diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2019-09-06 10:28:05 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2019-09-06 10:28:05 +0100 |
| commit | f1af93971b7490792d8541bc790e0d8c6d787059 (patch) | |
| tree | a38046712bbc3a3844d77452d16c84e716caa3d4 /sys-apps/systemd | |
| parent | fc637fb28da700da71ec2064d65ca5a7a31b9c6c (diff) | |
gentoo resync : 06.08.2019
Diffstat (limited to 'sys-apps/systemd')
| -rw-r--r-- | sys-apps/systemd/Manifest | 14 | ||||
| -rw-r--r-- | sys-apps/systemd/files/243-rc1-analyze.patch | 125 | ||||
| -rw-r--r-- | sys-apps/systemd/files/243-rc1-cryptsetup.patch | 148 | ||||
| -rw-r--r-- | sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch | 31 | ||||
| -rw-r--r-- | sys-apps/systemd/files/243-rc1-udev-properties.patch | 53 | ||||
| -rw-r--r-- | sys-apps/systemd/files/CVE-2019-15718.patch | 31 | ||||
| -rw-r--r-- | sys-apps/systemd/files/CVE-2019-6454/0001-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch | 48 | ||||
| -rw-r--r-- | sys-apps/systemd/files/CVE-2019-6454/0002-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch | 188 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-242-r7.ebuild | 500 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-243_rc2-r1.ebuild (renamed from sys-apps/systemd/systemd-243_rc1-r2.ebuild) | 9 | ||||
| -rw-r--r-- | sys-apps/systemd/systemd-9999.ebuild | 2 |
11 files changed, 540 insertions, 609 deletions
diff --git a/sys-apps/systemd/Manifest b/sys-apps/systemd/Manifest index 81324f545fd5..34d9d638aa83 100644 --- a/sys-apps/systemd/Manifest +++ b/sys-apps/systemd/Manifest @@ -5,19 +5,15 @@ AUX 242-networkd-ipv6-token.patch 6525 BLAKE2B 4bbf64154f96419df91caf03f827f37bf AUX 242-rdrand-ryzen.patch 16177 BLAKE2B 7d1d3709098a233ba58727788b77c30025c0497fff9abb1df007e21160da3f93a7e9d14b0eeb7e6855bbe5fa93abfeda118156cbba355fc2976c83debcbb91d4 SHA512 38d00535a118b060accb8ed4e87681bab5e547270ef7e0abcdcf4766367e22761ffc35d0db7c829e86e0ad45f13cf4c761e71cfdfc70c2675056ef217c85618d AUX 242-socket-util-flush-accept.patch 2123 BLAKE2B 74bfbe440ae548b96d90b41ac45c440b21a63c61ae75a9d2b725d2bdec74a03aeca7b673a656821eb925e6740d6728a41d0dc30275287a92519b47d9c477c487 SHA512 7dd0daa70de4ee264d0b3dfe6f80b5e0c563e5bb5255ca2a92f26c4a993fca178f275f85c9048305b82b258d41c9bcbb28d74f9e2b6c2a0e77748464890cb907 AUX 242-wireguard-listenport.patch 1598 BLAKE2B 3266fe600db530ebb5b8eb726822daf14ee87292b035c09a1eb9a46638cc2dc3b8a3f11dd74684a79f3e521d3999b6b8c3a641f8f7475a5d45706567e00d26f6 SHA512 69e047000eb5ed36850bcbc6b8ef37a646b60a642a07a68547624e81aa6e49c77b848745ca4daad883151ddcaee9e7957ea6430f5a0c0c67ffc7887778f536e9 -AUX 243-rc1-analyze.patch 5053 BLAKE2B 5c2a5b320193406c7850762f51c007f94ba3ecba088539ac53f66a8e8af9c8c69b2e778b9d83776878505dc53a011321489b0259516e51ef27be576401d19a11 SHA512 49ce62b19e58b512997ad4c4d70f5f29c089890c502899a1bb930d9b69df00d7bed1d4e7e4a901cb1404df64add99037c04d962c95a05b0ac3b4e70a7023be7d -AUX 243-rc1-cryptsetup.patch 5712 BLAKE2B 614572e920f3fb914fa8b4d6317626613dd4fd3fc21630664bc008a874b2522d2cc7957c63e5989b7883eb22f225f82572dd15d5f4d1dff0884c1c2b6afb5e90 SHA512 e99c74bfa1857cd7f83b91b10ed6b93b83acad59ae333f4cf94f2b0d4fd3b8909fbdb4f488499456da45b4167bb32cd354caf473020f6edfcfaab23623a5391d -AUX 243-rc1-revert-logind-remove-unused-check.patch 1148 BLAKE2B 83b908c06bb452943e6f65e7c3acb7759eccada7eb0323eb20f60150f8d95c9186c0f3d6175cfc60ac4ef897b86b12ecd1fa094deec77cd2da7ab9da159987a4 SHA512 17f48b76508069093b4fc5b4678997e2c1f286bae0d10c4ffafd09b082e65d7fd7e6cc65a103628b930166aee8de201c2cac0a77afcef4e63adb7a2f670fdd91 -AUX 243-rc1-udev-properties.patch 1961 BLAKE2B 8f75ddf715de2c0ff8479dfdc276eb29c642658699a567b2cbdf1f91d230a8953d4b257e592fa07629e5fae952d8b3ea89d3d8e3ee51f13d9fd58bd52d02cfec SHA512 ea9bfca902cbb4fc90796026e66f11a564ac9b646aaed1221a33d8a531da109775d9e19cf0fb2115ef69d7e12ea1511c423d7992f08e2faec4c22e0b41c77eec -AUX CVE-2019-6454/0001-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch 1848 BLAKE2B 348c35881ce039f92d8fc8dc8c87af2efa95696afbe79ad8fc4e01129524bdf28b529ab86ec611d08446e589176c0678018d94d8c5fc068c65ab4eb429746cf9 SHA512 693afe328ebc20d34cbf07c632a8da90ee293147e793a599a4d2aac6f757738bfab93048a2f8ed6e68d16f865e9b4112e737c692ad01c7d4946f8c430714161d -AUX CVE-2019-6454/0002-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch 6660 BLAKE2B 45acb2595245a5cbd10c2a9c7ffa2db0c4bd5b03ef8dc25eb51fc35dd51a49b3acd18bf4cf8db7f639e7a4e61592f3ce0bcb031bf27b0bf3ae6fc96c74445f77 SHA512 7c082ab4effc36543bab08700b84a3ccddfba5d5e87b324d6b935d75f5debb7a5f7be1c2e21208e8d1715f5d40619c8f775629acdde40d3c7b2f406b5c6d9460 +AUX CVE-2019-15718.patch 1232 BLAKE2B e5be62414a1f9c19c8834e093d166a025fbd5215223845df365c70afb35487bd393bcd5463a046107e384a43976dcbb57e9e0a4013355558982abe8b6baf35de SHA512 45017c2c6ff5b16206e4c2e78c82c231372fd13c965a64908d70c0019a0894f1599a4412df3efc1ad6b799df018c05560fbbc8a24ffb86f793a149d9aec2080f AUX gentoo-Dont-enable-audit-by-default.patch 1027 BLAKE2B 9193a409db4e5c1dec6f6b66ee6e0a4cc1ada49d41ab758c788cf12534fffb67bd7370b8558a6af56572d7f2b73cf47db255fef105e56362c15f0a426f80b256 SHA512 44e512d8bbadbc5714192896a3ba262e460af034846e4e9b9832b4143fff772e2734e655316fd88d1ef386509bd234c195dce2087348f220836b3bf4f26790e0 AUX gentoo-generator-path-r1.patch 1037 BLAKE2B 5eb80521a6726c9b4693f9b0f56d3e68fca1a49f5f5eb5a1576329d30c93d2fe7c121920099d74962eacf7ed1d3747250f103a57e4be246320a99871521a3b6a SHA512 1b0d1c2f96cb4aa95adfa5940efaeb2bd940110720399358317906d21d08b0caf625474980e101bba001afd626f8ad64367b09b40bec0b2d46b977021c4adfc5 AUX gentoo-systemd-user-pam.patch 443 BLAKE2B fad5c24f35666313efbf1e33640320058022fe17acff869a80104ed87ce0ad7ebaa1498915f8e933985e9c2d66d77172eb21ab480fc4fa857e0e5b985735831a SHA512 0a47368b1b38995a4193492e3add5c716c063366a9bc53dec03b7cb59b524da644033e095344da6e15e01dc84d8f5b335e7510442eeaba26e06918403fed0e5c AUX nsswitch.conf 734 BLAKE2B 5f5a7821a84f6c8aa31fe9a68c29a1a0f24be578d427a623f14a9ef795e7da481f226efe5511d92932b5edf5638fa719808a0c3a0b8fd340799dd6bcb703a0a1 SHA512 dcbd51dacaaebdff32edb3840cc7b9b47b6521009b8786690e3673a2e78bc60bfd8e591b1048c5d452117c6659b9917ae2864462f5057cc39b704b0130522e60 DIST systemd-242.tar.gz 7831435 BLAKE2B 288e65d0a8e133ef5885689eb16118a83d93c730e342da63115cea0892fc999104c3a4856c83f3e7ef909ba2f3311146730b05ee02d84cc0400851ccbdcd54cd SHA512 578f68a3c8f2d454198fc04ff8d943abcfb390531d57f9603d185857f7afa7f4dc641dafecf49ce50fe22f5837b252b181400891e8efd4459fd4f69bb4283cb4 -DIST systemd-243-rc1.tar.gz 8209533 BLAKE2B 6f28d839563104b488bfe030483bf1b24c3d01cedb59ffa655f03a37d7c636c2daef34ca9d13b9fbe848b131d21920138583c63a049c1747f7e569c68384c0bf SHA512 6626d7fd5781578d01a30c0d2647a293668d0819f2f85ce78a6aaf62ae1aa4b2c687cf237ca833c5befbc00321a344ff5ca56747cedc6ce00cd0f51c71dd25ff +DIST systemd-243-rc2.tar.gz 8239802 BLAKE2B 9ab6a12f6dff855265be381616601fb2caf79be810bba7f5c24fa6e91ae34d8d1ead0ae1b45c374e8c9752b883daba01863e5622ef1d34718e8390c0ad837cf0 SHA512 7e9b996c1eeb299fb971f2fd4a39fa62c7cc9178bacaaae6c168008dec438f392b949deb72d08f27060b3cde54b46b70f6a18b1bc70725a56ca2a28a1f96b6a1 EBUILD systemd-242-r6.ebuild 14156 BLAKE2B e3f993817df49534a0fa0960f7232ee6168330511bbba2deef09d58e0e3d1e6efa727bc5909151683b77604e51d872daf4d05346e5ef6e1daa3270e9b331d3ee SHA512 9a4e424d9cf0dffe5928d9238c6173d7376db0a7f4b9e547f49d939759c47d74e51ed00584ec0410c33474bae33f47b4f2053b204fe2c5236d2c3a0c10e0855a -EBUILD systemd-243_rc1-r2.ebuild 13916 BLAKE2B 4a9a326ba07267db738329ef758dbdde4a024807b630429f50117ac33186684798590b5105daeb18e36480b9b2a6594d8254702f5cfb7c2629d78d05b8efd18e SHA512 5d94ab7d327be92c9ddee57f6d26fa8f4d9d825df7745d9a3fb3b14fb52ab519cc89fa6622b18b62cf6351c843e3ce39fe782c639054ef9aa1f7abe8aa890db3 -EBUILD systemd-9999.ebuild 13734 BLAKE2B a5d5c38099bef787f76aada7cf222b64ec329e054085a106d5bcfaecc02b13dad1670e6b0e016fd000974b87270fad5fb1fff39e1ef615b1fdf786dfe2c27164 SHA512 6ea1c2a6c4642be7d2cef52d180a8f7334c22ea71eb3d4530d5403f3eb6b39c8afd6c213828b1071bab401a59204d52297310945fc6df2de95856918a4e6469e +EBUILD systemd-242-r7.ebuild 14199 BLAKE2B 78e3e55ab8c5d82b955a7ac08173bc2d87331e04b50fdac3df941f50f93d59ddb69b95d3dd3cf49fb1c69bf0a0acf1cc89a13600b8a0500c83f7e9dd3d3c9a28 SHA512 58f66c35f4026c2471bf59b559208882591b68f04a84cc551a4dc9987c8df7cd8ed33c9bf97d60b2026e4e89b963e1b7f088d7b18640793a5601d59cf68cfb7c +EBUILD systemd-243_rc2-r1.ebuild 13774 BLAKE2B f2e4e2d00e151684203b1029d60532204afaf0edd7583418ce639097ecc89a83848c81ac61b8809772d86974f3d078a713aca60869696f4dd22c3e4a962681ff SHA512 7da1b91da0f77f1da31f68f0b56f902dc3cbc128fe514c705c0576677f7911baebed8eeab3ee75bce791fac3b6d3ab9f7fed0bfbe013383f7fbf42b3205f0394 +EBUILD systemd-9999.ebuild 13737 BLAKE2B 1bfaba9766c5182b54dd9cceb42b21a8a3c0fbd215270b015c051b582e1b54dfec9a4c2efc3b0a839b210ccc3f193cfe88535447437d7dbcf181b0256080a521 SHA512 7aff86c80448ac59fdb2c7bee4774836a794f47fde879793e1cf67ad37cd046335831eb3beb3d81aa5d5f7b2f9115995e8d5658f32b97298a9d87c2d82e0750d MISC metadata.xml 2126 BLAKE2B 8478ef3f19109c9654e894b20148d06a38ae0ffc45d47425fd4275825ba2d28c1de8ebf2e0a67d30a1ce88df9cbf1a04ea3a57a2e37127378f6e3ee5f3efccfd SHA512 642f406a6aee2644920aefdfcd14fb956eab1de98054a9b68e0b4e5683b7ca9b7e3f6dbbfec0d5a21b2eb96fee3511deae0cb4cf69f799b20a04528151f51da8 diff --git a/sys-apps/systemd/files/243-rc1-analyze.patch b/sys-apps/systemd/files/243-rc1-analyze.patch deleted file mode 100644 index e38b51eb1210..000000000000 --- a/sys-apps/systemd/files/243-rc1-analyze.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 417b82e1c341946d277383471f2972b7227061ff Mon Sep 17 00:00:00 2001 -From: Mike Gilbert <floppym@gentoo.org> -Date: Tue, 30 Jul 2019 14:51:38 -0400 -Subject: [PATCH] analyze: declare dump_exit_status outside of HAVE_SECCOMP - block - -Fixes: 76ed04d936f757763c32db5dbaaebd8b13785d7b -Closes: https://github.com/systemd/systemd/issues/13230 ---- - src/analyze/analyze.c | 92 +++++++++++++++++++++---------------------- - 1 file changed, 46 insertions(+), 46 deletions(-) - -diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c -index f62879371d..4d81026084 100644 ---- a/src/analyze/analyze.c -+++ b/src/analyze/analyze.c -@@ -1608,6 +1608,52 @@ static int dump_unit_paths(int argc, char *argv[], void *userdata) { - return 0; - } - -+static int dump_exit_status(int argc, char *argv[], void *userdata) { -+ _cleanup_(table_unrefp) Table *table = NULL; -+ int r; -+ -+ table = table_new("name", "status", "class"); -+ if (!table) -+ return log_oom(); -+ -+ r = table_set_align_percent(table, table_get_cell(table, 0, 1), 100); -+ if (r < 0) -+ return log_error_errno(r, "Failed to right-align status: %m"); -+ -+ if (strv_isempty(strv_skip(argv, 1))) -+ for (size_t i = 0; i < ELEMENTSOF(exit_status_mappings); i++) { -+ if (!exit_status_mappings[i].name) -+ continue; -+ -+ r = table_add_many(table, -+ TABLE_STRING, exit_status_mappings[i].name, -+ TABLE_INT, (int) i, -+ TABLE_STRING, exit_status_class(i)); -+ if (r < 0) -+ return r; -+ } -+ else -+ for (int i = 1; i < argc; i++) { -+ int status; -+ -+ status = exit_status_from_string(argv[i]); -+ if (status < 0) -+ return log_error_errno(r, "Invalid exit status \"%s\": %m", argv[i]); -+ -+ assert(status >= 0 && (size_t) status < ELEMENTSOF(exit_status_mappings)); -+ r = table_add_many(table, -+ TABLE_STRING, exit_status_mappings[status].name ?: "-", -+ TABLE_INT, status, -+ TABLE_STRING, exit_status_class(status) ?: "-"); -+ if (r < 0) -+ return r; -+ } -+ -+ (void) pager_open(arg_pager_flags); -+ -+ return table_print(table, NULL); -+} -+ - #if HAVE_SECCOMP - - static int load_kernel_syscalls(Set **ret) { -@@ -1685,52 +1731,6 @@ static void dump_syscall_filter(const SyscallFilterSet *set) { - printf(" %s%s%s\n", syscall[0] == '@' ? ansi_underline() : "", syscall, ansi_normal()); - } - --static int dump_exit_status(int argc, char *argv[], void *userdata) { -- _cleanup_(table_unrefp) Table *table = NULL; -- int r; -- -- table = table_new("name", "status", "class"); -- if (!table) -- return log_oom(); -- -- r = table_set_align_percent(table, table_get_cell(table, 0, 1), 100); -- if (r < 0) -- return log_error_errno(r, "Failed to right-align status: %m"); -- -- if (strv_isempty(strv_skip(argv, 1))) -- for (size_t i = 0; i < ELEMENTSOF(exit_status_mappings); i++) { -- if (!exit_status_mappings[i].name) -- continue; -- -- r = table_add_many(table, -- TABLE_STRING, exit_status_mappings[i].name, -- TABLE_INT, (int) i, -- TABLE_STRING, exit_status_class(i)); -- if (r < 0) -- return r; -- } -- else -- for (int i = 1; i < argc; i++) { -- int status; -- -- status = exit_status_from_string(argv[i]); -- if (status < 0) -- return log_error_errno(r, "Invalid exit status \"%s\": %m", argv[i]); -- -- assert(status >= 0 && (size_t) status < ELEMENTSOF(exit_status_mappings)); -- r = table_add_many(table, -- TABLE_STRING, exit_status_mappings[status].name ?: "-", -- TABLE_INT, status, -- TABLE_STRING, exit_status_class(status) ?: "-"); -- if (r < 0) -- return r; -- } -- -- (void) pager_open(arg_pager_flags); -- -- return table_print(table, NULL); --} -- - static int dump_syscall_filters(int argc, char *argv[], void *userdata) { - bool first = true; - --- -2.22.0 - diff --git a/sys-apps/systemd/files/243-rc1-cryptsetup.patch b/sys-apps/systemd/files/243-rc1-cryptsetup.patch deleted file mode 100644 index e922d4d29cbd..000000000000 --- a/sys-apps/systemd/files/243-rc1-cryptsetup.patch +++ /dev/null @@ -1,148 +0,0 @@ -From f4ea8432e67110b73b07dd0e47a5339d83b350fb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Wed, 31 Jul 2019 09:38:15 +0200 -Subject: [PATCH] cryptsetup-generator: fix coverity issue - -Fixes coverity issue 1403772 ---- - src/cryptsetup/cryptsetup-generator.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index c51bb9ae189..960f4762b7d 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -46,30 +46,30 @@ STATIC_DESTRUCTOR_REGISTER(arg_disks, hashmap_freep); - STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep); - STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep); - --static int split_keyspec(const char *keyspec, char **keyfile, char **keydev) { -+static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) { - _cleanup_free_ char *kfile = NULL, *kdev = NULL; -- char *c; -+ const char *c; - - assert(keyspec); -- assert(keyfile); -- assert(keydev); -+ assert(ret_keyfile); -+ assert(ret_keydev); - - c = strrchr(keyspec, ':'); - if (c) { - kfile = strndup(keyspec, c-keyspec); - kdev = strdup(c + 1); -- if (!*kfile || !*kdev) -+ if (!kfile || !kdev) - return log_oom(); - } else { - /* No keydev specified */ - kfile = strdup(keyspec); - kdev = NULL; -- if (!*kfile) -+ if (!kfile) - return log_oom(); - } - -- *keyfile = TAKE_PTR(kfile); -- *keydev = TAKE_PTR(kdev); -+ *ret_keyfile = TAKE_PTR(kfile); -+ *ret_keydev = TAKE_PTR(kdev); - - return 0; - } -From 5d2100dc4c32abbce4109e75cbfbbef6e1b2b7b1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Thu, 1 Aug 2019 08:13:13 +0200 -Subject: [PATCH] cryptsetup: use unabbrieviated variable names - -Now that "ret_" has been added to the output variables, we can name -the internal variables without artificial abbrevs. ---- - src/cryptsetup/cryptsetup-generator.c | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index 960f4762b7d..84483143945 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -47,7 +47,7 @@ STATIC_DESTRUCTOR_REGISTER(arg_default_options, freep); - STATIC_DESTRUCTOR_REGISTER(arg_default_keyfile, freep); - - static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_keydev) { -- _cleanup_free_ char *kfile = NULL, *kdev = NULL; -+ _cleanup_free_ char *keyfile = NULL, *keydev = NULL; - const char *c; - - assert(keyspec); -@@ -56,20 +56,20 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key - - c = strrchr(keyspec, ':'); - if (c) { -- kfile = strndup(keyspec, c-keyspec); -- kdev = strdup(c + 1); -- if (!kfile || !kdev) -+ keyfile = strndup(keyspec, c-keyspec); -+ keydev = strdup(c + 1); -+ if (!keyfile || !keydev) - return log_oom(); - } else { - /* No keydev specified */ -- kfile = strdup(keyspec); -- kdev = NULL; -- if (!kfile) -+ keyfile = strdup(keyspec); -+ keydev = NULL; -+ if (!keyfile) - return log_oom(); - } - -- *ret_keyfile = TAKE_PTR(kfile); -- *ret_keydev = TAKE_PTR(kdev); -+ *ret_keyfile = TAKE_PTR(keyfile); -+ *ret_keydev = TAKE_PTR(keydev); - - return 0; - } -From fef716b28be6e866b8afe995805d5ebe2af6bbfa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Thu, 1 Aug 2019 08:15:43 +0200 -Subject: [PATCH] cryptsetup: don't assert on variable which is optional - -https://github.com/systemd/systemd/commit/50d2eba27b9bfc77ef6b40e5721713846815418b#commitcomment-34519739 - -In add_crypttab_devices() split_keyspec is called on the keyfile argument, -which may be NULL. ---- - src/cryptsetup/cryptsetup-generator.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c -index 84483143945..4815ded753f 100644 ---- a/src/cryptsetup/cryptsetup-generator.c -+++ b/src/cryptsetup/cryptsetup-generator.c -@@ -50,10 +50,14 @@ static int split_keyspec(const char *keyspec, char **ret_keyfile, char **ret_key - _cleanup_free_ char *keyfile = NULL, *keydev = NULL; - const char *c; - -- assert(keyspec); - assert(ret_keyfile); - assert(ret_keydev); - -+ if (!keyspec) { -+ *ret_keyfile = *ret_keydev = NULL; -+ return 0; -+ } -+ - c = strrchr(keyspec, ':'); - if (c) { - keyfile = strndup(keyspec, c-keyspec); -@@ -567,7 +571,7 @@ static int add_crypttab_devices(void) { - } - - for (;;) { -- _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keydev = NULL, *keyfile = NULL, *keyspec = NULL, *options = NULL; -+ _cleanup_free_ char *line = NULL, *name = NULL, *device = NULL, *keyspec = NULL, *options = NULL, *keyfile = NULL, *keydev = NULL; - crypto_device *d = NULL; - char *l, *uuid; - int k; diff --git a/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch b/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch deleted file mode 100644 index 30a20c17661d..000000000000 --- a/sys-apps/systemd/files/243-rc1-revert-logind-remove-unused-check.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 18f689b1fa35c53580da62bfce875fb15d20d448 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe <watanabe.yu+github@gmail.com> -Date: Sun, 4 Aug 2019 05:43:34 +0900 -Subject: [PATCH] Revert "logind: remove unused check" - -This reverts commit f2330acda408a34451d5e15380fcdd225a672473. - -Fixes #13255. ---- - src/login/logind-action.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/login/logind-action.c b/src/login/logind-action.c -index fa92f4870a2..140953eec10 100644 ---- a/src/login/logind-action.c -+++ b/src/login/logind-action.c -@@ -61,8 +61,12 @@ int manager_handle_action( - int r; - - assert(m); -- /* We should be called only with valid actions different than HANDLE_IGNORE. */ -- assert(handle > HANDLE_IGNORE && handle < _HANDLE_ACTION_MAX); -+ -+ /* If the key handling is turned off, don't do anything */ -+ if (handle == HANDLE_IGNORE) { -+ log_debug("Refusing operation, as it is turned off."); -+ return 0; -+ } - - if (inhibit_key == INHIBIT_HANDLE_LID_SWITCH) { - /* If the last system suspend or startup is too close, diff --git a/sys-apps/systemd/files/243-rc1-udev-properties.patch b/sys-apps/systemd/files/243-rc1-udev-properties.patch deleted file mode 100644 index 5e2ffa1868a3..000000000000 --- a/sys-apps/systemd/files/243-rc1-udev-properties.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 41c81c4a626fda0969fc09ddeb8addb7aae6e4d9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe <watanabe.yu+github@gmail.com> -Date: Sun, 4 Aug 2019 06:08:06 +0900 -Subject: [PATCH] udev: do not try to import properties on commented out lines - -Fixes #13257. ---- - src/udev/udev-rules.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c -index 3473a7eb7e5..1642f105354 100644 ---- a/src/udev/udev-rules.c -+++ b/src/udev/udev-rules.c -@@ -1401,8 +1401,10 @@ static int get_property_from_string(char *line, char **ret_key, char **ret_value - key = skip_leading_chars(line, NULL); - - /* comment or empty line */ -- if (IN_SET(key[0], '#', '\0')) -+ if (IN_SET(key[0], '#', '\0')) { -+ *ret_key = *ret_value = NULL; - return 0; -+ } - - /* split key/value */ - val = strchr(key, '='); -@@ -1429,7 +1431,7 @@ static int get_property_from_string(char *line, char **ret_key, char **ret_value - - *ret_key = key; - *ret_value = val; -- return 0; -+ return 1; - } - - static int import_parent_into_properties(sd_device *dev, const char *filter) { -@@ -1681,6 +1683,8 @@ static int udev_rule_apply_token_to_event( - line); - continue; - } -+ if (r == 0) -+ continue; - - r = device_add_property(dev, key, value); - if (r < 0) -@@ -1719,6 +1723,8 @@ static int udev_rule_apply_token_to_event( - line); - continue; - } -+ if (r == 0) -+ continue; - - r = device_add_property(dev, key, value); - if (r < 0) diff --git a/sys-apps/systemd/files/CVE-2019-15718.patch b/sys-apps/systemd/files/CVE-2019-15718.patch new file mode 100644 index 000000000000..8186f7096f82 --- /dev/null +++ b/sys-apps/systemd/files/CVE-2019-15718.patch @@ -0,0 +1,31 @@ +From 35e528018f315798d3bffcb592b32a0d8f5162bd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 27 Aug 2019 19:00:34 +0200 +Subject: [PATCH] shared/but-util: drop trusted annotation from + bus_open_system_watch_bind_with_description() + +https://bugzilla.redhat.com/show_bug.cgi?id=1746057 + +This only affects systemd-resolved. bus_open_system_watch_bind_with_description() +is also used in timesyncd, but it has no methods, only read-only properties, and +in networkd, but it annotates all methods with SD_BUS_VTABLE_UNPRIVILEGED and does +polkit checks. +--- + src/shared/bus-util.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c +index 6af115e7aa..821339d4ae 100644 +--- a/src/shared/bus-util.c ++++ b/src/shared/bus-util.c +@@ -1705,10 +1705,6 @@ int bus_open_system_watch_bind_with_description(sd_bus **ret, const char *descri + if (r < 0) + return r; + +- r = sd_bus_set_trusted(bus, true); +- if (r < 0) +- return r; +- + r = sd_bus_negotiate_creds(bus, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS); + if (r < 0) + return r; diff --git a/sys-apps/systemd/files/CVE-2019-6454/0001-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch b/sys-apps/systemd/files/CVE-2019-6454/0001-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch deleted file mode 100644 index 6a0c8d1b0c51..000000000000 --- a/sys-apps/systemd/files/CVE-2019-6454/0001-Refuse-dbus-message-paths-longer-than-BUS_PATH_SIZE_.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 29de632674473729d1e9497b6fe47e7c88682ed9 Mon Sep 17 00:00:00 2001 -From: Riccardo Schirone <rschiron@redhat.com> -Date: Mon, 4 Feb 2019 14:29:09 +0100 -Subject: [PATCH 1/3] Refuse dbus message paths longer than BUS_PATH_SIZE_MAX - limit. - -Even though the dbus specification does not enforce any length limit on the -path of a dbus message, having to analyze too long strings in PID1 may be -time-consuming and it may have security impacts. - -In any case, the limit is set so high that real-life applications should not -have a problem with it. ---- - src/libsystemd/sd-bus/bus-internal.c | 2 +- - src/libsystemd/sd-bus/bus-internal.h | 4 ++++ - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c -index 40acae2133..598b7f110c 100644 ---- a/src/libsystemd/sd-bus/bus-internal.c -+++ b/src/libsystemd/sd-bus/bus-internal.c -@@ -43,7 +43,7 @@ bool object_path_is_valid(const char *p) { - if (slash) - return false; - -- return true; -+ return (q - p) <= BUS_PATH_SIZE_MAX; - } - - char* object_path_startswith(const char *a, const char *b) { -diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h -index f208b294d8..a8d61bf72a 100644 ---- a/src/libsystemd/sd-bus/bus-internal.h -+++ b/src/libsystemd/sd-bus/bus-internal.h -@@ -332,6 +332,10 @@ struct sd_bus { - - #define BUS_MESSAGE_SIZE_MAX (128*1024*1024) - #define BUS_AUTH_SIZE_MAX (64*1024) -+/* Note that the D-Bus specification states that bus paths shall have no size limit. We enforce here one -+ * anyway, since truly unbounded strings are a security problem. The limit we pick is relatively large however, -+ * to not clash unnecessarily with real-life applications. */ -+#define BUS_PATH_SIZE_MAX (64*1024) - - #define BUS_CONTAINER_DEPTH 128 - --- -2.20.1 - diff --git a/sys-apps/systemd/files/CVE-2019-6454/0002-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch b/sys-apps/systemd/files/CVE-2019-6454/0002-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch deleted file mode 100644 index bbc6db974d4a..000000000000 --- a/sys-apps/systemd/files/CVE-2019-6454/0002-Allocate-temporary-strings-to-hold-dbus-paths-on-the.patch +++ /dev/null @@ -1,188 +0,0 @@ -From 1ffe59592c5cbf924eb81a3662b4252ba6de7132 Mon Sep 17 00:00:00 2001 -From: Riccardo Schirone <rschiron@redhat.com> -Date: Mon, 4 Feb 2019 14:29:28 +0100 -Subject: [PATCH 2/3] Allocate temporary strings to hold dbus paths on the heap - -Paths are limited to BUS_PATH_SIZE_MAX but the maximum size is anyway too big -to be allocated on the stack, so let's switch to the heap where there is a -clear way to understand if the allocation fails. ---- - src/libsystemd/sd-bus/bus-objects.c | 68 +++++++++++++++++++++++------ - 1 file changed, 54 insertions(+), 14 deletions(-) - -diff --git a/src/libsystemd/sd-bus/bus-objects.c b/src/libsystemd/sd-bus/bus-objects.c -index 58329f3fe7..54b977418e 100644 ---- a/src/libsystemd/sd-bus/bus-objects.c -+++ b/src/libsystemd/sd-bus/bus-objects.c -@@ -1133,7 +1133,8 @@ static int object_manager_serialize_path_and_fallbacks( - const char *path, - sd_bus_error *error) { - -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -1149,7 +1150,12 @@ static int object_manager_serialize_path_and_fallbacks( - return 0; - - /* Second, add fallback vtables registered for any of the prefixes */ -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = object_manager_serialize_path(bus, reply, prefix, path, true, error); - if (r < 0) -@@ -1345,6 +1351,7 @@ static int object_find_and_run( - } - - int bus_process_object(sd_bus *bus, sd_bus_message *m) { -+ _cleanup_free_ char *prefix = NULL; - int r; - size_t pl; - bool found_object = false; -@@ -1369,9 +1376,12 @@ int bus_process_object(sd_bus *bus, sd_bus_message *m) { - assert(m->member); - - pl = strlen(m->path); -- do { -- char prefix[pl+1]; -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; - -+ do { - bus->nodes_modified = false; - - r = object_find_and_run(bus, m, m->path, false, &found_object); -@@ -1498,9 +1508,15 @@ static int bus_find_parent_object_manager(sd_bus *bus, struct node **out, const - - n = hashmap_get(bus->nodes, path); - if (!n) { -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; -+ -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; - -- prefix = newa(char, strlen(path) + 1); - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - n = hashmap_get(bus->nodes, prefix); - if (n) -@@ -2083,8 +2099,9 @@ _public_ int sd_bus_emit_properties_changed_strv( - const char *interface, - char **names) { - -+ _cleanup_free_ char *prefix = NULL; - bool found_interface = false; -- char *prefix; -+ size_t pl; - int r; - - assert_return(bus, -EINVAL); -@@ -2105,6 +2122,12 @@ _public_ int sd_bus_emit_properties_changed_strv( - - BUS_DONT_DESTROY(bus); - -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - do { - bus->nodes_modified = false; - -@@ -2114,7 +2137,6 @@ _public_ int sd_bus_emit_properties_changed_strv( - if (bus->nodes_modified) - continue; - -- prefix = newa(char, strlen(path) + 1); - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = emit_properties_changed_on_interface(bus, prefix, path, interface, true, &found_interface, names); - if (r != 0) -@@ -2246,7 +2268,8 @@ static int object_added_append_all_prefix( - - static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { - _cleanup_set_free_ Set *s = NULL; -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -2291,7 +2314,12 @@ static int object_added_append_all(sd_bus *bus, sd_bus_message *m, const char *p - if (bus->nodes_modified) - return 0; - -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = object_added_append_all_prefix(bus, m, s, prefix, path, true); - if (r < 0) -@@ -2430,7 +2458,8 @@ static int object_removed_append_all_prefix( - - static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char *path) { - _cleanup_set_free_ Set *s = NULL; -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -2462,7 +2491,12 @@ static int object_removed_append_all(sd_bus *bus, sd_bus_message *m, const char - if (bus->nodes_modified) - return 0; - -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = object_removed_append_all_prefix(bus, m, s, prefix, path, true); - if (r < 0) -@@ -2612,7 +2646,8 @@ static int interfaces_added_append_one( - const char *path, - const char *interface) { - -- char *prefix; -+ _cleanup_free_ char *prefix = NULL; -+ size_t pl; - int r; - - assert(bus); -@@ -2626,7 +2661,12 @@ static int interfaces_added_append_one( - if (bus->nodes_modified) - return 0; - -- prefix = newa(char, strlen(path) + 1); -+ pl = strlen(path); -+ assert(pl <= BUS_PATH_SIZE_MAX); -+ prefix = new(char, pl + 1); -+ if (!prefix) -+ return -ENOMEM; -+ - OBJECT_PATH_FOREACH_PREFIX(prefix, path) { - r = interfaces_added_append_one_prefix(bus, m, prefix, path, interface, true); - if (r != 0) --- -2.20.1 - diff --git a/sys-apps/systemd/systemd-242-r7.ebuild b/sys-apps/systemd/systemd-242-r7.ebuild new file mode 100644 index 000000000000..a6a723357390 --- /dev/null +++ b/sys-apps/systemd/systemd-242-r7.ebuild @@ -0,0 +1,500 @@ +# Copyright 2011-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +if [[ ${PV} == 9999 ]]; then + EGIT_REPO_URI="https://github.com/systemd/systemd.git" + inherit git-r3 +else + MY_PV=${PV/_/-} + MY_P=${PN}-${MY_PV} + S=${WORKDIR}/${MY_P} + SRC_URI="https://github.com/systemd/systemd/archive/v${MY_PV}/${MY_P}.tar.gz" + KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 sparc ~x86" +fi + +PYTHON_COMPAT=( python{3_5,3_6,3_7} ) + +inherit bash-completion-r1 linux-info meson multilib-minimal ninja-utils pam python-any-r1 systemd toolchain-funcs udev + +DESCRIPTION="System and service manager for Linux" +HOMEPAGE="https://www.freedesktop.org/wiki/Software/systemd" + +LICENSE="GPL-2 LGPL-2.1 MIT public-domain" +SLOT="0/2" +IUSE="acl apparmor audit build cryptsetup curl dns-over-tls elfutils +gcrypt gnuefi http idn importd +kmod libidn2 +lz4 lzma nat pam pcre policykit qrcode +resolvconf +seccomp selinux split-usr +sysv-utils test vanilla xkb" + +REQUIRED_USE="importd? ( curl gcrypt lzma )" +RESTRICT="!test? ( test )" + +MINKV="3.11" + +COMMON_DEPEND=">=sys-apps/util-linux-2.30:0=[${MULTILIB_USEDEP}] + sys-libs/libcap:0=[${MULTILIB_USEDEP}] + !<sys-libs/glibc-2.16 + acl? ( sys-apps/acl:0= ) + apparmor? ( sys-libs/libapparmor:0= ) + audit? ( >=sys-process/audit-2:0= ) + cryptsetup? ( >=sys-fs/cryptsetup-1.6:0= ) + curl? ( net-misc/curl:0= ) + dns-over-tls? ( >=net-libs/gnutls-3.5.3:0= ) + elfutils? ( >=dev-libs/elfutils-0.158:0= ) + gcrypt? ( >=dev-libs/libgcrypt-1.4.5:0=[${MULTILIB_USEDEP}] ) + http? ( + >=net-libs/libmicrohttpd-0.9.33:0=[epoll(+)] + >=net-libs/gnutls-3.1.4:0= + ) + idn? ( + libidn2? ( net-dns/libidn2:= ) + !libidn2? ( net-dns/libidn:= ) + ) + importd? ( + app-arch/bzip2:0= + sys-libs/zlib:0= + ) + kmod? ( >=sys-apps/kmod-15:0= ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( >=app-arch/xz-utils-5.0.5-r1:0=[${MULTILIB_USEDEP}] ) + nat? ( net-firewall/iptables:0= ) + pam? ( virtual/pam:=[${MULTILIB_USEDEP}] ) + pcre? ( dev-libs/libpcre2 ) + qrcode? ( media-gfx/qrencode:0= ) + seccomp? ( >=sys-libs/libseccomp-2.3.3:0= ) + selinux? ( sys-libs/libselinux:0= ) + xkb? ( >=x11-libs/libxkbcommon-0.4.1:0= )" + +# Newer linux-headers needed by ia64, bug #480218 +DEPEND="${COMMON_DEPEND} + >=sys-kernel/linux-headers-${MINKV} + gnuefi? ( >=sys-boot/gnu-efi-3.0.2 ) +" + +# baselayout-2.2 has /run +RDEPEND="${COMMON_DEPEND} + acct-group/adm + acct-group/wheel + acct-group/kmem + acct-group/tty + acct-group/utmp + acct-group/audio + acct-group/cdrom + acct-group/dialout + acct-group/disk + acct-group/input + acct-group/kvm + acct-group/render + acct-group/tape + acct-group/video + acct-group/systemd-journal + acct-user/systemd-journal-remote + acct-user/systemd-coredump + acct-user/systemd-network + acct-user/systemd-resolve + acct-user/systemd-timesync + >=sys-apps/baselayout-2.2 + selinux? ( sec-policy/selinux-base-policy[systemd] ) + sysv-utils? ( !sys-apps/sysvinit ) + !sysv-utils? ( sys-apps/sysvinit ) + resolvconf? ( !net-dns/openresolv ) + !build? ( || ( + sys-apps/util-linux[kill(-)] + sys-process/procps[kill(+)] + sys-apps/coreutils[kill(-)] + ) ) + !sys-auth/nss-myhostname + !<sys-kernel/dracut-044 + !sys-fs/eudev + !sys-fs/udev +" + +# sys-apps/dbus: the daemon only (+ build-time lib dep for tests) +PDEPEND=">=sys-apps/dbus-1.9.8[systemd] + >=sys-apps/hwids-20150417[udev] + >=sys-fs/udev-init-scripts-25 + policykit? ( sys-auth/polkit ) + !vanilla? ( sys-apps/gentoo-systemd-integration )" + +BDEPEND=" + app-arch/xz-utils:0 + dev-util/gperf + >=dev-util/meson-0.46 + >=dev-util/intltool-0.50 + >=sys-apps/coreutils-8.16 + sys-devel/m4 + virtual/pkgconfig[${MULTILIB_USEDEP}] + test? ( sys-apps/dbus ) + app-text/docbook-xml-dtd:4.2 + app-text/docbook-xml-dtd:4.5 + app-text/docbook-xsl-stylesheets + dev-libs/libxslt:0 + $(python_gen_any_dep 'dev-python/lxml[${PYTHON_USEDEP}]') +" + +pkg_pretend() { + if [[ ${MERGE_TYPE} != buildonly ]]; then + if use test && has pid-sandbox ${FEATURES}; then + ewarn "Tests are known to fail with PID sandboxing enabled." + ewarn "See https://bugs.gentoo.org/674458." + fi + + local CONFIG_CHECK="~AUTOFS4_FS ~BLK_DEV_BSG ~CGROUPS + ~CHECKPOINT_RESTORE ~DEVTMPFS ~EPOLL ~FANOTIFY ~FHANDLE + ~INOTIFY_USER ~IPV6 ~NET ~NET_NS ~PROC_FS ~SIGNALFD ~SYSFS + ~TIMERFD ~TMPFS_XATTR ~UNIX + ~CRYPTO_HMAC ~CRYPTO_SHA256 ~CRYPTO_USER_API_HASH + ~!FW_LOADER_USER_HELPER_FALLBACK ~!GRKERNSEC_PROC ~!IDE ~!SYSFS_DEPRECATED + ~!SYSFS_DEPRECATED_V2" + + use acl && CONFIG_CHECK+=" ~TMPFS_POSIX_ACL" + use seccomp && CONFIG_CHECK+=" ~SECCOMP ~SECCOMP_FILTER" + kernel_is -lt 3 7 && CONFIG_CHECK+=" ~HOTPLUG" + kernel_is -lt 4 7 && CONFIG_CHECK+=" ~DEVPTS_MULTIPLE_INSTANCES" + kernel_is -ge 4 10 && CONFIG_CHECK+=" ~CGROUP_BPF" + + if linux_config_exists; then + local uevent_helper_path=$(linux_chkconfig_string UEVENT_HELPER_PATH) + if [[ -n ${uevent_helper_path} ]] && [[ ${uevent_helper_path} != '""' ]]; then + ewarn "It's recommended to set an empty value to the following kernel config option:" + ewarn "CONFIG_UEVENT_HELPER_PATH=${uevent_helper_path}" + fi + if linux_chkconfig_present X86; then + CONFIG_CHECK+=" ~DMIID" + fi + fi + + if kernel_is -lt ${MINKV//./ }; then + ewarn "Kernel version at least ${MINKV} required" + fi + + check_extra_config + fi +} + +pkg_setup() { + : +} + +src_unpack() { + default + [[ ${PV} != 9999 ]] || git-r3_src_unpack +} + +src_prepare() { + # Do NOT add patches here + local PATCHES=() + + [[ -d "${WORKDIR}"/patches ]] && PATCHES+=( "${WORKDIR}"/patches ) + + # Add local patches here + PATCHES+=( + "${FILESDIR}"/242-gcc-9.patch + "${FILESDIR}"/242-socket-util-flush-accept.patch + "${FILESDIR}"/242-wireguard-listenport.patch + "${FILESDIR}"/242-file-max.patch + "${FILESDIR}"/242-rdrand-ryzen.patch + "${FILESDIR}"/242-networkd-ipv6-token.patch + "${FILESDIR}"/242-network-domains.patch + "${FILESDIR}"/CVE-2019-15718.patch + ) + + if ! use vanilla; then + PATCHES+=( + "${FILESDIR}/gentoo-Dont-enable-audit-by-default.patch" + "${FILESDIR}/gentoo-systemd-user-pam.patch" + "${FILESDIR}/gentoo-generator-path-r1.patch" + ) + fi + + default +} + +src_configure() { + # Prevent conflicts with i686 cross toolchain, bug 559726 + tc-export AR CC NM OBJCOPY RANLIB + + python_setup + + multilib-minimal_src_configure +} + +meson_use() { + usex "$1" true false +} + +meson_multilib() { + if multilib_is_native_abi; then + echo true + else + echo false + fi +} + +meson_multilib_native_use() { + if multilib_is_native_abi && use "$1"; then + echo true + else + echo false + fi +} + +multilib_src_configure() { + local myconf=( + --localstatedir="${EPREFIX}/var" + -Dsupport-url="https://gentoo.org/support/" + -Dpamlibdir="$(getpam_mod_dir)" + # avoid bash-completion dep + -Dbashcompletiondir="$(get_bashcompdir)" + # make sure we get /bin:/sbin in PATH + -Dsplit-usr=$(usex split-usr true false) + -Drootprefix="$(usex split-usr "${EPREFIX:-/}" "${EPREFIX}/usr")" + -Dsysvinit-path= + -Dsysvrcnd-path= + # Avoid infinite exec recursion, bug 642724 + -Dtelinit-path="${EPREFIX}/lib/sysvinit/telinit" + # no deps + -Defi=$(meson_multilib) + -Dima=true + # Optional components/dependencies + -Dacl=$(meson_multilib_native_use acl) + -Dapparmor=$(meson_multilib_native_use apparmor) + -Daudit=$(meson_multilib_native_use audit) + -Dlibcryptsetup=$(meson_multilib_native_use cryptsetup) + -Dlibcurl=$(meson_multilib_native_use curl) + -Ddns-over-tls=$(meson_multilib_native_use dns-over-tls) + -Delfutils=$(meson_multilib_native_use elfutils) + -Dgcrypt=$(meson_use gcrypt) + -Dgnu-efi=$(meson_multilib_native_use gnuefi) + -Defi-libdir="${ESYSROOT}/usr/$(get_libdir)" + -Dmicrohttpd=$(meson_multilib_native_use http) + -Dimportd=$(meson_multilib_native_use importd) + -Dbzip2=$(meson_multilib_native_use importd) + -Dzlib=$(meson_multilib_native_use importd) + -Dkmod=$(meson_multilib_native_use kmod) + -Dlz4=$(meson_use lz4) + -Dxz=$(meson_use lzma) + -Dlibiptc=$(meson_multilib_native_use nat) + -Dpam=$(meson_use pam) + -Dpcre2=$(meson_multilib_native_use pcre) + -Dpolkit=$(meson_multilib_native_use policykit) + -Dqrencode=$(meson_multilib_native_use qrcode) + -Dseccomp=$(meson_multilib_native_use seccomp) + -Dselinux=$(meson_multilib_native_use selinux) + -Ddbus=$(meson_multilib_native_use test) + -Dxkbcommon=$(meson_multilib_native_use xkb) + -Dntp-servers="0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org" + # Breaks screen, tmux, etc. + -Ddefault-kill-user-processes=false + -Dcreate-log-dirs=false + + # multilib options + -Dbacklight=$(meson_multilib) + -Dbinfmt=$(meson_multilib) + -Dcoredump=$(meson_multilib) + -Denvironment-d=$(meson_multilib) + -Dfirstboot=$(meson_multilib) + -Dhibernate=$(meson_multilib) + -Dhostnamed=$(meson_multilib) + -Dhwdb=$(meson_multilib) + -Dldconfig=$(meson_multilib) + -Dlocaled=$(meson_multilib) + -Dman=$(meson_multilib) + -Dnetworkd=$(meson_multilib) + -Dquotacheck=$(meson_multilib) + -Drandomseed=$(meson_multilib) + -Drfkill=$(meson_multilib) + -Dsysusers=$(meson_multilib) + -Dtimedated=$(meson_multilib) + -Dtimesyncd=$(meson_multilib) + -Dtmpfiles=$(meson_multilib) + -Dvconsole=$(meson_multilib) + ) + + if multilib_is_native_abi && use idn; then + myconf+=( + -Dlibidn2=$(usex libidn2 true false) + -Dlibidn=$(usex libidn2 false true) + ) + else + myconf+=( + -Dlibidn2=false + -Dlibidn=false + ) + fi + + meson_src_configure "${myconf[@]}" +} + +multilib_src_compile() { + eninja +} + +multilib_src_test() { + unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR + eninja test +} + +multilib_src_install() { + DESTDIR="${D}" eninja install +} + +multilib_src_install_all() { + local rootprefix=$(usex split-usr '' /usr) + + # meson doesn't know about docdir + mv "${ED}"/usr/share/doc/{systemd,${PF}} || die + + einstalldocs + dodoc "${FILESDIR}"/nsswitch.conf + + if ! use resolvconf; then + rm -f "${ED}${rootprefix}"/sbin/resolvconf || die + fi + + if ! use sysv-utils; then + rm "${ED}${rootprefix}"/sbin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} || die + rm "${ED}"/usr/share/man/man1/init.1 || die + rm "${ED}"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 || die + fi + + if ! use resolvconf && ! use sysv-utils; then + rmdir "${ED}${rootprefix}"/sbin || die + fi + + # Preserve empty dirs in /etc & /var, bug #437008 + keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} + keepdir /etc/kernel/install.d + keepdir /etc/systemd/{network,user} + keepdir /etc/udev/{hwdb.d,rules.d} + keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} + keepdir /usr/lib/{binfmt.d,modules-load.d} + keepdir /usr/lib/systemd/user-generators + keepdir /var/lib/systemd + keepdir /var/log/journal + + # Symlink /etc/sysctl.conf for easy migration. + dosym ../sysctl.conf /etc/sysctl.d/99-sysctl.conf + + local udevdir=/lib/udev + use split-usr || udevdir=/usr/lib/udev + + rm -r "${ED}${udevdir}/hwdb.d" || die + + if use split-usr; then + # Avoid breaking boot/reboot + dosym ../../../lib/systemd/systemd /usr/lib/systemd/systemd + dosym ../../../lib/systemd/systemd-shutdown /usr/lib/systemd/systemd-shutdown + fi +} + +migrate_locale() { + local envd_locale_def="${EROOT}/etc/env.d/02locale" + local envd_locale=( "${EROOT}"/etc/env.d/??locale ) + local locale_conf="${EROOT}/etc/locale.conf" + + if [[ ! -L ${locale_conf} && ! -e ${locale_conf} ]]; then + # If locale.conf does not exist... + if [[ -e ${envd_locale} ]]; then + # ...either copy env.d/??locale if there's one + ebegin "Moving ${envd_locale} to ${locale_conf}" + mv "${envd_locale}" "${locale_conf}" + eend ${?} || FAIL=1 + else + # ...or create a dummy default + ebegin "Creating ${locale_conf}" + cat > "${locale_conf}" <<-EOF + # This file has been created by the sys-apps/systemd ebuild. + # See locale.conf(5) and localectl(1). + + # LANG=${LANG} + EOF + eend ${?} || FAIL=1 + fi + fi + + if [[ ! -L ${envd_locale} ]]; then + # now, if env.d/??locale is not a symlink (to locale.conf)... + if [[ -e ${envd_locale} ]]; then + # ...warn the user that he has duplicate locale settings + ewarn + ewarn "To ensure consistent behavior, you should replace ${envd_locale}" + ewarn "with a symlink to ${locale_conf}. Please migrate your settings" + ewarn "and create the symlink with the following command:" + ewarn "ln -s -n -f ../locale.conf ${envd_locale}" + ewarn + else + # ...or just create the symlink if there's nothing here + ebegin "Creating ${envd_locale_def} -> ../locale.conf symlink" + ln -n -s ../locale.conf "${envd_locale_def}" + eend ${?} || FAIL=1 + fi + fi +} + +save_enabled_units() { + ENABLED_UNITS=() + type systemctl &>/dev/null || return + for x; do + if systemctl --quiet --root="${ROOT:-/}" is-enabled "${x}"; then + ENABLED_UNITS+=( "${x}" ) + fi + done +} + +pkg_preinst() { + save_enabled_units {machines,remote-{cryptsetup,fs}}.target getty@tty1.service +} + +pkg_postinst() { + systemd_update_catalog + + # Keep this here in case the database format changes so it gets updated + # when required. Despite that this file is owned by sys-apps/hwids. + if has_version "sys-apps/hwids[udev]"; then + udevadm hwdb --update --root="${EROOT}" + fi + + udev_reload || FAIL=1 + + # Bug 465468, make sure locales are respect, and ensure consistency + # between OpenRC & systemd + migrate_locale + + systemd_reenable systemd-networkd.service systemd-resolved.service + + if [[ ${ENABLED_UNITS[@]} ]]; then + systemctl --root="${ROOT:-/}" enable "${ENABLED_UNITS[@]}" + fi + + if [[ -z ${REPLACING_VERSIONS} ]]; then + if type systemctl &>/dev/null; then + systemctl --root="${ROOT:-/}" enable getty@.service remote-fs.target || FAIL=1 + fi + elog "To enable a useful set of services, run the following:" + elog " systemctl preset-all --preset-mode=enable-only" + fi + + if [[ -L ${EROOT}/var/lib/systemd/timesync ]]; then + rm "${EROOT}/var/lib/systemd/timesync" + fi + + if [[ -z ${ROOT} && -d /run/systemd/system ]]; then + ebegin "Reexecuting system manager" + systemctl daemon-reexec + eend $? + fi + + if [[ ${FAIL} ]]; then + eerror "One of the postinst commands failed. Please check the postinst output" + eerror "for errors. You may need to clean up your system and/or try installing" + eerror "systemd again." + eerror + fi +} + +pkg_prerm() { + # If removing systemd completely, remove the catalog database. + if [[ ! ${REPLACED_BY_VERSION} ]]; then + rm -f -v "${EROOT}"/var/lib/systemd/catalog/database + fi +} diff --git a/sys-apps/systemd/systemd-243_rc1-r2.ebuild b/sys-apps/systemd/systemd-243_rc2-r1.ebuild index 988973dd9a7e..56cfe509a088 100644 --- a/sys-apps/systemd/systemd-243_rc1-r2.ebuild +++ b/sys-apps/systemd/systemd-243_rc2-r1.ebuild @@ -185,10 +185,7 @@ src_prepare() { # Add local patches here PATCHES+=( - "${FILESDIR}"/243-rc1-analyze.patch - "${FILESDIR}"/243-rc1-cryptsetup.patch - "${FILESDIR}"/243-rc1-revert-logind-remove-unused-check.patch - "${FILESDIR}"/243-rc1-udev-properties.patch + "${FILESDIR}"/CVE-2019-15718.patch ) if ! use vanilla; then @@ -314,7 +311,7 @@ multilib_src_compile() { multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - eninja test + meson_src_test } multilib_src_install() { @@ -347,7 +344,7 @@ multilib_src_install_all() { # Preserve empty dirs in /etc & /var, bug #437008 keepdir /etc/{binfmt.d,modules-load.d,tmpfiles.d} keepdir /etc/kernel/install.d - keepdir /etc/systemd/{network,user} + keepdir /etc/systemd/{network,system,user} keepdir /etc/udev/{hwdb.d,rules.d} keepdir "${rootprefix}"/lib/systemd/{system-sleep,system-shutdown} keepdir /usr/lib/{binfmt.d,modules-load.d} diff --git a/sys-apps/systemd/systemd-9999.ebuild b/sys-apps/systemd/systemd-9999.ebuild index 7556cea0b553..f00c416fa382 100644 --- a/sys-apps/systemd/systemd-9999.ebuild +++ b/sys-apps/systemd/systemd-9999.ebuild @@ -310,7 +310,7 @@ multilib_src_compile() { multilib_src_test() { unset DBUS_SESSION_BUS_ADDRESS XDG_RUNTIME_DIR - eninja test + meson_src_test } multilib_src_install() { |