_oom(); ++ ++ r = job_deserialize(j, f); ++ if (r < 0) ++ return r; ++ ++ r = job_install_deserialized(j); ++ if (r < 0) ++ return r; ++ ++ TAKE_PTR(j); ++ return 0; ++} ++ + int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { + ExecRuntime **rt = NULL; + size_t offset; +@@ -3371,32 +3406,11 @@ int unit_deserialize(Unit *u, FILE *f, F + + if (streq(l, "job")) { + if (v[0] == '\0') { +- /* new-style serialized job */ +- Job *j; +- +- j = job_new_raw(u); +- if (!j) +- return log_oom(); +- +- r = job_deserialize(j, f); +- if (r < 0) { +- job_free(j); +- return r; +- } +- +- r = hashmap_put(u->manager->jobs, UINT32_TO_PTR(j->id), j); +- if (r < 0) { +- job_free(j); +- return r; +- } +- +- r = job_install_deserialized(j); +- if (r < 0) { +- hashmap_remove(u->manager->jobs, UINT32_TO_PTR(j->id)); +- job_free(j); ++ /* New-style serialized job */ ++ r = unit_deserialize_job(u, f); ++ if (r < 0) + return r; +- } +- } else /* legacy for pre-44 */ ++ } else /* Legacy for pre-44 */ + log_unit_warning(u, "Update from too old systemd versions are unsupported, cannot deserialize job: %s", v); + continue; + } else if (streq(l, "state-change-timestamp")) { diff -Nru systemd-237/debian/patches/hwdb-Use-wlan-keycode-for-all-Dell-systems-8762.patch systemd-237/debian/patches/hwdb-Use-wlan-keycode-for-all-Dell-systems-8762.patch --- systemd-237/debian/patches/hwdb-Use-wlan-keycode-for-all-Dell-systems-8762.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/hwdb-Use-wlan-keycode-for-all-Dell-systems-8762.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,31 @@ +From: Kai-Heng Feng +Date: Mon, 23 Apr 2018 16:23:03 +0800 +Subject: hwdb: Use wlan keycode for all Dell systems (#8762) + +Once the seat is acquired, gnome-settings-daemon (GSD) takes full +control of rfkill by sending RFKILL_IOCTL_NOINPUT ioctl to disable +rfkill control in kernel. + +Since GSD expects wlan keycode when the hotkey gets pressed, we should +change the "unknown" to "wlan" accordingly. + +Tested under both GNOME and KDE. + +(cherry picked from commit cab01e9ecf1c69656785e64f5fc94cd4ed09e57f) +--- + hwdb/60-keyboard.hwdb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hwdb/60-keyboard.hwdb b/hwdb/60-keyboard.hwdb +index a265f12..262e772 100644 +--- a/hwdb/60-keyboard.hwdb ++++ b/hwdb/60-keyboard.hwdb +@@ -263,7 +263,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pn* + KEYBOARD_KEY_85=brightnessdown # Fn+Down Brightness Down + KEYBOARD_KEY_86=brightnessup # Fn+Up Brightness Up + KEYBOARD_KEY_87=battery # Fn+F3 battery icon +- KEYBOARD_KEY_88=unknown # Fn+F2 Turn On/Off Wireless - handled in hardware ++ KEYBOARD_KEY_88=!wlan # Fn+(F2|PrtScr|Home) Turn On/Off Wireless + KEYBOARD_KEY_89=ejectclosecd # Fn+F10 Eject CD + KEYBOARD_KEY_8a=suspend # Fn+F1 hibernate + KEYBOARD_KEY_8b=switchvideomode # Fn+F8 CRT/LCD (high keycode: "displaytoggle") diff -Nru systemd-237/debian/patches/install-detect-masked-unit-with-drop-ins.patch systemd-237/debian/patches/install-detect-masked-unit-with-drop-ins.patch --- systemd-237/debian/patches/install-detect-masked-unit-with-drop-ins.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/install-detect-masked-unit-with-drop-ins.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,26 @@ +From: Filipe Brandenburger +Date: Thu, 1 Mar 2018 17:48:15 -0800 +Subject: install: detect masked unit with drop-ins + +Before this fix, a unit with drop-ins will not be reported as masked by +`systemctl is-enabled` or `systemctl list-unit-files`. + +(cherry picked from commit 9639b1752cf97eeee93d2a3dbc8531d6d4d4bc2e) +--- + src/shared/install.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 026aa32..9628ac6 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1461,6 +1461,9 @@ static int unit_file_search( + return -ENOENT; + } + ++ if (info->type == UNIT_FILE_TYPE_MASKED) ++ return result; ++ + /* Search for drop-in directories */ + + dropin_dir_name = strjoina(info->name, ".d"); diff -Nru systemd-237/debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch systemd-237/debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch --- systemd-237/debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/journal-do-not-remove-multiple-spaces-after-identifi.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,60 @@ +Description: journal: do not remove multiple spaces after identifier in + syslog message +Origin: upstream, https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 + +--- a/src/journal/journald-syslog.c ++++ b/src/journal/journald-syslog.c +@@ -237,7 +237,9 @@ + if (t) + *identifier = t; + +- e += strspn(p + e, WHITESPACE); ++ /* Single space is used as separator */ ++ if (p[e] != '\0' && strchr(WHITESPACE, p[e])) ++ e++; + + *buf = p + e; + return e; +--- a/src/journal/test-journal-syslog.c ++++ b/src/journal/test-journal-syslog.c +@@ -24,7 +24,7 @@ + #include "string-util.h" + + static void test_syslog_parse_identifier(const char *str, +- const char *ident, const char *pid, int ret) { ++ const char *ident, const char *pid, const char *rest, int ret) { + const char *buf = str; + _cleanup_free_ char *ident2 = NULL, *pid2 = NULL; + int ret2; +@@ -34,18 +34,22 @@ + assert_se(ret == ret2); + assert_se(ident == ident2 || streq_ptr(ident, ident2)); + assert_se(pid == pid2 || streq_ptr(pid, pid2)); ++ assert_se(streq(buf, rest)); + } + + int main(void) { +- test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", 11); +- test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 6); +- test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, 7); +- test_syslog_parse_identifier("pidu xxx", NULL, NULL, 0); +- test_syslog_parse_identifier(":", "", NULL, 1); +- test_syslog_parse_identifier(": ", "", NULL, 3); +- test_syslog_parse_identifier("pidu:", "pidu", NULL, 5); +- test_syslog_parse_identifier("pidu: ", "pidu", NULL, 6); +- test_syslog_parse_identifier("pidu : ", NULL, NULL, 0); ++ test_syslog_parse_identifier("pidu[111]: xxx", "pidu", "111", "xxx", 11); ++ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, "xxx", 6); ++ test_syslog_parse_identifier("pidu: xxx", "pidu", NULL, " xxx", 6); ++ test_syslog_parse_identifier("pidu xxx", NULL, NULL, "pidu xxx", 0); ++ test_syslog_parse_identifier(" pidu xxx", NULL, NULL, " pidu xxx", 0); ++ test_syslog_parse_identifier("", NULL, NULL, "", 0); ++ test_syslog_parse_identifier(" ", NULL, NULL, " ", 0); ++ test_syslog_parse_identifier(":", "", NULL, "", 1); ++ test_syslog_parse_identifier(": ", "", NULL, " ", 2); ++ test_syslog_parse_identifier("pidu:", "pidu", NULL, "", 5); ++ test_syslog_parse_identifier("pidu: ", "pidu", NULL, "", 6); ++ test_syslog_parse_identifier("pidu : ", NULL, NULL, "pidu : ", 0); + + return 0; + } diff -Nru systemd-237/debian/patches/l10n-Update-POTFILES.in-and-POTFILES.skip.patch systemd-237/debian/patches/l10n-Update-POTFILES.in-and-POTFILES.skip.patch --- systemd-237/debian/patches/l10n-Update-POTFILES.in-and-POTFILES.skip.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/l10n-Update-POTFILES.in-and-POTFILES.skip.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,52 @@ +From: Michael Biebl +Date: Fri, 16 Feb 2018 14:25:32 +0100 +Subject: l10n: Update POTFILES.in and POTFILES.skip + +We no longer use .in suffixes for .policy files. + +Follow-up for commit 9b3cff199dd3827a9f2df9a7f5874d6ef18880f2 and +70886abbde59a45cfabe0769c0cdb3af1e5f7790. + +(cherry picked from commit d4d4688122a228a90d39ac3bddf29d1bb33d9850) +--- + po/POTFILES.in | 16 ++++++++-------- + po/POTFILES.skip | 2 +- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index f610828..470829a 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -1,9 +1,9 @@ +-src/core/org.freedesktop.systemd1.policy.in.in +-src/hostname/org.freedesktop.hostname1.policy.in +-src/import/org.freedesktop.import1.policy.in +-src/locale/org.freedesktop.locale1.policy.in +-src/login/org.freedesktop.login1.policy.in +-src/machine/org.freedesktop.machine1.policy.in +-src/resolve/org.freedesktop.resolve1.policy.in +-src/timedate/org.freedesktop.timedate1.policy.in ++src/core/org.freedesktop.systemd1.policy.in ++src/hostname/org.freedesktop.hostname1.policy ++src/import/org.freedesktop.import1.policy ++src/locale/org.freedesktop.locale1.policy ++src/login/org.freedesktop.login1.policy ++src/machine/org.freedesktop.machine1.policy ++src/resolve/org.freedesktop.resolve1.policy ++src/timedate/org.freedesktop.timedate1.policy + src/core/dbus-unit.c +diff --git a/po/POTFILES.skip b/po/POTFILES.skip +index b56a998..e6ef4d7 100644 +--- a/po/POTFILES.skip ++++ b/po/POTFILES.skip +@@ -12,9 +12,9 @@ src/core/dbus-target.c + src/core/dbus-timer.c + src/core/dbus-unit.c + src/core/dbus-scope.c ++src/core/org.freedesktop.systemd1.policy + src/hostname/hostnamed.c + src/locale/localed.c +-src/core/org.freedesktop.systemd1.policy.in + src/timedate/timedated.c + units/user@.service.in + units/debug-shell.service.in diff -Nru systemd-237/debian/patches/l10n-update-POTFILES.in-8163.patch systemd-237/debian/patches/l10n-update-POTFILES.in-8163.patch --- systemd-237/debian/patches/l10n-update-POTFILES.in-8163.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/l10n-update-POTFILES.in-8163.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,20 @@ +From: AsciiWolf +Date: Tue, 13 Feb 2018 04:05:22 +0100 +Subject: l10n: update POTFILES.in (#8163) + +(cherry picked from commit 372771c8d32702f4930ca98a22ec4b27e2f9cfc7) +--- + po/POTFILES.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index f33c53f..f610828 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -4,5 +4,6 @@ src/import/org.freedesktop.import1.policy.in + src/locale/org.freedesktop.locale1.policy.in + src/login/org.freedesktop.login1.policy.in + src/machine/org.freedesktop.machine1.policy.in ++src/resolve/org.freedesktop.resolve1.policy.in + src/timedate/org.freedesktop.timedate1.policy.in + src/core/dbus-unit.c diff -Nru systemd-237/debian/patches/meson-drop-double-.in-suffix-for-o.fd.systemd1.policy-fil.patch systemd-237/debian/patches/meson-drop-double-.in-suffix-for-o.fd.systemd1.policy-fil.patch --- systemd-237/debian/patches/meson-drop-double-.in-suffix-for-o.fd.systemd1.policy-fil.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/meson-drop-double-.in-suffix-for-o.fd.systemd1.policy-fil.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,185 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Fri, 16 Feb 2018 12:37:42 +0100 +Subject: meson: drop double .in suffix for o.fd.systemd1.policy file + +This file is now undergoing just one transformation, so drop the unnecessary +suffix. + +(cherry picked from commit 70886abbde59a45cfabe0769c0cdb3af1e5f7790) +--- + src/core/meson.build | 2 +- + src/core/org.freedesktop.systemd1.policy.in | 72 ++++++++++++++++++++++++++ + src/core/org.freedesktop.systemd1.policy.in.in | 72 -------------------------- + 3 files changed, 73 insertions(+), 73 deletions(-) + create mode 100644 src/core/org.freedesktop.systemd1.policy.in + delete mode 100644 src/core/org.freedesktop.systemd1.policy.in.in + +diff --git a/src/core/meson.build b/src/core/meson.build +index c58893b..01706db 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -212,7 +212,7 @@ install_data('org.freedesktop.systemd1.service', + install_dir : dbussystemservicedir) + + policy = configure_file( +- input : 'org.freedesktop.systemd1.policy.in.in', ++ input : 'org.freedesktop.systemd1.policy.in', + output : 'org.freedesktop.systemd1.policy', + configuration : substs) + install_data(policy, +diff --git a/src/core/org.freedesktop.systemd1.policy.in b/src/core/org.freedesktop.systemd1.policy.in +new file mode 100644 +index 0000000..648221b +--- /dev/null ++++ b/src/core/org.freedesktop.systemd1.policy.in +@@ -0,0 +1,72 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Send passphrase back to system ++ Authentication is required to send the entered passphrase back to the system. ++ ++ no ++ no ++ auth_admin_keep ++ ++ @rootlibexecdir@/systemd-reply-password ++ ++ ++ ++ Manage system services or other units ++ Authentication is required to manage system services or other units. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Manage system service or unit files ++ Authentication is required to manage system service or unit files. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Set or unset system and service manager environment variables ++ Authentication is required to set or unset system and service manager environment variables. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Reload the systemd state ++ Authentication is required to reload the systemd state. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/core/org.freedesktop.systemd1.policy.in.in b/src/core/org.freedesktop.systemd1.policy.in.in +deleted file mode 100644 +index 648221b..0000000 +--- a/src/core/org.freedesktop.systemd1.policy.in.in ++++ /dev/null +@@ -1,72 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Send passphrase back to system +- Authentication is required to send the entered passphrase back to the system. +- +- no +- no +- auth_admin_keep +- +- @rootlibexecdir@/systemd-reply-password +- +- +- +- Manage system services or other units +- Authentication is required to manage system services or other units. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Manage system service or unit files +- Authentication is required to manage system service or unit files. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Set or unset system and service manager environment variables +- Authentication is required to set or unset system and service manager environment variables. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Reload the systemd state +- Authentication is required to reload the systemd state. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- diff -Nru systemd-237/debian/patches/meson-drop-unnecessary-transformation-of-policy-files.patch systemd-237/debian/patches/meson-drop-unnecessary-transformation-of-policy-files.patch --- systemd-237/debian/patches/meson-drop-unnecessary-transformation-of-policy-files.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/meson-drop-unnecessary-transformation-of-policy-files.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,1695 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Fri, 16 Feb 2018 12:48:55 +0100 +Subject: meson: drop unnecessary "transformation" of policy files + +Those files don't contain any @variables@, so the configuration step was just +copying them to build/. Let's avoid that, and fix their suffixes while at it. + +(cherry picked from commit 9b3cff199dd3827a9f2df9a7f5874d6ef18880f2) +--- + src/hostname/meson.build | 7 +- + src/hostname/org.freedesktop.hostname1.policy | 52 ++++ + src/hostname/org.freedesktop.hostname1.policy.in | 52 ---- + src/import/meson.build | 7 +- + src/import/org.freedesktop.import1.policy | 51 ++++ + src/import/org.freedesktop.import1.policy.in | 51 ---- + src/locale/meson.build | 7 +- + src/locale/org.freedesktop.locale1.policy | 42 +++ + src/locale/org.freedesktop.locale1.policy.in | 42 --- + src/login/meson.build | 7 +- + src/login/org.freedesktop.login1.policy | 360 +++++++++++++++++++++++ + src/login/org.freedesktop.login1.policy.in | 360 ----------------------- + src/machine/meson.build | 7 +- + src/machine/org.freedesktop.machine1.policy | 104 +++++++ + src/machine/org.freedesktop.machine1.policy.in | 104 ------- + src/resolve/meson.build | 9 +- + src/resolve/org.freedesktop.resolve1.policy | 43 +++ + src/resolve/org.freedesktop.resolve1.policy.in | 43 --- + src/timedate/meson.build | 7 +- + src/timedate/org.freedesktop.timedate1.policy | 64 ++++ + src/timedate/org.freedesktop.timedate1.policy.in | 64 ---- + 21 files changed, 724 insertions(+), 759 deletions(-) + create mode 100644 src/hostname/org.freedesktop.hostname1.policy + delete mode 100644 src/hostname/org.freedesktop.hostname1.policy.in + create mode 100644 src/import/org.freedesktop.import1.policy + delete mode 100644 src/import/org.freedesktop.import1.policy.in + create mode 100644 src/locale/org.freedesktop.locale1.policy + delete mode 100644 src/locale/org.freedesktop.locale1.policy.in + create mode 100644 src/login/org.freedesktop.login1.policy + delete mode 100644 src/login/org.freedesktop.login1.policy.in + create mode 100644 src/machine/org.freedesktop.machine1.policy + delete mode 100644 src/machine/org.freedesktop.machine1.policy.in + create mode 100644 src/resolve/org.freedesktop.resolve1.policy + delete mode 100644 src/resolve/org.freedesktop.resolve1.policy.in + create mode 100644 src/timedate/org.freedesktop.timedate1.policy + delete mode 100644 src/timedate/org.freedesktop.timedate1.policy.in + +diff --git a/src/hostname/meson.build b/src/hostname/meson.build +index c35c668..1ab9271 100644 +--- a/src/hostname/meson.build ++++ b/src/hostname/meson.build +@@ -20,11 +20,6 @@ if conf.get('ENABLE_HOSTNAMED') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.hostname1.service', + install_dir : dbussystemservicedir) +- +- policy = configure_file( +- input : 'org.freedesktop.hostname1.policy.in', +- output : 'org.freedesktop.hostname1.policy', +- configuration : substs) +- install_data(policy, ++ install_data('org.freedesktop.hostname1.policy', + install_dir : polkitpolicydir) + endif +diff --git a/src/hostname/org.freedesktop.hostname1.policy b/src/hostname/org.freedesktop.hostname1.policy +new file mode 100644 +index 0000000..4ac82c6 +--- /dev/null ++++ b/src/hostname/org.freedesktop.hostname1.policy +@@ -0,0 +1,52 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Set host name ++ Authentication is required to set the local host name. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Set static host name ++ Authentication is required to set the statically configured local host name, as well as the pretty host name. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.hostname1.set-hostname org.freedesktop.hostname1.set-machine-info ++ ++ ++ ++ Set machine information ++ Authentication is required to set local machine information. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/hostname/org.freedesktop.hostname1.policy.in b/src/hostname/org.freedesktop.hostname1.policy.in +deleted file mode 100644 +index 4ac82c6..0000000 +--- a/src/hostname/org.freedesktop.hostname1.policy.in ++++ /dev/null +@@ -1,52 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Set host name +- Authentication is required to set the local host name. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Set static host name +- Authentication is required to set the statically configured local host name, as well as the pretty host name. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.hostname1.set-hostname org.freedesktop.hostname1.set-machine-info +- +- +- +- Set machine information +- Authentication is required to set local machine information. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +diff --git a/src/import/meson.build b/src/import/meson.build +index e5088b3..975afc6 100644 +--- a/src/import/meson.build ++++ b/src/import/meson.build +@@ -70,12 +70,7 @@ if conf.get('ENABLE_IMPORTD') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.import1.service', + install_dir : dbussystemservicedir) +- +- policy = configure_file( +- input : 'org.freedesktop.import1.policy.in', +- output : 'org.freedesktop.import1.policy', +- configuration : substs) +- install_data(policy, ++ install_data('org.freedesktop.import1.policy', + install_dir : polkitpolicydir) + + install_data('import-pubring.gpg', +diff --git a/src/import/org.freedesktop.import1.policy b/src/import/org.freedesktop.import1.policy +new file mode 100644 +index 0000000..beea5fe +--- /dev/null ++++ b/src/import/org.freedesktop.import1.policy +@@ -0,0 +1,51 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Import a VM or container image ++ Authentication is required to import a VM or container image ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Export a VM or container image ++ Authentication is required to export a VM or container image ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Download a VM or container image ++ Authentication is required to download a VM or container image ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/import/org.freedesktop.import1.policy.in b/src/import/org.freedesktop.import1.policy.in +deleted file mode 100644 +index beea5fe..0000000 +--- a/src/import/org.freedesktop.import1.policy.in ++++ /dev/null +@@ -1,51 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Import a VM or container image +- Authentication is required to import a VM or container image +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Export a VM or container image +- Authentication is required to export a VM or container image +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Download a VM or container image +- Authentication is required to download a VM or container image +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +diff --git a/src/locale/meson.build b/src/locale/meson.build +index 30882cc..6b85f6b 100644 +--- a/src/locale/meson.build ++++ b/src/locale/meson.build +@@ -28,12 +28,7 @@ if conf.get('ENABLE_LOCALED') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.locale1.service', + install_dir : dbussystemservicedir) +- +- policy = configure_file( +- input : 'org.freedesktop.locale1.policy.in', +- output : 'org.freedesktop.locale1.policy', +- configuration : substs) +- install_data(policy, ++ install_data('org.freedesktop.locale1.policy', + install_dir : polkitpolicydir) + endif + +diff --git a/src/locale/org.freedesktop.locale1.policy b/src/locale/org.freedesktop.locale1.policy +new file mode 100644 +index 0000000..f924174 +--- /dev/null ++++ b/src/locale/org.freedesktop.locale1.policy +@@ -0,0 +1,42 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Set system locale ++ Authentication is required to set the system locale. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.locale1.set-keyboard ++ ++ ++ ++ Set system keyboard settings ++ Authentication is required to set the system keyboard settings. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/locale/org.freedesktop.locale1.policy.in b/src/locale/org.freedesktop.locale1.policy.in +deleted file mode 100644 +index f924174..0000000 +--- a/src/locale/org.freedesktop.locale1.policy.in ++++ /dev/null +@@ -1,42 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Set system locale +- Authentication is required to set the system locale. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.locale1.set-keyboard +- +- +- +- Set system keyboard settings +- Authentication is required to set the system keyboard settings. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +diff --git a/src/login/meson.build b/src/login/meson.build +index 599c44e..5b75382 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -87,12 +87,7 @@ if conf.get('ENABLE_LOGIND') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.login1.service', + install_dir : dbussystemservicedir) +- +- policy = configure_file( +- input : 'org.freedesktop.login1.policy.in', +- output : 'org.freedesktop.login1.policy', +- configuration : substs) +- install_data(policy, ++ install_data('org.freedesktop.login1.policy', + install_dir : polkitpolicydir) + + install_data('70-power-switch.rules', install_dir : udevrulesdir) +diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy +new file mode 100644 +index 0000000..f1d1f95 +--- /dev/null ++++ b/src/login/org.freedesktop.login1.policy +@@ -0,0 +1,360 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Allow applications to inhibit system shutdown ++ Authentication is required for an application to inhibit system shutdown. ++ ++ no ++ yes ++ yes ++ ++ org.freedesktop.login1.inhibit-delay-shutdown org.freedesktop.login1.inhibit-block-sleep org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle ++ ++ ++ ++ Allow applications to delay system shutdown ++ Authentication is required for an application to delay system shutdown. ++ ++ yes ++ yes ++ yes ++ ++ org.freedesktop.login1.inhibit-delay-sleep ++ ++ ++ ++ Allow applications to inhibit system sleep ++ Authentication is required for an application to inhibit system sleep. ++ ++ no ++ yes ++ yes ++ ++ org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle ++ ++ ++ ++ Allow applications to delay system sleep ++ Authentication is required for an application to delay system sleep. ++ ++ yes ++ yes ++ yes ++ ++ ++ ++ ++ Allow applications to inhibit automatic system suspend ++ Authentication is required for an application to inhibit automatic system suspend. ++ ++ yes ++ yes ++ yes ++ ++ ++ ++ ++ Allow applications to inhibit system handling of the power key ++ Authentication is required for an application to inhibit system handling of the power key. ++ ++ no ++ yes ++ yes ++ ++ org.freedesktop.login1.inhibit-handle-suspend-key org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch ++ ++ ++ ++ Allow applications to inhibit system handling of the suspend key ++ Authentication is required for an application to inhibit system handling of the suspend key. ++ ++ no ++ yes ++ yes ++ ++ org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch ++ ++ ++ ++ Allow applications to inhibit system handling of the hibernate key ++ Authentication is required for an application to inhibit system handling of the hibernate key. ++ ++ no ++ yes ++ yes ++ ++ ++ ++ ++ Allow applications to inhibit system handling of the lid switch ++ Authentication is required for an application to inhibit system handling of the lid switch. ++ ++ no ++ yes ++ yes ++ ++ ++ ++ ++ Allow non-logged-in user to run programs ++ Explicit request is required to run programs as a non-logged-in user. ++ ++ yes ++ yes ++ yes ++ ++ ++ ++ ++ Allow non-logged-in users to run programs ++ Authentication is required to run programs as a non-logged-in user. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Allow attaching devices to seats ++ Authentication is required for attaching a device to a seat. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.flush-devices ++ ++ ++ ++ Flush device to seat attachments ++ Authentication is required for resetting how devices are attached to seats. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Power off the system ++ Authentication is required for powering off the system. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ org.freedesktop.login1.set-wall-message ++ ++ ++ ++ Power off the system while other users are logged in ++ Authentication is required for powering off the system while other users are logged in. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ org.freedesktop.login1.power-off ++ ++ ++ ++ Power off the system while an application asked to inhibit it ++ Authentication is required for powering off the system while an application asked to inhibit it. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.power-off ++ ++ ++ ++ Reboot the system ++ Authentication is required for rebooting the system. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ org.freedesktop.login1.set-wall-message ++ ++ ++ ++ Reboot the system while other users are logged in ++ Authentication is required for rebooting the system while other users are logged in. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ org.freedesktop.login1.reboot ++ ++ ++ ++ Reboot the system while an application asked to inhibit it ++ Authentication is required for rebooting the system while an application asked to inhibit it. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.reboot ++ ++ ++ ++ Halt the system ++ Authentication is required for halting the system. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.set-wall-message ++ ++ ++ ++ Halt the system while other users are logged in ++ Authentication is required for halting the system while other users are logged in. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.halt ++ ++ ++ ++ Halt the system while an application asked to inhibit it ++ Authentication is required for halting the system while an application asked to inhibit it. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.halt ++ ++ ++ ++ Suspend the system ++ Authentication is required for suspending the system. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ ++ ++ ++ Suspend the system while other users are logged in ++ Authentication is required for suspending the system while other users are logged in. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ org.freedesktop.login1.suspend ++ ++ ++ ++ Suspend the system while an application asked to inhibit it ++ Authentication is required for suspending the system while an application asked to inhibit it. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.suspend ++ ++ ++ ++ Hibernate the system ++ Authentication is required for hibernating the system. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ ++ ++ ++ Hibernate the system while other users are logged in ++ Authentication is required for hibernating the system while other users are logged in. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ org.freedesktop.login1.hibernate ++ ++ ++ ++ Hibernate the system while an application asked to inhibit it ++ Authentication is required for hibernating the system while an application asked to inhibit it. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.login1.hibernate ++ ++ ++ ++ Manage active sessions, users and seats ++ Authentication is required for managing active sessions, users and seats. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Lock or unlock active sessions ++ Authentication is required to lock or unlock active sessions. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Allow indication to the firmware to boot to setup interface ++ Authentication is required to indicate to the firmware to boot to setup interface. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Set a wall message ++ Authentication is required to set a wall message ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/login/org.freedesktop.login1.policy.in b/src/login/org.freedesktop.login1.policy.in +deleted file mode 100644 +index f1d1f95..0000000 +--- a/src/login/org.freedesktop.login1.policy.in ++++ /dev/null +@@ -1,360 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Allow applications to inhibit system shutdown +- Authentication is required for an application to inhibit system shutdown. +- +- no +- yes +- yes +- +- org.freedesktop.login1.inhibit-delay-shutdown org.freedesktop.login1.inhibit-block-sleep org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle +- +- +- +- Allow applications to delay system shutdown +- Authentication is required for an application to delay system shutdown. +- +- yes +- yes +- yes +- +- org.freedesktop.login1.inhibit-delay-sleep +- +- +- +- Allow applications to inhibit system sleep +- Authentication is required for an application to inhibit system sleep. +- +- no +- yes +- yes +- +- org.freedesktop.login1.inhibit-delay-sleep org.freedesktop.login1.inhibit-block-idle +- +- +- +- Allow applications to delay system sleep +- Authentication is required for an application to delay system sleep. +- +- yes +- yes +- yes +- +- +- +- +- Allow applications to inhibit automatic system suspend +- Authentication is required for an application to inhibit automatic system suspend. +- +- yes +- yes +- yes +- +- +- +- +- Allow applications to inhibit system handling of the power key +- Authentication is required for an application to inhibit system handling of the power key. +- +- no +- yes +- yes +- +- org.freedesktop.login1.inhibit-handle-suspend-key org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch +- +- +- +- Allow applications to inhibit system handling of the suspend key +- Authentication is required for an application to inhibit system handling of the suspend key. +- +- no +- yes +- yes +- +- org.freedesktop.login1.inhibit-handle-hibernate-key org.freedesktop.login1.inhibit-handle-lid-switch +- +- +- +- Allow applications to inhibit system handling of the hibernate key +- Authentication is required for an application to inhibit system handling of the hibernate key. +- +- no +- yes +- yes +- +- +- +- +- Allow applications to inhibit system handling of the lid switch +- Authentication is required for an application to inhibit system handling of the lid switch. +- +- no +- yes +- yes +- +- +- +- +- Allow non-logged-in user to run programs +- Explicit request is required to run programs as a non-logged-in user. +- +- yes +- yes +- yes +- +- +- +- +- Allow non-logged-in users to run programs +- Authentication is required to run programs as a non-logged-in user. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Allow attaching devices to seats +- Authentication is required for attaching a device to a seat. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.flush-devices +- +- +- +- Flush device to seat attachments +- Authentication is required for resetting how devices are attached to seats. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Power off the system +- Authentication is required for powering off the system. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.set-wall-message +- +- +- +- Power off the system while other users are logged in +- Authentication is required for powering off the system while other users are logged in. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.power-off +- +- +- +- Power off the system while an application asked to inhibit it +- Authentication is required for powering off the system while an application asked to inhibit it. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.power-off +- +- +- +- Reboot the system +- Authentication is required for rebooting the system. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.set-wall-message +- +- +- +- Reboot the system while other users are logged in +- Authentication is required for rebooting the system while other users are logged in. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.reboot +- +- +- +- Reboot the system while an application asked to inhibit it +- Authentication is required for rebooting the system while an application asked to inhibit it. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.reboot +- +- +- +- Halt the system +- Authentication is required for halting the system. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.set-wall-message +- +- +- +- Halt the system while other users are logged in +- Authentication is required for halting the system while other users are logged in. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.halt +- +- +- +- Halt the system while an application asked to inhibit it +- Authentication is required for halting the system while an application asked to inhibit it. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.halt +- +- +- +- Suspend the system +- Authentication is required for suspending the system. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- +- +- +- Suspend the system while other users are logged in +- Authentication is required for suspending the system while other users are logged in. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.suspend +- +- +- +- Suspend the system while an application asked to inhibit it +- Authentication is required for suspending the system while an application asked to inhibit it. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.suspend +- +- +- +- Hibernate the system +- Authentication is required for hibernating the system. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- +- +- +- Hibernate the system while other users are logged in +- Authentication is required for hibernating the system while other users are logged in. +- +- auth_admin_keep +- auth_admin_keep +- yes +- +- org.freedesktop.login1.hibernate +- +- +- +- Hibernate the system while an application asked to inhibit it +- Authentication is required for hibernating the system while an application asked to inhibit it. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.login1.hibernate +- +- +- +- Manage active sessions, users and seats +- Authentication is required for managing active sessions, users and seats. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Lock or unlock active sessions +- Authentication is required to lock or unlock active sessions. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Allow indication to the firmware to boot to setup interface +- Authentication is required to indicate to the firmware to boot to setup interface. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Set a wall message +- Authentication is required to set a wall message +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +diff --git a/src/machine/meson.build b/src/machine/meson.build +index 0f2944c..b530ca6 100644 +--- a/src/machine/meson.build ++++ b/src/machine/meson.build +@@ -43,12 +43,7 @@ if conf.get('ENABLE_MACHINED') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.machine1.service', + install_dir : dbussystemservicedir) +- +- policy = configure_file( +- input : 'org.freedesktop.machine1.policy.in', +- output : 'org.freedesktop.machine1.policy', +- configuration : substs) +- install_data(policy, ++ install_data('org.freedesktop.machine1.policy', + install_dir : polkitpolicydir) + endif + +diff --git a/src/machine/org.freedesktop.machine1.policy b/src/machine/org.freedesktop.machine1.policy +new file mode 100644 +index 0000000..039c3d4 +--- /dev/null ++++ b/src/machine/org.freedesktop.machine1.policy +@@ -0,0 +1,104 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Log into a local container ++ Authentication is required to log into a local container. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Log into the local host ++ Authentication is required to log into the local host. ++ ++ auth_admin ++ auth_admin ++ yes ++ ++ ++ ++ ++ Acquire a shell in a local container ++ Authentication is required to acquire a shell in a local container. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ org.freedesktop.login1.login ++ ++ ++ ++ Acquire a shell on the local host ++ Authentication is required to acquire a shell on the local host. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ org.freedesktop.login1.host-login ++ ++ ++ ++ Acquire a pseudo TTY in a local container ++ Authentication is required to acquire a pseudo TTY in a local container. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Acquire a pseudo TTY on the local host ++ Authentication is required to acquire a pseudo TTY on the local host. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ ++ Manage local virtual machines and containers ++ Authentication is required to manage local virtual machines and containers. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ org.freedesktop.login1.shell org.freedesktop.login1.login ++ ++ ++ ++ Manage local virtual machine and container images ++ Authentication is required to manage local virtual machine and container images. ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/machine/org.freedesktop.machine1.policy.in b/src/machine/org.freedesktop.machine1.policy.in +deleted file mode 100644 +index 039c3d4..0000000 +--- a/src/machine/org.freedesktop.machine1.policy.in ++++ /dev/null +@@ -1,104 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Log into a local container +- Authentication is required to log into a local container. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Log into the local host +- Authentication is required to log into the local host. +- +- auth_admin +- auth_admin +- yes +- +- +- +- +- Acquire a shell in a local container +- Authentication is required to acquire a shell in a local container. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- org.freedesktop.login1.login +- +- +- +- Acquire a shell on the local host +- Authentication is required to acquire a shell on the local host. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- org.freedesktop.login1.host-login +- +- +- +- Acquire a pseudo TTY in a local container +- Authentication is required to acquire a pseudo TTY in a local container. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Acquire a pseudo TTY on the local host +- Authentication is required to acquire a pseudo TTY on the local host. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +- Manage local virtual machines and containers +- Authentication is required to manage local virtual machines and containers. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- org.freedesktop.login1.shell org.freedesktop.login1.login +- +- +- +- Manage local virtual machine and container images +- Authentication is required to manage local virtual machine and container images. +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- +- +- +diff --git a/src/resolve/meson.build b/src/resolve/meson.build +index 7e7876d..16ba83e 100644 +--- a/src/resolve/meson.build ++++ b/src/resolve/meson.build +@@ -154,6 +154,8 @@ if conf.get('ENABLE_RESOLVE') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.resolve1.service', + install_dir : dbussystemservicedir) ++ install_data('org.freedesktop.resolve1.policy', ++ install_dir : polkitpolicydir) + + resolved_conf = configure_file( + input : 'resolved.conf.in', +@@ -164,13 +166,6 @@ if conf.get('ENABLE_RESOLVE') == 1 + + install_data('resolv.conf', + install_dir : rootlibexecdir) +- +- policy = configure_file( +- input : 'org.freedesktop.resolve1.policy.in', +- output : 'org.freedesktop.resolve1.policy', +- configuration : substs) +- install_data(policy, +- install_dir : polkitpolicydir) + endif + + tests += [ +diff --git a/src/resolve/org.freedesktop.resolve1.policy b/src/resolve/org.freedesktop.resolve1.policy +new file mode 100644 +index 0000000..b65ba3e +--- /dev/null ++++ b/src/resolve/org.freedesktop.resolve1.policy +@@ -0,0 +1,43 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Register a DNS-SD service ++ Authentication is required to register a DNS-SD service ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ unix-user:systemd-resolve ++ ++ ++ ++ Unregister a DNS-SD service ++ Authentication is required to unregister a DNS-SD service ++ ++ auth_admin ++ auth_admin ++ auth_admin_keep ++ ++ unix-user:systemd-resolve ++ ++ ++ +diff --git a/src/resolve/org.freedesktop.resolve1.policy.in b/src/resolve/org.freedesktop.resolve1.policy.in +deleted file mode 100644 +index b65ba3e..0000000 +--- a/src/resolve/org.freedesktop.resolve1.policy.in ++++ /dev/null +@@ -1,43 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Register a DNS-SD service +- Authentication is required to register a DNS-SD service +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- unix-user:systemd-resolve +- +- +- +- Unregister a DNS-SD service +- Authentication is required to unregister a DNS-SD service +- +- auth_admin +- auth_admin +- auth_admin_keep +- +- unix-user:systemd-resolve +- +- +- +diff --git a/src/timedate/meson.build b/src/timedate/meson.build +index 6892596..87482c0 100644 +--- a/src/timedate/meson.build ++++ b/src/timedate/meson.build +@@ -20,11 +20,6 @@ if conf.get('ENABLE_TIMEDATED') == 1 + install_dir : dbuspolicydir) + install_data('org.freedesktop.timedate1.service', + install_dir : dbussystemservicedir) +- +- policy = configure_file( +- input : 'org.freedesktop.timedate1.policy.in', +- output : 'org.freedesktop.timedate1.policy', +- configuration : substs) +- install_data(policy, ++ install_data('org.freedesktop.timedate1.policy', + install_dir : polkitpolicydir) + endif +diff --git a/src/timedate/org.freedesktop.timedate1.policy b/src/timedate/org.freedesktop.timedate1.policy +new file mode 100644 +index 0000000..d488572 +--- /dev/null ++++ b/src/timedate/org.freedesktop.timedate1.policy +@@ -0,0 +1,64 @@ ++ ++ ++ ++ ++ ++ ++ ++ The systemd Project ++ http://www.freedesktop.org/wiki/Software/systemd ++ ++ ++ Set system time ++ Authentication is required to set the system time. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ org.freedesktop.timedate1.set-timezone org.freedesktop.timedate1.set-ntp ++ ++ ++ ++ Set system timezone ++ Authentication is required to set the system timezone. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Set RTC to local timezone or UTC ++ Authentication is required to control whether ++ the RTC stores the local or UTC time. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ ++ Turn network time synchronization on or off ++ Authentication is required to control whether ++ network time synchronization shall be enabled. ++ ++ auth_admin_keep ++ auth_admin_keep ++ auth_admin_keep ++ ++ ++ ++ +diff --git a/src/timedate/org.freedesktop.timedate1.policy.in b/src/timedate/org.freedesktop.timedate1.policy.in +deleted file mode 100644 +index d488572..0000000 +--- a/src/timedate/org.freedesktop.timedate1.policy.in ++++ /dev/null +@@ -1,64 +0,0 @@ +- +- +- +- +- +- +- +- The systemd Project +- http://www.freedesktop.org/wiki/Software/systemd +- +- +- Set system time +- Authentication is required to set the system time. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- org.freedesktop.timedate1.set-timezone org.freedesktop.timedate1.set-ntp +- +- +- +- Set system timezone +- Authentication is required to set the system timezone. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Set RTC to local timezone or UTC +- Authentication is required to control whether +- the RTC stores the local or UTC time. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- +- Turn network time synchronization on or off +- Authentication is required to control whether +- network time synchronization shall be enabled. +- +- auth_admin_keep +- auth_admin_keep +- auth_admin_keep +- +- +- +- diff -Nru systemd-237/debian/patches/meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch systemd-237/debian/patches/meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch --- systemd-237/debian/patches/meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,37 @@ +From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= +Date: Sun, 18 Feb 2018 17:39:08 +0100 +Subject: meson: fix systemd-pot target when polkit-devel is not installed + +To successfully extract strings from our .policy files, gettext needs +polkit.{its,loc} files provided by policykit-devel. When that package is not +installed, systemd-pot would fail to extract strings: + +[0/1] Running external command systemd-pot. +xgettext: warning: file 'src/core/org.freedesktop.systemd1.policy.in.in' extension 'policy' is unknown; will try C +xgettext: warning: file 'src/hostname/org.freedesktop.hostname1.policy.in' extension 'policy' is unknown; will try C +... + +We now don't need the .its and .loc files for normal building, but they are +still useful when generating the .pot file, because that way we avoid the +dependency on sufficiently new polkit. We just need to tell i18n to pass their +location to xgettext. + +(cherry picked from commit b0faead2501cd539767dc11d098c08f5730224ff) +--- + po/meson.build | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/po/meson.build b/po/meson.build +index 7ba08fb..01ab7a3 100644 +--- a/po/meson.build ++++ b/po/meson.build +@@ -16,6 +16,6 @@ + # along with systemd; If not, see . + + i18n = import('i18n') +-i18n.gettext(meson.project_name(), preset: 'glib') +- +-po_dir = meson.current_source_dir() ++i18n.gettext(meson.project_name(), ++ preset : 'glib', ++ data_dirs : '.') diff -Nru systemd-237/debian/patches/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch systemd-237/debian/patches/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch --- systemd-237/debian/patches/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,37 @@ +From: Tore Anderson +Date: Mon, 17 Dec 2018 09:15:59 +0100 +Subject: [PATCH] resolve: enable EDNS0 towards the 127.0.0.53 stub resolver + +This appears to be necessary for client software to ensure the reponse data +is validated with DNSSEC. For example, `ssh -v -o VerifyHostKeyDNS=yes -o +StrictHostKeyChecking=yes redpilllinpro01.ring.nlnog.net` fails if EDNS0 is +not enabled. The debugging output reveals that the `SSHFP` records were +found in DNS, but were considered insecure. + +Note that the patch intentionally does *not* enable EDNS0 in the +`/run/systemd/resolve/resolv.conf` file (the one that contains `nameserver` +entries for the upstream DNS servers), as it is impossible to know for +certain that all the upstream DNS servers handles EDNS0 correctly. + +Origin: https://github.com/systemd/systemd/commit/93158c77bc69fde7cf5cff733617631c1e566fe8 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1811471 + +--- a/src/resolve/resolv.conf ++++ b/src/resolve/resolv.conf +@@ -15,3 +15,4 @@ + # operation for /etc/resolv.conf. + + nameserver 127.0.0.53 ++options edns0 +--- a/src/resolve/resolved-resolv-conf.c ++++ b/src/resolve/resolved-resolv-conf.c +@@ -286,7 +286,8 @@ + "# See man:systemd-resolved.service(8) for details about the supported modes of\n" + "# operation for /etc/resolv.conf.\n" + "\n" +- "nameserver 127.0.0.53\n", f); ++ "nameserver 127.0.0.53\n" ++ "options edns0\n", f); + + if (!ordered_set_isempty(domains)) + write_resolv_conf_search(domains, f); diff -Nru systemd-237/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch systemd-237/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch --- systemd-237/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/resolved-Increase-size-of-TCP-stub-replies.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,35 @@ +From: Victor Tapia +Date: Wed, 21 Nov 2018 14:01:04 +0100 +Subject: [PATCH] resolved: Increase size of TCP stub replies + +DNS_PACKET_PAYLOAD_SIZE_MAX is limiting the size of the stub replies to +512 with EDNS off or 4096 with EDNS on, without checking the protocol +used. This makes TCP replies for clients without EDNS support to be +limited to 512, making the truncate flag useless if the query result is +bigger than 512 bytes. + +This commit increases the size of TCP replies to DNS_PACKET_SIZE_MAX + +Bug: https://github.com/systemd/systemd/issues/10816 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915049 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1804487 +Origin: upstream, https://github.com/systemd/systemd/commit/e6eed9445956cfa496e1db933bfd3530db23bfce + +--- a/src/resolve/resolved-dns-packet.h ++++ b/src/resolve/resolved-dns-packet.h +@@ -136,11 +136,14 @@ + + static inline uint16_t DNS_PACKET_PAYLOAD_SIZE_MAX(DnsPacket *p) { + +- /* Returns the advertised maximum datagram size for replies, or the DNS default if there's nothing defined. */ ++ /* Returns the advertised maximum size for replies, or the DNS default if there's nothing defined. */ + + if (p->opt) + return MAX(DNS_PACKET_UNICAST_SIZE_MAX, p->opt->key->class); + ++ if (p->ipproto == IPPROTO_TCP) ++ return DNS_PACKET_SIZE_MAX; ++ + return DNS_PACKET_UNICAST_SIZE_MAX; + } + diff -Nru systemd-237/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch systemd-237/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch --- systemd-237/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,74 @@ +From: Dimitri John Ledkov +Date: Wed, 28 Mar 2018 23:05:17 +0100 +Subject: resolved: Mitigate DVE-2018-0001, + by retrying NXDOMAIN without EDNS0. + +Some captive portals, lie and do not respond with the captive portal IP +address, if the query is with EDNS0 enabled and DO bit set to zero. Thus retry +all domain name look ups with less secure methods, upon NXDOMAIN. + +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/bionic/+source/systemd/+bug/1766969 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/bionic/+source/systemd/+bug/1727237 +Bug-DNS: https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md +(cherry picked from commit cc0a0eb1a9379a81256d68d65f8450a487c0ab12) +--- + src/resolve/resolved-dns-transaction.c | 38 +++++++++++++++++++++++++++++----- + 1 file changed, 33 insertions(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index f4bbde0..f500ec2 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -388,12 +388,12 @@ static int dns_transaction_pick_server(DnsTransaction *t) { + if (!server) + return -ESRCH; + +- /* If we changed the server invalidate the feature level clamping, as the new server might have completely +- * different properties. */ +- if (server != t->server) ++ /* If we changed the server invalidate the current & clamp feature levels, as the new server might have ++ * completely different properties. */ ++ if (server != t->server) { + t->clamp_feature_level = _DNS_SERVER_FEATURE_LEVEL_INVALID; +- +- t->current_feature_level = dns_server_possible_feature_level(server); ++ t->current_feature_level = dns_server_possible_feature_level(server); ++ } + + /* Clamp the feature level if that is requested. */ + if (t->clamp_feature_level != _DNS_SERVER_FEATURE_LEVEL_INVALID && +@@ -954,6 +954,34 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p) { + return; + } + ++ /* Some captive portals are special in that the Aruba/Datavalet hardware will miss replacing the ++ * packets with the local server IP to point to the authenticated side of the network if EDNS0 is ++ * enabled. Instead they return NXDOMAIN, with DO bit set to zero... nothing to see here, yet respond ++ * with the captive portal IP, when using UDP level. ++ * ++ * Common portal names that fail like so are: ++ * secure.datavalet.io ++ * securelogin.arubanetworks.com ++ * securelogin.networks.mycompany.com ++ * ++ * Thus retry NXDOMAIN RCODES for "secure" things with a lower feature level. ++ * ++ * Do not "clamp" the feature level down, as the captive portal should not be lying for the wider ++ * internet (e.g. _other_ queries were observed fine with EDNS0 on these networks) ++ * ++ * This is reported as https://github.com/dns-violations/dns-violations/blob/master/2018/DVE-2018-0001.md ++ */ ++ if (DNS_PACKET_RCODE(p) == DNS_RCODE_NXDOMAIN && t->current_feature_level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) { ++ char key_str[DNS_RESOURCE_KEY_STRING_MAX]; ++ dns_resource_key_to_string(t->key, key_str, sizeof key_str); ++ t->current_feature_level = t->current_feature_level - 1; ++ log_warning("Server returned error %s, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level %s.", ++ dns_rcode_to_string(DNS_PACKET_RCODE(p)), ++ dns_server_feature_level_to_string(t->current_feature_level)); ++ dns_transaction_retry(t, false /* use the same server */); ++ return; ++ } ++ + if (DNS_PACKET_RCODE(p) == DNS_RCODE_REFUSED) { + /* This server refused our request? If so, try again, use a different server */ + log_debug("Server returned REFUSED, switching servers, and retrying."); diff -Nru systemd-237/debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch systemd-237/debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch --- systemd-237/debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,50 @@ +Description: sd-bus: if we receive an invalid dbus message, ignore and + proceeed + . + dbus-daemon might have a slightly different idea of what a valid msg is + than us (for example regarding valid msg and field sizes). Let's hence + try to proceed if we can and thus drop messages rather than fail the + connection if we fail to validate a message. + . + Hopefully the differences in what is considered valid are not visible + for real-life usecases, but are specific to exploit attempts only. +Author: Lennart Poettering +Forwarded: other,https://github.com/systemd/systemd/pull/11708/ + +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index 30d6455b6f..441b4a816f 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -1072,7 +1072,7 @@ static int bus_socket_read_message_need(sd_bus *bus, size_t *need) { + } + + static int bus_socket_make_message(sd_bus *bus, size_t size) { +- sd_bus_message *t; ++ sd_bus_message *t = NULL; + void *b; + int r; + +@@ -1097,7 +1097,9 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { + bus->fds, bus->n_fds, + NULL, + &t); +- if (r < 0) { ++ if (r == -EBADMSG) ++ log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description)); ++ else if (r < 0) { + free(b); + return r; + } +@@ -1108,7 +1110,8 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) { + bus->fds = NULL; + bus->n_fds = 0; + +- bus->rqueue[bus->rqueue_size++] = t; ++ if (t) ++ bus->rqueue[bus->rqueue_size++] = t; + + return 1; + } +-- +2.17.1 + diff -Nru systemd-237/debian/patches/series systemd-237/debian/patches/series --- systemd-237/debian/patches/series 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/patches/series 2019-03-29 16:40:26.000000000 +0000 @@ -1,5 +1,38 @@ service-relax-PID-file-symlink-chain-checks-a-bit-8133.patch socket-util-fix-getpeergroups-assert-fd-8080.patch +l10n-update-POTFILES.in-8163.patch +Gettextize-policy-files.patch +meson-drop-double-.in-suffix-for-o.fd.systemd1.policy-fil.patch +meson-drop-unnecessary-transformation-of-policy-files.patch +l10n-Update-POTFILES.in-and-POTFILES.skip.patch +meson-fix-systemd-pot-target-when-polkit-devel-is-not-ins.patch +test-test-functions-Debian-Ubuntu-now-ship-95-dm-notify.r.patch +test-test-functions-on-PP64-use-vmlinux.patch +test-test-functions-on-PPC64-use-hvc0-console.patch +test-masked-unit-with-drop-ins.patch +install-detect-masked-unit-with-drop-ins.patch +resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch +hwdb-Use-wlan-keycode-for-all-Dell-systems-8762.patch +virt-if-we-detect-Xen-by-DMI-trust-that-over-CPUID.patch +0001-logind-trivial-improvements.patch +0002-logind-rework-sd_eviocrevoke.patch +0003-logind-propagate-the-right-error-don-t-make-up-ENOME.patch +0004-logind-let-s-reduce-one-level-of-indentation.patch +0005-logind-fd-0-is-a-valid-fd.patch +0006-logind-let-s-pack-a-few-struct-fields-we-can-pack.patch +0007-logind-check-file-is-device-node-before-using-.st_rd.patch +0008-logind-make-sure-we-don-t-trip-up-on-half-initialize.patch +0009-logind-voidify-a-function-we-never-check-the-return-.patch +0010-logind-cast-away-return-value-we-don-t-care-about.patch +0011-logind-open-device-if-needed.patch +0012-logind-fix-typo-in-comment.patch +0013-login-fix-FDNAME-in-call-to-sd_pid_notify_with_fds.patch +0014-login-remember-that-fds-received-from-PID1-need-to-b.patch +0015-login-correct-comment-in-session_device_free.patch +0016-login-we-only-allow-opening-character-devices.patch +0017-login-don-t-remove-all-devices-from-PID1-when-only-o.patch +0018-login-effectively-revert-open-device-if-needed.patch +0019-logind-fix-borked-r-check.patch debian/Use-Debian-specific-config-files.patch debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch debian/Make-logind-hostnamed-localed-timedated-D-Bus-activa.patch @@ -25,3 +58,46 @@ debian/Add-env-variable-for-machine-ID-path.patch debian/Avoid-requiring-a-kvm-system-group.patch debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch +debian/Skip-starting-systemd-remount-fs.service-in-containers.patch +debian/Ubuntu-UseDomains-by-default.patch +debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch +debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch +debian/UBUNTU-drop-kernel.-settings-from-sysctl-defaults-shipped.patch +debian/UBUNTU-drop-using-kvm-for-qemu-tests-as-this-current.patch +debian/UBUNTU-test-test-functions-drop-all-prefixes.patch +debian/UBUNTU-test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch +debian/UBUNTU-resolved-disable-global-LLMNR-and-MulticastDNS.patch +debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch +debian/UBUNTU-test-fs-utils-detect-container.patch +debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch +debian/UBUNTU-core-use-setreuid-setregid-trick-to-create-session-k.patch +debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch +debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch +debian/UBUNTU-Introduce-suspend-to-hibernate-8274.patch +debian/UBUNTU-shared-sleep-config-fix-unitialized-variable-and-use.patch +debian/UBUNTU-Rename-suspend-to-hibernate-to-suspend-then-hibernat.patch +debian/UBUNTU-resolved-Listen-on-both-TCP-and-UDP-by-default.patch +debian/UBUNTU-networkd-if-RA-was-implicit-do-not-await-ndisc_con.patch +debian/UBUNTU-introduce-TAKE_PTR-macro.patch +debian/UBUNTU-sleep-Add-support-for-setting-a-disk-offset.patch +CVE-2018-15688.patch +CVE-2018-15686.patch +CVE-2018-15687.patch +CVE-2018-6954.patch +CVE-2018-6954_2.patch +btrfs-util-unbreak-tmpfiles-subvol-creation.patch +test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch +CVE-2018-16864.patch +CVE-2018-16865_1.patch +CVE-2018-16865_2.patch +CVE-2018-16866.patch +resolved-Increase-size-of-TCP-stub-replies.patch +resolve-enable-EDNS0-towards-the-127.0.0.53-stub-res.patch +CVE-2019-6454.patch +sd-bus-if-we-receive-an-invalid-dbus-message-ignore-.patch +journal-do-not-remove-multiple-spaces-after-identifi.patch +stop-mount-error-propagation.patch +Support-system-image-read-only-etc.patch +fix-race-daemon-reload-11121.patch +virt-detect-WSL-environment-as-a-container-id-wsl.patch +CVE-2019-3842.patch diff -Nru systemd-237/debian/patches/stop-mount-error-propagation.patch systemd-237/debian/patches/stop-mount-error-propagation.patch --- systemd-237/debian/patches/stop-mount-error-propagation.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/stop-mount-error-propagation.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,48 @@ +Author: Lennart Poettering +Date: Wed Nov 28 12:41:44 2018 +0100 +Subject: mount: don't propagate errors from mount_setup_unit() further up + + If we can't process a specific line in /proc/self/mountinfo we should + log about it (which we do), but this should not affect other lines, nor + further processing of mount units. Let's keep these failures local. + + Fixes: #10874 + +Origin: upstream, https://github.com/systemd/systemd/commit/ba0d56f55f2073164799be714b5bd1aad94d059a +Bug: https://github.com/systemd/systemd/issues/10874 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1755863 + +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1597,7 +1597,7 @@ + static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { + _cleanup_(mnt_free_tablep) struct libmnt_table *t = NULL; + _cleanup_(mnt_free_iterp) struct libmnt_iter *i = NULL; +- int r = 0; ++ int r; + + assert(m); + +@@ -1613,7 +1613,6 @@ + if (r < 0) + return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m"); + +- r = 0; + for (;;) { + const char *device, *path, *options, *fstype; + _cleanup_free_ char *d = NULL, *p = NULL; +@@ -1642,12 +1641,10 @@ + + (void) device_found_node(m, d, true, DEVICE_FOUND_MOUNT, set_flags); + +- k = mount_setup_unit(m, d, p, options, fstype, set_flags); +- if (r == 0 && k < 0) +- r = k; ++ (void) mount_setup_unit(m, d, p, options, fstype, set_flags); + } + +- return r; ++ return 0; + } + + static void mount_shutdown(Manager *m) { diff -Nru systemd-237/debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch systemd-237/debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch --- systemd-237/debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/test-Set-executable-bits-on-TEST-22-TMPFILES-shell-script.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,22 @@ +From: Dimitri John Ledkov +Date: Fri, 23 Nov 2018 16:27:17 +0000 +Subject: test: Set executable bits on TEST-22-TMPFILES shell scripts. + +--- + test/TEST-22-TMPFILES/test-02.sh | 0 + test/TEST-22-TMPFILES/test-03.sh | 0 + test/TEST-22-TMPFILES/test-04.sh | 0 + 3 files changed, 0 insertions(+), 0 deletions(-) + mode change 100644 => 100755 test/TEST-22-TMPFILES/test-02.sh + mode change 100644 => 100755 test/TEST-22-TMPFILES/test-03.sh + mode change 100644 => 100755 test/TEST-22-TMPFILES/test-04.sh + +diff --git a/test/TEST-22-TMPFILES/test-02.sh b/test/TEST-22-TMPFILES/test-02.sh +old mode 100644 +new mode 100755 +diff --git a/test/TEST-22-TMPFILES/test-03.sh b/test/TEST-22-TMPFILES/test-03.sh +old mode 100644 +new mode 100755 +diff --git a/test/TEST-22-TMPFILES/test-04.sh b/test/TEST-22-TMPFILES/test-04.sh +old mode 100644 +new mode 100755 diff -Nru systemd-237/debian/patches/test-masked-unit-with-drop-ins.patch systemd-237/debian/patches/test-masked-unit-with-drop-ins.patch --- systemd-237/debian/patches/test-masked-unit-with-drop-ins.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/test-masked-unit-with-drop-ins.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,30 @@ +From: Filipe Brandenburger +Date: Thu, 1 Mar 2018 21:07:27 -0800 +Subject: test: masked unit with drop-ins + +(cherry picked from commit 67348e791dd0c546965e48cc091f1e8245b9260d) +--- + test/TEST-15-DROPIN/test-dropin.sh | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh +index 9d8af99..3819cad 100755 +--- a/test/TEST-15-DROPIN/test-dropin.sh ++++ b/test/TEST-15-DROPIN/test-dropin.sh +@@ -179,6 +179,16 @@ test_masked_dropins () { + ln -sf ../b.service /usr/lib/systemd/system/a.service.wants/b.service + check_ko a Wants b.service + ++ # 'a' is masked but has an override config file ++ echo "*** test a is masked but has an override" ++ create_services a b ++ ln -sf /dev/null /etc/systemd/system/a.service ++ cat >/usr/lib/systemd/system/a.service.d/override.conf < +Date: Wed, 14 Feb 2018 20:34:55 +0000 +Subject: test/test-functions: Debian/Ubuntu, now ship 95-dm-notify.rules, + copy it + +This fixes cryptsetup tests on recent Ubuntu/Debian systems (current +development series). + +Bug-Launchpad: https://launchpad.net/bugs/1749432 +(cherry picked from commit 7e026ca51e48b5beb50fc7745b8678a101413d78) +--- + test/test-functions | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/test-functions b/test/test-functions +index 018bdca..ac3de81 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -314,7 +314,7 @@ install_dmevent() { + if [[ "$LOOKS_LIKE_DEBIAN" ]]; then + # dmsetup installs 55-dm and 60-persistent-storage-dm on Debian/Ubuntu + # see https://anonscm.debian.org/cgit/pkg-lvm/lvm2.git/tree/debian/patches/0007-udev.patch +- inst_rules 55-dm.rules 60-persistent-storage-dm.rules ++ inst_rules 55-dm.rules 60-persistent-storage-dm.rules 95-dm-notify.rules + else + inst_rules 10-dm.rules 13-dm-disk.rules 95-dm-notify.rules + fi diff -Nru systemd-237/debian/patches/test-test-functions-on-PP64-use-vmlinux.patch systemd-237/debian/patches/test-test-functions-on-PP64-use-vmlinux.patch --- systemd-237/debian/patches/test-test-functions-on-PP64-use-vmlinux.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/test-test-functions-on-PP64-use-vmlinux.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,33 @@ +From: Dimitri John Ledkov +Date: Mon, 19 Feb 2018 20:47:41 +0000 +Subject: test/test-functions: on PP64 use vmlinux + +At least on Ubuntu, ppc64el uses vmlinux-, not vmlinuz. With this, it should be +possible to run qemu tests on ppc64el as part of Ubuntu autopkgtests. + +(cherry picked from commit a2ab2bdd5fcbd15c1f9daf4eb34c4dfb56c12e30) +--- + test/test-functions | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/test/test-functions b/test/test-functions +index ac3de81..87235e3 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -72,7 +72,15 @@ run_qemu() { + if [[ "$LOOKS_LIKE_ARCH" ]]; then + KERNEL_BIN=/boot/vmlinuz-linux + else +- KERNEL_BIN=/boot/vmlinuz-$KERNEL_VER ++ [ "$ARCH" ] || ARCH=$(uname -m) ++ case $ARCH in ++ ppc64*) ++ KERNEL_BIN=/boot/vmlinux-$KERNEL_VER ++ ;; ++ *) ++ KERNEL_BIN=/boot/vmlinuz-$KERNEL_VER ++ ;; ++ esac + fi + fi + diff -Nru systemd-237/debian/patches/test-test-functions-on-PPC64-use-hvc0-console.patch systemd-237/debian/patches/test-test-functions-on-PPC64-use-hvc0-console.patch --- systemd-237/debian/patches/test-test-functions-on-PPC64-use-hvc0-console.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/test-test-functions-on-PPC64-use-hvc0-console.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,39 @@ +From: Dimitri John Ledkov +Date: Tue, 20 Feb 2018 12:01:40 +0000 +Subject: test/test-functions: on PPC64 use hvc0 console + +(cherry picked from commit 47709db0687f27c4a1de0826f2330ae147db6e01) +--- + test/test-functions | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/test/test-functions b/test/test-functions +index 87235e3..22066d9 100644 +--- a/test/test-functions ++++ b/test/test-functions +@@ -68,6 +68,8 @@ run_qemu() { + && KERNEL_BIN="$EFI_MOUNT/$MACHINE_ID/$KERNEL_VER/linux" + fi + ++ CONSOLE=ttyS0 ++ + if [[ ! "$KERNEL_BIN" ]]; then + if [[ "$LOOKS_LIKE_ARCH" ]]; then + KERNEL_BIN=/boot/vmlinuz-linux +@@ -76,6 +78,7 @@ run_qemu() { + case $ARCH in + ppc64*) + KERNEL_BIN=/boot/vmlinux-$KERNEL_VER ++ CONSOLE=hvc0 + ;; + *) + KERNEL_BIN=/boot/vmlinuz-$KERNEL_VER +@@ -127,7 +130,7 @@ root=/dev/sda1 \ + raid=noautodetect \ + loglevel=2 \ + init=$ROOTLIBDIR/systemd \ +-console=ttyS0 \ ++console=$CONSOLE \ + selinux=0 \ + $_cgroup_args \ + $KERNEL_APPEND \ diff -Nru systemd-237/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch systemd-237/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch --- systemd-237/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/virt-detect-WSL-environment-as-a-container-id-wsl.patch 2019-03-18 07:40:44.000000000 +0000 @@ -0,0 +1,116 @@ +From: Balint Reczey +Date: Wed, 6 Mar 2019 18:46:04 +0100 +Subject: virt: detect WSL environment as a container (id: wsl) + +--- + man/systemd-detect-virt.xml | 13 ++++++++++++- + man/systemd.unit.xml | 3 ++- + src/basic/virt.c | 12 ++++++++++++ + src/basic/virt.h | 1 + + 4 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index 4426827..c92ea8d 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -149,7 +149,7 @@ + + + +- Container ++ Container + openvz + OpenVZ/Virtuozzo + +@@ -178,6 +178,11 @@ + rkt + rkt app container runtime + ++ ++ ++ wsl ++ Windows Subsystem for Linux ++ + + + +@@ -187,6 +192,12 @@ + machine and container virtualization are used in + conjunction, only the latter will be identified (unless + is passed). ++ Windows Subsystem for Linux is not a Linux container, ++ but an environment for running Linux userspace applications on ++ top of the Windows kernel using a Linux-compatible interface. ++ WSL is categorized as a container for practical purposes. ++ Multiple WSL environments share the same kernel and services ++ should generally behave like when being run in a container. + + + +diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml +index 90ca378..c79c91e 100644 +--- a/man/systemd.unit.xml ++++ b/man/systemd.unit.xml +@@ -1021,7 +1021,8 @@ + lxc-libvirt, + systemd-nspawn, + docker, +- rkt to test ++ rkt, ++ wsl to test + against a specific implementation, or + private-users to check whether we are running in a user namespace. See + systemd-detect-virt1 +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 1bc26ec..7bd9850 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -440,10 +440,12 @@ int detect_container(void) { + { "systemd-nspawn", VIRTUALIZATION_SYSTEMD_NSPAWN }, + { "docker", VIRTUALIZATION_DOCKER }, + { "rkt", VIRTUALIZATION_RKT }, ++ { "wsl", VIRTUALIZATION_WSL }, + }; + + static thread_local int cached_found = _VIRTUALIZATION_INVALID; + _cleanup_free_ char *m = NULL; ++ _cleanup_free_ char *o = NULL; + const char *e = NULL; + unsigned j; + int r; +@@ -458,6 +460,15 @@ int detect_container(void) { + goto finish; + } + ++ /* "Official" way of detecting WSL https://github.com/Microsoft/WSL/issues/423#issuecomment-221627364 */ ++ r = read_one_line_file("/proc/sys/kernel/osrelease", &o); ++ if (r >= 0) { ++ if (strstr(o, "Microsoft") || strstr(o, "WSL")) { ++ r = VIRTUALIZATION_WSL; ++ goto finish; ++ } ++ } ++ + if (getpid_cached() == 1) { + /* If we are PID 1 we can just check our own environment variable, and that's authoritative. */ + +@@ -639,6 +650,7 @@ static const char *const virtualization_table[_VIRTUALIZATION_MAX] = { + [VIRTUALIZATION_OPENVZ] = "openvz", + [VIRTUALIZATION_DOCKER] = "docker", + [VIRTUALIZATION_RKT] = "rkt", ++ [VIRTUALIZATION_WSL] = "wsl", + [VIRTUALIZATION_CONTAINER_OTHER] = "container-other", + }; + +diff --git a/src/basic/virt.h b/src/basic/virt.h +index d9badd8..d4e1007 100644 +--- a/src/basic/virt.h ++++ b/src/basic/virt.h +@@ -49,6 +49,7 @@ enum { + VIRTUALIZATION_OPENVZ, + VIRTUALIZATION_DOCKER, + VIRTUALIZATION_RKT, ++ VIRTUALIZATION_WSL, + VIRTUALIZATION_CONTAINER_OTHER, + VIRTUALIZATION_CONTAINER_LAST = VIRTUALIZATION_CONTAINER_OTHER, + diff -Nru systemd-237/debian/patches/virt-if-we-detect-Xen-by-DMI-trust-that-over-CPUID.patch systemd-237/debian/patches/virt-if-we-detect-Xen-by-DMI-trust-that-over-CPUID.patch --- systemd-237/debian/patches/virt-if-we-detect-Xen-by-DMI-trust-that-over-CPUID.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-237/debian/patches/virt-if-we-detect-Xen-by-DMI-trust-that-over-CPUID.patch 2019-02-28 21:03:40.000000000 +0000 @@ -0,0 +1,39 @@ +From: Lennart Poettering +Date: Mon, 30 Apr 2018 12:23:03 +0200 +Subject: virt: if we detect Xen by DMI, trust that over CPUID + +Apparently Xen sometimes lies about its identity when queried via CPUID. +Let's hence prefer DMI tests for CPUID + +Fixes: #8844 +(cherry picked from commit f2fe2865cd19cd4318b82d01b9b62d22b1697b3a) +--- + src/basic/virt.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index f4796b5..1bc26ec 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -327,13 +327,16 @@ int detect_vm(void) { + + /* We have to use the correct order here: + * +- * -> First try to detect Oracle Virtualbox, even if it uses KVM. +- * -> Second try to detect from cpuid, this will report KVM for +- * whatever software is used even if info in dmi is overwritten. +- * -> Third try to detect from dmi. */ ++ * → First, try to detect Oracle Virtualbox, even if it uses KVM, as well as Xen even if it cloaks as Microsoft ++ * Hyper-V. ++ * ++ * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is ++ * overwritten. ++ * ++ * → Third, try to detect from DMI. */ + + dmi = detect_vm_dmi(); +- if (dmi == VIRTUALIZATION_ORACLE) { ++ if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN)) { + r = dmi; + goto finish; + } diff -Nru systemd-237/debian/rules systemd-237/debian/rules --- systemd-237/debian/rules 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/rules 2019-02-28 21:03:40.000000000 +0000 @@ -197,7 +197,6 @@ rm -f debian/install/*/etc/init.d/README rm -rf debian/install/*/etc/rpm/ rm -rf debian/install/*/usr/lib/rpm/ - rm -f debian/install/*/usr/lib/sysctl.d/50-default.conf rm -f debian/install/*/etc/X11/xinit/xinitrc.d/50-systemd-user.sh rmdir -p --ignore-fail-on-non-empty debian/install/*/etc/X11/xinit/xinitrc.d/ rm -f debian/install/*/lib/systemd/system/halt-local.service @@ -255,20 +254,29 @@ install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/lib/udev/rules.d/ cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/ install --mode=755 debian/extra/set-cpufreq debian/systemd/lib/systemd/ + install -D --mode=755 debian/extra/write_persistent_net_s390x_virtio debian/udev/usr/share/systemd/write_persistent_net_s390x_virtio + install -D --mode=755 debian/extra/dhclient-enter-resolved-hook debian/systemd/etc/dhcp/dhclient-enter-hooks.d/resolved endif override_dh_installinit: - dh_installinit --no-start + dh_installinit --no-scripts -psystemd + dh_installinit --no-start -Nsystemd + +PROJECT_VERSION ?= $(shell awk '/PACKAGE_VERSION/ {print $$3}' build-deb/config.h | tr -d \") # The SysV compat tools (which are symlinks to systemctl) are # quasi-essential, so add their dependencies to Pre-Depends # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589 override_dh_shlibdeps: - dh_shlibdeps -psystemd -- -dPre-Depends -edebian/systemd/bin/systemctl -dDepends + dh_shlibdeps -psystemd -- \ + -dPre-Depends \ + -edebian/systemd/bin/systemctl \ + -edebian/systemd/lib/systemd/libsystemd-shared-$(PROJECT_VERSION).so \ + -dDepends dh_shlibdeps --remaining-packages -Lsystemd override_dh_makeshlibs: - sed 's/SHARED_LIB_VERSION/$(shell awk '/PACKAGE_VERSION/ {print $$3}' build-deb/config.h | tr -d \")/' debian/shlibs.local.in > debian/shlibs.local + sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL) dh_makeshlibs -psystemd -Xlibsystemd-shared -- -c$(GENSYMBOLS_LEVEL) dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL) diff -Nru systemd-237/debian/systemd.postinst systemd-237/debian/systemd.postinst --- systemd-237/debian/systemd.postinst 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/systemd.postinst 2019-02-28 21:03:40.000000000 +0000 @@ -39,6 +39,32 @@ systemctl enable systemd-timesyncd.service || true fi +# Enable resolved by default on new installs installs and upgrades +if dpkg --compare-versions "$2" lt "234-1ubuntu2~"; then + systemctl enable systemd-resolved.service || true +fi + +# Drop stock /etc/rc.local on upgrades +if dpkg --compare-versions "$2" lt "234-2ubuntu11~"; then + if [ -f /etc/rc.local ]; then + if [ "10fd9f051accb6fd1f753f2d48371890" = "$(md5sum /etc/rc.local | cut -d\ -f1)" ]; then + echo Removing empty /etc/rc.local + rm -f /etc/rc.local || true + fi + fi +fi + +# Use stub resolve.conf by default on new installs +if [ -z "$2" ]; then + mkdir -p /run/systemd/resolve + if [ -e /etc/resolv.conf ]; then + cp /etc/resolv.conf /run/systemd/resolve/stub-resolv.conf + fi + # If /etc/resolv.conf is a bind-mount, moving or replacing + # /etc/resolv.conf may fail + ln -snf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf || true +fi + # Enable ondemand by default on new installs installs and upgrades if [ -e /lib/systemd/system/ondemand.service ] && dpkg --compare-versions "$2" lt "231-7~"; then systemctl enable ondemand.service || true @@ -96,6 +122,15 @@ # Setup system users and groups addgroup --quiet --system systemd-journal +# Enable persistent journal, in auto-mode, by default on new installs installs and upgrades +if dpkg --compare-versions "$2" lt "235-3ubuntu3~"; then + mkdir -p /var/log/journal + # create tmpfiles only when running systemd, otherwise %b substitution fails + if [ -d /run/systemd/system ]; then + systemd-tmpfiles --create --prefix /var/log/journal + fi +fi + adduser --quiet --system --group --no-create-home --home /run/systemd/netif \ --gecos "systemd Network Management" systemd-network adduser --quiet --system --group --no-create-home --home /run/systemd/resolve \ @@ -104,7 +139,15 @@ # Initial update of the Message Catalogs database _update_catalog -if [ -n "$2" ]; then +# Disable networkd when upgrading from broken versions 8..10. Turns out +# enabling networkd unconditionally has long boot time side-effects +if dpkg --compare-versions "$2" gt "234-2ubuntu8~" && + dpkg --compare-versions "$2" lt "234-2ubuntu11~"; then + systemctl disable systemd-networkd-wait-online.service || true +fi + +# skip daemon-reexec and try-restarts during shutdown to avoid hitting LP: #1803391 +if [ -n "$2" ] && [ "$(systemctl is-system-running)" != "stopping" ]; then _systemctl daemon-reexec || true # don't restart logind; this can be done again once this gets implemented: # https://github.com/systemd/systemd/issues/1163 @@ -134,4 +177,10 @@ rm -f /var/lib/systemd/clock fi +# Process all tmpfiles that we ship, including any overrides in +# runtime-dir/sysadmin-dir/other packages (e.g. rsyslog) +# +# Ignore if this fails, because e.g. %b will fail on WSL +systemd-tmpfiles --create || : + #DEBHELPER# diff -Nru systemd-237/debian/systemd.prerm systemd-237/debian/systemd.prerm --- systemd-237/debian/systemd.prerm 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/systemd.prerm 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -#! /bin/sh - -set -e - -# -# Prevent systemd from being removed if it's the active init. That -# will not work. -# - -if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then - echo "systemd is the active init system, please switch to another before removing systemd." - exit 1 -fi - -#DEBHELPER# diff -Nru systemd-237/debian/tests/boot-and-services systemd-237/debian/tests/boot-and-services --- systemd-237/debian/tests/boot-and-services 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/tests/boot-and-services 2019-02-28 21:03:40.000000000 +0000 @@ -59,12 +59,13 @@ subprocess.call(['journalctl', '-b', '-u', f]) self.assertEqual(failed, []) - def test_lightdm(self): - out = subprocess.check_output(['ps', 'u', '-C', 'lightdm']) - self.assertIn(b'lightdm --session', out) + @unittest.skipUnless(subprocess.call(['which', 'gdm3'], stdout=subprocess.DEVNULL) == 0, 'gdm3 not found') + def test_gdm3(self): + out = subprocess.check_output(['ps', 'u', '-C', 'gdm-x-session']) + self.assertIn(b'gdm-x-session gnome-session', out) out = subprocess.check_output(['ps', 'u', '-C', 'Xorg']) - self.assertIn(b':0', out) - self.active_unit('lightdm') + self.assertIn(b'Xorg vt1', out) + self.active_unit('gdm') def test_dbus(self): out = subprocess.check_output( diff -Nru systemd-237/debian/tests/boot-smoke systemd-237/debian/tests/boot-smoke --- systemd-237/debian/tests/boot-smoke 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/tests/boot-smoke 2019-02-28 21:03:40.000000000 +0000 @@ -29,32 +29,59 @@ done fi else + ret=0 + + echo "waiting to boot..." + TIMEOUT=35 + while [ $TIMEOUT -ge 0 ]; do + state="$(systemctl is-system-running || true)" + case $state in + running|degraded) + break + ;; + *) + sleep 1 + TIMEOUT=$((TIMEOUT - 1)) + ;; + esac + done + echo "checking for failed unmounts for user systemd" JOURNAL=$(journalctl) if echo "$JOURNAL" | grep -E "systemd\[([2-9]|[1-9][0-9]+)\].*Failed unmounting"; then - exit 1 + ret=1 fi - echo "checking for connection timeouts" + echo "checking for connection timeouts (non fatal)" if echo "$JOURNAL" | grep "Connection timed out"; then - exit 1 + # systemd-udevd started to time out resolving group 'colord' + # yet, not reproducible locally, investigating + ret=0 fi echo "checking that polkitd runs" - pidof polkitd + if ! pidof polkitd; then + echo "polkitd is NOT running" + ret=1 + fi + + echo "checking failed jobs (non fatal)" + if [ "$state" != "running" ]; then + echo "systemctl is-system-running returns: $state" + systemctl --no-pager --no-legend list-jobs > $ADT_ARTIFACTS/running-jobs.txt || true + fi echo "checking that there are no running jobs" - TIMEOUT=10 - while [ $TIMEOUT -ge 0 ]; do - running="$(systemctl --no-pager --no-legend list-jobs || true)" - [ -n "$running" ] || break - TIMEOUT=$((TIMEOUT - 1)) - done + running="$(systemctl --no-pager --no-legend list-jobs || true)" if [ -n "$running" ]; then echo "running jobs after remaining timeout $TIMEOUT: $running" journalctl --sync journalctl -ab > $ADT_ARTIFACTS/journal.txt udevadm info --export-db > $ADT_ARTIFACTS/udevdb.txt - exit 1 + ret=1 + fi + + if [ "$ret" != "0" ]; then + exit $ret fi fi diff -Nru systemd-237/debian/tests/control systemd-237/debian/tests/control --- systemd-237/debian/tests/control 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/tests/control 2019-02-28 21:03:40.000000000 +0000 @@ -1,5 +1,6 @@ Tests: timedated, hostnamed, localed-locale, localed-x11-keymap Depends: systemd, + udev, libpam-systemd, acl, locales, @@ -7,6 +8,7 @@ Tests: logind Depends: systemd, + udev, libpam-systemd, acl, locales, @@ -15,6 +17,7 @@ Tests: unit-config Depends: systemd, + udev, libpam-systemd, acl, locales, @@ -25,6 +28,7 @@ Tests: storage Depends: systemd, + udev, libpam-systemd, acl, locales, @@ -37,6 +41,7 @@ Tests: networkd-test.py Tests-Directory: test Depends: systemd, + udev, libpam-systemd, acl, locales, @@ -51,6 +56,7 @@ Tests: build-login Depends: systemd, + udev, libpam-systemd, acl, locales, @@ -67,13 +73,14 @@ Tests: boot-and-services Depends: systemd-sysv, + systemd, + udev, systemd-container, systemd-coredump, libpam-systemd, xserver-xorg-video-dummy, xserver-xorg, - lightdm, - lightdm-gtk-greeter | lightdm-greeter, + gdm3 [!s390x], cron, network-manager, busybox-static, @@ -84,6 +91,7 @@ Tests: udev Depends: systemd-tests, + udev, tree, perl, xz-utils, @@ -91,6 +99,7 @@ Tests: root-unittests Depends: systemd-tests, + udev, tree, perl, xz-utils, @@ -115,7 +124,9 @@ isc-dhcp-client, iputils-ping, strace, - qemu-system-x86 [amd64], + qemu-system-x86 [amd64 i386], + qemu-system-arm [arm64 armhf], + qemu-system-s390x [s390x], less, pkg-config, gcc, @@ -152,9 +163,11 @@ systemd-journal-remote, systemd-container, systemd-sysv, + systemd, + udev, network-manager, policykit-1, - lightdm, + gdm3 [!s390x], xserver-xorg-video-dummy, Restrictions: needs-recommends, needs-root, isolation-container, allow-stderr, breaks-testbed diff -Nru systemd-237/debian/tests/root-unittests systemd-237/debian/tests/root-unittests --- systemd-237/debian/tests/root-unittests 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/tests/root-unittests 2019-02-28 21:03:40.000000000 +0000 @@ -9,6 +9,15 @@ test-catalog " +# test-execute fail on armhf and are currently executed on arm64 kernels. +# https://github.com/systemd/systemd/issues/5851 +arch=$(dpkg --print-architecture) +if [ "$arch" = "armhf" ]; then + EXFAIL="$EXFAIL +test-execute +" +fi + res=0 for t in /usr/lib/systemd/tests/test-*; do tname=$(basename $t) diff -Nru systemd-237/debian/tests/systemd-fsckd systemd-237/debian/tests/systemd-fsckd --- systemd-237/debian/tests/systemd-fsckd 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/tests/systemd-fsckd 2019-02-28 21:03:40.000000000 +0000 @@ -7,6 +7,7 @@ import inspect import fileinput import os +import platform import subprocess import shutil import stat @@ -44,6 +45,7 @@ # ensure we have our root fsck enabled by default (it detects it runs in a vm and doesn't pull the target) # note that it can already exists in case of a reboot (as there was no tearDown as we wanted) os.makedirs(os.path.dirname(SYSTEMD_FSCK_ROOT_ENABLE_PATH), exist_ok=True) + os.makedirs('/var/log/journal', exist_ok=True) with suppress(FileExistsError): os.symlink(SYSTEMD_FSCK_ROOT_PATH, SYSTEMD_FSCK_ROOT_ENABLE_PATH) enable_plymouth() @@ -96,7 +98,10 @@ self.assertFsckdStop() self.assertWasRunning('process-killer') self.assertFalse(self.is_failed_unit('process-killer')) - self.assertFsckProceeded() + self.assertWasRunning('systemd-fsckd') + self.assertFalse(self.is_failed_unit('systemd-fsckd')) + self.assertTrue(self.is_failed_unit('systemd-fsck-root')) + self.assertWasRunning('plymouth-start') self.assertSystemRunning() def test_systemd_fsck_with_failure(self): @@ -120,11 +125,12 @@ else: self.assertFsckdStop() self.assertProcessKilled() - self.assertFalse(self.is_failed_unit('systemd-fsck-root')) + self.assertTrue(self.is_failed_unit('systemd-fsck-root')) self.assertTrue(self.is_failed_unit('systemd-fsckd')) self.assertWasRunning('plymouth-start') self.assertSystemRunning() + @unittest.expectedFailure def test_systemd_fsck_with_plymouth_failure(self): '''Ensure that a failing plymouth doesn't prevent fsckd to reconnect/exit''' if not self._after_reboot: @@ -219,7 +225,7 @@ subprocess.check_call(['systemctl', 'enable', 'process-killer'], stderr=subprocess.DEVNULL) -def enable_plymouth(enable=True): +def enable_plymouth_grub(enable=True): '''ensure plymouth is enabled in grub config (doesn't reboot)''' plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read() if enable and not plymouth_enabled: @@ -238,6 +244,23 @@ subprocess.check_call(['update-grub'], stderr=subprocess.DEVNULL) +def enable_plymouth_zipl(enable=True, ziplconf='/etc/zipl.conf'): + '''ensure plymouth is enabled in zipl config (doesn't reboot)''' + plymouth_enabled = 'splash' in open(ziplconf).read() + if enable and not plymouth_enabled: + subprocess.check_call(['sed', '-i', 's/^\(parameters.*\)/\\1 splash quiet/', ziplconf], stderr=subprocess.DEVNULL) + elif not enable and plymouth_enabled: + subprocess.check_call(['sed', '-i', 's/ splash quiet//g', ziplconf], stderr=subprocess.DEVNULL) + subprocess.check_call(['zipl'], stderr=subprocess.DEVNULL) + + +def enable_plymouth(enable=True): + if platform.processor() == 's390x': + enable_plymouth_zipl(enable) + else: + enable_plymouth_grub(enable) + + def boot_with_systemd_distro(): '''Reboot with systemd as init and distro setup for grub''' enable_plymouth() diff -Nru systemd-237/debian/tests/upstream systemd-237/debian/tests/upstream --- systemd-237/debian/tests/upstream 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/tests/upstream 2019-02-28 21:03:40.000000000 +0000 @@ -5,7 +5,7 @@ # even after installing policycoreutils this fails with # "Failed to install /usr/libexec/selinux/hll/pp" -BLACKLIST="TEST-06-SELINUX" +BLACKLIST="TEST-06-SELINUX TEST-16-EXTEND-TIMEOUT" # quiesce Makefile.guess; not really relevant as systemd/nspawn run from # installed packages @@ -22,19 +22,26 @@ # adjust path sed -i 's_/usr/libexec/selinux/hll/pp_/usr/lib/selinux/hll/pp_' test/TEST-06-SELINUX/test.sh +FAILED="" + for t in test/TEST*; do echo "$BLACKLIST" | grep -q "$(basename $t)" && continue echo "========== `basename $t` ==========" rm -rf /var/tmp/systemd-test.* if ! make -C $t clean setup run; then - for j in /var/tmp/systemd-test.*/journal/*; do + for j in /var/tmp/systemd-test.*/journal/*/system.journal; do [ -e "$j" ] || continue # keep the entire journal in artifacts, in case one needs the debug messages - cp "$j" "$AUTOPKGTEST_ARTIFACTS/$(basename $t)-$(basename $j)" + cp "$j" "$AUTOPKGTEST_ARTIFACTS/$(basename $t)-$(basename $(dirname $j))" echo "---- $j ----" - journalctl --priority=warning --directory=$j + journalctl --priority=warning --file=$j done - exit 1 + FAILED="$FAILED $t" fi echo done + +if [ -n "$FAILED" ]; then + echo FAILED TESTS: "$FAILED" + exit 1 +fi diff -Nru systemd-237/debian/udev-udeb.install systemd-237/debian/udev-udeb.install --- systemd-237/debian/udev-udeb.install 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/udev-udeb.install 2019-02-28 21:03:40.000000000 +0000 @@ -18,3 +18,4 @@ ../../extra/rules/73-special-net-names.rules lib/udev/rules.d/ ../../extra/rules/73-usb-net-by-mac.rules lib/udev/rules.d/ ../../extra/start-udev lib/debian-installer/ +../../extra/modprobe.d-udeb/scsi-mod-scan-sync.conf lib/modprobe.d/ diff -Nru systemd-237/debian/udev.postinst systemd-237/debian/udev.postinst --- systemd-237/debian/udev.postinst 2018-02-14 22:07:17.000000000 +0000 +++ systemd-237/debian/udev.postinst 2019-02-28 21:03:40.000000000 +0000 @@ -85,6 +85,14 @@ NamePolicy=onboard kernel EOF fi + + # 232-20 (232-21ubuntu3 in ubuntu) introduced predicable interface names on + # s390x for virtio However, we should preserve ethX names on upgrade. + if [ -x /usr/share/systemd/write_persistent_net_s390x_virtio ]; then + if dpkg --compare-versions "$2" lt-nl "232-21ubuntu3~"; then + /usr/share/systemd/write_persistent_net_s390x_virtio || true + fi + fi } update_hwdb() {