From a10ddf58e62667a9981d4f6faae740c629d9cd23 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Oct 26 2017 11:17:02 +0000 Subject: Backport a bunch of patches and update hwdb --- diff --git a/0076-fix-includes.patch b/0076-fix-includes.patch new file mode 100644 index 0000000..edf1b5b --- /dev/null +++ b/0076-fix-includes.patch @@ -0,0 +1,40 @@ +From 93dc6dbed1ee66619f5005f6209920ea051474a8 Mon Sep 17 00:00:00 2001 +From: Matija Skala +Date: Wed, 15 Mar 2017 13:21:10 +0100 +Subject: [PATCH] fix includes + +linux/sockios.h is needed for the SIOCGSTAMPNS macro + +xlocale.h is included indirectly in glibc and doesn't even exist in +other libcs + +(cherry picked from commit 284d1cd0a12cad96a5ea61d1afb0dd677dbd147e) +--- + src/basic/parse-util.c | 1 - + src/libsystemd-network/sd-lldp.c | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/parse-util.c b/src/basic/parse-util.c +index 6e58ced6f5..d86700736d 100644 +--- a/src/basic/parse-util.c ++++ b/src/basic/parse-util.c +@@ -23,7 +23,6 @@ + #include + #include + #include +-#include + + #include "alloc-util.h" + #include "extract-word.h" +diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c +index 0702241506..39ddb2461a 100644 +--- a/src/libsystemd-network/sd-lldp.c ++++ b/src/libsystemd-network/sd-lldp.c +@@ -19,6 +19,7 @@ + ***/ + + #include ++#include + + #include "sd-lldp.h" + diff --git a/0076-test-resolved-packet-add-a-simple-test-for-our-alloc.patch b/0076-test-resolved-packet-add-a-simple-test-for-our-alloc.patch deleted file mode 100644 index 89053c1..0000000 --- a/0076-test-resolved-packet-add-a-simple-test-for-our-alloc.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 976d4b21b85aad15bf359089dd84b39c48347fb2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 18 Jun 2017 15:53:15 -0400 -Subject: [PATCH] test-resolved-packet: add a simple test for our allocation - functions - ---- - .gitignore | 1 + - Makefile.am | 14 ++++++++++++ - src/resolve/test-resolved-packet.c | 45 ++++++++++++++++++++++++++++++++++++++ - 3 files changed, 60 insertions(+) - create mode 100644 src/resolve/test-resolved-packet.c - -diff --git a/.gitignore b/.gitignore -index f7db68b4a6..814a1c8861 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -255,6 +255,7 @@ - /test-replace-var - /test-resolve - /test-resolve-tables -+/test-resolved-packet - /test-ring - /test-rlimit-util - /test-sched-prio -diff --git a/Makefile.am b/Makefile.am -index 0c27f81986..e8d72a8129 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -5451,6 +5451,7 @@ dist_zshcompletion_data += \ - tests += \ - test-dns-packet \ - test-resolve-tables \ -+ test-resolved-packet \ - test-dnssec - - manual_tests += \ -@@ -5472,6 +5473,19 @@ test_resolve_tables_LDADD = \ - $(GCRYPT_LIBS) \ - -lm - -+test_resolved_packet_SOURCES = \ -+ src/resolve/test-resolved-packet.c \ -+ $(basic_dns_sources) -+ -+test_resolved_packet_CFLAGS = \ -+ $(AM_CFLAGS) \ -+ $(GCRYPT_CFLAGS) -+ -+test_resolved_packet_LDADD = \ -+ libsystemd-shared.la \ -+ $(GCRYPT_LIBS) \ -+ -lm -+ - test_dns_packet_SOURCES = \ - src/resolve/test-dns-packet.c \ - $(basic_dns_sources) -diff --git a/src/resolve/test-resolved-packet.c b/src/resolve/test-resolved-packet.c -new file mode 100644 -index 0000000000..8b7da1408d ---- /dev/null -+++ b/src/resolve/test-resolved-packet.c -@@ -0,0 +1,45 @@ -+/*** -+ This file is part of systemd -+ -+ Copyright 2017 Zbigniew Jędrzejewski-Szmek -+ -+ systemd is free software; you can redistribute it and/or modify it -+ under the terms of the GNU Lesser General Public License as published by -+ the Free Software Foundation; either version 2.1 of the License, or -+ (at your option) any later version. -+ -+ systemd is distributed in the hope that it will be useful, but -+ WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public License -+ along with systemd; If not, see . -+***/ -+ -+#include "log.h" -+#include "resolved-dns-packet.h" -+ -+static void test_dns_packet_new(void) { -+ size_t i; -+ -+ for (i = 0; i < DNS_PACKET_SIZE_MAX + 2; i++) { -+ _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; -+ -+ assert_se(dns_packet_new(&p, DNS_PROTOCOL_DNS, i) == 0); -+ -+ log_debug("dns_packet_new: %zu → %zu", i, p->allocated); -+ assert_se(p->allocated >= MIN(DNS_PACKET_SIZE_MAX, i)); -+ } -+} -+ -+int main(int argc, char **argv) { -+ -+ log_set_max_level(LOG_DEBUG); -+ log_parse_environment(); -+ log_open(); -+ -+ test_dns_packet_new(); -+ -+ return 0; -+} --- -2.13.0 - diff --git a/0077-resolved-simplify-alloc-size-calculation.patch b/0077-resolved-simplify-alloc-size-calculation.patch deleted file mode 100644 index 0d4bdda..0000000 --- a/0077-resolved-simplify-alloc-size-calculation.patch +++ /dev/null @@ -1,51 +0,0 @@ -From e3abee3dee32ae7cd8e937e44ace94ab7f45ede9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 18 Jun 2017 16:07:57 -0400 -Subject: [PATCH] resolved: simplify alloc size calculation - -The allocation size was calculated in a complicated way, and for values -close to the page size we would actually allocate less than requested. - -Reported by Chris Coulson . - -CVE-2017-9445 ---- - src/resolve/resolved-dns-packet.c | 8 +------- - src/resolve/resolved-dns-packet.h | 2 -- - 2 files changed, 1 insertion(+), 9 deletions(-) - -diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c -index 8b620cb6a8..7262a50eee 100644 ---- a/src/resolve/resolved-dns-packet.c -+++ b/src/resolve/resolved-dns-packet.c -@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { - - assert(ret); - -- if (mtu <= UDP_PACKET_HEADER_SIZE) -- a = DNS_PACKET_SIZE_START; -- else -- a = mtu - UDP_PACKET_HEADER_SIZE; -- -- if (a < DNS_PACKET_HEADER_SIZE) -- a = DNS_PACKET_HEADER_SIZE; -+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); - - /* round up to next page size */ - a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); -diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h -index 7b7d4e14c9..05a7a844e4 100644 ---- a/src/resolve/resolved-dns-packet.h -+++ b/src/resolve/resolved-dns-packet.h -@@ -66,8 +66,6 @@ struct DnsPacketHeader { - /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ - #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 - --#define DNS_PACKET_SIZE_START 512 -- - struct DnsPacket { - int n_ref; - DnsProtocol protocol; --- -2.13.0 - diff --git a/0077-test-resolved-packet-add-a-simple-test-for-our-alloc.patch b/0077-test-resolved-packet-add-a-simple-test-for-our-alloc.patch new file mode 100644 index 0000000..df8f2c7 --- /dev/null +++ b/0077-test-resolved-packet-add-a-simple-test-for-our-alloc.patch @@ -0,0 +1,109 @@ +From 7586bc7e5006fd7df55199283de4766b2775f60f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 18 Jun 2017 15:53:15 -0400 +Subject: [PATCH] test-resolved-packet: add a simple test for our allocation + functions + +(cherry picked from commit 751ca3f1de316ca79b60001334dbdf54077e1d01) +--- + .gitignore | 1 + + Makefile.am | 14 ++++++++++++ + src/resolve/test-resolved-packet.c | 45 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 60 insertions(+) + create mode 100644 src/resolve/test-resolved-packet.c + +diff --git a/.gitignore b/.gitignore +index 01cb6e7db7..25b976a0e3 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -269,6 +269,7 @@ + /test-replace-var + /test-resolve + /test-resolve-tables ++/test-resolved-packet + /test-ring + /test-rlimit-util + /test-sched-prio +diff --git a/Makefile.am b/Makefile.am +index a767a5aa0d..e97a66e0fa 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -5663,6 +5663,7 @@ dist_zshcompletion_data += \ + tests += \ + test-dns-packet \ + test-resolve-tables \ ++ test-resolved-packet \ + test-dnssec + + manual_tests += \ +@@ -5684,6 +5685,19 @@ test_resolve_tables_LDADD = \ + $(GCRYPT_LIBS) \ + -lm + ++test_resolved_packet_SOURCES = \ ++ src/resolve/test-resolved-packet.c \ ++ $(basic_dns_sources) ++ ++test_resolved_packet_CFLAGS = \ ++ $(AM_CFLAGS) \ ++ $(GCRYPT_CFLAGS) ++ ++test_resolved_packet_LDADD = \ ++ libsystemd-shared.la \ ++ $(GCRYPT_LIBS) \ ++ -lm ++ + test_dns_packet_SOURCES = \ + src/resolve/test-dns-packet.c \ + $(basic_dns_sources) +diff --git a/src/resolve/test-resolved-packet.c b/src/resolve/test-resolved-packet.c +new file mode 100644 +index 0000000000..8b7da1408d +--- /dev/null ++++ b/src/resolve/test-resolved-packet.c +@@ -0,0 +1,45 @@ ++/*** ++ This file is part of systemd ++ ++ Copyright 2017 Zbigniew Jędrzejewski-Szmek ++ ++ systemd is free software; you can redistribute it and/or modify it ++ under the terms of the GNU Lesser General Public License as published by ++ the Free Software Foundation; either version 2.1 of the License, or ++ (at your option) any later version. ++ ++ systemd is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public License ++ along with systemd; If not, see . ++***/ ++ ++#include "log.h" ++#include "resolved-dns-packet.h" ++ ++static void test_dns_packet_new(void) { ++ size_t i; ++ ++ for (i = 0; i < DNS_PACKET_SIZE_MAX + 2; i++) { ++ _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL; ++ ++ assert_se(dns_packet_new(&p, DNS_PROTOCOL_DNS, i) == 0); ++ ++ log_debug("dns_packet_new: %zu → %zu", i, p->allocated); ++ assert_se(p->allocated >= MIN(DNS_PACKET_SIZE_MAX, i)); ++ } ++} ++ ++int main(int argc, char **argv) { ++ ++ log_set_max_level(LOG_DEBUG); ++ log_parse_environment(); ++ log_open(); ++ ++ test_dns_packet_new(); ++ ++ return 0; ++} diff --git a/0078-resolved-do-not-allocate-packets-with-minimum-size.patch b/0078-resolved-do-not-allocate-packets-with-minimum-size.patch deleted file mode 100644 index f6424a8..0000000 --- a/0078-resolved-do-not-allocate-packets-with-minimum-size.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 626e9ef495474c95e3143ddae1a498d391c2a008 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 27 Jun 2017 14:20:00 -0400 -Subject: [PATCH] resolved: do not allocate packets with minimum size - -dns_packet_new() is sometimes called with mtu == 0, and in that case we should -allocate more than the absolute minimum (which is the dns packet header size), -otherwise we have to resize immediately again after appending the first data to -the packet. - -This partially reverts the previous commit. ---- - src/resolve/resolved-dns-packet.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c -index 7262a50eee..c1ee755d9f 100644 ---- a/src/resolve/resolved-dns-packet.c -+++ b/src/resolve/resolved-dns-packet.c -@@ -28,6 +28,9 @@ - - #define EDNS0_OPT_DO (1<<15) - -+#define DNS_PACKET_SIZE_START 512 -+assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) -+ - typedef struct DnsPacketRewinder { - DnsPacket *packet; - size_t saved_rindex; -@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { - - assert(ret); - -- a = MAX(mtu, DNS_PACKET_HEADER_SIZE); -+ /* When dns_packet_new() is called with mtu == 0, allocate more than the -+ * absolute minimum (which is the dns packet header size), to avoid -+ * resizing immediately again after appending the first data to the packet. -+ */ -+ if (mtu < UDP_PACKET_HEADER_SIZE) -+ a = DNS_PACKET_SIZE_START; -+ else -+ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); - - /* round up to next page size */ - a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); --- -2.13.0 - diff --git a/0078-resolved-simplify-alloc-size-calculation.patch b/0078-resolved-simplify-alloc-size-calculation.patch new file mode 100644 index 0000000..0c3fead --- /dev/null +++ b/0078-resolved-simplify-alloc-size-calculation.patch @@ -0,0 +1,50 @@ +From fa30043f5a3e4eaff50a72bad95601d582ac045d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 18 Jun 2017 16:07:57 -0400 +Subject: [PATCH] resolved: simplify alloc size calculation + +The allocation size was calculated in a complicated way, and for values +close to the page size we would actually allocate less than requested. + +Reported by Chris Coulson . + +CVE-2017-9445 + +(cherry picked from commit db848813bae4d28c524b3b6a7dad135e426659ce) +--- + src/resolve/resolved-dns-packet.c | 8 +------- + src/resolve/resolved-dns-packet.h | 2 -- + 2 files changed, 1 insertion(+), 9 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index 240ee448f4..821b66e266 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -47,13 +47,7 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { + + assert(ret); + +- if (mtu <= UDP_PACKET_HEADER_SIZE) +- a = DNS_PACKET_SIZE_START; +- else +- a = mtu - UDP_PACKET_HEADER_SIZE; +- +- if (a < DNS_PACKET_HEADER_SIZE) +- a = DNS_PACKET_HEADER_SIZE; ++ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); + + /* round up to next page size */ + a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); +diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h +index 2c92392e4d..3abcaf8cf3 100644 +--- a/src/resolve/resolved-dns-packet.h ++++ b/src/resolve/resolved-dns-packet.h +@@ -66,8 +66,6 @@ struct DnsPacketHeader { + /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ + #define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 + +-#define DNS_PACKET_SIZE_START 512 +- + struct DnsPacket { + int n_ref; + DnsProtocol protocol; diff --git a/0079-resolved-define-various-packet-sizes-as-unsigned.patch b/0079-resolved-define-various-packet-sizes-as-unsigned.patch deleted file mode 100644 index 2856753..0000000 --- a/0079-resolved-define-various-packet-sizes-as-unsigned.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 46ee71cfab1eebcd57109c5ee402d13a7b9d2468 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 27 Jun 2017 16:59:06 -0400 -Subject: [PATCH] resolved: define various packet sizes as unsigned - -This seems like the right thing to do, and apparently at least some compilers -warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX. ---- - src/resolve/resolved-dns-packet.c | 2 +- - src/resolve/resolved-dns-packet.h | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c -index c1ee755d9f..fd37363ece 100644 ---- a/src/resolve/resolved-dns-packet.c -+++ b/src/resolve/resolved-dns-packet.c -@@ -28,7 +28,7 @@ - - #define EDNS0_OPT_DO (1<<15) - --#define DNS_PACKET_SIZE_START 512 -+#define DNS_PACKET_SIZE_START 512u - assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) - - typedef struct DnsPacketRewinder { -diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h -index 05a7a844e4..1020db0221 100644 ---- a/src/resolve/resolved-dns-packet.h -+++ b/src/resolve/resolved-dns-packet.h -@@ -58,13 +58,13 @@ struct DnsPacketHeader { - /* The various DNS protocols deviate in how large a packet can grow, - but the TCP transport has a 16bit size field, hence that appears to - be the absolute maximum. */ --#define DNS_PACKET_SIZE_MAX 0xFFFF -+#define DNS_PACKET_SIZE_MAX 0xFFFFu - - /* RFC 1035 say 512 is the maximum, for classic unicast DNS */ --#define DNS_PACKET_UNICAST_SIZE_MAX 512 -+#define DNS_PACKET_UNICAST_SIZE_MAX 512u - - /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ --#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 -+#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u - - struct DnsPacket { - int n_ref; --- -2.13.0 - diff --git a/0079-resolved-do-not-allocate-packets-with-minimum-size.patch b/0079-resolved-do-not-allocate-packets-with-minimum-size.patch new file mode 100644 index 0000000..72b8035 --- /dev/null +++ b/0079-resolved-do-not-allocate-packets-with-minimum-size.patch @@ -0,0 +1,47 @@ +From b38575cb49041e586b0732d759a06801e587bb90 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 27 Jun 2017 14:20:00 -0400 +Subject: [PATCH] resolved: do not allocate packets with minimum size + +dns_packet_new() is sometimes called with mtu == 0, and in that case we should +allocate more than the absolute minimum (which is the dns packet header size), +otherwise we have to resize immediately again after appending the first data to +the packet. + +This partially reverts the previous commit. + +(cherry picked from commit 88795538726a5bbfd9efc13d441cb05e1d7fc139) +--- + src/resolve/resolved-dns-packet.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index 821b66e266..d1f0f760a4 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -28,6 +28,9 @@ + + #define EDNS0_OPT_DO (1<<15) + ++#define DNS_PACKET_SIZE_START 512 ++assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) ++ + typedef struct DnsPacketRewinder { + DnsPacket *packet; + size_t saved_rindex; +@@ -47,7 +50,14 @@ int dns_packet_new(DnsPacket **ret, DnsProtocol protocol, size_t mtu) { + + assert(ret); + +- a = MAX(mtu, DNS_PACKET_HEADER_SIZE); ++ /* When dns_packet_new() is called with mtu == 0, allocate more than the ++ * absolute minimum (which is the dns packet header size), to avoid ++ * resizing immediately again after appending the first data to the packet. ++ */ ++ if (mtu < UDP_PACKET_HEADER_SIZE) ++ a = DNS_PACKET_SIZE_START; ++ else ++ a = MAX(mtu, DNS_PACKET_HEADER_SIZE); + + /* round up to next page size */ + a = PAGE_ALIGN(ALIGN(sizeof(DnsPacket)) + a) - ALIGN(sizeof(DnsPacket)); diff --git a/0080-resolved-define-various-packet-sizes-as-unsigned.patch b/0080-resolved-define-various-packet-sizes-as-unsigned.patch new file mode 100644 index 0000000..4c6e7e4 --- /dev/null +++ b/0080-resolved-define-various-packet-sizes-as-unsigned.patch @@ -0,0 +1,48 @@ +From d0553ece1ec2b4c586ac033ae2cb9baf22d0af33 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 27 Jun 2017 16:59:06 -0400 +Subject: [PATCH] resolved: define various packet sizes as unsigned + +This seems like the right thing to do, and apparently at least some compilers +warn about signed/unsigned comparisons with DNS_PACKET_SIZE_MAX. + +(cherry picked from commit 64a21fdaca7c93f1c30b21f6fdbd2261798b161a) +--- + src/resolve/resolved-dns-packet.c | 2 +- + src/resolve/resolved-dns-packet.h | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index d1f0f760a4..a486216d68 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -28,7 +28,7 @@ + + #define EDNS0_OPT_DO (1<<15) + +-#define DNS_PACKET_SIZE_START 512 ++#define DNS_PACKET_SIZE_START 512u + assert_cc(DNS_PACKET_SIZE_START > UDP_PACKET_HEADER_SIZE) + + typedef struct DnsPacketRewinder { +diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h +index 3abcaf8cf3..5dff272fd9 100644 +--- a/src/resolve/resolved-dns-packet.h ++++ b/src/resolve/resolved-dns-packet.h +@@ -58,13 +58,13 @@ struct DnsPacketHeader { + /* The various DNS protocols deviate in how large a packet can grow, + but the TCP transport has a 16bit size field, hence that appears to + be the absolute maximum. */ +-#define DNS_PACKET_SIZE_MAX 0xFFFF ++#define DNS_PACKET_SIZE_MAX 0xFFFFu + + /* RFC 1035 say 512 is the maximum, for classic unicast DNS */ +-#define DNS_PACKET_UNICAST_SIZE_MAX 512 ++#define DNS_PACKET_UNICAST_SIZE_MAX 512u + + /* With EDNS0 we can use larger packets, default to 4096, which is what is commonly used */ +-#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096 ++#define DNS_PACKET_UNICAST_SIZE_LARGE_MAX 4096u + + struct DnsPacket { + int n_ref; diff --git a/0081-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch b/0081-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch new file mode 100644 index 0000000..815fd15 --- /dev/null +++ b/0081-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch @@ -0,0 +1,32 @@ +From c21be74a657c56bfc4091428b54189682c354640 Mon Sep 17 00:00:00 2001 +From: Daniel Berrange +Date: Wed, 19 Jul 2017 10:06:07 +0100 +Subject: [PATCH] virt: enable detecting QEMU (TCG) via CPUID (#6399) + +QEMU >= 2.10 will include a CPUID leaf with value "TCGTCGTCGTCG" +on x86 when running with the TCG CPU emulator: + + https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05231.html + +Existing methods of detecting QEMU are left unchanged for sake of +backcompatibility. + +Signed-off-by: Daniel P. Berrange +(cherry picked from commit 5588612e9e8828691f13141e3fcebe08a59201fe) +(cherry picked from commit ce0609bc26d33e47b23fbbe1aa7465283a10fb10) +--- + src/basic/virt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index ff4491d6d6..b69076214e 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -46,6 +46,7 @@ static int detect_vm_cpuid(void) { + } cpuid_vendor_table[] = { + { "XenVMMXenVMM", VIRTUALIZATION_XEN }, + { "KVMKVMKVM", VIRTUALIZATION_KVM }, ++ { "TCGTCGTCGTCG", VIRTUALIZATION_QEMU }, + /* http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1009458 */ + { "VMwareVMware", VIRTUALIZATION_VMWARE }, + /* https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs */ diff --git a/0082-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch b/0082-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch new file mode 100644 index 0000000..47f0de5 --- /dev/null +++ b/0082-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch @@ -0,0 +1,46 @@ +From 638c0dbabd348a664c85cbaf0ab10f317468b576 Mon Sep 17 00:00:00 2001 +From: "S. Fan" +Date: Mon, 31 Jul 2017 05:10:10 -0500 +Subject: [PATCH] rfkill: fix erroneous behavior when polling the udev monitor + (#6489) + +Comparing udev_device_get_sysname(device) and sysname will always return +true. We need to check the device received from udev monitor instead. + +Also, fd_wait_for_event() sometimes never exits. Better set a timeout +here. + +(cherry picked from commit 8ec1a07998758f6a85f3ea5bf2ed14d87609398f) +(cherry picked from commit cd8a9ccb7c06394a64bfe0cd2a88fad7be8e3f9f) +--- + src/rfkill/rfkill.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c +index c0f138b4f4..470853d1d2 100644 +--- a/src/rfkill/rfkill.c ++++ b/src/rfkill/rfkill.c +@@ -138,17 +138,21 @@ static int wait_for_initialized( + for (;;) { + _cleanup_udev_device_unref_ struct udev_device *t = NULL; + +- r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY); ++ r = fd_wait_for_event(watch_fd, POLLIN, EXIT_USEC); + if (r == -EINTR) + continue; + if (r < 0) + return log_error_errno(r, "Failed to watch udev monitor: %m"); ++ if (r == 0) { ++ log_error("Timed out wating for udev monitor."); ++ return -ETIMEDOUT; ++ } + + t = udev_monitor_receive_device(monitor); + if (!t) + continue; + +- if (streq_ptr(udev_device_get_sysname(device), sysname)) { ++ if (streq_ptr(udev_device_get_sysname(t), sysname)) { + *ret = udev_device_ref(t); + return 0; + } diff --git a/0083-process-util-update-the-end-pointer-of-the-process-n.patch b/0083-process-util-update-the-end-pointer-of-the-process-n.patch new file mode 100644 index 0000000..6fe8b26 --- /dev/null +++ b/0083-process-util-update-the-end-pointer-of-the-process-n.patch @@ -0,0 +1,64 @@ +From 40f2740483074ba47cc78f0a88cfbc02dc108fb4 Mon Sep 17 00:00:00 2001 +From: Jouke Witteveen +Date: Wed, 2 Aug 2017 17:08:31 +0200 +Subject: [PATCH] process-util: update the end pointer of the process name on + rename (#6492) + +We only updated the end pointer when allocating new memory, i.e. on the first +call to rename_process. + +(cherry picked from commit 01f989c66253ea923679ffddf266ea13339c295b) +(cherry picked from commit 4caa10a6bedf7a18b42e011bdbdb4b9c425c0d6d) +--- + src/basic/process-util.c | 26 +++++++++++++++----------- + 1 file changed, 15 insertions(+), 11 deletions(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 0df3fed640..923f6bcb70 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -312,19 +312,18 @@ int rename_process(const char name[]) { + /* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but + * has the advantage that the argv[] array is exactly what we want it to be, and not filled up with zeros at + * the end. This is the best option for changing /proc/self/cmdline. */ +- if (mm_size < l+1) { ++ ++ /* Let's not bother with this if we don't have euid == 0. Strictly speaking we should check for the ++ * CAP_SYS_RESOURCE capability which is independent of the euid. In our own code the capability generally is ++ * present only for euid == 0, hence let's use this as quick bypass check, to avoid calling mmap() if ++ * PR_SET_MM_ARG_{START,END} fails with EPERM later on anyway. After all geteuid() is dead cheap to call, but ++ * mmap() is not. */ ++ if (geteuid() != 0) ++ log_debug("Skipping PR_SET_MM, as we don't have privileges."); ++ else if (mm_size < l+1) { + size_t nn_size; + char *nn; + +- /* Let's not bother with this if we don't have euid == 0. Strictly speaking if people do weird stuff +- * with capabilities this could work even for euid != 0, but our own code generally doesn't do that, +- * hence let's use this as quick bypass check, to avoid calling mmap() if PR_SET_MM_ARG_START fails +- * with EPERM later on anyway. After all geteuid() is dead cheap to call, but mmap() is not. */ +- if (geteuid() != 0) { +- log_debug("Skipping PR_SET_MM_ARG_START, as we don't have privileges."); +- goto use_saved_argv; +- } +- + nn_size = PAGE_ALIGN(l+1); + nn = mmap(NULL, nn_size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (nn == MAP_FAILED) { +@@ -351,9 +350,14 @@ int rename_process(const char name[]) { + + mm = nn; + mm_size = nn_size; +- } else ++ } else { + strncpy(mm, name, mm_size); + ++ /* Update the end pointer, continuing regardless of any failure. */ ++ if (prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long) mm + l + 1, 0, 0) < 0) ++ log_debug_errno(errno, "PR_SET_MM_ARG_END failed, proceeding without: %m"); ++ } ++ + use_saved_argv: + /* Fourth step: in all cases we'll also update the original argv[], so that our own code gets it right too if + * it still looks here */ diff --git a/0084-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch b/0084-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch new file mode 100644 index 0000000..4c34e42 --- /dev/null +++ b/0084-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch @@ -0,0 +1,30 @@ +From 4f009bfa85683a6a7b72afef64d756d38e77f7e1 Mon Sep 17 00:00:00 2001 +From: Ivan Shapovalov +Date: Wed, 30 Aug 2017 19:49:07 +0300 +Subject: [PATCH] cryptsetup-generator: do not bind to the decrypted device + unit (#6538) + +This breaks things when the decrypted device is not immediately +`SYSTEMD_READY=1` (e. g. when a multi-device btrfs system is placed on +multiple cryptsetup devices). + +Fixes #6537. + +(cherry picked from commit e9ea4526a3a3b41eced29b8d742498cc36750424) +(cherry picked from commit f5f367d4a9872453888da79bdff3a50f78a9758a) +--- + src/cryptsetup/cryptsetup-generator.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index b58b6db7c9..f737f82b55 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -109,7 +109,6 @@ static int create_disk( + "SourcePath=/etc/crypttab\n" + "DefaultDependencies=no\n" + "Conflicts=umount.target\n" +- "BindsTo=dev-mapper-%i.device\n" + "IgnoreOnIsolate=true\n" + "After=cryptsetup-pre.target\n", + f); diff --git a/0085-Load-virtio_rng-early-in-the-game-6710.patch b/0085-Load-virtio_rng-early-in-the-game-6710.patch new file mode 100644 index 0000000..98fafba --- /dev/null +++ b/0085-Load-virtio_rng-early-in-the-game-6710.patch @@ -0,0 +1,92 @@ +From ac860fcf38603499b79d86c382a825db8305c79d Mon Sep 17 00:00:00 2001 +From: Harald Hoyer +Date: Thu, 31 Aug 2017 15:33:33 +0200 +Subject: [PATCH] Load virtio_rng early in the game (#6710) + +If true randomness is needed before udev is triggered, which would load +virtio_rng, reading /dev/random takes forever and the boot stalls for a +long time. + +(cherry picked from commit 6c1f72f626355615daee0e5a7ef7044759251a23) +(cherry picked from commit 59e70293dbf06106c2f4a152f234581e284fae5f) +--- + src/core/kmod-setup.c | 41 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c +index fd1021f706..9f69a6d925 100644 +--- a/src/core/kmod-setup.c ++++ b/src/core/kmod-setup.c +@@ -17,6 +17,7 @@ + along with systemd; If not, see . + ***/ + ++#include + #include + #include + +@@ -24,10 +25,13 @@ + #include + #endif + ++#include "alloc-util.h" + #include "bus-util.h" + #include "capability-util.h" ++#include "fileio.h" + #include "kmod-setup.h" + #include "macro.h" ++#include "string-util.h" + + #ifdef HAVE_KMOD + static void systemd_kmod_log( +@@ -45,6 +49,41 @@ static void systemd_kmod_log( + } + #endif + ++static int has_virtio_rng_nftw_cb( ++ const char *fpath, ++ const struct stat *sb, ++ int tflag, ++ struct FTW *ftwbuf) { ++ ++ _cleanup_free_ char *alias = NULL; ++ int r; ++ ++ if ((FTW_D == tflag) && (ftwbuf->level > 2)) ++ return FTW_SKIP_SUBTREE; ++ ++ if (FTW_F != tflag) ++ return FTW_CONTINUE; ++ ++ if (!endswith(fpath, "/modalias")) ++ return FTW_CONTINUE; ++ ++ r = read_one_line_file(fpath, &alias); ++ if (r < 0) ++ return FTW_SKIP_SIBLINGS; ++ ++ if (startswith(alias, "pci:v00001AF4d00001005")) ++ return FTW_STOP; ++ ++ if (startswith(alias, "pci:v00001AF4d00001044")) ++ return FTW_STOP; ++ ++ return FTW_SKIP_SIBLINGS; ++} ++ ++static bool has_virtio_rng(void) { ++ return (nftw("/sys/devices/pci0000:00", has_virtio_rng_nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL) == FTW_STOP); ++} ++ + int kmod_setup(void) { + #ifdef HAVE_KMOD + +@@ -68,6 +107,8 @@ int kmod_setup(void) { + /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */ + { "ip_tables", "/proc/net/ip_tables_names", false, false, NULL }, + #endif ++ /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */ ++ { "virtio_rng", NULL, false, false, has_virtio_rng }, + }; + struct kmod_ctx *ctx = NULL; + unsigned int i; diff --git a/0086-sd-bus-extend-D-Bus-authentication-timeout-considera.patch b/0086-sd-bus-extend-D-Bus-authentication-timeout-considera.patch new file mode 100644 index 0000000..f0baac4 --- /dev/null +++ b/0086-sd-bus-extend-D-Bus-authentication-timeout-considera.patch @@ -0,0 +1,63 @@ +From e603498db86b6f8df5a761ec53711e1ab949b1a5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 13 Sep 2017 19:08:26 +0200 +Subject: [PATCH] sd-bus: extend D-Bus authentication timeout considerably + (#6813) + +As it turns out the authentication phase times out too often than is +good, mostly due to PRNG pools not being populated during boot. Hence, +let's increase the authentication timeout from 25s to 90s, to cover for +that. + +(Note that we leave the D-Bus method call timeout at 25s, matching the +reference implementation's value. And if the auth phase managed to +complete then the pools should be populated enough and mehtod calls +shouldn't take needlessly long anymore). + +Fixes: #6418 +(cherry picked from commit 036d61b32e7e684a532904ec26a6ebaa1b850ab9) +(cherry picked from commit 7f4b159f88d8d3b932e24646b50e4bdcac885581) +--- + src/libsystemd/sd-bus/bus-internal.h | 6 ++++++ + src/libsystemd/sd-bus/bus-socket.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h +index bb0414c4d6..2417fe66b8 100644 +--- a/src/libsystemd/sd-bus/bus-internal.h ++++ b/src/libsystemd/sd-bus/bus-internal.h +@@ -27,6 +27,7 @@ + #include "bus-error.h" + #include "bus-kernel.h" + #include "bus-match.h" ++#include "def.h" + #include "hashmap.h" + #include "kdbus.h" + #include "list.h" +@@ -326,8 +327,13 @@ struct sd_bus { + LIST_HEAD(sd_bus_track, tracks); + }; + ++/* For method calls we time-out at 25s, like in the D-Bus reference implementation */ + #define BUS_DEFAULT_TIMEOUT ((usec_t) (25 * USEC_PER_SEC)) + ++/* For the authentication phase we grant 90s, to provide extra room during boot, when RNGs and such are not filled up ++ * with enough entropy yet and might delay the boot */ ++#define BUS_AUTH_TIMEOUT ((usec_t) DEFAULT_TIMEOUT_USEC) ++ + #define BUS_WQUEUE_MAX (192*1024) + #define BUS_RQUEUE_MAX (192*1024) + +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index e6ed15eb71..32a22113e0 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -661,7 +661,7 @@ int bus_socket_start_auth(sd_bus *b) { + bus_get_peercred(b); + + b->state = BUS_AUTHENTICATING; +- b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT; ++ b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_AUTH_TIMEOUT; + + if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0) + b->hello_flags &= ~KDBUS_HELLO_ACCEPT_FD; diff --git a/0087-timer-don-t-use-persietent-file-timestamps-from-the-.patch b/0087-timer-don-t-use-persietent-file-timestamps-from-the-.patch new file mode 100644 index 0000000..41c21c2 --- /dev/null +++ b/0087-timer-don-t-use-persietent-file-timestamps-from-the-.patch @@ -0,0 +1,49 @@ +From e84f292c9de368e512597736fbb1917a885586ec Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 14 Sep 2017 18:26:10 +0200 +Subject: [PATCH] timer: don't use persietent file timestamps from the future + (#6823) + +Also, use the mtime rather than the atime of the timestamp file. While +the atime is not completely wrong, the mtime appears more appropriate +as that's what we actually explicitly change, and is not effected by +mere reading. + +Fixes: #6821 +(cherry picked from commit 77542a7905520f1d637912bf47bddb4855506e41) +(cherry picked from commit eb877dacc9f98f646ff9509d6df5c71bd4a33a17) +--- + src/core/timer.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/src/core/timer.c b/src/core/timer.c +index af67b7591a..63665554fe 100644 +--- a/src/core/timer.c ++++ b/src/core/timer.c +@@ -633,9 +633,23 @@ static int timer_start(Unit *u) { + if (t->stamp_path) { + struct stat st; + +- if (stat(t->stamp_path, &st) >= 0) +- t->last_trigger.realtime = timespec_load(&st.st_atim); +- else if (errno == ENOENT) ++ if (stat(t->stamp_path, &st) >= 0) { ++ usec_t ft; ++ ++ /* Load the file timestamp, but only if it is actually in the past. If it is in the future, ++ * something is wrong with the system clock. */ ++ ++ ft = timespec_load(&st.st_mtim); ++ if (ft < now(CLOCK_REALTIME)) ++ t->last_trigger.realtime = ft; ++ else { ++ char z[FORMAT_TIMESTAMP_MAX]; ++ ++ log_unit_warning(u, "Not using persistent file timestamp %s as it is in the future.", ++ format_timestamp(z, sizeof(z), ft)); ++ } ++ ++ } else if (errno == ENOENT) + /* The timer has never run before, + * make sure a stamp file exists. + */ diff --git a/0088-shared-end-string-with-if-one-was-found-at-the-end-o.patch b/0088-shared-end-string-with-if-one-was-found-at-the-end-o.patch new file mode 100644 index 0000000..47f344c --- /dev/null +++ b/0088-shared-end-string-with-if-one-was-found-at-the-end-o.patch @@ -0,0 +1,47 @@ +From 3d4e63e3655bb1464f73a2ee11571d4bd1355cda Mon Sep 17 00:00:00 2001 +From: Felipe Sateler +Date: Thu, 14 Sep 2017 14:51:20 -0300 +Subject: [PATCH] shared: end string with % if one was found at the end of a + expandible string (#6828) + +Current behavior is that %X where X is an unidentified specifier, then the result is +the same %X string. This was not the case when the string ended with a stray %, where +the character would have not been output. Lets add that missing character. + +Fixes: #6374 +(cherry picked from commit 038492aed3e0293fd9cf4998fd891addb597b954) +(cherry picked from commit 760a486ff45797b65093c5f0550cc42bfd5d70aa) +--- + src/shared/specifier.c | 4 ++++ + src/test/test-unit-name.c | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/shared/specifier.c b/src/shared/specifier.c +index 1c17eb5251..81379041cc 100644 +--- a/src/shared/specifier.c ++++ b/src/shared/specifier.c +@@ -107,6 +107,10 @@ int specifier_printf(const char *text, const Specifier table[], void *userdata, + *(t++) = *f; + } + ++ /* if string ended with a stray %, also end with % */ ++ if (percent) ++ *(t++) = '%'; ++ + *t = 0; + *_ret = ret; + return 0; +diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c +index 2fd83f321c..2af90c69ee 100644 +--- a/src/test/test-unit-name.c ++++ b/src/test/test-unit-name.c +@@ -237,7 +237,8 @@ static int test_unit_printf(void) { + /* general tests */ + expect(u, "%%", "%"); + expect(u, "%%s", "%s"); +- expect(u, "%", ""); // REALLY? ++ expect(u, "%,", "%,"); ++ expect(u, "%", "%"); + + /* normal unit */ + expect(u, "%n", "blah.service"); diff --git a/0089-string-util-use-size_t-for-strjoina-macro-6914.patch b/0089-string-util-use-size_t-for-strjoina-macro-6914.patch new file mode 100644 index 0000000..9912d98 --- /dev/null +++ b/0089-string-util-use-size_t-for-strjoina-macro-6914.patch @@ -0,0 +1,26 @@ +From 977a616317fec7199947de72103f9a9e9f6632d9 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Mon, 25 Sep 2017 15:56:57 -0400 +Subject: [PATCH] string-util: use size_t for strjoina macro (#6914) + +`strlen` returns a `size_t` and `alloca` expects a `size_t`. + +(cherry picked from commit 35207e259ef44f62faf71acc4bbc7d43311a4583) +(cherry picked from commit 3c2e58887a5d9282670b3e41b6e584367a2bda18) +--- + src/basic/string-util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index be44dedff4..f8dde61549 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -120,7 +120,7 @@ char *strjoin_real(const char *x, ...) _sentinel_; + ({ \ + const char *_appendees_[] = { a, __VA_ARGS__ }; \ + char *_d_, *_p_; \ +- int _len_ = 0; \ ++ size_t _len_ = 0; \ + unsigned _i_; \ + for (_i_ = 0; _i_ < ELEMENTSOF(_appendees_) && _appendees_[_i_]; _i_++) \ + _len_ += strlen(_appendees_[_i_]); \ diff --git a/0090-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch b/0090-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch new file mode 100644 index 0000000..1dd618c --- /dev/null +++ b/0090-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch @@ -0,0 +1,39 @@ +From 655ae23e5b73816fb7ebdc5dc61271cf8ffa0007 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 25 Oct 2017 11:19:19 +0200 +Subject: [PATCH] resolved: fix loop on packets with pseudo dns types + +Reported by Karim Hossen & Thomas Imbert from Sogeti ESEC R&D. + +https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 +(cherry picked from commit 9f939335a07085aa9a9663efd1dca06ef6405d62) +(cherry picked from commit 743b771c559c6101544f7358a42c8c519fe4b0db) +(cherry picked from commit 1e20ca63e06337b95f4b0deedc062511d2ff31cc) +--- + src/resolve/resolved-dns-packet.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index a486216d68..48615034e3 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1495,7 +1495,7 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + + found = true; + +- while (bitmask) { ++ for (; bitmask; bit++, bitmask >>= 1) + if (bitmap[i] & bitmask) { + uint16_t n; + +@@ -1509,10 +1509,6 @@ static int dns_packet_read_type_window(DnsPacket *p, Bitmap **types, size_t *sta + if (r < 0) + return r; + } +- +- bit++; +- bitmask >>= 1; +- } + } + + if (!found) diff --git a/0091-cryptsetup-generator-add-a-helper-utility-to-create-.patch b/0091-cryptsetup-generator-add-a-helper-utility-to-create-.patch new file mode 100644 index 0000000..e625831 --- /dev/null +++ b/0091-cryptsetup-generator-add-a-helper-utility-to-create-.patch @@ -0,0 +1,144 @@ +From 6172788a3f90962b42564b5248f540b4cb729470 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Sun, 9 Jul 2017 23:31:47 -0400 +Subject: [PATCH] cryptsetup-generator: add a helper utility to create symlinks + +It seems that there's a common pattern among the various generators. Let's add +a helper function for it and make use of it in cryptsetup-generator. + +This fixes a bunch of theoretical memleaks in error paths, since *to wasn't +generally freed properly. Not thath it matters. + +(cherry picked from commit b559616f2321643c5194b474d39a722cefaf6059) +(cherry picked from commit ea8cb69ee23cd67ef45ca34f1b192c9adb5fa878) +--- + src/cryptsetup/cryptsetup-generator.c | 53 ++++++++++------------------------- + src/shared/generator.c | 15 ++++++++++ + src/shared/generator.h | 2 ++ + 3 files changed, 32 insertions(+), 38 deletions(-) + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index f737f82b55..f10e9fdc24 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -58,11 +58,11 @@ static int create_disk( + const char *password, + const char *options) { + +- _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *to = NULL, *e = NULL, ++ _cleanup_free_ char *p = NULL, *n = NULL, *d = NULL, *u = NULL, *e = NULL, + *filtered = NULL; + _cleanup_fclose_ FILE *f = NULL; ++ const char *dmname; + bool noauto, nofail, tmp, swap; +- char *from; + int r; + + assert(name); +@@ -120,7 +120,7 @@ static int create_disk( + if (password) { + if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) + fputs("After=systemd-random-seed.service\n", f); +- else if (!streq(password, "-") && !streq(password, "none")) { ++ else if (!STR_IN_SET(password, "-", "none")) { + _cleanup_free_ char *uu; + + uu = fstab_node_to_udev_node(password); +@@ -186,46 +186,23 @@ static int create_disk( + if (r < 0) + return log_error_errno(r, "Failed to write file %s: %m", p); + +- from = strjoina("../", n); +- + if (!noauto) { +- +- to = strjoin(arg_dest, "/", d, ".wants/", n); +- if (!to) +- return log_oom(); +- +- mkdir_parents_label(to, 0755); +- if (symlink(from, to) < 0) +- return log_error_errno(errno, "Failed to create symlink %s: %m", to); +- +- free(to); +- if (!nofail) +- to = strjoin(arg_dest, "/cryptsetup.target.requires/", n); +- else +- to = strjoin(arg_dest, "/cryptsetup.target.wants/", n); +- if (!to) +- return log_oom(); +- +- mkdir_parents_label(to, 0755); +- if (symlink(from, to) < 0) +- return log_error_errno(errno, "Failed to create symlink %s: %m", to); ++ r = generator_add_symlink(arg_dest, d, "wants", n); ++ if (r < 0) ++ return r; ++ ++ r = generator_add_symlink(arg_dest, "cryptsetup.target", ++ nofail ? "wants" : "requires", n); ++ if (r < 0) ++ return r; + } + +- free(to); +- to = strjoin(arg_dest, "/dev-mapper-", e, ".device.requires/", n); +- if (!to) +- return log_oom(); +- +- mkdir_parents_label(to, 0755); +- if (symlink(from, to) < 0) +- return log_error_errno(errno, "Failed to create symlink %s: %m", to); ++ dmname = strjoina("dev-mapper-", e, ".device"); ++ r = generator_add_symlink(arg_dest, dmname, "requires", n); ++ if (r < 0) ++ return r; + + if (!noauto && !nofail) { +- _cleanup_free_ char *dmname; +- dmname = strjoin("dev-mapper-", e, ".device"); +- if (!dmname) +- return log_oom(); +- + r = write_drop_in(arg_dest, dmname, 90, "device-timeout", + "# Automatically generated by systemd-cryptsetup-generator \n\n" + "[Unit]\nJobTimeoutSec=0"); +diff --git a/src/shared/generator.c b/src/shared/generator.c +index 9a069b2f97..c01e9cb519 100644 +--- a/src/shared/generator.c ++++ b/src/shared/generator.c +@@ -37,6 +37,21 @@ + #include "unit-name.h" + #include "util.h" + ++int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src) { ++ /* Adds a symlink from ..d/ to ../ */ ++ ++ const char *from, *to; ++ ++ from = strjoina("../", src); ++ to = strjoina(root, "/", dst, ".", dep_type, "/", src); ++ ++ mkdir_parents_label(to, 0755); ++ if (symlink(from, to) < 0) ++ return log_error_errno(errno, "Failed to create symlink \"%s\": %m", to); ++ ++ return 0; ++} ++ + static int write_fsck_sysroot_service(const char *dir, const char *what) { + _cleanup_free_ char *device = NULL, *escaped = NULL; + _cleanup_fclose_ FILE *f = NULL; +diff --git a/src/shared/generator.h b/src/shared/generator.h +index a6017c1b76..7bafda03f2 100644 +--- a/src/shared/generator.h ++++ b/src/shared/generator.h +@@ -21,6 +21,8 @@ + + #include + ++int generator_add_symlink(const char *root, const char *dst, const char *dep_type, const char *src); ++ + int generator_write_fsck_deps( + FILE *f, + const char *dir, diff --git a/0092-units-order-cryptsetup-pre.target-before-cryptsetup..patch b/0092-units-order-cryptsetup-pre.target-before-cryptsetup..patch new file mode 100644 index 0000000..2d7bb1f --- /dev/null +++ b/0092-units-order-cryptsetup-pre.target-before-cryptsetup..patch @@ -0,0 +1,25 @@ +From 84838295cc120a2f5d7ebe2af246483c4d1aa82e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 09:14:51 +0200 +Subject: [PATCH] units: order cryptsetup-pre.target before cryptsetup.target + +Normally this happens automatically, but if it happened that both targets were +pulled in, even though there were no cryptsetup units, they could be started +in reverse order, which would be somewhat confusing. Add an explicit ordering +to avoid this potential issue. + +(cherry picked from commit 947d21171bdd8375db6482bc7d758d74b27f7dd4) +(cherry picked from commit c55ccd92b9503bc074e6ffb07925f09024e9949d) +--- + units/cryptsetup-pre.target | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target +index 65353419fc..42e35dd4e4 100644 +--- a/units/cryptsetup-pre.target ++++ b/units/cryptsetup-pre.target +@@ -9,3 +9,4 @@ + Description=Encrypted Volumes (Pre) + Documentation=man:systemd.special(7) + RefuseManualStart=yes ++Before=cryptsetup.target diff --git a/0093-units-add-remote-cryptsetup.target-and-remote-crypts.patch b/0093-units-add-remote-cryptsetup.target-and-remote-crypts.patch new file mode 100644 index 0000000..998e393 --- /dev/null +++ b/0093-units-add-remote-cryptsetup.target-and-remote-crypts.patch @@ -0,0 +1,139 @@ +From 7786edcaaf8d5c61586a154c4b0c7bc763ae75d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 10:15:13 +0200 +Subject: [PATCH] units: add remote-cryptsetup.target and + remote-cryptsetup-pre.target + +The pair is similar to remote-fs.target and remote-fs-pre.target. Any +cryptsetup devices which require network shall be ordered after +remote-cryptsetup-pre.target and before remote-cryptsetup.target. + +(cherry picked from commit 889128b8b27abb13e1691a72e4ce0562c564e257) +(cherry picked from commit ca24b1e7731260a972af22387aad16e506dc1826) +--- + Makefile.am | 3 ++- + man/systemd.special.xml | 23 +++++++++++++++++++++++ + units/cryptsetup-pre.target | 2 +- + units/cryptsetup.target | 2 +- + units/remote-cryptsetup-pre.target | 15 +++++++++++++++ + units/remote-cryptsetup.target | 10 ++++++++++ + 6 files changed, 52 insertions(+), 3 deletions(-) + create mode 100644 units/remote-cryptsetup-pre.target + create mode 100644 units/remote-cryptsetup.target + +diff --git a/Makefile.am b/Makefile.am +index e97a66e0fa..3163e4bf67 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -4906,7 +4906,8 @@ systemgenerator_PROGRAMS += \ + + dist_systemunit_DATA += \ + units/cryptsetup.target \ +- units/cryptsetup-pre.target ++ units/cryptsetup-pre.target \ ++ units/remote-cryptsetup.target + + systemd_cryptsetup_SOURCES = \ + src/cryptsetup/cryptsetup.c +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index fa3dc1c5d4..bb5cd5b49a 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -81,6 +81,8 @@ + poweroff.target, + printer.target, + reboot.target, ++ remote-cryptsetup-pre.target, ++ remote-cryptsetup.target, + remote-fs-pre.target, + remote-fs.target, + rescue.target, +@@ -450,6 +452,27 @@ + this target unit, for compatibility with SysV. + + ++ ++ remote-cryptsetup-pre.target ++ ++ This target unit is automatically ordered before all cryptsetup devices ++ marked with the . It can be used to execute additional ++ units before such devices are set up. ++ ++ It is ordered after network.target and ++ network-online.target, and also pulls the latter in as a ++ Wants= dependency. ++ ++ ++ ++ remote-cryptsetup.target ++ ++ Similar to cryptsetup.target, but for encrypted ++ devices which are accessed over the network. It is used for ++ crypttab8 ++ entries marked with . ++ ++ + + remote-fs.target + +diff --git a/units/cryptsetup-pre.target b/units/cryptsetup-pre.target +index 42e35dd4e4..6cb28a61ae 100644 +--- a/units/cryptsetup-pre.target ++++ b/units/cryptsetup-pre.target +@@ -6,7 +6,7 @@ + # (at your option) any later version. + + [Unit] +-Description=Encrypted Volumes (Pre) ++Description=Local Encrypted Volumes (Pre) + Documentation=man:systemd.special(7) + RefuseManualStart=yes + Before=cryptsetup.target +diff --git a/units/cryptsetup.target b/units/cryptsetup.target +index 25d3e33f6a..10b17fd387 100644 +--- a/units/cryptsetup.target ++++ b/units/cryptsetup.target +@@ -6,5 +6,5 @@ + # (at your option) any later version. + + [Unit] +-Description=Encrypted Volumes ++Description=Local Encrypted Volumes + Documentation=man:systemd.special(7) +diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target +new file mode 100644 +index 0000000000..a375e61889 +--- /dev/null ++++ b/units/remote-cryptsetup-pre.target +@@ -0,0 +1,15 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Remote Encrypted Volumes (Pre) ++Documentation=man:systemd.special(7) ++RefuseManualStart=yes ++Before=remote-cryptsetup.target ++ ++After=network.target network-online.target ++Wants=network-online.target +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +new file mode 100644 +index 0000000000..60943bd1cb +--- /dev/null ++++ b/units/remote-cryptsetup.target +@@ -0,0 +1,10 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Remote Encrypted Volumes ++Documentation=man:systemd.special(7) diff --git a/0094-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch b/0094-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch new file mode 100644 index 0000000..6992f29 --- /dev/null +++ b/0094-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch @@ -0,0 +1,107 @@ +From ee2deebc855d1db93b89000f3524b4e22e5d0d71 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 5 Sep 2017 11:30:33 +0200 +Subject: [PATCH] cryptsetup-generator: use remote-cryptsetup.target when + _netdev is present + +This allows such devices to depend on the network. Their startup will +be delayed similarly to network mount units. + +Fixes #4642. + +(cherry picked from commit b001ad61e91b6499897f0c977045c7608c233bfa) +(cherry picked from commit 8f21747f369f6d88768d1409d95527c60f2cd7c7) +--- + man/crypttab.xml | 13 +++++++++++++ + src/cryptsetup/cryptsetup-generator.c | 30 +++++++++++++++++------------- + 2 files changed, 30 insertions(+), 13 deletions(-) + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 17976f3704..162377ebc1 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -213,6 +213,19 @@ + . + + ++ ++ ++ ++ Marks this cryptsetup device as requiring network. It will be ++ started after the network is available, similarly to ++ systemd.mount5 ++ units marked with . The service unit to set up this device ++ will be ordered between remote-cryptsetup-pre.target and ++ remote-cryptsetup.target, instead of ++ cryptsetup-pre.target and ++ cryptsetup.target. ++ ++ + + + +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index f10e9fdc24..7d3f480a2a 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -62,7 +62,7 @@ static int create_disk( + *filtered = NULL; + _cleanup_fclose_ FILE *f = NULL; + const char *dmname; +- bool noauto, nofail, tmp, swap; ++ bool noauto, nofail, tmp, swap, netdev; + int r; + + assert(name); +@@ -72,6 +72,7 @@ static int create_disk( + nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); + tmp = fstab_test_option(options, "tmp\0"); + swap = fstab_test_option(options, "swap\0"); ++ netdev = fstab_test_option(options, "_netdev\0"); + + if (tmp && swap) { + log_error("Device '%s' cannot be both 'tmp' and 'swap'. Ignoring.", name); +@@ -102,20 +103,22 @@ static int create_disk( + if (!f) + return log_error_errno(errno, "Failed to create unit file %s: %m", p); + +- fputs("# Automatically generated by systemd-cryptsetup-generator\n\n" +- "[Unit]\n" +- "Description=Cryptography Setup for %I\n" +- "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" +- "SourcePath=/etc/crypttab\n" +- "DefaultDependencies=no\n" +- "Conflicts=umount.target\n" +- "IgnoreOnIsolate=true\n" +- "After=cryptsetup-pre.target\n", +- f); ++ fprintf(f, ++ "# Automatically generated by systemd-cryptsetup-generator\n\n" ++ "[Unit]\n" ++ "Description=Cryptography Setup for %%I\n" ++ "Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup@.service(8)\n" ++ "SourcePath=/etc/crypttab\n" ++ "DefaultDependencies=no\n" ++ "Conflicts=umount.target\n" ++ "IgnoreOnIsolate=true\n" ++ "After=%s\n", ++ netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); + + if (!nofail) + fprintf(f, +- "Before=cryptsetup.target\n"); ++ "Before=%s\n", ++ netdev ? "remote-cryptsetup.target" : "cryptsetup.target"); + + if (password) { + if (STR_IN_SET(password, "/dev/urandom", "/dev/random", "/dev/hw_random")) +@@ -191,7 +194,8 @@ static int create_disk( + if (r < 0) + return r; + +- r = generator_add_symlink(arg_dest, "cryptsetup.target", ++ r = generator_add_symlink(arg_dest, ++ netdev ? "remote-cryptsetup.target" : "cryptsetup.target", + nofail ? "wants" : "requires", n); + if (r < 0) + return r; diff --git a/0095-units-add-Install-section-to-remote-cryptsetup.targe.patch b/0095-units-add-Install-section-to-remote-cryptsetup.targe.patch new file mode 100644 index 0000000..0567ad1 --- /dev/null +++ b/0095-units-add-Install-section-to-remote-cryptsetup.targe.patch @@ -0,0 +1,45 @@ +From a27db12a63b3bbb220798ec899fc8c97eb4d52b4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:13:03 +0200 +Subject: [PATCH] units: add [Install] section to remote-cryptsetup.target + +This makes this target the same as remote-fs.target in this regard. In practice +it probably doesn't make that much difference, because all encrypted devices +that are part of remote-fs.target (marked with _netdev) will be used for mount +points, so they will be pulled in anyway individually, but with this change any +such device will be configured, even if it is not pulled by any other unit. + +(cherry picked from commit 8f462b074eb9830d6d5029f70c9010ce50e68357) +(cherry picked from commit eaaa52cc40bc7f94762ca622d4bd3e9440ccee90) +(cherry picked from commit e937bdf0271e664ede61fafd74f8487334745d01) +--- + system-preset/90-systemd.preset | 1 + + units/remote-cryptsetup.target | 6 ++++++ + 2 files changed, 7 insertions(+) + +diff --git a/system-preset/90-systemd.preset b/system-preset/90-systemd.preset +index 3ba4bb760d..98bc4c3c55 100644 +--- a/system-preset/90-systemd.preset ++++ b/system-preset/90-systemd.preset +@@ -9,6 +9,7 @@ + # generally follow a default-off policy. + + enable remote-fs.target ++enable remote-cryptsetup.target + enable machines.target + + enable getty@.service +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index 60943bd1cb..c306d521f7 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,3 +8,9 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) ++After=remote-cryptsetup-pre.target ++DefaultDependencies=no ++Conflicts=shutdown.target ++ ++[Install] ++WantedBy=multi-user.target diff --git a/0096-units-replace-remote-cryptsetup-pre.target-with-remo.patch b/0096-units-replace-remote-cryptsetup-pre.target-with-remo.patch new file mode 100644 index 0000000..fe483f0 --- /dev/null +++ b/0096-units-replace-remote-cryptsetup-pre.target-with-remo.patch @@ -0,0 +1,138 @@ +From 5c80b45d6dff40e8280973d248e4eba6991b5cbe Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:34:54 +0200 +Subject: [PATCH] units: replace remote-cryptsetup-pre.target with + remote-fs-pre.target + +remote-cryptsetup-pre.target was designed as an active unit (that pulls in +network-online.target), the opposite of remote-fs-pre.target (a passive unit, +with individual provider services ordering itself before it and pulling it in, +for example iscsi.service and nfs-client.target). + +To make remote-cryptsetup-pre.target really work, those services should be +ordered before it too. But this would require updates to all those services, +not just changes from systemd side. + +But the requirements for remote-fs-pre.target and remote-cryptset-pre.target +are fairly similar (e.g. iscsi devices can certainly be used for both), so +let's reuse remote-fs-pre.target also for remote cryptsetup units. This loses +a bit of flexibility, but does away with the requirement for various provider +services to know about remote-cryptsetup-pre.target. + +(cherry picked from commit a0dd209763f9e67054ee322a2dfd52bccf345c2e) +(cherry picked from commit c5e8935962eadc9e901f4fe13e187aaaad487142) +(cherry picked from commit e4340effce763b111fc14a64f759beef6ed3a276) +--- + man/crypttab.xml | 2 +- + man/systemd.special.xml | 20 ++++---------------- + src/cryptsetup/cryptsetup-generator.c | 2 +- + units/remote-cryptsetup-pre.target | 15 --------------- + units/remote-cryptsetup.target | 2 +- + 5 files changed, 7 insertions(+), 34 deletions(-) + delete mode 100644 units/remote-cryptsetup-pre.target + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 162377ebc1..239bbfa87d 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -220,7 +220,7 @@ + started after the network is available, similarly to + systemd.mount5 + units marked with . The service unit to set up this device +- will be ordered between remote-cryptsetup-pre.target and ++ will be ordered between remote-fs-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and + cryptsetup.target. +diff --git a/man/systemd.special.xml b/man/systemd.special.xml +index bb5cd5b49a..7f7003e782 100644 +--- a/man/systemd.special.xml ++++ b/man/systemd.special.xml +@@ -81,7 +81,6 @@ + poweroff.target, + printer.target, + reboot.target, +- remote-cryptsetup-pre.target, + remote-cryptsetup.target, + remote-fs-pre.target, + remote-fs.target, +@@ -452,18 +451,6 @@ + this target unit, for compatibility with SysV. + + +- +- remote-cryptsetup-pre.target +- +- This target unit is automatically ordered before all cryptsetup devices +- marked with the . It can be used to execute additional +- units before such devices are set up. +- +- It is ordered after network.target and +- network-online.target, and also pulls the latter in as a +- Wants= dependency. +- +- + + remote-cryptsetup.target + +@@ -864,9 +851,10 @@ + remote-fs-pre.target + + This target unit is automatically ordered before all +- remote mount point units (see above). It can be used to run +- certain units before the remote mounts are established. Note +- that this unit is generally not part of the initial ++ mount point units (see above) and cryptsetup devices ++ marked with the . It can be used to run ++ certain units before remote encrypted devices and mounts are established. ++ Note that this unit is generally not part of the initial + transaction, unless the unit that wants to be ordered before + all remote mounts pulls it in via a + Wants= type dependency. If the unit wants +diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c +index 7d3f480a2a..0c30867c49 100644 +--- a/src/cryptsetup/cryptsetup-generator.c ++++ b/src/cryptsetup/cryptsetup-generator.c +@@ -113,7 +113,7 @@ static int create_disk( + "Conflicts=umount.target\n" + "IgnoreOnIsolate=true\n" + "After=%s\n", +- netdev ? "remote-cryptsetup-pre.target" : "cryptsetup-pre.target"); ++ netdev ? "remote-fs-pre.target" : "cryptsetup-pre.target"); + + if (!nofail) + fprintf(f, +diff --git a/units/remote-cryptsetup-pre.target b/units/remote-cryptsetup-pre.target +deleted file mode 100644 +index a375e61889..0000000000 +--- a/units/remote-cryptsetup-pre.target ++++ /dev/null +@@ -1,15 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Remote Encrypted Volumes (Pre) +-Documentation=man:systemd.special(7) +-RefuseManualStart=yes +-Before=remote-cryptsetup.target +- +-After=network.target network-online.target +-Wants=network-online.target +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index c306d521f7..d485b06726 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,7 +8,7 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) +-After=remote-cryptsetup-pre.target ++After=remote-fs-pre.target + DefaultDependencies=no + Conflicts=shutdown.target + diff --git a/0097-man-add-a-note-about-_netdev-usage.patch b/0097-man-add-a-note-about-_netdev-usage.patch new file mode 100644 index 0000000..1c05758 --- /dev/null +++ b/0097-man-add-a-note-about-_netdev-usage.patch @@ -0,0 +1,42 @@ +From 2832dc102f81e5206c1213aef7c7b9aceaac20e2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 12 Oct 2017 22:43:58 +0200 +Subject: [PATCH] man: add a note about _netdev usage + +(cherry picked from commit 288c26165e0ff71857394f360f42432bc808556f) +(cherry picked from commit 51f2176d0df1088407afbadc138aeaa9dbe017e8) +(cherry picked from commit 3557377795afb0410c703707633dd5ad589fdd11) +--- + man/crypttab.xml | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/man/crypttab.xml b/man/crypttab.xml +index 239bbfa87d..88f8909a60 100644 +--- a/man/crypttab.xml ++++ b/man/crypttab.xml +@@ -223,7 +223,16 @@ + will be ordered between remote-fs-pre.target and + remote-cryptsetup.target, instead of + cryptsetup-pre.target and +- cryptsetup.target. ++ cryptsetup.target. ++ ++ Hint: if this device is used for a mount point that is specified in ++ fstab5, ++ the option should also be used for the mount ++ point. Otherwise, a dependency loop might be created where the mount point ++ will be pulled in by local-fs.target, while the ++ service to configure the network is usually only started after ++ the local file system has been mounted. ++ + + + +@@ -431,6 +440,7 @@ hidden /mnt/tc_hidden /dev/null tcrypt-hidden,tcrypt-keyfile=/etc/keyfil + systemd1, + systemd-cryptsetup@.service8, + systemd-cryptsetup-generator8, ++ fstab5, + cryptsetup8, + mkswap8, + mke2fs8 diff --git a/0098-units-make-remote-cryptsetup.target-also-after-crypt.patch b/0098-units-make-remote-cryptsetup.target-also-after-crypt.patch new file mode 100644 index 0000000..9712956 --- /dev/null +++ b/0098-units-make-remote-cryptsetup.target-also-after-crypt.patch @@ -0,0 +1,29 @@ +From b0c6420eb5ea48287920debb20526244c8012a67 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 18 Oct 2017 15:14:46 +0200 +Subject: [PATCH] units: make remote-cryptsetup.target also after + cryptsetup-pre.target + +This way people can order units before cryptsetup-pre.target and +have them run before any cryptsetup-related stuff. + +(cherry picked from commit a0e030f53bad355be1084a0475eb30aae20e3e43) +(cherry picked from commit d56bbe6540ed5075ab6c2845c63d08c12499e46d) +(cherry picked from commit a33807a581643c73377d3ef476979bf1d53ccf08) +--- + units/remote-cryptsetup.target | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/remote-cryptsetup.target b/units/remote-cryptsetup.target +index d485b06726..ac4e1b71db 100644 +--- a/units/remote-cryptsetup.target ++++ b/units/remote-cryptsetup.target +@@ -8,7 +8,7 @@ + [Unit] + Description=Remote Encrypted Volumes + Documentation=man:systemd.special(7) +-After=remote-fs-pre.target ++After=remote-fs-pre.target cryptsetup-pre.target + DefaultDependencies=no + Conflicts=shutdown.target + diff --git a/hwdb.patch b/hwdb.patch index 15b2be1..e5ac3cf 100644 --- a/hwdb.patch +++ b/hwdb.patch @@ -1,5 +1,5 @@ diff --git a/hwdb/60-evdev.hwdb b/hwdb/60-evdev.hwdb -index fd9078393b..82814701b7 100644 +index fd9078393b..f688ef269f 100644 --- a/hwdb/60-evdev.hwdb +++ b/hwdb/60-evdev.hwdb @@ -115,6 +115,13 @@ evdev:name:ETPS/2 Elantech Touchpad:dmi:*:svnASUSTeKCOMPUTERINC.:pn?550C?:* @@ -16,7 +16,21 @@ index fd9078393b..82814701b7 100644 # Asus UX305 evdev:name:Elan Touchpad:dmi:*:svnASUSTeKCOMPUTERINC.:pnUX305UA:* EVDEV_ABS_00=0:3097:32 -@@ -178,6 +185,15 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnXPSM1530* +@@ -152,6 +159,13 @@ evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLati + EVDEV_ABS_35=79:1841:22 + EVDEV_ABS_36=140:1325:29 + ++# Dell Latitude E7470 ++evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnLatitudeE7470* ++ EVDEV_ABS_00=39:5856:59 ++ EVDEV_ABS_01=10:1532:29 ++ EVDEV_ABS_35=39:5856:59 ++ EVDEV_ABS_36=10:1532:29 ++ + # Dell Precision 5510 + evdev:name:SynPS/2 Synaptics TouchPad:dmi:bvn*:bvr*:bd*:svnDellInc.:pnPrecision5510* + EVDEV_ABS_00=::42 +@@ -178,6 +192,15 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:bvn*:bvr*:bd*:svnDellInc.:pnXPSM1530* EVDEV_ABS_00=85:947:15 EVDEV_ABS_01=154:726:18 @@ -32,7 +46,42 @@ index fd9078393b..82814701b7 100644 ######################################### # Google ######################################### -@@ -338,6 +354,13 @@ evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnSAMSUNGELECTRONICSCO.,LTD.:pn305V4A/ +@@ -268,6 +291,20 @@ evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO*:pvrThinkPadX1Carbon4th* + EVDEV_ABS_35=1262:5679:44 + EVDEV_ABS_36=1101:4824:65 + ++# Lenovo Thinkpad Carbon X1 5th gen. ++evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO*:pvrThinkPadX1Carbon5th* ++ EVDEV_ABS_00=::44 ++ EVDEV_ABS_01=::65 ++ EVDEV_ABS_35=::44 ++ EVDEV_ABS_36=::65 ++ ++# Lenovo Thinkpad Carbon X1 5th gen. (rmi4) ++evdev:name:Synaptics TM3289-002:dmi:*svnLENOVO*:pvrThinkPadX1Carbon5th* ++ EVDEV_ABS_00=::19 ++ EVDEV_ABS_01=::19 ++ EVDEV_ABS_35=::19 ++ EVDEV_ABS_36=::19 ++ + # Lenovo T460 + evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnLENOVO*:pn*ThinkPad*T460* + EVDEV_ABS_00=1266:5677:44 +@@ -327,6 +364,13 @@ evdev:name:AlpsPS/2 ALPS GlidePoint:dmi:*svnLENOVO:*pvrLenovoYoga500-14ISK* + EVDEV_ABS_35=124:3955:36 + EVDEV_ABS_36=103:1959:26 + ++# Lenovo Flex 3 15-inch ++evdev:name:AlpsPS/2 ALPS GlidePoint*:dmi:bvn*:bvr*:bd*:svnLENOVO*:pvrFlex3-15* ++ EVDEV_ABS_00=::38 ++ EVDEV_ABS_01=::28 ++ EVDEV_ABS_35=::38 ++ EVDEV_ABS_36=::28 ++ + ######################################### + # Samsung + ######################################### +@@ -338,6 +382,24 @@ evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnSAMSUNGELECTRONICSCO.,LTD.:pn305V4A/ EVDEV_ABS_35=0:2480:28 EVDEV_ABS_36=0:1116:24 @@ -43,15 +92,37 @@ index fd9078393b..82814701b7 100644 + EVDEV_ABS_35=::30 + EVDEV_ABS_36=::29 + ++######################################### ++# System76 ++######################################### ++ ++# GalagoPro 2 (galp2) ++evdev:name:SynPS/2 Synaptics TouchPad:dmi:*svnSystem76:pnGalagoPro:pvrgalp2:* ++ EVDEV_ABS_00=1238:5747:50 ++ EVDEV_ABS_01=901:4900:83 ++ EVDEV_ABS_35=1238:5747:50 ++ EVDEV_ABS_36=901:4900:83 ++ ######################################### # Toshiba ######################################### -@@ -346,3 +369,12 @@ evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnSAMSUNGELECTRONICSCO.,LTD.:pn305V4A/ +@@ -346,3 +408,23 @@ evdev:name:ETPS/2 Elantech Touchpad:dmi:*svnSAMSUNGELECTRONICSCO.,LTD.:pn305V4A/ evdev:name:AlpsPS/2 ALPS DualPoint TouchPad:dmi:*svnTOSHIBA:pnTECRAM11* EVDEV_ABS_00=90:962:11 EVDEV_ABS_01=51:681:14 + +######################################### ++# Razer ++######################################### ++ ++# Razer Blade Stealth (2016) ++evdev:name:Synaptics TM2438-005:dmi:*svnRazer:pnBladeStealth* ++ EVDEV_ABS_00=0:4064:29 ++ EVDEV_ABS_01=0:2405:37 ++ EVDEV_ABS_35=0:4064:29 ++ EVDEV_ABS_36=0:2405:37 ++ ++######################################### +# Waltop +######################################### + @@ -60,7 +131,7 @@ index fd9078393b..82814701b7 100644 + EVDEV_ABS_00=0:10000:400 + EVDEV_ABS_01=0:6250:400 diff --git a/hwdb/60-keyboard.hwdb b/hwdb/60-keyboard.hwdb -index 1aa729f047..e8be567166 100644 +index 1aa729f047..33895ed75e 100644 --- a/hwdb/60-keyboard.hwdb +++ b/hwdb/60-keyboard.hwdb @@ -1,7 +1,14 @@ @@ -80,7 +151,7 @@ index 1aa729f047..e8be567166 100644 # # The lookup keys are composed in: # 60-evdev.rules -@@ -40,6 +47,12 @@ +@@ -40,11 +47,19 @@ # /sys/class/input/input?/capabilities/ev" and is the # firmware-provided string exported by the kernel DMI modalias, # see /sys/class/dmi/id/modalias @@ -93,7 +164,24 @@ index 1aa729f047..e8be567166 100644 # # Scan codes are specified as: # KEYBOARD_KEY_= -@@ -84,6 +97,7 @@ + # The scan code should be expressed in hex lowercase. The key codes + # are retrieved and normalized from the kernel input API header. ++# Keycodes are either KEY_* defines in lowercase with the key_ prefix ++# optionally removed or BTN_ defines in lowercase with btn_ preserved. + # + # An '!' as the first character of the key identifier string + # will add the scan code to the AT keyboard's list of scan codes +@@ -67,7 +82,8 @@ + # systemd-hwdb update + # udevadm trigger /dev/input/eventXX + # where /dev/input/eventXX is the keyboard in question. If in +-# doubt, simply use /dev/input/event* to reload all input rules. ++# doubt, simply reload all input rules ++# udevadm trigger --verbose --sysname-match="event*" + # + # If your changes are generally applicable, preferably send them as a pull + # request to +@@ -84,6 +100,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pn* evdev:atkbd:dmi:bvn*:bvr*:bd*:svnGateway*:pnA0A1*:pvr* evdev:atkbd:dmi:bvn*:bvr*:bd*:svneMachines:pneMachines*E725:pvr* @@ -101,7 +189,7 @@ index 1aa729f047..e8be567166 100644 KEYBOARD_KEY_a5=help # Fn+F1 KEYBOARD_KEY_a6=setup # Fn+F2 Acer eSettings KEYBOARD_KEY_a7=battery # Fn+F3 Power Management -@@ -105,6 +119,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svneMachines:pneMachines*E725:pvr* +@@ -105,6 +122,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svneMachines:pneMachines*E725:pvr* KEYBOARD_KEY_f3=prog2 # "P2" programmable button KEYBOARD_KEY_f4=prog1 # "P1" programmable button KEYBOARD_KEY_f5=presentation @@ -109,7 +197,7 @@ index 1aa729f047..e8be567166 100644 KEYBOARD_KEY_f8=fn KEYBOARD_KEY_f9=prog1 # Launch NTI shadow -@@ -144,6 +159,10 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnTravelMate*C3[01]0*:pvr* +@@ -144,6 +162,10 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnTravelMate*C3[01]0*:pvr* KEYBOARD_KEY_6b=fn KEYBOARD_KEY_6c=screenlock # FIXME: lock tablet device/buttons @@ -120,7 +208,7 @@ index 1aa729f047..e8be567166 100644 # on some models this isn't brightnessup evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pn*5210*:pvr* evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pn*5220*:pvr* -@@ -158,6 +177,10 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnAspire*1640:* +@@ -158,6 +180,10 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnAspire*1640:* evdev:atkbd:dmi:bvn*:bvr*:bd*:svnAcer*:pnAOA*:pvr* KEYBOARD_KEY_a9=!switchvideomode # Fn+F5 @@ -131,7 +219,7 @@ index 1aa729f047..e8be567166 100644 ########################################################### # Alienware ########################################################### -@@ -222,7 +245,7 @@ evdev:input:b0003v049Fp0051* +@@ -222,7 +248,7 @@ evdev:input:b0003v049Fp0051* ########################################################### evdev:name:gpio-keys:phys:gpio-keys/input0:ev:3:dmi:bvn*:bvr*:bd*:svncube:pni1-TF:* @@ -140,7 +228,7 @@ index 1aa729f047..e8be567166 100644 KEYBOARD_KEY_1=power ########################################################### -@@ -291,6 +314,10 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnPrecision*:pvr* +@@ -291,6 +317,10 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnPrecision*:pvr* KEYBOARD_KEY_88=! # wireless switch KEYBOARD_KEY_9e=!f21 @@ -151,7 +239,16 @@ index 1aa729f047..e8be567166 100644 # Dell XPS evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDell*:pnXPS*:pvr* KEYBOARD_KEY_8c=!unknown -@@ -831,6 +858,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnMAXDATA:pnPro*7000*:pvr* +@@ -679,6 +709,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnIBM*:pn18666TU:pvr* + + # IdeaPad + evdev:name:Ideapad extra buttons:dmi:bvn*:bvr*:bd*:svnLENOVO*:pn* ++ KEYBOARD_KEY_0d=rfkill # airplane mode switch (toggle all wireless devices) ++ KEYBOARD_KEY_08=f20 # micmute + KEYBOARD_KEY_42=f23 + KEYBOARD_KEY_43=f22 + +@@ -831,6 +863,7 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnMAXDATA:pnPro*7000*:pvr* ########################################################### # Akoya @@ -159,7 +256,7 @@ index 1aa729f047..e8be567166 100644 evdev:atkbd:dmi:bvn*:bvr*:svnMedion*:pnAkoya*:pvr* KEYBOARD_KEY_a0=!mute KEYBOARD_KEY_ae=!volumedown -@@ -1274,9 +1302,13 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDIXONSP:pnDIXON*:pvr* +@@ -1274,9 +1307,13 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnDIXONSP:pnDIXON*:pvr* KEYBOARD_KEY_ae=! # volume down KEYBOARD_KEY_b0=! # volume up @@ -176,7 +273,7 @@ index 1aa729f047..e8be567166 100644 # Yubico Yubico Yubikey II" evdev:input:b0003v1050p0010* -@@ -1288,3 +1320,16 @@ evdev:input:b0003v1050p0116* +@@ -1288,3 +1325,16 @@ evdev:input:b0003v1050p0116* evdev:input:b0003v05FEp1010* XKB_FIXED_LAYOUT="us" XKB_FIXED_VARIANT="" @@ -194,40 +291,274 @@ index 1aa729f047..e8be567166 100644 + KEYBOARD_LED_NUMLOCK=0 + KEYBOARD_LED_CAPSLOCK=0 diff --git a/hwdb/60-sensor.hwdb b/hwdb/60-sensor.hwdb -index fcbdcabf30..2436ca7367 100644 +index fcbdcabf30..9dca1dd8d8 100644 --- a/hwdb/60-sensor.hwdb +++ b/hwdb/60-sensor.hwdb -@@ -47,6 +47,22 @@ - sensor:modalias:acpi:SMO8500*:dmi:*svn*ASUSTeK*:*pn*TP500LB* - ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 0 +@@ -41,14 +41,147 @@ + # + # Sort by brand, model ++######################################### ++# Acer ++######################################### ++sensor:modalias:acpi:BMA250E*:dmi:*:svnAcer:pnIconiaW1-810:* ++ ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ++ + ######################################### + # AsusTek + ######################################### +-sensor:modalias:acpi:SMO8500*:dmi:*svn*ASUSTeK*:*pn*TP500LB* +- ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 0 ++sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100CHI* ++ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ++ ++sensor:modalias:acpi:INVN6500*:dmi:*svnASUSTeK*:*pnT100TA* ++ ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ++ ++sensor:modalias:acpi:INVN6500*:dmi:*svn*ASUSTeK*:*pn*TP300LD* ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ +sensor:modalias:acpi:SMO8500*:dmi:*svn*ASUSTeK*:*pn*TP300LJ* + ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1 + +######################################### ++# Chuwi ++######################################### ++ ++# Chuwi Vi8 Plus ++sensor:modalias:acpi:BOSC0200*:dmi:*:svnHampoo:pnD2D3_Vi8A1:* ++ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1 ++ ++# Chuwi Hi8 Pro ++sensor:modalias:acpi:BOSC0200*:dmi:*:svnHampoo:pnX1D3_C806N:* ++ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1 ++ ++# Chuwi Hi13 ++sensor:modalias:acpi:KIOX000A*:dmi:svnChuwi*:pnHi13 ++ ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ++ ++######################################### ++# Cube ++######################################### ++ ++# Cube iWork8 Air ++sensor:modalias:acpi:KIOX000A*:dmi:*:svncube:pni1-TF:* ++ ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ++ ++# Cube i7 Stylus ++sensor:modalias:acpi:KIOX000A*:dmi:*:svnCube:pni7Stylus:* ++ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ++ ++######################################### +# Endless +######################################### +sensor:modalias:acpi:ACCE0001*:dmi:*svnEndless*:*pnELT-NL3* + ACCEL_MOUNT_MATRIX=0, 1, 0; 0, 0, -1; -1, 0, 0 + +######################################### ++# GP-electronic ++######################################### ++sensor:modalias:acpi:KIOX000A*:dmi:bvnINSYDECorp.:bvrBYT70A.YNCHENG.WIN.007:*:svnInsyde:pnT701:* ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ ++######################################### +# HP +######################################### +sensor:modalias:platform:lis3lv02d:dmi:*svn*Hewlett-Packard*:*pn*HPEliteBook8540w* +sensor:modalias:platform:lis3lv02d:dmi:*svn*Hewlett-Packard*:*pn*HPEliteBook8560w* + ACCEL_MOUNT_MATRIX=1, 0, 0; 0, 0, -1; 0, 1, 0 + ++sensor:modalias:acpi:SMO8500*:dmi:*:svnHewlett-Packard:pnHPStream7Tablet:* ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ ++######################################### ++# I.T.Works ++######################################### ++ ++# The I.T.Works TW891 2-in-1's DMI has the product-name field set, but not ++# the sys-vendor field. This makes the DMI data a bit generic, so we match ++# the whole dmi modalias, except for the BIOS version/date ++sensor:modalias:acpi:KIOX000A*:dmi:bvnAmericanMegatrendsInc.:*:svnTobefilledbyO.E.M.:pnTW891:pvrTobefilledbyO.E.M.:rvnTobefilledbyO.E.M.:rnTW891:rvr1.0:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.: ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 + ######################################### - # Winbook +-# Winbook ++# Jumper ######################################### +-sensor:modalias:acpi:BMA250*:dmi:*svn*WinBook*:*pn*TW100* +- ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 0 ++ ++# EZpad mini 3 ++sensor:modalias:acpi:BOSC0200*:dmi:bvnINSYDECorp.:bvrjumperx.T87.KFBNEE* ++ ACCEL_MOUNT_MATRIX=0, -1, 0; -1, 0, 0; 0, 0, 1 ++ ++######################################### ++# Lamina ++######################################### ++sensor:modalias:acpi:SMO8500*:dmi:*svnLamina*:*pnT701BR.SE* ++ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ++ ++sensor:modalias:acpi:KIOX000A*:dmi:*svnLAMINA:pnT-1016BNORD* ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ ++######################################### ++# Lenovo ++######################################### ++sensor:modalias:acpi:NCPE0388*:dmi:*:rnLenovoYOGA510-14IKB:* ++ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, -1, 0; 0, 0, 1 ++ ++######################################### ++# Peaq ++######################################### ++sensor:modalias:acpi:SMO8500*:dmi:*:svnPEAQ:pnPEAQPMMC1010MD99187:* ++ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ++ ++######################################### ++# Pipo ++######################################### ++sensor:modalias:acpi:KIOX000A*:dmi:*:svnPIPO:pnW2S:* ++ ACCEL_MOUNT_MATRIX=1, 0, 0; 0, -1, 0; 0, 0, 1 ++ ++######################################### ++# Ployer ++######################################### ++sensor:modalias:acpi:BMA250E*:dmi:*:svnShenzhenPLOYER*:pnMOMO7W:* ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ ++######################################### ++# Point of View ++######################################### ++ ++# The Point of View TAB-P800W does not have its product name filled, so we ++# match the entire dmi-alias, assuming that the use of a BMA250E + ++# bios-version + bios-date combo is unique ++sensor:modalias:acpi:BMA250E*:dmi:bvnAmericanMegatrendsInc.:bvr3BAIR1013:bd08/22/2014:svnTobefilledbyO.E.M.:pnTobefilledbyO.E.M.:pvrTobefilledbyO.E.M.:rvnAMICorporation:rnAptioCRB:rvrTobefilledbyO.E.M.:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.: ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ ++######################################### ++# Trekstor ++######################################### ++sensor:modalias:acpi:BMA250*:dmi:*:bvrTREK.G.WI71C.JGBMRBA*:*:svnInsyde:pnST70416-6:* ++ ACCEL_MOUNT_MATRIX=0, 1, 0; 1, 0, 0; 0, 0, 1 ++ ++######################################### ++# Cytrix (Mytrix) ++######################################### ++sensor:modalias:acpi:*KIOX000A*:dmi:*svn*CytrixTechnology:*pn*Complex11t* ++ ACCEL_MOUNT_MATRIX=-1, 0, 0; 0, 1, 0; 0, 0, 1 ++ +diff --git a/hwdb/70-joystick.hwdb b/hwdb/70-joystick.hwdb +new file mode 100644 +index 0000000000..9d5c4fc069 +--- /dev/null ++++ b/hwdb/70-joystick.hwdb +@@ -0,0 +1,50 @@ ++# This file is part of systemd. ++# ++# Database for joystick device information that cannot be queried directly. ++# ++# The lookup keys are composed in: ++# 70-joystick.rules ++# ++# Note: The format of the "joystick:" prefix match key is a ++# contract between the rules file and the hardware data, it might ++# change in later revisions to support more or better matches, it ++# is not necessarily expected to be a stable ABI. ++# ++# Match string format: ++# joystick::vp:name:: ++# ++# vid/pid as 4-digit hex lowercase vendor/product ++# ++# To add local entries, create a new file ++# /etc/udev/hwdb.d/71-joystick-local.hwdb ++# and add your rules there. To load the new rules execute (as root): ++# systemd-hwdb update ++# udevadm trigger /dev/input/eventXX ++# where /dev/input/eventXX is the joystick in question. If in ++# doubt, simply use /dev/input/event* to reload all input rules. ++# ++# If your changes are generally applicable, preferably send them as a pull ++# request to ++# https://github.com/systemd/systemd ++# or create a bug report on https://github.com/systemd/systemd/issues and ++# include your new rules, a description of the device, and the output of ++# udevadm info /dev/input/eventXX. ++# ++# Permitted keys: ++# Specify if a joystick is a built-in one or external: ++# ID_INPUT_JOYSTICK_INTEGRATION=internal|external ++# ++# If the property is missing, user-space can assume: ++# ID_INPUT_JOYSTICK_INTEGRATION=external ++ ++joystick:bluetooth:* ++ ID_INPUT_JOYSTICK_INTEGRATION=external ++ ++########################################################### ++# GPD ++########################################################### ++ ++# GPD Win, Classic and XBox 360 compat modes ++joystick:usb:v11c5p5507* ++joystick:usb:v045ep028e* ++ ID_INPUT_JOYSTICK_INTEGRATION=internal diff --git a/hwdb/70-mouse.hwdb b/hwdb/70-mouse.hwdb -index 772534f495..d49c472926 100644 +index 772534f495..bade5e4b05 100644 --- a/hwdb/70-mouse.hwdb +++ b/hwdb/70-mouse.hwdb -@@ -244,6 +244,14 @@ mouse:usb:v093ap2510:name:PIXART USB OPTICAL MOUSE: +@@ -198,6 +198,10 @@ mouse:usb:v413cp3012:name:Dell Dell USB Optical Mouse: + mouse:usb:v046dpc063:name:DELL DELL USB Laser Mouse: MOUSE_DPI=1000@125 ++# Dell MS116t ++mouse:usb:v413cp301a:name:PixArt Dell MS116 USB Optical Mouse: ++ MOUSE_DPI=1000@125 ++ + ########################################## + # Dynex + ######################################### +@@ -213,6 +217,26 @@ mouse:usb:v0461p4d46:name:USB Optical Mouse: + mouse:usb:v0461p4d16:name:USB Optical Mouse: + MOUSE_DPI=500@125 + ++########################################## ++# Future Technology Devices International ++########################################## ++ ++# SNES Mouse plugged into a Retrode 2 ++mouse:usb:v0403p97c1:name:Retrode SNES Mouse: ++ MOUSE_DPI=235@126 ++ ++########################################## ++# Generic ++########################################## ++ ++# FM-901 Wireless Mouse ++mouse:usb:v1ea7p000b:name:2.4G RF Mouse: ++ MOUSE_DPI=*800@125 1600@125 ++ ++# WK-727 ++mouse:usb:v04d9p0499:name:* ++ MOUSE_DPI=800@125 ++ + ########################################## + # HandShoe Mouse ########################################## +@@ -239,10 +263,23 @@ mouse:usb:v0458p0133:name:Mouse Laser Mouse: + MOUSE_WHEEL_CLICK_ANGLE=15 + + # HP X1000 ++# Dell MS111-T + mouse:usb:v093ap2510:name:PixArt USB Optical Mouse: + mouse:usb:v093ap2510:name:PIXART USB OPTICAL MOUSE: + MOUSE_DPI=1000@125 + ++# HP X1200 Optical Mouse ++mouse:usb:v03f0p0641:name:PixArt HP X1200 USB Optical Mouse: ++ MOUSE_DPI=1100@125 ++ ++########################################## +# IBM +########################################## + @@ -235,10 +566,57 @@ index 772534f495..d49c472926 100644 +mouse:usb:v04b3p3107:name:* + MOUSE_DPI=800@125 + -+########################################## + ########################################## # Lenovo ########################################## +@@ -291,6 +328,10 @@ mouse:usb:v046dpc03e:name:Logitech USB-PS/2 Optical Mouse: + mouse:usb:v046dpc401:name:Logitech USB-PS/2 Trackball: + MOUSE_DPI=400@125 ++# Logitech Cordless MouseMan Optical M-RM63 ++mouse:usb:v046dpc501:name:Logitech USB Receiver: ++ MOUSE_DPI=800@63 ++ + # Lenovo USB mouse model MO28UOL + mouse:usb:v04b3p310c:name:USB Optical Mouse: + MOUSE_DPI=400@142 +@@ -414,6 +455,10 @@ mouse:usb:v046dp4041:name:Logitech MX Master: + mouse:usb:v046dpc52e:name:Logitech USB Receiver: + MOUSE_DPI=1000@200 + ++# Logitech G100s Optical Gaming Mouse ++mouse:usb:v046dpc247:name:Logitech G100s Optical Gaming Mouse: ++ MOUSE_DPI=*1000@500 1750@500 2500@500 ++ + # Logitech G700 Laser Mouse (Wired) + mouse:usb:v046dpc06b:name:Logitech G700 Laser Mouse: + # Logitech G700 Laser Mouse (Wireless) +@@ -476,6 +521,10 @@ mouse:usb:v045ep0040:name:Microsoft Microsoft 3-Button Mouse with IntelliEye(TM) + mouse:usb:v045ep0745:name:Microsoft Microsoft® 2.4GHz Transceiver v6.0: + MOUSE_DPI=800@142 + ++# Microsoft Comfort Mouse 4500 ++mouse:usb:v045ep076c:name:Microsoft Microsoft® Comfort Mouse 4500: ++ MOUSE_DPI=1000@125 ++ + # Microsoft Wireless Mobile Mouse 4000 + mouse:usb:v045ep0745:name:Microsoft Microsoft® Nano Transceiver v2.0: + # Microsoft Sculpt Ergonomic Mouse +@@ -523,6 +572,14 @@ mouse:usb:v0e8fp00a7:name:DaKai 2.4G RX: + mouse:bluetooth:v056ep0061:name:Laser BTmouse: + MOUSE_DPI=*800@333 1600@333 + ++########################################## ++# P-Active ++########################################## ++ ++# P-Active Wireless Mouse PA-27K2 ++mouse:usb:v0425p0101:name:G-Tech CHINA USB Wireless Mouse & KeyBoard V1.01 : ++ MOUSE_DPI=800@125 ++ + ########################################## + # Razer + ########################################## diff --git a/hwdb/70-pointingstick.hwdb b/hwdb/70-pointingstick.hwdb index 65c87aeac7..f1a86ff20b 100644 --- a/hwdb/70-pointingstick.hwdb @@ -278,7 +656,7 @@ index 82a4b7a575..12d97de69b 100644 + ID_INPUT_TOUCHPAD_INTEGRATION=internal + diff --git a/hwdb/parse_hwdb.py b/hwdb/parse_hwdb.py -index b57e6f75aa..adf8a1963e 100755 +index b57e6f75aa..a25ac8d904 100755 --- a/hwdb/parse_hwdb.py +++ b/hwdb/parse_hwdb.py @@ -1,4 +1,4 @@ @@ -287,7 +665,19 @@ index b57e6f75aa..adf8a1963e 100755 # -*- Mode: python; coding: utf-8; indent-tabs-mode: nil -*- */ # # This file is part of systemd. It is distrubuted under the MIT license, see -@@ -112,6 +112,8 @@ def property_grammar(): +@@ -66,6 +66,7 @@ UDEV_TAG = Word(string.ascii_uppercase, alphanums + '_') + TYPES = {'mouse': ('usb', 'bluetooth', 'ps2', '*'), + 'evdev': ('name', 'atkbd', 'input'), + 'touchpad': ('i8042', 'rmi', 'bluetooth', 'usb'), ++ 'joystick': ('i8042', 'rmi', 'bluetooth', 'usb'), + 'keyboard': ('name', ), + 'sensor': ('modalias', ), + } +@@ -109,9 +110,12 @@ def property_grammar(): + ('MOUSE_WHEEL_TILT_VERTICAL', Literal('1')), + ('POINTINGSTICK_SENSITIVITY', INTEGER), + ('POINTINGSTICK_CONST_ACCEL', REAL), ++ ('ID_INPUT_JOYSTICK_INTEGRATION', Or(('internal', 'external'))), ('ID_INPUT_TOUCHPAD_INTEGRATION', Or(('internal', 'external'))), ('XKB_FIXED_LAYOUT', STRING), ('XKB_FIXED_VARIANT', STRING), @@ -296,3 +686,41 @@ index b57e6f75aa..adf8a1963e 100755 ('ACCEL_MOUNT_MATRIX', mount_matrix), ) fixed_props = [Literal(name)('NAME') - Suppress('=') - val('VALUE') +@@ -164,11 +168,27 @@ def check_one_default(prop, settings): + if len(defaults) > 1: + error('More than one star entry: {!r}', prop) + ++def check_one_mount_matrix(prop, value): ++ numbers = [s for s in value if s not in {';', ','}] ++ if len(numbers) != 9: ++ error('Wrong accel matrix: {!r}', prop) ++ try: ++ numbers = [abs(float(number)) for number in numbers] ++ except ValueError: ++ error('Wrong accel matrix: {!r}', prop) ++ bad_x, bad_y, bad_z = max(numbers[0:3]) == 0, max(numbers[3:6]) == 0, max(numbers[6:9]) == 0 ++ if bad_x or bad_y or bad_z: ++ error('Mount matrix is all zero in {} row: {!r}', ++ 'x' if bad_x else ('y' if bad_y else 'z'), ++ prop) ++ + def check_one_keycode(prop, value): + if value != '!' and ecodes is not None: + key = 'KEY_' + value.upper() + if key not in ecodes: +- error('Keycode {} unknown', key) ++ key = value.upper() ++ if key not in ecodes: ++ error('Keycode {} unknown', key) + + def check_properties(groups): + grammar = property_grammar() +@@ -188,6 +208,8 @@ def check_properties(groups): + prop_names.add(parsed.NAME) + if parsed.NAME == 'MOUSE_DPI': + check_one_default(prop, parsed.VALUE.SETTINGS) ++ elif parsed.NAME == 'ACCEL_MOUNT_MATRIX': ++ check_one_mount_matrix(prop, parsed.VALUE) + elif parsed.NAME.startswith('KEYBOARD_KEY_'): + check_one_keycode(prop, parsed.VALUE) + diff --git a/systemd.spec b/systemd.spec index eb505a2..4949d4b 100644 --- a/systemd.spec +++ b/systemd.spec @@ -13,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 233 -Release: 6%{?gitcommit:.git%{gitcommitshort}}%{?dist} +Release: 7%{?gitcommit:.git%{gitcommitshort}}%{?dist} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -43,7 +43,7 @@ Source12: https://raw.githubusercontent.com/systemd/systemd/1000522a60cead %if 0 GIT_DIR=../../src/systemd/.git git format-patch-ab --no-signature -M -N v233..v233-stable i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done|xclip -GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch +GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-10-26} -- hwdb/[67]* hwdb/parse_hwdb.py > hwdb.patch %endif Patch0001: 0001-dhcp-server-add-two-missing-OOM-checks.patch @@ -121,10 +121,29 @@ Patch0072: 0072-zsh-add-completion-for-add-wants-and-add-requires-60.patch Patch0073: 0073-udev-stop-freeing-value-after-using-it-for-setting-s.patch Patch0074: 0074-core-mount-pass-c-flag-to-bin-umount-6093.patch Patch0075: 0075-man-systemd-timesyncd.service-8-6109.patch -Patch0076: 0076-test-resolved-packet-add-a-simple-test-for-our-alloc.patch -Patch0077: 0077-resolved-simplify-alloc-size-calculation.patch -Patch0078: 0078-resolved-do-not-allocate-packets-with-minimum-size.patch -Patch0079: 0079-resolved-define-various-packet-sizes-as-unsigned.patch +Patch0076: 0076-fix-includes.patch +Patch0077: 0077-test-resolved-packet-add-a-simple-test-for-our-alloc.patch +Patch0078: 0078-resolved-simplify-alloc-size-calculation.patch +Patch0079: 0079-resolved-do-not-allocate-packets-with-minimum-size.patch +Patch0080: 0080-resolved-define-various-packet-sizes-as-unsigned.patch +Patch0081: 0081-virt-enable-detecting-QEMU-TCG-via-CPUID-6399.patch +Patch0082: 0082-rfkill-fix-erroneous-behavior-when-polling-the-udev-.patch +Patch0083: 0083-process-util-update-the-end-pointer-of-the-process-n.patch +Patch0084: 0084-cryptsetup-generator-do-not-bind-to-the-decrypted-de.patch +Patch0085: 0085-Load-virtio_rng-early-in-the-game-6710.patch +Patch0086: 0086-sd-bus-extend-D-Bus-authentication-timeout-considera.patch +Patch0087: 0087-timer-don-t-use-persietent-file-timestamps-from-the-.patch +Patch0088: 0088-shared-end-string-with-if-one-was-found-at-the-end-o.patch +Patch0089: 0089-string-util-use-size_t-for-strjoina-macro-6914.patch +Patch0090: 0090-resolved-fix-loop-on-packets-with-pseudo-dns-types.patch +Patch0091: 0091-cryptsetup-generator-add-a-helper-utility-to-create-.patch +Patch0092: 0092-units-order-cryptsetup-pre.target-before-cryptsetup..patch +Patch0093: 0093-units-add-remote-cryptsetup.target-and-remote-crypts.patch +Patch0094: 0094-cryptsetup-generator-use-remote-cryptsetup.target-wh.patch +Patch0095: 0095-units-add-Install-section-to-remote-cryptsetup.targe.patch +Patch0096: 0096-units-replace-remote-cryptsetup-pre.target-with-remo.patch +Patch0097: 0097-man-add-a-note-about-_netdev-usage.patch +Patch0098: 0098-units-make-remote-cryptsetup.target-also-after-crypt.patch Source0990: hwdb.patch @@ -1126,6 +1145,16 @@ getent passwd systemd-journal-upload &>/dev/null || useradd -r -l -g systemd-jou %{pkgdir}/tests %changelog +* Thu Oct 26 2017 Zbigniew Jędrzejewski-Szmek - 233-7 +- systemd-detect-virt QEMU CPUID logic update +- Fix cryptsetup devices disappearing when used for btrfs +- Fix rfkill on some thinkpads +- Extend dbus timeouts to handle slow dbus daemon startup +- Fix systemd-resolved DOS with crafted NSEC packets (LP#1725351) +- Backport /etc/crypttab _netdev feature from upstream + (v2, with crypttab _netdev units using remote-fs-pre.target) +- Update hwdb + * Tue Jun 27 2017 Zbigniew Jędrzejewski-Szmek - 233-6 - Tweak the patches a bit