Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: pkg-systemd-maintain...@lists.alioth.debian.org
Dear Release Team, We would like to upload the latest stable point release of systemd 252 to bookworm-p-u. Stable release branches are maintained upstream with the intention of providing bug fixes only and no compatibility breakages, and with automated non-trivial CI jobs that also cover Debian and Ubuntu. I have already uploaded to p-u. There are no packaging changes. Debdiff attached. The list of commits included can be seen at: https://github.com/systemd/systemd-stable/compare/v252.27...v252.28 -- Kind regards, Luca Boccassi
diff -Nru systemd-252.27/debian/changelog systemd-252.28/debian/changelog
--- systemd-252.27/debian/changelog 2024-06-25 21:25:25.000000000 +0100
+++ systemd-252.28/debian/changelog 2024-07-07 11:56:20.000000000 +0100
@@ -1,3 +1,9 @@
+systemd (252.28-1~deb12u1) bookworm; urgency=medium
+
+ * New upstream version 252.28 (Closes: #1074789)
+
+ -- Luca Boccassi <bl...@debian.org> Sun, 07 Jul 2024 11:56:20 +0100
+
systemd (252.27-1~deb12u1) bookworm; urgency=medium
* New upstream version 252.27
diff -Nru systemd-252.27/docs/CODING_STYLE.md systemd-252.28/docs/CODING_STYLE.md
--- systemd-252.27/docs/CODING_STYLE.md 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/docs/CODING_STYLE.md 2024-07-07 11:52:10.000000000 +0100
@@ -54,6 +54,18 @@
}
```
+- Function return types should be seen/written as whole, i.e. write this:
+
+ ```c
+ const char* foo(const char *input);
+ ```
+
+ instead of this:
+
+ ```c
+ const char *foo(const char *input);
+ ```
+
- Single-line `if` blocks should not be enclosed in `{}`. Write this:
```c
@@ -163,7 +175,7 @@
```c
static int foobar_frobnicate(
- Foobar* object, /* the associated mutable object */
+ Foobar *object, /* the associated mutable object */
const char *input, /* immutable input parameter */
char **ret_frobnicated) { /* return parameter */
…
diff -Nru systemd-252.27/.github/workflows/mkosi.yml systemd-252.28/.github/workflows/mkosi.yml
--- systemd-252.27/.github/workflows/mkosi.yml 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/.github/workflows/mkosi.yml 2024-07-07 11:52:10.000000000 +0100
@@ -55,6 +55,11 @@
if: ${{ matrix.release == '9-stream' }}
run: sudo sed -i '/add_packages/s/systemd-boot/systemd/g' /usr/local/lib/python3.10/dist-packages/mkosi/__init__.py
+ # FIXME: temporary workaround for debootstrap issue of Debian testing/sid on Jammy
+ - name: Fix Debian testing/sid
+ if: ${{ matrix.distro == 'debian' && matrix.release == 'testing' }}
+ run: sudo sed -i 's/merged-usr/no-merged-usr/g' /usr/local/lib/python3.10/dist-packages/mkosi/__init__.py
+
- name: Install
run: sudo apt-get update && sudo apt-get install --no-install-recommends python3-pexpect python3-jinja2
diff -Nru systemd-252.27/LICENSES/README.md systemd-252.28/LICENSES/README.md
--- systemd-252.27/LICENSES/README.md 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/LICENSES/README.md 2024-07-07 11:52:10.000000000 +0100
@@ -13,7 +13,14 @@
the systemd project source tree.
Unless otherwise noted, the systemd project sources are licensed under the terms
-and conditions of the **GNU Lesser General Public License v2.1 or later**.
+and conditions of
+**LGPL-2.1-or-later** (**GNU Lesser General Public License v2.1 or later**).
+
+Unless otherwise noted, compiled programs and all shared or static libraries
+include sources under **LGPL-2.1-or-later** along with more permissive
+licenses, and are effectively licensed **LGPL-2.1-or-later**.
+systemd-udevd and other udev helper programs also include sources under
+**GPL-2.0-or-later**, and are effectively licensed **GPL-2.0-or-later**.
New sources that cannot be distributed under LGPL-2.1-or-later will no longer
be accepted for inclusion in the systemd project to maintain license uniformity.
@@ -22,8 +29,9 @@
The following exceptions apply:
- * some udev sources under src/udev/ are licensed under **GPL-2.0-or-later**, so the
- udev binaries as a whole are also distributed under **GPL-2.0-or-later**.
+ * some sources under src/udev/ are licensed under **GPL-2.0-or-later**,
+ so all udev programs (`systemd-udevd`, `udevadm`, and the udev builtins
+ and test programs) are also distributed under **GPL-2.0-or-later**.
* the header files contained in src/basic/linux/ and src/shared/linux/ are copied
verbatim from the Linux kernel source tree and are licensed under **GPL-2.0 WITH
Linux-syscall-note** and are used within the scope of the Linux-syscall-note
diff -Nru systemd-252.27/man/file-hierarchy.xml systemd-252.28/man/file-hierarchy.xml
--- systemd-252.27/man/file-hierarchy.xml 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/man/file-hierarchy.xml 2024-07-07 11:52:10.000000000 +0100
@@ -798,7 +798,7 @@
<tbody>
<row>
<entry><filename>~/.config/<replaceable>package</replaceable>/</filename></entry>
- <entry>User-specific configuration and state for the package. It is required to default to safe fallbacks if this configuration is missing.</entry>
+ <entry>User-specific configuration for the package. It is required to default to safe fallbacks if this configuration is missing.</entry>
</row>
<row>
<entry><filename><varname>$XDG_RUNTIME_DIR</varname>/<replaceable>package</replaceable>/</filename></entry>
@@ -808,6 +808,10 @@
<entry><filename>~/.cache/<replaceable>package</replaceable>/</filename></entry>
<entry>Persistent cache data of the package. If this directory is flushed, the application should work correctly on next invocation, though possibly slowed down due to the need to rebuild any local cache files. The application must be capable of recreating this directory should it be missing and necessary.</entry>
</row>
+ <row>
+ <entry><filename>~/.local/state/<replaceable>package</replaceable>/</filename></entry>
+ <entry>Persistent state data of the package.</entry>
+ </row>
</tbody>
</tgroup>
</table>
diff -Nru systemd-252.27/man/machine-id.xml systemd-252.28/man/machine-id.xml
--- systemd-252.27/man/machine-id.xml 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/man/machine-id.xml 2024-07-07 11:52:10.000000000 +0100
@@ -124,7 +124,7 @@
are as follows:</para>
<orderedlist>
- <listitem><para>The kernel command argument <varname>systemd.condition-first-boot=</varname> may be
+ <listitem><para>The kernel command argument <varname>systemd.condition_first_boot=</varname> may be
used to override the autodetection logic, see
<citerefentry><refentrytitle>kernel-command-line</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para></listitem>
diff -Nru systemd-252.27/man/systemd.exec.xml systemd-252.28/man/systemd.exec.xml
--- systemd-252.27/man/systemd.exec.xml 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/man/systemd.exec.xml 2024-07-07 11:52:10.000000000 +0100
@@ -1829,8 +1829,9 @@
<filename>/proc/sys/</filename>, <filename>/sys/</filename>, <filename>/proc/sysrq-trigger</filename>,
<filename>/proc/latency_stats</filename>, <filename>/proc/acpi</filename>,
<filename>/proc/timer_stats</filename>, <filename>/proc/fs</filename> and <filename>/proc/irq</filename> will
- be made read-only to all processes of the unit. Usually, tunable kernel variables should be initialized only at
- boot-time, for example with the
+ be made read-only and <filename>/proc/kallsyms</filename> as well as <filename>/proc/kcore</filename> will be
+ inaccessible to all processes of the unit.
+ Usually, tunable kernel variables should be initialized only at boot-time, for example with the
<citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> mechanism. Few
services need to write to these at runtime; it is hence recommended to turn this on for most services. For this
setting the same restrictions regarding mount propagation and privileges apply as for
diff -Nru systemd-252.27/meson.build systemd-252.28/meson.build
--- systemd-252.27/meson.build 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/meson.build 2024-07-07 11:52:10.000000000 +0100
@@ -516,6 +516,7 @@
#include <uchar.h>
#include <sys/mount.h>
#include <sys/stat.h>
+#include <sched.h>
'''
foreach decl : ['char16_t',
@@ -523,6 +524,7 @@
'struct mount_attr',
'struct statx',
'struct dirent64',
+ 'struct sched_attr',
]
# We get -1 if the size cannot be determined
@@ -568,6 +570,7 @@
#include <unistd.h>'''], # no known header declares pivot_root
['ioprio_get', '''#include <sched.h>'''], # no known header declares ioprio_get
['ioprio_set', '''#include <sched.h>'''], # no known header declares ioprio_set
+ ['sched_setattr', '''#include <sched.h>'''], # no known header declares sched_setattr
['name_to_handle_at', '''#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>'''],
diff -Nru systemd-252.27/mkosi.default.d/arch/10-mkosi.arch systemd-252.28/mkosi.default.d/arch/10-mkosi.arch
--- systemd-252.27/mkosi.default.d/arch/10-mkosi.arch 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/mkosi.default.d/arch/10-mkosi.arch 2024-07-07 11:52:10.000000000 +0100
@@ -8,6 +8,10 @@
[Distribution]
Distribution=arch
+# Booting with UEFI does not work on Arch in this branch
+[Host]
+QemuBoot=linux
+
[Content]
Packages=
compsize
diff -Nru systemd-252.27/mkosi.default.d/debian/10-mkosi.debian systemd-252.28/mkosi.default.d/debian/10-mkosi.debian
--- systemd-252.27/mkosi.default.d/debian/10-mkosi.debian 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/mkosi.default.d/debian/10-mkosi.debian 2024-07-07 11:52:10.000000000 +0100
@@ -7,6 +7,10 @@
Distribution=debian
Release=testing
+# Booting with UEFI does not work on Debian in this branch
+[Host]
+QemuBoot=linux
+
[Content]
Packages=
cryptsetup-bin
diff -Nru systemd-252.27/.packit.yml systemd-252.28/.packit.yml
--- systemd-252.27/.packit.yml 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/.packit.yml 1970-01-01 01:00:00.000000000 +0100
@@ -1,61 +0,0 @@
----
-# vi:ts=2 sw=2 et:
-#
-# Docs: https://packit.dev/docs/
-
-specfile_path: .packit_rpm/systemd.spec
-files_to_sync:
- - .packit.yml
- - src: .packit_rpm/systemd.spec
- dest: systemd.spec
-upstream_package_name: systemd
-downstream_package_name: systemd
-# `git describe` returns in systemd's case 'v245-xxx' which breaks RPM version
-# detection (that expects 245-xxxx'). Let's tweak the version string accordingly
-upstream_tag_template: "v{version}"
-srpm_build_deps: []
-
-actions:
- get-current-version:
- # Show the closest matching tag for the checked out revision, otherwise
- # Packit tries to get the latest tag by creation date, which doesn't work
- # well in the systemd-stable repo. We also need to sanitize it manually
- # since "upstream_tag_template" defined above doesn't apply here.
- - "bash -ec 'git describe --tags --abbrev=0 | cut -b 2-'"
-
- post-upstream-clone:
- # Use the Fedora 38 specfile
- - "git clone --branch f38 https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1"
- # Drop the "sources" file so rebase-helper doesn't think we're a dist-git
- - "rm -fv .packit_rpm/sources"
- # Drop backported patches from the specfile, but keep the downstream-only ones
- # - Patch(0000-0499): backported patches from upstream
- # - Patch0500-9999: downstream-only patches
- - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec"
- # Build the RPM with --werror. Even though --werror doesn't work in all
- # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the
- # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]).
- #
- # Remove ukify/new standalone handling, added in 253
- - "sed -i '/ukify/d' .packit_rpm/split-files.py"
- - "sed -i '/%files ukify/d' .packit_rpm/systemd.spec"
- - "sed -i '/%files standalone-repart/d' .packit_rpm/systemd.spec"
- - "sed -i '/%files standalone-shutdown/d' .packit_rpm/systemd.spec"
- # These options were added in 253
- - "sed -i '/-Ddefault-timeout-sec/d' .packit_rpm/systemd.spec"
- - "sed -i '/-Ddefault-user-timeout-sec/d' .packit_rpm/systemd.spec"
- # [0] https://github.com/mesonbuild/meson/issues/7360
- # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110
- - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec'
- # Ignore unpackages standalone binaries
- - "sed -i 's/assert False,.*/pass/' .packit_rpm/split-files.py"
-
-jobs:
-- job: copr_build
- trigger: pull_request
- targets:
- - fedora-38-aarch64
- - fedora-38-i386
- - fedora-38-ppc64le
- - fedora-38-s390x
- - fedora-38-x86_64
diff -Nru systemd-252.27/README systemd-252.28/README
--- systemd-252.27/README 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/README 2024-07-07 11:52:10.000000000 +0100
@@ -157,6 +157,7 @@
Required for systemd-oomd:
CONFIG_PSI
+ CONFIG_MEMCG
Note that kernel auditing is broken when used with systemd's container
code. When using systemd in conjunction with containers, please make
diff -Nru systemd-252.27/src/analyze/analyze-security.c systemd-252.28/src/analyze/analyze-security.c
--- systemd-252.27/src/analyze/analyze-security.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/analyze/analyze-security.c 2024-07-07 11:52:10.000000000 +0100
@@ -1256,8 +1256,8 @@
{
.id = "CapabilityBoundingSet=~CAP_BPF",
.json_field = "CapabilityBoundingSet_CAP_BPF",
- .description_good = "Service may load BPF programs",
- .description_bad = "Service may not load BPF programs",
+ .description_good = "Service may not load BPF programs",
+ .description_bad = "Service may load BPF programs",
.url = "https://www.freedesktop.org/software/systemd/man/systemd.exec.html#CapabilityBoundingSet=";,
.weight = 25,
.range = 1,
diff -Nru systemd-252.27/src/basic/missing_sched.h systemd-252.28/src/basic/missing_sched.h
--- systemd-252.27/src/basic/missing_sched.h 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/basic/missing_sched.h 2024-07-07 11:52:10.000000000 +0100
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
+#include <linux/types.h>
#include <sched.h>
#ifndef CLONE_NEWCGROUP
@@ -24,3 +25,20 @@
#ifndef TASK_COMM_LEN
#define TASK_COMM_LEN 16
#endif
+
+#if !HAVE_STRUCT_SCHED_ATTR
+struct sched_attr {
+ __u32 size; /* Size of this structure */
+ __u32 sched_policy; /* Policy (SCHED_*) */
+ __u64 sched_flags; /* Flags */
+ __s32 sched_nice; /* Nice value (SCHED_OTHER,
+ SCHED_BATCH) */
+ __u32 sched_priority; /* Static priority (SCHED_FIFO,
+ SCHED_RR) */
+ /* Remaining fields are for SCHED_DEADLINE
+ and potentially soon for SCHED_OTHER/SCHED_BATCH */
+ __u64 sched_runtime;
+ __u64 sched_deadline;
+ __u64 sched_period;
+};
+#endif
diff -Nru systemd-252.27/src/basic/missing_syscall.h systemd-252.28/src/basic/missing_syscall.h
--- systemd-252.27/src/basic/missing_syscall.h 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/basic/missing_syscall.h 2024-07-07 11:52:10.000000000 +0100
@@ -22,6 +22,7 @@
#include "macro.h"
#include "missing_keyctl.h"
+#include "missing_sched.h"
#include "missing_stat.h"
#include "missing_syscall_def.h"
@@ -637,3 +638,19 @@
# define getdents64 missing_getdents64
#endif
+
+/* ======================================================================= */
+
+#if !HAVE_SCHED_SETATTR
+
+static inline ssize_t missing_sched_setattr(pid_t pid, struct sched_attr *attr, unsigned int flags) {
+# if defined __NR_sched_setattr
+ return syscall(__NR_sched_setattr, pid, attr, flags);
+# else
+ errno = ENOSYS;
+ return -1;
+# endif
+}
+
+# define sched_setattr missing_sched_setattr
+#endif
diff -Nru systemd-252.27/src/basic/mountpoint-util.c systemd-252.28/src/basic/mountpoint-util.c
--- systemd-252.27/src/basic/mountpoint-util.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/basic/mountpoint-util.c 2024-07-07 11:52:10.000000000 +0100
@@ -224,8 +224,6 @@
/* If statx() is not available or forbidden, fall back to name_to_handle_at() below */
} else if (FLAGS_SET(sx.stx_attributes_mask, STATX_ATTR_MOUNT_ROOT)) /* yay! */
return FLAGS_SET(sx.stx_attributes, STATX_ATTR_MOUNT_ROOT);
- else if (FLAGS_SET(sx.stx_mask, STATX_TYPE) && S_ISLNK(sx.stx_mode))
- return false; /* symlinks are never mount points */
r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags);
if (r < 0) {
@@ -304,8 +302,6 @@
flags |= AT_SYMLINK_NOFOLLOW;
if (fstatat(fd, filename, &a, flags) < 0)
return -errno;
- if (S_ISLNK(a.st_mode)) /* Symlinks are never mount points */
- return false;
if (isempty(filename))
r = fstatat(fd, "..", &b, 0);
diff -Nru systemd-252.27/src/core/execute.c systemd-252.28/src/core/execute.c
--- systemd-252.27/src/core/execute.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/core/execute.c 2024-07-07 11:52:10.000000000 +0100
@@ -2,6 +2,7 @@
#include <errno.h>
#include <fcntl.h>
+#include <linux/sched.h>
#include <poll.h>
#include <sys/eventfd.h>
#include <sys/file.h>
@@ -73,6 +74,7 @@
#include "memory-util.h"
#include "missing_fs.h"
#include "missing_ioprio.h"
+#include "missing_sched.h"
#include "mkdir-label.h"
#include "mount-util.h"
#include "mountpoint-util.h"
@@ -4445,15 +4447,14 @@
}
if (context->cpu_sched_set) {
- struct sched_param param = {
+ struct sched_attr attr = {
+ .size = sizeof(attr),
+ .sched_policy = context->cpu_sched_policy,
.sched_priority = context->cpu_sched_priority,
+ .sched_flags = context->cpu_sched_reset_on_fork ? SCHED_FLAG_RESET_ON_FORK : 0,
};
- r = sched_setscheduler(0,
- context->cpu_sched_policy |
- (context->cpu_sched_reset_on_fork ?
- SCHED_RESET_ON_FORK : 0),
- ¶m);
+ r = sched_setattr(/* pid= */ 0, &attr, /* flags= */ 0);
if (r < 0) {
*exit_status = EXIT_SETSCHEDULER;
return log_unit_error_errno(unit, errno, "Failed to set up CPU scheduling: %m");
diff -Nru systemd-252.27/src/core/unit.c systemd-252.28/src/core/unit.c
--- systemd-252.27/src/core/unit.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/core/unit.c 2024-07-07 11:52:10.000000000 +0100
@@ -1411,11 +1411,13 @@
u->load_state = UNIT_LOADED;
}
+ u = unit_follow_merge(u);
+
/* Load drop-in directory data. If u is an alias, we might be reloading the
* target unit needlessly. But we cannot be sure which drops-ins have already
* been loaded and which not, at least without doing complicated book-keeping,
* so let's always reread all drop-ins. */
- r = unit_load_dropin(unit_follow_merge(u));
+ r = unit_load_dropin(u);
if (r < 0)
return r;
diff -Nru systemd-252.27/src/coredump/coredump.c systemd-252.28/src/coredump/coredump.c
--- systemd-252.27/src/coredump/coredump.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/coredump/coredump.c 2024-07-07 11:52:10.000000000 +0100
@@ -560,17 +560,21 @@
bus_error_message(&error, r));
}
+ /* First, ensure we are not going to go over the cgroup limit */
max_size = MIN(cgroup_limit, max_size);
- max_size = LESS_BY(max_size, 1024U) / 2; /* Account for 1KB metadata overhead for compressing */
- max_size = MAX(PROCESS_SIZE_MIN, max_size); /* Impose a lower minimum */
-
- /* tmpfs might get full quickly, so check the available space too.
- * But don't worry about errors here, failing to access the storage
- * location will be better logged when writing to it. */
+ /* tmpfs might get full quickly, so check the available space too. But don't worry about
+ * errors here, failing to access the storage location will be better logged when writing to
+ * it. */
if (statvfs("/var/lib/systemd/coredump/", &sv) >= 0)
max_size = MIN((uint64_t)sv.f_frsize * (uint64_t)sv.f_bfree, max_size);
+ /* Impose a lower minimum, otherwise we will miss the basic headers. */
+ max_size = MAX(PROCESS_SIZE_MIN, max_size);
+ /* Ensure we can always switch to compressing on the fly in case we are running out of space
+ * by keeping half of the space/memory available, plus 1KB metadata overhead from the
+ * compression algorithm. */
+ max_size = LESS_BY(max_size, 1024U) / 2;
- log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup memory limits.", max_size);
+ log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup and/or filesystem limits.", max_size);
}
r = copy_bytes(input_fd, fd, max_size, 0);
diff -Nru systemd-252.27/src/resolve/resolved-dns-packet.c systemd-252.28/src/resolve/resolved-dns-packet.c
--- systemd-252.27/src/resolve/resolved-dns-packet.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/resolve/resolved-dns-packet.c 2024-07-07 11:52:10.000000000 +0100
@@ -1725,9 +1725,9 @@
if (r < 0)
return r;
- /* RFC 2181, Section 8, suggests to
- * treat a TTL with the MSB set as a zero TTL. */
- if (rr->ttl & UINT32_C(0x80000000))
+ /* RFC 2181, Section 8, suggests to treat a TTL with the MSB set as a zero TTL. We avoid doing this
+ * for OPT records so that all 8 bits of the extended RCODE may be used .*/
+ if (key->type != DNS_TYPE_OPT && rr->ttl & UINT32_C(0x80000000))
rr->ttl = 0;
r = dns_packet_read_uint16(p, &rdlength, NULL);
diff -Nru systemd-252.27/src/resolve/resolved-dns-packet.h systemd-252.28/src/resolve/resolved-dns-packet.h
--- systemd-252.27/src/resolve/resolved-dns-packet.h 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/resolve/resolved-dns-packet.h 2024-07-07 11:52:10.000000000 +0100
@@ -117,7 +117,7 @@
uint16_t rcode;
if (p->opt)
- rcode = (uint16_t) (p->opt->ttl >> 24);
+ rcode = (uint16_t) ((p->opt->ttl >> 20) & 0xFF0);
else
rcode = 0;
diff -Nru systemd-252.27/src/shared/condition.c systemd-252.28/src/shared/condition.c
--- systemd-252.27/src/shared/condition.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/shared/condition.c 2024-07-07 11:52:10.000000000 +0100
@@ -987,6 +987,7 @@
loadavg_t *current, limit;
ResourcePressure pressure;
int r;
+ PressureType preferred_pressure_type = PRESSURE_TYPE_FULL;
assert(c);
assert(c->parameter);
@@ -1007,6 +1008,10 @@
return log_debug_errno(r < 0 ? r : SYNTHETIC_ERRNO(EINVAL), "Failed to parse condition parameter %s: %m", c->parameter);
/* If only one parameter is passed, then we look at the global system pressure rather than a specific cgroup. */
if (r == 1) {
+ /* cpu.pressure 'full' is reported but undefined at system level */
+ if(c->type == CONDITION_CPU_PRESSURE)
+ preferred_pressure_type = PRESSURE_TYPE_SOME;
+
pressure_path = path_join("/proc/pressure", pressure_type);
if (!pressure_path)
return log_oom_debug();
@@ -1111,8 +1116,9 @@
if (r < 0)
return log_debug_errno(r, "Failed to parse loadavg: %s", c->parameter);
- r = read_resource_pressure(pressure_path, PRESSURE_TYPE_FULL, &pressure);
- if (r == -ENODATA) /* cpu.pressure 'full' was added recently, fall back to 'some'. */
+ r = read_resource_pressure(pressure_path, preferred_pressure_type, &pressure);
+ /* cpu.pressure 'full' was recently added at cgroup level, fall back to 'some' */
+ if (r == -ENODATA && preferred_pressure_type == PRESSURE_TYPE_FULL)
r = read_resource_pressure(pressure_path, PRESSURE_TYPE_SOME, &pressure);
if (r == -ENOENT) {
/* We already checked that /proc/pressure exists, so this means we were given a cgroup
diff -Nru systemd-252.27/src/sysusers/sysusers.c systemd-252.28/src/sysusers/sysusers.c
--- systemd-252.27/src/sysusers/sysusers.c 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/src/sysusers/sysusers.c 2024-07-07 11:52:10.000000000 +0100
@@ -978,7 +978,7 @@
if (p)
return 0;
if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
if (check_with_gid) {
errno = 0;
@@ -987,7 +987,7 @@
if (!streq(g->gr_name, name))
return 0;
} else if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
}
}
@@ -1092,7 +1092,7 @@
return 0;
}
if (!errno_is_not_exists(errno))
- return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
+ log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name);
}
/* Try to use the suggested numeric UID */
@@ -1198,7 +1198,7 @@
if (g)
return 0;
if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
if (check_with_uid) {
errno = 0;
@@ -1206,7 +1206,7 @@
if (p)
return 0;
if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
}
}
@@ -1236,7 +1236,7 @@
return 0;
}
if (!errno_is_not_exists(errno))
- return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
+ log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name);
}
return -ENOENT;
diff -Nru systemd-252.27/test/TEST-24-CRYPTSETUP/test.sh systemd-252.28/test/TEST-24-CRYPTSETUP/test.sh
--- systemd-252.27/test/TEST-24-CRYPTSETUP/test.sh 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/test/TEST-24-CRYPTSETUP/test.sh 2024-07-07 11:52:10.000000000 +0100
@@ -72,7 +72,7 @@
# Forward journal messages to the console, so we have something to investigate even if we fail to mount
# the encrypted /var
- mkdir "$initdir/etc/systemd/journald.conf.d/"
+ mkdir -p "$initdir/etc/systemd/journald.conf.d/"
echo -ne "[Journal]\nForwardToConsole=yes\n" >"$initdir/etc/systemd/journald.conf.d/99-forward.conf"
# If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt
diff -Nru systemd-252.27/test/test-functions systemd-252.28/test/test-functions
--- systemd-252.27/test/test-functions 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/test/test-functions 2024-07-07 11:52:10.000000000 +0100
@@ -1912,6 +1912,7 @@
install_config_files() {
dinfo "Install config files"
inst /etc/sysconfig/init || :
+ inst /etc/hosts || :
inst /etc/passwd
inst /etc/shadow
inst_any /etc/login.defs /usr/etc/login.defs
diff -Nru systemd-252.27/test/units/TEST-74-AUX-UTILS.sysusers.sh systemd-252.28/test/units/TEST-74-AUX-UTILS.sysusers.sh
--- systemd-252.27/test/units/TEST-74-AUX-UTILS.sysusers.sh 1970-01-01 01:00:00.000000000 +0100
+++ systemd-252.28/test/units/TEST-74-AUX-UTILS.sysusers.sh 2024-07-07 11:52:10.000000000 +0100
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+at_exit() {
+ set +e
+ userdel -r foobarbaz
+ umount /run/systemd/userdb/
+}
+
+# Check that we indeed run under root to make the rest of the test work
+[[ "$(id -u)" -eq 0 ]]
+
+trap at_exit EXIT
+
+# Ensure that a non-responsive NSS socket doesn't make sysusers fail
+mount -t tmpfs tmpfs /run/systemd/userdb/
+touch /run/systemd/userdb/io.systemd.DynamicUser
+echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
+grep -q foobarbaz /etc/passwd
diff -Nru systemd-252.27/test/units/testsuite-64.sh systemd-252.28/test/units/testsuite-64.sh
--- systemd-252.27/test/units/testsuite-64.sh 2024-06-25 21:13:13.000000000 +0100
+++ systemd-252.28/test/units/testsuite-64.sh 2024-07-07 11:52:10.000000000 +0100
@@ -183,8 +183,8 @@
/dev/disk/by-id/nvme-QEMU_NVMe_Ctrl_deadbeef_16
/dev/disk/by-id/nvme-QEMU_NVMe_Ctrl_deadbeef_17
# Shared namespaces
- /dev/disk/by-path/pci-*-nvme-16
- /dev/disk/by-path/pci-*-nvme-17
+ /dev/disk/by-path/*pci*-nvme-16
+ /dev/disk/by-path/*pci*-nvme-17
)
udevadm wait --settle --timeout=30 "${expected_symlinks[@]}"
signature.asc
Description: This is a digitally signed message part
