diff -Nru systemd-245.4/debian/changelog systemd-245.4/debian/changelog --- systemd-245.4/debian/changelog 2021-05-27 15:16:17.000000000 +0000 +++ systemd-245.4/debian/changelog 2021-07-20 11:39:51.000000000 +0000 @@ -1,3 +1,70 @@ +systemd (245.4-4ubuntu3.10) focal-security; urgency=medium + + * SECURITY UPDATE: DoS via DHCP FORCERENEW + - debian/patches/CVE-2020-13529.patch: tentatively ignore FORCERENEW + command in src/libsystemd-network/sd-dhcp-client.c. + - CVE-2020-13529 + * SECURITY UPDATE: denial of service via stack exhaustion + - debian/patches/CVE-2021-33910.patch: do not use strdupa() on a path + in src/basic/unit-name.c. + - CVE-2021-33910 + + -- Marc Deslauriers Tue, 20 Jul 2021 07:39:51 -0400 + +systemd (245.4-4ubuntu3.8) focal; urgency=medium + + [ dann frazier ] + * d/p/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch: + - Fix uninitialized variable that can lead to corrupt network altnames + and/or segmentation faults. (LP: #1933402) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=8276cde551b31840b4fc10a2905cda20f7148522 + + [ Kai-Heng Feng ] + * d/p/hwdb-Add-ProBook-to-use-micmute-hotkey.patch: + - Add ProBook to use micmute hotkey (LP: #1930910) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ab932a977b74aef1351532ab70effb761508b9be + + [ Jeremy Szu ] + * d/p/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch: + - Fix micmute hotkeys on HP Elite Dragonfly (LP: #1932352) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6e2b7f998a026235d6551d43548d226c50c8056a + + [ Dan Streetman ] + * d/p/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch, + d/p/lp1931578/0002-networkctl-add-field-Required-For-Online.patch, + d/p/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch: + Adjust default for RequiredForOnline when using ActivationPolicy + (LP: #1931578) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=aa2b5015d91037e476ee67d684d7e2d30e616199 + * d/extra/dhclient-enter-resolved-hook: + Check is-enabled systemd-resolved in dhclient hook (LP: #1853164) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=52ec2eb2a991cd406d1a94e8301e1b31d2bdb53c + * d/p/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch, + d/p/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch, + d/p/lp1928200/0003-binfmt-modernize-code-a-bit.patch, + d/p/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch, + d/p/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch: + Unregister all binfmts before shutdown (LP: #1928200) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=bc605ba3f0c9d585ef834b35e9bbfc547a6f9eb5 + * d/p/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch: + Add man page symlink and deprecation notice for systemd-resolve + (LP: #1894622) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=823d20d2c3f78fbb0e68c4fee8cbcdb84e94dcde + * d/p/lp1858210/0001-time-simplify-get_timezones.patch, + d/p/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch, + d/p/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch: + Parse tzdata.zi so timedatectl list-timezones also lists aliases + (LP: #1858210) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=58a4c698e18f0a7fc0315a0394326e157a2e8479 + * d/p/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch, + d/p/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch, + d/p/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch, + d/p/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch: + Don't rewrite resolv.conf is content unchanged (LP: #1891215) + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=563e24f303462dfefd85b77051e742eb712a520c + + -- Dan Streetman Tue, 06 Jul 2021 14:33:09 -0400 + systemd (245.4-4ubuntu3.7) focal; urgency=medium [ Andy Chi ] diff -Nru systemd-245.4/debian/extra/dhclient-enter-resolved-hook systemd-245.4/debian/extra/dhclient-enter-resolved-hook --- systemd-245.4/debian/extra/dhclient-enter-resolved-hook 2021-05-27 15:16:02.000000000 +0000 +++ systemd-245.4/debian/extra/dhclient-enter-resolved-hook 2021-07-06 18:03:24.000000000 +0000 @@ -14,7 +14,7 @@ # (D) = master script downs interface # (-) = master script does nothing with this -if [ -x /lib/systemd/systemd-resolved ] ; then +if systemctl is-enabled systemd-resolved > /dev/null 2>&1; then # For safety, first undefine the nasty default make_resolv_conf() make_resolv_conf() { : ; } case "$reason" in diff -Nru systemd-245.4/debian/patches/CVE-2020-13529.patch systemd-245.4/debian/patches/CVE-2020-13529.patch --- systemd-245.4/debian/patches/CVE-2020-13529.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/CVE-2020-13529.patch 2021-07-20 11:39:38.000000000 +0000 @@ -0,0 +1,36 @@ +From 38e980a6a5a3442c2f48b1f827284388096d8ca5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 24 Jun 2021 01:22:07 +0900 +Subject: [PATCH] sd-dhcp-client: tentatively ignore FORCERENEW command + +This makes DHCP client ignore FORCERENEW requests, as unauthenticated +FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). + +Let's re-enable this after RFC3118 (Authentication for DHCP Messages) +and/or RFC6704 (Forcerenew Nonce Authentication) are implemented. + +Fixes #16774. +--- + src/libsystemd-network/sd-dhcp-client.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -1414,9 +1414,17 @@ static int client_handle_forcerenew(sd_d + if (r != DHCP_FORCERENEW) + return -ENOMSG; + ++#if 0 + log_dhcp_client(client, "FORCERENEW"); + + return 0; ++#else ++ /* FIXME: Ignore FORCERENEW requests until we implement RFC3118 (Authentication for DHCP ++ * Messages) and/or RFC6704 (Forcerenew Nonce Authentication), as unauthenticated FORCERENEW ++ * requests causes a security issue (TALOS-2020-1142, CVE-2020-13529). */ ++ log_dhcp_client(client, "Received FORCERENEW, ignoring."); ++ return -ENOMSG; ++#endif + } + + static bool lease_equal(const sd_dhcp_lease *a, const sd_dhcp_lease *b) { diff -Nru systemd-245.4/debian/patches/CVE-2021-33910.patch systemd-245.4/debian/patches/CVE-2021-33910.patch --- systemd-245.4/debian/patches/CVE-2021-33910.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/CVE-2021-33910.patch 2021-07-20 11:39:42.000000000 +0000 @@ -0,0 +1,61 @@ +Backport of: + +From 441e0115646d54f080e5c3bb0ba477c892861ab9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 23 Jun 2021 11:46:41 +0200 +Subject: [PATCH 1/2] basic/unit-name: do not use strdupa() on a path + +The path may have unbounded length, for example through a fuse mount. + +CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and +ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo +and each mountpoint is passed to mount_setup_unit(), which calls +unit_name_path_escape() underneath. A local attacker who is able to mount a +filesystem with a very long path can crash systemd and the whole system. + +https://bugzilla.redhat.com/show_bug.cgi?id=1970887 + +The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we +can't easily check the length after simplification before doing the +simplification, which in turns uses a copy of the string we can write to. +So we can't reject paths that are too long before doing the duplication. +Hence the most obvious solution is to switch back to strdup(), as before +7410616cd9dbbec97cf98d75324da5cda2b2f7a2. +--- + src/basic/unit-name.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +--- a/src/basic/unit-name.c ++++ b/src/basic/unit-name.c +@@ -369,12 +369,13 @@ int unit_name_unescape(const char *f, ch + } + + int unit_name_path_escape(const char *f, char **ret) { +- char *p, *s; ++ _cleanup_free_ char *p = NULL; ++ char *s; + + assert(f); + assert(ret); + +- p = strdupa(f); ++ p = strdup(f); + if (!p) + return -ENOMEM; + +@@ -386,13 +387,9 @@ int unit_name_path_escape(const char *f, + if (!path_is_normalized(p)) + return -EINVAL; + +- /* Truncate trailing slashes */ ++ /* Truncate trailing slashes and skip leading slashes */ + delete_trailing_chars(p, "/"); +- +- /* Truncate leading slashes */ +- p = skip_leading_chars(p, "/"); +- +- s = unit_name_escape(p); ++ s = unit_name_escape(skip_leading_chars(p, "/")); + } + if (!s) + return -ENOMEM; diff -Nru systemd-245.4/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch systemd-245.4/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch --- systemd-245.4/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1858210/0001-time-simplify-get_timezones.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,104 @@ +From 31097e2b996ed463ca97d3df618a614c875386c5 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Tue, 29 Jun 2021 09:13:22 -0400 +Subject: [PATCH 1/3] time: simplify get_timezones() +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1858210 +Origin: upstream, https://github.com/systemd/systemd/pull/20066 + +The function can be simplified by using extract_many_words() and strv_extend() +--- + src/basic/time-util.c | 56 +++++++++++++++---------------------------- + 1 file changed, 19 insertions(+), 37 deletions(-) + +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1205,24 +1205,14 @@ bool ntp_synced(void) { + int get_timezones(char ***ret) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_strv_free_ char **zones = NULL; +- size_t n_zones = 0, n_allocated = 0; + int r; + + assert(ret); + +- zones = strv_new("UTC"); +- if (!zones) +- return -ENOMEM; +- +- n_allocated = 2; +- n_zones = 1; +- + f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); + if (f) { + for (;;) { +- _cleanup_free_ char *line = NULL; +- char *p, *w; +- size_t k; ++ _cleanup_free_ char *line = NULL, *cc = NULL, *co = NULL, *tz = NULL; + + r = read_line(f, LONG_LINE_MAX, &line); + if (r < 0) +@@ -1230,45 +1220,34 @@ int get_timezones(char ***ret) { + if (r == 0) + break; + +- p = strstrip(line); ++ const char *p = line; + +- if (isempty(p) || *p == '#') ++ /* Line format is: ++ * 'country codes' 'coordinates' 'timezone' 'comments' */ ++ r = extract_many_words(&p, NULL, 0, &cc, &co, &tz, NULL); ++ if (r < 0) + continue; + +- /* Skip over country code */ +- p += strcspn(p, WHITESPACE); +- p += strspn(p, WHITESPACE); +- +- /* Skip over coordinates */ +- p += strcspn(p, WHITESPACE); +- p += strspn(p, WHITESPACE); +- +- /* Found timezone name */ +- k = strcspn(p, WHITESPACE); +- if (k <= 0) ++ /* Lines that start with # are comments. */ ++ if (*cc == '#') + continue; + +- w = strndup(p, k); +- if (!w) +- return -ENOMEM; +- +- if (!GREEDY_REALLOC(zones, n_allocated, n_zones + 2)) { +- free(w); +- return -ENOMEM; +- } +- +- zones[n_zones++] = w; +- zones[n_zones] = NULL; ++ r = strv_extend(&zones, tz); ++ if (r < 0) ++ return r; + } +- +- strv_sort(zones); +- strv_uniq(zones); +- + } else if (errno != ENOENT) + return -errno; + +- *ret = TAKE_PTR(zones); ++ /* Always include UTC */ ++ r = strv_extend(&zones, "UTC"); ++ if (r < 0) ++ return -ENOMEM; ++ ++ strv_sort(zones); ++ strv_uniq(zones); + ++ *ret = TAKE_PTR(zones); + return 0; + } + diff -Nru systemd-245.4/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch systemd-245.4/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch --- systemd-245.4/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,102 @@ +From 09a54a862b8f45cff087eb4eabbd283d354afc90 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Wed, 30 Jun 2021 07:17:22 -0400 +Subject: [PATCH 2/3] time: split get_timezone() into main function and + zone1970.tab function +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1858210 +Origin: upstream, https://github.com/systemd/systemd/pull/20066 + +This allows for adding another function to read from a different timezone +source, which is added in the next commit. +--- + src/basic/time-util.c | 62 ++++++++++++++++++++++++++----------------- + 1 file changed, 38 insertions(+), 24 deletions(-) + +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1202,7 +1202,7 @@ bool ntp_synced(void) { + return true; + } + +-int get_timezones(char ***ret) { ++static int get_timezones_from_zone1970_tab(char ***ret) { + _cleanup_fclose_ FILE *f = NULL; + _cleanup_strv_free_ char **zones = NULL; + int r; +@@ -1210,35 +1210,49 @@ int get_timezones(char ***ret) { + assert(ret); + + f = fopen("/usr/share/zoneinfo/zone1970.tab", "re"); +- if (f) { +- for (;;) { +- _cleanup_free_ char *line = NULL, *cc = NULL, *co = NULL, *tz = NULL; +- +- r = read_line(f, LONG_LINE_MAX, &line); +- if (r < 0) +- return r; +- if (r == 0) +- break; +- +- const char *p = line; +- +- /* Line format is: +- * 'country codes' 'coordinates' 'timezone' 'comments' */ +- r = extract_many_words(&p, NULL, 0, &cc, &co, &tz, NULL); +- if (r < 0) +- continue; +- +- /* Lines that start with # are comments. */ +- if (*cc == '#') +- continue; +- +- r = strv_extend(&zones, tz); +- if (r < 0) +- return r; +- } +- } else if (errno != ENOENT) ++ if (!f) + return -errno; + ++ for (;;) { ++ _cleanup_free_ char *line = NULL, *cc = NULL, *co = NULL, *tz = NULL; ++ ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ break; ++ ++ const char *p = line; ++ ++ /* Line format is: ++ * 'country codes' 'coordinates' 'timezone' 'comments' */ ++ r = extract_many_words(&p, NULL, 0, &cc, &co, &tz, NULL); ++ if (r < 0) ++ continue; ++ ++ /* Lines that start with # are comments. */ ++ if (*cc == '#') ++ continue; ++ ++ r = strv_extend(&zones, tz); ++ if (r < 0) ++ return r; ++ } ++ ++ *ret = TAKE_PTR(zones); ++ return 0; ++} ++ ++int get_timezones(char ***ret) { ++ _cleanup_strv_free_ char **zones = NULL; ++ int r; ++ ++ assert(ret); ++ ++ r = get_timezones_from_zone1970_tab(&zones); ++ if (r < 0 && r != -ENOENT) ++ return r; ++ + /* Always include UTC */ + r = strv_extend(&zones, "UTC"); + if (r < 0) diff -Nru systemd-245.4/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch systemd-245.4/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch --- systemd-245.4/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1858210/0003-time-get-timezones-from-tzdata.zi.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,90 @@ +From 147bc3639b3d7b15fc7b548b24715e7c4d95c6e1 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Wed, 30 Jun 2021 07:30:28 -0400 +Subject: [PATCH 3/3] time: get timezones from tzdata.zi +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1858210 +Origin: upstream, https://github.com/systemd/systemd/pull/20066 + +The zone1970.tab file doesn't include any timezone 'aliases'. Instead +of parsing it, parse the tzdata.zi file which does include all zones +as well as aliases. + +This keeps the parsing function for zone1970.tab as a fallback in case +the tzdata.zi file isn't found. +--- + src/basic/time-util.c | 58 ++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 57 insertions(+), 1 deletion(-) + +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -1243,13 +1243,69 @@ static int get_timezones_from_zone1970_t + return 0; + } + ++static int get_timezones_from_tzdata_zi(char ***ret) { ++ _cleanup_fclose_ FILE *f = NULL; ++ _cleanup_strv_free_ char **zones = NULL; ++ int r; ++ ++ f = fopen("/usr/share/zoneinfo/tzdata.zi", "re"); ++ if (!f) ++ return -errno; ++ ++ for (;;) { ++ _cleanup_free_ char *line = NULL, *type = NULL, *f1 = NULL, *f2 = NULL; ++ ++ r = read_line(f, LONG_LINE_MAX, &line); ++ if (r < 0) ++ return r; ++ if (r == 0) ++ break; ++ ++ const char *p = line; ++ ++ /* The only lines we care about are Zone and Link lines. ++ * Zone line format is: ++ * 'Zone' 'timezone' ... ++ * Link line format is: ++ * 'Link' 'target' 'alias' ++ * See 'man zic' for more detail. */ ++ r = extract_many_words(&p, NULL, 0, &type, &f1, &f2, NULL); ++ if (r < 0) ++ continue; ++ ++ char *tz; ++ if (*type == 'Z' || *type == 'z') ++ /* Zone lines have timezone in field 1. */ ++ tz = f1; ++ else if (*type == 'L' || *type == 'l') ++ /* Link lines have timezone in field 2. */ ++ tz = f2; ++ else ++ /* Not a line we care about. */ ++ continue; ++ ++ r = strv_extend(&zones, tz); ++ if (r < 0) ++ return r; ++ } ++ ++ *ret = TAKE_PTR(zones); ++ return 0; ++} ++ + int get_timezones(char ***ret) { + _cleanup_strv_free_ char **zones = NULL; + int r; + + assert(ret); + +- r = get_timezones_from_zone1970_tab(&zones); ++ r = get_timezones_from_tzdata_zi(&zones); ++ if (r == -ENOENT) { ++ log_debug_errno(r, "Could not get timezone data from tzdata.zi, using zone1970.tab: %m"); ++ r = get_timezones_from_zone1970_tab(&zones); ++ if (r == -ENOENT) ++ log_debug_errno(r, "Could not get timezone data from zone1970.tab, using UTC: %m"); ++ } + if (r < 0 && r != -ENOENT) + return r; + diff -Nru systemd-245.4/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch systemd-245.4/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch --- systemd-245.4/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,184 @@ +From 1098142436f46b889f6b7bcc87af54bc5b95d560 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 18 Nov 2020 15:11:43 +0100 +Subject: [PATCH] fs-util: add conservative_rename() that suppresses + unnecessary renames +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1891215 +Origin: upstream, https://github.com/systemd/systemd/commit/1098142436f46b889f6b7bcc87af54bc5b95d560 + +if the source and destination file match in contents and basic file +attributes, don#t rename, but just remove source. + +This is a simple way to suppress inotify events + mtime changes when +atomically updating files. +--- + src/basic/fs-util.c | 77 +++++++++++++++++++++++++++++++++++++++++ + src/basic/fs-util.h | 2 ++ + src/test/test-fs-util.c | 48 +++++++++++++++++++++++++ + 3 files changed, 127 insertions(+) + +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -1479,3 +1479,80 @@ int open_parent(const char *path, int fl + + return fd; + } ++ ++int conservative_rename( ++ int olddirfd, const char *oldpath, ++ int newdirfd, const char *newpath) { ++ ++ _cleanup_close_ int old_fd = -1, new_fd = -1; ++ struct stat old_stat, new_stat; ++ ++ /* Renames the old path to thew new path, much like renameat() — except if both are regular files and ++ * have the exact same contents and basic file attributes already. In that case remove the new file ++ * instead. This call is useful for reducing inotify wakeups on files that are updated but don't ++ * actually change. This function is written in a style that we rather rename too often than suppress ++ * too much. i.e. whenever we are in doubt we rather rename than fail. After all reducing inotify ++ * events is an optimization only, not more. */ ++ ++ old_fd = openat(olddirfd, oldpath, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); ++ if (old_fd < 0) ++ goto do_rename; ++ ++ new_fd = openat(newdirfd, newpath, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); ++ if (new_fd < 0) ++ goto do_rename; ++ ++ if (fstat(old_fd, &old_stat) < 0) ++ goto do_rename; ++ ++ if (!S_ISREG(old_stat.st_mode)) ++ goto do_rename; ++ ++ if (fstat(new_fd, &new_stat) < 0) ++ goto do_rename; ++ ++ if (new_stat.st_ino == old_stat.st_ino && ++ new_stat.st_dev == old_stat.st_dev) ++ goto is_same; ++ ++ if (old_stat.st_mode != new_stat.st_mode || ++ old_stat.st_size != new_stat.st_size || ++ old_stat.st_uid != new_stat.st_uid || ++ old_stat.st_gid != new_stat.st_gid) ++ goto do_rename; ++ ++ for (;;) { ++ char buf1[16*1024]; ++ char buf2[sizeof(buf1) + 1]; ++ ssize_t l1, l2; ++ ++ l1 = read(old_fd, buf1, sizeof(buf1)); ++ if (l1 < 0) ++ goto do_rename; ++ ++ l2 = read(new_fd, buf2, l1 + 1); ++ if (l1 != l2) ++ goto do_rename; ++ ++ if (l1 == 0) /* EOF on both! And everything's the same so far, yay! */ ++ break; ++ ++ if (memcmp(buf1, buf2, l1) != 0) ++ goto do_rename; ++ } ++ ++is_same: ++ /* Everything matches? Then don't rename, instead remove the source file, and leave the existing ++ * destination in place */ ++ ++ if (unlinkat(olddirfd, oldpath, 0) < 0) ++ goto do_rename; ++ ++ return 0; ++ ++do_rename: ++ if (renameat(olddirfd, oldpath, newdirfd, newpath) < 0) ++ return -errno; ++ ++ return 1; ++} +--- a/src/basic/fs-util.h ++++ b/src/basic/fs-util.h +@@ -122,3 +122,5 @@ int fsync_path_at(int at_fd, const char + int syncfs_path(int atfd, const char *path); + + int open_parent(const char *path, int flags, mode_t mode); ++ ++int conservative_rename(int olddirfd, const char *oldpath, int newdirfd, const char *newpath); +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -3,7 +3,9 @@ + #include + + #include "alloc-util.h" ++#include "copy.h" + #include "fd-util.h" ++#include "fileio.h" + #include "fs-util.h" + #include "id128-util.h" + #include "macro.h" +@@ -849,6 +851,53 @@ static void test_chmod_and_chown_unsafe( + assert_se(S_ISLNK(st.st_mode)); + } + ++static void test_conservative_rename(void) { ++ _cleanup_(unlink_and_freep) char *p = NULL; ++ _cleanup_free_ char *q = NULL; ++ struct stat st; ++ ++ assert_se(tempfn_random_child(NULL, NULL, &p) >= 0); ++ assert_se(write_string_file(p, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); ++ ++ assert_se(tempfn_random_child(NULL, NULL, &q) >= 0); ++ ++ /* Check that the hardlinked "copy" is detected */ ++ assert_se(link(p, q) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++ ++ /* Check that a manual copy is detected */ ++ assert_se(stat(p, &st) >= 0); ++ assert_se(copy_file(p, q, 0, st.st_mode, 0, 0, COPY_REFLINK) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++ ++ /* Check that a manual new writeout is also detected */ ++ assert_se(write_string_file(q, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++ ++ /* Check that a minimally changed version is detected */ ++ assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++ ++ /* Check that this really is new updated version */ ++ assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++ ++ /* Make sure we detect extended files */ ++ assert_se(write_string_file(q, "this is a_testx", WRITE_STRING_FILE_CREATE) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++ ++ /* Make sure we detect truncated files */ ++ assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); ++ assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); ++ assert_se(access(q, F_OK) < 0 && errno == ENOENT); ++} ++ + int main(int argc, char *argv[]) { + test_setup_logging(LOG_INFO); + +@@ -867,6 +916,7 @@ int main(int argc, char *argv[]) { + test_rename_noreplace(); + test_chmod_and_chown(); + test_chmod_and_chown_unsafe(); ++ test_conservative_rename(); + + return 0; + } diff -Nru systemd-245.4/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch systemd-245.4/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch --- systemd-245.4/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,46 @@ +From f3e1f00d03445911ee73729219cea88c8a70c612 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 18 Nov 2020 15:12:44 +0100 +Subject: [PATCH] resolved: don't update resolv.conf snippets unnecessarily +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1891215 +Origin: upstream, https://github.com/systemd/systemd/commit/f3e1f00d03445911ee73729219cea88c8a70c612 + +Fixes: #17577 +--- + src/resolve/resolved-resolv-conf.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/src/resolve/resolved-resolv-conf.c ++++ b/src/resolve/resolved-resolv-conf.c +@@ -9,6 +9,7 @@ + #include "dns-domain.h" + #include "fd-util.h" + #include "fileio.h" ++#include "fs-util.h" + #include "ordered-set.h" + #include "resolved-conf.h" + #include "resolved-dns-server.h" +@@ -371,8 +372,9 @@ int manager_write_resolv_conf(Manager *m + goto fail; + } + +- if (rename(temp_path_uplink, PRIVATE_UPLINK_RESOLV_CONF) < 0) { +- r = log_error_errno(errno, "Failed to move private resolv.conf file into place: %m"); ++ r = conservative_rename(AT_FDCWD, temp_path_uplink, AT_FDCWD, PRIVATE_UPLINK_RESOLV_CONF); ++ if (r < 0) { ++ log_error_errno(r, "Failed to move private resolv.conf file into place: %m"); + goto fail; + } + +@@ -382,8 +384,9 @@ int manager_write_resolv_conf(Manager *m + goto fail; + } + +- if (rename(temp_path_stub, PRIVATE_STUB_RESOLV_CONF) < 0) { +- r = log_error_errno(errno, "Failed to move private stub-resolv.conf file into place: %m"); ++ r = conservative_rename(AT_FDCWD, temp_path_stub, AT_FDCWD, PRIVATE_STUB_RESOLV_CONF); ++ if (r < 0) { ++ log_error_errno(r, "Failed to move private stub-resolv.conf file into place: %m"); + goto fail; + } + diff -Nru systemd-245.4/debian/patches/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch systemd-245.4/debian/patches/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch --- systemd-245.4/debian/patches/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,104 @@ +From 10195179bb663f000198543628b44ef8e51d71a7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Wed, 20 Jan 2021 17:11:59 +0900 +Subject: [PATCH] fs-util: rename conservative_rename() -> + conservative_renameat() + +And this introduces conservative_rename() which does not take dirfd. +--- + src/basic/fs-util.c | 2 +- + src/basic/fs-util.h | 5 ++++- + src/resolve/resolved-resolv-conf.c | 4 ++-- + src/test/test-fs-util.c | 14 +++++++------- + 4 files changed, 14 insertions(+), 11 deletions(-) + +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -1480,7 +1480,7 @@ int open_parent(const char *path, int fl + return fd; + } + +-int conservative_rename( ++int conservative_renameat( + int olddirfd, const char *oldpath, + int newdirfd, const char *newpath) { + +--- a/src/basic/fs-util.h ++++ b/src/basic/fs-util.h +@@ -123,4 +123,7 @@ int syncfs_path(int atfd, const char *pa + + int open_parent(const char *path, int flags, mode_t mode); + +-int conservative_rename(int olddirfd, const char *oldpath, int newdirfd, const char *newpath); ++int conservative_renameat(int olddirfd, const char *oldpath, int newdirfd, const char *newpath); ++static inline int conservative_rename(const char *oldpath, const char *newpath) { ++ return conservative_renameat(AT_FDCWD, oldpath, AT_FDCWD, newpath); ++} +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -863,38 +863,38 @@ static void test_conservative_rename(voi + + /* Check that the hardlinked "copy" is detected */ + assert_se(link(p, q) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) == 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + + /* Check that a manual copy is detected */ + assert_se(stat(p, &st) >= 0); + assert_se(copy_file(p, q, 0, st.st_mode, 0, 0, COPY_REFLINK) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) == 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + + /* Check that a manual new writeout is also detected */ + assert_se(write_string_file(q, "this is a test", WRITE_STRING_FILE_CREATE) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) == 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + + /* Check that a minimally changed version is detected */ + assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) > 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + + /* Check that this really is new updated version */ + assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) == 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) == 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + + /* Make sure we detect extended files */ + assert_se(write_string_file(q, "this is a_testx", WRITE_STRING_FILE_CREATE) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) > 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + + /* Make sure we detect truncated files */ + assert_se(write_string_file(q, "this is a_test", WRITE_STRING_FILE_CREATE) >= 0); +- assert_se(conservative_rename(AT_FDCWD, q, AT_FDCWD, p) > 0); ++ assert_se(conservative_renameat(AT_FDCWD, q, AT_FDCWD, p) > 0); + assert_se(access(q, F_OK) < 0 && errno == ENOENT); + } + +--- a/src/resolve/resolved-resolv-conf.c ++++ b/src/resolve/resolved-resolv-conf.c +@@ -372,7 +372,7 @@ int manager_write_resolv_conf(Manager *m + goto fail; + } + +- r = conservative_rename(AT_FDCWD, temp_path_uplink, AT_FDCWD, PRIVATE_UPLINK_RESOLV_CONF); ++ r = conservative_rename(temp_path_uplink, PRIVATE_UPLINK_RESOLV_CONF); + if (r < 0) { + log_error_errno(r, "Failed to move private resolv.conf file into place: %m"); + goto fail; +@@ -384,7 +384,7 @@ int manager_write_resolv_conf(Manager *m + goto fail; + } + +- r = conservative_rename(AT_FDCWD, temp_path_stub, AT_FDCWD, PRIVATE_STUB_RESOLV_CONF); ++ r = conservative_rename(temp_path_stub, PRIVATE_STUB_RESOLV_CONF); + if (r < 0) { + log_error_errno(r, "Failed to move private stub-resolv.conf file into place: %m"); + goto fail; diff -Nru systemd-245.4/debian/patches/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch systemd-245.4/debian/patches/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch --- systemd-245.4/debian/patches/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,62 @@ +From eff57d1c2f4db9e578cfe68a1eddb5e7bf45cc2d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 4 Feb 2021 18:06:54 +0100 +Subject: [PATCH] fs-util: make sure conservative_renameat() properly detects + identity of longer files + +The old code got confused with files with a size >16K. Let's fix that. + +Noticed by @benjarobin + +Replaces: #18442 +--- + src/basic/fs-util.c | 28 +++++++++++++++++++++------- + 1 file changed, 21 insertions(+), 7 deletions(-) + +--- a/src/basic/fs-util.c ++++ b/src/basic/fs-util.c +@@ -1522,23 +1522,37 @@ int conservative_renameat( + goto do_rename; + + for (;;) { +- char buf1[16*1024]; +- char buf2[sizeof(buf1) + 1]; ++ uint8_t buf1[16*1024]; ++ uint8_t buf2[sizeof(buf1)]; + ssize_t l1, l2; + + l1 = read(old_fd, buf1, sizeof(buf1)); + if (l1 < 0) + goto do_rename; + +- l2 = read(new_fd, buf2, l1 + 1); +- if (l1 != l2) +- goto do_rename; ++ if (l1 == sizeof(buf1)) ++ /* Read the full block, hence read a full block in the other file too */ + +- if (l1 == 0) /* EOF on both! And everything's the same so far, yay! */ +- break; ++ l2 = read(new_fd, buf2, l1); ++ else { ++ assert((size_t) l1 < sizeof(buf1)); ++ ++ /* Short read. This hence was the last block in the first file, and then came ++ * EOF. Read one byte more in the second file, so that we can verify we hit EOF there ++ * too. */ ++ ++ assert((size_t) (l1 + 1) <= sizeof(buf2)); ++ l2 = read(new_fd, buf2, l1 + 1); ++ } ++ if (l2 != l1) ++ goto do_rename; + + if (memcmp(buf1, buf2, l1) != 0) + goto do_rename; ++ ++ if ((size_t) l1 < sizeof(buf1)) /* We hit EOF on the first file, and the second file too, hence exit ++ * now. */ ++ break; + } + + is_same: diff -Nru systemd-245.4/debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch systemd-245.4/debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch --- systemd-245.4/debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,54 @@ +From 9fcfc0470df856c870dcfc6df78bfbc714da6bd2 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Tue, 29 Jun 2021 06:29:53 -0400 +Subject: [PATCH] Add systemd-resolve backwards compatibility section to + resolvectl docs +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1894622 +Origin: upstream, https://github.com/systemd/systemd/pull/20064 +Origin: upstream, https://github.com/systemd/systemd/pull/20077 + +--- + man/resolvectl.xml | 13 +++++++++++++ + man/rules/meson.build | 2 +- + 2 files changed, 14 insertions(+), 1 deletion(-) + +--- a/man/resolvectl.xml ++++ b/man/resolvectl.xml +@@ -19,6 +19,7 @@ + + resolvectl + resolvconf ++ systemd-resolve + Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services; introspect and reconfigure the DNS resolver + + +@@ -363,6 +364,18 @@ + + + ++ Backwards compatibility with <command>systemd-resolve</command> ++ ++ resolvectl is a multi-call binary, which previously was named systemd-resolve ++ and used slightly different parameters. When it is invoked as systemd-resolve ++ (generally achieved by means of a symbolic link of this name to the resolvectl binary), ++ it runs in compatibility mode. For details on the specific parameters and calling syntax, see the output from ++ systemd-resolve --help. Calling the binary as systemd-resolve is ++ deprecated and should only be done for backwards compatibility. All current and new use should call the binary ++ as resolvectl. ++ ++ ++ + Examples + + +--- a/man/rules/meson.build ++++ b/man/rules/meson.build +@@ -50,7 +50,7 @@ manpages = [ + ['portablectl', '1', [], 'ENABLE_PORTABLED'], + ['pstore.conf', '5', ['pstore.conf.d'], 'ENABLE_PSTORE'], + ['repart.d', '5', [], 'ENABLE_REPART'], +- ['resolvectl', '1', ['resolvconf'], 'ENABLE_RESOLVE'], ++ ['resolvectl', '1', ['resolvconf', 'systemd-resolve'], 'ENABLE_RESOLVE'], + ['resolved.conf', '5', ['resolved.conf.d'], 'ENABLE_RESOLVE'], + ['runlevel', '8', [], ''], + ['sd-bus-errors', diff -Nru systemd-245.4/debian/patches/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch systemd-245.4/debian/patches/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch --- systemd-245.4/debian/patches/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,82 @@ +From 965cc99416a3b5a2a71127e9e6d2e4a95ab3c432 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 23 Apr 2020 16:36:06 +0200 +Subject: [PATCH 1/5] shared: add common helper for unregistering all binfmt + entries +Bug: https://github.com/systemd/systemd/issues/14981 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1928200 +Origin: upstream, https://github.com/systemd/systemd/pull/15566 + +--- + src/shared/binfmt-util.c | 33 +++++++++++++++++++++++++++++++++ + src/shared/binfmt-util.h | 4 ++++ + src/shared/meson.build | 2 ++ + 3 files changed, 39 insertions(+) + create mode 100644 src/shared/binfmt-util.c + create mode 100644 src/shared/binfmt-util.h + +diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c +new file mode 100644 +index 0000000000..0229726b42 +--- /dev/null ++++ b/src/shared/binfmt-util.c +@@ -0,0 +1,33 @@ ++#include ++#include ++#include ++ ++#include "binfmt-util.h" ++#include "fileio.h" ++#include "missing_magic.h" ++#include "stat-util.h" ++ ++int disable_binfmt(void) { ++ int r; ++ ++ /* Flush out all rules. This is important during shutdown to cover for rules using "F", since those ++ * might pin a file and thus block us from unmounting stuff cleanly. ++ * ++ * We are a bit careful here, since binfmt_misc might still be an autofs which we don't want to ++ * trigger. */ ++ ++ r = path_is_fs_type("/proc/sys/fs/binfmt_misc", BINFMTFS_MAGIC); ++ if (r == 0 || r == -ENOENT) { ++ log_debug("binfmt_misc is not mounted, not detaching entries."); ++ return 0; ++ } ++ if (r < 0) ++ return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m"); ++ ++ r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER); ++ if (r < 0) ++ return log_warning_errno(r, "Failed to unregister binfmt_misc entries: %m"); ++ ++ log_debug("Unregistered all remaining binfmt_misc entries."); ++ return 0; ++} +diff --git a/src/shared/binfmt-util.h b/src/shared/binfmt-util.h +new file mode 100644 +index 0000000000..70feaad314 +--- /dev/null ++++ b/src/shared/binfmt-util.h +@@ -0,0 +1,4 @@ ++/* SPDX-License-Identifier: LGPL-2.1+ */ ++#pragma once ++ ++int disable_binfmt(void); +diff --git a/src/shared/meson.build b/src/shared/meson.build +index 483148492c..e608ea8a1d 100644 +--- a/src/shared/meson.build ++++ b/src/shared/meson.build +@@ -12,6 +12,8 @@ shared_sources = files(''' + barrier.h + base-filesystem.c + base-filesystem.h ++ binfmt-util.c ++ binfmt-util.h + bitmap.c + bitmap.h + blkid-util.h +-- +2.25.1 + diff -Nru systemd-245.4/debian/patches/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch systemd-245.4/debian/patches/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch --- systemd-245.4/debian/patches/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,36 @@ +From 0282c0285a3e3c2e409305ce28555a6ad0489539 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 23 Apr 2020 16:25:53 +0200 +Subject: [PATCH 2/5] shutdown: unregister all binfmt_misc entries before + entering shutdown loop +Bug: https://github.com/systemd/systemd/issues/14981 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1928200 +Origin: upstream, https://github.com/systemd/systemd/pull/15566 + +Apparently if the new "F" flag is used they might pin files, which +blocks us from unmounting things. Let's hence clear this up explicitly. +Before entering our umount loop. + +Fixes: #14981 +--- + src/shutdown/shutdown.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -16,6 +16,7 @@ + + #include "alloc-util.h" + #include "async.h" ++#include "binfmt-util.h" + #include "cgroup-setup.h" + #include "cgroup-util.h" + #include "def.h" +@@ -373,6 +374,7 @@ int main(int argc, char *argv[]) { + sync_with_progress(); + + disable_coredumps(); ++ disable_binfmt(); + + log_info("Sending SIGTERM to remaining processes..."); + broadcast_signal(SIGTERM, true, true, arg_timeout); diff -Nru systemd-245.4/debian/patches/lp1928200/0003-binfmt-modernize-code-a-bit.patch systemd-245.4/debian/patches/lp1928200/0003-binfmt-modernize-code-a-bit.patch --- systemd-245.4/debian/patches/lp1928200/0003-binfmt-modernize-code-a-bit.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1928200/0003-binfmt-modernize-code-a-bit.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,47 @@ +From f3670df13e144c2f81bf6f9a0bea581e6d555bdd Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 23 Apr 2020 16:27:46 +0200 +Subject: [PATCH 3/5] binfmt: modernize code a bit +Bug: https://github.com/systemd/systemd/issues/14981 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1928200 +Origin: upstream, https://github.com/systemd/systemd/pull/15566 + +Let's just copy out the bit of the string we need, and let's make sure +we refuse rules called "status" and "register", since those are special +files in binfmt_misc's file system. +--- + src/binfmt/binfmt.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index 7ff844c78c..5e812e89a5 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -32,18 +32,17 @@ static int delete_rule(const char *rule) { + assert(rule); + assert(rule[0]); + +- x = strdup(rule); ++ e = strchrnul(rule + 1, rule[0]); ++ x = strndup(rule + 1, e - rule - 1); + if (!x) + return log_oom(); + +- e = strchrnul(x+1, x[0]); +- *e = 0; +- +- if (!filename_is_valid(x + 1)) ++ if (!filename_is_valid(x) || ++ STR_IN_SET(x, "register", "status")) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), +- "Rule file name '%s' is not valid, refusing.", x + 1); ++ "Rule file name '%s' is not valid, refusing.", x); + +- fn = path_join("/proc/sys/fs/binfmt_misc", x+1); ++ fn = path_join("/proc/sys/fs/binfmt_misc", x); + if (!fn) + return log_oom(); + +-- +2.25.1 + diff -Nru systemd-245.4/debian/patches/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch systemd-245.4/debian/patches/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch --- systemd-245.4/debian/patches/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,120 @@ +From 846acb6798a63f35162f58e1146d1a1f40849e86 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 23 Apr 2020 16:36:45 +0200 +Subject: [PATCH 4/5] binfmt: also unregister binfmt entries from unit +Bug: https://github.com/systemd/systemd/issues/14981 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1928200 +Origin: upstream, https://github.com/systemd/systemd/pull/15566 + +We unregister binfmt_misc twice during shutdown with this change: + +1. A previous commit added support for doing that in the final shutdown + phase, i.e. when we do the aggressive umount loop. This is the robust + thing to do, in case the earlier ("clean") shutdown phase didn't work + for some reason. + +2. This commit adds support for doing that when systemd-binfmt.service + is stopped. This is a good idea so that people can order mounts + before the service if they want to register binaries from such + mounts, as in that case we'll undo the registration on shutdown + again, before unmounting those mounts. + +And all that, just because of that weird "F" flag the kernel introduced +that can pin files... + +Fixes: #14981 +--- + src/binfmt/binfmt.c | 16 ++++++++++++++-- + units/systemd-binfmt.service.in | 1 + + 2 files changed, 15 insertions(+), 2 deletions(-) + +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index 5e812e89a5..06aee22dc0 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -10,6 +10,7 @@ + #include + + #include "alloc-util.h" ++#include "binfmt-util.h" + #include "conf-files.h" + #include "def.h" + #include "fd-util.h" +@@ -24,6 +25,7 @@ + + static bool arg_cat_config = false; + static PagerFlags arg_pager_flags = 0; ++static bool arg_unregister = false; + + static int delete_rule(const char *rule) { + _cleanup_free_ char *x = NULL, *fn = NULL; +@@ -115,6 +117,7 @@ static int help(void) { + " --version Show package version\n" + " --cat-config Show configuration files\n" + " --no-pager Do not pipe output into a pager\n" ++ " --unregister Unregister all existing entries\n" + "\nSee the %s for details.\n" + , program_invocation_short_name + , link +@@ -128,6 +131,7 @@ static int parse_argv(int argc, char *argv[]) { + ARG_VERSION = 0x100, + ARG_CAT_CONFIG, + ARG_NO_PAGER, ++ ARG_UNREGISTER, + }; + + static const struct option options[] = { +@@ -135,6 +139,7 @@ static int parse_argv(int argc, char *argv[]) { + { "version", no_argument, NULL, ARG_VERSION }, + { "cat-config", no_argument, NULL, ARG_CAT_CONFIG }, + { "no-pager", no_argument, NULL, ARG_NO_PAGER }, ++ { "unregister", no_argument, NULL, ARG_UNREGISTER }, + {} + }; + +@@ -161,6 +166,10 @@ static int parse_argv(int argc, char *argv[]) { + arg_pager_flags |= PAGER_DISABLE; + break; + ++ case ARG_UNREGISTER: ++ arg_unregister = true; ++ break; ++ + case '?': + return -EINVAL; + +@@ -168,9 +177,9 @@ static int parse_argv(int argc, char *argv[]) { + assert_not_reached("Unhandled option"); + } + +- if (arg_cat_config && argc > optind) ++ if ((arg_unregister || arg_cat_config) && argc > optind) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), +- "Positional arguments are not allowed with --cat-config"); ++ "Positional arguments are not allowed with --cat-config or --unregister"); + + return 1; + } +@@ -188,6 +197,9 @@ static int run(int argc, char *argv[]) { + + r = 0; + ++ if (arg_unregister) ++ return disable_binfmt(); ++ + if (argc > optind) { + int i; + +diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in +index 0c0f26451b..e54e95e11d 100644 +--- a/units/systemd-binfmt.service.in ++++ b/units/systemd-binfmt.service.in +@@ -28,4 +28,5 @@ ConditionDirectoryNotEmpty=|/run/binfmt.d + Type=oneshot + RemainAfterExit=yes + ExecStart=@rootlibexecdir@/systemd-binfmt ++ExecStop=@rootlibexecdir@/systemd-binfmt --unregister + TimeoutSec=90s +-- +2.25.1 + diff -Nru systemd-245.4/debian/patches/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch systemd-245.4/debian/patches/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch --- systemd-245.4/debian/patches/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,34 @@ +From cd9aa8f0f91b113acb079e79750c146c0529c2d7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 23 Apr 2020 16:51:37 +0200 +Subject: [PATCH 5/5] man: document binfmt's new --unregister switch +Bug: https://github.com/systemd/systemd/issues/14981 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1928200 +Origin: upstream, https://github.com/systemd/systemd/pull/15566 + +--- + man/systemd-binfmt.service.xml | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/man/systemd-binfmt.service.xml b/man/systemd-binfmt.service.xml +index 27e34195af..41a8247c5f 100644 +--- a/man/systemd-binfmt.service.xml ++++ b/man/systemd-binfmt.service.xml +@@ -41,6 +41,14 @@ + + Options + ++ ++ ++ ++ If passed, instead of registering configured binary formats in the kernel, the ++ reverse operation is executed: all currently registered binary formats are unregistered from the ++ kernel. ++ ++ + + + +-- +2.25.1 + diff -Nru systemd-245.4/debian/patches/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch systemd-245.4/debian/patches/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch --- systemd-245.4/debian/patches/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,29 @@ +From: Kai-Heng Feng +Date: Fri, 4 Jun 2021 00:20:32 +0800 +Subject: hwdb: Add ProBook to use micmute hotkey +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1930910 +Origin: upstream, https://github.com/systemd/systemd/commit/a7161e0288d1fc82e4a2de876995d834c8640027 + +Like HP EliteBooks and ZBooks, all ProBooks use the same micmute +scancode. + +(cherry picked from commit a7161e0288d1fc82e4a2de876995d834c8640027) +--- + hwdb.d/60-keyboard.hwdb | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/hwdb.d/60-keyboard.hwdb ++++ b/hwdb.d/60-keyboard.hwdb +@@ -593,9 +593,9 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:pvr* + # HP ProBook 440 G2 + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP440G2:pvr* +-# several HP ProBooks 4xx +-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP*ProBook4*:pvr* +-evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHP*ProBook*4*:pvr* ++# HP ProBook ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP*ProBook*:pvr* ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHP*ProBook*:pvr* + # HP ZBook + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPZBook*:pvr* + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPZBook*:pvr* diff -Nru systemd-245.4/debian/patches/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch systemd-245.4/debian/patches/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch --- systemd-245.4/debian/patches/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,108 @@ +From 7c644a696668abc4e77ddc6d3dd3036f6c773f9d Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Tue, 8 Jun 2021 12:01:31 -0400 +Subject: [PATCH 1/3] network: default RequiredForOnline=false if + ActivactionPolicy= not set to up +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1931578 +Origin: upstream, https://github.com/systemd/systemd/pull/19883 + +If ActivationPolicy= is set to down, always-down, or manual, then any +matching link will delay boot (due to delaying network-online.target). + +If RequiredForOnline= wasn't explicitly set, then default it to false +if ActivationPolicy= is down or manual. If ActivationPolicy=always-down, +then force RequiredForOnline=no. +--- + man/systemd.network.xml | 18 ++++++++++++++---- + src/network/networkd-network.c | 19 +++++++++++++++++-- + src/network/networkd-network.h | 2 +- + 3 files changed, 32 insertions(+), 7 deletions(-) + +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -215,11 +215,16 @@ + systemd-networkd-wait-online. When no, the network is ignored + when checking for online state. When a minimum operational state and an optional maximum operational + state are set, yes is implied, and this controls the minimum and maximum +- operational state required for the network interface to be considered online. +- Defaults to yes. ++ operational state required for the network interface to be considered online. + +- The network will be brought up normally in all cases, but in +- the event that there is no address being assigned by DHCP or the ++ Defaults to yes when ActivationPolicy= is not set, ++ or set to up, always-up, or bound. ++ Defaults to no when ActivationPolicy= is set to ++ manual or down. This is forced to no ++ when ActivationPolicy= is set to always-down. ++ ++ The network will be brought up normally (as configured by ActivationPolicy=), ++ but in the event that there is no address being assigned by DHCP or the + cable is not plugged in, the link will simply remain offline and be + skipped automatically by systemd-networkd-wait-online + if RequiredForOnline=no. +@@ -248,6 +253,11 @@ + the administrative state. When BindCarrier= is also set, this is + automatically set to bound and any other value is ignored. + ++ When the policy is set to down or manual, ++ the default value of RequiredForOnline= is no. ++ When the policy is set to always-down, the value of ++ RequiredForOnline= forced to no. ++ + The administrative state is not the same as the carrier state, so using + always-up does not mean the link will never lose carrier. The link + carrier depends on both the administrative state as well as the network device's physical +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -303,6 +303,21 @@ int network_verify(Network *network) { + if (network->ignore_carrier_loss < 0) + network->ignore_carrier_loss = network->configure_without_carrier; + ++ if (IN_SET(network->activation_policy, ACTIVATION_POLICY_DOWN, ACTIVATION_POLICY_ALWAYS_DOWN, ACTIVATION_POLICY_MANUAL)) { ++ if (network->required_for_online < 0 || ++ (network->required_for_online == true && network->activation_policy == ACTIVATION_POLICY_ALWAYS_DOWN)) { ++ log_debug("%s: Setting RequiredForOnline=no because ActivationPolicy=%s.", network->filename, ++ activation_policy_to_string(network->activation_policy)); ++ network->required_for_online = false; ++ } else if (network->required_for_online == true) ++ log_warning("%s: RequiredForOnline=yes and ActivationPolicy=%s, " ++ "this may cause a delay at boot.", network->filename, ++ activation_policy_to_string(network->activation_policy)); ++ } ++ ++ if (network->required_for_online < 0) ++ network->required_for_online = true; ++ + if (network->keep_configuration < 0) + network->keep_configuration = KEEP_CONFIGURATION_NO; + +@@ -401,7 +416,7 @@ int network_load_one(Manager *manager, O + .manager = manager, + .n_ref = 1, + +- .required_for_online = true, ++ .required_for_online = -1, + .required_operstate_for_online = LINK_OPERSTATE_RANGE_DEFAULT, + .dhcp = ADDRESS_FAMILY_NO, + .dhcp_critical = -1, +@@ -1347,7 +1362,7 @@ int config_parse_required_for_online( + int r; + + if (isempty(rvalue)) { +- network->required_for_online = true; ++ network->required_for_online = -1; + network->required_operstate_for_online = LINK_OPERSTATE_RANGE_DEFAULT; + return 0; + } +--- a/src/network/networkd-network.h ++++ b/src/network/networkd-network.h +@@ -249,7 +249,7 @@ struct Network { + + bool iaid_set; + +- bool required_for_online; /* Is this network required to be considered online? */ ++ int required_for_online; /* Is this network required to be considered online? */ + LinkOperationalStateRange required_operstate_for_online; + ActivationPolicy activation_policy; + diff -Nru systemd-245.4/debian/patches/lp1931578/0002-networkctl-add-field-Required-For-Online.patch systemd-245.4/debian/patches/lp1931578/0002-networkctl-add-field-Required-For-Online.patch --- systemd-245.4/debian/patches/lp1931578/0002-networkctl-add-field-Required-For-Online.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1931578/0002-networkctl-add-field-Required-For-Online.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,30 @@ +From 003015af5ab21b1334e63b1af24a810c8c72ce68 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Wed, 9 Jun 2021 07:57:01 -0400 +Subject: [PATCH 2/3] networkctl: add field 'Required For Online' +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1931578 +Origin: upstream, https://github.com/systemd/systemd/pull/19883 + +--- + src/network/networkctl.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/src/network/networkctl.c ++++ b/src/network/networkctl.c +@@ -1541,6 +1541,16 @@ static int link_status_one( + return table_log_add_error(r); + } + ++ r = sd_network_link_get_required_for_online(info->ifindex); ++ if (r >= 0) { ++ r = table_add_many(table, ++ TABLE_EMPTY, ++ TABLE_STRING, "Required For Online:", ++ TABLE_BOOLEAN, r); ++ if (r < 0) ++ return table_log_add_error(r); ++ } ++ + (void) sd_network_link_get_timezone(info->ifindex, &tz); + if (tz) { + r = table_add_many(table, diff -Nru systemd-245.4/debian/patches/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch systemd-245.4/debian/patches/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch --- systemd-245.4/debian/patches/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,99 @@ +From 61764fe4e27c3499eef9e0a300efebcc2f979403 Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Tue, 8 Jun 2021 17:13:27 -0400 +Subject: [PATCH 3/3] test: add test to verify RequiredForOnline= setting with + ActivationPolicy= +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1931578 +Origin: upstream, https://github.com/systemd/systemd/pull/19883 + +Add test to verify that the RequiredForOnline= value is correct based on +the configuration of ActivationPolicy= +--- + .../25-activation-policy.network.d/bound.conf | 5 +++ + .../required-no.conf | 2 + + .../required-yes.conf | 2 + + test/test-network/systemd-networkd-tests.py | 45 +++++++++++++++++++ + 4 files changed, 54 insertions(+) + create mode 100644 test/test-network/conf/25-activation-policy.network.d/bound.conf + create mode 100644 test/test-network/conf/25-activation-policy.network.d/required-no.conf + create mode 100644 test/test-network/conf/25-activation-policy.network.d/required-yes.conf + +--- /dev/null ++++ b/test/test-network/conf/25-activation-policy.network.d/bound.conf +@@ -0,0 +1,5 @@ ++[Link] ++ActivationPolicy=bound ++ ++[Network] ++BindCarrier=dummy98 +--- /dev/null ++++ b/test/test-network/conf/25-activation-policy.network.d/required-no.conf +@@ -0,0 +1,2 @@ ++[Link] ++RequiredForOnline=no +--- /dev/null ++++ b/test/test-network/conf/25-activation-policy.network.d/required-yes.conf +@@ -0,0 +1,2 @@ ++[Link] ++RequiredForOnline=yes +--- a/test/test-network/systemd-networkd-tests.py ++++ b/test/test-network/systemd-networkd-tests.py +@@ -1597,6 +1597,7 @@ class NetworkdNetworkTests(unittest.Test + units = [ + '11-dummy.netdev', + '12-dummy.netdev', ++ '12-dummy.network', + '23-active-slave.network', + '24-keep-configuration-static.network', + '24-search-domain.network', +@@ -2259,6 +2260,50 @@ class NetworkdNetworkTests(unittest.Test + with self.subTest(test=test): + self._test_activation_policy(test) + ++ def _test_activation_policy_required_for_online(self, policy, required): ++ self.setUp() ++ conffile = '25-activation-policy.network' ++ units = ['11-dummy.netdev', '12-dummy.netdev', '12-dummy.network', conffile] ++ if policy: ++ units += [f'{conffile}.d/{policy}.conf'] ++ if required: ++ units += [f'{conffile}.d/required-{required}.conf'] ++ copy_unit_to_networkd_unit_path(*units, dropins=False) ++ start_networkd() ++ ++ if policy.endswith('down') or policy == 'manual': ++ self.wait_operstate('test1', 'off', setup_state='configuring') ++ else: ++ self.wait_online(['test1']) ++ ++ if policy == 'always-down': ++ # if always-down, required for online is forced to no ++ expected = False ++ elif required: ++ # otherwise if required for online is specified, it should match that ++ expected = required == 'yes' ++ elif policy: ++ # otherwise if only policy specified, required for online defaults to ++ # true if policy is up, always-up, or bound ++ expected = policy.endswith('up') or policy == 'bound' ++ else: ++ # default is true, if neither are specified ++ expected = True ++ ++ output = check_output(*networkctl_cmd, '-n', '0', 'status', 'test1', env=env) ++ print(output) ++ ++ yesno = 'yes' if expected else 'no' ++ self.assertRegex(output, f'Required For Online: {yesno}') ++ ++ self.tearDown() ++ ++ def test_activation_policy_required_for_online(self): ++ for policy in ['up', 'always-up', 'manual', 'always-down', 'down', 'bound', '']: ++ for required in ['yes', 'no', '']: ++ with self.subTest(policy=policy, required=required): ++ self._test_activation_policy_required_for_online(policy, required) ++ + def test_domain(self): + copy_unit_to_networkd_unit_path('12-dummy.netdev', '24-search-domain.network') + start_networkd() diff -Nru systemd-245.4/debian/patches/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch systemd-245.4/debian/patches/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch --- systemd-245.4/debian/patches/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,25 @@ +From c1b8c966eccb7be1cae0a30670f5e1fcd88b47fa Mon Sep 17 00:00:00 2001 +From: Jeremy Szu +Date: Thu, 17 Jun 2021 19:00:38 +0800 +Subject: [PATCH] hwdb: Add mic mute key mapping for HP Elite Dragonfly +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1932352 +Origin: upstream, https://github.com/systemd/systemd/commit/c1b8c966eccb7be1cae0a30670f5e1fcd88b47fa + + * HP confirmed there are two marketing name + * HP Elite Dragonfly G2 Notebook PC + * HP Elite Dragonfly Max Notebook PC +--- + hwdb.d/60-keyboard.hwdb | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/hwdb.d/60-keyboard.hwdb ++++ b/hwdb.d/60-keyboard.hwdb +@@ -591,6 +591,8 @@ evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett + # HP EliteBook + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHPEliteBook*:pvr* + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteBook*:pvr* ++# HP Elite Dragonfly ++evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHP*:pnHPEliteDragonfly*:pvr* + # HP ProBook 440 G2 + evdev:atkbd:dmi:bvn*:bvr*:bd*:svnHewlett-Packard*:pnHP440G2:pvr* + # HP ProBook diff -Nru systemd-245.4/debian/patches/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch systemd-245.4/debian/patches/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch --- systemd-245.4/debian/patches/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-245.4/debian/patches/lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch 2021-07-06 18:03:24.000000000 +0000 @@ -0,0 +1,26 @@ +From 61fd7d6720c562c88ab79062ff8d131e5e3c7b1b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?L=C3=A9na=C3=AFc=20Huard?= +Date: Wed, 1 Apr 2020 23:45:08 +0200 +Subject: [PATCH] udev: Fix SIGSEGV in AlternativeNamesPolicy handling + +The function sd_device_get_property_value has some paths where it exits without +touching the n pointer. In those cases, n remained uninitialized until it was +eventually read inside isempty where it caused the segmentation fault. + +Fixes #15078 + +Origin: upstream, https://github.com/systemd/systemd/commit/61fd7d6720c562c88ab79062ff8d131e5e3c7b1b +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1933402 +Last-Updated: 2021-06-28 + +--- a/src/udev/net/link-config.c ++++ b/src/udev/net/link-config.c +@@ -508,7 +508,7 @@ int link_config_apply(link_config_ctx *c + + if (config->alternative_names_policy) + for (NamePolicy *p = config->alternative_names_policy; *p != _NAMEPOLICY_INVALID; p++) { +- const char *n; ++ const char *n = NULL; + + switch (*p) { + case NAMEPOLICY_DATABASE: diff -Nru systemd-245.4/debian/patches/series systemd-245.4/debian/patches/series --- systemd-245.4/debian/patches/series 2021-05-27 15:16:03.000000000 +0000 +++ systemd-245.4/debian/patches/series 2021-07-20 11:39:42.000000000 +0000 @@ -125,3 +125,24 @@ lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch lp1902891-core-mount-mount-command-may-fail-after-adding-the-c.patch lp1785383-resolved-address-DVE-2018-0001.patch +lp1933402-udev-Fix-SIGSEGV-in-AlternativeNamesPolicy-handling.patch +lp1930910-hwdb-Add-ProBook-to-use-micmute-hotkey.patch +lp1931578/0001-network-default-RequiredForOnline-false-if-Activacti.patch +lp1931578/0002-networkctl-add-field-Required-For-Online.patch +lp1931578/0003-test-add-test-to-verify-RequiredForOnline-setting-wi.patch +lp1932352-hwdb-Add-mic-mute-key-mapping-for-HP-Elite-Dragonfly.patch +lp1928200/0001-shared-add-common-helper-for-unregistering-all-binfm.patch +lp1928200/0002-shutdown-unregister-all-binfmt_misc-entries-before-e.patch +lp1928200/0003-binfmt-modernize-code-a-bit.patch +lp1928200/0004-binfmt-also-unregister-binfmt-entries-from-unit.patch +lp1928200/0005-man-document-binfmt-s-new-unregister-switch.patch +lp1894622-Add-systemd-resolve-backwards-compatibility-section-.patch +lp1858210/0001-time-simplify-get_timezones.patch +lp1858210/0002-time-split-get_timezone-into-main-function-and-zone1.patch +lp1858210/0003-time-get-timezones-from-tzdata.zi.patch +lp1891215/0001-fs-util-add-conservative_rename-that-suppresses-unne.patch +lp1891215/0002-resolved-don-t-update-resolv.conf-snippets-unnecessa.patch +lp1891215/0003-fs-util-rename-conservative_rename-conservative_rena.patch +lp1891215/0004-fs-util-make-sure-conservative_renameat-properly-det.patch +CVE-2020-13529.patch +CVE-2021-33910.patch