diff --git a/backport-errno-ETIMEDOUT-is-also-a-connection-error.patch b/backport-errno-ETIMEDOUT-is-also-a-connection-error.patch new file mode 100644 index 0000000..a30a912 --- /dev/null +++ b/backport-errno-ETIMEDOUT-is-also-a-connection-error.patch @@ -0,0 +1,41 @@ +From 8d50c14252031c5f5d0d222f6d21acdc396035b0 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 6 Nov 2020 14:30:25 +0100 +Subject: [PATCH] errno: ETIMEDOUT is also a connection error + +Conflict: NA +Reference:https://github.com/systemd/systemd/commit/8d50c14252031c5f5d0d222f6d21acdc396035b0 + +--- + src/basic/errno-util.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h +index 0ca650f48f..383615c288 100644 +--- a/src/basic/errno-util.h ++++ b/src/basic/errno-util.h +@@ -50,7 +50,10 @@ static inline int errno_or_else(int fallback) { + /* Hint #1: ENETUNREACH happens if we try to connect to "non-existing" special IP addresses, such as ::5. + * + * Hint #2: The kernel sends e.g., EHOSTUNREACH or ENONET to userspace in some ICMP error cases. See the +- * icmp_err_convert[] in net/ipv4/icmp.c in the kernel sources */ ++ * icmp_err_convert[] in net/ipv4/icmp.c in the kernel sources. ++ * ++ * Hint #3: When asynchronous connect() on TCP fails because the host never acknowledges a single packet, ++ * kernel tells us that with ETIMEDOUT, see tcp(7). */ + static inline bool ERRNO_IS_DISCONNECT(int r) { + return IN_SET(abs(r), + ECONNABORTED, +@@ -66,7 +69,8 @@ static inline bool ERRNO_IS_DISCONNECT(int r) { + ENOTCONN, + EPIPE, + EPROTO, +- ESHUTDOWN); ++ ESHUTDOWN, ++ ETIMEDOUT); + } + + /* Transient errors we might get on accept() that we should ignore. As per error handling comment in +-- +2.23.0 + diff --git a/backport-fix-journal-regression.patch b/backport-fix-journal-regression.patch new file mode 100644 index 0000000..7ab2ad9 --- /dev/null +++ b/backport-fix-journal-regression.patch @@ -0,0 +1,36 @@ +From f9281a6e9b80c63512e38304b6ec2e05c4f2acba Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Georg=20M=C3=BCller?= +Date: Thu, 12 Mar 2020 20:02:21 +0100 +Subject: [PATCH] fix journalctl regression (#15099) + +This regression was introduced in #14913. + +The current_file variable can be NULL, as, for example, with the +following commands: + +* journalctl --list-boots +* journalctl -b -1 --no-pager + +Since current_file is only checked for pointer equality with f, removing +the assertion is safe here. +Reference: https://github.com/systemd/systemd/commit/f9281a6e9b80c63512e38304b6ec2e05c4f2acba +Conflict: NA +--- + src/journal/sd-journal.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index 72b7613..42056b5 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -443,7 +443,6 @@ _pure_ static int compare_with_location(const JournalFile *f, const Location *l, + + assert(f); + assert(l); +- assert(current_file); + assert(f->location_type == LOCATION_SEEK); + assert(IN_SET(l->type, LOCATION_DISCRETE, LOCATION_SEEK)); + +-- +2.23.0 + diff --git a/backport-fs-util-make-sure-we-output-normalized-paths-in-chas.patch b/backport-fs-util-make-sure-we-output-normalized-paths-in-chas.patch new file mode 100644 index 0000000..d86b365 --- /dev/null +++ b/backport-fs-util-make-sure-we-output-normalized-paths-in-chas.patch @@ -0,0 +1,75 @@ +From 47d7ab727cf5bd0697b17854a948971101b4e725 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 28 Jan 2020 21:56:10 +0100 +Subject: [PATCH 1479/1760] fs-util: make sure we output normalized paths in + chase_symlinks() + +Let's eat up multiple slashes. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1787089 +Replaces: #14687 +Reference: https://github.com/systemd/systemd/commit/47d7ab727cf5bd0697b17854a948971101b4e725 +Conflict: NA +--- + src/basic/fs-util.c | 21 +++++++++++++++++---- + 1 file changed, 17 insertions(+), 4 deletions(-) + +diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c +index 2e74917..6b14abd 100644 +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -787,6 +787,14 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + if (r < 0) + return r; + ++ /* Simplify the root directory, so that it has no duplicate slashes and nothing at the ++ * end. While we won't resolve the root path we still simplify it. Note that dropping the ++ * trailing slash should not change behaviour, since when opening it we specify O_DIRECTORY ++ * anyway. Moreover at the end of this function after processing everything we'll always turn ++ * the empty string back to "/". */ ++ delete_trailing_chars(root, "/"); ++ path_simplify(root, true); ++ + if (flags & CHASE_PREFIX_ROOT) { + + /* We don't support relative paths in combination with a root directory */ +@@ -823,11 +831,9 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + "Specified path '%s' is outside of specified root directory '%s', refusing to resolve.", + path, root); + +- /* Make sure "done" ends without a slash */ + done = strdup(root); + if (!done) + return -ENOMEM; +- delete_trailing_chars(done, "/"); + + /* Make sure "todo" starts with a slash */ + absolute = strjoin("/", e); +@@ -846,6 +852,15 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + + /* Determine length of first component in the path */ + n = strspn(todo, "/"); /* The slashes */ ++ ++ if (n > 1) { ++ /* If we are looking at more than a single slash then skip all but one, so that when ++ * we are done with everything we have a normalized path with only single slashes ++ * separating the path components. */ ++ todo += n - 1; ++ n = 1; ++ } ++ + m = n + strcspn(todo + n, "/"); /* The entire length of the component */ + + /* Extract the first component. */ +@@ -1002,8 +1017,6 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + done = strdup(root); + if (!done) + return -ENOMEM; +- +- delete_trailing_chars(done, "/"); + } + + /* Prefix what's left to do with what we just read, and start the loop again, but +-- +2.23.0 + diff --git a/backport-fs-util-when-calling-chase_symlinks-with-root-path-l.patch b/backport-fs-util-when-calling-chase_symlinks-with-root-path-l.patch new file mode 100644 index 0000000..292ada0 --- /dev/null +++ b/backport-fs-util-when-calling-chase_symlinks-with-root-path-l.patch @@ -0,0 +1,99 @@ +From c2595d3b02849b7baa94483f03cbc888e0c63ebd Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 28 Jan 2020 21:02:29 +0100 +Subject: [PATCH 1477/1760] fs-util: when calling chase_symlinks() with root + path, leave root part unresolved + +Previously there was a weird asymmetry: initially we'd resolve the +specified prefix path when chasing symlinks together with the actual +path we were supposed to cover, except when we hit an absolute symlink +where we'd use the root as it was. Let's unify handling here: the prefix +path is never resolved, and always left as it is. + +This in particular fixes issues with symlinks in the prefix path, as +that confused the check that made sure we never left the root directory. + +Fixes: #14634 +Replaces: #14635 +Reference: https://github.com/systemd/systemd/commit/c2595d3b02849b7baa94483f03cbc888e0c63ebd +Conflict: NA +--- + src/basic/fs-util.c | 34 +++++++++++++++++++++++++++++++--- + 1 file changed, 31 insertions(+), 3 deletions(-) + +diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c +index 5723c84..5ec3285 100644 +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -810,7 +810,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + if (r < 0) + return r; + +- fd = open("/", O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ fd = open(root ?: "/", O_CLOEXEC|O_DIRECTORY|O_PATH); + if (fd < 0) + return -errno; + +@@ -819,6 +819,33 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + return -errno; + } + ++ if (root) { ++ _cleanup_free_ char *absolute = NULL; ++ const char *e; ++ ++ /* If we are operating on a root directory, let's take the root directory as it is. */ ++ ++ e = path_startswith(buffer, root); ++ if (!e) ++ return log_full_errno(flags & CHASE_WARN ? LOG_WARNING : LOG_DEBUG, ++ SYNTHETIC_ERRNO(ECHRNG), ++ "Specified path '%s' is outside of specified root directory '%s', refusing to resolve.", ++ path, root); ++ ++ /* Make sure "done" ends without a slash */ ++ done = strdup(root); ++ if (!done) ++ return -ENOMEM; ++ delete_trailing_chars(done, "/"); ++ ++ /* Make sure "todo" starts with a slash */ ++ absolute = strjoin("/", e); ++ if (!absolute) ++ return -ENOMEM; ++ ++ free_and_replace(buffer, absolute); ++ } ++ + todo = buffer; + for (;;) { + _cleanup_free_ char *first = NULL; +@@ -930,7 +957,6 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + if (fstat(child, &st) < 0) + return -errno; + if ((flags & CHASE_SAFE) && +- (empty_or_root(root) || (size_t)(todo - buffer) > strlen(root)) && + unsafe_transition(&previous_stat, &st)) + return log_unsafe_transition(fd, child, path, flags); + +@@ -961,7 +987,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + * directory as base. */ + + safe_close(fd); +- fd = open(root ?: "/", O_CLOEXEC|O_NOFOLLOW|O_PATH); ++ fd = open(root ?: "/", O_CLOEXEC|O_DIRECTORY|O_PATH); + if (fd < 0) + return -errno; + +@@ -984,6 +1010,8 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags, + done = strdup(root); + if (!done) + return -ENOMEM; ++ ++ delete_trailing_chars(done, "/"); + } + + /* Prefix what's left to do with what we just read, and start the loop again, but +-- +1.8.3.1 + diff --git a/backport-journalctl-allow-running-vacuum-on-remote-journals-t.patch b/backport-journalctl-allow-running-vacuum-on-remote-journals-t.patch new file mode 100644 index 0000000..b9d0b1e --- /dev/null +++ b/backport-journalctl-allow-running-vacuum-on-remote-journals-t.patch @@ -0,0 +1,39 @@ +From c488660e6edb3c1375ab62514a8df035c3d712bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Kundr=C3=A1t?= +Date: Sat, 2 Nov 2019 16:42:01 +0100 +Subject: [PATCH 0497/1760] journalctl: allow running vacuum on remote + journals, too + +Right now the `systemd-journal-remote` service does not constrain its +resource usage (I just run out of space on my 100GB partition, for +example). This patch does not change that, but it at least makes it +possible to run something like: + + journalctl --directory /var/log/journal/remote --rotate --vacuum-size=90G + +fixes #2376 + +Co-authored-by: Mike Auty +Reference: https://github.com/systemd/systemd/commit/c488660e6edb3c1375ab62514a8df035c3d712bf +Conflict: NA +--- + src/journal/journalctl.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index 771c5c1..e5a2f6e 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -2240,9 +2240,6 @@ int main(int argc, char *argv[]) { + HASHMAP_FOREACH(d, j->directories_by_path, i) { + int q; + +- if (d->is_root) +- continue; +- + q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, !arg_quiet); + if (q < 0) { + log_error_errno(q, "Failed to vacuum %s: %m", d->path); +-- +1.8.3.1 + diff --git a/backport-journalctl-implement-facility-foo.patch b/backport-journalctl-implement-facility-foo.patch new file mode 100644 index 0000000..26ca393 --- /dev/null +++ b/backport-journalctl-implement-facility-foo.patch @@ -0,0 +1,189 @@ +From 196dedd50300e600a0b053af46fdcde6cb2c3034 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Thu, 27 Feb 2020 21:36:42 +0100 +Subject: [PATCH 1736/1760] journalctl: implement --facility=foo + +Fixes #9716. +Reference: https://github.com/systemd/systemd/commit/196dedd50300e600a0b053af46fdcde6cb2c3034 +Conflict: NA +--- + man/journalctl.xml | 10 +++++++ + src/journal/journalctl.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 88 insertions(+) + +diff --git a/man/journalctl.xml b/man/journalctl.xml +index 46b22be..2a685d1 100644 +--- a/man/journalctl.xml ++++ b/man/journalctl.xml +@@ -598,6 +598,16 @@ + + + ++ ++ ++ Filter output by syslog facility. Takes a comma-separated list of numbers or facility ++ names. The names are the usual syslog facilities as documented in ++ syslog3. ++ may be used to display a list of known facility names and exit. ++ ++ ++ ++ + + + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index 4e2a8f6..e5feec8 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -62,6 +62,7 @@ + #include "sigbus.h" + #include "string-table.h" + #include "strv.h" ++#include "stdio-util.h" + #include "syslog-util.h" + #include "terminal-util.h" + #include "tmpfile-util.h" +@@ -101,6 +102,7 @@ static const char *arg_directory = NULL; + static char **arg_file = NULL; + static bool arg_file_stdin = false; + static int arg_priorities = 0xFF; ++static Set *arg_facilities = NULL; + static char *arg_verify_key = NULL; + #if HAVE_GCRYPT + static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC; +@@ -303,6 +305,21 @@ static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset + return 1; + } + ++static int help_facilities(void) { ++ if (!arg_quiet) ++ puts("Available facilities:"); ++ ++ for (int i = 0; i < LOG_NFACILITIES; i++) { ++ _cleanup_free_ char *t = NULL; ++ ++ if (log_facility_unshifted_to_string_alloc(i, &t)) ++ return log_oom(); ++ puts(t); ++ } ++ ++ return 0; ++} ++ + static int help(void) { + _cleanup_free_ char *link = NULL; + int r; +@@ -332,6 +349,7 @@ static int help(void) { + " --user-unit=UNIT Show logs from the specified user unit\n" + " -t --identifier=STRING Show entries with the specified syslog identifier\n" + " -p --priority=RANGE Show entries with the specified priority\n" ++ " --facility=FACILITY... Show entries with the specified facilities\n" + " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n" + " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n" + " -e --pager-end Immediately jump to the end in the pager\n" +@@ -404,6 +422,7 @@ static int parse_argv(int argc, char *argv[]) { + ARG_SYSTEM, + ARG_ROOT, + ARG_HEADER, ++ ARG_FACILITY, + ARG_SETUP_KEYS, + ARG_FILE, + ARG_INTERVAL, +@@ -461,6 +480,7 @@ static int parse_argv(int argc, char *argv[]) { + { "header", no_argument, NULL, ARG_HEADER }, + { "identifier", required_argument, NULL, 't' }, + { "priority", required_argument, NULL, 'p' }, ++ { "facility", required_argument, NULL, ARG_FACILITY }, + { "grep", required_argument, NULL, 'g' }, + { "case-sensitive", optional_argument, NULL, ARG_CASE_SENSITIVE }, + { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS }, +@@ -832,6 +852,41 @@ static int parse_argv(int argc, char *argv[]) { + break; + } + ++ case ARG_FACILITY: { ++ const char *p; ++ ++ for (p = optarg;;) { ++ _cleanup_free_ char *fac = NULL; ++ int num; ++ ++ r = extract_first_word(&p, &fac, ",", 0); ++ if (r < 0) ++ return log_error_errno(r, "Failed to parse facilities: %s", optarg); ++ if (r == 0) ++ break; ++ ++ if (streq(fac, "help")) { ++ help_facilities(); ++ return 0; ++ } ++ ++ num = log_facility_unshifted_from_string(fac); ++ if (num < 0) ++ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), ++ "Bad --facility= argument \"%s\".", fac); ++ ++ r = set_ensure_allocated(&arg_facilities, NULL); ++ if (r < 0) ++ return log_oom(); ++ ++ r = set_put(arg_facilities, INT_TO_PTR(num)); ++ if (r < 0) ++ return log_oom(); ++ } ++ ++ break; ++ } ++ + #if HAVE_PCRE2 + case 'g': + arg_pattern = optarg; +@@ -1676,6 +1731,24 @@ static int add_priorities(sd_journal *j) { + return 0; + } + ++static int add_facilities(sd_journal *j) { ++ void *p; ++ Iterator it; ++ int r; ++ ++ SET_FOREACH(p, arg_facilities, it) { ++ char match[STRLEN("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)]; ++ ++ xsprintf(match, "SYSLOG_FACILITY=%d", PTR_TO_INT(p)); ++ ++ r = sd_journal_add_match(j, match, strlen(match)); ++ if (r < 0) ++ return log_error_errno(r, "Failed to add match: %m"); ++ } ++ ++ return 0; ++} ++ + static int add_syslog_identifier(sd_journal *j) { + int r; + char **i; +@@ -2314,6 +2387,10 @@ int main(int argc, char *argv[]) { + if (r < 0) + goto finish; + ++ r = add_facilities(j); ++ if (r < 0) ++ goto finish; ++ + r = add_matches(j, argv + optind); + if (r < 0) + goto finish; +@@ -2681,6 +2758,7 @@ finish: + + strv_free(arg_file); + ++ set_free(arg_facilities); + strv_free(arg_syslog_identifier); + strv_free(arg_system_units); + strv_free(arg_user_units); +-- +1.8.3.1 + diff --git a/backport-journalctl-show-duplicate-entries-if-they-are-from-t.patch b/backport-journalctl-show-duplicate-entries-if-they-are-from-t.patch new file mode 100644 index 0000000..71b1670 --- /dev/null +++ b/backport-journalctl-show-duplicate-entries-if-they-are-from-t.patch @@ -0,0 +1,59 @@ +From b6849042d610da90d5821a03967d648d424f7864 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Georg=20M=C3=BCller?= +Date: Thu, 20 Feb 2020 19:19:41 +0100 +Subject: [PATCH] journalctl: show duplicate entries if they are from the same + file (#14898) + +When having a service which intentionally outputs multiple equal lines, +all these messages might be inserted with the same timestamp. + +journalctl has a mechanism to avoid duplicate lines, which might be in +different journal files. + +This patch allows duplicate lines, if they are from the same file. +Reference: https://github.com/systemd/systemd/commit/b6849042d610da90d5821a03967d648d424f7864 +Conflict: NA +--- + src/journal/sd-journal.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index 3fa98dfda2..17998090f4 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -435,11 +435,12 @@ _public_ void sd_journal_flush_matches(sd_journal *j) { + detach_location(j); + } + +-_pure_ static int compare_with_location(JournalFile *f, Location *l) { ++_pure_ static int compare_with_location(const JournalFile *f, const Location *l, const JournalFile *current_file) { + int r; + + assert(f); + assert(l); ++ assert(current_file); + assert(f->location_type == LOCATION_SEEK); + assert(IN_SET(l->type, LOCATION_DISCRETE, LOCATION_SEEK)); + +@@ -448,7 +449,8 @@ _pure_ static int compare_with_location(JournalFile *f, Location *l) { + l->realtime_set && + f->current_realtime == l->realtime && + l->xor_hash_set && +- f->current_xor_hash == l->xor_hash) ++ f->current_xor_hash == l->xor_hash && ++ f != current_file) + return 0; + + if (l->seqnum_set && +@@ -787,7 +789,7 @@ static int next_beyond_location(sd_journal *j, JournalFile *f, direction_t direc + if (j->current_location.type == LOCATION_DISCRETE) { + int k; + +- k = compare_with_location(f, &j->current_location); ++ k = compare_with_location(f, &j->current_location, j->current_file); + + found = direction == DIRECTION_DOWN ? k > 0 : k < 0; + } else +-- +2.19.1 + diff --git a/backport-logind-check-PolicyKit-before-allowing-VT-switch.patch b/backport-logind-check-PolicyKit-before-allowing-VT-switch.patch new file mode 100644 index 0000000..0153a64 --- /dev/null +++ b/backport-logind-check-PolicyKit-before-allowing-VT-switch.patch @@ -0,0 +1,188 @@ +From 4acf0cfd2f92edb94ad48d04f1ce6c9ab4e19d55 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 22 Jan 2020 12:04:38 +0100 +Subject: [PATCH] logind: check PolicyKit before allowing VT switch + +Let's lock this down a bit. Effectively nothing much changes, since the +default PK policy will allow users on the VT to change VT. Only users +with no local VT session won't be able to switch VTs. +Reference: https://github.com/systemd/systemd/commit/4acf0cfd2f92edb94ad48d04f1ce6c9ab4e19d55 +Conflict: NA +--- + src/login/logind-dbus.c | 16 +++++++ + src/login/logind-seat-dbus.c | 58 ++++++++++++++++++++++++- + src/login/logind-session-dbus.c | 14 ++++++ + src/login/org.freedesktop.login1.policy | 10 +++++ + 4 files changed, 97 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 8017aa5c3c..52a7ea3c77 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1016,6 +1016,8 @@ static int method_activate_session(sd_bus_message *message, void *userdata, sd_b + if (r < 0) + return r; + ++ /* PolicyKit is done by bus_session_method_activate() */ ++ + return bus_session_method_activate(message, session, error); + } + +@@ -1047,6 +1049,20 @@ static int method_activate_session_on_seat(sd_bus_message *message, void *userda + return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, + "Session %s not on seat %s", session_name, seat_name); + ++ r = bus_verify_polkit_async( ++ message, ++ CAP_SYS_ADMIN, ++ "org.freedesktop.login1.chvt", ++ NULL, ++ false, ++ UID_INVALID, ++ &m->polkit_registry, ++ error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* Will call us back */ ++ + r = session_activate(session); + if (r < 0) + return r; +diff --git a/src/login/logind-seat-dbus.c b/src/login/logind-seat-dbus.c +index 5b41e60fd6..0a5df937cc 100644 +--- a/src/login/logind-seat-dbus.c ++++ b/src/login/logind-seat-dbus.c +@@ -178,6 +178,20 @@ static int method_activate_session(sd_bus_message *message, void *userdata, sd_b + if (session->seat != s) + return sd_bus_error_setf(error, BUS_ERROR_SESSION_NOT_ON_SEAT, "Session %s not on seat %s", name, s->id); + ++ r = bus_verify_polkit_async( ++ message, ++ CAP_SYS_ADMIN, ++ "org.freedesktop.login1.chvt", ++ NULL, ++ false, ++ UID_INVALID, ++ &s->manager->polkit_registry, ++ error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* Will call us back */ ++ + r = session_activate(session); + if (r < 0) + return r; +@@ -198,7 +212,21 @@ static int method_switch_to(sd_bus_message *message, void *userdata, sd_bus_erro + return r; + + if (to <= 0) +- return -EINVAL; ++ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid virtual terminal"); ++ ++ r = bus_verify_polkit_async( ++ message, ++ CAP_SYS_ADMIN, ++ "org.freedesktop.login1.chvt", ++ NULL, ++ false, ++ UID_INVALID, ++ &s->manager->polkit_registry, ++ error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* Will call us back */ + + r = seat_switch_to(s, to); + if (r < 0) +@@ -214,6 +242,20 @@ static int method_switch_to_next(sd_bus_message *message, void *userdata, sd_bus + assert(message); + assert(s); + ++ r = bus_verify_polkit_async( ++ message, ++ CAP_SYS_ADMIN, ++ "org.freedesktop.login1.chvt", ++ NULL, ++ false, ++ UID_INVALID, ++ &s->manager->polkit_registry, ++ error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* Will call us back */ ++ + r = seat_switch_to_next(s); + if (r < 0) + return r; +@@ -228,6 +270,20 @@ static int method_switch_to_previous(sd_bus_message *message, void *userdata, sd + assert(message); + assert(s); + ++ r = bus_verify_polkit_async( ++ message, ++ CAP_SYS_ADMIN, ++ "org.freedesktop.login1.chvt", ++ NULL, ++ false, ++ UID_INVALID, ++ &s->manager->polkit_registry, ++ error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* Will call us back */ ++ + r = seat_switch_to_previous(s); + if (r < 0) + return r; +diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c +index 3738514282..80ec89ba0a 100644 +--- a/src/login/logind-session-dbus.c ++++ b/src/login/logind-session-dbus.c +@@ -191,6 +191,20 @@ int bus_session_method_activate(sd_bus_message *message, void *userdata, sd_bus_ + assert(message); + assert(s); + ++ r = bus_verify_polkit_async( ++ message, ++ CAP_SYS_ADMIN, ++ "org.freedesktop.login1.chvt", ++ NULL, ++ false, ++ UID_INVALID, ++ &s->manager->polkit_registry, ++ error); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ return 1; /* Will call us back */ ++ + r = session_activate(s); + if (r < 0) + return r; +diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy +index 6dc79aa32a..a269c8e313 100644 +--- a/src/login/org.freedesktop.login1.policy ++++ b/src/login/org.freedesktop.login1.policy +@@ -391,4 +391,14 @@ + + + ++ ++ Change Session ++ Authentication is required for changing the virtual terminal. ++ ++ auth_admin_keep ++ auth_admin_keep ++ yes ++ ++ ++ + +-- +2.23.0 + diff --git a/backport-sd-bus-break-the-loop-in-bus_ensure_running-if-the-b.patch b/backport-sd-bus-break-the-loop-in-bus_ensure_running-if-the-b.patch new file mode 100644 index 0000000..5b8c513 --- /dev/null +++ b/backport-sd-bus-break-the-loop-in-bus_ensure_running-if-the-b.patch @@ -0,0 +1,47 @@ +From 93a59b1ae5d3bcb0ec1488ebc13d0d1ff4d1729a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Oct 2020 14:03:13 +0200 +Subject: [PATCH] sd-bus: break the loop in bus_ensure_running() if the bus is + not connecting + +This might fix #17025: +> the call trace is +> bus_ensure_running -> sd_bus_process -> bus_process_internal -> process_closeing --> sd_bus_close +> | +> \-> process_match + +We ended doing callouts to the Disconnected matches from bus_ensure_running() +and shouldn't. bus_ensure_running() should never do callouts. This change +should fix this however: once we notice that the connection is going down we +will now fail instantly with ENOTOCONN instead of calling any callbacks. + +URL: https://github.com/systemd/systemd/commit/93a59b1ae5d3bcb0ec1488ebc13d0d1ff4d1729a + +Reference: https://github.com/systemd/systemd/commit/93a59b1ae5d3bcb0ec1488ebc13d0d1ff4d1729a +Conflict: NA +--- + src/libsystemd/sd-bus/sd-bus.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 015a215c42..f9d426f4f2 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -2120,12 +2120,13 @@ int bus_ensure_running(sd_bus *bus) { + + assert(bus); + +- if (IN_SET(bus->state, BUS_UNSET, BUS_CLOSED, BUS_CLOSING)) +- return -ENOTCONN; + if (bus->state == BUS_RUNNING) + return 1; + + for (;;) { ++ if (IN_SET(bus->state, BUS_UNSET, BUS_CLOSED, BUS_CLOSING)) ++ return -ENOTCONN; ++ + r = sd_bus_process(bus, NULL); + if (r < 0) + return r; +-- +2.23.0 diff --git a/backport-systemctl-skip-non-existent-units-in-the-cat-verb.patch b/backport-systemctl-skip-non-existent-units-in-the-cat-verb.patch new file mode 100644 index 0000000..c272530 --- /dev/null +++ b/backport-systemctl-skip-non-existent-units-in-the-cat-verb.patch @@ -0,0 +1,58 @@ +From a25457f5b7689265bd2235c4da218896e7c5c1d0 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal +Date: Sat, 28 Dec 2019 12:29:19 +0100 +Subject: [PATCH 1110/1760] systemctl: skip non-existent units in the 'cat' + verb + +When processing list of units (either provided manually or as a +wildcard), let's skip units for which we don't have an on-disk +counterpart, but note the -ENOENT error code and propagate it back to +the user. + +Fixes: #14082 +Reference: https://github.com/systemd/systemd/commit/a25457f5b7689265bd2235c4da218896e7c5c1d0 +Conflict: NA +--- + src/systemctl/systemctl.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 20e0d45..3e4fc46 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -5937,7 +5937,7 @@ static int cat(int argc, char *argv[], void *userdata) { + char **name; + sd_bus *bus; + bool first = true; +- int r; ++ int r, rc = 0; + + /* Include all units by default — i.e. continue as if the --all + * option was used */ +@@ -5982,8 +5982,12 @@ static int cat(int argc, char *argv[], void *userdata) { + } + if (r < 0) + return r; +- if (r == 0) +- return -ENOENT; ++ if (r == 0) { ++ /* Skip units which have no on-disk counterpart, but ++ * propagate the error to the user */ ++ rc = -ENOENT; ++ continue; ++ } + + if (first) + first = false; +@@ -6009,7 +6013,7 @@ static int cat(int argc, char *argv[], void *userdata) { + return r; + } + +- return 0; ++ return rc; + } + + static int set_property(int argc, char *argv[], void *userdata) { +-- +1.8.3.1 + diff --git a/backport-test-add-test-for-the-non-resolving-of-chase_symlink.patch b/backport-test-add-test-for-the-non-resolving-of-chase_symlink.patch new file mode 100644 index 0000000..ac644b2 --- /dev/null +++ b/backport-test-add-test-for-the-non-resolving-of-chase_symlink.patch @@ -0,0 +1,35 @@ +From 6efb1257d10cd1ecdae6208d083af36f15e4c05f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 28 Jan 2020 21:40:58 +0100 +Subject: [PATCH 1478/1760] test: add test for the non-resolving of + chase_symlink() root prefix + +Reference: https://github.com/systemd/systemd/commit/6efb1257d10cd1ecdae6208d083af36f15e4c05f +Conflict: NA +--- + src/test/test-fs-util.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index ac8b95a..d5492d9 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -371,6 +371,15 @@ static void test_chase_symlinks(void) { + assert_se(streq("/usr", result)); + result = mfree(result); + ++ /* Make sure that symlinks in the "root" path are not resolved, but those below are */ ++ p = strjoina("/etc/..", temp, "/self"); ++ assert_se(symlink(".", p) >= 0); ++ q = strjoina(p, "/top/dot/dotdota"); ++ r = chase_symlinks(q, p, 0, &result); ++ assert_se(r > 0); ++ assert_se(path_equal(path_startswith(result, p), "usr")); ++ result = mfree(result); ++ + cleanup: + assert_se(rm_rf(temp, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0); + } +-- +1.8.3.1 + diff --git a/backport-test-fix-rename_noreplace-test.patch b/backport-test-fix-rename_noreplace-test.patch new file mode 100644 index 0000000..1c5eb7e --- /dev/null +++ b/backport-test-fix-rename_noreplace-test.patch @@ -0,0 +1,38 @@ +From bcb1eadc0cf8053d219c0b2cab1c46235506981d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 28 Jan 2020 21:40:03 +0100 +Subject: [PATCH 1481/1760] test: fix rename_noreplace() test + +This corrects the fix b81b9d406de, making the test operate like it was +originally. +Reference: https://github.com/systemd/systemd/commit/bcb1eadc0cf8053d219c0b2cab1c46235506981d +Conflict: NA +--- + src/test/test-fs-util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 1a5fd56..d0c6fb8 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -739,7 +739,7 @@ static void test_rename_noreplace(void) { + STRV_FOREACH(b, (char**) table) { + _cleanup_free_ char *w = NULL; + +- w = strjoin(w, *b); ++ w = strjoin(z, *b); + assert_se(w); + + if (access(w, F_OK) < 0) { +@@ -747,7 +747,7 @@ static void test_rename_noreplace(void) { + continue; + } + +- assert_se(rename_noreplace(AT_FDCWD, w, AT_FDCWD, y) == -EEXIST); ++ assert_se(rename_noreplace(AT_FDCWD, x, AT_FDCWD, w) == -EEXIST); + } + + y = strjoin(z, "/somethingelse"); +-- +1.8.3.1 + diff --git a/backport-test-make-sure-chase_symlink-returns-normalized-path.patch b/backport-test-make-sure-chase_symlink-returns-normalized-path.patch new file mode 100644 index 0000000..f09906e --- /dev/null +++ b/backport-test-make-sure-chase_symlink-returns-normalized-path.patch @@ -0,0 +1,27 @@ +From 3c7b4ebf94d167df835c4a5a21b813f803c23b05 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 28 Jan 2020 22:00:02 +0100 +Subject: [PATCH 1480/1760] test: make sure chase_symlink() returns normalized + paths + +Reference: https://github.com/systemd/systemd/commit/3c7b4ebf94d167df835c4a5a21b813f803c23b05 +Conflict: NA +--- + src/test/test-fs-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 8207beb..670a278 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -148,6 +148,7 @@ static void test_chase_symlinks(void) { + r = chase_symlinks(p, NULL, 0, &result); + assert_se(r > 0); + assert_se(path_equal(result, "/usr")); ++ assert_se(streq(result, "/usr")); /* we guarantee that we drop redundant slashes */ + result = mfree(result); + + r = chase_symlinks(p, temp, 0, &result); +-- +2.23.0 + diff --git a/systemd.spec b/systemd.spec index 00bc3fe..fbd62a1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 65 +Release: 66 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -247,6 +247,19 @@ Patch0199: backport-Fix-generator-name-in-hibernate-resume-generator-s-d.pa Patch0200: backport-udevadm-show-more-error-message-during-exporting-dat.patch Patch0201: backport-udevd-don-t-kill-worker-in-manager_kill_workers-when.patch Patch0202: backport-execute-Make-exec-prefix-ignore-PrivateTmp-yes.patch +Patch0203: backport-journalctl-allow-running-vacuum-on-remote-journals-t.patch +Patch0204: backport-systemctl-skip-non-existent-units-in-the-cat-verb.patch +Patch0205: backport-journalctl-implement-facility-foo.patch +Patch0206: backport-journalctl-show-duplicate-entries-if-they-are-from-t.patch +Patch0207: backport-fix-journal-regression.patch +Patch0208: backport-fs-util-when-calling-chase_symlinks-with-root-path-l.patch +Patch0209: backport-test-add-test-for-the-non-resolving-of-chase_symlink.patch +Patch0210: backport-fs-util-make-sure-we-output-normalized-paths-in-chas.patch +Patch0211: backport-test-make-sure-chase_symlink-returns-normalized-path.patch +Patch0212: backport-test-fix-rename_noreplace-test.patch +Patch0213: backport-logind-check-PolicyKit-before-allowing-VT-switch.patch +Patch0214: backport-errno-ETIMEDOUT-is-also-a-connection-error.patch +Patch0215: backport-sd-bus-break-the-loop-in-bus_ensure_running-if-the-b.patch #openEuler Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch @@ -1654,6 +1667,21 @@ fi %exclude /usr/share/man/man3/* %changelog +* Thu Dec 7 2023 huyubiao - 243-66 +- add backport-journalctl-allow-running-vacuum-on-remote-journals-t.patch + backport-systemctl-skip-non-existent-units-in-the-cat-verb.patch + backport-journalctl-implement-facility-foo.patch + backport-journalctl-show-duplicate-entries-if-they-are-from-t.patch + backport-fix-journal-regression.patch + backport-fs-util-when-calling-chase_symlinks-with-root-path-l.patch + backport-test-add-test-for-the-non-resolving-of-chase_symlink.patch + backport-fs-util-make-sure-we-output-normalized-paths-in-chas.patch + backport-test-make-sure-chase_symlink-returns-normalized-path.patch + backport-test-fix-rename_noreplace-test.patch + backport-logind-check-PolicyKit-before-allowing-VT-switch.patch + backport-errno-ETIMEDOUT-is-also-a-connection-error.patch + backport-sd-bus-break-the-loop-in-bus_ensure_running-if-the-b.patch + * Thu Dec 7 2023 huyubiao - 243-65 - add backport-execute-Make-exec-prefix-ignore-PrivateTmp-yes.patch