v253 batch #303
Merged
v253 batch #303
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
See: #25527 (cherry picked from commit ce18c39)
(cherry picked from commit 00078fb)
(cherry picked from commit e21f75a)
(cherry picked from commit 86da32e)
Fixes #27167. (cherry picked from commit fcb2343)
==8036==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 64 byte(s) in 1 object(s) allocated from:
#0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3
systemd#1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1)
systemd#2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13
systemd#3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38
systemd#4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13
systemd#5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16
systemd#6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13
systemd#7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13
systemd#8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16
systemd#9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45
systemd#10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16
systemd#11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13
systemd#12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24
systemd#13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16
systemd#14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21
systemd#15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16
systemd#16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208)
systemd#17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
systemd#18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
systemd#19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
systemd#20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
systemd#21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
systemd#22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
systemd#23 0x4df485 in main (/build/fuzz-unit-file+0x4df485)
systemd#24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc
SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s).
Found by Nallocfuzz.
(cherry picked from commit 6c13a39)
(cherry picked from commit 30765fc)
(cherry picked from commit 512df9d)
No functional change (hopefully), just making it easier on the eyes. (cherry picked from commit ba79e8c)
If we fail any allocation prior adding the lease to the server lease
hashmap.
==2103==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 128 byte(s) in 2 object(s) allocated from:
#0 0x4a203e in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:77:3
systemd#1 0x4f6341 in calloc (/build/fuzz-dhcp-server+0x4f6341)
systemd#2 0x4ec818 in add_lease /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:26:9
systemd#3 0x4ec2bf in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:75:9
systemd#4 0x4f68a8 in NaloFuzzerTestOneInput (/build/fuzz-dhcp-server+0x4f68a8)
systemd#5 0x5158b3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
systemd#6 0x51509a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
systemd#7 0x516769 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
systemd#8 0x517435 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
systemd#9 0x50679f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
systemd#10 0x507068 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
systemd#11 0x4f6b25 in main (/build/fuzz-dhcp-server+0x4f6b25)
systemd#12 0x7f16084e3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
DEDUP_TOKEN: __interceptor_calloc--calloc--add_lease
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 2 allocation(s).
Found by Nallocufzz.
(cherry picked from commit aca607d)
(cherry picked from commit 61f695f)
Given we allow aliases we better check for consistency of alias entries and the primary one. (cherry picked from commit 719771a)
The DSP and our implementation mixes Debian terminology with CPU terminology. It uses arm64 which is a Debian thing instead of aarch64, but x86-64 which is a CPU thing instead of amd64. Add some convenience and transparent aliasing, so that we don't need to maintain architecture-specific and tool-specific translation layers in mkosi among other places, while at the same time the DDIs still look the same (ie: the partlabel does not change depending on which alias is used, the canonical label is used on disk). (cherry picked from commit 08a2bb7)
That's not necessary, as they are initialized with zero, but for safety and readability. (cherry picked from commit 4f0165f)
In mkosi we set the default architecture to platform.machine() which is again slightly incompatible for a few architectures, so add more aliases, so that repart works by default with these names. (cherry picked from commit 8340d50)
(cherry picked from commit 730ab2c)
The kernel may be syncing a file system or doing something else that requires more time. So make the delay a bit longer, but provide some feedback and also grow the delay exponentially (though with a long exponent). If the kernel is doing something else, no need to repeat so often. With 38 attempts, we get a total of slightly above 5000 ms. I wrote this when I thought that the the delay is not long enough. It turned out that we were blocking the file system on the loop device, so waiting longer wasn't helpful. But I think it's nicer to do it this way anyway. (cherry picked from commit afbe20b)
(cherry picked from commit 5249e95)
(cherry picked from commit 5dcb40a)
command -v doesn't print anything to stderr, let's use the canonical form with just >/dev/null. (cherry picked from commit e804447)
This is useful for debugging, for example if we want to test multiple different dlls being loaded in the same namespace. (cherry picked from commit 5ad6600)
…dress Otherwise the kernel will set up two routes to ::1, one in the "main", and one in the "local" routing table. Fixes: #25819 (cherry picked from commit 8557425)
All users of loopback_setup() ignore the return values (with the notable exception of the test cases). Hence let's adjust the log messaging to always log at LOG_WARNING level at most, and suffix messages with ", ignoring", to make clear these failures are ignored. (cherry picked from commit 53d883d)
This way it can actually do useful testing even when unprivileged. (cherry picked from commit f734b2c)
Otherwise, non-fatal debug error logs might interfere with the test. (cherry picked from commit a0807bd)
In test-execute, only the unit was started, not the slice. Because of that the slice cgroup was pruned even if it was still needed. From what I can tell, this is because, in the test, we don't have all the mechanics that starts the slice for a service. To fix the issue the slice is started manually. (cherry picked from commit fc6172b)
We check for homed stuff in the test itself, but this is way too late, since we already started a unit that Requires=systemd-homed.service (testsuite-46.service). For now this doesn't matter, but with #27852 the offending transaction is dropped from the job queue, making the test fail. Spotted in #27852 in Ubuntu CI. (cherry picked from commit 4c709f3)
(cherry picked from commit cc4d38b)
…al types One can argue that internal glibc types (i.e. those starting with __) are not really part of the glibc API, hence let's at least ifdef them. (cherry picked from commit 614ac89)
generator_write_veritysetup_service_section() already escapes the parameters internally, doing so in the caller means double escaping, which is a bug. Fix it. (cherry picked from commit 45e3406)
When reexecuting system let's put our arguments carrying deserialization info first followed by any existing arguments to make sure they get parsed in case we get weird stuff from the kernel cmdline (like --). See: systemd/systemd#28184 (cherry picked from commit 06afda6)
Some options were renamed and some options with default values are not shown unless -d(etails) is repeated. See: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1215e9d3862387353d8672296cb4c6c16e8cbb72 (cherry picked from commit a5e478b)
The DBUS property setter overwrites the value of the property but writes a drop-in that extends the value. Let's make sure the drop-in overwrites the property value as well by assigning the empty string first. (cherry picked from commit 1dbccd6)
(cherry picked from commit b088c3d)
When we request an address that already exists and is under removing, we need to wait for the address being removed. Otherwise, configuration of a route whose preferred source is the address will fail. Fixes #28009. Replaces #28088. (cherry picked from commit 6e8477e)
(cherry picked from commit 7e30527)
This adds possible reproducer for issue #28009 (though, the issue is highly racy, hence this may not trigger the issue reliably). (cherry picked from commit e4948bb)
Since 6e8477e TEST-75 started failing with: [ 571.468298] testsuite-75.sh[46]: + for addr in "${DNS_ADDRESSES[@]}" [ 571.468298] testsuite-75.sh[46]: + run delv @fd00:dead:beef:cafe::1 -t A mail.signed.test [ 571.468899] testsuite-75.sh[562]: + tee /tmp/tmp.qKlHPbCCJZ [ 571.469317] testsuite-75.sh[561]: + delv @fd00:dead:beef:cafe::1 -t A mail.signed.test [ 571.501381] testsuite-75.sh[562]: ;; network unreachable resolving 'mail.signed.test/A/IN': fd00:dead:beef:cafe::1#53 [ 571.501564] testsuite-75.sh[562]: ;; resolution failed: SERVFAIL [ 571.515457] testsuite-75.sh[46]: + grep -qF '; fully validated' /tmp/tmp.qKlHPbCCJZ Let's wait for the dns0 interface to become routable again after re-enabling IPv6 to, hopefully, mitigate this. (cherry picked from commit f2492d3)
When the credential dir is backed by an fs that supports ACLs we must be more careful with adjusting the 'x' bit of the directory, as any chmod() call on the dir will reset the mask entry of the ACL entirely which we don't want. Hence, do a manual set of ACL changes, that only add/drop the 'x' bit but otherwise leave the ACL as it is. This matters if we use tmpfs rather than ramfs to store credentials. (cherry picked from commit f76ce81)
(cherry picked from commit beba8f2)
Like fdisk_get_last_lba(), fdisk_partition_get_end() return the last sector in the partition. Fixes #28225. (cherry picked from commit d2eb1f8)
(cherry picked from commit 937625c)
(cherry picked from commit 983d621)
Given that ERRNO_IS_*() also match positive values, call ERRNO_IS_NOT_SUPPORTED() only if the value returned by pwq_allocate_context() is negative. (cherry picked from commit 29dd2e2)
quality_check_password() used to return the same value 0 in two different cases: when pwq_allocate_context() failed with a ERRNO_IS_NOT_SUPPORTED() code, and when pwquality_check() rejected the password. As result, users of quality_check_password() used to report password weakness also in case when the underlying library was not available. Fix this by changing quality_check_password() to forward the ERRNO_IS_NOT_SUPPORTED() code to its callers, and change the callers to handle this case gracefully. (cherry picked from commit 7fc3f9c)
As logging password suggestions might leak sensitive information, print it instead. Suggested-by: Yu Watanabe <[email protected]> (cherry picked from commit 0351d56)
This also drops the fallback for libacl, libcap, libcrypt, and libgcrypt, as recent Ubuntu (at least, 20.04 LTS and newer) and Debian (at least, buster and newer) have relevant .pc files. Fixes #28161. (cherry picked from commit d625f71)
Follow-up for 381f6d4. When the function is called, the device may be already removed, and another device has the same syspath. Such situation can occur when a partition removed and another is created. In that case, the sysfs paths of the removed and newly created partitions can be same, but their devnums are different, and thus the database files corresponding to the devices are also different. Fixes #27981. (cherry picked from commit 35e49f2)
…n the same network Fixes #28280. (cherry picked from commit 77451f6)
For issue #28280. (cherry picked from commit 86f6760)
ConfigParser.readfp() has been deprecated since Python 3.2 and was dropped completely in Python 3.11. (cherry picked from commit ba4a1cd)
bluca
force-pushed
the
v253-stable
branch
2 times, most recently
from
41b4ed8
to
7b8ec30
Compare
Some distributions still use glibc's libcrypt. In that case, libcrypt.pc does not exist and dependency() will fail. Also, even if libxcrypt is used, there may not be a symlink from libcrypt.pc to libxcrypt.pc. So, let's add a secondary name. Follow-up for d625f71. Fixes #28289. [ fixed to fallback to extra dependency() call as multiple deps require meson 0.60 ] (cherry picked from commit 5557378)
git restore -s origin/main hwdb.d/ test/hwdb.d test/hwdb-test.sh
yuwata
approved these changes
Jul 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.